You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by Daniel Gruno <ru...@cord.dk> on 2012/03/22 15:32:25 UTC
ssl/ssl_faq.xml: answer removed in 2.4 - reinstate or delete link?
In the 2.2 documentation, there is a section called `badcert` in
ssl/ssl_faq.xml, which states:
----------------------
*Why do connections fail with an "alert bad certificate" error?*
Errors such as OpenSSL: error:14094412: SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate in the SSL
logfile, are usually caused by a browser which is unable to handle
the server
certificate/private-key. For example, Netscape Navigator 3.x is
unable to handle RSA key lengths not equal to 1024 bits.
----------------------
In the 2.4 docs, this answer has been removed, yet the link to it in the
FAQ section still exists.
Is this link simply to be removed (an oversight), or should the answer
be reinstated?
Granted, the answer does seem to relate to something quite antiquated.
With regards,
Daniel.
RE: ssl/ssl_faq.xml: answer removed in 2.4 - reinstate or delete
link?
Posted by Geoffrey Noakes <Ge...@symantec.com>.
Rich, we have contributed content before, but from our perspective it falls into the Apache black hole, and we never hear from anyone about it.
We are willing to take on the rewriting of the SSL-related content for Apache, but it is important to us that this work ends up being useful and valuable to the Apache community - not just a make-work project.
"Direct" in my mind is a conf call with anyone at Apache on this. Who is/are those people, and about whwn can we talk?
Thanks...
Geoff
From: Rich Bowen [mailto:rbowen@rcbowen.com]
Sent: Friday, March 23, 2012 9:16 AM
To: docs@httpd.apache.org; Geoffrey Noakes
Cc: i.galic@brainsware.org; William Rowe (wrowe@apache.org); Donald Baker; Jeff Barto
Subject: Re: ssl/ssl_faq.xml: answer removed in 2.4 - reinstate or delete link?
On Mar 23, 2012, at 11:46 AM, Geoffrey Noakes wrote:
Igor writes, in part, " Most of ssl/ssl_faq.xml is.
Symantec/VeriSign is willing to contribute resources to fix this -- can someone directly engage with us to understand what will make this better? I ask for "direct" engagement as opposed to batting things back-and-forth endlessly via mail groups.
Thanks...
I have the doc that was contributed towards this purpose. Or a doc, I should say. The one about multi-use SSL certificates that was sent to this list. I fully intended to roll it into the docs, but I have to admit that it was above my SSL-fu, and so I never got much further than trying to understand it.
What would constitute "direct" to you? Phone? Email? Skype? Let me know. You may contact me directly (rbowen@apache.org<ma...@apache.org>) for phone info if that helps.
As to what would help, we'd love to have the various parts of http://httpd.apache.org/docs/current/ssl/ replaced/updated with something that is correct, useful, and modern. What is there ... well, isn't.
If the current arrangement of that doc or set of docs doesn't make sense, let's scrap it and start over. Most of that prose is a decade old, and was written by someone who, while a genius in the field, didn't have English as his first language.
We are completely open to your suggestions, recommendation, patches, or whatever.
--
Rich Bowen
rbowen@rcbowen.com<ma...@rcbowen.com> :: @rbowen
rbowen@apache.org<ma...@apache.org>
Re: ssl/ssl_faq.xml: answer removed in 2.4 - reinstate or delete link?
Posted by Rich Bowen <rb...@rcbowen.com>.
On Mar 23, 2012, at 11:46 AM, Geoffrey Noakes wrote:
> Igor writes, in part, " Most of ssl/ssl_faq.xml is.
>
> Symantec/VeriSign is willing to contribute resources to fix this -- can someone directly engage with us to understand what will make this better? I ask for "direct" engagement as opposed to batting things back-and-forth endlessly via mail groups.
>
> Thanks...
I have the doc that was contributed towards this purpose. Or a doc, I should say. The one about multi-use SSL certificates that was sent to this list. I fully intended to roll it into the docs, but I have to admit that it was above my SSL-fu, and so I never got much further than trying to understand it.
What would constitute "direct" to you? Phone? Email? Skype? Let me know. You may contact me directly (rbowen@apache.org) for phone info if that helps.
As to what would help, we'd love to have the various parts of http://httpd.apache.org/docs/current/ssl/ replaced/updated with something that is correct, useful, and modern. What is there ... well, isn't.
If the current arrangement of that doc or set of docs doesn't make sense, let's scrap it and start over. Most of that prose is a decade old, and was written by someone who, while a genius in the field, didn't have English as his first language.
We are completely open to your suggestions, recommendation, patches, or whatever.
--
Rich Bowen
rbowen@rcbowen.com :: @rbowen
rbowen@apache.org
RE: ssl/ssl_faq.xml: answer removed in 2.4 - reinstate or delete
link?
Posted by Geoffrey Noakes <Ge...@symantec.com>.
Igor writes, in part, " Most of ssl/ssl_faq.xml is.
Symantec/VeriSign is willing to contribute resources to fix this -- can someone directly engage with us to understand what will make this better? I ask for "direct" engagement as opposed to batting things back-and-forth endlessly via mail groups.
Thanks...
Geoff
-----Original Message-----
From: Igor Galić [mailto:i.galic@brainsware.org]
Sent: Friday, March 23, 2012 8:23 AM
To: docs@httpd.apache.org
Subject: Re: ssl/ssl_faq.xml: answer removed in 2.4 - reinstate or delete link?
That looks like my doing - I seem to have deleted too little.
Most of ssl/ssl_faq.xml is rubbish :-(
----- Original Message -----
> On Thu, Mar 22, 2012 at 10:32 AM, Daniel Gruno <ru...@cord.dk>
> wrote:
> > In the 2.2 documentation, there is a section called `badcert` in
> > ssl/ssl_faq.xml, which states:
> > ----------------------
> > Why do connections fail with an "alert bad certificate" error?
> > Errors such as OpenSSL: error:14094412: SSL
> > routines:SSL3_READ_BYTES:sslv3
> > alert bad certificate in the SSL
> > logfile, are usually caused by a browser which is unable to
> > handle the
> > server
> > certificate/private-key. For example, Netscape Navigator 3.x is
> > unable to handle RSA key lengths not equal to 1024 bits.
> > ----------------------
> >
> > In the 2.4 docs, this answer has been removed, yet the link to it
> > in the FAQ
> > section still exists.
> > Is this link simply to be removed (an oversight), or should the
> > answer be
> > reinstated?
> > Granted, the answer does seem to relate to something quite
> > antiquated.
> >
>
> I'd kill the link, the content would likely be misleading if someone
> had a similar symptom today.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
>
>
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: ssl/ssl_faq.xml: answer removed in 2.4 - reinstate or delete link?
Posted by Rich Bowen <rb...@rcbowen.com>.
On Mar 23, 2012, at 11:22 AM, Igor Galić wrote:
> That looks like my doing - I seem to have deleted too little.
> Most of ssl/ssl_faq.xml is rubbish :-(
Yes, both the FAQ and the howto docs could stand to be completely scrapped. Unfortunately, SSL is one of the topics about which we seem to know the least. Someone prove me wrong. :)
--
Rich Bowen
rbowen@rcbowen.com :: @rbowen
rbowen@apache.org
Re: ssl/ssl_faq.xml: answer removed in 2.4 - reinstate or delete link?
Posted by Igor Galić <i....@brainsware.org>.
That looks like my doing - I seem to have deleted too little.
Most of ssl/ssl_faq.xml is rubbish :-(
----- Original Message -----
> On Thu, Mar 22, 2012 at 10:32 AM, Daniel Gruno <ru...@cord.dk>
> wrote:
> > In the 2.2 documentation, there is a section called `badcert` in
> > ssl/ssl_faq.xml, which states:
> > ----------------------
> > Why do connections fail with an "alert bad certificate" error?
> > Errors such as OpenSSL: error:14094412: SSL
> > routines:SSL3_READ_BYTES:sslv3
> > alert bad certificate in the SSL
> > logfile, are usually caused by a browser which is unable to
> > handle the
> > server
> > certificate/private-key. For example, Netscape Navigator 3.x is
> > unable to handle RSA key lengths not equal to 1024 bits.
> > ----------------------
> >
> > In the 2.4 docs, this answer has been removed, yet the link to it
> > in the FAQ
> > section still exists.
> > Is this link simply to be removed (an oversight), or should the
> > answer be
> > reinstated?
> > Granted, the answer does seem to relate to something quite
> > antiquated.
> >
>
> I'd kill the link, the content would likely be misleading if someone
> had a similar symptom today.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
>
>
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: ssl/ssl_faq.xml: answer removed in 2.4 - reinstate or delete link?
Posted by Eric Covener <co...@gmail.com>.
On Thu, Mar 22, 2012 at 10:32 AM, Daniel Gruno <ru...@cord.dk> wrote:
> In the 2.2 documentation, there is a section called `badcert` in
> ssl/ssl_faq.xml, which states:
> ----------------------
> Why do connections fail with an "alert bad certificate" error?
> Errors such as OpenSSL: error:14094412: SSL routines:SSL3_READ_BYTES:sslv3
> alert bad certificate in the SSL
> logfile, are usually caused by a browser which is unable to handle the
> server
> certificate/private-key. For example, Netscape Navigator 3.x is
> unable to handle RSA key lengths not equal to 1024 bits.
> ----------------------
>
> In the 2.4 docs, this answer has been removed, yet the link to it in the FAQ
> section still exists.
> Is this link simply to be removed (an oversight), or should the answer be
> reinstated?
> Granted, the answer does seem to relate to something quite antiquated.
>
I'd kill the link, the content would likely be misleading if someone
had a similar symptom today.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org