RE: Openssl upgrade on Red Hat 7.3 question
-Original Message- From: Vigilance [mailto:[EMAIL PROTECTED] Sent: Thursday, 11 March 2004 20:02 To: [EMAIL PROTECTED] Subject: Openssl upgrade on Red Hat 7.3 question I have a question about upgrading openssl on Redhat 7.3 I have been runnning openssl 0.9.6b for quite some time without problems. Now I see that there is apparently a psybnc attack out there for apache port 443. I've had to shut down https until I can get this fixed. I installed 0.9.6l which seemed to go in just fine. However, Redhat is still using the old stuff because the new openssl went into /usr/local/ssl and the old stuff is in /usr/bin. I don't see anything like $SSL_HOME to set. There is an FAQ comment to not remove /usr/bin/openssl or it will break sendmail and ssh but there is nothing in there about what to do about it. I'm not too keen to just put in a link under these circumstances. I'd really like to be able to take advantage of these new feature/security fixes for at least apache and ideally also for ssh. What do I need to do to get this to work? Please cc me as well as responding to the forum. Thanks in advance First of all, Red Hat 7.3 is no longer supported by Red Hat. However, if you had used all the security updates so far supplied by Red Hat, there would be no known security issues. There is a legacy project for Red Hat 7.3 but no updates for Apache, openssl or mod_ssl have been released since the end of last year, when support ceased. However, if you wish to use a different version of openssl with apache, you would be best advised to recompile both openssl and apache. Details of how to do this are in the openssl documentation. www.redhat.com and https://rhn.redhat.com are a good place to start. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Why do so many people who call themselves christians use the name of Jesus Christ as a swear word? - DISCLAIMER: NOTICE: The information contained in this email and any attachments is confidential and may be privileged. If you are not the intended recipient you should not use, disclose, distribute or copy any of the content of it or of any attachment; you are requested to notify the sender immediately of your receipt of the email and then to delete it and any attachments from your system. RNIB endeavours to ensure that emails and any attachments generated by its staff are free from viruses or other contaminants. However, it cannot accept any responsibility for any such which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problem with OpenSSL buffering and SSL_write/read
Hi to all, I have some problems with buffering mechanism in OpenSSL whit SSL_write/read. I want to add TLS protection at a simple c/s program. My code permits to set the socket buffer length. So, using the socket option TCP_NODELAY, I can send on the net packets with wanted length. Now I will do this also with TLS packet. My code do an handshake (with SSL_connect/accept) and exchange correctly crypted data with SSL_write/read (I don't use any BIO_* in my code I use similar code of cli.cpp and sev.cpp in demos dir), the problem is that also if I set TCP_NODELAY in socket options, SSL_write seems ignore it. For example if I want send a 64 B length packet, I obtain a 138 TCP length packet (I think it is 64*2 + 5*2 where 5 is the SSL data overhead) instead of a 64+5 TCP length packet. someone can help me? thanks in advance Daniele Brevi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Directory Structure
Hi., it´s my first time in this list and I have some questions. I wanna a map of the directory structure of the C code of OpenSSL 0.9.7c. I wanna know the functions of each directory like: apps, crypto, ssl, test. What´s the functions of each file inside that directories and for wich library or file it´s used in the compiled way. If someone can help, please do it!! It´s and University work. Thanks, anyway. -- Reginaldo de Oliveira Santos BRAZIL - UNESP - BAURU BCC 2003 -- Mensagem enviada pelo Webmail da Faculdade de Ciências __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Directory Structure
When you finish this, please post the results. It would make great documentation. :) On Mar 12, 2004, at 7:16 AM, Reginaldo de Oliveira Santos wrote: Hi., it´s my first time in this list and I have some questions. I wanna a map of the directory structure of the C code of OpenSSL 0.9.7c. I wanna know the functions of each directory like: apps, crypto, ssl, test. What´s the functions of each file inside that directories and for wich library or file it´s used in the compiled way. If someone can help, please do it!! It´s and University work. Thanks, anyway. -- Reginaldo de Oliveira Santos BRAZIL - UNESP - BAURU BCC 2003 -- Mensagem enviada pelo Webmail da Faculdade de Ciências __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Directory Structure
Citando Joseph Bruni [EMAIL PROTECTED]: When you finish this, please post the results. It would make great documentation. :) On Mar 12, 2004, at 7:16 AM, Reginaldo de Oliveira Santos wrote: Hi., it´s my first time in this list and I have some questions. I wanna a map of the directory structure of the C code of OpenSSL 0.9.7c. I wanna know the functions of each directory like: apps, crypto, ssl, test. What´s the functions of each file inside that directories and for wich library or file it´s used in the compiled way. If someone can help, please do it!! It´s and University work. Thanks, anyway. -- Reginaldo de Oliveira Santos BRAZIL - UNESP - BAURU BCC 2003 -- Mensagem enviada pelo Webmail da Faculdade de Ciências __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Ok! No Problem. -- Reginaldo de Oliveira Santos UNESP - BAURU BCC 2003 -- Mensagem enviada pelo Webmail da Faculdade de Ciências __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RSA Keys Onto SmartCard ???
Hi ... I'm trying to write my OpenSSL generated RSA keys onto a cryptoki (smart card) using PKCS#11 ... PKCS#11 requires the individual key parameters (p, q, d, e, n, d mod q-1, d mod p-1) in 'unsigned char*' format, or a binary string in general ... I'm trying to use the BigNumber library function BN_bn2bin to convert the RSA key parameters to binary strings ... but calling the PKCS#11 function (which works fine with hard-coded data values) throws an invalid data error ... Can anybody help ? Peter. _ Get 10mb of inbox space with MSN Hotmail Extra Storage http://join.msn.com/?pgmarket=en-sg __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Finding multiple PEM-encoded objects in a file
I know that it is possible to place multiple PEM-encoded objects into a single file. Is it possible to iterate through each item? The command-line tools only seem to work on the first one found. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Finding multiple PEM-encoded objects in a file
This works for me. It iterates through all X509 certificates and CRL's.
You can write similar code for other PEM-encoded objects.
{
in = BIO_new_file(xyz.pem, r);
if(!in) {
error;
}
while ((x509 = PEM_read_bio_X509(in,NULL,NULL,NULL)) != NULL)
{
}
while((x509_crl = PEM_read_bio_X509_CRL(in,NULL,NULL,NULL)) != NULL)
{
}
}
Amar
Joseph Bruni wrote:
I know that it is possible to place multiple PEM-encoded objects into a single file.
Is it possible to iterate through each item? The command-line tools only seem to work
on the first one found.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Has anyone else had these problems? Is there a work-around?
I'm trying to build OpenSSL on OpenBSD3.4 The version I'm using is openssl-0.9.7b I was un-sucessful in getting it to build via using ./config So I tried... ./config no-asm After noticing in the FAQ that the 'no-asm' option was needed. So here is the last portion of the output of ./config... cut here --- Makefile = Makefile.ssl making links in tools... Makefile = Makefile.ssl generating dummy tests (if needed)... Configured for OpenBSD-i386. The library could not be configured for supporting multi-threaded applications as the compiler options required on this system are not known. See file INSTALL for details if you need multi-threading. - What do they mean in that last paragraph above? Is this because the new OpenBSD3.4 compiler is changed? So - now when I do the 'make' I get... # make making all in crypto... gcc -I. -I.. -I../include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -c cryptlib.c *unknown*: Assembler messages: *unknown*:0: Warning: as: I don't understand 'Q' flag. *unknown*:0: Warning: as: I don't understand 'y' flag. /tmp/cced7503.s:4: Error: Alignment too large: 15. assumed. /tmp/cced7503.s:41: Error: Unknown pseudo-op: `.section' *** Error code 1 Whats up with this? What am I doing wrong? I thought I was following the instructions... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
