Hi openssl-dev,
Below are the gmake test results and hardware/software coordinates of my
system. Seems that
1) gmake test has sth to complain about
2) there is a problem with the default configuration _and_ with the
creation of self-signed certs, because neither Apache mod_ssl
make certificate TYPE=custom nor the manual procedure Ralf suggested
in the mod_ssl FAQ worked. (see at the end of this mail)
If you need further details, contact me at [EMAIL PROTECTED]
(as I am not on openssl-dev).
Hope this helps.
OPENSSL VERSION:
OpenSSL 0.9.4 09 Aug 1999
built on: Mo., 23. Aug. 1999, 10:27:11
platform: hpux10-gcc
options: bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: gcc -DTHREADS -D_REENTRANT -DNO_IDEA -fPIC -DB_ENDIAN -DBN_DIV2W
Operating system: 9000/839-hp-hpux10
./Config -t
Configuring for hpux10-gcc
/opt/perl/bin/perl ./Configure hpux10-gcc
gcc -v
Reading specs from /opt/egcs-1.1.2/lib/gcc-lib/hppa1.1-hp-hpux10.20/egcs-2.91.66/specs
gcc version egcs-2.91.66 19990314 (egcs-1.1.2 release)
OUTPUT of gmake test
Doing certs
ICE-CA.pem => 6bee6be3.0
ICE-root.pem => adbec561.0
ICE-user.pem => 3ecf89a3.0
ca-cert.pem => 1f6c59cd.0
dsa-ca.pem => 73912336.0
dsa-pca.pem => 24867d38.0
factory.pem => f3e90025.0
nortelCA.pem => 1ef89214.0
pca-cert.pem => 8caad35e.0
rsa-cca.pem => a99c5886.0
rsa-ssca.pem => f73e89fd.0
thawteCb.pem => ddc328ff.0
thawteCp.pem => c33a80d4.0
timCA.pem => 8c401b31.0
tjhCA.pem => 052eae11.0
vsign1.pem => 2edf7016.0
vsign2.pem => b5f329fa.0
vsign3.pem => 7651b327.0
vsignss.pem => f73e89fd.0
vsigntca.pem => 18d46017.0
testing...
./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
Doing pcbc
Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done
Doing ofb
Doing ofb64
Doing ede_ofb64
Doing cbc_cksum
Doing quad_cksum
input word alignment test 0 1 2 3
output word alignment test 0 1 2 3
fast crypt test
./ideatest
No IDEA support
./shatest
test 1 ok
test 2 ok
test 3 ok
./sha1test
test 1 ok
test 2 ok
test 3 ok
./md5test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
./hmactest
test 0 ok
test 1 ok
test 2 ok
test 3 ok
./md2test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
./mdc2test
pad1 - ok
pad2 - ok
./rc2test
ecb RC2 ok
./rc4test
test 0 ok
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test end processing ....................done
test multi-call ....................done
./rc5test
ecb RC5 ok
cbc RC5 ok
./bftest
testing blowfish in raw ecb mode
testing blowfish in ecb mode
testing blowfish set_key
testing blowfish in cbc mode
testing blowfish in cfb64 mode
testing blowfish in ofb64
./casttest
ecb cast5 ok
This test will take some time....123456789ABCDEF ok
./randtest
test 1 done
test 2 done
test 3 done
test 4 done
starting big number library test, could take a while...
test BN_add
test BN_sub
test BN_lshift1
test BN_lshift (fixed)
test BN_lshift
test BN_rshift1
test BN_rshift
test BN_sqr
test BN_mul
test BN_div
test BN_div_recp
test BN_mod
test BN_mod_mul
test BN_mod_exp
test BN_exp
64 tests done
128 tests done
192 tests done
256 tests done
320 tests done
384 tests done
448 tests done
512 tests done
576 tests done
640 tests done
704 tests done
768 tests done
832 tests done
896 tests done
960 tests done
1024 tests done
1088 tests done
test a^b%c implementations
./exptest
........................................................................................................................................................................................................
done
cat
base64
base64
base64 base64
bf
bf base64
bf-cbc
bf-cbc base64
bf-cfb
bf-cfb base64
bf-ecb
bf-ecb base64
bf-ofb
bf-ofb base64
cast
cast base64
cast-cbc
cast-cbc base64
cast5-cbc
cast5-cbc base64
cast5-cfb
cast5-cfb base64
cast5-ecb
cast5-ecb base64
cast5-ofb
cast5-ofb base64
des
des base64
des-cbc
des-cbc base64
des-cfb
des-cfb base64
des-ecb
des-ecb base64
des-ede
des-ede base64
des-ede-cbc
des-ede-cbc base64
des-ede-cfb
des-ede-cfb base64
des-ede-ofb
des-ede-ofb base64
des-ede3
des-ede3 base64
des-ede3-cbc
des-ede3-cbc base64
des-ede3-cfb
des-ede3-cfb base64
des-ede3-ofb
des-ede3-ofb base64
des-ofb
des-ofb base64
des3
des3 base64
desx
desx base64
rc2
rc2 base64
rc2-cbc
rc2-cbc base64
rc2-cfb
rc2-cfb base64
rc2-ecb
rc2-ecb base64
rc2-ofb
rc2-ofb base64
rc4
rc4 base64
rc5
rc5 base64
rc5-cbc
rc5-cbc base64
rc5-cfb
rc5-cfb base64
rc5-ecb
rc5-ecb base64
rc5-ofb
rc5-ofb base64
echo test normal x509v1 certificate
test normal x509v1 certificate
sh ./tx509 2>/dev/null
testing X509 conversions
p -> d
p -> n
p -> p
d -> d
n -> d
p -> d
d -> n
n -> n
p -> n
d -> p
n -> p
p -> p
echo test first x509v3 certificate
test first x509v3 certificate
sh ./tx509 v3-cert1.pem 2>/dev/null
testing X509 conversions
p -> d
p -> n
p -> p
d -> d
n -> d
p -> d
d -> n
n -> n
p -> n
d -> p
n -> p
p -> p
echo test second x509v3 certificate
test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2>/dev/null
testing X509 conversions
p -> d
p -> n
p -> p
d -> d
n -> d
p -> d
d -> n
n -> n
p -> n
d -> p
n -> p
p -> p
testing rsa conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
./rsa_oaep_test
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
testing crl conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing session-id conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
Generate and verify a certificate request
generating certificate request
There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
Using configuration from test.cnf
Generating a 512 bit RSA private key
.............+++++
............+++++
writing new private key to 'testkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:[EMAIL PROTECTED]
Using configuration from test.cnf
verify OK
testing req conversions
p -> d
*** Error exit code 1
Stop.
gmake: *** [tests] Error 1
ANOTHER FAILING script (openssl installed with gmake install, then used):
(there seems to be a problem with the default configuration file)
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
./sign.sh server.csr
where sign.sh is
#!/bin/sh
##
## sign.sh -- Sign a SSL Certificate Request (CSR)
## Copyright (c) 1998-1999 Ralf S. Engelschall, All Rights Reserved.
##
# argument line handling
CSR=$1
if [ $# -ne 1 ]; then
echo "Usage: sign.sign <whatever>.csr"; exit 1
fi
if [ ! -f $CSR ]; then
echo "CSR not found: $CSR"; exit 1
fi
case $CSR in
*.csr ) CERT="`echo $CSR | sed -e 's/\.csr/.crt/'`" ;;
* ) CERT="$CSR.crt" ;;
esac
# make sure environment exists
if [ ! -d ca.db.certs ]; then
mkdir ca.db.certs
fi
if [ ! -f ca.db.serial ]; then
echo '01' >ca.db.serial
fi
if [ ! -f ca.db.index ]; then
cp /dev/null ca.db.index
fi
# create an own SSLeay config
cat >ca.config <<EOT
[ ca ]
default_ca = CA_own
[ CA_own ]
dir = .
certs = \$dir
new_certs_dir = \$dir/ca.db.certs
database = \$dir/ca.db.index
serial = \$dir/ca.db.serial
RANDFILE = \$dir/ca.db.rand
certificate = \$dir/ca.crt
private_key = \$dir/ca.key
default_days = 365
default_crl_days = 30
default_md = md5
preserve = no
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOT
# sign the certificate
echo "CA signing: $CSR -> $CERT:"
openssl ca -config ca.config -out $CERT -infiles $CSR
echo "CA verifying: $CERT <-> CA cert"
openssl verify -CAfile ca.crt $CERT
# cleanup after SSLeay
rm -f ca.config
rm -f ca.db.serial.old
rm -f ca.db.index.old
# die gracefully
exit 0
OUTPUT of this is:
unable to load 'random state'
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
....+++++
.....................+++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
Using configuration from /opt/openssl-0.9.4/ssl/openssl.cnf
Unable to load config info
Enter PEM pass phrase:
unable to find 'distinguished_name' in config
problems making Certificate Request
1128 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
................+++++
..........+++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
Using configuration from /opt/openssl-0.9.4/ssl/openssl.cnf
Unable to load config info
Enter PEM pass phrase:
unable to find 'distinguished_name' in config
problems making Certificate Request
CSR not found: server.csr
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
