[Modules] packaging for Fedora Core 11

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Sep 13 04:56:10 EDT 2009


Erick Calder wrote:

Hello Erick,

> 2. SRP seemed to fail when the module tried to load, complaining about a
> missing function gnutls_srp_server_get_username.  is there something
> else I need to have installed or is it a bug? I've compiled with
> --disable-srp for now but would like to figure out whether there is a
> hard dependency I should respect

Fedora for their reasons decided to disable SRP from gnutls in their
distribution, thus mod_gnutls cannot support it as well.

> 3.  the document below indicates that without the dhfile or rsafile, the
> module will never work.  however, after making those files don't get
> created... are they no longer needed or is something wrong with my setup?
> 
> http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/

This was the case on older mod_gnutls versions. Now default values will
be used at least for DH file. The rsa file is only needed when you use
the RSA-EXPORT ciphersuites.

> 5. I've placed the following assertives in one of my virtual hosts:
> 
> GnuTLSEnable on
> GnuTLSCertificateFile /path/to/my/crt
> GnuTLSKeyFile /path/to/my/key
> 
> but when I visit the virtual host, the following shows up on the logs:
> 
> [Fri Sep 11 20:09:49 2009] [error] GnuTLS: Hanshake Alert (42)
> 'Certificate is bad'.
> [Fri Sep 11 20:09:49 2009] [error] [client 98.149.115.77] GnuTLS:
> Handshake Failed (-12) 'A TLS fatal alert has been received.'
> 
> the domain is one of two that I'm using to test.  one of them works, the
> other doesn't.  the certificates were generated in the same way and
> signed by the same CA.  what could be the matter here?

It seems that the client (firefox or so) send an alert that he doesn't
like the certificate of that site. Does the browser support virtual tls
hosts (check with firefox 3+ that supports them for sure).

> 6. By turning off GnuTLS on the domain that works ok, I get the message
> below from the second domain:
> 
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)

I don't understand what you describe here. Who is getting this error? It
doesn't look like an error from gnutls.

regards,
Nikos



More information about the Modules mailing list