> -----Original Message----- > From: GOMEZ Henri [mailto:[EMAIL PROTECTED]] > Sent: Friday, November 02, 2001 9:29 AM > To: Tomcat Developers List > Cc: [EMAIL PROTECTED] > Subject: RE: DO NOT REPLY [Bug 4545] New: - Webapp connector > seg faults > u nder an SSL connection > > > >> Environment is httpd 1.3.22, built with mod_ssl 2.8.5. The > >only changes to > >> httpd.conf were to make the WebApp connection and > >WebAppDeploy of examples. > >> > >> It looks like it's seg faulting on trying to get the ssl > key size in > >> mod_webapp.c, at rec->ssld->size = atoi(ssl_tmp). I suspect that > >> SSL_CIPHER_USEKEYSIZE isn't in the environment, which is > >where ssl_temp has > >> just been read from. > > > >I will have a look to it... Has it is my bad... > > Normal, you need to have the SSLVars exported by mod_ssl. > > From : > http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html > > When using mod_jk with Apache & mod_ssl, it is essential to specify > "SSLOptions +StdEnvVars +ExportCertData" in the httpd.conf file. > > Otherwise, mod_ssl will not produce the neccessary > environment variables for > mod_jk. > from (Tilo Christ <[EMAIL PROTECTED]>). >
Requiring StdEnvVars is NOT a good thing, though. It adds a fair bit of overhead to the SSL connection, which is why it was made an option. Most httpd.confs will only turn it on for cgi and shtml. Tomcat wants it turned on for everything. For Apache 2.0, it should be possible to avoid this all. With mod_ssl a standard component, it should be possible to use ap_table_get for everything. Any other ssl implementation should support the same interface. <><><><><><><><><><><><><><><><><><><><><>This electronic mail transmission may contain confidential information and is intended only for the person(s) named. Any use, copying or disclosure by any other person is strictly prohibited. If you have received this transmission in error, please notify the sender via e-mail. <><><><><><><><><><><><><><><><><><><><><> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
