SSL problem?

[Caio James <ca...@intric.com>]

RH72 on a P4 1.7Ghz/40Gb/256MB

I've compiled Apache/1.3.26, mod_perl/1.27, PHP/4.2.1 w/ mysql support,
DAV/1.0.3, mod_ssl/2.8.10 (OpenSSL 0.9.6b).

I am trying to do Name-Based Virtual Hosts on the same box as IP-Based SSL
Virtual Hosts. We currently do this on an RH7 box with Apache 1.3.19 without
any issue. I want to do the same on this new server, however I want a
compiled version of apache, not one that is "stock" with the OS. I've heard
stock versions can have unforseen holes in them (someone please correct me
if I'm wrong on this).

I understand that each SSL host has to be on an independent IP from the
Name-Based Hosting IP because of the way SSL encryption works.

Here is my problem in a nutshell:

When I add virtual hosts that use a single IP on the server, I have no
problems starting apache and the server runs correctly. Here is a snip from
my httpd.conf file:

/***|SNIP|***\
<VirtualHost 10.0.205.132>
DocumentRoot /home/foo/www/
ServerName foo.com
ServerAlias www.foo.com
</VirtualHost>

<VirtualHost 10.0.205.132>
DocumentRoot /home/foobar/www/
ServerName foobar.com
ServerAlias www.foobar.com
</VirtualHost>
\***|SNIP|***/

The IPs and domains have been changed to protect the innocent, of course. My
problem is, that when I add a new VirtualHost on a different IP, Apache will
not successfully start up. Here is a snip of what I added:

/***|SNIP|***\
<VirtualHost 10.0.205.135>
DocumentRoot /home/bar/www/
ServerName bar.foo.com
</VirtualHost>
\***|SNIP|***/

I then set the error logging to debug mode and tried to start the server
again. Here is the error I found in the error_log:

/***|SNIP|***\
[Thu Jul 11 00:42:09 2002] [info] removed PID file
/usr/local/apache/logs/httpd.pid (pid=2787)
[Thu Jul 11 00:42:09 2002] [notice] caught SIGTERM, shutting down
[Thu Jul 11 00:42:17 2002] [info] mod_unique_id: using ip addr 10.0.205.132
[Thu Jul 11 00:42:18 2002] [crit] (99)Cannot assign requested address:
make_sock: could not bind to address 10.0.205.135 port 80
[Thu Jul 11 00:42:39 2002] [info] mod_unique_id: using ip addr 10.0.205.132
[Thu Jul 11 00:42:40 2002] [info] mod_unique_id: using ip addr 10.0.205.132
[Thu Jul 11 00:42:40 2002] [info] created shared memory segment #360449
[Thu Jul 11 00:42:41 2002] [notice] Apache/1.3.26 (Unix) mod_perl/1.27
PHP/4.2.1 DAV/1.0.3 mod_ssl/2.8.10 OpenSSL/0.9.6b configured -- resuming
normal operations
[Thu Jul 11 00:42:41 2002] [info] Server built: Jul  6 2002 19:14:58
[Thu Jul 11 00:42:41 2002] [notice] Accept mutex: sysvsem (Default: sysvsem)
\***|SNIP|***/

The command I am using to start apache currently is apachectl startssl. I
have also tried using httpd -DSSL to start apache but received the same
error in the log. I currently do not have ANY SSL VirtualHosts configured
other than the default SSL server created by apache at compile time:

/***|SNIP|***\
<VirtualHost _default_:443 >
DocumentRoot /usr/local/apache/htdocs
ServerAdmin root@barfoo.com
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
SSLEngine on
SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
\***|SNIP|***/

I would definitely appreciate any help someone could give me in getting this
server up and running. I need to get this up by Friday or I will be delaying
my vacation until this gets up and DNS records transferred over.

Thanks Again.

Caio


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org