genrsa...

[Michael J. Pape]

How long should it take to generate an rsa key? A "make certificate" or
an explicit openssl command (openssl genrsa -des3 -out server.key 1024)
create a process that runs forever (at least for 24 hours before I
killed it...).

I've read some postings that indicated that bn recursion should be
undefined. I've done that and recompiled without success. I'm not trying
to create a large key, i.e., just 1024 bit.

Is there something wrong here, or do I need to let the process run until
it completes -- possibly days...

running:
DEC Unix 4.0e
OpenSSL 0.9.2b 22 Mar 1999

with "make certificate":

SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998 Ralf S. Engelschall, All Rights Reserved.
 + finding random files on your platform

Generating test certificate signed by Snake Oil CA [TEST]
WARNING: Do not use this for real-life/production systems
__

STEP 1: Generating RSA private key (1024 bit) [server.key]
1117857 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
..

..



on and on ...


or

# apps/openssl genrsa -des3 -out server.key 1024
80 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.

on and on...
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: genrsa...

[Ralf S. Engelschall]

On Sat, May 01, 1999, Michael J. Pape wrote:

> How long should it take to generate an rsa key? 

Usually between a few seconds and up to a minute. But usually not longer.

> A "make certificate" or
> an explicit openssl command (openssl genrsa -des3 -out server.key 1024)
> create a process that runs forever (at least for 24 hours before I
> killed it...).
> [...]
> DEC Unix 4.0e
> [...]

I'm sure you've not configured OpenSSL correctly for your Alpha platform. Make
sure you use the correct platform id on the "perl Configure" command line.
Check this first.
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Segfaults

[Simon Garner]

Hi,

Could I have some help here please! :)

I have to have SSL working by the end of the week... :(


Simon Garner


- Original Message -
From: Simon Garner <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 30, 1999 11:23 AM
Subject: Re: Segfaults


> Hi,
>
>
> > There are 2 or 3 emails in the archive that discussed this
> > problem relating to the SUSE distribution of linux. It seems
> > as if all the latest flavors of linux may have this problem. I'm
> > not too clear about what all this DBM Cache stuff is, but to
> > solve your problem, edit your httpd.conf file and change the
> > "SSLSessionCache" option to "none". There is an option which you can
> > re-compile into your apache to actually fix the problem rather than
> > disable it. I forgot the line, but it went something like "--enableSSL
> > dbmscache". Check the archives to find the correct syntax.
>
> Changing the SSLSessionCache to none did not help. Trying to configure
> Apache with --enable-rule=SSL_SDBM gave me errors.
>
>
> $ SSL_BASE=/usr/stor/inst/openssl
./configure --prefix=/usr/local/etc/https
> \
>--sysconfdir=/usr/local/etc/https/conf --verbose --enable-module=info \
>--enable-module=speling --enable-module=rewrite \
>--activate-module=src/modules/php3/libphp3.a --enable-module=ssl \
>--enable-rule=SSL_SDBM
>
> Configuring for Apache, Version 1.3.6
>  + using installation path layout: Apache (config.layout)
>  + activated php3 module (modules/php3/libphp3.a)
> Creating Makefile
> Creating Configuration.apaci in src
>  + Rule SSL_COMPAT=yes
>  + Rule SSL_SDBM=yes
>  + Rule SSL_EXPERIMENTAL=no
>  + Rule SSL_VENDOR=no
>  + Rule SHARED_CORE=default
>  + Rule SHARED_CHAIN=default
>  + Rule SOCKS4=no
>  + Rule SOCKS5=no
>  + Rule IRIXNIS=no
>  + Rule IRIXN32=yes
>  + Rule PARANOID=no
>  + Rule EAPI=no
>  + Rule WANTHSREGEX=default
>  + Module mmap_static: no
>  + Module env: yes [static]
>  + Module define: no
>  + Module log_config: yes [static]
>  + Module log_agent: no
>  + Module log_referer: no
>  + Module mime_magic: no
>  + Module mime: yes [static]
>  + Module negotiation: yes [static]
>  + Module status: yes [static]
>  + Module info: yes [static]
>  + Module include: yes [static]
>  + Module autoindex: yes [static]
>  + Module dir: yes [static]
>  + Module cgi: yes [static]
>  + Module asis: yes [static]
>  + Module imap: yes [static]
>  + Module actions: yes [static]
>  + Module speling: yes [static]
>  + Module userdir: yes [static]
>  + Module proxy: no
>  + Module alias: yes [static]
>  + Module rewrite: yes [static]
>  + Module access: yes [static]
>  + Module auth: yes [static]
>  + Module auth_anon: no
>  + Module auth_dbm: no
>  + Module auth_db: no
>  + Module digest: no
>  + Module cern_meta: no
>  + Module expires: no
>  + Module headers: no
>  + Module usertrack: no
>  + Module example: no
>  + Module unique_id: no
>  + Module so: no
>  + Module setenvif: yes [static]
>  + Module ssl: yes [static]
>  + Module php3: yes [static]
> Creating Makefile in src
>  + configured for Linux platform
>  + setting C compiler to gcc
>  + setting C pre-processor to NOT-AVAILABLE
>  + checking for system header files
>  + adding selected modules
> o rewrite_module uses ConfigStart/End
>   disabling DBM support for mod_rewrite
>   (perhaps you need to add -ldbm, -lndbm or -lgdbm to EXTRA_LIBS)
> o ssl_module uses ConfigStart/End
>   + SSL interface: mod_ssl/2.2.8
>   + SSL interface build type: OBJ
>   + SSL interface compatibility: enabled
>   + SSL interface experimental code: disabled
>   + SSL interface vendor extensions: disabled
>   + SSL interface plugin: Built-in SDBM
>   + SSL library path: /usr/stor/inst/openssl
>   + SSL library type: source tree only (stand-alone)
>   + SSL library version:
>   + SSL library plugin mode: none
> o php3_module uses ConfigStart/End
>  + enabling Extended API (EAPI)
> ld: cannot open crt1.o: No such file or directory
> make: *** [dummy] Error 1
>  + doing sanity check on compiler and options
> ** A test compilation with your Makefile configuration
> ** failed. This is most likely because your C compiler
> ** is not ANSI. Apache requires an ANSI C Compiler, such
> ** as gcc. The above error message from your compiler
> ** will also provide a clue.
>  Aborting!
>
>
>
>
> Cheers,
>
> Simon Garner
>
> EXPIO Communications, Ltd.
> http://www.expio.co.nz
> [EMAIL PROTECTED]
>
>
>
>
>
> >
> > -Rolan Yang
> >
> >  On Thu, 29 Apr
> > 1999, Simon Garner wrote:
> >
> > > Hi,
> > >
> > > I'm getting segmentation faults running
> > > Apache/1.3.6+PHP/3.0.7+mod_ssl/2.2.8+OpenSSL/0.9.2b on RedHat 5.1
(Linux
> > > 2.0.34/Pentium).
> > >
> > > I searched through the list archives and this seems to be a very
common
> > > problem but with no published solution.
> > >
> > > Apache starts up OK, and seems fine, but when browsing I get lots of
> broken
> > > images and, strangely, can't seem to POST any data. Others h