[no subject]

2004-05-03 Thread lavin p 
hello everybody,
im lavin.i'm working in nokia india pvt ltd.i need your help ... coz i'm new 
to this project NSAS . i need to know ,when an http request to port 80 comes 
howz it redirecting to https ie 443 port??? n after this i need to know,if 
i'm adding a new module to apache server ,i've written the complete module 
and done with all the module structure n all those stuff and made the 
xyz_mod.so file  now i want to know how to call this module from apache 
when a request comes. i mean how is the hooking taking place... please help 
me

if you are not the right person and if you know somone who knows all these 
stuff please forward this mail to tht person and ask to help me

thanking you
p lavin
mail me at
[EMAIL PROTECTED]
_
Easiest Money Transfer to India. Send Money To 6000 Indian Towns. 
http://go.msnserver.com/IN/48198.asp Easiest Way To Send Money Home!

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[no subject]

2004-05-03 Thread Richard Levitte - VMS Whacker 
You're asking on the wrong list.  I will answer with what I can find
on the net, and if that isn't enough, you'll have to get in touch with
the Apache group (which we are NOT).

In message <[EMAIL PROTECTED]> on Mon, 03 May 2004 17:15:14 +0530, "lavin p" <[EMAIL 
PROTECTED]> said:

lavin_p81> i need to know, when an http request to port 80 comes howz
lavin_p81> it redirecting to https ie 443 port??? 

It usually doesn't, but if you want it to and use mod_ssl, the
following page answers your question:

http://www.modssl.org/docs/2.8/ssl_howto.html#ToC10

lavin_p81> n after this i need to know,if i'm adding a new module to
lavin_p81> apache server ,i've written the complete module and done
lavin_p81> with all the module structure n all those stuff and made
lavin_p81> the xyz_mod.so file  now i want to know how to call
lavin_p81> this module from apache when a request comes. i mean how is
lavin_p81> the hooking taking place... please help me

It looks to me like you're looking for the following:

  http://httpd.apache.org/docs/misc/API.html(Apache 1.3)
  http://httpd.apache.org/docs-2.0/developer/   (Apache 2.x)

-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte   \ Tunnlandsvägen 52 \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-708-26 53 44
\  SWEDEN   \
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: lavin (Redirection the port)

2004-05-03 Thread Carlos Cabañero 
I've asked a friend. If you're using Linux (and as you said you were using 
Apache I think so) you have to do the following:

	iptables -t nat -A PREROUTING -i eth1 -p tcp -d 10.1.7.1 --dport 80 -j DNAT 
--to 10.1.7.1:443

Replace eth1 with the network interface where apache's serving and 10.1.7.1 
with your server's public IP. And about your other question, I have no idea, 
but sure that other one can help you.

From: "lavin p" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Mon, 03 May 2004 17:15:14 +0530
hello everybody,
im lavin.i'm working in nokia india pvt ltd.i need your help ... coz i'm 
new to this project NSAS . i need to know ,when an http request to port 80 
comes howz it redirecting to https ie 443 port??? n after this i need to 
know,if i'm adding a new module to apache server ,i've written the complete 
module and done with all the module structure n all those stuff and made 
the xyz_mod.so file  now i want to know how to call this module from 
apache when a request comes. i mean how is the hooking taking place... 
please help me

if you are not the right person and if you know somone who knows all these 
stuff please forward this mail to tht person and ask to help me

thanking you
p lavin
mail me at
[EMAIL PROTECTED]
_
Easiest Money Transfer to India. Send Money To 6000 Indian Towns. 
http://go.msnserver.com/IN/48198.asp Easiest Way To Send Money Home!

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
_
Una nueva forma de navegar. Descarga la Barra de Herramientas de MSN.  
http://toolbar.msn.es/

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: lavin (Redirection the port)

2004-05-03 Thread Richard Levitte - VMS Whacker 
In message <[EMAIL PROTECTED]> on Mon, 03 May 2004 14:45:10 +, Carlos Cabañero 
<[EMAIL PROTECTED]> said:

charlychango> I've asked a friend. If you're using Linux (and as you
charlychango> said you were using Apache I think so) you have to do
charlychango> the following:
charlychango> 
charlychango>   iptables -t nat -A PREROUTING -i eth1 -p tcp \
charlychango>   -d 10.1.7.1 --dport 80 -j DNAT \
charlychango>   --to 10.1.7.1:443
charlychango>
charlychango> Replace eth1 with the network interface where apache's
charlychango> serving and 10.1.7.1 with your server's public IP. And
charlychango> about your other question, I have no idea, but sure that
charlychango> other one can help you.

*GN*

NO.  Do NOT do that, please.  Browser who access port 80 will
expecting cleartext HTTP, not HTTP through a SSL tunnel.  Doing the
above change will just throw off any browser that uses an http: URL to
access your server (i.e. they will get an error message at best and
giberish at worst, and I guarantee that the http server will spew
error lines).

The redirection from port 80 to port 443 needs to be controled by the
http server software.

charlychango> >From: "lavin p" <[EMAIL PROTECTED]>
charlychango> >Reply-To: [EMAIL PROTECTED]
charlychango> >To: [EMAIL PROTECTED]
charlychango> >Date: Mon, 03 May 2004 17:15:14 +0530
charlychango> >
charlychango> >hello everybody,
charlychango> >
charlychango> >im lavin.i'm working in nokia india pvt ltd.i need your help ... coz 
i'm 
charlychango> >new to this project NSAS . i need to know ,when an http request to port 
80 
charlychango> >comes howz it redirecting to https ie 443 port??? n after this i need 
to 
charlychango> >know,if i'm adding a new module to apache server ,i've written the 
complete 
charlychango> >module and done with all the module structure n all those stuff and 
made 
charlychango> >the xyz_mod.so file  now i want to know how to call this module 
from 
charlychango> >apache when a request comes. i mean how is the hooking taking place... 
charlychango> >please help me
charlychango> >
charlychango> >if you are not the right person and if you know somone who knows all 
these 
charlychango> >stuff please forward this mail to tht person and ask to help me
charlychango> >
charlychango> >thanking you
charlychango> >p lavin
charlychango> >
charlychango> >mail me at
charlychango> >
charlychango> >[EMAIL PROTECTED]

-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte   \ Tunnlandsvägen 52 \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-708-26 53 44
\  SWEDEN   \
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[no subject]

2004-05-03 Thread lavin p 
hi everybody,
thx for all your help.And i think i'm not in the wrong list ..if anyone can 
tell me how mod_ssl is being integrated with apache this would be a help for 
me.

if someone can give me an idea about (in a programmers perspective) how we 
are using mod_ssl with apache ... this will help me.

regards
P lavin
_
Sports, sports and more sports! Keep up with all that’s happening! 
http://www.msn.co.in/sports/ Stay connected with MSN Sports!

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: your mail

2004-05-03 Thread martin paljak 
Hello!

AFAIK this list is about openssl. Openssl is a library for SSL operations,
and some utilities. What you are interested in, is more related
to mod_ssl, and apache in general. 


cheers,
m.

p.s. there's a good book from wrox, on how to write apache modules.


On Mon, May 03, 2004 at 08:36:02PM +0530, lavin p wrote:
> hi everybody,
> 
> thx for all your help.And i think i'm not in the wrong list ..if anyone can 
> tell me how mod_ssl is being integrated with apache this would be a help 
> for me.
> 
> if someone can give me an idea about (in a programmers perspective) how we 
> are using mod_ssl with apache ... this will help me.
> 
> regards
> P lavin
> 
> _
> Sports, sports and more sports! Keep up with all that?s happening! 
> http://www.msn.co.in/sports/ Stay connected with MSN Sports!
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

-- 
martin paljak - konsultant
[EMAIL PROTECTED] - email
martin.paljak.pri.ee - veeb
+372.55.984.685 - telefon
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re[2]: lavin (Redirection the port)

2004-05-03 Thread Pawel Hadam 
RLVW> The redirection from port 80 to port 443 needs to be controled by the
RLVW> http server software.

Is not the web browser that contacts port 80 for HTTP requests and
port 443 for HTTPS requests ??? (and 119 for NNTP requests, and 21 for
FTP requests, and etc...)

Surely, it not this group topic.

-- 
Pawel Hadam LSR-IMAG, Grenoble, France
Ph.D. candidate   http://www-lsr.imag.fr/Les.Personnes/Pawel.Hadam

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[no subject]

2004-05-03 Thread Richard Levitte - VMS Whacker 
In message <[EMAIL PROTECTED]> on Mon, 03 May 2004 20:36:02 +0530, "lavin p" <[EMAIL 
PROTECTED]> said:

lavin_p81> thx for all your help.And i think i'm not in the wrong list..

Considering I'm assisting listowner, I feel safe in telling you that
you are indeed on the wrong list.  It just happens that I'm kind
enough to give you a short answer.

For mod_ssl stuff, please look around in http://www.modssl.org/.

-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte   \ Tunnlandsvägen 52 \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-708-26 53 44
\  SWEDEN   \
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: lavin (Redirection the port)

2004-05-03 Thread Richard Levitte - VMS Whacker 
In message <[EMAIL PROTECTED]> on Mon, 3 May 2004 17:12:39 +0200, Pawel Hadam <[EMAIL 
PROTECTED]> said:

Pawel.Hadam> RLVW> The redirection from port 80 to port 443 needs to
Pawel.Hadam> RLVW> be controled by the http server software.
Pawel.Hadam> 
Pawel.Hadam> Is not the web browser that contacts port 80 for HTTP
Pawel.Hadam> requests and port 443 for HTTPS requests ???

Of course it is.  For the URL http://www.foo.com/ it will access
port 80 on www.foo.com and expect cleartext HTTP, and for
https://www.foo.com/ it will access port 443 on www.foo.com and expect
HTTP through an SSL tunnel.  Any browser will get complete crap it it
gets a SSL handshake when accessing port 80 (i.e. when using the URL
http://www.foo.com/).

The technique to redirect port 80 to port 443 that works is, when a
browser accesses port 80 (http://www.foo.com/), for the server to say
"nonono, you have to get this page as https://www.foo.com/!"; (it's
done through the Location HTTP header), at which point, the browser
will use the new URL (https://www.foo.com/) and access port 443.

-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte   \ Tunnlandsvägen 52 \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-708-26 53 44
\  SWEDEN   \
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RENEGOTIATING error in my app.

2004-05-03 Thread Rodrigo Madera 
Dear listmembers:

I got an OpenSSL test program like this:

-BEGIN CODE-
std::string name;
SendTextString("Whats your name? ");   // this function encapsulates bio_puts
GetTextString(name);   // the same for gets
std::string Response = "Nice to meet you " + name;
SendTextString(Response);
-END CODE-

The problem is that *somethimes* and depending on the input, I get a:

RENEGOTIATING
depth=1 /C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517
verify error:num=19:self signed certificate in certificate chain
verify return:0

The strange part is that when I type my name (Rodrigo) the error always appears, and
so does with some other input.

Any clues? I am really beggining in this OpenSSL world. Any help is greattly 
appreciated.

Thanking in advance,
Rodrigo

-- 
___
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

How BN_bin2bn works

2004-05-03 Thread Carlos Cabañero 
Hi!
I'm giving a look to the code of OpenSSL as I'm very interested in RSA 
encryptation / decryp. specially for a subject called Discrete Math. My 
problem is that I have to work on an algorithm by myself and, of course, I'm 
trying to implement and understand some things that OSSL uses like the 
Arbitrary Precision Numbers (BIGNUM).

What I can't understand is how the function BN_bin2bn works (or at least, I 
know what it does but I think doesn't do it correctly). For example, imagine 
that I have to transform the string "1234" to the BIGNUM->d (that it's a 
pointer to a long):

Initial params:
  s = "1234"
m = 3
n = 4
i = 1
The initial long l is a 32 bit full of zeros. So then when  you do:
l=(l<<8L)| *(s++);
This then write to the long the char value of '1', '2', '3', and at last '4' 
moving the bits to the left. For example for the '1' it writes 110001. When 
it writes the '2' the chain of bits is something like: 110001 00110010, and 
so on... At the end I have this:

00110001001100100011001100110100   - 32 bit long
And that, of course, it's not the number 1234 in binary, is the number 
825373492. What is what I'm not understanding? (I think anything at all). 
Please help me! Thank You!!

_
Protege tu correo contra los virus con MSN Premium. Pruébalo gratis dos 
meses. 
http://join.msn.com/?pgmarket=es-es&page=features/firewall&XAPID=1684&DI=1055&HL=TAG2OPENINGTEXT_MSNPREMIUM_VIRUS

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How BN_bin2bn works

2004-05-03 Thread Richard Levitte - VMS Whacker 
In message <[EMAIL PROTECTED]> on Mon, 03 May 2004 18:15:48 +, Carlos Cabañero 
<[EMAIL PROTECTED]> said:

charlychango> I'm giving a look to the code of OpenSSL as I'm very
charlychango> interested in RSA encryptation / decryp. specially for a
charlychango> subject called Discrete Math. My problem is that I have
charlychango> to work on an algorithm by myself and, of course, I'm
charlychango> trying to implement and understand some things that OSSL
charlychango> uses like the Arbitrary Precision Numbers (BIGNUM).
charlychango> 
charlychango> What I can't understand is how the function BN_bin2bn
charlychango> works (or at least, I know what it does but I think
charlychango> doesn't do it correctly). For example, imagine that I
charlychango> have to transform the string "1234" to the BIGNUM->d
charlychango> (that it's a pointer to a long):

If the string "1234" is to be interpreted as a hexadecimal number, you
should use BN_hex2bn().  If it's to be interpreted as a decimal
number, you should use BN_dec2bn().

BN_bin2bn() is supposed to be used when you get a number in raw binary
form.  If you have the number 1234 stored in a unsigned char array (in
big-endian form, which is required by BN_bin2bn()), then it could look
like this (I trust you understand C enough to understand what this
does):

unsigned char raw_input[] = { 4, 210 }; /* 1234 = 4 * 256 + 210 */
BIGNUM *bn = BN_bin2bn(raw_input, sizeof(raw_input));

-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte   \ Tunnlandsvägen 52 \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-708-26 53 44
\  SWEDEN   \
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Query Verisign certificates

2004-05-03 Thread Reese Williams 
Brand new to openssl. 
Anyone use openssl x509 -text -n //certificate-name.pem with a Verisign
certificate to get expiration date?
I have quite a few Apache and IIS 5.0 web servers and I am looking to automate in a script notifications concerning certificate expirations. 
Thanks.
 

Small Footprint OpenSSL

2004-05-03 Thread J Harper 
Requests for an embedded OpenSSL implementation are periodically made on
this list.  Our team worked through many of these issues trying to make a
small OpenSSL library.  Turning off the optional defines will reduce the
library by a couple hundred KB.  Going in by hand to remove code becomes
very difficult due to interdependencies, but can save another 100-200KB.  A
few weeks of work can reduce the OpenSSL size to around 500KB.

We have released an embedded SSL implementation that is under 50KB, well
commented and very easy to understand and support.  MatrixSSL is available
under a dual-license, similar to MySQL, with the open source download at
http://www.matrixssl.org

MatrixSSL was designed to fit a complementary niche to OpenSSL, download and
check it out!

J Harper
PeerSec Networks
http://www.peersec.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Query Verisign certificates

2004-05-03 Thread Joseph Bruni 
Try using the -enddate option to get the expiration date.
On May 3, 2004, at 12:50 PM, Reese Williams wrote:
Brand new to openssl.
 Anyone use openssl x509 -text -n //certificate-name.pem with a 
Verisign
certificate to get expiration date?
I have quite a few Apache and IIS 5.0 web servers and I am looking to 
automate in a script notifications concerning certificate expirations.
 Thanks.
 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: .cer certificate file

2004-05-03 Thread Raven 
> That wont help you much because the request to "use users.cer" is pretty
> meaningless. If they want you to use it as a client certificate then you
can't
> because you don't have the private key. If it is a CA certificate then you
can
> add it to your trusted root CAs.
Umm... what kind of func is used for that?
Is there OpenSSL docuemntation somewhere? One on the site seemt to be uhm
well, trimmed ;)

As far as I understand, I use this certificate to be sure that the server I
am connecting to is really what it is.
So, I need to tell the server I have the cert somehow, or request something
from it to be sure that it has server copy/version of the certificate I
have, right?





__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: memory leak in multithreaded c++ program

2004-05-03 Thread Igal Ore 
Hawk wrote:
Hi
I wrote a multithreaded program using openssl
But with every connection it grows up about 8kb
I think I freed all SSL* and SSL_CTX* I used
I used this functions to make my program threadsafe:
Perhaps anyone can give me a hint if there is an error?
With best regards
Stephan
void CRYPTO_thread_setup(void)
{
debugmsg("[CRYPTO_thread_setup] start");
int i;
lock_cs = (pthread_mutex_t*)OPENSSL_malloc(CRYPTO_num_locks() *
sizeof(pthread_mutex_t));
lock_count = (long *)OPENSSL_malloc(CRYPTO_num_locks() *
sizeof(long));
for (i=0; i
CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
CRYPTO_set_locking_callback(pthreads_locking_callback);
debugmsg("[CRYPTO_thread_setup] end");
}
void thread_cleanup(void)
{
debugmsg("[thread_cleanup] start");
int i;
CRYPTO_set_locking_callback(NULL);
for (i=0; i
void pthreads_locking_callback(int mode, int type, const char *file,
int line)
{
//debugmsg("[pthreads_locking_callback] start");
#if 0
fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
CRYPTO_thread_id(),
(mode&CRYPTO_LOCK)?"l":"u",
(type&CRYPTO_READ)?"r":"w",file,line);
#endif
#if 0
if (CRYPTO_LOCK_SSL_CERT == type)
fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
CRYPTO_thread_id(),
mode,file,line);
#endif
if (mode & CRYPTO_LOCK)
{
pthread_mutex_lock(&(lock_cs[type]));
lock_count[type]++;
}
else
{
pthread_mutex_unlock(&(lock_cs[type]));
}
//debugmsg("[pthreads_locking_callback] end");
}
unsigned long pthreads_thread_id(void)
{
unsigned long ret;
ret=(unsigned long)pthread_self();
return(ret);
}
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
 

First , try to activate OpenSSL debug memory procedure:
BIO *pbio - BIO_new(BIO_s_file());
BIO_set_fp(out,stdout,BIO_NOCLOSE);
CRYPTO_malloc_debug_init();
MemCheck_start();
MemCheck_on();
.
.
.
MemCheck_off()
MemCheck_stop()
CRYPTO_mem_leaks(pbio);
This will print out to stdout all memory that has been not deallocated ;
Put starting part before everything ( even before 
OpenSSL_add_all_algorithms() call) this you will see everything.

Possible place of leeak , is error reporting since it tied to thread IDs
Just on remark one thread safe code : why do you need lock_count array ?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]