Re: s_server and s_client newbie problem
Mariusz Burdach wrote: > You should see site: www.onsight.com/faq/stunnel/stunnel-faq-8.html > May be there you will find solution. I have temporarily stopped using egd, but thank you for your help. It will be a possible solution. -- Jorge Olmos Forés E-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Help with cli.cpp and serv.cpp
Albert Serra wrote: > Sorry but I had already read you mail, and I had tried to change the > files .c. It worked and I compiled cli.c and serv.c, thank you. But > now I need > some more help as I am very lost at moment concerning to program a > client and a server with SSL. I ask only for a little help to start > with. > > Thank you The openssl project continues the work started with ssleay. There is some documentation on ssleay (take a look at the links in the "related" tab of the openssl main page). which will help you, as many of the funcitions in ssleay are still there. I´m afraid, there isn´t much more documentation, and there isn´t any kind of tutorial on developing with openssl. The link to the SSLeay Certificate Cookbook, in "related" too, also helped me a lot. -- Jorge Olmos Forés E-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
key size/Performance
Hello all: I´m developing a server using openssl; for my application performance is an important issue, and we don't need very strong encription. I´ve looking at the numbers in times/ and RC4 seems the fastest encription algorithm. The size of the encripted blocks is important too. My question is: is key size relevant to the encription rate? -- Jorge Olmos Forés E-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Help (2)
Once I have got serv.o, I link it with a line like this on my sun-Solaris: g++ serv.o -L (path to your openssl installation)/openssl/lib -lssl -lcrypto -lsocket -lnsl -o serv It's all the same for cli. Try to be more specific. Which libraries are not found? Albert Serra wrote: > > Sorry, but the same question again, > > but I have problems with cli.ccp and serv.cpp when I want to make the > exe file, I cannot create that. I have compiled with gcc but when I > have the cli.o and serv.o I cannot get to run it. So please Could you > write the exact steps to get that. > > I have more questions but first of all I want to run cli.cpp and > serv.cpp, if that's possible, and is it is possible, on a sun > workstation under UNIX how can I get that? > > I also have problems with some libraries not found, is it due to the > last version is not compatible with some older version? > > Thanks > -- Jorge Olmos __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Help (2)
Albert Serra wrote: You need a certificate and a private key, which are in different files. Look at the references tab in the openssl page. There is a text called SSleay Certificate Cookbook which explains the way to make your own certs and keys. > Thank you, > > now the problem is: > > with server when I execute it it appears on the screen that: > > [23=0]serra@lsisun4/~/OpenSSL/opensslsun/demos/ssl>server > 28901:error:02001002:system library:fopen:system > lib:bss_file.c:244:fopen('./foo-cert.pem','r') > 28901:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:246: > > 28901:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system > lib:ssl_rsa.c:513: > > Can you help me to execute server? > > Thank you in advance > > -- > Albert SERRA > === > Integrated Systems Laboratory (DE/LSI-EPFL) > email: [EMAIL PROTECTED] > > -- Jorge Olmos Forés SGI Soluciones Globales Internet [http://www.sgi.es] GMV Sistemas S.A. Sector Foresta 1, 2ª planta 28760 Tres Cantos, Madrid, España. E-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
error:wrong version number
Hello, I want to commmunicate a server I´ve developed over openssl, with a non-ssl client through a stunnel. First, I have tried to comunicate using:s_server <-secure-> stunnel <-plain-text-> telnet $ openssl s_server -accept 4567 -cert my_cert.pem -key my_key.pem as server, and >telnet myhost 5000 as a client through stunnel 3.11 (I´ve tried over openssl 0.9.6/win and 0.9.5a/solaris). command line is $ stunnel -f -r myhost:4567 -d 5000 -p my_certANDkey.pem It works fine most of time, but sometimes I get errors like this from stunnel: LOG5[727:4]: myhost.4567 connected from 127.0.0.1:32862 LOG3[727:4]: SSL_read: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number LOG5[727:4]: Connection reset: 13 bytes sent to SSL, 0 bytes sent to socket which closes the connection. What does this error means? How can I help it? -- Jorge Olmos Forés SGI Soluciones Globales Internet [http://www.sgi.es] GMV Sistemas S.A. Sector Foresta 1, 2ª planta 28760 Tres Cantos, Madrid, España. E-mail: [EMAIL PROTECTED] PGP keyId: 0xCB290369 Searchable at certserver.pgp.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: please help apache-ssl
I don´t know much about modssl, but If you set SSLVerifyClient to 1 you are telling the server to authenticate its clients (criptographically verify the client´s identity). An entitity (let´s say somebody connecting to your server) needs a certificate in order to be athenticated, but hardly any web user has his own certificate (You have to buy it or make your own certification authority and make the server trust it). And that´s is your error message: your browser does not have a certificate. Just don´t set SSLVerifyClient to 1, if you want usual people (99% of web users) to be able to get into your web. Christoph Hubmann wrote: > in httpd.conf:SSLCACertificatePath > /usr/local/ssl/certsSSLCACertificateFile > /usr/local/ssl/certs/ClientCA.crtSSLCertificateFile > /usr/local/ssl/certs/ServerCA.crtSSLCertificateKeyFile > /usr/local/ssl/private/ServerCA.keySSLVerifyClient 1SSLVerifyDepth > 1 with SSLVerifyClient 0 there is no problemwith SSLVerifyClient 1, i > cant cennoct to the server in the error_log is the following > message:[Tue Feb 20 16:01:14 2001] > /usr/local/src/apache_1.3.14/src/modules/ssl/gcache s > tarted > [Tue Feb 20 16:01:14 2001] [debug] apache_ssl.c(369): Random input > /dev/urandom( > 1024) -> 1024 > [Tue Feb 20 16:01:14 2001] [info] created shared memory segment > #118657 > [Tue Feb 20 16:01:14 2001] > /usr/local/src/apache_1.3.14/src/modules/ssl/gcache s > tarted > [Tue Feb 20 16:01:14 2001] [notice] Apache/1.3.14 Ben-SSL/1.42 (Unix) > configured > -- resuming normal operations > [Tue Feb 20 16:01:14 2001] [info] Server built: Feb 16 2001 16:46:27 > [Tue Feb 20 16:01:27 2001] [debug] apache_ssl.c(369): Random input > /dev/urandom( > 1024) -> 1024 > [Tue Feb 20 16:01:29 2001] [error] SSL_accept failed > [Tue Feb 20 16:01:29 2001] [error] error:140890B0:SSL > routines:SSL3_GET_CLIENT_C > ERTIFICATE:no certificates returned what is wrong? i use netscape > 4.75 please help christoph hubmann -- Jorge Olmos Forés __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]