[Modules] packaging for Fedora Core 11

Erick Calder e at arix.com
Sat Sep 12 01:00:42 EDT 2009 

as a matter of interest, it appears that the second domain doesn't  
even get processed i.e. removing the key and cert files doesn't  
prevent the server from starting:

	<VirtualHost 192.168.0.2:443>
         ServerName www.domain2.com
         GnuTLSEnable on
         GnuTLSPriorities NORMAL:%COMPAT
         GnuTLSCertificateFile /var/www/ssl/www.domain2.com.crt
         GnuTLSKeyFile /var/www/ssl/www.domain2.com.key

# ls /var/www/ssl
-rw-r--r-- 1 root root 4243 2009-09-10 02:02 www.domain1.com.crt
-rw------- 1 root root  887 2009-09-10 02:02 www.domain1.com.key
-rw-r--r-- 1 root root 4279 2009-09-11 20:09 xxx.domain2.com.crt
-rw------- 1 root root  887 2009-09-11 20:07 xxx.domain2.com.key

# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

On Sep 11, 2009, at 8:52 PM, Erick Calder wrote:

> I'm attempting to package this module as an RPM for the Fedora  
> distribution.  I've come across some problems I need help with:
>
> 1. relocation of the install seems ignored... if I run:
>
> make DESTDIR=/tmp install
>
> the makefile still attempts to install to /usr.  this is problematic  
> for building RPMs but I don't know enough about automake to patch  
> the needed files.
>
> 2. SRP seemed to fail when the module tried to load, complaining  
> about a missing function gnutls_srp_server_get_username.  is there  
> something else I need to have installed or is it a bug? I've  
> compiled with --disable-srp for now but would like to figure out  
> whether there is a hard dependency I should respect
>
> 3.  the document below indicates that without the dhfile or rsafile,  
> the module will never work.  however, after making those files don't  
> get created... are they no longer needed or is something wrong with  
> my setup?
>
> http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/
>
> 4. I've set up a session cache via the command below:
>
> GnuTLSCache dbm "/var/cache/mod_gnutls"
>
> however the directory remains empty after I restart the server and  
> instead I see two files: mod_gnutls.dir and mod_gnutls.pag in /var/ 
> cache... this seems wrong?
>
> 5. I've placed the following assertives in one of my virtual hosts:
>
> GnuTLSEnable on
> GnuTLSCertificateFile /path/to/my/crt
> GnuTLSKeyFile /path/to/my/key
>
> but when I visit the virtual host, the following shows up on the logs:
>
> [Fri Sep 11 20:09:49 2009] [error] GnuTLS: Hanshake Alert (42)  
> 'Certificate is bad'.
> [Fri Sep 11 20:09:49 2009] [error] [client 98.149.115.77] GnuTLS:  
> Handshake Failed (-12) 'A TLS fatal alert has been received.'
>
> the domain is one of two that I'm using to test.  one of them works,  
> the other doesn't.  the certificates were generated in the same way  
> and signed by the same CA.  what could be the matter here?
>
> I found this:
>
> 	http://www.mail-archive.com/help-gnutls@gnu.org/msg00775.html
>
> which seems somewhat relevant but my tarball doesn't have an  
> auth_cert.c - help?
>
> 6. By turning off GnuTLS on the domain that works ok, I get the  
> message below from the second domain:
>
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
>
> ok.  enough for now.  hope someone can help. sigh.
>
> - e
> _______________________________________________
> Modules mailing list
> Modules at lists.outoforder.cc
> http://lists.outoforder.cc/mailman/listinfo/modules

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.outoforder.cc/pipermail/modules/attachments/20090911/46d0b1a6/attachment.html

More information about the Modules mailing list