See attachment for explanation and fix.
With these changes, everything appears to work fine.
Regards,
--
Jan Nijtmans, CMG Oost-Nederland B.V.
email: [EMAIL PROTECTED] (private)
[EMAIL PROTECTED] (work)
url: http://purl.oclc.org/net/nijtmans/
Openssl 0.9.6-beta1 demo bugs (True64 V4.0d)
- <unistd.h> and <openssl/rand.h> need to be included to provide
the prototypes for the close() and the RAND_seed() functions.
- The RAND_seed() function call is necessary to provide enough
random input for the crypto functions.
- The err variable needs to be initialized, otherwise the compiler
gives a warning that the variable is used before initialization.
- The Free macro is renamed to OPENSSL_free.
With these changes, everything compiled fine on True64.
To be mailed to:
Sampo Kellomaki <mailto:[EMAIL PROTECTED]>
Wade Scholine <mailto:[EMAIL PROTECTED]>
<mailto:[EMAIL PROTECTED]>
*** demos/ssl/cli.cpp.orig Wed Sep 13 11:40:24 2000
--- demos/ssl/cli.cpp Wed Sep 13 11:53:19 2000
***************
*** 5,11 ****
--- 5,15 ----
Simplified to be even more minimal
12/98 - 4/99 Wade Scholine <[EMAIL PROTECTED]> */
+ /* mangled to work with OpenSSL-0.9.6-beta1
+ 9-2000 Jan Nijtmans <j.nijtmans.chello.nl> */
+
#include <stdio.h>
+ #include <unistd.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
***************
*** 19,24 ****
--- 23,29 ----
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
+ #include <openssl/rand.h>
#define CHK_NULL(x) if ((x)==NULL) exit (1)
***************
*** 25,33 ****
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
void main ()
{
! int err;
int sd;
struct sockaddr_in sa;
SSL_CTX* ctx;
--- 30,40 ----
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
+ static const char rnd_seed[] = "string to make the random number generator think it
+has entropy";
+
void main ()
{
! int err = 0;
int sd;
struct sockaddr_in sa;
SSL_CTX* ctx;
***************
*** 37,42 ****
--- 44,50 ----
char buf [4096];
SSL_METHOD *meth;
+ RAND_seed(rnd_seed, sizeof rnd_seed);
SSLeay_add_ssl_algorithms();
meth = SSLv2_client_method();
SSL_load_error_strings();
***************
*** 79,90 ****
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
! Free (str);
str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
! Free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
--- 87,98 ----
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
! OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
! OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
*** demos/ssl/inetdsrv.cpp.orig Wed Sep 13 11:55:20 2000
--- demos/ssl/inetdsrv.cpp Wed Sep 13 11:59:55 2000
***************
*** 4,18 ****
* 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
*/
#include <stdio.h>
#include <errno.h>
! #include "rsa.h" /* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define HOME "/usr/users/sampo/demo/"
#define CERTF HOME "plain-cert.pem"
--- 4,23 ----
* 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
*/
+ /* mangled to work with OpenSSL-0.9.6-beta1
+ 9-2000 Jan Nijtmans <j.nijtmans.chello.nl> */
+
#include <stdio.h>
+ #include <unistd.h>
#include <errno.h>
! #include "openssl/rsa.h"
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
+ #include <openssl/rand.h>
#define HOME "/usr/users/sampo/demo/"
#define CERTF HOME "plain-cert.pem"
***************
*** 23,28 ****
--- 28,35 ----
{ fprintf(log, "%s %d\n", (s), errno); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
+ static const char rnd_seed[] = "string to make the random number generator think it
+has entropy";
+
void main ()
{
int err;
***************
*** 33,38 ****
--- 40,46 ----
char buf [4096];
FILE* log;
+ RAND_seed(rnd_seed, sizeof rnd_seed);
log = fopen ("/dev/console", "a"); CHK_NULL(log);
fprintf (log, "inetdserv %ld\n", (long)getpid());
***************
*** 65,76 ****
str = X509_NAME_oneline (X509_get_subject_name (client_cert));
CHK_NULL(str);
fprintf (log, "\t subject: %s\n", str);
! Free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert));
CHK_NULL(str);
fprintf (log, "\t issuer: %s\n", str);
! Free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
--- 73,84 ----
str = X509_NAME_oneline (X509_get_subject_name (client_cert));
CHK_NULL(str);
fprintf (log, "\t subject: %s\n", str);
! OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert));
CHK_NULL(str);
fprintf (log, "\t issuer: %s\n", str);
! OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
*** demos/ssl/serv.cpp.orig Wed Sep 13 11:55:09 2000
--- demos/ssl/serv.cpp Wed Sep 13 12:03:24 2000
***************
*** 6,11 ****
--- 6,14 ----
Simplified to be even more minimal
12/98 - 4/99 Wade Scholine <[EMAIL PROTECTED]> */
+ /* mangled to work with OpenSSL-0.9.6-beta1
+ 9-2000 Jan Nijtmans <j.nijtmans.chello.nl> */
+
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
***************
*** 17,28 ****
#include <arpa/inet.h>
#include <netdb.h>
! #include <openssl/rsa.h> /* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
/* define HOME to be dir for key and cert files... */
--- 20,32 ----
#include <arpa/inet.h>
#include <netdb.h>
! #include <openssl/rsa.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
+ #include <openssl/rand.h>
/* define HOME to be dir for key and cert files... */
***************
*** 36,44 ****
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
void main ()
{
! int err;
int listen_sd;
int sd;
struct sockaddr_in sa_serv;
--- 40,50 ----
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
+ static const char rnd_seed[] = "string to make the random number generator think it
+has entropy";
+
void main ()
{
! int err = 0;
int listen_sd;
int sd;
struct sockaddr_in sa_serv;
***************
*** 53,58 ****
--- 59,65 ----
/* SSL preliminaries. We keep the certificate and key with the context. */
+ RAND_seed(rnd_seed, sizeof rnd_seed);
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();
***************
*** 121,132 ****
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
! Free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
! Free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
--- 128,139 ----
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
! OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
! OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
