You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "Akins, Brian" <Br...@turner.com> on 2005/06/21 02:12:19 UTC

Reward SSL and IE

Not the most appropriate forum, but we are willing to pay a reward to
someone who can definitively help use with a mod_ssl (Apache 2.0.54) and IE
issue.  It seems to only affect older versions (5.5 and early 6).  We have
tried various work arounds from the net but to no avail.  Call me at
404-545-6217 to discuss problem, money, etc.  This is URGENT.

I am not very skilled in ssl (first experience in over 5 years), so I am
calling on the experts.  Call your friends if they can help...




-- 
Brian Akins
Lead Systems Engineer
CNN Internet Technologies

Re: Reward SSL and IE

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

At 02:27 PM 6/21/2005, Jeff White wrote:

>Is one's latest web server compiled with
>the Microsoft designed (for any OS)
>Safer CRT libraries?

There's nothing "Safe" about the standard C library or Microsoft's 
library, except how they are used.  Most all necessary behaviors 
(buffer length args to avoid overruns, etc) are now part of all 
modern c  libraries, in a posix compliant flavors.

Sadly, and par for course, Microsoft is disinterested in any
portability.  Therefore relatively trivial conventions become
convoluted as Microsoft pollutes the namespace with their own
proprietary inventions.

In fact the HTTP project believes in certain typical C library
behaviors as much safer than Microsoft's concept of "safety".
For example, dereferencing a NULL pointer is something that can
happen throughout the httpd server code.  In every case, a non-
NULL value is an unexpected fatal condition, and every platform
will fault when that condition occurs.

Is it "better" than wordy error messages and clean failures?
That's left as an exercise to the developer.  But in this team's
opinion, allowing the compiler and library to do exactly what 
they were designed to do, and break upon hitting these exceptions,
ensures that no further processing occurs for broken code.

Since there is no error in processing this request, but it happens
to be a logic error in SSL handshaking, I doubt either fiddler or
ethereal will help any for the casual developer.  Certainly the
'safe' libraries would do little to nothing.

Bill

Re: Reward SSL and IE

Posted by Jeff White <jl...@earthlink.net>.

From: "Akins, Brian"


> definitively help use with a mod_ssl
> (Apache 2.0.54) and IE issue.

As posted all the time on
the Apache users list:

MSN Search
http://search.msn.com/results.aspx?q=fiddler+http
http://search.msn.com/results.aspx?q=%27IEBlog+A+HTTP+Detective+Story%27

What is Fiddler?
http://weblogs.asp.net/ssadasivuni/archive/2005/06/08/410834.aspx

Is one's latest web server compiled with
the Microsoft designed (for any OS)
Safer CRT libraries?

Jeff