NES/NSAPI problem (formerly no subject)

[x]

> That means nothing more to me that it does to you :) Try
> ERR_error_string(ERR_get_error(), NULL) instead.

The message after SSL_connect fails is:
[error:::lib(0) :func(0) :reason(0)]

I think that some basic initialization has not been successful under
NES/NSAPI. tried seeding  the PRNG  as Lutz suggests, but I get the same
error.



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Need help... Fatal error when running "nmake -f ms\ntdll.mak"

[Harry Ng]

Thanks Mark, I renamed the ML.EXE AND ML.ERR to ml.exe and ml.err and
it's working fine.  I am trying to setup Apache SSL and I am running into
another problem.  I tried to run the "fixpatch" or "patch -p1 < SSLpatch" by
following the readme.ssl, but I can't run any patch files, since the system
doesn't recognize those patch files.

I have:
Apache 1.3.12+ssl_1.40tar.gz and 
OpenSSL 0.9.5a installed.

According to the readme.ssl, the prerequisites are:
Apache 1.3.12
OpenSSL 0.9.2b or later
patch 2.1 or 2.5

Do really need a patch file?  I tried installing another Patch 2.5.4, but
don't really know how to set it up on NT.  The readme file doesn't really
explain clearly on the NT side.

[Config]
NT4 sp5
DDK
ActivePerl
apache_1.3.12+ssl_1.40.tar.gz
Snapshot
Windows Installer

Thanks,
-Harry



-Original Message-
From: mark schoneman [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 18, 2000 12:31 PM
To: [EMAIL PROTECTED]
Subject: RE: Need help... Fatal error when running "nmake -f
ms\ntdll.mak"


You need the M$ Macro Assembler in your path. I don't think it comes
with the regular OS. You may need to go to the web and download it.

  Mark S.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Harry Ng
Sent: Tuesday, July 18, 2000 1:34 PM
To: '[EMAIL PROTECTED]'
Subject: Need help... Fatal error when running "nmake -f ms\ntdll.mak"


Have anyone seen this error? I follow the install.w32 instructions and I
was
trying to run the nmake command, but I get a fatal error.

nmake -f ms\ntdll.mak
.
.
.
cl /Fotmp32dll\md2_one.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
/Ox
/O2 /
Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN
-DBN_ASM
-DMD5
_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll /GD -D_WINDLL -D_DLL  -c
.\crypto\md2\m
d2_one.c
md2_one.c
cl /Fotmp32dll\md5_dgst.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
/Ox
/O2
/Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN
-DBN_ASM
-DMD
5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll /GD -D_WINDLL -D_DLL  -c
.\crypto\md5\
md5_dgst.c
md5_dgst.c
ml /Cp /coff /c /Cx /Focrypto\md5\asm\m5-win32.obj
.\crypto\md5\asm\m5-w
in32.asm
The name specified is not recognized as an
internal or external command, operable program or batch file.
NMAKE : fatal error U1077: 'ml' : return code '0x1'
Stop.

[Config]
NT4 sp5
DDK
ActivePerl
apache_1.3.12+ssl_1.40.tar.gz
Snapshot
Windows Installer

Harry Ng
DataChannel
Software Test Engineer


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Need help... Fatal error when running "nmake -f ms\ntdll.mak"

[Harry Ng]

Thanks, DR. Steve.  I renamed the ML.EXE AND ML.ERR to ml.exe and ml.err and
it's working fine.  I am trying to setup Apache SSL and I am running into
another problem.  I tried to run the "fixpatch" or "patch -p1 < SSLpatch" by
following the readme.ssl, but I can't run any patch files, since the system
doesn't recognize those patch files.

I have:
Apache 1.3.12+ssl_1.40tar.gz and 
OpenSSL 0.9.5a installed.

According to the readme.ssl, the prerequisites are:
Apache 1.3.12
OpenSSL 0.9.2b or later
patch 2.1 or 2.5

Do really need a patch file?  I tried installing another Patch 2.5.4, but
don't really know how to set it up on NT.  The readme file doesn't really
explain clearly on the NT side.

[Config]
NT4 sp5
DDK
ActivePerl
apache_1.3.12+ssl_1.40.tar.gz
Snapshot
Windows Installer

Thanks,
-Harry


-Original Message-
From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 18, 2000 2:16 PM
To: [EMAIL PROTECTED]
Subject: Re: Need help... Fatal error when running "nmake -f
ms\ntdll.mak"


Harry Ng wrote:
> 
> Have anyone seen this error? I follow the install.w32 instructions and I
was
> trying to run the nmake command, but I get a fatal error.
> 
> The name specified is not recognized as an
> internal or external command, operable program or batch file.
> NMAKE : fatal error U1077: 'ml' : return code '0x1'
> Stop.
> 

Looks like it can't find the MS macro assembler 'ml' make sure its
installed and on your path.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 'req' fails

[Richard Levitte - VMS Whacker]

From: Lewis McCarthy <[EMAIL PROTECTED]>

lewis.mccarthy> Bill Rebey writes:
lewis.mccarthy> > There is no '-rand' option for 'req' like there is for other stuff, 
lewis.mccarthy> 
lewis.mccarthy> Hmm, the man page at http://www.opentls.org/docs/apps/req.html
lewis.mccarthy> documents a "-rand" option for "openssl req". 

Those documents are built from the current development source, so to
get it, you have to fetch the latest snapshot...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 'req' fails

[Lewis McCarthy]

Bill Rebey writes:
> There is no '-rand' option for 'req' like there is for other stuff, 

Hmm, the man page at http://www.opentls.org/docs/apps/req.html
documents a "-rand" option for "openssl req". 

-Lewis
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Signing AND encrypting a message with smime

[Alexander Skwar]

On Tue, Jul 18, 2000 at 10:26:24PM +0100, Dr Stephen Henson wrote:
> That wont work, it will just encrypt with the way the smime command
> currently works. It should really throw an error message.

Thanks, figured that out myself :-)  And yes, it really should throw an
error message.

> This is mentioned with an example in the manual page.

Oh, there's a man page?  Gosh, you're right.  It's installed in a quite
hidden place /usr/lib/ssl/man with the Mandrake RPMs.

Alexander Skwar
-- 
Homepage:   http://www.digitalprojects.com
Sichere Mail?   Mail an [EMAIL PROTECTED] fuer GnuPG Keys
ICQ:7328191

 PGP signature

'req' fails

[Bill Rebey]

When executing the command 

openssl req -new -x509 -days 3650 -key CAPrivateKey.pem -out
CACert.pem

It fails complaining that the PRNG isn't seeded.

There is no '-rand' option for 'req' like there is for other stuff, and I
can't come up with a way to run two command simultaneously so that I might
run "rand " or some other thing that seeds the PRNG.

The problem is that I'm writing a shell script to automate some of this
stuff for end users.  I tried things like 

echo "req ...params..." > foo
echo "rand ...params..." >> foo
echo "quit" >> foo
openssl < foo

but that doesn't work at all.

Is there any way I can get the PRNG seeded so that "req" will work?

Thanks

Bill Rebey
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: (no subject)

[Arun Venkataraman]

That means nothing more to me that it does to you :) Try
ERR_error_string(ERR_get_error(), NULL) instead.

Arun.
"The online world is a cool place to visit, but you really don't want to
live there."



This message is for the named person(s) use only.  It may contain
confidential, proprietary or legally privileged information.  No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender.  You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. SPEEDERA NETWORKS, INC. reserves the right to
monitor all e-mail communications through its network.

-Original Message-
From: Paul Faccenda <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, July 18, 2000 2:40 PM
Subject: (no subject)


>SSL_connect is returning 0 - the error code is 2,  "system lib"
>
>
>> I believe that for SSL_connect() a return value of 0 also indicates an
>
>> error. In such a case, you should delve deeper and figure out the
>exact text
>> message of the error (as lutz suggested). You may see what you have
>been
>> looking for.
>>
>> Arun.
>>
>> "The online world is a cool place to visit, but you really don't want
>to
>> live there."
>>
>>
>> 
>> This message is for the named person(s) use only.  It may contain
>> confidential, proprietary or legally privileged information.  No
>> confidentiality or privilege is waived or lost by any mistransmission.
>
>> If you receive this message in error, please immediately delete it and
>
>> all copies of it from your system, destroy any hard copies of it and
>> notify the sender.  You must not, directly or indirectly, use,
>disclose,
>> distribute, print, or copy any part of this message if you are not the
>
>> intended recipient. SPEEDERA NETWORKS, INC. reserves the right to
>> monitor all e-mail communications through its network.
>
>-Original Message-
>From: Paul Faccenda <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>Date: Tuesday, July 18, 2000 12:18 PM
>Subject: (no subject)
>
>
>>Yes, I did do  SSL_set_fd() and SSL_connect(). Here is the revised
>>sequence.
>>{
>>  SSL *  ssl = NULL;
>>  int ssl_sock;
>>  char * cipher;
>>
>>  ssl_sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP );
>>  connect( ssl_sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr));
>
>>  ssl = (SSL*) SSL_new( ssl_ctx );  file://ssl_ctx is global
>>  status = SSL_set_fd( ssl, ssl_sock );
>>
>>  SSL_set_connect_state( ssl );
>> status =  SSL_connect( ssl );// returns 0
>>  cipher = SSL_get_cipher(ssl);
>>}
>>
>>The connect works, but the cipher returned after the handshake is
>>"(NONE)", and I cant write on the secure socket. When I put the same
>>code into a standalone C program, it works fine.
>>
>>
>>
>>__
>>OpenSSL Project http://www.openssl.org
>>User Support Mailing List[EMAIL PROTECTED]
>>Automated List Manager   [EMAIL PROTECTED]
>>
>
>
>  The AIMS Group
>
>__
>OpenSSL Project http://www.openssl.org
>User Support Mailing List[EMAIL PROTECTED]
>Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

(no subject)

[Paul Faccenda]

SSL_connect is returning 0 - the error code is 2,  "system lib"


> I believe that for SSL_connect() a return value of 0 also indicates an

> error. In such a case, you should delve deeper and figure out the
exact text
> message of the error (as lutz suggested). You may see what you have
been
> looking for.
>
> Arun.
>
> "The online world is a cool place to visit, but you really don't want
to
> live there."
>
>
> 
> This message is for the named person(s) use only.  It may contain
> confidential, proprietary or legally privileged information.  No
> confidentiality or privilege is waived or lost by any mistransmission.

> If you receive this message in error, please immediately delete it and

> all copies of it from your system, destroy any hard copies of it and
> notify the sender.  You must not, directly or indirectly, use,
disclose,
> distribute, print, or copy any part of this message if you are not the

> intended recipient. SPEEDERA NETWORKS, INC. reserves the right to
> monitor all e-mail communications through its network.

-Original Message-
From: Paul Faccenda <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, July 18, 2000 12:18 PM
Subject: (no subject)


>Yes, I did do  SSL_set_fd() and SSL_connect(). Here is the revised
>sequence.
>{
>  SSL *  ssl = NULL;
>  int ssl_sock;
>  char * cipher;
>
>  ssl_sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP );
>  connect( ssl_sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr));

>  ssl = (SSL*) SSL_new( ssl_ctx );  file://ssl_ctx is global
>  status = SSL_set_fd( ssl, ssl_sock );
>
>  SSL_set_connect_state( ssl );
> status =  SSL_connect( ssl );// returns 0
>  cipher = SSL_get_cipher(ssl);
>}
>
>The connect works, but the cipher returned after the handshake is
>"(NONE)", and I cant write on the secure socket. When I put the same
>code into a standalone C program, it works fine.
>
>
>
>__
>OpenSSL Project http://www.openssl.org
>User Support Mailing List[EMAIL PROTECTED]
>Automated List Manager   [EMAIL PROTECTED]
>


  The AIMS Group

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: caught SIGTERM, shutting down

[Mads Toftum]

On Tue, Jul 18, 2000 at 04:18:51PM -0500, Matthew Chapman wrote:
> I have installed Apache 1.3.12 / mod_perl 1.22 / mod_ssl 2.6.5
> 
You should be asking this on the mod_ssl list instead.

> Every time I start httpd via
> 
> >/usr/local/apache/bin/apachectl startssl
> 
> it gives the following error message in error.log
> 
> [Tue Jul 18 15:11:43 2000] [notice] caught SIGTERM, shutting down
> [Tue Jul 18 15:11:54 2000] [notice] Apache/1.3.12 (Unix) mod_ssl/2.6.5
> OpenSSL/0.9.5a configured -- resuming normal operations
> 
> Any ideas would be great!

Uhm - only one idea here: What you see is just as it is supposed to be.
... 'resuming normal operation' should be a dead giveaway ;-)
So, all you see is the message from Apache being shut down in the first
line, and from Apache being started again on the second line. No errors. 

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

NetBSD make test

[Igor Pruchanskiy]

Hello, i am having a really weird problem. I don't seem to be able to
run make test.
Any help would be greatly appreciated.

First i  ran

$make test

and go this

Doing certs
Segmentation fault - core dumped
ICE-CA.pem does not contain a certificate
Segmentation fault - core dumped
ICE-root.pem does not contain a certificate
Segmentation fault - core dumped
ICE-user.pem does not contain a certificate
Segmentation fault - core dumped
ca-cert.pem does not contain a certificate
Segmentation fault - core dumped
dsa-ca.pem does not contain a certificate
Segmentation fault - core dumped
dsa-pca.pem does not contain a certificate
Segmentation fault - core dumped
factory.pem does not contain a certificate
Segmentation fault - core dumped
nortelCA.pem does not contain a certificate
Segmentation fault - core dumped
pca-cert.pem does not contain a certificate
Segmentation fault - core dumped
rsa-cca.pem does not contain a certificate
Segmentation fault - core dumped
rsa-ssca.pem does not contain a certificate
Segmentation fault - core dumped
thawteCb.pem does not contain a certificate
Segmentation fault - core dumped
thawteCp.pem does not contain a certificate
Segmentation fault - core dumped
timCA.pem does not contain a certificate
Segmentation fault - core dumped
tjhCA.pem does not contain a certificate
Segmentation fault - core dumped
vsign1.pem does not contain a certificate
Segmentation fault - core dumped
vsign2.pem does not contain a certificate
Segmentation fault - core dumped
vsign3.pem does not contain a certificate
Segmentation fault - core dumped
vsignss.pem does not contain a certificate
Segmentation fault - core dumped
vsigntca.pem does not contain a certificate
touch rehash.time
testing...
./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
Doing pcbc
Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done
Doing ofb
Doing ofb64
Doing ede_ofb64
Doing cbc_cksum
Doing quad_cksum
quad_cksum error, ret 3dfaf3bb should be 70d7a63a
quad_cksum error, out[0] 24fa97d2 is not 327eba8d
quad_cksum error, out[1] ff57cb59 is not 201a49cc
quad_cksum error, out[2] 3dfaf3bb is not 70d7a63a
quad_cksum error, out[3] cc2df70e is not 501c2c26
input word alignment test 0 1 2 3
output word alignment test 0 1 2 3
fast crypt test
*** Error code 1

Stop.
*** Error code 1

Stop.
_

here is my

$make report
_
Checking compiler...
Running make...
making all in crypto...
making all in crypto/md2...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/des...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/bn...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/dh...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/objects...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in ssl...
making all in rsaref...
making all in apps...
making all in test...
making all in tools...
Running make test...
testing...
./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
Doing pcbc
Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done
Doing ofb
Doing ofb64
Doing ede_ofb64
Doing cbc_cksum
Doing quad_cksum
quad_cksum error, ret 3dfaf3bb should be 70d7a63a
quad_cksum error, out[0] 24fa97d2 is not 327eba8d
quad_cksum error, out[1] ff57cb59 is not 201a49cc
quad_cksum error, out[2] 3dfaf3bb is not 70d7a63a
quad_cksum error, out[3] cc2df70e is not 501c2c26
input word alignment test 0 1 2 3
output word alignment test 0 1 2 3
fast crypt test
*** Error code 1

Stop.
*** Error code 1

Stop.

OpenSSL self-test report:

OpenSSL version:  0.9.5a
Last change:  Make sure _lrotl and _lrotr are only used with
MSVC
Options:  --prefix=/usr/local/ --openssldir=/usr/local/openssl
OS (uname):   NetBSD cts21612072084 1.4.2 NetBSD 1.4.2 (GENERIC) #2:
Thu Mar
 16 00:08:53 PST 2000
[EMAIL PROTECTED]:/usr/src/sys/arch/sparc/com
pile/GENERIC sparc
OS (config):  sparc-whatever-netbsd
Target (default): NetBSD-sparc
Target:   NetBSD-sparc
Compiler: Using builtin specs.
gcc version egcs-2.91.60 19981201 (egcs-1.1.1 release)

Failure!
[...]

Test report in file testlog
___

Re: Signing AND encrypting a message with smime

[Dr Stephen Henson]

Alexander Skwar wrote:
> 
> 
> But how do I sign *AND* encrypt?  I tried this:
> 
> openssl smime -sign -signer client-cert.pem -encrypt -inkey client-cert.pem\
> -to [EMAIL PROTECTED] -from [EMAIL PROTECTED] -in InFile -out OutFile
> 

That wont work, it will just encrypt with the way the smime command
currently works. It should really throw an error message.

> 
> What am I doing wrong?  Or would the correct way to first encode the
> message, and then use the encoded message as the input file for the signing?
> 

Normally you sign a message and then use it as input to encrypt. Thats
what most mail clients mean by "sign and encrypt".

This is mentioned with an example in the manual page.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

caught SIGTERM, shutting down

[Matthew Chapman]

I have installed Apache 1.3.12 / mod_perl 1.22 / mod_ssl 2.6.5

Every time I start httpd via

>/usr/local/apache/bin/apachectl startssl

it gives the following error message in error.log

[Tue Jul 18 15:11:43 2000] [notice] caught SIGTERM, shutting down
[Tue Jul 18 15:11:54 2000] [notice] Apache/1.3.12 (Unix) mod_ssl/2.6.5
OpenSSL/0.9.5a configured -- resuming normal operations

Any ideas would be great!

Regards
Matthew

~
Web Administrator   - "Wave after wave, each mightier than the first
[EMAIL PROTECTED]  - 'Til last, a ninth one, gathering half the deep
Ph.  608.262.6729   - And full of voices, slowly rose and plunged
ICQ# 5428662- Roaring, and all the wave was in a flame"
~

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Attached files

[Michael Zedeler]

Hi Richard,

It sounds like something that can be done with the S/MIME functions in the
library, since you're talking about attachments. Why not do a direct transfer
with some SSL based protocol, such as https?

Doing stuff with S/MIME makes things more complicated when comparing to
something like https, because there are more tools around that handles the
latter (notice how I did not mention security at all).

Regards,

Michael.

Richard Dybowski wrote:

> I am completely new to SSL so please forgive the naivety of my question. I
> wish to set up an encryption system by which a colleague can encode a
> database and send the corresponding ciphertext to me as an attached e-mail
> file. After decoding the attachment and analyzing the database, I will
> encode my statistical analysis of the data and send the ciphertexted report
> to him as an attached file. Is SSL the best way of doing this or is there a
> simpler but equally secure way of doing this?
>
> Richard
>
> ---
> Richard Dybowski PhD
> Research Fellow (Knowledge & Data Engineering)
> King's College London
>
> Tel (office): (0)20 7928 9292 extension 6429
> Tel (mobile): 079 76 25 00 92
> Fax: +44 (0)20 7928 4458
> E-mail: [EMAIL PROTECTED]
> Web site: http://www.umds.ac.uk/microbio/richard/richard.htm
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Need help... Fatal error when running "nmake -f ms\ntdll.mak"

[Dr Stephen Henson]

Harry Ng wrote:
> 
> Have anyone seen this error? I follow the install.w32 instructions and I was
> trying to run the nmake command, but I get a fatal error.
> 
> The name specified is not recognized as an
> internal or external command, operable program or batch file.
> NMAKE : fatal error U1077: 'ml' : return code '0x1'
> Stop.
> 

Looks like it can't find the MS macro assembler 'ml' make sure its
installed and on your path.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: pkcs7 to smime?

[Dr Stephen Henson]

Yuji Shinozaki wrote:
> 
> I see there is a way to convert from an s/mime message to a pkcs7.  Is
> there a way to do the reverse?  It seems the smime utility requires you to
> do a signing when creating the s/mime message.  But what I would like to
> do is construct an smime message manually, using a signature and data that
> are already packed in a pkcs7...
> 

Converting S/MIME to PKCS#7 PEM can be done with the -pk7out option.

As for the reverse, the 'smime' utility doesn't do that but you can use
the S/MIME API, for example SMIME_write_PKCS7().

The latest snapshot version of the smime utility is also a bit more
flexible in that it can handle PKCS#7 structures in PEM format and
external content rather than only handling S/MIME messages.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Attached files

[Richard Dybowski]

I am completely new to SSL so please forgive the naivety of my question. I 
wish to set up an encryption system by which a colleague can encode a 
database and send the corresponding ciphertext to me as an attached e-mail 
file. After decoding the attachment and analyzing the database, I will 
encode my statistical analysis of the data and send the ciphertexted report 
to him as an attached file. Is SSL the best way of doing this or is there a 
simpler but equally secure way of doing this?

Richard

---
Richard Dybowski PhD
Research Fellow (Knowledge & Data Engineering)
King's College London

Tel (office): (0)20 7928 9292 extension 6429
Tel (mobile): 079 76 25 00 92
Fax: +44 (0)20 7928 4458
E-mail: [EMAIL PROTECTED]
Web site: http://www.umds.ac.uk/microbio/richard/richard.htm

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

IE5 Not Accepting Certificates

[Hubbard, David]

Hi all,
   I'm rather new to openssl so please forgive me if
this is a basic question.  I've got an apache server
running 1.3.12 with mod_ssl 2.6.5 and openssl 0.9.5a.
I've made myself a CA and signed my own server
certificate, so I've got a ssl.key/server.key and an
ssl.crt/server.crt.  I've got apache configured with
them.  When I visit my site securely with Netscape,
I can accept the certificate forever (until it expires)
in the dialog boxes that pop up.  It will never bug me
again at that point.  With IE, it gives me the security
alert box and asks if I want to proceed.  Yes will
allow me to work for that session.  I searched the
list archives here and saw some references to installing
the cert via the "View Certificate" button.  I've done
that and selected auto hoping IE would put it in the
correct place.  That had no affect, it still pops the
box up each time I come back to my site.  I've also
tried manually importing it through that same wizard
into each of the four stores it shows me, nothing
different.

Please help! :-)

Thanks,

Dave
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Default SSL cipher string?

[Brian Snyder]

Sorry i should have mentioned, what about for sslv3, not tls?

thanx,  

   brian

> -Original Message-
> From: Rene G. Eberhard (keyon) [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 18, 2000 3:32 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Default SSL cipher string?
> 
> 
> > Does the defualt SSL cipher suite use RC5 or IDEA.  I dont 
> believe so, but
> > just wanted to confirm.
> 
> 
> TLS_RSA_WITH_IDEA_CBC_SHA. RC5 is not defined in TLS.
> 
> Regards Rene
> 
> 
> --
> Rene G. Eberhard <[EMAIL PROTECTED]>
> keyon
> Herrenberg 35, CH-8640 Rapperswil, Switzerland
> Phone +41 (0)55 220 71 63, Fax +41 (0)55 220 71 61
> www.keyon.ch - applying security to your e-business
> 
> Get your WAP certificate for free: www.freecerts.com
> 
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Need help... Fatal error when running "nmake -f ms\ntdll.mak"

[mark schoneman]

You need the M$ Macro Assembler in your path. I don't think it comes
with the regular OS. You may need to go to the web and download it.

  Mark S.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Harry Ng
Sent: Tuesday, July 18, 2000 1:34 PM
To: '[EMAIL PROTECTED]'
Subject: Need help... Fatal error when running "nmake -f ms\ntdll.mak"


Have anyone seen this error? I follow the install.w32 instructions and I
was
trying to run the nmake command, but I get a fatal error.

nmake -f ms\ntdll.mak
.
.
.
cl /Fotmp32dll\md2_one.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
/Ox
/O2 /
Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN
-DBN_ASM
-DMD5
_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll /GD -D_WINDLL -D_DLL  -c
.\crypto\md2\m
d2_one.c
md2_one.c
cl /Fotmp32dll\md5_dgst.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
/Ox
/O2
/Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN
-DBN_ASM
-DMD
5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll /GD -D_WINDLL -D_DLL  -c
.\crypto\md5\
md5_dgst.c
md5_dgst.c
ml /Cp /coff /c /Cx /Focrypto\md5\asm\m5-win32.obj
.\crypto\md5\asm\m5-w
in32.asm
The name specified is not recognized as an
internal or external command, operable program or batch file.
NMAKE : fatal error U1077: 'ml' : return code '0x1'
Stop.

[Config]
NT4 sp5
DDK
ActivePerl
apache_1.3.12+ssl_1.40.tar.gz
Snapshot
Windows Installer

Harry Ng
DataChannel
Software Test Engineer


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Default SSL cipher string?

[Rene G. Eberhard (keyon)]

> Does the defualt SSL cipher suite use RC5 or IDEA.  I dont believe so, but
> just wanted to confirm.


TLS_RSA_WITH_IDEA_CBC_SHA. RC5 is not defined in TLS.

Regards Rene


--
Rene G. Eberhard <[EMAIL PROTECTED]>
keyon
Herrenberg 35, CH-8640 Rapperswil, Switzerland
Phone +41 (0)55 220 71 63, Fax +41 (0)55 220 71 61
www.keyon.ch - applying security to your e-business

Get your WAP certificate for free: www.freecerts.com


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: (no subject)

[Arun Venkataraman]

I believe that for SSL_connect() a return value of 0 also indicates an
error. In such a case, you should delve deeper and figure out the exact text
message of the error (as lutz suggested). You may see what you have been
looking for.

Arun.

"The online world is a cool place to visit, but you really don't want to
live there."



This message is for the named person(s) use only.  It may contain
confidential, proprietary or legally privileged information.  No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender.  You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. SPEEDERA NETWORKS, INC. reserves the right to
monitor all e-mail communications through its network.

-Original Message-
From: Paul Faccenda <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, July 18, 2000 12:18 PM
Subject: (no subject)


>Yes, I did do  SSL_set_fd() and SSL_connect(). Here is the revised
>sequence.
>{
>  SSL *  ssl = NULL;
>  int ssl_sock;
>  char * cipher;
>
>  ssl_sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP );
>  connect( ssl_sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr));
>  ssl = (SSL*) SSL_new( ssl_ctx );  file://ssl_ctx is global
>  status = SSL_set_fd( ssl, ssl_sock );
>
>  SSL_set_connect_state( ssl );
> status =  SSL_connect( ssl );// returns 0
>  cipher = SSL_get_cipher(ssl);
>}
>
>The connect works, but the cipher returned after the handshake is
>"(NONE)", and I cant write on the secure socket. When I put the same
>code into a standalone C program, it works fine.
>
>
>
>__
>OpenSSL Project http://www.openssl.org
>User Support Mailing List[EMAIL PROTECTED]
>Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

SSL connection through proxy?

[laurenz_brein]

Is it possible to establish an SSL connection through a HTTP proxy
with OpenSSL?

If yes, how?

Thanks,
Laurenz Brein

   Telephon: ++43-1-21145/3256e-mail: [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Need some help/advice - OpenSSL + NT + PWS 4.0

[Pavel Tzekov]

Hello there,

Is it possible to implement custom SSL secured connection using the above environment 
? What I mean is to override the default SSL implementation of
PWS 4.0 with somekind of OpenSSL based server / IIS filter so when I connect to port 
443 the listening app to negotiate SSL connexion based on OpenSSL library ?
I know it sounds stupid but I have to demonstrate the OpenSSL library abilities and 
the services it provides ... Please give me some advice ?

Pavel Tzekov
CSoft Ltd.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: form signing and verification

[Andrey Angelov]

Vivek Dasgupta wrote:
> I have netscape 4.72 with PKCS#11 CRYPTO MODULES
> 
> I have also tested javascript method crypto.signText
> at client side to sign form data. It displays communicator window to signing but 
>gives internal error after pressing OK.
for me on Netscape 4.73 works OK. Check client certificate.
> 
> On server side does openssl have command line utility to verify signature on a given 
>text?
try (verify) from OpenCA package (http://www.openca.org)

&2y

begin:vcard 
n:Angelov;Andrey
x-mozilla-html:FALSE
org:SG EXPRESSBANK;ITD
adr:;;;Varna;Varna;;BG
version:2.1
email;internet:[EMAIL PROTECTED]
title:programmer
x-mozilla-cpt:;-11008
fn:Andrey Angelov
end:vcard

 S/MIME Cryptographic Signature

form signing and verification

[Vivek Dasgupta]

Hi

How to sign form data and verify at server?

I have netscape 4.72 with PKCS#11 CRYPTO MODULES

I have also tested javascript method crypto.signText
at client side to sign form data. It displays communicator window to signing but gives 
internal error after pressing OK.

On server side does openssl have command line utility to verify signature on a given 
text?
Thanks
Vivek


___

$1 million in prizes! 20 daily instant winners. 
AltaVista Rewards: Click here to win! 
http://shopping.altavista.com/e.sdc?e=3

___

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: compiler problems

[Richard Levitte - VMS Whacker]

From: Marco Friedrich <[EMAIL PROTECTED]>

mf> ./config rsaref --prefix=/usr/local --openssldir=/usr/local/openssl
mf> 
mf> When i start make the compiler exit with the following message. Without
mf> the rsaref-option in the config-script the compiler runs without any
mf> problems.  Why the rsaref-library does not exist at this time?

You must install rsaref separately.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

compiler problems

[Marco Friedrich]

Hello!

I'am a Newbie in openssl. I have problems with compile the last
openssl-version.

./config rsaref --prefix=/usr/local --openssldir=/usr/local/openssl

When i start make the compiler exit with the following message. Without
the rsaref-option in the config-script the compiler runs without any
problems.  Why the rsaref-library does not exist at this time?

gcc -o openssl -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DRSAref
-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM
-DMD5_ASM -DRMD160_ASM openssl.o verify.o asn1pars.o req.o dgst.o dh.o
dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o
rsa.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o
speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o
ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o -L. -L..
-L../.. -L../../.. -L.. -lssl -L.. -lcrypto -lRSAglue -lrsaref
/usr/bin/ld: cannot open -lrsaref: Datei oder Verzeichnis nicht gefunden

collect2: ld returned 1 exit status
make[1]: *** [openssl] Error 1
make[1]: Leaving directory `/usr/local/src/openssl-0.9.5a/apps'
make: *** [all] Error 1


--

Mit freundlichen Grüßen
Marco Friedrich




begin:vcard 
n:Friedrich;Marco
tel;fax:089/898267-22
tel;work:089/898267-32
x-mozilla-html:TRUE
url:http://www.cephei.com
org:Cephei AG
adr:;;Freihamer Str. 4b;Gräfelfing;Bayern;82166;Germany
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:;-29920
fn:Marco Friedrich
end:vcard

Re: Memory leak, again

[Lutz Jaenicke]

On Tue, Jul 18, 2000 at 12:09:24PM +0200, Berki Lukacs Tamas wrote:
> I have just the same problem as Bill Rebey. I have an SSL server which
> verifies client certificates by setting SSL_CTX_set_verify to
> SSL_VERIFY_PEER|SSL_FAIL_IF_NO_PEER_CERT, and every time an SSL_accept
> succeeds, there is a memory leak of approximately 10k (!) 

You are aware, that an openssl server by default caches the session
data to be re-used later?
So there _must_ be a "memory leak" with respect to that fact, even though
the size seems to be a bit large to me. (The session data of a session with
client certificate with Postfix/TLS is around 1-2k.)

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PKCS12 unpack error

[Pablo J. Royo]

Hi

I had the same problem, and I didn't find how to solve it except #undefining
that M_XXX macros in my source file,then #defining it correctly.After using
them in my file, you can letf then unchanged again if you like.
I´d like to know if there is a better (and elegant) way to do it.

Here it is what I did(just a cast).Hope this helps.


#ifdef M_PKCS12_unpack_authsafes
#undef M_PKCS12_unpack_authsafes
#define M_PKCS12_unpack_authsafes(p12)
ASN1_seq_unpack(p12->authsafes->d.data->data, \
  p12->authsafes->d.data->length, (char *(*)())d2i_PKCS7,(void
(*)())PKCS7_free)
#endif

#ifdef M_PKCS12_unpack_p7encdata
#undef M_PKCS12_unpack_p7encdata
#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\
(char *(*)())d2i_PKCS12_SAFEBAG,(void (*)()) PKCS12_SAFEBAG_free, \
   (pass), (passlen), \
   (p7)->d.encrypted->enc_data->enc_data, 3)
#endif

#ifdef M_PKCS12_unpack_p7data
#undef M_PKCS12_unpack_p7data
#define M_PKCS12_unpack_p7data(p7) \
ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \
(char *(*)())d2i_PKCS12_SAFEBAG, (void (*)())PKCS12_SAFEBAG_free)
#endif

#ifdef M_PKCS12_decrypt_skey
#undef M_PKCS12_decrypt_skey
#define M_PKCS12_decrypt_skey(bag, pass, passlen) \
(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \
(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (void (*)())PKCS8_PRIV_KEY_INFO_free,
\
  (pass), (passlen), \
(bag)->value.shkeybag->digest, 2)
#endif



>Hi,
>
>VC6 reported that there're error with the following line:
>if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
>
>The error was:
>error C2664: 'ASN1_seq_unpack' : cannot convert parameter 4 from 'void
(struct
>pkcs7_st *)' to 'void (__cdecl *)(void)'
>None of the functions with this name in scope match the target type
>
>I use OpenSSL 0.9.5a compiled using VC6 on Win98SE. What's wrong? Thank
you.
>
>Angus Lee


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Memory leak, again

[Berki Lukacs Tamas]

Hi!

I have just the same problem as Bill Rebey. I have an SSL server which
verifies client certificates by setting SSL_CTX_set_verify to
SSL_VERIFY_PEER|SSL_FAIL_IF_NO_PEER_CERT, and every time an SSL_accept
succeeds, there is a memory leak of approximately 10k (!) 

I call OpenSSL functions in the following order:

SSL_load_error_strings();
SSLeay_add_all_algorithms();
meth=SSLv23_server_method();
ctx=SSL_CTX_new(mth);

SSL_CTX_set_info_callback(ctx, callback)
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
   cb);
SSL_CTX_use_certificate_file(ctx, filename, SSL_FILETYPE_PEM)
SSL_CTX_use_PrivateKey_file(ctx, filename, SSL_FILETYPE_PEM)
SSL_CTX_check_private_key(ctx)
SSL_CTX_load_verify_locations(ctx, cafile, NULL)
SSL_CTX_set_default_verify_paths(ctx)
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(cafile))

ssl = SSL_new(ctx)
SSL_clear(ssl)
SSL_set_fd(ssl, fd)
SSL_accept(ssl)

...

SSL_shutdown(ssl)
SSL_free(ssl)


At the end of the letter I have included some dmalloc summaries. (although
without symbolic function names - that 0x280dca0d is CRYPTO_malloc). 

Any help would be appreciated.


Ciao,
BLT


dmalloc output for no accepted SSL connections:

963914094: 2294:  total-size  count  source
963914094: 2294:   26781   1836  ra=0x280dca0d
963914094: 2294:   24896  1  ra=0x281c5eb1
963914094: 2294:   12448  1  ra=0x281c5e6a
963914094: 2294:8192  1  ra=0x28089630
963914094: 2294:4960  6  ra=0x280dca7b
963914094: 2294:3048  1  ra=0x281c1a28
963914094: 2294:2752 43  ra=0x281c1e69
963914094: 2294:1024  1  ra=0x281c1575
963914094: 2294: 976  2  ra=0x2818f442
963914094: 2294: 512  1  ra=0x280829c5
963914094: 2294: 488  1  ra=0x281c5ad0
963914094: 2294: 408  6  ra=0x281c6b40
963914094: 2294: 292  1  ra=0x280776ad
963914094: 2294: 104  1  ra=0x804f640
963914094: 2294:  40  1  ra=0x281c90b6
963914094: 2294:  28  1  ra=0x28081016
963914094: 2294:  20  2  ra=0x280837a5
963914094: 2294:  16  1  ra=0x28080c1d
963914094: 2294:  10  1  ra=0x28080c3b
963914094: 2294:   3  1  ra=0x281c13f0
963914094: 2294:   2  2  ra=0x280880b0
963914094: 2294:   87000   1911  Total of 21
963914094: 2294:  unknown memory: 1911 pointers, 87000 bytes


For one connection:

963914104: 3056:  total-size  count  source
963914104: 3056:   32048   1963  ra=0x280dca0d
963914104: 3056:   24896  1  ra=0x281c5eb1
963914104: 3056:   12448  1  ra=0x281c5e6a
963914104: 3056:8192  1  ra=0x28089630
963914104: 3056:5120  8  ra=0x280dca7b
963914104: 3056:3048  1  ra=0x281c1a28
963914104: 3056:2816 44  ra=0x281c1e69
963914104: 3056:1464  3  ra=0x2818f442
963914104: 3056:1024  1  ra=0x281c1575
963914104: 3056: 512  1  ra=0x280829c5
963914104: 3056: 488  1  ra=0x281c5ad0
963914104: 3056: 476  7  ra=0x281c6b40
963914104: 3056: 328  2  ra=0x804f9a0
963914104: 3056: 292  1  ra=0x280776ad
963914104: 3056: 104  1  ra=0x804f640
963914104: 3056:  40  1  ra=0x281c90b6
963914104: 3056:  28  1  ra=0x28081016
963914104: 3056:  20  2  ra=0x280837a5
963914104: 3056:  16  1  ra=0x28080c1d
963914104: 3056:  10  1  ra=0x28080c3b
963914104: 3056:   3  1  ra=0x281c13f0
963914104: 3056:   2  2  ra=0x280880b0
963914104: 3056:   93375   2045  Total of 22
963914104: 3056:  unknown memory: 2045 pointers, 93375 bytes

And for five connections:

963914123: 5526:  total-size  count  source
963914123: 5526:   47868   2411  ra=0x280dca0d
963914123: 5526:   24896  1  ra=0x281c5eb1
963914123: 5526:   12448  1  ra=0x281c5e6a
963914123: 5526:8192  1  ra=0x28089630
963914123: 5526:5760 16  ra=0x280dca7b
963914123: 5526:3416  7  ra=0x2818f442
963914123: 5526:3048  1  ra=0x281c1a28
963914123: 5526:2816 44  ra=0x281c1e69
963914123: 5526:1640 10  ra=0x804f9a0
963914123: 5526:1024  1  ra=0x281c1575
963914123: 5526: 748 11  ra=0x281c6b40
963914123: 5526: 512  1  ra=0x280829c5
963914123: 5526: 488  1  ra=0x281c5ad0
963914123: 5526: 292  1  ra=0x280776ad
963914123: 5526: 104  1  ra=0x804f640
963914123: 5526:  40  1  ra=0x281c90b6
963914123: 5526:  28  1  ra=0x28081016
963914123: 5526:  20  2  ra=0x280837a5
963914123: 5526:  16  1  ra=0x28080c1d
963914123: 5526:  10  1  ra=0x28080c3b
963914123: 5526:   3  1  ra=0x281c13f0
963914123: 5526:   

PKCS12 unpack error

[Angus Lee]

Hi,

VC6 reported that there're error with the following line:
if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;

The error was:
error C2664: 'ASN1_seq_unpack' : cannot convert parameter 4 from 'void (struct 
pkcs7_st *)' to 'void (__cdecl *)(void)'
None of the functions with this name in scope match the target type

I use OpenSSL 0.9.5a compiled using VC6 on Win98SE. What's wrong? Thank you.

Angus Lee

---
Get Your Free Email at http://www.hknetmail.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]