<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">as a matter of interest, it appears that the second domain doesn't even get processed i.e. removing the key and cert files doesn't prevent the server from starting:<div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span><VirtualHost 192.168.0.2:443></div><div> ServerName <a href="http://www.domain2.com">www.domain2.com</a></div><div><div><div> GnuTLSEnable on</div><div> GnuTLSPriorities NORMAL:%COMPAT</div><div> GnuTLSCertificateFile /var/www/ssl/<a href="http://www.domain2.com.crt">www.domain2.com.crt</a></div><div> GnuTLSKeyFile /var/www/ssl/<a href="http://www.domain2.com.key">www.domain2.com.key</a></div><div><br></div><div># ls /var/www/ssl</div><div><div>-rw-r--r-- 1 root root 4243 2009-09-10 02:02 <a href="http://www.domain1.com.crt">www.domain1.com.crt</a></div><div>-rw------- 1 root root 887 2009-09-10 02:02 <a href="http://www.domain1.com.key">www.domain1.com.key</a></div><div>-rw-r--r-- 1 root root 4279 2009-09-11 20:09 xxx.domain2.com.crt</div><div>-rw------- 1 root root 887 2009-09-11 20:07 xxx.domain2.com.key</div><div><br></div></div><div># service httpd restart</div><div><div>Stopping httpd: [ OK ]</div><div>Starting httpd: [ OK ]</div><div><br></div></div><div><div><div>On Sep 11, 2009, at 8:52 PM, Erick Calder wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I'm attempting to package this module as an RPM for the Fedora distribution. I've come across some problems I need help with:<div><br></div><div>1. relocation of the install seems ignored... if I run:</div><div><br></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">make DESTDIR=/tmp install</blockquote><div><br></div><div>the makefile still attempts to install to /usr. this is problematic for building RPMs but I don't know enough about automake to patch the needed files.</div><div><br></div><div>2. SRP seemed to fail when the module tried to load, complaining about a missing function gnutls_srp_server_get_username. is there something else I need to have installed or is it a bug? I've compiled with --disable-srp for now but would like to figure out whether there is a hard dependency I should respect</div><div><br></div><div>3. the document below indicates that without the dhfile or rsafile, the module will never work. however, after making those files don't get created... are they no longer needed or is something wrong with my setup?</div><div><br></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><span class="Apple-tab-span" style="white-space:pre"><a href="http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/">http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/</a></span></blockquote><div><br></div><div>4. I've set up a session cache via the command below:</div><div><br></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">GnuTLSCache dbm "/var/cache/mod_gnutls"</blockquote><div><br></div><div><font class="Apple-style-span" face="monospace"><span class="Apple-style-span" style="white-space: pre; "><font class="Apple-style-span" face="Helvetica"><span class="Apple-style-span" style="white-space: normal;">however the directory remains empty after I restart the server and instead I see two files: mod_gnutls.dir and mod_gnutls.pag in /var/cache... this seems wrong?</span></font></span></font></div><div><br></div><div>5. I've placed the following assertives in one of my virtual hosts:</div><div><br></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">GnuTLSEnable on<br>GnuTLSCertificateFile /path/to/my/crt<br>GnuTLSKeyFile /path/to/my/key</blockquote><div><br></div><div>but when I visit the virtual host, the following shows up on the logs:</div><div><br></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">[Fri Sep 11 20:09:49 2009] [error] GnuTLS: Hanshake Alert (42) 'Certificate is bad'.<br>[Fri Sep 11 20:09:49 2009] [error] [client 98.149.115.77] GnuTLS: Handshake Failed (-12) 'A TLS fatal alert has been received.'</blockquote><div><div><br></div><div>the domain is one of two that I'm using to test. one of them works, the other doesn't. the certificates were generated in the same way and signed by the same CA. what could be the matter here?</div><div><br></div><div>I found this:</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> <a href="http://www.mail-archive.com/help-gnutls@gnu.org/msg00775.html">http://www.mail-archive.com/help-gnutls@gnu.org/msg00775.html</a></span></div><div><br></div><div>which seems somewhat relevant but my tarball doesn't have an auth_cert.c - help?</div><div><br></div><div>6. By turning off GnuTLS on the domain that works ok, I get the message below from the second domain:</div><div><br></div><div><div></div></div></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">SSL received a record that exceeded the maximum permissible length.<br>(Error code: ssl_error_rx_record_too_long)</blockquote><div><div><br></div><div>ok. enough for now. hope someone can help. sigh.</div><div><br></div><div>- e</div></div></div>_______________________________________________<br>Modules mailing list<br><a href="mailto:Modules@lists.outoforder.cc">Modules@lists.outoforder.cc</a><br>http://lists.outoforder.cc/mailman/listinfo/modules<br></blockquote></div><br></div></div></div></body></html>