RE: Openssl upgrade on Red Hat 7.3 question

2004-03-12 Thread John . Airey
 -Original Message-
 From: Vigilance [mailto:[EMAIL PROTECTED]
 Sent: Thursday, 11 March 2004 20:02
 To: [EMAIL PROTECTED]
 Subject: Openssl upgrade on Red Hat 7.3 question
 
 
 
 
 
 I have a question about upgrading openssl on Redhat 7.3
 
 I have been runnning openssl 0.9.6b for quite some time without 
 problems.  Now I see that there is apparently a psybnc 
 attack out there 
 for apache port 443.  I've had to shut down https until I 
 can get this fixed.
 
 I installed 0.9.6l which seemed to go in just fine.  
 However, Redhat is 
 still using the old stuff because the new openssl went into 
 /usr/local/ssl 
 and the old stuff is in /usr/bin.  I don't see anything like 
 $SSL_HOME to set.
 
 There is an FAQ comment to not remove /usr/bin/openssl or it 
 will break 
 sendmail and ssh but there is nothing in there about what to 
 do about 
 it.  I'm not too keen to just put in a link under these 
 circumstances.
 
 I'd really like to be able to take advantage of these new 
 feature/security 
 fixes for at least apache and ideally also for ssh. What do 
 I need to do 
 to get this to work?
 
 Please cc me as well as responding to the forum.
 
 Thanks in advance
 

First of all, Red Hat 7.3 is no longer supported by Red Hat. However, if you
had used all the security updates so far supplied by Red Hat, there would be
no known security issues. There is a legacy project for Red Hat 7.3 but no
updates for Apache, openssl or mod_ssl have been released since the end of
last year, when support ceased.

However, if you wish to use a different version of openssl with apache, you
would be best advised to recompile both openssl and apache. Details of how
to do this are in the openssl documentation.

www.redhat.com and https://rhn.redhat.com are a good place to start.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] 

Why do so many people who call themselves christians use the name of Jesus
Christ as a swear word?

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Problem with OpenSSL buffering and SSL_write/read

2004-03-12 Thread Daniele Brevi
Hi to all,

I have some problems with buffering mechanism in OpenSSL whit
SSL_write/read. I want to add TLS protection at a simple c/s program. My
code permits to set the socket buffer length. So, using the socket
option TCP_NODELAY, I can send on the net packets with wanted length.
Now I will do this also with TLS packet. My code do an handshake (with
SSL_connect/accept) and exchange correctly crypted data with
SSL_write/read (I don't use any BIO_* in my code I use similar code of
cli.cpp and sev.cpp in demos dir), the problem is that also if I set
TCP_NODELAY in socket options, SSL_write seems ignore it. For example if
I want send a 64 B length packet, I obtain a 138 TCP length packet (I
think it is 64*2 + 5*2 where 5 is the SSL data overhead) instead of a
64+5 TCP length packet.

someone can help me?

thanks in advance

Daniele Brevi

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Directory Structure

2004-03-12 Thread Reginaldo de Oliveira Santos
Hi., it´s my first time in this list and I have some questions.

I wanna a map of the directory structure of the C code of OpenSSL 0.9.7c. I
wanna know the functions of each directory like: apps, crypto, ssl, test.
What´s the functions of each file inside that directories and for wich library
or file it´s used in the compiled way.

If someone can help, please do it!! It´s and University work.

Thanks, anyway.


-- 
Reginaldo de Oliveira Santos

   BRAZIL - UNESP - BAURU  
  BCC 2003

--
Mensagem enviada pelo Webmail da Faculdade de Ciências  

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Re: Directory Structure

2004-03-12 Thread Joseph Bruni
When you finish this, please post the results. It would make great 
documentation.

:)

On Mar 12, 2004, at 7:16 AM, Reginaldo de Oliveira Santos wrote:

Hi., it´s my first time in this list and I have some questions.

I wanna a map of the directory structure of the C code of OpenSSL 
0.9.7c. I
wanna know the functions of each directory like: apps, crypto, ssl, 
test.
What´s the functions of each file inside that directories and for wich 
library
or file it´s used in the compiled way.

If someone can help, please do it!! It´s and University work.

Thanks, anyway.

--
Reginaldo de Oliveira Santos

   BRAZIL - UNESP - BAURU
  BCC 2003
--
Mensagem enviada pelo Webmail da Faculdade de Ciências
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Re: Directory Structure

2004-03-12 Thread Reginaldo de Oliveira Santos
Citando Joseph Bruni [EMAIL PROTECTED]:

 When you finish this, please post the results. It would make great 
 documentation.
 
 :)
 
 
 On Mar 12, 2004, at 7:16 AM, Reginaldo de Oliveira Santos wrote:
 
  Hi., it´s my first time in this list and I have some questions.
 
  I wanna a map of the directory structure of the C code of OpenSSL 
  0.9.7c. I
  wanna know the functions of each directory like: apps, crypto, ssl, 
  test.
  What´s the functions of each file inside that directories and for wich 
  library
  or file it´s used in the compiled way.
 
  If someone can help, please do it!! It´s and University work.
 
  Thanks, anyway.
 
 
  -- 
  Reginaldo de Oliveira Santos
  
 BRAZIL - UNESP - BAURU
BCC 2003
 
  --
  Mensagem enviada pelo Webmail da Faculdade de Ciências
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing List[EMAIL PROTECTED]
  Automated List Manager   [EMAIL PROTECTED]
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

Ok! No Problem.

-- 
Reginaldo de Oliveira Santos

   UNESP - BAURU  
  BCC 2003

--
Mensagem enviada pelo Webmail da Faculdade de Ciências  

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


RSA Keys Onto SmartCard ???

2004-03-12 Thread Surrealistic Dreamer
Hi ...

I'm trying to write my OpenSSL generated RSA keys onto a cryptoki (smart 
card) using PKCS#11 ... PKCS#11 requires the individual key parameters (p, 
q, d, e, n, d mod q-1, d mod p-1) in 'unsigned char*' format, or a binary 
string in general ... I'm trying to use the BigNumber library function 
BN_bn2bin to convert the RSA key parameters to binary strings ... but 
calling the PKCS#11 function (which works fine with hard-coded data values) 
throws an invalid data error ...

Can anybody help ?

Peter.

_
Get 10mb of inbox space with MSN Hotmail Extra Storage 
http://join.msn.com/?pgmarket=en-sg

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Finding multiple PEM-encoded objects in a file

2004-03-12 Thread Joseph Bruni
I know that it is possible to place multiple PEM-encoded objects into a single file. 
Is it possible to iterate through each item? The command-line tools only seem to work 
on the first one found.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Re: Finding multiple PEM-encoded objects in a file

2004-03-12 Thread Amar Desai
This works for me. It iterates through all X509 certificates and CRL's. 
You can write similar code for other PEM-encoded objects.

{
   in = BIO_new_file(xyz.pem, r);
   if(!in) {
 error;
   }
   while ((x509 = PEM_read_bio_X509(in,NULL,NULL,NULL)) != NULL)
   {
}
   while((x509_crl = PEM_read_bio_X509_CRL(in,NULL,NULL,NULL)) != NULL)
   {
   }
}
Amar

Joseph Bruni wrote:

I know that it is possible to place multiple PEM-encoded objects into a single file. 
Is it possible to iterate through each item? The command-line tools only seem to work 
on the first one found.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
 



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Has anyone else had these problems? Is there a work-around?

2004-03-12 Thread John Draper
I'm trying to build OpenSSL on OpenBSD3.4
The version I'm using is openssl-0.9.7b
I was un-sucessful in getting it to build via using
./config
So I tried...

./config no-asm

After noticing in the FAQ that the 'no-asm' option was needed.

So here is the last portion of the output of ./config...

 cut here ---
Makefile = Makefile.ssl
making links in tools...
Makefile = Makefile.ssl
generating dummy tests (if needed)...
Configured for OpenBSD-i386.

The library could not be configured for supporting multi-threaded
applications as the compiler options required on this system are not 
known.
See file INSTALL for details if you need multi-threading.
-

What do they mean in that last paragraph above?   Is this because the
new OpenBSD3.4 compiler is changed?
So - now when I do the 'make'  I get...

# make
making all in crypto...
gcc -I. -I.. -I../include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 
-DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer  -c 
cryptlib.c
*unknown*: Assembler messages:
*unknown*:0: Warning: as: I don't understand 'Q' flag.
*unknown*:0: Warning: as: I don't understand 'y' flag.
/tmp/cced7503.s:4: Error: Alignment too large: 15. assumed.
/tmp/cced7503.s:41: Error: Unknown pseudo-op:  `.section'
*** Error code 1

Whats up with this?  What am I doing wrong?  I thought I was following
the instructions...
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]