Re: apache + libapache-mod-ssl vs. apache-ssl?
J B Bell said:
> Hello all,
>
> I'm unclear on the intention of the apache-ssl package. It doesn't
> provide a daemon with the ssl library compiled in, yet it uses a
> different (apparently) DSO from the one obtainable as a separate
> package.
>
> Currently I'm using the plain vanilla apache pkg and would like to add
> SSL. Unfortunately, after doing the dance as written in
> /usr/share/doc scripture, while the ssl_engine_log and error.log give
> every indication that SSL is up and running, connections to port 443
> are rejected, and netstat -l reveals no listening on port 443 at all.
> I think this eliminates my firewall (shorewall, fwiw) as a culprit,
> which has a hole for port 443 anyway.
>
> Am I doing something heinously wrong by even adding libapache-mod-ssl
> to the plain vanilla apache package? Is there some canonical
> Debianish way of handling SSL that I'm missing? All replies, even
> surly demands to read appropriate docs (if a pointer is included) are
> greatly appreciated.
>
> --JB
They are two different things - apache-ssl and apache+mod_ssl.
If you refer to the Apache-SSL web site, there is a polite note to this
effect:
There appears to be some confusion regarding Apache-SSL and
mod_ssl. To set the record straight: mod_ssl is not a replacement
for Apache-SSL - it is an alternative, in the same way that Apache
is an alternative to Netscape/Microsoft servers, or Linux is an
alternative to FreeBSD. It is a matter of personal choice as to
which you run. mod_ssl is what is known as a 'split' - i.e. it was
originally derived from Apache-SSL, but has been extensively
redeveloped so the code now bears little relation to the original.
Apache-SSL continues to be developed and maintained, our main focus
being on reliability, security and performance, rather than
features and bells and whistles. I hope this makes things clear.
(Adam Laurie).
I'm not entirely clear on what you've got installed. For apache and
mod_ssl you should refer to the information in the libapache-mod-ssl-doc
package; for apache-ssl you've got /usr/share/doc/apache-ssl/* ...
Andrew.
--
Andrew Shugg <andrew@neep.com.au> http://www.neep.com.au/
"Just remember, Mr Fawlty, there's always someone worse off than yourself."
"Is there? Well I'd like to meet him. I could do with a good laugh."
Reply to: