SSL & Apache

Statut
N'est pas ouverte pour d'autres réponses.

sebge2

Elite
[Sat Dec 11 17:46:20 2004] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]

voila j'ai ce problème la hiii g cherché un peu partout tjs pas trouvé !

j'ai essayé sslcache un truc du genre avc le paramètre a coté je l'ai mis un peu partout ds les fichiers de config et tjs ca ... (c p'tr pas clair ce que je dis lol)

enfin le plus important est ce que qqqun a deja réussi à résoudre ce probleme ... si oui cmt .. ?

merci :mrgreen:
 

noLain

www.wearewise.be
j'ai trouvé ca, c'est sur win32,
mais la config d'apache ne devrait pas trop changer:
lien
 
1er
OP
sebge2

sebge2

Elite
merci :wink:

le problème je pense c'est que je pense que si j'essaye ifdefine SSl ou if module mod_ssl.c ou .so et que je met n'importe quoi dedans il ne rouspette pas en démarrant apache :s

<IfModule mod_ssl.so>

fdfdsfsdfsdfsd



d'ou interrogation ... mdr pourtant mon module est bien demandé au lancement arf ! je comprendrais pourquoi ma cache merde vu que je la configure toujours derrière des if ... :cry:
 
1er
OP
sebge2

sebge2

Elite
voila j'ai réussi a ce qu'il prenne en compte :)

<IfModule mod_ssl.c>

tjs un probleme mnt :s pas d'erreur ds aucun log ... je tappe https://VHOST ca va pas ms http://VHOST:443 oui mdr et ds les logs de l'accès au ssl il ma bien dit que j'avais eu une requete pour voir et aucune merde quoi :s bizar ! :cry:
 
1er
OP
sebge2

sebge2

Elite
Code:
[Sun Dec 12 21:29:45 2004] [alert] httpd-perl: Could not determine the server's fully qualified domain name, using 192.168.0.2 for ServerName
[Sun Dec 12 21:29:45 2004] [error] VirtualHost 192.168.0.2:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Sun Dec 12 21:29:45 2004] [error] VirtualHost 192.168.0.2:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Sun Dec 12 21:29:45 2004] [error] VirtualHost 192.168.0.2:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Sun Dec 12 21:29:45 2004] [error] VirtualHost 192.168.0.2:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Sun Dec 12 21:29:45 2004] [error] VirtualHost 192.168.0.2:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
voila mon erreur j'ai essayé de trouver à gauche et a droite tjs pas trouver de soluce !

NamevirtualHost 192.168.0.2

<VirtualHost 192.168.0.2>


arf ! merci :roll:
 

Sub7

Touriste
Ton port = Combien alors?
Si il t'affiche 192.168.0.2:0 c'est que tu n'as peut etre pas spécifié le port du virtual !

ex:
Code:
#
# Use name-based virtual hosting.
#
NameVirtualHost *:443 // non pas 80 ou 0
Montres ton httpd.conf sur le virtualHost
 

Sklux

Touriste
Ca répond pas vraiment à ton problème, mais j'en profite.
Pour ceux qui sont intéressé par Apache +SSL, il y a un projet
opensource intéressant : www.opensa.org
 
1er
OP
sebge2

sebge2

Elite
Why can't I use SSL with name-based/non-IP-based virtual hosts?

The reason is very technical. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to dispatch to the correct virtual server Apache has to know the Host HTTP header field. For this the HTTP request header has to be read. This cannot be done before the SSL handshake is finished. But the information is already needed at the SSL handshake phase. Bingo!
Why is it not possible to use Name-Based Virtual Hosting to identify different SSL virtual hosts?

Name-Based Virtual Hosting is a very popular method of identifying different virtual hosts. It allows you to use the same IP address and the same port number for many different sites. When people move on to SSL, it seems natural to assume that the same method can be used to have lots of different SSL virtual hosts on the same server.

It comes as rather a shock to learn that it is impossible.

The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the problem is that the SSL session is a separate transaction that takes place before the HTTP session even starts. Therefore all the server receives is an SSL request on IP address X and port Y (usually 443). Since the SSL request does not contain any Host: field, the server has no way to decide which SSL virtual host to use. Usually, it will just use the first one it finds that matches the port and IP address.

You can, of course, use Name-Based Virtual Hosting to identify many non-SSL virtual hosts (all on port 80, for example) and then you can have no more than 1 SSL virtual host (on port 443). But if you do this, you must make sure to put the non-SSL port number on the NameVirtualHost directive, e.g.
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html

mm je me demande si ce n'est pas ca le problème :cry:
 
Statut
N'est pas ouverte pour d'autres réponses.
Haut