APACHE SECURED BY SSLApache-SSLTeam A.L. Digital & Apache-SSLFeburary 5, 2000 Á¶´ëÇö, cool@hansaram.sarang.net v0.3 2000³â 2¿ù 20ÀÏÀÌ ¹®¼´Â https://www.apache-ssl.org/ ÀÇ ³»¿ëÀ» ¹ø¿ª(?) ÇÑ °ÍÀÔ´Ï´Ù. 1. Main Features
2. Apache-SSLÀ̶õ?Apache-SSLÀº Apache¿Í SSLeay/ OpenSSLÀ» ±â¹ÝÀ¸·Î ÇÏ´Â º¸¾È À¥¼¹öÀÌ´Ù. ÀÌ°ÍÀº BSD Çü½ÄÀÇ license¿¡ ±â¹ÝÇÑ´Ù. °£´ÜÈ÷ copyright notices¸¸ À¯ÁöÇÑ´Ù¸é »ó¾÷ÀûÀÌµç ºñ »ó¾÷ÀûÀÌµç °øÂ¥·Î ¾µ¼ö ÀÖ´Ü ¸»ÀÌ´Ù(´ÜÁö ¼¹ö¸¦ µ¹¸®±â Àü¿¡ SSLeay Is this legal? FAQ´Â ÀÐ¾î º¸±æ ±ÇÇÑ´Ù). This is the same license as used by Apache from version 0.8.15 3. ´Ù¿î·ÎµåÇöÀç ¸±¸®Áî: ´ç½ÅÀº ¶ÇÇÑ Apache-SSL ¼Ò½º ÆÐÄ¡´Â ´ÙÀ½ UK ¸¶½ºÅÍ ¹èÆ÷ »çÀÌÆ®¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù: ´Ù¸¥ FTP ¹Ì·¯ »çÀÌÆ®µé:
¶Ç´Â HTTP ¹Ì·¯ »çÀÌÆ®µé:
O/S specific ¹öÀüµé:
4. ÇÊ¿äÇÑ °ÍÀº?ÇÊ¿äÇÑ °ÍµéÀº ¾ÆÆÄÄ¡(1.2.0+ °ú 1.3.0+ ¹öÀü¿¡¼ °¡´É)¿ë ÆÐÄ¡¿Í ¸î°³ÀÇ Æ¯º°ÇÑ ¼Ò½º ÆÄÀÏ, ¾ÆÁÖ Á¶±ÝÀÇ README¿Í ¼³Á¤ ¿¹Á¦ ÆÄÀϵéÀÌ´Ù. ÆÐÄ¡´Â ¾ÆÆÄÄ¡ ¼Ò½º¿¡ Àû¿ëµÈ ÈÄ¿¡ ÄÄÆÄÀÏ µÇ°í, SSLeay( ¹öÀü 0.5.1b+) ¶Ç´Â OpenSSL°ú ¿¬°áµÈ´Ù. The modified source will still compile a standard Apache as well as Apache-SSL. 5. ÃÖ½ÅÀ¸·Î À¯ÁöÇϱâ¾÷±×·¹À̵带 °¡Àå Àß ¾Ë ¼ö ÀÖ´Â ¹æ¹ýÀº °¡Àå ÃÖ½ÅÀÇ ¹öÀüÀ» ¾Ë·ÁÁÖ´Â ¹ßÇ¥(announce) ¸ÞÀϸµ ¸®½ºÆ®¿¡ °¡ÀÔÇÏ´Â °ÍÀÌ´Ù. 6. ¹ú·¹ Àâ±â¿Í ÆÐÄ¡¹ú·¹³ª °³¼±»çÇ×Àº ben@algroup.co.uk·Î º¸³»¶ó. ¹ö±×³ª ¹®Á¦Á¡µéÀ» ·¹Æ÷ÆÃÇϴµ¥ ºÎ´ãÀ» ´À³¢Áö ¸¶¶ó. ±×·¯³ª, (´ç½ÅÀÌ µ·À» ÁöºÒÇÒ Àǻ簡 ÀÖ´õ¶óµµ.. --;) ¾à¼Ó(°íÄ£´Ù´Â?)Àº ¸øÇÏ°Ú´Ù. 7. »ó¾÷Àû Áö¿ø¾ÆÆÄÄ¡³ª Apache-SSL µÑ´Ù »ó¾÷ÀûÀÎ Áö¿øÀÌ °¡´ÉÇÏ´Ù. Èï¹Ì Àְŵç ben@algroup.co.uk·Î ¸ÞÀÏÀ» º¸³»¶ó. 8. ÀüÀÚ Áõ¸í´ÙÀ½Àº ÆäÀÌÁö ¸µÅ©¸¦ ¿äûÇؿ ȸ»çµéÀÌ´Ù. ³ª´Â ¾Æ·¡ ´ÜüµéÀ» º¸Áõ, ÃßõÇÏÁöµµ ¾Ê°í ³ª¿ÍÀÇ °ü°è ¿ª½Ã ÀüÇô ¾ø´Ù. ¿äûÇÑ ¼øÀ¸·Î ³ª¿ÇÏ¿´´Ù. Apache-SSL¿ë ÀüÀÚ Áõ¸íÀÌ °¡´ÉÇÑ °÷µé:
9. PGP Å°(key)³ª¿¡°Ô »çÀûÀÎ ¸ÞÀÏÀ» º¸³¾·Á¸é, ¿©±â³» PGPÅ°°¡ ÀÖ´Ù. Á¦¹ß ºô¿äÇÑ µ¥¸¸ ½á´Þ¶ó; ³ª´Â Æнº¹®(passphrase) ŸÀÌÇÎÀÌ Á¤¸» ½È´Ù.. --+ 10. FAQ10.1 Apache-SSL Àº Çѵ¿¾È ¾÷µ¥ÀÌÆ® µÇÁö ¾Ê¾Ò´Ù - ÀÌ°Ç ³°¾Ò´Ù(out-of-date)´Â ¸»Àΰ¡?¾Æ´Ï´Ù, À§¸»Àº ±×°Í(Apache-SSL)ÀÌ »ç¶÷µéÀÌ ¿øÇÏ´Â ¸¸Å Àß ÀÛµ¿ÇÑ´Ù´Â ¶æÀÌ´Ù. ¿ì¸®´Â °íÃÄÁ®¾ß ÇÒ ¹ö±×°¡ ÀÖÀ»¶§¿Í »õ ¹öÀüÀÇ Apache(ÀÌÇÏ ¾ÆÆÄÄ¡)°¡ ³ª¿Ã¶§, ¶Ç´Â ´©±º°¡°¡ »õ·Î¿î ±â´ÉÀ» ¿øÇÒ¶§¸¸ ¾÷µ¥ÀÌÆ® ÇÑ´Ù. 10.2 ³» ºê¶ó¿ìÀú´Â ¿Ö Apache-SSL¿¡ Á¢¼ÓÇÒ ¶§ ¸ØÃçÀֱ⸸ Çϳª?
SSL_Accept failed error:140760EB:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 10.3 ÆÐÄ¡°¡ Àû¿ëÀÌ ¾ÈµÇ´Âµ¥, ¹¹°¡ À߸øµÈ°Ç°¡?´ÙÀ½°ú °°Àº °á°ú¸¦ ¾ò´Â´Ù¸é, $patch < SSLpatch Looks like a new-style context diff. File to patch:¾Æ¸¶ ¿¾³¯ ¹öÀüÀÇ patch¸¦ °¡Áö°í ÀÖÀ» °ÍÀÌ´Ù. 2.1 ÀÌ»óÀÇ ¹öÀüÀ¸·Î ¹Ù²Ù°í ´Ù½Ã ½ÃµµÇ϶ó. 10.4 HTTP°¡ Æ÷Æ®(port) 80À» ¾²´Â°Ç ¾Æ´Âµ¥, HTTPS´Â?´ç½ÅÀº HTTPS¸¦ ¾Æ¹« Æ÷Æ®¿¡¼³ª µ¹¸± ¼ö ÀÖÁö¸¸, ´ëºÎºÐÀÇ ºê¶ó¿ìÀú°¡ ±âº»À¸·Î ã´Â Ç¥ÁØ Æ÷Æ®´Â 443ÀÌ´Ù. ³Ê(Çä.. ¾ðÁ¦ºÎÅÍ.. --;)´Â ´ÙÀ½°ú °°ÀÌ URL¿¡ Æ÷Æ®¹øÈ£¸¦ ÁöÁ¤Çؼ ºê¶ó¿ìÀú°¡ °Á¦·Î ãµµ·Ï ÇÒ ¼ö ÀÖ´Ù. https://secure.server.hell:666 10.5 ³ª´Â ÇÑ ¸Ó½Å¿¡¼ º¸¾È(secure), ºñº¸¾È(non-secure) ¼¹ö¸¦ °°ÀÌ µ¹¸®°í ½Í´Ù. °¡´ÉÇÑ°¡?µÎ°¡Áö ¹æ¹ýÀÌ ÀÖ´Ù. µÎ°³ÀÇ ¼¹ö ´ë¸óÀ» µ¹¸®°Å³ª, ÇÑ ´ë¸ó¿¡¼ µÎ°¡Áö ¼ºñ½º¸¦ µ¿½Ã¿¡ Çϰųª. µÎ ´ë¸ó¸¦ µ¹¸®´Â ÁÁÀº ÀÌÀ¯°¡ ÀÖ´õ¶óµµ, º¸Åë °¡Àå °£´ÜÇÏ°Ô ÇÑ ¼¹ö¸¦ µ¹¸®°í SSLÀÌ ÇÊ¿ä¾ø´Â ºÎºÐÀº °¡»óÈ£½ºÆ®(virtual host)·Î ±× ±â´ÉÀ» ²¨¹ö¸®¸é µÈ´Ù. ¸¸¾à µÎ°³ÀÇ ´ë¸óÀ» µ¹¸®°í ½Í´Ù¸é °¢ ¼¹ö°¡ Á¤ÇØÁø Æ÷Æ®(º¸Åë ºñº¸¾ÈÀº Æ÷Æ® 80, º¸¾ÈÀº 443) ÇÏ°í¸¸ ¿¬°á µÇµµ·Ï ÇØ¾ß ÇÑ´Ù. ÇϳªÀÇ ¼¹ö¸¸ µ¹¸®°í ½Í´Ù¸é, ¾î¶»°Ô ¼³Á¤ÇÏ´ÂÁö ¿©±â ¿¹Á¦ ¼³Á¤ ÆÄÀÏÀÌ ÀÖ´Ù. 10.6 ÀÌÁ¦ ¸· ¼¹ö¸¦ ¼³Ä¡ Çß´Ù. Å×½ºÆ® Áõ¸í¼´Â ¾î¶»°Ô ¸¸µå³ª?´Ü°è Çϳª - Å°(key)¿Í ¿äû(request, û, û±¸.. ¸Ó¾ß.. --;)¸¦ ¸¸µé¾î¶ó. openssl req -new > new.cert.csr ´Ü°è µÑ - Å°¿¡¼ Æнº¹®(passphrase)¸¦ Áö¿ö¶ó(¼±ÅûçÇ×ÀÌ´Ù). openssl rsa -in privkey.pem -out new.cert.key ´Ü°è ¼Â - ¿äû(request)À» ¼¸íµÈ Áõ¸í(cert)À¸·Î ¹Ù²ã¶ó.(¹Ù²ã, ¹Ù²ã, ^^;) openssl x509 -in new.cert.csr -out neww.cert.cert -req -signkey new.cert.key -days 365 À§ °á°ú¸¦ Apache-SSLÀÇ Áö½ÃÀÚ·Î ´ÙÀ½°ú °°ÀÌ »ç¿ëÇÑ´Ù. SSLCertificateFile /path/to/certs/new.cert.cert SSLCertificateKeyFile /path/to/certs/new.cert.key 10.7 Ŭ¶óÀ̾ðÆ® Áõ¸í¼´Â ¾î¶»°Ô ¸¸µå³ª?´Ü°è Çϳª - À§ ó·³ CA Áõ¸í/Å° ½ÖÀ» ¸¸µç´Ù. ´Ü°è µÑ - CA Å°·Î °í°´ ¿äû¿¡ ¼¸íÇÑ´Ù. openssl x509 -req -in client.cert.csr -out client.cert.cert -signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial -days 365 ´Ü°è ¼Â - 'client.cert.cert' ÆÄÀÏÀ» ¿äûÇÏ´ÂÀÌ¿¡°Ô ³Ñ°ÜÁÖ¶ó. Apache-SSLÀº ´ÙÀ½À» Ãß°¡ ÇÔÀ¸·Î½á ÀÌ Áõ¸í¼ÀÇ È®ÀÎÀÌ °¡´ÉÇÏ´Ù. SSLCACertificateFile /path/to/certs/my.CA.cert SSLVerifyClient 2 10.8 ³» CGI·Î ¾î¶»°Ô Ŭ¶óÀ̾ðÆ® Áõ¸í¿¡ Á¢±ÙÇϴ°¡?¸±¸®Áî apache_1.3.2+ssl_1.27 À̻󿡼´Â ´ÙÀ½ Áö½ÃÀÚ¸¦ »ç¿ëÇÑ´Ù. SSLExportClientCertificatesÀÌ°ÍÀº Ŭ¶óÀ̾ðÆ® Áõ¸íÀÇ ³»¿ëÀ» Æ÷ÇÔÇϴ ȯ°æº¯¼ö¸¦ ¸¸µé°Ô µÈ´Ù. ´õ ÀÚ¼¼ÇÑ °ÍÀº, docs ¼½¼ÇÀÇ SSLExportClientCertificates¸¦ º¸¶ó. ÀÛµ¿ ¿¹Á¦µµ ÀÖ´Ù: https://www.apache-ssl.org/cgi/cert-export 10.9 FontPage98 Extensions with Apache-SSLÀº ¾î¶»°Ô ¼³Ä¡Çϳª?Bertrand Renuart°¡ ÀÌ¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ³»¿ëÀ» http://www.itma.lu/howto/apache¿¡¼ ±â¼úÇÏ°í ÀÖ´Ù. 10.10 Verisign cert¸¦ ¼³Ä¡ÇÒ ¶§, ¿Ö "getca", "getverisign"À» ãÀ» ¼ö ¾ø´Â°¡?Apache-SSL ¸í·É¿¡¼ VerisignÀº Áö¿øµÇÁö ¾Ê±â ¶§¹®ÀÌ´Ù. »ç¿ëÇÏ°í ½Í´Ù¸é Stronghold(»ó¿ë ¾ÆÆÄÄ¡ ±â¹Ý SSL Áö¿ø ¼¹ö)¸¦ »ç¿ëÇضó. ´ç½ÅÀÌ ÇØ¾ß ÇÒ ÀÏÀº ´ÜÁö Áõ¸íÀ» ÆÄÀÏ¿¡ ÀúÀåÇÏ°í ±× À̸§À» SSLCertificateFileÁö½ÃÀÚ¿¡ ³Ñ°ÜÁÖ¸é µÈ´Ù. Å°ÆÄÀϵµ ³Ñ°Ü¾ß ÇÏ´Â°É ±â¾ïÇضó. 10.11 ÀϹÝÀûÀÎ ÄÄÆÄÀÏ ¿¡·¯
gcc -c -I../os/unix -I../include -I/usr/local/ssl/include -funsigned-char -DTARGET=\"httpsd\" -DAPACHE_SSL `../apaci` -DAPACHE_SSL buff.c buff.c: In function `ap_read': buff.c:259: structure has no member named `stats' buff.c:267: structure has no member named `stats' buff.c:268: structure has no member named `stats' buff.c:269: structure has no member named `stats' buff.c:271: structure has no member named `stats' buff.c: In function `ap_write': buff.c:346: warning: passing arg 2 of `SSL_write' discards `const' from pointer target type *** Error code 1OpenSSLÀ» ¾÷±×·¹À̵å ÇØ¾ß ÇÑ´Ù. 10.12 Y2K ¹®Á¦´Â?Apache-SSL ÇϺÎÀÇ ÄÄÆ÷³ÍÆ®¿¡´Â ³¯Â¥°ü·Ã 󸮰¡ ¾ø¾î¼ ´ç½Å ½Ã½ºÅÛÀÇ ÀüüÀûÀÎ ÄÄÇöóÀ̾ð½º(compliance)¿£ ¿µÇâÀ» ¹ÞÁö ¾Ê´Â´Ù. ¸ÞÀÎ ÄÄÆ÷³ÍÆ®ÀÎ ¾ÆÆÄÄ¡´Â Y2K¿¡ ´ëÇؼ ÀÌ·¸°Ô À̾߱â ÇÏ°í ÀÖ´Ù. ¶ÇÇÑ ´ç½ÅÀº OS, Çϵå¿þ¾î¿Í ´Ù¸¥ ¸ðµâÀ» °Ë»çÇØ¾ß ÇÑ´Ù. 11. ¸ÞÀϸµ ¸®½ºÆ®µÎ Apache-SSL ¸ÞÀϸµ ¸®½ºÆ®°¡ ÀÖ´Ù. Apache-SSL Ä¿¹Â´ÏƼ(community)·ÎºÎÅÍ ÀϹÝÀûÀÎ µµ¿òÀ̳ª Áö¿øÀ» ¿øÇϸé, apache-ssl-help@lists.aldigital.co.uk·Î ºó ¸ÞÀÏÀ» º¸³»¶ó. ÀÌ°ÍÀº Áú¹®¿¡ ´ëÇÑ ÇØ´äÀ» ¾ò´Â °¡Àå ºü¸¥ °æ·Î ÀÏ °ÍÀÌ´Ù. ±×·¯³ª, Áú¹®À» Æ÷½ºÆÃÇϱâÀü¿¡ archive¿¡ ´äÀÌ ÀÖ´ÂÁöºÎÅÍ È®ÀÎÇضó. ´Ü¼øÈ÷ ÃÖ½ÅÀ¸·Î À¯ÁöÇÏ°í »õ ¸±¸®Áî¿Í Áß¿äÇÑ ¹ßÇ¥¸¦ µè±â¸¸À» ¿øÇÑ´Ù¸é, apache-sslannounce-help@lists.aldigital.co.uk°¡ ÀÖ´Ù. 12. Apache-SSLÀº mod_sslÀÌ ¾Æ´Ï´Ù!!There appears to be some confusion regarding Apache-SSL and mod_ssl. To set the record straight: mod_ssl is not a replacement for Apache-SSL - it is an alternative, in the same way that Apache is an alternative to Netscape/Microsoft servers, or Linux is an alternative to FreeBSD. It is a matter of personal choice as to which you run. mod_ssl is what is known as a 'split' - i.e. it was originally derived from Apache-SSL, but has been extensively redeveloped so the code now bears little relation to the original. Apache-SSL continues to be developed and maintained, our main focus being on reliability, security and performance, rather than features and bells and whistles. I hope this makes things clear. (Adam Laurie) 13. ¸µÅ©µé°ü·Ã À¥ ÀÚ¿øµé:
14. ¹Ì·¯ À¥»çÀÌÆ®
15. Å©·¹µðÆ®(^^;)Apache-SSL was written by Ben Laurie, who is also an Apache core team member, and an OpenSSL core team member. The development of Apache-SSL is sponsored by A.L. Digital Ltd., and this site is hosted by tem. Info on FTP mirror sites, CAs, Links, etc., should be send to: The Web Slaves. Apache-SSL graphics courtesy of Jamie Harrison and The WoW Foundation, based on the original feather by Randy Terbush. Feel free to replicate. 16. Team A.L. Digital & Apache SSLA.L. Digital Ltd. participate in the Distributed Net encryption cracking efforts, as do many of our friends. To see how our team is doing, click the team logo above. To read more about the project, click on the banner above. To join our team, affiliate yourself with team no. 5209. For your personal privacy, the team membership listing is not open to the public, and we promise not to use it ourselves. For anything. |
Far duller than a serpent's tooth it is to spend a quiet youth. |