Compilation problems under win32 (BCB)
When doing ms\do_nasm I get E:\openssl-dev.workperl util\mkdef.pl 32 libeay 1ms\libeay32.def File crypto/pem/pem.h: cannot parse: DECLARE_PEM_rw_const(RSAPublicKey, RSA) #INFO:!WIN16:RSA; File crypto/pem/pem.h: cannot parse: DECLARE_PEM_rw_const(DSAparams, DSA) #INFO::; File crypto/pem/pem.h: cannot parse: DECLARE_PEM_rw_const(ECPKParameters, EC_GRO UP) #INFO:!WIN16:EC; File crypto/pem/pem.h: cannot parse: DECLARE_PEM_rw_const(DHparams, DH) #INFO::; Warning: DSO_pathbyaddr does not have a number assigned E:\openssl-dev.workperl util\mkdef.pl 32 ssleay 1ms\ssleay32.def File crypto/pem/pem.h: cannot parse: DECLARE_PEM_rw_const(RSAPublicKey, RSA) #INFO:!WIN16:RSA; File crypto/pem/pem.h: cannot parse: DECLARE_PEM_rw_const(DSAparams, DSA) #INFO::; File crypto/pem/pem.h: cannot parse: DECLARE_PEM_rw_const(ECPKParameters, EC_GRO UP) #INFO:!WIN16:EC; File crypto/pem/pem.h: cannot parse: DECLARE_PEM_rw_const(DHparams, DH) #INFO::; And then E:\openssl-dev.workmake -f ms\bcb.mak MAKE Version 5.2 Copyright (c) 1987, 2000 Borland Error ms\bcb.mak 565: Too many rules for target 'tmp32\e_4758cca_err.h' Error ms\bcb.mak 571: Too many rules for target 'tmp32\e_aep_err.h' Error ms\bcb.mak 577: Too many rules for target 'tmp32\e_atalla_err.h' Error ms\bcb.mak 583: Too many rules for target 'tmp32\e_cswift_err.h' Error ms\bcb.mak 589: Too many rules for target 'tmp32\e_gmp_err.h' Error ms\bcb.mak 595: Too many rules for target 'tmp32\e_chil_err.h' Error ms\bcb.mak 601: Too many rules for target 'tmp32\e_nuron_err.h' Error ms\bcb.mak 607: Too many rules for target 'tmp32\e_sureware_err.h' Error ms\bcb.mak 613: Too many rules for target 'tmp32\e_ubsec_err.h' *** 9 errors during make *** what can be wrong? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Getting sockaddr_in structures from a BIO or SSL struct.
Cross-platform portability: excellent reason. As long as OpenSSL is everywhere you need it to be, this is a great reason. OpenSSL isn't everywhere we needed it, but we had a portable socket library that is. We buried SSL handling inside of that; using SSL where supported and customer chooses it, not using it where we can't. BIOs looked really cool and useful to me. I'm still looking for an implementation opportunity. DaveMclellan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thomas J. Hruska Sent: Sunday, June 26, 2005 10:08 PM To: openssl-users@openssl.org Subject: Re: Getting sockaddr_in structures from a BIO or SSL struct. mclellan, dave wrote: Unless you have a specific reason to use BIOs, you can do a regular accept() Typical reason to use BIOs: Cross-platform portability. I recommend using BIOs whenever someone uses the pre-built Win32 OpenSSL Installation Project binaries and they have difficulties. Using BIOs in terms of sockets is generally not needed because socket handles tend to be process global compatable under most OSes whereas FILE *'s are typically local module compatable only. Thomas Hruska __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
FW: stunnel.log
Hi, I have written an email client application to send/receive email. However, gmail accounts requires that email clients use SSL. In order to do this, I am running stunnel in the background. I am able to retrieve emails from gmail pop3 server, but I am not able To send email thru gmail smtp server. Gmail requires that email clients Support SMTP authentication, and also requires TLS. I am receiving the following errors in stunnel.log when trying to send email from gmail accounts. Attached is my stunnel.conf file. Is there something I am missing to cause these errors ? Does stunnel support SMTP authentication ? 2005.06.27 11:26:17 LOG7[25398:81923]: - 220 2.0.0 Ready to start TLS. 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): before/connect initialization 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 write client hello A 2005.06.27 11:26:17 LOG7[25398:81923]: waitforsocket: FD=13, DIR=read 2005.06.27 11:26:17 LOG7[25398:81923]: waitforsocket: ok 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 read server hello A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 read server certificate A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 read server done A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 write client key exchange A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 write change cipher spec A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 write finished A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 flush data 2005.06.27 11:26:17 LOG7[25398:81923]: waitforsocket: FD=13, DIR=read 2005.06.27 11:26:17 LOG7[25398:81923]: waitforsocket: ok 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 read finished A 2005.06.27 11:26:17 LOG7[25398:81923]:5 items in the session cache 2005.06.27 11:26:17 LOG7[25398:81923]:5 client connects (SSL_connect()) 2005.06.27 11:26:17 LOG7[25398:81923]:5 client connects that finished 2005.06.27 11:26:17 LOG7[25398:81923]:0 client renegotiatations requested 2005.06.27 11:26:17 LOG7[25398:81923]:0 server connects (SSL_accept()) 2005.06.27 11:26:17 LOG7[25398:81923]:0 server connects that finished 2005.06.27 11:26:17 LOG7[25398:81923]:0 server renegotiatiations requested 2005.06.27 11:26:17 LOG7[25398:81923]:0 session cache hits 2005.06.27 11:26:17 LOG7[25398:81923]:0 session cache misses 2005.06.27 11:26:17 LOG7[25398:81923]:0 session cache timeouts 2005.06.27 11:26:17 LOG6[25398:81923]: Negotiated ciphers: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 2005.06.27 11:26:18 LOG7[25398:81923]: Socket closed on read 2005.06.27 11:26:18 LOG7[25398:81923]: SSL alert (write): warning: close notify 2005.06.27 11:26:18 LOG7[25398:81923]: SSL write shutdown (output buffer empty) 2005.06.27 11:26:19 LOG7[25398:81923]: SSL socket closed on SSL_read 2005.06.27 11:26:19 LOG5[25398:81923]: Connection closed: 59 bytes sent to SSL, 165 bytes sent to socket 2005.06.27 11:26:19 LOG7[25398:81923]: ssmtp finished (1 left) stunnel.conf Description: stunnel.conf
Errors sending email thru gmail's smtp server
Hi, I have written an email client application to send/receive email. However, gmail accounts requires that email clients use SSL. In order to do this, I am running stunnel in the background. I am able to retrieve emails from gmail pop3 server, but I am not able To send email thru gmail smtp server. Gmail requires that email clients Support SMTP authentication, and also requires TLS. I am receiving the following errors in stunnel.log when trying to send email from gmail accounts. Attached is my stunnel.conf file. Is there something I am missing to cause these errors ? Does stunnel support SMTP authentication ? 2005.06.27 11:26:17 LOG7[25398:81923]: - 220 2.0.0 Ready to start TLS. 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): before/connect initialization 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 write client hello A 2005.06.27 11:26:17 LOG7[25398:81923]: waitforsocket: FD=13, DIR=read 2005.06.27 11:26:17 LOG7[25398:81923]: waitforsocket: ok 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 read server hello A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 read server certificate A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 read server done A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 write client key exchange A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 write change cipher spec A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 write finished A 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 flush data 2005.06.27 11:26:17 LOG7[25398:81923]: waitforsocket: FD=13, DIR=read 2005.06.27 11:26:17 LOG7[25398:81923]: waitforsocket: ok 2005.06.27 11:26:17 LOG7[25398:81923]: SSL state (connect): SSLv3 read finished A 2005.06.27 11:26:17 LOG7[25398:81923]:5 items in the session cache 2005.06.27 11:26:17 LOG7[25398:81923]:5 client connects (SSL_connect()) 2005.06.27 11:26:17 LOG7[25398:81923]:5 client connects that finished 2005.06.27 11:26:17 LOG7[25398:81923]:0 client renegotiatations requested 2005.06.27 11:26:17 LOG7[25398:81923]:0 server connects (SSL_accept()) 2005.06.27 11:26:17 LOG7[25398:81923]:0 server connects that finished 2005.06.27 11:26:17 LOG7[25398:81923]:0 server renegotiatiations requested 2005.06.27 11:26:17 LOG7[25398:81923]:0 session cache hits 2005.06.27 11:26:17 LOG7[25398:81923]:0 session cache misses 2005.06.27 11:26:17 LOG7[25398:81923]:0 session cache timeouts 2005.06.27 11:26:17 LOG6[25398:81923]: Negotiated ciphers: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 2005.06.27 11:26:18 LOG7[25398:81923]: Socket closed on read 2005.06.27 11:26:18 LOG7[25398:81923]: SSL alert (write): warning: close notify 2005.06.27 11:26:18 LOG7[25398:81923]: SSL write shutdown (output buffer empty) 2005.06.27 11:26:19 LOG7[25398:81923]: SSL socket closed on SSL_read 2005.06.27 11:26:19 LOG5[25398:81923]: Connection closed: 59 bytes sent to SSL, 165 bytes sent to socket 2005.06.27 11:26:19 LOG7[25398:81923]: ssmtp finished (1 left) stunnel.conf Description: stunnel.conf
Key length and other questions
Hello, I am developing a secure HTTP web proxy server using OpenSSL 0.9.6d. It supports SSL/TLS on both client and server sides. I have already implemented the basic secure connection and authentication functions using examples found in OpenSSL books. I am not a security expert, and my customer is asking the following questions: 1) What is the key-length of the symmetric and assymetric encryption for the TLS1.0 and SSL3.0 protocols? It should be the following: TLS 1.0 as described in [RFC2246] must support 128bit and 1024 key length for symmetric and asymmetric encryption respectively. SSL3.0 as described in [SSL] must support 128bit and 1024 key length for symmetric and asymmetric encryption respectively. 2) Is this key-length directly related to the algorithms used (RC4, 3DES, AES)? 3) What is passed in its CLIENT_HELLO message during the SSL-handshake: the different supported algorithms, the different key-lengths, ... For question #1, I would expect that OpenSSL indeed supports the requirements in RFC2246. Question #2 is probably yes as well. For #3, my code is not modifying the cipher suites in the SSL context, so the answer might be whatever openssl ciphers prints out: EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA: etc. Thanks for any comments, -David Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Installation Problem: OpenSSL-0.9.7g
Hi, I just installed OpenSSL-0.9.7g and it appears that Im missing the file libcrypto.so. The installation seemed to go fine. I really need this fine for a particular application that we are running. How can I get this file installed? Thanks, Rayna Rayna Hershberger, MCP- NetworkEngineer World Synergy ~ www.worldsynergy.com 6830 Cochran Road, Suite B, Solon, Ohio 44139 (440) 349-4940 x610 Fax: (440) 349-4941 [EMAIL PROTECTED] Bringing People and Technology Together.
Still a few issues. Release delayed...
Hi, The release is delayed again. There are a couple of issues that I think need to be checked. I hope we'll be through with this in a week. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]