Behaviour of SSL_read()
Hi,
I've noticed that SSL_read() will either read from the socket, or
return buffered data, but never both. That is, if there are (eg) 1000
bytes of data waiting to be read, and I call SSL_read() asking for
1500 bytes, it will return only the 1000 buffered bytes, rather than
reading from the socket to supply the other 500.
This means that if I call SSL_read() in a loop like so:
do {
SSL_read(x, ...);
} while(SSL_pending(x));
it will read once from the socket, and then return all of the data
which was fetched; it won't leave data in the buffer, and it won't sit
in the loop for as long as data is arriving from the peer.
Can I rely on this behaviour to stay the same in future OpenSSL
versions?
--
Michael Playle, Software Engineer, ANT Ltd.
phone +44 1223 716418 - fax +44 1223 716401
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Configuration question?
Hi, I am a newbie here. Please help me. I am trying to configure openssl for different options. I am using openssl-0.9.6a on WinNT4.0 OS. I could successfully remove some of the ciphers using the no-cipher ; cpher = rc2, rc5,... I faced a problem while configuring it for no-sock option, with little modifications in the source code (in the s_server.c and s_client.c files), I am able to start the s_sever and s_client applications, while running I found following logs on the command prompts. s_server log: Loading 'screen' into random state - done Using default temp DH parameters ACCEPT SSL_accept:before/accept initialization read from 009C4B40 [00EC55F8] (5 bytes = -1 (0x)) SSL_accept:error in SSLv3 read client hello B ERROR shutting down SSL CONNECTION CLOSED ACCEPT s_client log: Loading 'screen' into random state - done CONNECTED(00C8) SSL_connect:before/connect initialization write to 009C17E0 [00EC9E20] (50 bytes = -1 (0x)) SSL_connect:error in SSLv3 write client hello B write:errno=0 which I think means that ssl handshake failed. Am I correct? or am I missing something? Does no-sock option really work on WinNT? If it does how do I configure it? Thanks in advance, looking forward to hear from you. -Regards, Amol. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Newbie..
sorry for my ignorance.. : ( ill be using a module in a webserver... that needs certificate.pem and key.pem how do i create the files? can someone direct me to the right path. i already read http://www.openssl.org/docs/HOWTO/certificates.txt -- The information contained in this message (including any attachments) is confidential and intended solely for the attention and use of the named addressee(s). It must not be copied, distributed nor disclosed to any person. If you are not the intended recipient, please delete it from your system and notify sender immediately. Any disclosure, copying or distribution thereof or any action taken or omitted to be taken in reliance thereon is prohibited and may be unlawful. -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: FTP over SSH2
Dustin, There's a commercially available product known as SecureFX that will do what you want - www.vandye.com. You can trial it for 30 days. [EMAIL PROTECTED] --- [EMAIL PROTECTED] wrote: Dustin, OpenSSH has something called sftp, in sshd_config You can setup sftp_server as subsystem. But I haven't seen pure ftp over SSH. Cheers, Pawel -Original Message- From: Dustin Wiseman [mailto:[EMAIL PROTECTED]] Sent: Monday, July 23, 2001 10:07 PM To: [EMAIL PROTECTED] Subject: FTP over SSH2 Where can I find detailed instructions on setting up an FTP server on Red Hat Linux utilizing the SSH2 protocol? Thank You, Dustin __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Behaviour of SSL_read()
On Tue, Jul 24, 2001 at 09:11:32AM +0100, Michael Playle wrote:
I've noticed that SSL_read() will either read from the socket, or
return buffered data, but never both. That is, if there are (eg) 1000
bytes of data waiting to be read, and I call SSL_read() asking for
1500 bytes, it will return only the 1000 buffered bytes, rather than
reading from the socket to supply the other 500.
This means that if I call SSL_read() in a loop like so:
do {
SSL_read(x, ...);
} while(SSL_pending(x));
it will read once from the socket, and then return all of the data
which was fetched; it won't leave data in the buffer, and it won't sit
in the loop for as long as data is arriving from the peer.
SSL_read() must work on the TLS-record layer, because otherwise applications
being ready to receive large amounts of data (by specifying a large buffer),
would always hang until the buffer is filled. Therefore SSL_read() will
return what is in the buffer or it will only return when the complete next
TLS record has arrived (as only then the MAC can be checked).
SSL_pending() returns the number of bytes still in the buffer. Your construct
will only loop, if SSL_read() reads data in chunks smaller then the records
coming in. In SSLv3/TLSv1 the maximum record size is 16kB, so records up to
this size can arrive.
Can I rely on this behaviour to stay the same in future OpenSSL
versions?
Yes, as there is no other way to realize it in a useful manner.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
CA cert not in a file?
I have a self-signed CA certificate and a server certificate signed by the CA. Now, I'd like to store both certificates in a database rather than on files. How does this work with the load_verify_locations() function? How can I make sure that the server can find the CA cert when it needs it? How can I make this possible? Martin -- Martin Sjögren [EMAIL PROTECTED] ICQ : 41245059 Phone: +46 (0)31 405242Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Compile error on Maurice loadkeys
Mohamed: Add an extra NULL parameter to the end of the arguments in each of these two functions in the loadkeys.h and/or loadkeys.c files. Joe //--- Mohamed Nadjar wrote: I am a new user of openssl and I try to understand how it works by looking at the demos! But I have the same problem and the same message ! Could anyone help us ?? -- Mohamed NADJAR, Inria - Rhône-alpes, Planete project, France Darryl Wagoner wrote: It seems that most of the demo programs will not compile. Any ideas? dwagoner: - make loadkeys.c: In function `ReadPublicKey': loadkeys.c:36: too few arguments to function `PEM_ASN1_read' loadkeys.c: In function `ReadPrivateKey': loadkeys.c:67: too few arguments to function `PEM_ASN1_read' make: *** [loadkeys.o] Error 1 -- Darryl Wagoner - WA1GON __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: EVP initialization question
I guess I'm unclear about whether a context is something that's applicable to an entire session or simply to one message. I tried it the former way, but when I went to encrypt the second message, it included a part of the first message that it had encrypted, which leads me to believe that I should be cleaning that up and reinitalizing. You must cleanup the cipher context *as soon as possible* after completing the crypto operation, otherwise you're leaving sensitive information hanging around memory, i.e. immediately after calling EVP_EncryptFinal, call EVP_CIPHER_CTX_cleanup. - Dale. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
configure with no-sock for WinNT
Hi, I am a newbie here. Please help me. I am trying to configure openssl for different options. I am using openssl-0.9.6a on WinNT4.0 OS. I could successfully remove some of the ciphers using the no-cipher ; cpher = rc2, rc5,... I faced a problem while configuring it for no-sock option, with little modifications in the source code (in the s_server.c and s_client.c files), I am able to start the s_sever and s_client applications, while running I found following logs on the command prompts. s_server log: Loading 'screen' into random state - done Using default temp DH parameters ACCEPT SSL_accept:before/accept initialization read from 009C4B40 [00EC55F8] (5 bytes = -1 (0x)) SSL_accept:error in SSLv3 read client hello B ERROR shutting down SSL CONNECTION CLOSED ACCEPT s_client log: Loading 'screen' into random state - done CONNECTED(00C8) SSL_connect:before/connect initialization write to 009C17E0 [00EC9E20] (50 bytes = -1 (0x)) SSL_connect:error in SSLv3 write client hello B write:errno=0 which I think means that ssl handshake failed. Am I correct? or am I missing something? Does no-sock option really work on WinNT? If it does how do I configure it? Thanks in advance, looking forward to hear from you. -Regards, Amol. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: obtaining OID strings for DN components from a request?
Kim, Peter wrote: Hi, I must have an old version of OpenSSL. In fact, I was looking for a function with a name similar to what you pointed out. I had found a function called OBJ_txt2nid(), so I figured there would be a OBJ_nid2txt() function or something similar. I looked in objects.h under crypto/objects directory. Is that where it's supposed to be? I'm missing that function. Well it should be in crypto/objects.h, the one you need is: ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); it was added fairly recently. To handle general OIDs you need the ASN1_OBJECT structure. Only OIDs in OpenSSLs internal table have a usable NID, those not in there all have the NID NID_undef, whereas arbitrary OIDs can be represented by an ASN1_OBJECT. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
be a self CA
hello, i try to be my self CA i read and test some howto but it stell doesn't work i know how creates a csr for a web site i know how sign it by myself i know how creat a CA but i don't know how the CA is suposed to sign a scr for now i've tryed to sign the csr in the same way i sign it with my own server key what does i need ?? i have this : it runs under win32 (apache and mod_ssl runs ok) openssl directory : ¦ GEN_CA.BAT script to creat CA democa ¦ GEN_CSR.BAT script to generate CSR ¦ libeay32.dll ¦ openssl.cnf ¦ openssl.cnf2.cnf ¦ openssl.exe ¦ SELF.BAT script to self-sign CSR ¦ SIGN.BAT script suposed to sign CSR with CA certificat (democa\private\cakey.pem) ¦ ssleay32.dll ¦ +---cert ¦ +---arcean a test web site stuff ¦ ¦ arcean.csr ¦ ¦ arcean.keyunprotected key with wich i self sign ¦ ¦ CA_arcean.cert CA_signed (suposed to be) ¦ ¦ privkey.pem ¦ ¦ self_arno.cert self signed ¦ ¦ ¦ +---arno a test web site stuff ¦ arno.csr ¦ arno.key ¦ CA_arno.cert ¦ privkey.pem ¦ self_arno.cert ¦ +---democa ¦ cacert.pem ¦ +---private cakey.pem key (protected) with wich i think i could sign CSR someone could help me ?? thanks *** L'intégrité de ce message n'étant pas assurée sur internet, Natexis Banques Populaires ne peut être tenu responsable de son contenu. Toute utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire de ce message, merci de le détruire et d'avertir l'expéditeur. The integrity of this message cannot be guaranteed on the Internet. Natexis Banques Populaires can not therefore be considered responsible for the contents. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender. *** __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl-0.9.5a porting to Lynx
Hi, I tried to install openssl-0.9.5a in Lynx, so that I would have libssl and SSLeay support.I gave, #./Configure -lbsd gcc This added the option -lbsd to the Makefile and Makefile.ssl Next, #make This ran good until gcc -o openssl (list of options including -lbsd ) where it gave an error message saying undefined references to a list of variables. Can anyone help me out, A.Hari Do You Yahoo!? For regular News updates go to http://in.news.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
AES
Hello, Has Rijndael already been released in Openssl 0-9-6b or is it only supposed to be released in version 0-9-7? Thanks.
be its own CA
when i sign a csr with my own-CA key (i dont know if it's the good way ...) apache refuse to start could it be because it don't know this CA and refuse a false signed cert the ssl log looks like that: [24/Jul/2001 16:02:25 00189] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [24/Jul/2001 16:03:00 00224] [info] Server: Apache/1.3.20, Interface: mod_ssl/2.8.4, Library: OpenSSL/0.9.6a [24/Jul/2001 16:03:00 00224] [warn] You are using mod_ssl under Win32. This combination is *NOT* officially supported. Use it at your own risk! [24/Jul/2001 16:03:00 00224] [info] Init: 1st startup round (still not detached) [24/Jul/2001 16:03:00 00224] [info] Init: Initializing OpenSSL library [24/Jul/2001 16:03:00 00224] [info] Init: Loading certificate private key of SSL-aware server bogus_host_without_reverse_dns:443 [24/Jul/2001 16:03:00 00224] [info] Init: Seeding PRNG with 136 bytes of entropy [24/Jul/2001 16:03:02 00224] [info] Init: Generating temporary RSA private keys (512/1024 bits) [24/Jul/2001 16:03:03 00224] [info] Init: Configuring temporary DH parameters (512/1024 bits) [24/Jul/2001 16:03:03 00224] [info] Init: Seeding PRNG with 136 bytes of entropy [24/Jul/2001 16:03:03 00224] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [24/Jul/2001 16:03:03 00224] [info] Init: Configuring temporary DH parameters (512/1024 bits) [24/Jul/2001 16:03:03 00224] [info] Init: Initializing (virtual) servers for SSL [24/Jul/2001 16:03:03 00224] [info] Init: Configuring server bogus_host_without_reverse_dns:443 for SSL protocol [24/Jul/2001 16:03:03 00224] [warn] Init: (bogus_host_without_reverse_dns:443) RSA server certificate CommonName (CN) `10.1.7.14' does NOT match server name!? [24/Jul/2001 16:03:03 00224] [error] Init: (bogus_host_without_reverse_dns:443) Unable to configure RSA server private key (OpenSSL library error follows) [24/Jul/2001 16:03:03 00224] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch any ID ?? thx *** L'integrite de ce message n'etant pas assuree sur internet, Natexis Banques Populaires ne peut etre tenu responsable de son contenu. Toute utilisation ou diffusion non autorisee est interdite. Si vous n'etes pas destinataire de ce message, merci de le detruire et d'avertir l'expediteur. The integrity of this message cannot be guaranteed on the Internet. Natexis Banques Populaires can not therefore be considered responsible for the contents. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender. *** __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Solaris 8 problems with libcrypto, Openssl packages 0.9.6
I downloaded and installed both Openssh and Openssl from packages downloaded at sunfreeware.com, but when I try to start the ssh daemon I get this error: ld.so.1: /usr/local/sbin/sshd: fatal: libcrypto.so.0: open failed: No such file or directoryKilled I have checked the LD_LIBRARY_PATH, it contains the following: LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/sbin/lib:/usr/local/ssl/lib:/usr/ccs/lib:/usr/local/sparc-sun-solaris2.8/lib:/usr/local/ActivePerl-5.6/lib: nothing unusual there, and it looks correct to me? Anybody know how to fix this? -Mark
RE: EVP initialization question
Thanks for your reply. So, does EVP_CIPHER_CTX_cleanup free the context's memory as well as clearing it, or is that left to me? I can't seem to find that in the man pages... Thanks again, Haig On 24 Jul 2001 12:36:22 +0100, Dale Peakall wrote: I guess I'm unclear about whether a context is something that's applicable to an entire session or simply to one message. I tried it the former way, but when I went to encrypt the second message, it included a part of the first message that it had encrypted, which leads me to believe that I should be cleaning that up and reinitalizing. You must cleanup the cipher context *as soon as possible* after completing the crypto operation, otherwise you're leaving sensitive information hanging around memory, i.e. immediately after calling EVP_EncryptFinal, call EVP_CIPHER_CTX_cleanup. - Dale. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSH2
hi Dustin, Well for one it would no longer be FTP per se.. if you want to offer encrypted ftp service you could say for instance try some of the SSLed FTP stuff.. Try freshmeat for pointers.. Note that those clients that can do SSLed ftp only encrypt the control port not the data port.. Since FTP decided to used 2 ports instead of one which i have never really understood exactly.. There is also as Pawel mentioned you can tunnel for instance the OpenSSH where you can tunnel to the server if you want.. Well hope that helps you somewhat.. Best Regards [EMAIL PROTECTED] Dustin, OpenSSH has something called sftp, in sshd_config You can setup sftp_server as subsystem. But I haven't seen pure ftp over SSH. Cheers, Pawel -Original Message- From: Dustin Wiseman [mailto:[EMAIL PROTECTED]] Sent: Monday, July 23, 2001 10:07 PM To: [EMAIL PROTECTED] Subject: FTP over SSH2 Where can I find detailed instructions on setting up an FTP server on Red Hat Linux utilizing the SSH2 protocol? Thank You, Dustin __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: EVP initialization question
So, does EVP_CIPHER_CTX_cleanup free the context's memory as well as clearing it, or is that left to me? I can't seem to find that in the man pages... A quick inspection of the code, suggests that NO memory is actually allocated (the EVP_CIPHER_CTX contains pre-sized buffers for all the necessary data). When the EVP_CIPEHR_CTX goes out of scope (or is deleted from the heap), everything should be free'd. N.B. You should still call EVP_CIPHER_CTX_cleanup before the context goes out of scope (or is deleted from the heap), as it reset's everything in the structure to ensure nothing sensitive remains in memory. The only memory to worry about is the application data, which you can set with the EVP_CIPHER_CTX_set_app_data() function and get with EVP_CIPHER_CTX_get_app_data(). If you choose to set it, you need to manage it (and I think you need to get it back and free it - assuming it's dynamically allocated - prior to calling EVP_CIPHER_CTX_cleanup as that will set the value to 0. - Dale. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
client verify callback
Hi, If a client implements it's own verify callback and that callback prompts the user for input. (ie. Yes/No to allow connection) Is there a mechanism which would prevent this action from blocking the server? Currently my server which accepts all connections on a single thread denies connections to other clients once a single client is waiting for input from the user. SSL_accept(...) doesn't return until SSL_connect(...)'s verify callback returns. The handshake waits. Is this incorrect usage of the verify callback? Cory -- Cory Winter E-Mail: [EMAIL PROTECTED] IONA Phone : (709) 738-3725 Total Business Integration (TM) WWW : http://www.iona.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: client verify callback
Cory Winter [EMAIL PROTECTED] writes: If a client implements it's own verify callback and that callback prompts the user for input. (ie. Yes/No to allow connection) Is there a mechanism which would prevent this action from blocking the server? Currently my server which accepts all connections on a single thread denies connections to other clients once a single client is waiting for input from the user. This is a bad idea in general since it allows one client to block everyone else. Better to use non-blocking I/O or a separate thread to service each client. -Ekr __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: client verify callback
On Tue, Jul 24, 2001 at 02:45:17PM -0230, Cory Winter wrote: Hi, If a client implements it's own verify callback and that callback prompts the user for input. (ie. Yes/No to allow connection) Is there a mechanism which would prevent this action from blocking the server? Currently my server which accepts all connections on a single thread denies connections to other clients once a single client is waiting for input from the user. SSL_accept(...) doesn't return until SSL_connect(...)'s verify callback returns. The handshake waits. Is this incorrect usage of the verify callback? Hmm. I think it is ok to use it this way. As far as I can see, Netscape does the same if there are doubts (unknown CA, hostname not matching). I would see it the other way round: your server is broken. A single client can block it. It's the perfect situation for a DoS attack. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Darwin builds
I actually have a document where I explain how I go about porting OpenSSL and making shared libraries from it. There are only a very few changes to the source code and a few lines added to the configure script. I can post it, if anyone is interested. Maybe the development team will make the changes part of their regular build. cjh __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
BUF_MEM...
Hello! I've got a question about buf_mem The BIO_get_mem_ptr, Does it make a copy of the bytes in the byte array where is used? That is, Is there any function to free a BUF_MEM ? This is my source code BIO *bio=BIO_new(BIO_s_mem()); BUF_MEM *buf_mem=NULL; BIO_get_mem_ptr(bio,buf_mem); unsigned char *bytes=buf_mem-data; int length=buf_mem-length Must I to free the BUF_MEM or only the BIO? Thanks in advance for your answer, Regards, Antonio. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Darwin builds
please post your document, i would like to see if i missed anything. -darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of CJ Holmes Sent: Tuesday, July 24, 2001 11:12 AM To: [EMAIL PROTECTED] Subject: Re: Darwin builds I actually have a document where I explain how I go about porting OpenSSL and making shared libraries from it. There are only a very few changes to the source code and a few lines added to the configure script. I can post it, if anyone is interested. Maybe the development team will make the changes part of their regular build. cjh __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL Cert+Sign Netscape
Hi All, I have build with OpenSSL my own Root Certificate to sign The certificate I want to create for my personal use. Does anyone knowns how to inplement my Root CA Certificate, my Personal Certificate and Signature into my Netscape Communicator 4.7 Any ideas would be very appreciated Ciao! #- # Averroes A. Aysha Think Linux, Think Slackware! # Network Security Auditor (NSA) # [EMAIL PROTECTED] #- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
No Subject
Yaowen Chen Software Engineer of Ensuite [EMAIL PROTECTED] www.teleias.com Phone:(416) 366-3335 ext 211 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Darwin builds
it finally built, started ALL over again as a mere mortal, removing the old libs from /usr/lib and doing all the aforementioned steps, and it DID make and install. WHEW...now to complete mod_ssl, which is what this entire exercise was all about!! THANKS for ALL your help, Mark, i DO appreciate it :-) -- Michael B. Weiner, Linux+, Linux+ SME Systems Administrator/Partner The UserFriendly Network (UFN) -- Linux Registered User #94900Have you been counted? http://counter.li.org PGP: 30 1D CC BA 30 30 63 35 CD 58 E0 89 A9 17 CC C0 8C 55 F7 72 .Escape the 'Gates' of Hell `:::' ... .. ::: * `::.::' ::: .:: .:.::. .:: .:: `::. :' ::: :: :: :: :: :::::. ::: .::. .:: ::. `. .:' ::. ...:::.::' ... -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Testing SSL on OpenBSD
I wondering if someone could giude me on obtaining some code just to see if OpenSSL works on Apache? Sakui OpenSSL Project http://www.openssl.orgUser Support Mailing List [EMAIL PROTECTED]Automated List Manager [EMAIL PROTECTED]
Re: Testing SSL on OpenBSD
hi Sakui, It is onboard in the base install of OpenBSD.. see.. /etc/rc.conf read the comments there on httpd.. bye Sakui wrote: I wondering if someone could giude me on obtaining some code just to see if OpenSSL works on Apache?Sakui OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
