当前位置: 首页 > OpenSource > 正文

use mod_gnutls replace mod_ssl in apache VirtualHost

Mar112009
作者:u2   发布:2009-03-11 00:09   分类:OpenSource     use mod_gnutls replace mod_ssl in apache VirtualHost已关闭评论  

use mod_gnutls replace mod_ssl in apache
mod_gnutls一个替换apache mod_ssl的模块。

mod_gnutls uses the GnuTLS library to provide SSL 3.0, TLS 1.0 and TLS 1.1 encryption for Apache HTTPD.
It is similar to mod_ssl in purpose, but does not use OpenSSL.
作者很有意思,写了为啥自己要写mod_gnutls模块,据说是厌倦了mod_ssl的bug,汗!
—————————————-
This module started back in September of 2004 because I was tired of trying to
fix bugs in mod_ssl.  mod_ssl is a giant beast of a module — no offense to it’s
authors is intended — but I believe it has fallen prey to massive feature bloat.

When I started hacking on httpd, mod_ssl remained a great mystery to me, and
when I actually looked at it, I ran away.  The shear ammount code is huge, and it
does not conform to the style guidelines.  It was painful to read, and even harder
to debug.  I wanted to understand how it worked, and I had recently heard about
GnuTLS, so long story short, I decided to implement a mod_gnutls.
—————————————-

mod_gnutls代码很简洁,代码行数与mod_ssl相比如下:
Lines of code in mod_gnutls: 3,593
Lines of code in mod_ssl: 15,324
系统安装需求
GnuTLS    >=    2.4.0
Apache HTTPd    >=    2.0.42
APR Memcache Client >=    0.7.0 (Optional)

如下是安装过程,因为需要libgcrypt、gnutls等的支持,所以需要先安装其他关联模块:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/
wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.4.tar.gz
./configure && make && make install

http://www.gnu.org/software/gnutls/download.html
wget http://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.2.4.tar.bz2
./configure && make && make install

./configure –with-apxs=/home/webadm/bin/apxs –with-libgnutls=/usr/local/gnutils LDFLAGS=’-L/usr/lib64′
make && make install

64位的configure是需要加上LDFLAGS=’-L/usr/lib64′
文档:
http://www.outoforder.cc/projects/apache/mod_gnutls/docs/

基本配置,使用同一ip、同一端口配置多个虚拟主机:
# Load the module into Apache.
LoadModule gnutls_module modules/mod_gnutls.so

Listen 10.10.10.10:443
NameVirtualHost 10.10.10.10:443

<VirtualHost 10.10.10.10:443>
    GnuTLSEnable on
    GnuTLSPriorities NORMAL:!DHE-RSA:!DHE-DSS:!AES-256-CBC:%COMPAT
    DocumentRoot /home/apache2/htdocs/myhost
    ServerName myhost.com:443
    GnuTLSCertificateFile /home/apache2/conf/ssl/myhost.com.cer
    GnuTLSKeyFile /home/apache2/conf/ssl/myhost.com.key
</VirtualHost>

<VirtualHost 10.10.10.10:443>
    GnuTLSEnable on
    GnuTLSDHFile /etc/apache2/dh.params
    GnuTLSPriorities NORMAL:!AES-256-CBC:%COMPAT
    DocumentRoot /home/apache2/htdocs/2hei
    ServerName 2hei.net:443
    GnuTLSCertificateFile /home/apache2/conf/ssl/2hei.net.cer
    GnuTLSKeyFile /home/apache2/conf/ssl/2hei.net.key
</VirtualHost>

在具体使用中,我用mod_gnutls替换掉mod_ssl后,启动apache
遇到了这样的一个问题:
GnuTLS: Failed to Import Certificate (-34) Base64 decoding error.
说我的证书编码有问题,关于这个问题好像网上关联的比较少,还没人做出明确的回答,给作者发了邮件,希望能给我回复,呵呵。

本文固定链接: https://www.2hei.net/2009/03/11/use_mod_gnutls_replace_mod_ssl/ | 2hei.net

该日志由 u2 于2009年03月11日发表在 OpenSource 分类下,
原创文章转载请注明: use mod_gnutls replace mod_ssl in apache VirtualHost | 2hei.net
【上一篇】
【下一篇】

您可能还会对这些文章感兴趣!

报歉!评论已关闭.