1.3.6 + 2.2.6 PB with openssl < 0.9.2

GOMEZ Henri Fri, 26 Mar 1999 09:16:05 -0500
Hi.

The problem seems to be when open-ssl/ssleay version is less than 0.9.2
(0x920).
Since there is at this time, no RPM for RH Intel platform, all RH users
have the same problems.

There is many difference between 2.2.5 and 2.2.6 in pkg.sslmod and code
in mod_ssl 2.2.6 and
many depends on SSL_LIBRARY_VERSION >= 0x0920

ssl_engine_vars.c

#if SSL_LIBRARY_VERSION >= 0x0920

    { TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5     /*EXP56-RC4-MD5*/,
56, 128 },
    { TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5
/*EXP56-RC2-CBC-MD5*/,56, 128 },
    { TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA
/*EXP56-DES-CBC-SHA*/,56,  56 },
#endif


ssl_engine_kernel.c 
                    
    /*

     * Create a new SSL connection with the configured server SSL
context and
     * attach this to the socket. Additionally we register this
attachment   
     * so we can detach later.

     */

    ssl = SSL_new(sc->pSSLCtx);

    SSL_clear(ssl);


#if SSL_LIBRARY_VERSION >= 0x0920                       
    SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA); 
#endif                                                  


What about the TmpRSA callback after SSL_clear if you are not using the
latest openssl ???

See you


...............................................
.                 . S.L.I.B                   .
.   ____[_]____   . 5 Place Charles Béraudier .
.      (+ +)      . 69428 Lyon Cedex 03       .
..oOOo..(_)..oOOo..............................
.                             Tel: 0472367723 .
. Henri Gomez  [EMAIL PROTECTED]  Fax: 0472367778 .
...............................................


> -----Original Message-----
> From: Toru Takinaka [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, March 26, 1999 11:05 AM
> To:   [EMAIL PROTECTED]
> Subject:      Re: Ok, Client Test Suite established
> 
> 
> >> MSIE3.02(Japanese) can't access https://en4.engelschall.com/
> >Why? What happens? An I/O error? Or is just because the server
> certificate is
> >a dummy one which uses the SnakeOil CA your MSIE3.02 doesn't know?
> SnakeOil CA is not the problem, it is warning only.
> 
> Server certificate of https://en4.engelschall.com/ is readable on
> MSIE3.0.
> But I can't see the page.
> The error message is
> Can't open site https://en4.engelschall.com/
> in Japanese languange.
> 
> FYI,the log of my test server(Apache1.3.6+mod_ssl2.2.6+openssl0.9.2b)
> is here.
> access_log:
>       Nothing.
> error_log:
> [Fri Mar 26 18:52:34 1999] [error] mod_ssl: SSL handshake interrupted
> by system
> 
> ssl_engine_log
> [26/Mar/1999 18:52:33] [info]  Connection to child 0 established
> (server :xxx.xxx.xxx.xxx.xxx:8443)
> [26/Mar/1999 18:52:33] [trace] Seeding PRNG with 1032 bytes of entropy
> [26/Mar/1999 18:52:33] [trace] OpenSSL: Handshake: start
> [26/Mar/1999 18:52:33] [trace] OpenSSL: Loop: before/accept
> initialization
> [26/Mar/1999 18:52:33] [debug] OpenSSL: read 7/7 bytes from
> BIO#00140880 [mem: 0014EE10] (BIO dump follows)
> +---------------------------------------------------------------------
> ----+
> | 0000: 80 34 01 03 00 00 1b                             .4.....
> |
> +---------------------------------------------------------------------
> ----+
> [26/Mar/1999 18:52:33] [debug] OpenSSL: read 47/47 bytes from
> BIO#00140880 [mem: 0014EE17] (BIO dump follows)
> +---------------------------------------------------------------------
> ----+
> | 0000: 00 00 00 10 8f 80 01 80-00 01 81 00 01 81 00 03
> ................ |
> | 0010: 82 00 01 83 00 04 84 28-40 00 00 03 02 00 80 79
> .......(@......y |
> | 0020: b1 20 b2 30 c9 da 5a d2-b2 8b 21 71 29 e0 33     .
> .0..Z...!q).3  |
> +---------------------------------------------------------------------
> ----+
> [26/Mar/1999 18:52:33] [trace] OpenSSL: Loop: SSLv3 read client hello
> A
> [26/Mar/1999 18:52:33] [trace] OpenSSL: Loop: SSLv3 write server hello
> A
> [26/Mar/1999 18:52:33] [trace] OpenSSL: Loop: SSLv3 write certificate
> A
> [26/Mar/1999 18:52:33] [debug] OpenSSL: write 1024/1024 bytes to
> BIO#00140880 [mem: 00158280] (BIO dump follows)
> +---------------------------------------------------------------------
> ----+
> | 0000: 16 03 00 00 4a 02 00 00-46 03 00 36 fb 58 e1 5c
> ....J...F..6.X.\ |
> | 0010: 15 00 0c c8 86 97 86 db-f1 b2 2a 7c 42 cd b3 5a
> ..........*|B..Z |
> | 0020: a0 25 f1 7a 02 3c 05 ce-9f 3a 89 20 d8 3b 82 b0  .%.z.<...:.
> .;.. |
> | 0030: e8 85 ed 4f 32 44 e4 f4-53 59 6a ae f2 73 55 d1
> ...O2D..SYj..sU. |
> | 0040: c8 37 fb 28 ca 32 c8 bd-5a 42 ec ae 00 03 00 16
> .7.(.2..ZB...... |
> | 0050: 03 00 02 dc 0b 00 02 d8-00 02 d5 00 02 d2 30 82
> ..............0. |
> | 0060: 02 ce 30 82 02 37 a0 03-02 01 02 02 01 01 30 0d
> ..0..7........0. |
> | 0070: 06 09 2a 86 48 86 f7 0d-01 01 04 05 00 30 81 a9
> ..*.H........0.. |
> | 0080: 31 0b 30 09 06 03 55 04-06 13 02 58 59 31 15 30
> 1.0...U....XY1.0 |
> | 0090: 13 06 03 55 04 08 13 0c-53 6e 61 6b 65 20 44 65  ...U....Snake
> De |
> | 00a0: 73 65 72 74 31 13 30 11-06 03 55 04 07 13 0a 53
> sert1.0...U....S |
> | 00b0: 6e 61 6b 65 20 54 6f 77-6e 31 17 30 15 06 03 55  nake
> Town1.0...U |
> | 00c0: 04 0a 13 0e 53 6e 61 6b-65 20 4f 69 6c 2c 20 4c  ....Snake
> Oil, L |
> | 00d0: 74 64 31 1e 30 1c 06 03-55 04 0b 13 15 43 65 72
> td1.0...U....Cer |
> | 00e0: 74 69 66 69 63 61 74 65-20 41 75 74 68 6f 72 69  tificate
> Authori |
> | 00f0: 74 79 31 15 30 13 06 03-55 04 03 13 0c 53 6e 61
> ty1.0...U....Sna |
> | 0100: 6b 65 20 4f 69 6c 20 43-41 31 1e 30 1c 06 09 2a  ke Oil
> CA1.0...* |
> | 0110: 86 48 86 f7 0d 01 09 01-16 0f 63 61 40 73 6e 61
> .H........ca@sna |
> | 0120: 6b 65 6f 69 6c 2e 64 6f-6d 30 1e 17 0d 39 39 30
> keoil.dom0...990 |
> | 0130: 33 32 35 30 37 33 38 33-39 5a 17 0d 30 30 30 33
> 325073839Z..0003 |
> | 0140: 32 34 30 37 33 38 33 39-5a 30 81 98 31 0b 30 09
> 24073839Z0..1.0. |
> | 0150: 06 03 55 04 06 13 02 4a-50 31 0e 30 0c 06 03 55
> ..U....JP1.0...U |
> | 0160: 04 08 13 05 54 6f 6b 79-6f 31 12 30 10 06 03 55
> ....Tokyo1.0...U |
> | 0170: 04 07 13 09 4d 69 6e 61-74 6f 2d 6b 75 31 0c 30
> ....Minato-ku1.0 |
> | 0180: 0a 06 03 55 04 0a 13 03-4e 45 43 31 0c 30 0a 06
> ...U....NEC1.0.. |
> | 0190: 03 55 04 0b 13 03 4d 6b-74 31 1f 30 1d 06 03 55
> .U....Mkt1.0...U |
> | 01a0: 04 03 13 16 68 6f 6d 65-32 2e 63 73 2e 6d 70 64
> ....home2.cs.mpd |
> | 01b0: 2e 6e 65 63 2e 63 6f 2e-6a 70 31 28 30 26 06 09
> .nec.co.jp1(0&.. |
> | 01c0: 2a 86 48 86 f7 0d 01 09-01 16 19 77 65 62 73 74
> *.H........webst |
> | 01d0: 61 66 66 40 63 73 2e 6d-70 64 2e 6e 65 63 2e 63
> [EMAIL PROTECTED] |
> | 01e0: 6f 2e 6a 70 30 81 9f 30-0d 06 09 2a 86 48 86 f7
> o.jp0..0...*.H.. |
> | 01f0: 0d 01 01 01 05 00 03 81-8d 00 30 81 89 02 81 81
> ..........0..... |
> | 0200: 00 9f d8 2f 8b 68 1c 80-31 1b 38 d5 82 0d 5f c0
> .../.h..1.8..._. |
> | 0210: 21 fd 3b 49 6a f7 9d 2e-4f 2a 27 14 e1 e1 75 8d
> !.;Ij...O*'...u. |
> | 0220: 42 f5 8b 1f 0c 84 94 fd-f1 c4 40 d4 52 ea cf 02
> B.........@.R... |
> | 0230: 3e 15 4a 80 c8 9a 8b f9-ab bf 2d 15 a5 7b 94 c9
> >.J.......-..{.. |
> | 0240: 7e ef d2 9e 6d 1b e8 15-a6 a5 23 80 4f e3 ff e7
> ~...m.....#.O... |
> | 0250: d2 4f 45 2f 82 a9 b2 c9-5c b6 30 0f b0 9e b9 a5
> .OE/....\.0..... |
> | 0260: 2f 37 7b 44 76 f0 ef 95-a1 86 f9 e0 24 77 83 61
> /7{Dv.......$w.a |
> | 0270: 2e aa 84 75 2f a3 b8 1f-77 18 2b f9 cd 90 b0 ca
> ...u/...w.+..... |
> | 0280: b3 02 03 01 00 01 a3 15-30 13 30 11 06 09 60 86
> ........0.0...`. |
> | 0290: 48 01 86 f8 42 01 01 04-04 03 02 06 40 30 0d 06
> [EMAIL PROTECTED] |
> | 02a0: 09 2a 86 48 86 f7 0d 01-01 04 05 00 03 81 81 00
> .*.H............ |
> | 02b0: 69 7c 50 5e 40 35 c2 6a-67 c5 ca 16 39 f4 b4 c6
> i|P^@5.jg...9... |
> | 02c0: bf f0 6c 86 2e e9 ba 5b-31 2a 90 77 c3 f0 c2 42
> ..l....[1*.w...B |
> | 02d0: b2 f5 17 a5 f9 fd b8 87-55 78 9a e7 7f 88 a2 2c
> ........Ux....., |
> | 02e0: 4d 3d ea f6 9f fe 37 85-da 49 58 bd f8 c3 7c cc
> M=....7..IX...|. |
> | 02f0: d0 9f 11 e2 e6 35 dd 40-c2 21 38 9b 3e a1 66 6a
> .....5.@.!8.>.fj |
> | 0300: c6 f6 fc 25 46 9c 1c 4a-06 0d f4 42 ff 90 90 c4
> ...%F..J...B.... |
> | 0310: 54 ed 15 bf e7 82 fd 66-f9 b6 dc 33 dc be b3 61
> T......f...3...a |
> | 0320: ee e3 d7 c8 e1 84 8b 91-0f 08 14 ef 3d 73 be 07
> ............=s.. |
> | 0330: 16 03 00 00 cd 0c 00 00-c9 00 40 c8 67 ad fe d9
> ..........@.g... |
> | 0340: 81 14 79 63 bb b4 4b 90-11 5a 23 1e ce 64 cd 2f
> ..yc..K..Z#..d./ |
> | 0350: 95 bd b9 b3 d7 22 67 e7-09 0b 37 11 7c 03 61 7f
> ....."g...7.|.a. |
> | 0360: 1f 19 e7 26 e6 44 28 54-81 0c 09 29 a3 0d 81 3e
> ...&.D(T...)...> |
> | 0370: 2a e0 58 3d 7a e3 1b 3a-51 43 b3 00 03 01 00 01
> *.X=z..:QC...... |
> | 0380: 00 80 21 e5 72 65 8c b8-6e 89 71 10 cf 6d f0 9a
> ..!.re..n.q..m.. |
> | 0390: f6 90 d0 38 83 5d 77 6e-4d 80 c9 26 db b2 4b d1
> ...8.]wnM..&..K. |
> | 03a0: c7 eb 75 4c 30 e5 64 7a-99 ac 57 19 49 dc 2c 78
> ..uL0.dz..W.I.,x |
> | 03b0: de ca 09 6b dc 5e 6e ab-44 1a c6 25 5e b4 e0 d9
> ...k.^n.D..%^... |
> | 03c0: 78 99 bd db 55 4a d7 75-f3 c0 dc f6 a1 0b de d6
> x...UJ.u........ |
> | 03d0: ba 83 77 69 b0 c1 69 aa-0e 7d ca 54 c4 b2 16 86
> ..wi..i..}.T.... |
> | 03e0: 77 2b ad 13 80 27 0a 6f-a8 ec 1a 5d bb b6 85 65
> w+...'.o...]...e |
> | 03f0: c6 0f 70 48 6d a9 4b ff-29 62 25 8a 49 b0 67 d4
> ..pHm.K.)b%.I.g. |
> +---------------------------------------------------------------------
> ----+
> [26/Mar/1999 18:52:34] [trace] OpenSSL: Loop: SSLv3 write key exchange
> A
> [26/Mar/1999 18:52:34] [trace] OpenSSL: Loop: SSLv3 write server done
> A
> [26/Mar/1999 18:52:34] [debug] OpenSSL: write 11/11 bytes to
> BIO#00140880 [mem: 00158280] (BIO dump follows)
> +---------------------------------------------------------------------
> ----+
> | 0000: 75 97 16 03 00 00 04 0e-                         u.......
> |
> | 000b - <SPACES/NULS>
> +---------------------------------------------------------------------
> ----+
> [26/Mar/1999 18:52:34] [trace] OpenSSL: Loop: SSLv3 flush data
> [26/Mar/1999 18:52:34] [debug] OpenSSL: read 0/5 bytes from
> BIO#00140880 [mem: 0014EE10] (BIO dump follows)
> +---------------------------------------------------------------------
> ----+
> +---------------------------------------------------------------------
> ----+
> [26/Mar/1999 18:52:34] [trace] OpenSSL: Exit: failed in SSLv3 read
> client certificate A
> [26/Mar/1999 18:52:34] [error] SSL handshake interrupted by system
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List               [EMAIL PROTECTED]
> Automated List Manager                       [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]
1.3.6 + 2.2.6 PB with openssl < 0.9.2

Reply via email to
