pi3web-users Mailing List for Pi3Web (Page 3)
Brought to you by:
zimpel
Menu
▾
▴
pi3web-users — Pi3Web user group mailing list
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(3) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(10) |
Feb
(8) |
Mar
|
Apr
(1) |
May
(3) |
Jun
(7) |
Jul
(2) |
Aug
|
Sep
(11) |
Oct
(7) |
Nov
|
Dec
(2) |
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
(15) |
May
|
Jun
(2) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
(5) |
Dec
|
| 2004 |
Jan
|
Feb
(9) |
Mar
(2) |
Apr
(5) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2005 |
Jan
(6) |
Feb
|
Mar
|
Apr
(1) |
May
(2) |
Jun
(2) |
Jul
(5) |
Aug
(2) |
Sep
(8) |
Oct
(4) |
Nov
(1) |
Dec
(1) |
| 2006 |
Jan
|
Feb
(2) |
Mar
(1) |
Apr
(1) |
May
|
Jun
(1) |
Jul
(3) |
Aug
(4) |
Sep
(2) |
Oct
(7) |
Nov
(1) |
Dec
|
|
From: <dav...@ya...> - 2003-04-02 11:20:22
|
Does pi3web support Oracle? __________________________________________________ Yahoo! Plus For a better Internet experience http://www.yahoo.co.uk/btoffer |
|
From: Bradford B. <bb...@in...> - 2002-10-28 15:51:48
|
What language are you using for your CGI programs? Perl, C other? Brad Bruce -----Original Message----- From: E. Charette [mailto:cs...@sy...] Sent: Sunday, October 27, 2002 1:57 PM To: pi3...@li... Subject: [Pi3web-users] hi, i have a problem i can never seam to get any cgi to work, given i may be doing something wrong but i think i got it right. some times the cgi ask for something like where is you lib.pl or something like that, does the server have that, i was wondering if i need to get an add-on or something, my site is nothing special but i would need to use cgi |
|
From: Bradford B. <bb...@in...> - 2002-10-27 20:48:37
|
What language have you written your CGI program in? Perl, C, VB etc. Brad Bruce ----- Original Message -----=20 From: E. Charette=20 To: pi3...@li...=20 Sent: Sunday, October 27, 2002 1:56 PM Subject: [Pi3web-users] hi, i have a problem i can never seam to get any cgi to work, given i may be doing = something wrong but i think i got it right. some times the cgi ask for = something like where is you lib.pl or something like that, does the = server have that, i was wondering if i need to get an add-on or = something, my site is nothing special but i would need to use cgi |
|
From: E. C. <cs...@sy...> - 2002-10-27 18:53:46
|
i can never seam to get any cgi to work, given i may be doing something = wrong but i think i got it right. some times the cgi ask for something = like where is you lib.pl or something like that, does the server have = that, i was wondering if i need to get an add-on or something, my site = is nothing special but i would need to use cgi |
|
From: <zi...@t-...> - 2002-10-03 09:46:39
|
Raphaël Précigout wrote: > Hello Holger, ^^ Hello Raphaël, > Sorry to insist but there's one point I didn't understand : > I have an HTTPS server (Pi3web with SSL) and I configured a realm (with basic authentication and populated with 2 users) protecting a "/Private/" directory. > When one of the users in the realm connects to the web site (in the root directory) there's no problem. When this user goes to "/private/" directory there's no authentication dialog box and the relevant page (ie /private/index.htm) can not be viewed. In fact nobody can gain any access to the "/private/" directory. > I thought I would have an authentication dialog box when going to "/private/" ?? ^^ It seems I overlooked this in the last mail. However it works flawlessly, if I tried the same thing here. Does the predefined administration realm work (i.e. after adding a new user to realm administration access to https://yourhost/admin/ should be password protected and only accessible for this user)? Another idea: There's a known bug in the 2.01 related to accessing sub- directories of the WebRoot\. The reason is the 'PathInfo="Yes"' parameter of this mapping (Look into Pi3Web/Conf/Config.pi3). I added to this mapping in order to enable PathInfo for PHP4 scripts, but unfortunately this triggers an built in automatic redirect for incomplete paths recursive. For diagnostics open ./Pi3Web/Logs/access.txt and look for a log entries like 127.0.0.1 127.0.0.1 - [03/Oct/2002:10:44:40 +0200] "GET /test/index.htm HTTP/1.1" 301 686 127.0.0.1 127.0.0.1 - [03/Oct/2002:10:44:40 +0200] "GET /test/index.htm/ HTTP/1.1" 301 687 127.0.0.1 127.0.0.1 - [03/Oct/2002:10:44:40 +0200] "GET /test/index.htm// HTTP/1.1" 301 688 127.0.0.1 127.0.0.1 - [03/Oct/2002:10:44:40 +0200] "GET /test/index.htm/// HTTP/1.1" 301 689 A workaround is the deletion of the mentioned parameter from the configuration file. It's a bit inconvenient because this configuration line is overwritten again, if the GUI admin saves any changes. Let me know, if this is the reason and if you need a fast fix. I could prepare a patch, if required, since this bug is already fixed in the development workstream. > The browser I used for this test is MS IE 5.5 SP2. > I tried with Netscape 4.77 with the same result (the protected pages are not served) (message stating that "this document contained no data") ^^ Can you switch on debug log, restart the server, attempt to open URL https://yourhost/private/, stop the server and then provide me the file ./Pi3Web/Logs/debug.txt? > The next question is how I could manage both confidentiality (SSL) and authentication of users connected ? ^^ Since SSL is server wide, it is pretty independant from users, realms and vhosts. But basically it works to have password protected realms in an SSL server. > Than you again for your (past, present and... futur) help Holger ^^ Don't mention it. Sorry for any inconvenience. > Regards, > Raphaël -- regards Holger TMTOWTDI - There's More Than One Way To Do It - Perl motto ---------------------------------------------------------- Holger 'zimpel' Zimmermann ---------------------------------------------------------- Wendishain Germany ---------------------------------------------------------- http://home.t-online.de/home/zimpel/ http://pi3web.sourceforge.net/ mailto:zi...@t-... ---------------------------------------------------------- |
|
From: <rap...@fr...> - 2002-10-02 23:53:18
|
Hello Holger, Sorry to insist but there's one point I didn't understand : I have an HTTPS server (Pi3web with SSL) and I configured a realm (with = basic authentication and populated with 2 users) protecting a = "/Private/" directory. When one of the users in the realm connects to the web site (in the root = directory) there's no problem. When this user goes to "/private/" = directory there's no authentication dialog box and the relevant page (ie = /private/index.htm) can not be viewed. In fact nobody can gain any = access to the "/private/" directory. I thought I would have an authentication dialog box when going to = "/private/" ?? The browser I used for this test is MS IE 5.5 SP2. I tried with Netscape 4.77 with the same result (the protected pages are = not served) (message stating that "this document contained no data") The next question is how I could manage both confidentiality (SSL) and = authentication of users connected ? Than you again for your (past, present and... futur) help Holger Regards, Rapha=EBl ----- Original Message -----=20 From: "Holger Zimmermann" <zi...@t-...> To: "Rapha=EBl Pr=E9cigout" <rap...@fr...> Cc: <pi3...@li...> Sent: Wednesday, October 02, 2002 6:57 AM Subject: Re: [Pi3web-users] Users, Realm and authentication > Rapha=EBl Pr=E9cigout wrote: >=20 > > Hello, >=20 > ^^ > Hello, Rapha=EBl, >=20 >=20 > >=20 > > I recently installed Pi3web, so forgive me I'm a beginner... >=20 > ^^ > everyone is a beginner, anytime. So don't hesitate to ask. >=20 >=20 > >=20 > > I configured Pi3web (HTTP server) with 5 or 6 users and 2 realms = (Private_Users (basic authentication), High_Level_Users (digest = authentication)) : > > ** If I have more than 1 user in the realm used for a directory then = no authentication dialog appears on web client's screen and every one = seems to be able to browse my site. If I have only one user in the realm = then no problem, the authentication process occurs. (realm is basic). > > ** When I use a realm with digest authentication (no matter how many = users are in this realm), no authentication dialog box appears on the = client's browser and every one can browse my site. >=20 > ^^ > Neither Netscape nor M$IE browsers currently support this. > Opera is the only browser I know, which provides built in > Digest Access Authentication support. >=20 >=20 > >=20 > > I did the same test with Pi3web configured with SSL : > > ** whatever the authentication scheme is for the realm which = protects a directory or whatever the number of users in the relevant = realm is, no authentication dialog box appears on the client's side, but = nobody can access the protected directory. >=20 > ^^ > Refer to above. It is independant from SSL. >=20 > Btw., SSL. There is a known and documented > (http://marc.theaimsgroup.com/?t=3D100724237500001&r=3D1&w=3D2 > an archive of the openssl-users mailing list) problem > with openssl and Netscape 6.2, which leads to a connection > timeout, if the site contains e.g. images, which will > induce HTTP sub-requests. This seems to be caused by a > strange multithreading behaviour of the Netscape browser. > The browser opens a 2nd SSL connection in parallel to the > primary, and waits to start with the SSL handshake, until > the server closes the first. The openssl does the opposite > keeps the first open, waiting for more data from the browser... >=20 >=20 > >=20 > > Did you experienced this kind of problem ? >=20 > ^^ >=20 > Yes, the browser vendors should integrate this, because it is an open = standard, > much more secure than basic auth. (however basic auth. through SSL is = similar). > For NT server the NTLM could be used, which is based on NT challenge = response. > The user management is then moved from server to the OS. >=20 >=20 > >=20 > > I'm quite sure I've missed something but I don't know what... >=20 > ^^ > Now you know it. It isn't you, who misses something. >=20 >=20 > >=20 > > Thank you for your help. > >=20 > > Moreover I would suggest a potential improvement which I think is a = more user friendly way to manage users and realms : > > 1. create a table of users > > 2. create a table of realms > > 3. populate each realm with users you can pick from the list of = users (so that you allow a user to be in more than one group) and (if = possible) populate the realms with other realms... >=20 > ^^ > Yip, very good idea, I still made this proposal to John Roy, > when I was a newbie with Pi3Web. Now I maintain and develop > the whole Pi3Web but unfortunately, haven't found the time > in order to realize this. >=20 >=20 > >=20 > > Thank you for your help. >=20 > ^^ > You're welcome. >=20 >=20 > >=20 > > Raphael > >=20 > >=20 > >=20 > > ------------------------------------------------------- > > This sf.net email is sponsored by: DEDICATED SERVERS only $89! > > Linux or FreeBSD, FREE setup, FAST network. Get your own server=20 > > today at http://www.ServePath.com/indexfm.htm > > _______________________________________________ > > Pi3web-users mailing list > > Pi3...@li... > > https://lists.sourceforge.net/lists/listinfo/pi3web-users > >=20 > >=20 >=20 >=20 > --=20 > regards > Holger >=20 > TMTOWTDI - There's More Than One Way To Do It - Perl motto > ---------------------------------------------------------- > Holger 'zimpel' Zimmermann > ---------------------------------------------------------- > Wendishain > Germany > ---------------------------------------------------------- > http://home.t-online.de/home/zimpel/ > http://pi3web.sourceforge.net/ >=20 > mailto:zi...@t-... > ---------------------------------------------------------- >=20 > |
|
From: <zi...@t-...> - 2002-10-02 05:07:36
|
Raphaël Précigout wrote: > Hello, ^^ Hello, Raphaël, > > I recently installed Pi3web, so forgive me I'm a beginner... ^^ everyone is a beginner, anytime. So don't hesitate to ask. > > I configured Pi3web (HTTP server) with 5 or 6 users and 2 realms (Private_Users (basic authentication), High_Level_Users (digest authentication)) : > ** If I have more than 1 user in the realm used for a directory then no authentication dialog appears on web client's screen and every one seems to be able to browse my site. If I have only one user in the realm then no problem, the authentication process occurs. (realm is basic). > ** When I use a realm with digest authentication (no matter how many users are in this realm), no authentication dialog box appears on the client's browser and every one can browse my site. ^^ Neither Netscape nor M$IE browsers currently support this. Opera is the only browser I know, which provides built in Digest Access Authentication support. > > I did the same test with Pi3web configured with SSL : > ** whatever the authentication scheme is for the realm which protects a directory or whatever the number of users in the relevant realm is, no authentication dialog box appears on the client's side, but nobody can access the protected directory. ^^ Refer to above. It is independant from SSL. Btw., SSL. There is a known and documented (http://marc.theaimsgroup.com/?t=100724237500001&r=1&w=2 an archive of the openssl-users mailing list) problem with openssl and Netscape 6.2, which leads to a connection timeout, if the site contains e.g. images, which will induce HTTP sub-requests. This seems to be caused by a strange multithreading behaviour of the Netscape browser. The browser opens a 2nd SSL connection in parallel to the primary, and waits to start with the SSL handshake, until the server closes the first. The openssl does the opposite keeps the first open, waiting for more data from the browser... > > Did you experienced this kind of problem ? ^^ Yes, the browser vendors should integrate this, because it is an open standard, much more secure than basic auth. (however basic auth. through SSL is similar). For NT server the NTLM could be used, which is based on NT challenge response. The user management is then moved from server to the OS. > > I'm quite sure I've missed something but I don't know what... ^^ Now you know it. It isn't you, who misses something. > > Thank you for your help. > > Moreover I would suggest a potential improvement which I think is a more user friendly way to manage users and realms : > 1. create a table of users > 2. create a table of realms > 3. populate each realm with users you can pick from the list of users (so that you allow a user to be in more than one group) and (if possible) populate the realms with other realms... ^^ Yip, very good idea, I still made this proposal to John Roy, when I was a newbie with Pi3Web. Now I maintain and develop the whole Pi3Web but unfortunately, haven't found the time in order to realize this. > > Thank you for your help. ^^ You're welcome. > > Raphael > > > > ------------------------------------------------------- > This sf.net email is sponsored by: DEDICATED SERVERS only $89! > Linux or FreeBSD, FREE setup, FAST network. Get your own server > today at http://www.ServePath.com/indexfm.htm > _______________________________________________ > Pi3web-users mailing list > Pi3...@li... > https://lists.sourceforge.net/lists/listinfo/pi3web-users > > -- regards Holger TMTOWTDI - There's More Than One Way To Do It - Perl motto ---------------------------------------------------------- Holger 'zimpel' Zimmermann ---------------------------------------------------------- Wendishain Germany ---------------------------------------------------------- http://home.t-online.de/home/zimpel/ http://pi3web.sourceforge.net/ mailto:zi...@t-... ---------------------------------------------------------- |
|
From: <rap...@fr...> - 2002-10-02 00:47:59
|
Hello, I recently installed Pi3web, so forgive me I'm a beginner... I configured Pi3web (HTTP server) with 5 or 6 users and 2 realms = (Private_Users (basic authentication), High_Level_Users (digest = authentication)) : ** If I have more than 1 user in the realm used for a directory then no = authentication dialog appears on web client's screen and every one seems = to be able to browse my site. If I have only one user in the realm then = no problem, the authentication process occurs. (realm is basic). ** When I use a realm with digest authentication (no matter how many = users are in this realm), no authentication dialog box appears on the = client's browser and every one can browse my site. I did the same test with Pi3web configured with SSL : ** whatever the authentication scheme is for the realm which protects a = directory or whatever the number of users in the relevant realm is, no = authentication dialog box appears on the client's side, but nobody can = access the protected directory. Did you experienced this kind of problem ? I'm quite sure I've missed something but I don't know what... Thank you for your help. Moreover I would suggest a potential improvement which I think is a more = user friendly way to manage users and realms : 1. create a table of users 2. create a table of realms 3. populate each realm with users you can pick from the list of users = (so that you allow a user to be in more than one group) and (if = possible) populate the realms with other realms... Thank you for your help. Raphael |
|
From: <zi...@t-...> - 2002-09-29 07:23:17
|
Raphaël Précigout wrote: > Hi Holger, ^^ Hi Raphaël, > As soon as my web site's key didn't contained any passphrase, everything > was going OK. ^^ Ok, I already think about a mechanism for entering passphrase during server startup. (1) > Another Question : Is it possible to run more than one instance of > Pi3web on the same computer at the same time ? for exemple I would run ^^ Yes, it is possible as long as the instances don't have conflicting IP-address/port or listen at 0.0.0.0 (i.e. INADDR_ANY). (2) > one HTTP server and one HTTPS server at the same time (because as I saw > on the GUI I have to chose if I want SSL or not, and if yes the whole > web server becomes to be secured through HTTPS). I can imagine 2 ^^ Yes it is possible. However the current Pi3Web implementation misses HTTP/HTTPS for virtual hosts due two 2 facts: - The server design allows currently only one single TCP port. (3) - openssl isn't re-entrant (threadsafe). (4) In sum the concepts of virtual hosts and SSL with Pi3Web are currently not sufficient and partial contradicory. (5) > solutions : on one hand 2 computers one HTTP server and one HTTPS, on > the other hand 2 different HTTP servers, Pi3web and one of its > competitors, on the same computer. ^^ Both variants are possible, the same things apply regarding IP addresses as above. > Regarding client's certificate, I understand your answer and I agree on > the fact that it seems complex to implement. ^^ Yes, it's basically due to the 1:n relationship between a server and its clients. As I explained, for pure confidentiality of communication channel a client certificate isn't required. > I had firstly imagined that the same mechanism as the one for web site > certificate could apply, but I was a foul. If I think a little more > about it, I can easily figure out that client's private key generation > and distribution might be generated on the client's side only, for an > abvious security reason. ^^ Both, client and server must generate private key in their environment and enroll a csr to their respective CA. (6) > Well, the next step will be a huge one for me, but I will make a try. ^^ Good luck, don't hesitate to ask me, if there are more questions. > Regards, > Raphael -- regards Holger (1) The only difficulty is to have it at the commandline as well as for a GUI controlled server or NT service, both not attached to a terminal. (2) The price you must pay are separate log files, i.e. in general more efforts regarding application management. In high-load scenarios you can take also into consideration, the an application (at least one process) has a bigger footprint than a thread of execution. On the other hand, processes run much more independent than threads. This makes the difference between, let's say the startup overhead of a CGI program compared with an ISAPI extensions as well as a crash in a CGI and a crash in an ISAPI DLL. (3) I think about improvement, but this will also make the configuration of virtual hosts more complicated (pretty similar to the general server configuration), i.e. the introduction of virtual servers, which could be administered independently. It seems to be at least a minor re-design of the whole application. (4) Due to global variables, which are required for certificate validation (the whole design of the library has been made close to Apache 1.x, i.e. no multithreading required. I hope, Apache 2 will trigger appropriate improvements). But currently there's no chance to hold multiple SSL contexts without side effects. On the other hand each virtual host would require an own certificate, with its hostname in the CN of the certificate. (5) I work on a solution based on a sketch about virtual servers having independent configuration files, which has been left by John Roy. The key functionality is remote administration, I almost completed this feature (One part is already in 2.0.1, the digest authentication, since basic authentication isn't secure enough for remote administration). (6) Exceptions are thinkable and often things are handled in another way as the theory of a PKI requires (e.g. private keys of an SSL web server hosted by an ISP or private keys on a bank card). |
|
From: <rap...@fr...> - 2002-09-29 00:29:40
|
Certificate EnrollmentHi Holger,
I thank you for your very detailed answer.
As soon as my web site's key didn't contained any passphrase, everything =
was going OK.
Another Question : Is it possible to run more than one instance of =
Pi3web on the same computer at the same time ? for exemple I would run =
one HTTP server and one HTTPS server at the same time (because as I saw =
on the GUI I have to chose if I want SSL or not, and if yes the whole =
web server becomes to be secured through HTTPS). I can imagine 2 =
solutions : on one hand 2 computers one HTTP server and one HTTPS, on =
the other hand 2 different HTTP servers, Pi3web and one of its =
competitors, on the same computer.
Regarding client's certificate, I understand your answer and I agree on =
the fact that it seems complex to implement.
I had firstly imagined that the same mechanism as the one for web site =
certificate could apply, but I was a foul. If I think a little more =
about it, I can easily figure out that client's private key generation =
and distribution might be generated on the client's side only, for an =
abvious security reason.
Well, the next step will be a huge one for me, but I will make a try.
Regards,
Raphael
----- Original Message -----=20
From: Holger Zimmermann=20
To: Rapha=EBl Pr=E9cigout=20
Cc: pi3...@li...=20
Sent: Saturday, September 28, 2002 10:38 AM
Subject: Re: [Pi3web-users] Re: Dumber than a Rock about Openssl
Rapha=EBl Pr=E9cigout wrote:
^^
Hi Rapha=EBl,
> Hi Holger,
>=20
> ** Yes, the demo key/certificate worked.
^^
OK
> ** Regarding the key/certificate generation, here are the steps I =
followed :
> 1. generate a CA certificate :
> openssl genrsa -des3 -out CA.key 1024
> openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
^^
Seems to be ok, however I use(d) the command
openssl req -config request.cnf -new -x509 -keyout cakey.pem -out =
cacert.pem -days 1095
The differences are:
- do not force 3DES key in order to encrypt the generated CA key. This =
affects only signing
operations using the CA key, so it seems to be not related to your =
issue
- use a configuration file containing some flags and defaults =
regarding key and certificate
generation (attached). Normally some Netscape extensions should be =
set in addition, in order
to determine key usage etc. correctly for a CA key of a production =
CA, e.g.
[req]
x509_extensions =3D ca_policies
[ca_policies]
basicConstraints =3D critical, CA:TRUE
keyUsage =3D cRLSign, keyCertSign
subjectKeyIdentifier =3D hash
authorityKeyIdentifier =3D keyid, issuer:always
subjectAltName =3D email:copy
issuerAltName =3D issuer:copy
> 2. generate a CSR for the Web site and sign it with the CA to get a =
certificate :
> openssl genrsa -des3 -out web.key
> openssl req -new -key web.key -out web.csr
> openssl x509 -req -days 365 -in web.csr -CA ca.crt -CAkey ca.key =
-CAcreateserial -out web.crt
^^
Seems to be ok, however I use(d) only one command in order to generate =
key and the csr
(the same differences apply as for the CA key and certificate =
generation)
openssl req -config request.cnf -newkey 1024 -keyout srvkey.pem -out =
srvcsr.pem -days 1095
For signing the CSR using the CA key/certificate I use(d) the 'ca' =
command and
a configuration file, which contains some policies regarding the csr =
etc. (attached):
openssl ca -config default.cnf -name server -in srvcsr.pem -out =
srvcrt.pem
The 'ca' command is rather to be used, if you need to handle a lot of =
certificates issued
by your CA including certificate revokation properly.
> As I understand, the root certificate was self-signed, but the web =
site's one should be signed with the root (ie the CA certificate - am I =
wrong ?)
^^
No. But basically a SSL webserver could also be operated based on a =
self signed own
certificate as a root (i.e. without any CA. This makes only sense, if =
a conversation
needs to be only confidential but not authentical)
Regarding the passphrase of the web site's key no problem, I'll =
generate a key with none and give you a feed back.
^^
Yes, try to figure this out.
> ** other parameters : SSL v2 (on), SSL v3 (on), TLS 1.0 (off), Debug =
log (on), client certification (none), depth =3D 1, cipher list =3D =
DEFAULT, MSIE bug (on), Hack (on).
^^
OK
One more question : by default the path to demo key/certificate is =
./<file>. Can we give an absolute path from root disk (eg =
C:\CA_Stuff\Private\web.key for the key and C:\CA_Stuff\Certs\web.crt =
for the Certificate)
^^
Yes.
or do we have to give a relative path from Pi3web\bin ?
^^
No. If the Pi3Web starts, the server key and certificate file have =
been found.
So this seems to be ok.
> ** I've switched on SSL Debug but when I look at the file it's =
empty. I do not see any log file for openssl in bin directory. Sorry.
^^
Mmhh, I'm sorry, my last info regarding path to the SSL debug log was =
wrong. In Pi3Web
2.0.1 I moved the SSL debug log to ./Pi3Web/Logs/SSL.txt. And it =
seems, you've found
a bug in the admin GUI in addition, since changing the SSL debug flag =
doesn't affect
the config file :-(
As a workaround enable the debug log by deletion of the comment mark =
at the begin of
the following line in file ./Pi3Web/Conf/Config.pi3:
# DebugFile "../Logs/SSL.txt"
> ** I used MS IE 5.5 SP2 and Netscape 4.77 (running on a client on =
same LAN (win ME) and on the web server itself (win 95 sr2b)
^^
OK
> ** No message, neither dialog : the browser is still openning the =
page from the web site but nothing appear on the screen, and after 5 =
minutes it finally say that the web site had some problem... try to =
reload the page
^^
Maybe this is related to the serverside private-key passphrase, i.e. =
the server startup
is incomplete and a connection will be accepted but not processed =
properly. I've to take
a closer look into this, but you should try to generate a server key =
without passphrase.
>=20
> Some more questions : I want to send certificates to users of my web =
site so that I will activate the "client certificate =
verification"=3Dmandatory with a deepth level of 2;
> Do I need to remove the passphrase from the CA key ? (I hope no)
^^
No. The CA private key is only used in order to sign other =
certificates. For certificate
verification only the public key is required, which is part of the =
certificate itself.
> What are your hints for generating Users certificates ?
^^
This is a bit tricky, at least with the M$-browsers. Some months ago, =
VeriSign and M$ kept
this as a secret and there was not much information available, how to =
to generate a client
certificate using M$IE. The difference between the 'big' browsers are =
(unfortunately I do
not know about Opera):
M$: You have to use the xenroll.dll as an Active-X control properly in =
order to generate
a client key and a certificate request.
NS: There's the KEYGEN tag in order to be used in a enrollment form. I =
attached 2 HTML
example pages.
Furthermore, it depends on the business purpose of the solution, what =
structure the
certificate tree in your PKI should have. You could use only one (your =
CA) in order to
generate both server and client certificates. You could also use 2 =
independent CA's as
well as a PKI based on a root CA, which only signs the certificates =
for the separate
server and the client CA.
The handling of certificate revokation needs also to be considered, =
since there are
Netscape extensions in the issued client certificate, which needs to =
be set accordingly,
in order to enable the browser to download a CRL (Certificate =
Revokation List) from the
CA later.
The handling of server and client certificates with openssl is pretty =
complex. It can
be simplified by wrapping the openssl commands with some scripting =
(make, shell or perl
based) as well as a CGI based web frontend for the CA.
I started to write an online CA based on openssl some months ago. The =
(platform-independant)
perl based sources of this small project are available from here:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/pi3web/DemoCA/
It has been research on openssl for me, it's pretty undocumented and I =
cannot really
support it, nevertheless feel free to re-use it, if you like.
>=20
> Thank you for your help.
>=20
> Regards,
> Rapha=EBl
>=20
>=20
--=20
regards
Holger
-------------------------------------------------------------------------=
-----
[ default ]
default_ca =3D $ENV::DEFAULT_CA # The default CA section
TOP =3D $ENV::CATOP # The top dir of all CA's
[ ServerCA ]
dir =3D $ca::TOP/ServerCA # Root of this CA
database =3D $dir/index.txt # Database index file
new_certs_dir =3D $dir/archive # Archive directory
certificate =3D $dir/cacert.pem # CA Zertifikat
serial =3D $dir/serial # Current serial no.
private_key =3D $dir/cakey.pem # Private key of the CA
policy =3D policy_server # Which policy
x509_extensions =3D x509v3_ext_server # Extensions=20
default_days =3D 365 # Validity in days
default_crl_days=3D 30 # Days until next CRL
default_md =3D md5 # Which MD to use
preserve =3D no # Keep the order of the request fields
[ policy_server ]
countryName =3D supplied
stateOrProvinceName =3D optional
organizationName =3D supplied
organizationalUnitName =3D optional
commonName =3D supplied
emailAddress =3D optional
[ x509v3_ext_server ]
nsBaseUrl =3D $ENV::BASEURL
nsCaRevocationUrl =3D $ENV::CRLURL
nsCaPolicyUrl =3D $ENV::POLICYURL
[ ClientCA ]
dir =3D $ca::TOP/ClientCA # Root of this CA
database =3D $dir/index.txt # Database index file
new_certs_dir =3D $dir/archive # Archive directory
certificate =3D $dir/cacert.pem # CA Zertifikat
serial =3D $dir/serial # Current serial no.
private_key =3D $dir/cakey.pem # Private key of the CA
policy =3D policy_client # Which policy
x509_extensions =3D x509v3_ext_client # Extensions=20
default_days =3D 365 # Validity in days=20
default_crl_days=3D 30 # Days until next CRL
default_md =3D md5 # Which MD to use
preserve =3D no # Keep the order of the request fields
[ policy_client ]
countryName =3D optional
stateOrProvinceName =3D optional
localityName =3D optional
organizationName =3D optional
organizationalUnitName =3D optional
commonName =3D supplied
emailAddress =3D optional
[ x509v3_ext_client ]
nsBaseUrl =3D $ENV::BASEURL
nsCaRevocationUrl =3D $ENV::CRLURL
nsCaPolicyUrl =3D $ENV::POLICYURL
#nsCertType =3D yes
# CA policy for certificates within an organization
[ policy_internal ]
countryName =3D match
localityName =3D match
organizationName =3D match
organizationalUnitName =3D optional
commonName =3D supplied
emailAddress =3D supplied
[ policy_anything ]
-------------------------------------------------------------------------=
-----
RANDFILE =3D $ENV::HOME/.rand
[ req ]
default_bits =3D 1024
#default_keyfile =3D privkey.pem
distinguished_name =3D req_distinguished_name
encrypt_rsa_key =3D no
[ req_distinguished_name ]
countryName =3D Country Name (2 letters)
countryName_min =3D 2
countryName_max =3D 2
countryName_default =3D DE
stateOrProvinceName =3D State or Province
stateOrProvinceName_default =3D Sachsen
localityName =3D City Name
localityName_default =3D Wendishain
organizationName =3D Organization Name (eg, Company)
organizationName_default =3D Pi3.org
organizationalUnitName =3D Organizational Unit Name (eg, Section)
organizationalUnitName_default =3D Certificate Authority
commonName =3D Common Name
commonName_max =3D 64
commonName_default =3D www.pi3.org
emailAddress =3D Mail Address
emailAddress_max =3D 64
emailAddress_default =3D ce...@pi...
-------------------------------------------------------------------------=
-----
Certificate Enrollment
-------------------------------------------------------------------------=
-----
Country (C) =20
State or Province (SP) =20
Location (L) =20
Organization (O) =20
Organizational unit (OU) =20
Common name (CN) =20
e-Mail Address (Email) =20
=20
=20
=20
-------------------------------------------------------------------------=
-----
This form is intended to use with Netscape Navigator 3.0 or greater.
-------------------------------------------------------------------------=
-----
Certificate Enrollment
-------------------------------------------------------------------------=
-----
Country (C) =20
State or Province (SP) =20
Location (L) =20
Organization (O) =20
Organizational unit (OU) =20
Common name (CN) =20
e-Mail address (Email) =20
=20
=20
=20
-------------------------------------------------------------------------=
-----
This form is intended to use with Microsoft Internet Explorer 4.0 or =
greater.=20
|
|
From: <zi...@t-...> - 2002-09-28 08:41:05
|
Raphaël Précigout wrote: ^^ Hi Raphaël, > Hi Holger, > > ** Yes, the demo key/certificate worked. ^^ OK > ** Regarding the key/certificate generation, here are the steps I followed : > 1. generate a CA certificate : > openssl genrsa -des3 -out CA.key 1024 > openssl req -new -key CA.key -x509 -days 1095 -out CA.crt ^^ Seems to be ok, however I use(d) the command openssl req -config request.cnf -new -x509 -keyout cakey.pem -out cacert.pem -days 1095 The differences are: - do not force 3DES key in order to encrypt the generated CA key. This affects only signing operations using the CA key, so it seems to be not related to your issue - use a configuration file containing some flags and defaults regarding key and certificate generation (attached). Normally some Netscape extensions should be set in addition, in order to determine key usage etc. correctly for a CA key of a production CA, e.g. [req] x509_extensions = ca_policies [ca_policies] basicConstraints = critical, CA:TRUE keyUsage = cRLSign, keyCertSign subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always subjectAltName = email:copy issuerAltName = issuer:copy > 2. generate a CSR for the Web site and sign it with the CA to get a certificate : > openssl genrsa -des3 -out web.key > openssl req -new -key web.key -out web.csr > openssl x509 -req -days 365 -in web.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out web.crt ^^ Seems to be ok, however I use(d) only one command in order to generate key and the csr (the same differences apply as for the CA key and certificate generation) openssl req -config request.cnf -newkey 1024 -keyout srvkey.pem -out srvcsr.pem -days 1095 For signing the CSR using the CA key/certificate I use(d) the 'ca' command and a configuration file, which contains some policies regarding the csr etc. (attached): openssl ca -config default.cnf -name server -in srvcsr.pem -out srvcrt.pem The 'ca' command is rather to be used, if you need to handle a lot of certificates issued by your CA including certificate revokation properly. > As I understand, the root certificate was self-signed, but the web site's one should be signed with the root (ie the CA certificate - am I wrong ?) ^^ No. But basically a SSL webserver could also be operated based on a self signed own certificate as a root (i.e. without any CA. This makes only sense, if a conversation needs to be only confidential but not authentical) Regarding the passphrase of the web site's key no problem, I'll generate a key with none and give you a feed back. ^^ Yes, try to figure this out. > ** other parameters : SSL v2 (on), SSL v3 (on), TLS 1.0 (off), Debug log (on), client certification (none), depth = 1, cipher list = DEFAULT, MSIE bug (on), Hack (on). ^^ OK One more question : by default the path to demo key/certificate is ./<file>. Can we give an absolute path from root disk (eg C:\CA_Stuff\Private\web.key for the key and C:\CA_Stuff\Certs\web.crt for the Certificate) ^^ Yes. or do we have to give a relative path from Pi3web\bin ? ^^ No. If the Pi3Web starts, the server key and certificate file have been found. So this seems to be ok. > ** I've switched on SSL Debug but when I look at the file it's empty. I do not see any log file for openssl in bin directory. Sorry. ^^ Mmhh, I'm sorry, my last info regarding path to the SSL debug log was wrong. In Pi3Web 2.0.1 I moved the SSL debug log to ./Pi3Web/Logs/SSL.txt. And it seems, you've found a bug in the admin GUI in addition, since changing the SSL debug flag doesn't affect the config file :-( As a workaround enable the debug log by deletion of the comment mark at the begin of the following line in file ./Pi3Web/Conf/Config.pi3: # DebugFile "../Logs/SSL.txt" > ** I used MS IE 5.5 SP2 and Netscape 4.77 (running on a client on same LAN (win ME) and on the web server itself (win 95 sr2b) ^^ OK > ** No message, neither dialog : the browser is still openning the page from the web site but nothing appear on the screen, and after 5 minutes it finally say that the web site had some problem... try to reload the page ^^ Maybe this is related to the serverside private-key passphrase, i.e. the server startup is incomplete and a connection will be accepted but not processed properly. I've to take a closer look into this, but you should try to generate a server key without passphrase. > > Some more questions : I want to send certificates to users of my web site so that I will activate the "client certificate verification"=mandatory with a deepth level of 2; > Do I need to remove the passphrase from the CA key ? (I hope no) ^^ No. The CA private key is only used in order to sign other certificates. For certificate verification only the public key is required, which is part of the certificate itself. > What are your hints for generating Users certificates ? ^^ This is a bit tricky, at least with the M$-browsers. Some months ago, VeriSign and M$ kept this as a secret and there was not much information available, how to to generate a client certificate using M$IE. The difference between the 'big' browsers are (unfortunately I do not know about Opera): M$: You have to use the xenroll.dll as an Active-X control properly in order to generate a client key and a certificate request. NS: There's the KEYGEN tag in order to be used in a enrollment form. I attached 2 HTML example pages. Furthermore, it depends on the business purpose of the solution, what structure the certificate tree in your PKI should have. You could use only one (your CA) in order to generate both server and client certificates. You could also use 2 independent CA's as well as a PKI based on a root CA, which only signs the certificates for the separate server and the client CA. The handling of certificate revokation needs also to be considered, since there are Netscape extensions in the issued client certificate, which needs to be set accordingly, in order to enable the browser to download a CRL (Certificate Revokation List) from the CA later. The handling of server and client certificates with openssl is pretty complex. It can be simplified by wrapping the openssl commands with some scripting (make, shell or perl based) as well as a CGI based web frontend for the CA. I started to write an online CA based on openssl some months ago. The (platform-independant) perl based sources of this small project are available from here: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/pi3web/DemoCA/ It has been research on openssl for me, it's pretty undocumented and I cannot really support it, nevertheless feel free to re-use it, if you like. > > Thank you for your help. > > Regards, > Raphaël > > -- regards Holger |
|
From: <rap...@fr...> - 2002-09-27 23:46:39
|
Hi Holger, ** Yes, the demo key/certificate worked. ** Regarding the key/certificate generation, here are the steps I = followed : 1. generate a CA certificate : openssl genrsa -des3 -out CA.key 1024 openssl req -new -key CA.key -x509 -days 1095 -out CA.crt 2. generate a CSR for the Web site and sign it with the CA to get a = certificate : openssl genrsa -des3 -out web.key openssl req -new -key web.key -out web.csr openssl x509 -req -days 365 -in web.csr -CA ca.crt -CAkey ca.key = -CAcreateserial -out web.crt As I understand, the root certificate was self-signed, but the web = site's one should be signed with the root (ie the CA certificate - am I = wrong ?) Regarding the passphrase of the web site's key no problem, I'll = generate a key with none and give you a feed back. ** other parameters : SSL v2 (on), SSL v3 (on), TLS 1.0 (off), Debug log = (on), client certification (none), depth =3D 1, cipher list =3D DEFAULT, = MSIE bug (on), Hack (on). One more question : by default the path to = demo key/certificate is ./<file>. Can we give an absolute path from root = disk (eg C:\CA_Stuff\Private\web.key for the key and = C:\CA_Stuff\Certs\web.crt for the Certificate) or do we have to give a = relative path from Pi3web\bin ? ** I've switched on SSL Debug but when I look at the file it's empty. I = do not see any log file for openssl in bin directory. Sorry. ** I used MS IE 5.5 SP2 and Netscape 4.77 (running on a client on same = LAN (win ME) and on the web server itself (win 95 sr2b) ** No message, neither dialog : the browser is still openning the page = from the web site but nothing appear on the screen, and after 5 minutes = it finally say that the web site had some problem... try to reload the = page Some more questions : I want to send certificates to users of my web = site so that I will activate the "client certificate = verification"=3Dmandatory with a deepth level of 2; Do I need to remove the passphrase from the CA key ? (I hope no) What are your hints for generating Users certificates ? Thank you for your help. Regards, Rapha=EBl ----- Original Message -----=20 From: "Holger Zimmermann" <zi...@t-...> To: "Rapha=EBl Pr=E9cigout" <rap...@fr...> Cc: <pi3...@li...> Sent: Friday, September 27, 2002 6:43 AM Subject: Re: [Pi3web-users] Re: Dumber than a Rock about Openssl > Hi Raphael, >=20 > I've a couple of questions to figure out, what needs to be done > in order to solve your issue: > - Did the demo key/certificate work? > - What parameters for private key/certificate generation did you use? > (e.g. the root certificate of the server certificate tree must be > self-signed, the private key file must not be secured by a pass phrase > due to non-interactive startup of the server service) > - What other settings are you using (Cipher list SSLv2/3/TLSv1.0 = etc.)? > - Did you switch on SSL debug for testing? > - Could you provide me a debug log of openssl (in ./Pi3Web/bin/)? > - What browser (vendor/version) did you use? > - Were any error msgs. or dialogs shown, when you tried to connect > the server via https with the browser? > --=20 > regards > Holger >=20 > TMTOWTDI - There's More Than One Way To Do It - Perl motto > ---------------------------------------------------------- > Holger 'zimpel' Zimmermann > ---------------------------------------------------------- > Wendishain > Germany > ---------------------------------------------------------- > http://home.t-online.de/home/zimpel/ > http://pi3web.sourceforge.net/ >=20 > mailto:zi...@t-... > ---------------------------------------------------------- >=20 >=20 > Rapha=EBl Pr=E9cigout wrote: >=20 > > Another documentation web page could be found here : = http://tirian.magd.ox.ac.uk/~nick/openssl-certs/index.shtml > >=20 > > I've some difficulties to make Pi3web working with my own = certificates : I've set my own CA and then issued a certificate for my = web server, but after replacing files (certificate and key) in the admin = gui i can't view any page through https. > >=20 > > A how to on the topic would be great Idea. > >=20 > > Thanks in advance > >=20 > > Rapha=EBl > >=20 > >=20 > >=20 > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Pi3web-users mailing list > > Pi3...@li... > > https://lists.sourceforge.net/lists/listinfo/pi3web-users > >=20 > >=20 >=20 >=20 >=20 >=20 > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Pi3web-users mailing list > Pi3...@li... > https://lists.sourceforge.net/lists/listinfo/pi3web-users > |
|
From: <zi...@t-...> - 2002-09-27 04:45:34
|
Hi Raphael, I've a couple of questions to figure out, what needs to be done in order to solve your issue: - Did the demo key/certificate work? - What parameters for private key/certificate generation did you use? (e.g. the root certificate of the server certificate tree must be self-signed, the private key file must not be secured by a pass phrase due to non-interactive startup of the server service) - What other settings are you using (Cipher list SSLv2/3/TLSv1.0 etc.)? - Did you switch on SSL debug for testing? - Could you provide me a debug log of openssl (in ./Pi3Web/bin/)? - What browser (vendor/version) did you use? - Were any error msgs. or dialogs shown, when you tried to connect the server via https with the browser? -- regards Holger TMTOWTDI - There's More Than One Way To Do It - Perl motto ---------------------------------------------------------- Holger 'zimpel' Zimmermann ---------------------------------------------------------- Wendishain Germany ---------------------------------------------------------- http://home.t-online.de/home/zimpel/ http://pi3web.sourceforge.net/ mailto:zi...@t-... ---------------------------------------------------------- Raphaël Précigout wrote: > Another documentation web page could be found here : http://tirian.magd.ox.ac.uk/~nick/openssl-certs/index.shtml > > I've some difficulties to make Pi3web working with my own certificates : I've set my own CA and then issued a certificate for my web server, but after replacing files (certificate and key) in the admin gui i can't view any page through https. > > A how to on the topic would be great Idea. > > Thanks in advance > > Raphaël > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Pi3web-users mailing list > Pi3...@li... > https://lists.sourceforge.net/lists/listinfo/pi3web-users > > |
|
From: <rap...@fr...> - 2002-09-27 01:03:37
|
Another documentation web page could be found here : = http://tirian.magd.ox.ac.uk/~nick/openssl-certs/index.shtml I've some difficulties to make Pi3web working with my own certificates : = I've set my own CA and then issued a certificate for my web server, but = after replacing files (certificate and key) in the admin gui i can't = view any page through https. A how to on the topic would be great Idea. Thanks in advance Rapha=EBl |
|
From: <zi...@t-...> - 2002-09-25 04:50:05
|
Hi Daryl, a good idea, I added this as a feature request to the related tracker at sourceforge. -- regards Holger TMTOWTDI - There's More Than One Way To Do It - Perl motto ---------------------------------------------------------- Holger 'zimpel' Zimmermann ---------------------------------------------------------- Wendishain Germany ---------------------------------------------------------- http://home.t-online.de/home/zimpel/ http://pi3web.sourceforge.net/ mailto:zi...@t-... ---------------------------------------------------------- P.S.: Meanwhile you could use the stuff available for Apache (documentation of mod_ssl), but you should be able to map the described configuration options for Apache to Pi3Web (should be easy, since both are based on openssl). I know, the documentation at openssl is rare (http://www.openssl.org/docs/HOWTO/certificates.txt) Sorry, if it'll take a while until Pi3Web comes out with better ssl related docs, but I'm only one, whereas the Apache group seems to be really a GROUP of people ;-) If you are able to read German language, there's a very detailed description of the usage of openssl (including generation of web server and client certs.) available from here: http://www.dfn-pca.de/certify/ssl/handbuch/ossl092/ (I don't know other related sites from http://www.openssl.org/related/ but don't hesitate to try them out). dh...@i7... wrote: > I have version 2.01 installed and setup to use SSL. It logs on fine > using the temp one that came with the unit. But I have no idea how to > install an openssl one. > > > > How about a training lesson. Title it, "Openssl for Raving Idiots". > > > > Step by step on obtaining the correct files, the setup and installation > of all the software including the gcc and openssl. It just runs me in > circles over and over. > > > > Thanks for your assistance. > > > > Daryl > |
|
From: <dh...@i7...> - 2002-09-24 23:26:23
|
I have version 2.01 installed and setup to use SSL. It logs on fine = using the temp one that came with the unit. But I have no idea how to = install an openssl one. How about a training lesson. Title it, "Openssl for Raving Idiots". Step by step on obtaining the correct files, the setup and installation = of all the software including the gcc and openssl. It just runs me in = circles over and over. Thanks for your assistance. Daryl |
|
From: <zi...@t-...> - 2002-09-17 05:09:50
|
Hi,
yes, I think this is possible. A starting point is the Pi3XSLT
server extension, where XML input (either from file located at
server - GET requests, or from browser input - POST requests
are processed based on an XSL stylesheet.
The final solution could be similar to the Pi3XSLT handler, some
extensions of the functionality and architecture are necessary:
- the input parser should be extended to a real SOAP protocol parser
- checking SOAP HTTP headers
- taking XML directly from HTTP request
- the backend (where currently the XSLT processor is working)
should be made more flexible (e.g., to plug in additional logic
to call a database or so), i.e. the architecture should be
separated into 3 parts:
- XML input validation
- processing (flexible, replacable)
- XML output generation
...
To get some feeling for the work to be done, you may have a look at
the XSLT logic handler (XSLT.cpp):
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/pi3web/Pi3Web_200/Source/XSLT/
BTW.: The trick with POST requests is, I convert the www-formencoded
or text/plain input from the client/browser into XML data accordingly
to this simple, generic DTD:
<!DOCTYPE form [
<!ELEMENT form (field+)>
<!ELEMENT field #PCDATA>
<!ATTLIST field name NMTOKEN #REQUIRED>
]
>
What do you think? Don't hesitate to ask questions, e.g. about the details
of a Pi3 logic handler.
--
regards
Holger
TMTOWTDI - There's More Than One Way To Do It - Perl motto
----------------------------------------------------------
Holger 'zimpel' Zimmermann
----------------------------------------------------------
Wendishain
Germany
----------------------------------------------------------
http://home.t-online.de/home/zimpel/
http://pi3web.sourceforge.net/
mailto:zi...@t-...
----------------------------------------------------------
Howie Hamlin wrote:
> Is it possible to use Pi3Web as a kind of .NET server? What I mean is, I would like to have a server that would read an
> input request (POSTED XML data) and be able to parse the incoming XML, run some process and then return the results in
> XML format. If this is something I need to code into the server then that's OK but if it's something I can do in
> another way then maybe that would be better. Here is the basic idea:
>
> 1 - Client requests a web service from the server
> 2 - Server calls an external C library to do some work based on the input XML
> 3 - Server sends back reply to client in XML
>
> The external C library is a commercial application and I am under NDA so I can't say what it is except that I have an
> API spec to the external library and I would like to invoke the API from the server.
>
> Thanks,
>
> Howie
>
>
>
>
> -------------------------------------------------------
> Sponsored by: AMD - Your access to the experts on Hammer Technology!
> Open Source & Linux Developers, register now for the AMD Developer
> Symposium. Code: EX8664 http://www.developwithamd.com/developerlab
> _______________________________________________
> Pi3web-users mailing list
> Pi3...@li...
> https://lists.sourceforge.net/lists/listinfo/pi3web-users
|
|
From: Howie H. <ho...@ho...> - 2002-09-17 00:41:53
|
Is it possible to use Pi3Web as a kind of .NET server? What I mean is, I would like to have a server that would read an input request (POSTED XML data) and be able to parse the incoming XML, run some process and then return the results in XML format. If this is something I need to code into the server then that's OK but if it's something I can do in another way then maybe that would be better. Here is the basic idea: 1 - Client requests a web service from the server 2 - Server calls an external C library to do some work based on the input XML 3 - Server sends back reply to client in XML The external C library is a commercial application and I am under NDA so I can't say what it is except that I have an API spec to the external library and I would like to invoke the API from the server. Thanks, Howie |
|
From: <ca...@ta...> - 2002-09-10 22:29:39
|
Hi, I installed the Pi3Web server on a computer running Windows ME with a direct connection to the Internet through a cable modem. Other computers on my home network are connected to a hub that is also connected to the main Windows ME machine using another network card. I can access my web site using the local machine and all computers on my home network. However, I cannot access the web server from outside my network. I can even access my domain, suncoastsoftware.net, on my local machines and the request is routed properly. I have tried setting up IP/Non-IP virtual hosts and still cannot access my web site. Can anyone help? Thank you, Casey |
|
From: <zi...@t-...> - 2002-07-18 04:47:22
|
Hi Santiago, this is a known bug in the 2.0 setup, which is already fixed in the development version, but not yet released. This error 159 happens, if you try to install the Pi3Web as an NT service on W2K or XP. A simple workaround is, to invoke the script Pi3Web/bin/install.bat instead, in order to complete the installation of the service. -- regards Holger TMTOWTDI - There's More Than One Way To Do It - Perl motto ---------------------------------------------------------- Holger 'zimpel' Zimmermann ---------------------------------------------------------- Wendishain Germany ---------------------------------------------------------- http://home.t-online.de/home/zimpel/ http://pi3web.sourceforge.net/ mailto:zi...@t-... ---------------------------------------------------------- Santiago Cardoso Geller wrote: > Hi: > I'm trying to install Pi32Web 2.0 on a Windows 2000 Server, but after > the "Finish Installation" window, I obtain the following error: > > "An error occurred configuring the server. Please run uninstall, > check for free space and try again. Internal error code (159)." > > I have 2.3 GB of free space on the disk. I tried as desktop > application and as a Service installation. I have changed the target > disk too. But I always obtain the same error. > > Thanks, > Santiago > > > Buenos Aires - Argentina > ICQ# 21979614 > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Pi3web-users mailing list > Pi3...@li... > https://lists.sourceforge.net/lists/listinfo/pi3web-users > > |
|
From: Santiago C. G. <ca...@fl...> - 2002-07-18 04:23:22
|
Hi: I'm trying to install Pi32Web 2.0 on a Windows 2000 Server, but= after the "Finish Installation" window, I obtain the following error: "An error occurred configuring the server. Please run uninstall,= check for free space and try again. Internal error code (159)." I have 2.3 GB of free space on the disk. I tried as desktop application and as a Service installation. I have changed the= target disk too. But I always obtain the same error. Thanks, Santiago Buenos Aires - Argentina ICQ# 21979614 |
|
From: <zi...@t-...> - 2002-06-13 16:26:46
|
Hi Nathan, don't know, if this is really a virtual hosting issue. To figure it out, you could try to add the following code to Pi3Web/Fragment/404.ssi: <P>The virtual host is:<BR> <B><CODE><!--#Pi3ext expr="$v"--></CODE></B> This prints the name of the virtual host, to which the request was mapped at the error page. For your configuration I would expect 'mypages.servepics.com'. A couple of other configuration issues (case sensitive path- and file names, correct path delimiter) may cause a 404 error. To figure out this, you could switch on the debug log by activating the following line in your configuration file, normally Pi3Web/Conf/Config.pi3: # DebugLogFile "Logs/debug.txt" ^^ Remove the comment and restart the server. After you got the 404 error, you could look into the Pi3Web/Logs/debug.txt to isolate the error reason. Don't hestitate to send me this debug log file and additional the Config.pi3 if there's some uncertainty. -- regards Holger TMTOWTDI - There's More Than One Way To Do It - Perl motto ---------------------------------------------------------- Holger 'zimpel' Zimmermann ---------------------------------------------------------- Wendishain Germany ---------------------------------------------------------- http://home.t-online.de/home/zimpel/ http://pi3web.sourceforge.net/ mailto:zi...@t-... ---------------------------------------------------------- > Nathan Brown schrieb: > > I've set up 2 hosts for one ip address, the first being zybron.myftp.org and the second mypages.servepics.com, each of > which point to my ip address 68.53.231.64 on DNS. The first works perfectly, pointing to the directory where it > should, while the second, though pointing to the directory where I assigned it, does not load the page properly. I > can look at the index file on my machine locally and my browser reads the file, but when attempting to access the page > online, I only receive the 404 page, even though it says it's pointing to the correct local directory on the 404 page. > > Any help would be appreciated. > > ___________ > Nathan Brown > zy...@bi... > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.370 / Virus Database: 205 - Release Date: 6/6/02 |
|
From: <zi...@t-...> - 2002-06-13 16:08:56
|
Hi Simon, Simon Moses schrieb: > > Howdy out there, > > Can anyone yeild any insight on whether this a production quality web > server? ^^ What is your requirement for 'production' - internet hosting, intranet, personal or web development? Pi3Web is open source software provided under BSD license. So you should try to figure out this on your own or ask more detailed. If some features are missing, make a proposal at sourceforge. I will consider it for development, if reasonable and feasible. > > I have been trying to get the web server build for a Linux platform (I know > there is an executable, but I need to do the build) and have hit a couple of > problems. Firstly there have been problems in the build scripts. The sed > command in 2Unix is incorrect. Also, there are linker errors in objects (eg ^^ The 2unix issue can be ignored during build (by simply pressing Ctrl-C and subsequent invocation of 'make'). This is fixed in the current (CVS) source code, also available at sourceforge: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/pi3web/Pi3Web_200/Source/Scripts/ Consider the cvs log entry to get the correct files. > APISyms.o) ^^ The link-issue is caused when you rebuild the makefiles without doing 'make clean' before. > > I don't really have time to debug an incomplete application. Is this ^^ This isn't necessary because the application isn't incomplete. At least be carefully with such statements before trying to get an answer to your questions (some 'netiquette', please). Due to the multiple supported platforms and the required 3rd party software, the build of the sources is not such a straightforward thing. At least openssl 0.96b and php 4.0x is required (including the required php extensions), optional jsdk1.31, ActivePerl, libxml, libxslt may be required to build the servlet engine, Pi3Perl etc. > application in this category? Has anyone else managed to get it built and > use it successfully? ^^ Yes, at least I built it on Linux and Solaris 8 recently. Regarding usage in the 'real' live: http://www.netcraft.com/Survey/Reports/0205/byserver/Pi3Web/com.html Some of the sites run 1.03, some 2.0 most probably the majority uses Windows NT. Furthermore Pi3Web has been asked for packaging with several web development toolkits. > > Cheers, > Simon. > > _______________________________________________________________ > > Sponsored by: > ThinkGeek at http://www.ThinkGeek.com/ > _______________________________________________ > Pi3web-users mailing list > Pi3...@li... > https://lists.sourceforge.net/lists/listinfo/pi3web-users Some closing words: I did the whole development on my own for more than two years including requirements, design, implementation, testing, documentation, bugfixing, support, maintenance of the web site. So I really don't have enough time to keep everything in an ideal state and any support is very appreciated. And many thanks to my family for their patience, which made it possible for me to work on this piece of software. -- regards Holger TMTOWTDI - There's More Than One Way To Do It - Perl motto ---------------------------------------------------------- Holger 'zimpel' Zimmermann ---------------------------------------------------------- Wendishain Germany ---------------------------------------------------------- http://home.t-online.de/home/zimpel/ http://pi3web.sourceforge.net/ mailto:zi...@t-... ---------------------------------------------------------- |
|
From: Simon M. <mo...@ta...> - 2002-06-13 04:20:44
|
Howdy out there, Can anyone yeild any insight on whether this a production quality web server? I have been trying to get the web server build for a Linux platform (I know there is an executable, but I need to do the build) and have hit a couple of problems. Firstly there have been problems in the build scripts. The sed command in 2Unix is incorrect. Also, there are linker errors in objects (eg APISyms.o) I don't really have time to debug an incomplete application. Is this application in this category? Has anyone else managed to get it built and use it successfully? Cheers, Simon. |
|
From: Nathan B. <zy...@bi...> - 2002-06-11 04:46:24
|
I've set up 2 hosts for one ip address, the first being zybron.myftp.org and the second mypages.servepics.com, each of which point to my ip address 68.53.231.64 on DNS. The first works perfectly, pointing to the directory where it should, while the second, though pointing to the directory where I assigned it, does not load the page properly. I can look at the index file on my machine locally and my browser reads the file, but when attempting to access the page online, I only receive the 404 page, even though it says it's pointing to the correct local directory on the 404 page. Any help would be appreciated. ___________ Nathan Brown zy...@bi... --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.370 / Virus Database: 205 - Release Date: 6/6/02 |
56 messages has been excluded from this view by a project administrator.
