You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "James J. Lippard" <li...@discord.org> on 2002/09/30 19:20:51 UTC

[users@httpd] Issues with Apache 2 mod_auth_dbm w/Berkeley DB and SSL CRLs

I've been working on upgrading to Apache 2, and am stuck on two
remaining issues.

The first is user authentication.  I currently use mod_auth_db (Berkeley
DBs) with Apache 1.3.26.  I am configuring Apache 2 with

./configure --enable-modules="ssl auth_dbm cache proxy speling status rewrite so" --with-berkeley-db=/usr/local/lib

but when I attempt to access a password-protected directory, I get
errors like:

/usr/libexec/ld.so: Undefined symbol "_db_open" called from httpd:/usr/local/a
pache2/lib/libaprutil-0.so.9.2 at 0x401aa328

So somehow the Berkeley db library is not properly being linked.

When I posted this to comp.infosystems.www.servers.unix, I got an
emailed reply from another individual who has seen the same or a
similar issue.

I've experimented with switching to SDBM just to see if I can get
that to work, but I seem to be getting different SDBM libraries
between my user_manage script and the web server.  (The former
generates .dir and .pag files; the latter says it can't find
the user file.)  I'd prefer to use Berkeley DBs to keep my existing
user files, if possible.

---

My second issue is that I use X.509 client certificate authentication,
with a CRL specified.  When I attempt to access any pages using client
certificate authentication, the server claims that the CRL is expired:

[Fri Sep 27 20:23:41 2002] [error] Certificate Verification: Error (12): CRL has expired

even though the CRL does not expire until October 28, 2002--a month
later.

Is this error message perhaps incorrect--maybe it's not finding the CRL,
or doesn't want to see it in PEM format?  I suspect the issue is some
kind of discrepancy between the format it's in and the format desired.

I'm using the SSLCARevocationFile directive, pointing to the .pem file
that contains the CRL for my CA (i.e., it's not a bundle and I'm not
using hash symlinks in an SSLCARevocationPath).

Any assistance in resolving these two issues would be greatly appreciated.
-- 
Jim Lippard        lippard@discord.org       http://www.discord.org/
GPG Key ID: 0xF8D42CFE


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Issues with Apache 2 mod_auth_dbm w/Berkeley DB and SSL CRLs

Posted by "i.t" <i....@ithum.de>.
msg Montag, 30. September 2002 19:20 by James J. Lippard:
> /usr/libexec/ld.so: Undefined symbol "_db_open" called from
> httpd:/usr/local/a pache2/lib/libaprutil-0.so.9.2 at 0x401aa328
>
> So somehow the Berkeley db library is not properly being linked.
>
> When I posted this to comp.infosystems.www.servers.unix, I got an
> emailed reply from another individual who has seen the same or a
> similar issue.

well - with the same ./configure I'll get after make is successfully 
processing sdbm:
***
»/opt/httpd-2.0.42/srclib/apr-util/dbm«
/bin/sh /opt/httpd-2.0.42/srclib/apr/libtool --silent --mode=compile gcc -g 
-O2 -pthread   -DHAVE_CONFIG_H -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 
-D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE   
-I/opt/httpd-2.0.42/srclib/apr-util/include 
-I/opt/httpd-2.0.42/srclib/apr-util/include/private  
-I/opt/httpd-2.0.42/srclib/apr/include  -I/usr/local/lib/include 
-I/opt/httpd-2.0.42/srclib/apr-util/xml/expat/lib  -c apr_dbm.c && touch 
apr_dbm.lo
/bin/sh /opt/httpd-2.0.42/srclib/apr/libtool --silent --mode=compile gcc -g 
-O2 -pthread   -DHAVE_CONFIG_H -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 
-D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE   
-I/opt/httpd-2.0.42/srclib/apr-util/include 
-I/opt/httpd-2.0.42/srclib/apr-util/include/private  
-I/opt/httpd-2.0.42/srclib/apr/include  -I/usr/local/lib/include 
-I/opt/httpd-2.0.42/srclib/apr-util/xml/expat/lib  -c apr_dbm_berkeleydb.c && 
touch apr_dbm_berkeleydb.lo
apr_dbm_berkeleydb.c: In function `vt_db_open':
apr_dbm_berkeleydb.c:200: warning: passing arg 2 of pointer to function from 
incompatible pointer type
apr_dbm_berkeleydb.c:200: warning: passing arg 4 of pointer to function makes 
pointer from integer without a cast
apr_dbm_berkeleydb.c:200: too few arguments to function
***
newest Berkeley DB from sleepycat is installed; I've general problems with 
apr-util compiling a static build with 2.0.42 and 2.0.43dev.
I've just running a Apache/2.0.43-dev with
 mod_authn_dbm.c und  mod_authz_dbm.c etc. as DSO but can't bring it to work 
as a static build.
Well - for me it's only testing, if you urgently need a solution you should 
consider to subscribe to different dev and testers lists, see
http://httpd.apache.org/lists.html

i.t
-- 
 . ___
 |  |  Irmund     Thum
 |  |  


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org