Re: Error :SSL3_SETUP_KEY_BLOCK:Malloc failure while using openSSL with Apache
Mattias Hembruch wrote: Hi. I'm trying to set up a secure server with openSSL and Apache 1.3.14. I'm not a newbie, but I am new to the Apache/openSSL game. I applied the openSSL patches to the Apache source, built the thing, and have it working with a non-secured port. I used the "make certificate" to build a test certificate, and pointed SSLCertificateFile to that in the httpd.conf. Sure enough, when I go to my secured port, Netscape warns me about a "non-recognized" certificate and asks if I want to accept it. I say yes, and get the "there was an error ..." dialog. Looking at the logs, the above error is inserted into the Apache logs. [Sun Jan 21 21:23:17 2001] [error] error:1409D021:SSL routines:SSL3_SETUP_KEY_BLOCK:Malloc failure Well, well, well.. Just when you stopped believing in miracles... I ended up having to rebuild from scratch for other reasons, and somehow, it all works now.. Didn't do anything differently (as far as I can tell), but it works. Sorry for the interruption. Mattias begin:vcard n:Hembruch;Mattias tel;cell:416-527-3651 x-mozilla-html:FALSE org:Nitido Inc. adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Consultant x-mozilla-cpt:;-21056 fn:Mattias Hembruch end:vcard
Re: apache startssl error
I am trying to configure apache v1.3.14 with mod_ssl v2.7.1 and OpenSSl v0.9.6. The OS is Solaris 7. Everything compiled nicely and apache started up fine. But with the startssl option I get these errors: Syntax error on line 208 of /usr/local/apache/conf/httpd.conf: Cannot load /usr/local/apache/libexec/libssl.so into server: ld.so.1: /usr/local/apache/bin/httpd: fatal: relocation error: file /usr/local/apache/libexec/libssl.so: symbol X509_free: referenced symbol not found ./apachectl startssl: httpd could not be started Does anyone have a solution for me. The symbol X509_free is in libcrypto. Have you done a "ldconfig -r" so that the library cache is updated? -- Matt Emmerton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Installation problem on win32
I am using cygwin32 b20 on windows nt4 sp6 and am getting the following error: bash-2.02$ ./Configure no-threads CygWin32Configuring for CygWin32IsWindows=0CC =gccCFLAG =-DDSO_WIN32 -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -WallEX_LIBS =BN_ASM =bn_asm.oDES_ENC =des_enc.o fcrypt_b.oBF_ENC =bf_enc.oCAST_ENC =c_enc.oRC4_ENC =rc4_enc.oRC5_ENC =rc5_enc.oMD5_OBJ_ASM =SHA1_OBJ_ASM =RMD160_OBJ_ASM=PROCESSOR =RANLIB =truePERL =perlTHIRTY_TWO_BIT modeDES_PTR usedDES_RISC1 usedDES_UNROLL usedBN_LLONG modeRC4_INDEX modeRC4_CHUNK is undefined/c: Can't open /cmake: *** [links] Error 2bash-2.02$ Looked at FAQ and found item about undefined items which said to use no-asm option.Tried thatand got the same result. Would appreciate any help.
Re: Troubles in re-connect
Hi, In the best case, I get : 2223:error:140920C5:SSL routines:SSL3_GET_SERVER_HELLO:old session cipher not returned:s3_clnt.c:636: I've looked in the documentation, in the mailusers archive. I didn't found any solution. It seems to me that your session-reuse code is working correctly, but your Web server not. This is a known bug of some Web servers, especially Netscape servers.It is also mentioned in the file "bugs/SSLv3" in the OpenSSL distribution: - ssl3.netscape.com:443, first a connection is established with RC4-MD5. If it is then resumed, we end up using DES-CBC3-SHA. It should be RC4-MD5 according to 7.6.1.3, 'cipher_suite'. Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug. It only really shows up when connecting via SSLv2/v3 then reconnecting via SSLv3. The cipher list changes NEW INFORMATION. Try connecting with a cipher list of just DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when doing a re-connect, always takes the first cipher in the cipher list. - As a work-around: use only one cipher suite in your client, or use SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG with SSL_CTX_set_options(). Hope that helps Niko __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]