Re: Encryption with no certificate

Thu, 10 Jun 1999 04:20:49 -0700 

On Wed, Jun 09, 1999 at 09:54:38PM -0400, Lin Geng wrote:
> >From: Dick Porter <[EMAIL PROTECTED]>
> >
> >I'm trying to set up a mod_ssl server, but I only want link encryption and
> >no authentication.
> >
> >A self-signed certificate isn't really the answer because I want to run
> this
> >on an embedded system which can change host and domain name at any time.
> (Apart
> >from having to go through Netscape's long-winded certificate dialog).
> >
> >Is there any way of configuring mod_ssl for this? If I just don't give it
> >a server certificate, it reports fatal errors.
> >
> >- Dick
>
> The simplest way is to use the no-rsa option.  It seems the deafult
> (openssl) is that if you have RSA on, you want authentication.  If you
> disable RSA, ADH will kicks in automatically.

OpenSSL v0.9.3 (0.9.3a and SNAP-19990609 too):

gcc -o openssl -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DNO_RSA -DL_ENDIAN 
-DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM 
openssl.o verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o pkcs7.o 
crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o 
speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o nseq.o 
pkcs12.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -lcrypto 
../libssl.so: undefined reference to `ssl2_generate_key_material'
../libssl.so: undefined reference to `ssl2_clear'
../libssl.so: undefined reference to `ssl2_new'
../libssl.so: undefined reference to `ssl2_get_cipher'
../libssl.so: undefined reference to `ssl2_get_cipher_by_char'
../libssl.so: undefined reference to `ssl2_write_error'
../libssl.so: undefined reference to `ssl2_return_error'
../libssl.so: undefined reference to `SSLv2_client_method'
../libssl.so: undefined reference to `ssl2_num_ciphers'
../libssl.so: undefined reference to `SSLv2_server_method'
make[1]: *** [openssl] Error 1
make[1]: Leaving directory `/home/dick/redhat/BUILD/openssl-0.9.3/apps'

All of the functions referred to have their definitions surrounded by
#ifndef NO_RSA/#endif, but the calls seem to be scattered all around the ssl
directory.

At first glance, it appears that disabling RSA effectively disables SSLv2.
Will standard browsers (ie netscape communicator) still connect to a
mod_ssl server that doesnt talk ssl v2?

- Dick

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to