[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

An initial attempt to help with SSL-related bugs

  As promised on IRC earlier today I'm interested in tidying up
 some of the SSL-related bugs currently reported against the
 Apache2 package(s) in Debian.

  Here's a brief list of bugs, and my suggestion for handling

#267477  ssl: some easy way to set up an ssl server
         (as apache-ssl package in apache 1)

   - Suggestion:
     1. Update the sites-available/default to include SSL options.
     2. Update "a2enmod" so that if "a2enmod ssl" is executed then
        a new certificate is generated via openssl | ssl-cert if 
        the referenced one isn't already present.

#290458  mod_ssl preventing apache2 from starting (segfault)

   - Suggestion:  Close.  Very old.  Not confirmed.

#350733 apache2: SSI generate seg fault on apache 2.0.55-4

   - Suggestion: Close.  Very old.  Not confirmed.

#301155 ssl.conf won't run

   - [Refers to an example file we no longer ship.  Close bug if
      we can handle #267477]

#395936: Apache2 SSL service stopped working since upgrade to 2.2.3-2

   - Close.  Warning was added per bug log.

#398520 missing /usr/sbin/apache2-ssl-certificate

   - Reinstate script, as a wrapper around openssl, or the new
     ssl-cert package.
     Question:  Why was this removed?  Can we not re-add it?

#421802 apache2: ssl.conf dropped IE workarounds

   - Reinstate options in the default file we ship as per
      #2567477 - then close this bug.

#260063 apache2: suggestion to add new file - conf.d/security.conf

   - I would add this file with the suggested comments.  I'd also suggest
     adding comments here about things such as:
       1. ServerTokens Minimal
       2. ServerSignature Off

     (If this were done  #341022 could be closed.)

  I think those are the ones that jumped out at me on an initial
 pass over the bugs of package 'apache2', I'm sure there are probably
 more relevant ones in the other Apache packages; so I'll look at
 those shortly, if this mail results in a positive response.

  I guess my questions now are:

    1.  Are these suggested solutions reasonable?

    2.  If so should I submit patches to the list / the relevant
       bugs / do something else?

Managed Anti-Spam Service

Reply to: