1) Environment:
HP-UX svwww012 B.10.20 A 9000/735 2008535444 two-user license
gcc version 2.7.2.3
2) Downloaded Package: openssl-0_9_3a_tar This version chosen for max
compatibilty with Net_SSLeay.pm-1.05 (which is my ultimate desire to get
operational)
3) Output of openssl version -a
OpenSSL 0.9.3a 29 May 1999
built on: Tue Jan 25 15:04:23 CST 2000
platform: hpux10-gcc
options: bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int)
blowfish(idx)
compiler: gcc -DTHREADS -D_REENTRANT -DB_ENDIAN -DBN_DIV2W -O3
4) The make routine ran fine, however make test failed. Here's the output
of make test:
Doing certs
ICE-CA.pem => 6bee6be3.0
ICE-root.pem => adbec561.0
ICE-user.pem => 3ecf89a3.0
ca-cert.pem => 1f6c59cd.0
dsa-ca.pem => 73912336.0
dsa-pca.pem => 24867d38.0
factory.pem => f3e90025.0
nortelCA.pem => 1ef89214.0
pca-cert.pem => 8caad35e.0
rsa-cca.pem => a99c5886.0
rsa-ssca.pem => f73e89fd.0
thawteCb.pem => ddc328ff.0
thawteCp.pem => c33a80d4.0
timCA.pem => 8c401b31.0
tjhCA.pem => 052eae11.0
vsign1.pem => 2edf7016.0
vsign2.pem => b5f329fa.0
vsign3.pem => 7651b327.0
vsignss.pem => f73e89fd.0
vsigntca.pem => 18d46017.0
testing...
./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
Doing pcbc
Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done
Doing ofb
Doing ofb64
Doing ede_ofb64
Doing cbc_cksum
Doing quad_cksum
input word alignment test 0 1 2 3
output word alignment test 0 1 2 3
fast crypt test
./ideatest
ecb idea ok
cbc idea ok
cfb64 idea ok
./shatest
test 1 ok
test 2 ok
test 3 ok
./sha1test
test 1 ok
test 2 ok
test 3 ok
./md5test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
./hmactest
test 0 ok
test 1 ok
test 2 ok
test 3 ok
./md2test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
./mdc2test
pad1 - ok
pad2 - ok
./rc2test
ecb RC2 ok
./rc4test
test 0 ok
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test end processing ....................done
test multi-call ....................done
./rc5test
ecb RC5 ok
cbc RC5 ok
./bftest
testing blowfish in raw ecb mode
testing blowfish in ecb mode
testing blowfish set_key
testing blowfish in cbc mode
testing blowfish in cfb64 mode
testing blowfish in ofb64
./casttest
ecb cast5 ok
This test will take some time....123456789ABCDEF ok
./randtest
test 1 done
test 2 done
test 3 done
test 4 done
starting big number library test, could take a while...
test BN_add
test BN_sub
test BN_lshift1
test BN_lshift (fixed)
test BN_lshift
test BN_rshift1
test BN_rshift
test BN_sqr
test BN_mul
test BN_div
test BN_div_recp
test BN_mod
test BN_mod_mul
test BN_mod_exp
test BN_exp
64 tests done
128 tests done
192 tests done
256 tests done
320 tests done
384 tests done
448 tests done
512 tests done
576 tests done
640 tests done
704 tests done
768 tests done
832 tests done
896 tests done
960 tests done
1024 tests done
1088 tests done
test a^b%c implementations
./exptest
............................................................................
............................................................................
................................................ done
cat
base64
base64
base64 base64
bf
bf base64
bf-cbc
bf-cbc base64
bf-cfb
bf-cfb base64
bf-ecb
bf-ecb base64
bf-ofb
bf-ofb base64
cast
cast base64
cast-cbc
cast-cbc base64
cast5-cbc
cast5-cbc base64
cast5-cfb
cast5-cfb base64
cast5-ecb
cast5-ecb base64
cast5-ofb
cast5-ofb base64
des
des base64
des-cbc
des-cbc base64
des-cfb
des-cfb base64
des-ecb
des-ecb base64
des-ede
des-ede base64
des-ede-cbc
des-ede-cbc base64
des-ede-cfb
des-ede-cfb base64
des-ede-ofb
des-ede-ofb base64
des-ede3
des-ede3 base64
des-ede3-cbc
des-ede3-cbc base64
des-ede3-cfb
des-ede3-cfb base64
des-ede3-ofb
des-ede3-ofb base64
des-ofb
des-ofb base64
des3
des3 base64
desx
desx base64
idea
idea base64
idea-cbc
idea-cbc base64
idea-cfb
idea-cfb base64
idea-ecb
idea-ecb base64
idea-ofb
idea-ofb base64
rc2
rc2 base64
rc2-cbc
rc2-cbc base64
rc2-cfb
rc2-cfb base64
rc2-ecb
rc2-ecb base64
rc2-ofb
rc2-ofb base64
rc4
rc4 base64
rc5
rc5 base64
rc5-cbc
rc5-cbc base64
rc5-cfb
rc5-cfb base64
rc5-ecb
rc5-ecb base64
rc5-ofb
rc5-ofb base64
echo test normal x509v1 certificate
test normal x509v1 certificate
sh ./tx509 2>/dev/null
testing X509 conversions
p -> d
p -> n
p -> p
d -> d
n -> d
p -> d
d -> n
n -> n
p -> n
d -> p
n -> p
p -> p
echo test first x509v3 certificate
test first x509v3 certificate
sh ./tx509 v3-cert1.pem 2>/dev/null
testing X509 conversions
p -> d
p -> n
p -> p
d -> d
n -> d
p -> d
d -> n
n -> n
p -> n
d -> p
n -> p
p -> p
echo test second x509v3 certificate
test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2>/dev/null
testing X509 conversions
p -> d
p -> n
p -> p
d -> d
n -> d
p -> d
d -> n
n -> n
p -> n
d -> p
n -> p
p -> p
testing rsa conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
./rsa_oaep_test
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
testing crl conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing session-id conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
Generate and verify a certificate request
generating certificate request
There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
Using configuration from test.cnf
Generating a 512 bit RSA private key
.....+++++
..+++++
writing new private key to 'testkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:[EMAIL PROTECTED]
Using configuration from /usr/local/ssl/openssl.cnf
Unable to load config info
verify OK
testing req conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing req conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing pkcs7 conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing pkcs7 conversions (2)
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
The following command should have some OK's and some failures
There are definitly a few expired certificates
../apps/openssl verify -CApath ../certs ../certs/*.pem
../certs/ICE-CA.pem: /O=European ICE-TEL project/OU=V3-Certification
Authority
error 10 at 1 depth lookup:Certificate has expired
/O=European ICE-TEL project/OU=V3-Certification Authority/L=Darmstadt
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/ICE-root.pem: /O=European ICE-TEL project/OU=V3-Certification
Authority
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/ICE-user.pem: /O=European ICE-TEL project/OU=V3-Certification
Authority
error 10 at 2 depth lookup:Certificate has expired
/O=European ICE-TEL project/OU=V3-Certification Authority/L=Darmstadt
error 10 at 1 depth lookup:Certificate has expired
/O=European ICE-TEL project/OU=V3-Certification
Authority/L=Darmstadt/CN=USER
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/ca-cert.pem: OK
../certs/dsa-ca.pem: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=PCA
error 10 at 1 depth lookup:Certificate has expired
/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/dsa-pca.pem: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=PCA
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/factory.pem: /C=GB/O=UCL/OU=ICE-TEL Project/CN=TrustFactory
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/nortelCA.pem: OK
../certs/pca-cert.pem: OK
../certs/rsa-cca.pem: /C=US/O=RSA Data Security, Inc./OU=Commercial
Certification Authority
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/rsa-ssca.pem: /C=US/O=RSA Data Security, Inc./OU=Secure Server
Certification Authority
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/thawteCb.pem: OK
../certs/thawteCp.pem: OK
../certs/timCA.pem: /C=AU/ST=Queensland/L=Brisbane/O=CryptSoft Pty
Ltd/OU=development/CN=CryptSoft Dev CA
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/tjhCA.pem: /C=AU/ST=Queensland/L=Brisbane/O=CryptSoft Pty
Ltd/OU=WORTHLESS CERTIFICATION AUTHORITIES/CN=ZERO VALUE CA - DEMONSTRATION
PURPOSES ONLY
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/vsign1.pem: OK
../certs/vsign2.pem: OK
../certs/vsign3.pem: OK
../certs/vsignss.pem: OK
../certs/vsigntca.pem: OK
Generate as set of DH parameters
./dhtest
.+..+.+...+....+..+...+......++*++*++*++*++*
p =A09CAAE1945BC91B
g =5
pri 1=6E5279BA80E819CC
pub 1=10A3C31EBC094D9
pri 2=565C3779233DFBE3
pub 2=73443581D0741194
key1 =7F47977DC3A0AEB7
key2 =7F47977DC3A0AEB7
Generate as set of DSA parameters
./dsatest
test generation of DSA parameters
expect '.*' followed by 5 lines of '.'s and '+'s
.*
+.+++++.+.++++++++...+..+..++.+++.+...++++++..+..+++++.++..+++.++.+.+++.....
..+.+++.++++.....+++.....+..+++..++.+..+.+.+..++++.++..+++....+...++.++++..+
++.+..+...++..++.++.++.......++++.+.+.+.+..++.+..+.++..+.+.+..++.++.+..+++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++*
seed
D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3
counter=105 h=2
P:
00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68:
69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d:
78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac:
32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36:
ee:31:c8:02:91
Q:
00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:
f4:8e:da:ce:91:5f
G:
62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5:
00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce:
2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21:
92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53:
e6:d7:88:02
Generate and certify a test certificate
make a certificate request using 'req'
Using configuration from CAss.cnf
Generating a 512 bit RSA private key
.................+++++
.+++++
writing new private key to 'keyCA.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Dodgy CA
convert the certificate request into a self signed certificate using 'x509'
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA
Getting Private key
convert a certificate into a certificate request using 'x509'
Getting request Private Key
Generating certificate request
Using configuration from /usr/local/ssl/openssl.cnf
Unable to load config info
verify OK
Using configuration from /usr/local/ssl/openssl.cnf
Unable to load config info
verify OK
certCA.ss: OK
make another certificate request using 'req'
Using configuration from Uss.cnf
Generating a 512 bit RSA private key
........+++++
...+++++
writing new private key to 'keyU.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Brother 1
Common Name (eg, YOUR name) []:Brother 2
sign certificate request with the just created CA via 'x509'
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
Getting CA Private Key
certU.ss: OK
Certificate details
subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
issuer= /C=AU/O=Dodgy Brothers/CN=Dodgy CA
notBefore=Jan 25 21:49:35 2000 GMT
notAfter=Feb 24 21:49:35 2000 GMT
The generated CA certificate is certCA.ss
The generated CA private key is keyCA.ss
The generated user certificate is certU.ss
The generated user private key is keyU.ss
test SSL protocol
test sslv2
Protocol SSLv2, cipher SSLv2, DES-CBC3-MD5
test sslv2 with server authentication
server authentication
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512
bit)
Protocol SSLv2, cipher SSLv2, DES-CBC3-MD5
test sslv2 with client authentication
client authentication
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 error=10 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert
(512 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512
bit)
Protocol SSLv2, cipher SSLv2, DES-CBC3-MD5
test sslv2 with both client and server authentication
client authentication
server authentication
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512
bit)
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 error=10 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert
(512 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512
bit)
Protocol SSLv2, cipher SSLv2, DES-CBC3-MD5
test sslv3
Protocol SSLv3, cipher TLSv1/SSLv3, EDH-RSA-DES-CBC3-SHA
test sslv3 with server authentication
server authentication
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512
bit)
Protocol SSLv3, cipher TLSv1/SSLv3, EDH-RSA-DES-CBC3-SHA
test sslv3 with client authentication
client authentication
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 error=10 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert
(512 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512
bit)
Protocol SSLv3, cipher TLSv1/SSLv3, EDH-RSA-DES-CBC3-SHA
test sslv3 with both client and server authentication
client authentication
server authentication
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512
bit)
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 error=10 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert
(512 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512
bit)
Protocol SSLv3, cipher TLSv1/SSLv3, EDH-RSA-DES-CBC3-SHA
test sslv2/sslv3
Protocol TLSv1, cipher TLSv1/SSLv3, EDH-RSA-DES-CBC3-SHA
test sslv2/sslv3 with server authentication
server authentication
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512
bit)
Protocol TLSv1, cipher TLSv1/SSLv3, EDH-RSA-DES-CBC3-SHA
test sslv2/sslv3 with client authentication
client authentication
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 error=10 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert
(512 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512
bit)
Protocol TLSv1, cipher TLSv1/SSLv3, EDH-RSA-DES-CBC3-SHA
test sslv2/sslv3 with both client and server authentication
client authentication
server authentication
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512
bit)
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 error=10 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert
(512 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512
bit)
Protocol TLSv1, cipher TLSv1/SSLv3, EDH-RSA-DES-CBC3-SHA
Generate and certify a test certificate via the 'ca' program
CA certificate filename (or enter to create)
Making CA certificate ...
Using configuration from CAss.cnf
Generating a 512 bit RSA private key
...+++++
.....................+++++
writing new private key to './demoCA/private/./cakey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Dodgy CA
Using configuration from Uss.cnf
Generating a 512 bit RSA private key
..........+++++
...+++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Brother 1
Common Name (eg, YOUR name) []:Brother 2
Request (and private key) is in newreq.pem
Using configuration from ../apps/openssl.cnf
error on line 6 of config file '../apps/openssl.cnf'
25842:error:0E065068:configuation file routines:STR_COPY:variable has no
value:conf.c:578:line 6
cat: Cannot open newcert.pem: No such file or directory
Signed certificate is in newcert.pem
*** Error exit code 1
Stop.
*** Error exit code 1
Stop.
//////////////////
Thanks,
Tom Welch
The Boeing Co. - St. Louis, MO
314-234-8440
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
