Re: NAT + mod_ssl
"Leland V. Lammert" wrote: The major sticking point is that the NAT box must be setup to: 1) Handle an 'inside' server. 2) Proxy SSL requests on port 443. As someone else responded, many of the NAT boxes will do this, .. but I have seen some that will not. And if it doesn't you can always use rinetd on a machine which has a "real" IP. Juan -- "We are supposed to be members of a civilization, not pack animals that leave the weak to fend for themselves and die." __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL samples under win32
No, the space is allocated by X509_NAME_oneline(). In the demo source, it's deallocated by Free() (with a capital F), but this function is not available in Win32. Using free() (lowercase F) causes a GPF. My doubt is, what should I use? Juan lucian wrote: Hi Juan! I spretty simple: with free() the opposite of malloc(). :) Enjoy with OpenSSL! Lucian. -- "What is freedom of expression? Without the freedom to offend, it ceases to exist." -- Salman Rushdie __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL samples under win32
Hi. Trying to compile the cli.cpp (is a .c actually) sample under Win32 (VC5), I find out it uses a function called Free() to deallocate the strings returned by the query server certificate functions -- there's no such function available. free(), with a lowercase f, GPFs the program. How do I deallocate those strings? Do I need to at all? Thanx, Juan -- "What is freedom of expression? Without the freedom to offend, it ceases to exist." -- Salman Rushdie __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Error compiling of 0.9.6 on Win98
Processor = K6-2/350; Visual C++ 5.0... The offending inline assembly code is this one: __asm { rdtsc mov cyclecount, eax } What kind of instruction is "rdtsc"? Never heard of this one. Yes, my x86 assembly is a little old. The last great innovation I coded for was 32-bit registers. cl /Fotmp32dll\rand_win.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll /GD -D_WINDLL -D_DLL -c .\crypto\rand\rand_win.c rand_win.c .\crypto\rand\rand_win.c(581) : error C2400: inline assembler syntax error in 'opcode'; found 'newline' NMAKE : fatal error U1077: '"C:\ARQUIVOS DE PROGRAMAS\DEVSTUDIO\VC\BIN\cl.exe"' : return code '0x2' Stop. -- Juan Carlos Castro y Castro | "Standing up to an evil system is [EMAIL PROTECTED] | exhilarating." -Richard Stallman APPI Informatica Ltda. | Rio de Janeiro - Brazil | http://www.vialink.com.br/~jcastro __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RSA patent
Paul Preziosi wrote: "Roeland M.J. Meyer" wrote: I think I mis-read your original question. For some reason I read "unusable", sorry. Yes, the lapse of a patent means the technology becomes available for all to use, freely. This is my understanding. The idea behind patents is kind of contract: - The government grants a legal protection to the registrant, for a given time period, - In return, the registrant releases it's technology to public domain at the end of this time period. This is the spirit. Another aspect of the system is, details of the technology must be public, even during the patent's validity (during which the governments grants the creator a right to charge people for using the technology even when they do it without the creator's help). This is to optimize the balance between compensation to the creator and spreading the benefits of the technology. But then there's the Dark Side of the Force... (correct me if I'm wrong about the facts) The NSA bullied the patent agencies into accepting a monstrosity called a "blind patent", in which the NSA creates a technology, files its details to the patent agency which is not allowed to make it public (perversion #1), and if someone manages to build up something similar from scratch - effectively reinventing it with all merits - the document pops up and the patent is enforced (perversion #2). Worse, the expiration clock start to tick at THAT moment, not when the original paper was filed (perversion #3). Is it really how things happen? I find it hard to believe. begin:vcard n:Castro;Juan tel;work:540-9100 Ramal 46 x-mozilla-html:FALSE url:http://www.appi.com.br/jcastro org:APPI Informática;Desenvolvimento adr:;;Av. Ataulfo de Paiva, 135/1410 - Leblon;Rio de Janeiro;RJ;22499-900;Brasil version:2.1 email;internet:[EMAIL PROTECTED] title:Consultor note;quoted-printable:One man alone cannot fight the future. USE LINUX!=0D=0A=0D=0A-- The X Racer=0D=0A=0D=0APGP Key ID 0xAAE4050C=0D=0A fn:Juan Carlos Castro y Castro end:vcard
Re: openSSL = 128bit encryption on IIS?
This is not to answer the question (whose answer is not unless OpenSSL supports SGC), but to make another related (and slightly offtopic) question: if I find a 128-bit upgrade to MSIE already lying on a server outside the US (say in Germany), then I download and install it for use here (Brazil), am I committing an illegal act? Violation of license, maybe? Bo Hedemark Pedersen wrote: Can I use openSSL to achieve 128bit encryption on IIS4.0? begin:vcard n:Castro;Juan tel;work:540-9100 Ramal 46 x-mozilla-html:FALSE url:http://www.appi.com.br/~jcastro org:APPI Informática;Desenvolvimento adr:;;Av. Ataulfo de Paiva, 135/1410 - Leblon;Rio de Janeiro;RJ;22499-900;Brasil version:2.1 email;internet:[EMAIL PROTECTED] title:Consultor note;quoted-printable:One man alone cannot fight the future. USE LINUX!=0D=0A=0D=0A-- The X Racer fn:Juan Carlos Castro y Castro end:vcard
Re: MSIE certificate expiration problem
HAHAHAHAHA! Y2K bug on Win98!!! I had this one too. Radovan Semancik wrote: Hello! I have problem with OpenSSL generated certificates. MSIE 4 and MSIE 5 both say that this certificate has expored: Validity Not Before: Jul 13 14:36:12 1999 GMT Not After : Jul 12 14:36:12 2000 GMT begin:vcard n:Castro;Juan tel;work:540-9100 Ramal 46 x-mozilla-html:FALSE url:http://www.appi.com.br/~jcastro org:APPI Informática;Desenvolvimento adr:;;Av. Ataulfo de Paiva, 135/1410 - Leblon;Rio de Janeiro;RJ;22499-900;Brasil version:2.1 email;internet:[EMAIL PROTECTED] title:Consultor note;quoted-printable:One man alone cannot fight the future. USE LINUX!=0D=0A=0D=0A-- The X Racer fn:Juan Carlos Castro y Castro end:vcard
Stumped Newbie
Hi. I'm trying to use openssl 0.9.3a under MS VC++ 5 (In which I am a newbie too, as much as in SSL. More used to gcc). The openssl libraries built ok, no errors (according to INSTALL.W32). I'm trying to build the small cli.c demo program as a Win32 console app, but all I get when I run it is: socket: No error It seems the socket call failed but the error information was not set. In order to compile the program, I had to include the static libraries (.lib) for Winsock plus the ones openssl builds in the out32dll directory. Don't know how to make it use only the DLLs. Strange thing is, it asked for SSLEAY32.DLL anyway when it ran. I also copied the include directory openssl onto VC++'s, include tree. And make some modifications in the #include statements in order to use winsock. Oh, and also changed close() to closesocket(). And that's all. Help pleez? Pretty pleez? begin:vcard n:Castro;Juan tel;work:540-9100 Ramal 46 x-mozilla-html:FALSE url:http://www.appi.com.br/~jcastro org:APPI Informática;Desenvolvimento adr:;;Av. Ataulfo de Paiva, 135/1410 - Leblon;Rio de Janeiro;RJ;22499-900;Brasil version:2.1 email;internet:[EMAIL PROTECTED] title:Consultor note;quoted-printable:One man alone cannot fight the future. USE LINUX!=0D=0A=0D=0A-- The X Racer fn:Juan Carlos Castro y Castro end:vcard
[Fwd: Stumped Newbie] Additional Info
More information: s_client seems to work (I'm using Win98, lots of updates from M$ applied), but at the end of the output it hangs and if I press Ctrl-C I get a protection fault before returning to the DOS prompt. Here's the last page of the output (looks valid to me): -END CERTIFICATE- subject=/C=BR/ST=Rio de Janeiro/L=Rio de Janeiro/O=APPI Informatica LTDA/CN=www. appi.com.br issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server [EMAIL PROTECTED] --- No client certificate CA names sent --- SSL handshake has read 1246 bytes and written 299 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: EDH-RSA-DES-CBC3-SHA Session-ID: 19258209FD7D4A4092C979DDCD27C6A4C66E4397EE89408FF13F1E8AA1E88747 Session-ID-ctx: Master-Key: 140D8E9D06376A1CF20082473D5BDC737706CDCCEED6B32745DDC625589188A9 2E4719E67268EB3289E020DC4E394431 Key-Arg : None Start Time: 930847155 Timeout : 300 (sec) --- ...and at this point the cursor just keeps blinking. The core dump details are like this: OPENSSL caused an invalid page fault in module unknown at 00de:7c11171c. Registers: EAX=c16254a4 CS=0177 EIP=7c11171c EFLGS=00010202 EBX= SS=017f ESP=006ef298 EBP=006ef2e0 ECX=c17c5200 DS=017f ESI=7c11171c FS=3af7 EDX=0100 ES=017f EDI= GS=3b2e Bytes at CS:EIP: Stack dump: bff85046 fffe 00c0 0001 8176a670 0001 c16254a4 005c0cb4 006ef0c8 006efe28 bffbfe14 Original Message Subject: Stumped Newbie Date: Thu, 01 Jul 1999 13:15:02 -0300 From: Juan Carlos Castro y Castro [EMAIL PROTECTED] Organization: APPI Informática To: OpenSSL List [EMAIL PROTECTED] Hi. I'm trying to use openssl 0.9.3a under MS VC++ 5 (In which I am a newbie too, as much as in SSL. More used to gcc). The openssl libraries built ok, no errors (according to INSTALL.W32). I'm trying to build the small cli.c demo program as a Win32 console app, but all I get when I run it is: socket: No error It seems the socket call failed but the error information was not set. In order to compile the program, I had to include the static libraries (.lib) for Winsock plus the ones openssl builds in the out32dll directory. Don't know how to make it use only the DLLs. Strange thing is, it asked for SSLEAY32.DLL anyway when it ran. I also copied the include directory openssl onto VC++'s, include tree. And make some modifications in the #include statements in order to use winsock. Oh, and also changed close() to closesocket(). And that's all. Help pleez? Pretty pleez? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]