API's ??
For generating the certifcate and private file, I am currently using the command line interface... that is commands like "openssl genrsa ..." and "openssl req -new -x509..." etc. But, are there any openssl API's for the same? If yes, please let me know few APIs. Thanks for the assistance, Ruby __ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
linux v/s solaris
My client_server program with SSL, works fine in Linux but fails in Solaris. In solaris, SSL_accept and SSL_connect fails with reason 1 (which is [#define SSL_ERROR_SSL 1] " I am using the cert and key file correctly. Am I missing anything else? Anyone please help! __ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
test mail...
__ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is the key exchange asymmetric or symmetric?
These are explained in the document section of http://www.openssl.org U can also refer to... http://www.linuxsecurity.com/resource_files/cryptography/ssl-and-certificates.html __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: how to replace expired CA certificate
I had the same problem... until when I realised that the password I used was wrong... check u'r passwd if its the same... just incase. --- Sarath Chandra M <[EMAIL PROTECTED]> wrote: > Hi, > Recently I generated a CA certificate using > openssl and installed it on > a iPlanet webserver. > This certificate has expired. Now I regenerated a > new CA certificate. In the > webserver, I > removed the old one and installed the new one. But > ssl is failing. Is it a > problem with openssl > new CA generation or I missed something in the > iPlanet webserver ? > Any help please. > regards > Sarath Chandra M > IT Dept. > UAE Exchange Centre LLC > PO Box 170, Abu Dhabi, UAE > Phone 02-6322166, 6394342 > Fax 02-6221447, 6340713 > GSM 050-4450417 > > Confidentiality Notice: This e-mail message, > including any attachments, is > for the sole use of the intended recipient(s) and > may contain confidential > and privileged information. Any unauthorized review, > use, disclosure or > distribution is prohibited. If you are not the > intended recipient, please > contact the sender by reply e-mail and destroy all > copies of the original > message. > > > __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Compiling Error for Openssl on NT
Hi Zuosheng Hu , Your problem is explained in FAQ. http://www.openssl.org/support/faq.html You have to run VCVARS32.BAT (of MS VC++) before doing nmake step. - Ruby --- "Dilkie, Lee" <[EMAIL PROTECTED]> wrote: > did you do a "vcvars32" to set the command line > environment up, like the document doesn't state? > > And why would someone from Entrust be using open > source crypto? > > -lee dilkie > (former entrust programmer) > > -Original Message- > From: Zuosheng Hu [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 19, 2001 9:35 AM > To: '[EMAIL PROTECTED]' > Subject: Compiling Error for Openssl on NT > > > > Dear Sir: >I am using openssl toolkit , version 0.9.6b. > According to the instruction, I did the following > steps: > >perl Configure VC-WIN32 (okay); > >ms\do_ms (okay); > >nmake -f ms\ntdll.mak, (error occurs. the error > message is: > cl /Fotmp32dll\cryptlib.obj -Iinc32 > -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 > /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 > -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 / > Fdout32dll /GD -D_WINDLL -D_DLL -c > .\crypto\cryptlib.c > 'cl' is not recognized as an internal or > external command, > operable program or batch file. > NMAKE : fatal error U1077: 'cl' : return code > '0x1' > Stop. > I can not figure out what problem there is in it. I > would be very grateful if you could give me a help! > > I am looking forward to hearing your reply earlier. > > Sincerely Yours, > > Zuosheng Hu > > __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL _Accept returns -1.
I was also getting "-1" for "SSL_accept" while
plugging SSL to my simple web server. The simple
reason for the failure was that I was using "http"
instead of "httpS".
I am not an expert but just dropping a note if it
helps.
--- Hylton Tregenza <[EMAIL PROTECTED]>
wrote:
> Hi All.
>
> I am still very green with this TSL stuff. Having
> searched the archives,
> I am still not certain how to correct this
> situation. pribable because I
> am not sure what is causing it.
>
> I have two small apps on my machine. One a server,
> the other a client.
> Without the SSL lib, the communicate fine.
>
> The cerificate that I am using works with s_server
> and s_client. I have
> concluded that the must be correct.
> The application path(s) are as follows.
>
>
> Server
> // Blocking socket - waits for connection here after
> connection ..
> SSL_load_error_strings();
> ERR_print_errors_fp(stdout); fflush(stdout);
> ERR_load_crypto_strings();
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSLeay_add_ssl_algorithms();
> ERR_print_errors_fp(stdout); fflush(stdout);
> pMETHOD = TLSv1_server_method();
>
> pCTX = SSL_CTX_new(pMETHOD);
> pSSL = SSL_new(pCTX);
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSL_CTX_set_mode(pCTX, SSL_MODE_AUTO_RETRY);
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSL_set_mode(pSSL, SSL_MODE_AUTO_RETRY);
> SSL_set_accept_state(pSSL);
> SSL_CTX_set_default_passwd_cb( pCTX, PasswdCallback
> );
> SSL_CTX_use_certificate_file(pCTX, CERTF,
> SSL_FILETYPE_PEM)
> SSL_CTX_use_PrivateKey_file(pCTX, KEYF,
> SSL_FILETYPE_PEM)
> SSL_CTX_check_private_key(pCTX))
>
> SSL_set_fd(pSSL, sock1);
> err = SSL_accept(pSSL); -- Here we get -1.
> pSSL_CIPHER = SSL_get_current_cipher(pSSL);
>
> pSSL_CIPHER is null.
>
>
>
>
> Client.
> SSL_load_error_strings();
> ERR_print_errors_fp(stdout); fflush(stdout);
> ERR_load_crypto_strings();
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSLeay_add_ssl_algorithms();
> ERR_print_errors_fp(stdout); fflush(stdout);
> pMETHOD = TLSv1_client_method();
> pCTX = SSL_CTX_new(pMETHOD);
> pSSL = SSL_new(pCTX);
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSL_CTX_set_mode(pCTX, SSL_MODE_AUTO_RETRY);
> ERR_print_errors_fp(stdout); fflush(stdout);
> SSL_set_mode(pSSL, SSL_MODE_AUTO_RETRY);
> SSL_set_connect_state(pSSL);
>
> -+
> SSL_CTX_set_default_passwd_cb( pCTX, PasswdCallback
> ); |
> SSL_CTX_use_certificate_file(pCTX, CERTF,
> SSL_FILETYPE_PEM) |
> SSL_CTX_use_PrivateKey_file(pCTX, KEYF,
> SSL_FILETYPE_PEM) | tried
> with and without this on client.
> SSL_CTX_check_private_key(pCTX))
> |
>
> -+
> SSL_set_fd(pSSL, sock1);
> err = SSL_connect(pSSL);
>
> Here SSL_connect waits. when the error occurs on
>
> SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c :490
> (client side).
>
> If I put the server is a loop as such as below for
> the accept.
> Theappication waits indefinitely
>
> do {
> err = SSL_accept(pSSL);
>
> } while ( SSL_get_error(pSSL, err) ==
> SSL_ERROR_WANT_READ
> || SSL_get_error(pSSL, err) ==
> SSL_ERROR_WANT_WRITE);
>
>
> Please, any light on what I have overlooked, missed
> out on or done to
> much of.
> If I can give any more information please let me
> know.
>
> Hylton
>
>
>
>
__
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Simple SSL Tutorial Updated
Hi all, This tutorial helped me. It is short and a quick learning to use OpenSSL. Thanks! --- Jeremy Smith <[EMAIL PROTECTED]> wrote: > Hi! > > I've updated my webpage: > > http://members.netscapeonline.co.uk/jeremyalansmith/ssltutorial/ > > With some information at the beginning, about what > ports SSL is used on, and > how to test an SSL application with a browser. > > The tutorial is aimed at those who are trying to > SSL-ise a webserver written > in C (although it could be easily adapted to use > different languages). It > helped out one person who was having trouble. > > Cheers, > > Jeremy. > > > __ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Fwd: "SSL_set_fd" or "SSL_set_bio" ??
in either case, my "SSL_accept" call returns -1 :( --- Ruby Cruiser <[EMAIL PROTECTED]> wrote: > Date: Wed, 10 Oct 2001 13:22:40 -0700 (PDT) > From: Ruby Cruiser <[EMAIL PROTECTED]> > Subject: "SSL_set_fd" or "SSL_set_bio" ?? > To: [EMAIL PROTECTED] > Reply-to: [EMAIL PROTECTED] > > Should I use "SSL_set_fd" or SSL_set_bio?? How do we > know? I have a socket generated from "accept" call, > which I can feed to both these APIs and they pass. > But > not sure what difference it makes... > > > > > > > > > __ > Do You Yahoo!? > Make a great connection at Yahoo! Personals. > http://personals.yahoo.com > __ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
"SSL_set_fd" or "SSL_set_bio" ??
Should I use "SSL_set_fd" or SSL_set_bio?? How do we know? I have a socket generated from "accept" call, which I can feed to both these APIs and they pass. But not sure what difference it makes... __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: return value -1
Also, "SSL_read" does not return at all... I don't know what's going on. What does Blocking and non_blocking IO mean?? Where can I get more information on BIO? Thanks! Ruby --- Ruby Cruiser <[EMAIL PROTECTED]> wrote: > Hi, > > "SSL_accept" returns -1. What does -1 mean?? > > command "openssl errstr -1" gives me the > following... > [error:::lib(255) :func(4095) :reason(4095)] > > But, again what does this mean?? > > Anyone please? > > Regards, > > __ > Do You Yahoo!? > NEW from Yahoo! GeoCities - quick and easy web site > hosting, just $8.95/month. > http://geocities.yahoo.com/ps/info1 > __ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
return value -1
Hi, "SSL_accept" returns -1. What does -1 mean?? command "openssl errstr -1" gives me the following... [error:::lib(255) :func(4095) :reason(4095)] But, again what does this mean?? Anyone please? Regards, __ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL Webserver-side Tutorial Page
Jeremy and others...
Please assume that my function "SSL_Server_Socket" &
"client_socket_descriptor" (called below) has
SSL_library_init, SSL_CTX_new, SSL_new, SSL_set_fd. I
am able to convert a socket to a SSL_socket not
problem with that.
Porblme is... in my program I want to know if I have
to convert both server_socket and client_socket, to
SSL_server_socket & SSL_client_socket ??
Also, where to call SSL_accept()...? Should I pass
Server_SSL to it or Client_SSL as parameter.
My program is below... (bit modified to make it clear)
Create a socket "sock";
server_sock_descriptor = sock_listen();//In
"sock_listen()", 'bind' and 'select' is done
Create
SSL_Server_Socket(ssl,server_sock_descriptor);// made
server_scoket as an SSL_server_socket by calling
OpenSSL APIs
while (true)
{
if (sock_select())
{
client_socket_descriptor = sock_accept();
// Should client socket must also be an SSL
socket??
//If 'yes' then I will simply call- create
SSL_Client_Socket(SSL_client,client_sock_descriptor);
/// line_mark2
new_web_page(client_socket_descriptor);
new_thread(new_web_page); // create a thread
(which does read & write of HTTP/HTML) and goes back
to listen.
}
}
Thanks a lot!
- Ruby
--- Ruby Cruiser <[EMAIL PROTECTED]> wrote:
> Hi!!!
>
> My company has a web server which is actaully
> implemented using the concept of sockets (socket
> program...). I am adding OpenSSL to it.
>
> With the OpenSSL help and refering to your link
>
http://members.netscapeonline.co.uk/jeremyalansmith/ssltutorial/
> ,
>
> Firstly, I followed the steps in creating the
> private
> key and the certificate. It was sucessful.
>
> Second step was also sucessful, that is
> "Initialising
> the SSL Socket".
>
> However, for implementing 3rd step "Using the SSL
> Socket", I've few doubts... please clarify!
>
> My program (simple web server) looks like this...
>
> ...
> ...
> Create a socket "sock";
>
> server_socket_descriptor = sock_listen(); //In
> "socket_listen()", 'bind' and 'select' is done
>
> Create SSL_Server_Socket(ssl,
> server_socket_descriptor); // made server_scoket as
> an
> SSL_server_socket
>
> /// line_mark1
>
> while (true)
> {
> if (socket_select())
> {
> client_socket_descriptor = socket_accept();
>
> // should I call SSL functions here also to make
> the client socket as SSL??
> // Should both client and server socket must be
> SSL_sockets??
>
> /// line_mark2
>
> new_web_page(client_socket_descriptor);
>
> new_thread(new_web_page); // create a thread
> (which does read & write of HTTP/HTML) and goes back
> to listen.
>
> }
> }
>
>
>
>
>
> Also in the above program, where do I call
> SSL_accept() & SSL_connect??
>
> I tried to call SSL_accept() putting them in
> "line_mark1/2" respectivly but it results false
> (error:0005::lib(0) :func(0) :bad asn1 object
> header).
>
> Anyone, please help me understand Thank you.
>
>
>
>
> --- Jeremy Smith
> <[EMAIL PROTECTED]> wrote:
> > Hi!
> >
> > I've setup a page about how to get an SSL socket
> > working, from the webserver
> > side of things and on virtually any browser (well,
> > Netscape 2+ and IE3+ I
> > think). Should be okay for non-Windows users
> > (although Windows is the
> > platform I got it working on), it's a step-by-step
> > guide.
> >
> >
>
http://members.netscapeonline.co.uk/jeremyalansmith/ssltutorial/
> >
> > I hope it's okay putting the LIB and DLL files
> > there.
> >
> > It's C-oriented, and all the code you need is in
> > , so it should be in
> > Courier font on your browser.
> >
> > Hope this helps someone, please give me feedback.
> >
> > Cheers,
> >
> > Jeremy.
> >
> >
>
__
> > OpenSSL Project
> > http://www.openssl.org
> > User Support Mailing List
> > [EMAIL PROTECTED]
> > Automated List Manager
> [EMAIL PROTECTED]
>
>
> __
> Do You Yahoo!?
> Listen to your Yahoo! Mail messages from any phone.
> http://phone.yahoo.com
>
__
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: SSL Webserver-side Tutorial Page
Hi!!!
My company has a web server which is actaully
implemented using the concept of sockets (socket
program...). I am adding OpenSSL to it.
With the OpenSSL help and refering to your link
http://members.netscapeonline.co.uk/jeremyalansmith/ssltutorial/
,
Firstly, I followed the steps in creating the private
key and the certificate. It was sucessful.
Second step was also sucessful, that is "Initialising
the SSL Socket".
However, for implementing 3rd step "Using the SSL
Socket", I've few doubts... please clarify!
My program (simple web server) looks like this...
...
...
Create socket "sock";
server_socket_descriptor = socket_listen(); //In
"socket_listen()", 'bind' and 'select' is done
Create SSL_Server_Socket(ssl,
server_socket_descriptor); // made server_scoket as an
SSL_server_socket
/// line_mark1
while (true)
{
if (socket_select())
{
client_socket_descriptor = socket_accept();
// should I call SSL functions here also to make
the client socket as SSL??
// Should both client and server socket must be
SSL_sockets??
/// line_mark2
new_web_page(client_socket_descriptor);
new_thread(new_web_page); // create a thread
(which does read & write of HTTP/HTML) and goes back
to listen.
}
}
Also in the above program, where do I call
SSL_accept() & SSL_connect??
I tried to call SSL_accept() putting them in
"line_mark1/2" respectivly but it results false
(error:0005::lib(0) :func(0) :bad asn1 object
header).
Anyone, please help me understand Thank you.
--- Jeremy Smith
<[EMAIL PROTECTED]> wrote:
> Hi!
>
> I've setup a page about how to get an SSL socket
> working, from the webserver
> side of things and on virtually any browser (well,
> Netscape 2+ and IE3+ I
> think). Should be okay for non-Windows users
> (although Windows is the
> platform I got it working on), it's a step-by-step
> guide.
>
>
http://members.netscapeonline.co.uk/jeremyalansmith/ssltutorial/
>
> I hope it's okay putting the LIB and DLL files
> there.
>
> It's C-oriented, and all the code you need is in
> , so it should be in
> Courier font on your browser.
>
> Hope this helps someone, please give me feedback.
>
> Cheers,
>
> Jeremy.
>
>
__
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
test mail...
My previous mail has not showed up still... hence testing. __ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL Webserver-side Tutorial Page
Thanks! This will help and lot. WIll get back soon... --- Jeremy Smith <[EMAIL PROTECTED]> wrote: > Hi! > > I've setup a page about how to get an SSL socket > working, from the webserver > side of things and on virtually any browser (well, > Netscape 2+ and IE3+ I > think). Should be okay for non-Windows users > (although Windows is the > platform I got it working on), it's a step-by-step > guide. > > http://members.netscapeonline.co.uk/jeremyalansmith/ssltutorial/ > > I hope it's okay putting the LIB and DLL files > there. > > It's C-oriented, and all the code you need is in > , so it should be in > Courier font on your browser. > > Hope this helps someone, please give me feedback. > > Cheers, > > Jeremy. > > __ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: "error during security authorisation"
Yes... please do put-up tutorial webpage and send the link, it will help a lot... specially for the beginner to openSSL. Thanks! --- Jeremy Smith <[EMAIL PROTECTED]> wrote: > > I finally got my mini web server to support SSL. > However, I get a bizarre > > error which seems to be rare. It does this with > Netscape 2.0 and Netscape > > 4.7 (but not with IE 5 I think). > > > > It says "Error during security authorisation". > > Well, it was my mistake, I was using an FD_READ > callback on the socket (which > means whenever the socket received data it called my > routine) and the > tete-a-tete between my SSL server and the browse > client was confusing the > part of the server that handles requests. > > The browser wasn't getting any data after the SSL > handshaking either, which > didn't help. > > Whoop! My first SSL server to client connection is > done. :-) > > I'll put together a small tutorial webpage for those > interested. I learned > bits of how to do it from the code for Minihttpd > (which I highly recommend as > a HTTP server tutorial, and of course I recommend it > as a simple server), > although I'm using windows not Unix or Linux (which > minihttpd is for). > > Cheers all, > > Jeremy. > > > __ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
