subject:"Crypt\:\:SSLeay"

[Crypt::SSLeay] - 400 Bad request problems.

2011-10-18 Thread Mark Denzel

I've been completely stymied on a problem connecting to a HTTPS site via our
proxy server.  I've tried dozens of different work arounds I found on the
web and none seem to work and I think I've localized the problem down to an
environment variable not loading.

Here's the small script I'm running to test this out:
#!/usr/bin/perl
use strict;

$ENV{HTTPS_PROXY}='http://<
proxy>/';

use LWP::UserAgent;
use HTTP::Request::Common;
use Crypt::SSLeay;


my $ua = new LWP::UserAgent;
$ua->cookie_jar();
$ua->protocols_allowed(['http','https']);

$ua->env_proxy();

my $url = 'https://www.redhat.com';

my $res = $ua->get($url);
if($res->is_success)
{
print $res->as_string;
}
else
{
print "FAILED: ".$res->status_line;
print "\n\n";
print $res->as_string;
}



If I include the line *$ua->env_proxy()* I get a '400 - Bad Request' error
from the proxy server.  The reason for this is because it is sending a GET
call instead of a CONNECT call.  This supposedly works on apache servers but
anywhere else, you need to have Crypt::SSLeay take over and do the proper
CONNECT call.  The instructions on this are to set the
*$ENV{HTTPS_PROXY}*variable as I have done and remove the call to
*$ua->env_proxy()*.  This should then use Crypt::SSLeay and do a CONNECT.
When I make this change, I get a 500 error because it can't find the proxy.
I have also tried setting my Windows environment variable for HTTPS_PROXY
and proved it is set but the script still doesn't see it.  I can connect to
https sites without an issue via FireFox.  Is there something simple I'm
missing to force the script to use the environment variable HTTPS_PROXY?

any help would be much appreciated,

regards,

  Mark


-- 
Mark Denzel
Black Belt
Converged Computing Group
Motorola Mobility
w/m: 815-531-7621

help with SOAP::Lite/Crypt::SSLeay

2010-06-22 Thread Sandeep X Ranjan

Hi,

I need help desperately. I have a perl client program making calls to a web 
service via SOAP over https. I do have the certificate installed on the UNIX 
box from where I will be making the calls. But I don't know how to use that 
certificate in my perl script.

Your help will be greatly appreciated.

-
Sandeep | 201.595.1897



This communication is for informational purposes only. It is not
intended as an offer or solicitation for the purchase or sale of
any financial instrument or as an official confirmation of any
transaction. All market prices, data and other information are not
warranted as to completeness or accuracy and are subject to change
without notice. Any comments or statements made herein do not
necessarily reflect those of JPMorgan Chase & Co., its subsidiaries
and affiliates.

This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure
under applicable law. If you are not the intended recipient, you
are hereby notified that any disclosure, copying, distribution, or
use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED. Although this transmission and any
attachments are believed to be free of any virus or other defect
that might affect any computer system into which it is received and
opened, it is the responsibility of the recipient to ensure that it
is virus free and no responsibility is accepted by JPMorgan Chase &
Co., its subsidiaries and affiliates, as applicable, for any loss
or damage arising in any way from its use. If you received this
transmission in error, please immediately contact the sender and
destroy the material in its entirety, whether in electronic or hard
copy format. Thank you.

Please refer to http://www.jpmorgan.com/pages/disclosures for
disclosures relating to European legal entities.

Re: Compiling Errors Crypt::SSLeay

2010-02-06 Thread Sander Temme


On Feb 5, 2010, at 1:28 PM, Merker, Nick wrote:

> I am receiving errors when compiling Crypt::SSLeay on RHEL4ASu7 x86_64.
  ^^
64bits system...

> $ make test
> # Error:  Can't load 
> '/home/nmerker/.cpan/build/Crypt-SSLeay-0.57/blib/arch/auto/Crypt/SSLeay/SSLeay.so'
>  for module Crypt::SSLeay: 
> /home/nmerker/.cpan/build/Crypt-SSLeay-0.57/blib/arch/auto/Crypt/SSLeay/SSLeay.so:
>  cannot open shared object file: No such file or directory at 
> /usr/local/cars-perl/5.8.8/lib/5.8.8/i686-linux/DynaLoader.pm line 230.
^^^
That looks like a 32bits Perl... run file /usr/local/cars-perl/bin/perl ? 
>  
> I am fairly certain this is something to do with being unable to load 
> libcrypto.so or libssl.so, so I checked it out:
> # ldd 
> /home/nmerker/.cpan/build/Crypt-SSLeay-0.57/blib/arch/auto/Crypt/SSLeay/SSLeay.so
> libc.so.6 => /lib64/tls/libc.so.6 (0x002a9566a000)
> /lib64/ld-linux-x86-64.so.2 (0x00552000)

That seems like a 64bits build, but file can tell you.

A 32bits binary cannot load a 64bits library.  I'd say building a 64bits Perl, 
or 32bits Perl modules on a 64bits system, is off-topic for this list.  

S.

> That looks fine.  I have the following packages installed:
> openssl-0.9.7a-43.17.el4_6.1
> openssl-devel-0.9.7a-43.17.el4_6.1
>  
> I am confused as to what is missing here.  From my standpoint, there should 
> be no error when trying to load SSLeay.so file, especially a “No such file or 
> directory” error because ‘ldd’ responds properly.
>  
> What am I missing here?
>  
> -Nick


-- 
san...@temme.net  http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF



smime.p7s
Description: S/MIME cryptographic signature

Compiling Errors Crypt::SSLeay

2010-02-06 Thread Merker, Nick

Hello,

I am receiving errors when compiling Crypt::SSLeay on RHEL4ASu7 x86_64.

$ make test
# Error:  Can't load 
'/home/nmerker/.cpan/build/Crypt-SSLeay-0.57/blib/arch/auto/Crypt/SSLeay/SSLeay.so'
 for module Crypt::SSLeay: 
/home/nmerker/.cpan/build/Crypt-SSLeay-0.57/blib/arch/auto/Crypt/SSLeay/SSLeay.so:
 cannot open shared object file: No such file or directory at 
/usr/local/cars-perl/5.8.8/lib/5.8.8/i686-linux/DynaLoader.pm line 230.

I am fairly certain this is something to do with being unable to load 
libcrypto.so or libssl.so, so I checked it out:
# ldd 
/home/nmerker/.cpan/build/Crypt-SSLeay-0.57/blib/arch/auto/Crypt/SSLeay/SSLeay.so
libc.so.6 => /lib64/tls/libc.so.6 (0x002a9566a000)
/lib64/ld-linux-x86-64.so.2 (0x00552000)

That looks fine.  I have the following packages installed:
openssl-0.9.7a-43.17.el4_6.1
openssl-devel-0.9.7a-43.17.el4_6.1

I am confused as to what is missing here.  From my standpoint, there should be 
no error when trying to load SSLeay.so file, especially a "No such file or 
directory" error because 'ldd' responds properly.

What am I missing here?

-Nick

Re: Client-Authentication using Crypt::SSLeay

2009-01-14 Thread Olaf Gellert

Hi all,

there was a little cut-n-paste error in my previous mail,
I forgot one line in the script. The error remains the
same...

Olaf Gellert wrote:

> $file=$ENV{HTTPS_PKCS12_FILE};
$pass=$ENV{HTTPS_PKCS12_PASSWORD};
> $ctx->use_pkcs12_file($file ,$pass) || die("failed to load $file: $!");

Cheers, Olaf

-- 
Olaf Gellert  email  gell...@dkrz.de
Deutsches Klimarechenzentrum GmbH phone  +49 (0)40 41173 214
Bundesstrasse 55  fax+49 (0)40 41173 270
D-20146 Hamburg, Germany  wwwhttp://www.dkrz.de
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Client-Authentication using Crypt::SSLeay

2009-01-14 Thread Olaf Gellert

I am trying to open an SSL connection with Client Authentication
using Crypt::SSLeay.

What works fine is specifying environment variables
HTTPS_CERT_FILE and HTTPS_KEY_FILE. Unfortunately
the keyfile has to be unencrypted (there seems to
be no no password mechanism for HTTPS_KEY_FILE).

When I try to use HTTPS_PKCS12_FILE and
HTTPS_PKCS12_PASSWORD, Crypt::SSLeay seems to be unable
to open the PKCS12 file. On calling use_pkcs12_file
it returns an error "No such file or directory" (though
strace reveals that the file exists and is opened).

This is what I do:
##
$ENV{HTTPS_PKCS12_FILE} = '/home/gellert/test-cert.p12';
$ENV{HTTPS_PKCS12_PASSWORD} = 'test';
$ENV{HTTPS_VERSION} = 3;
$ENV{HTTPS_DEBUG} = 1;

require Crypt::SSLeay;
sub _default_context {
  require Crypt::SSLeay::MainContext;
  Crypt::SSLeay::MainContext::main_ctx(@_);
  }

my $ctx = _default_context(23);
$file=$ENV{HTTPS_PKCS12_FILE};
$ctx->use_pkcs12_file($file ,$pass) || die("failed to load $file: $!");
#

This is the output of the script:
#
./test.pl
failed to load /home/gellert/test-cert.p12: No such file or
directory at ./test.pl line 27.
#

And this is what strace says...
#
open("/etc/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/home/gellert/test-cert.p12", O_RDONLY) = 3
[...]
read(3,
"0\202\n\351\2\1\0030\202\n\257\6\t*\206H\206\367\r\1\7\1\240\202\n\240\4\202\n\2340\202"...,
4096) = 2797
close(3)= 0
munmap(0x7f448c5fd000, 4096)= 0
write(2, "failed to load /home/gellert/tes"..., 149failed to load
/home/gellert/test-cert.p12: No such file or directory at ./test.pl line 27.
#

The PKCS12 file was generated using OpenSSL, so this should
work...

By the way: Funny that use_pkcs12_file() still tries to open
/etc/ssl/cert.pem, even if a certificate file is specified...

Any idea? Or can I work around this using PEM-key and certificate
(but the key has to be encrypted)...

Cheers, Olaf

-- 
Olaf Gellert  email  gell...@dkrz.de
Deutsches Klimarechenzentrum GmbH phone  +49 (0)40 41173 214
Bundesstrasse 55  fax+49 (0)40 41173 270
D-20146 Hamburg, Germany  wwwhttp://www.dkrz.de
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Crypt-SSleay installation

2008-11-12 Thread Ramu2 P

Hi,

I am unable to install crypt-SSLeay_0.57 on my machine (Windows). 
Could you please help in installing this.

Thanks
Ramu Paloju
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com

Experience certainty.   IT Services
Business Solutions
Outsourcing

=-=-=
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you

Re: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl applications?

2006-02-15 Thread Marko Asplund



On 2006-02-14, at 16.44, Richard Eggert wrote:

Thanks.  That worked perfectly (well, actually, it failed, but  
that's what I wanted to happen).  Is there any way for me to tell  
within my code which SSL has been loaded, or am I pretty much stuck  
having to both set the HTTPS_CA_FILE variable as well as set the  
IO::Socket::SSL's default context in all situations?


i would recommend that you decide which module you want to use and  
make your code only work with that module.


based on the code in libwww-perl Net/HTTPS.pm it looks like you could  
simply add a 'use IO::Socket::SSL;' line in your code to make LWP  
always use that module.


you can determine whether a module has been loaded by testing package  
variable values such as $IO::Socket::SSL::VERSION.


By the way, to answer your first question, they're both installed  
properly, as far as I can tell (they both came with the default Red  
Hat installation, I think).  The Crypt::SSLeay version seems to get  
invoked whenever mod_ssl is disabled (since setting HTTPS_CA_FILE  
actually works properly in those cases), and the IO::Socket::SSL  
version gets invoked whenever mod_ssl is enabled.


as noted above you can debug this by testing package variables for  
each module.



br. aspa
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl applications?

2006-02-14 Thread Richard Eggert

Thanks.  That worked perfectly (well, actually, it failed, but that's what I 
wanted to happen).  Is there any way for me to tell within my code which SSL 
has been loaded, or am I pretty much stuck having to both set the HTTPS_CA_FILE 
variable as well as set the IO::Socket::SSL's default context in all situations?

By the way, to answer your first question, they're both installed properly, as 
far as I can tell (they both came with the default Red Hat installation, I 
think).  The Crypt::SSLeay version seems to get invoked whenever mod_ssl is 
disabled (since setting HTTPS_CA_FILE actually works properly in those cases), 
and the IO::Socket::SSL version gets invoked whenever mod_ssl is enabled.

Thanks again!

Rich

From: [EMAIL PROTECTED] on behalf of Marko Asplund
Sent: Tue 2/14/2006 7:12 AM
To: openssl-users@openssl.org
Subject: Re: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl 
applications?

On 2006-02-13, at 23.42, Richard Eggert wrote:

> It seems that it first tries to load the SSL module from 
> Crypt::SSLeay first, and if that fails, it then tries to load 
> IO::Socket::SSL, which, as far as I can tell, doesn't use 
> HTTPS_CA_FILE (but may provide another mechanism for accomplishing 
> the same thing).  Could it be that perhaps loading mod_ssl is 
> causing the load of Net::SSL to fail (symbol conflict?), resulting 
> in it falling back to IO::Socket::SSL (which ignores HTTPS_CA_FILE)?

do you have both IO::Socket::SSL (+Net::SSLeay) and Crypt::SSLeay 
properly installed on the system?

> Does IO::Socket::SSL provide a means for passing parameters via 
> LWP::UserAgent (maybe through UserAgent's constructor or one of its 
> other methods?)?
> It definitely seems to support verification of peer certificates in 
> its interface, but it's unclear from the available documentation 
> how one does that in conjunction with LWP::UserAgent, if that's 
> even possible.  If there is a way to do this, then an easy 
> workaround seems to be to simply accomodate both configuration 
> methods in my code.

i just did some testing and with one caveat you can do it like this 
with IO::Socket:SSL and LWP:

# NB: only works with ciphers that support certificate verification 
e.g. with Apache/mod_ssl:
#   SSLCipherSuite RSA
# With some cipher suites server certificate may not be verified.
use strict;
use IO::Socket::SSL 0.97;
use LWP::UserAgent;

my $ctx = new IO::Socket::SSL::SSL_Context(
   SSL_verify_mode => 0x01,
   SSL_ca_file => 'certs/8086.pem',
);
IO::Socket::SSL::set_default_context($ctx);

my $ua = LWP::UserAgent->new();
my $rq = HTTP::Request->new(GET => 'https://foo.bar.int:8086/');
my $rt = $ua->request($rq);
print $rt->content();

1;

br. aspa
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

<>

Re: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl applications?

2006-02-14 Thread Marko Asplund



On 2006-02-13, at 23.42, Richard Eggert wrote:

It seems that it first tries to load the SSL module from  
Crypt::SSLeay first, and if that fails, it then tries to load  
IO::Socket::SSL, which, as far as I can tell, doesn't use  
HTTPS_CA_FILE (but may provide another mechanism for accomplishing  
the same thing).  Could it be that perhaps loading mod_ssl is  
causing the load of Net::SSL to fail (symbol conflict?), resulting  
in it falling back to IO::Socket::SSL (which ignores HTTPS_CA_FILE)?


do you have both IO::Socket::SSL (+Net::SSLeay) and Crypt::SSLeay  
properly installed on the system?


Does IO::Socket::SSL provide a means for passing parameters via  
LWP::UserAgent (maybe through UserAgent's constructor or one of its  
other methods?)?
It definitely seems to support verification of peer certificates in  
its interface, but it's unclear from the available documentation  
how one does that in conjunction with LWP::UserAgent, if that's  
even possible.  If there is a way to do this, then an easy  
workaround seems to be to simply accomodate both configuration  
methods in my code.


i just did some testing and with one caveat you can do it like this  
with IO::Socket:SSL and LWP:


# NB: only works with ciphers that support certificate verification  
e.g. with Apache/mod_ssl:

#   SSLCipherSuite RSA
# With some cipher suites server certificate may not be verified.
use strict;
use IO::Socket::SSL 0.97;
use LWP::UserAgent;

my $ctx = new IO::Socket::SSL::SSL_Context(
  SSL_verify_mode => 0x01,
  SSL_ca_file => 'certs/8086.pem',
);
IO::Socket::SSL::set_default_context($ctx);

my $ua = LWP::UserAgent->new();
my $rq = HTTP::Request->new(GET => 'https://foo.bar.int:8086/');
my $rt = $ua->request($rq);
print $rt->content();

1;


br. aspa
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl applications?

2006-02-13 Thread Richard Eggert

I've been digging through the code of the libraries for LWP, etc., and 
discovered that Net::HTTPS contains the following code:

if ($IO::Socket::SSL::VERSION){
 $SSL_SOCKET_CLASS = "IO::Socket::SSL"; # it was already loaded
}
else {
 eval { require Net::SSL; };  # from Crypt-SSLeay
 if ($@) {
  my $olderrsv = $@;
  eval {
   require IO::Socket::SSL;
  };
  if ($@) {
   $old_errsv =~ s/\s\([EMAIL PROTECTED] contains:.*\)/)/g;
   die $old_errsv . $@;
  }
  $SSL_SOCKET_CLASS = "IO::Socket::SSL";
 }
 else {
  $SSL_SOCKET_CLASS = "Net::SSL";
 }
}

It seems that it first tries to load the SSL module from Crypt::SSLeay first, 
and if that fails, it then tries to load IO::Socket::SSL, which, as far as I 
can tell, doesn't use HTTPS_CA_FILE (but may provide another mechanism for 
accomplishing the same thing).  Could it be that perhaps loading mod_ssl is 
causing the load of Net::SSL to fail (symbol conflict?), resulting in it 
falling back to IO::Socket::SSL (which ignores HTTPS_CA_FILE)?

Does IO::Socket::SSL provide a means for passing parameters via LWP::UserAgent 
(maybe through UserAgent's constructor or one of its other methods?)?  It 
definitely seems to support verification of peer certificates in its interface, 
but it's unclear from the available documentation how one does that in 
conjunction with LWP::UserAgent, if that's even possible.  If there is a way to 
do this, then an easy workaround seems to be to simply accomodate both 
configuration methods in my code.

Rich Eggert
Member of Technical Staff
Proteus Technologies, LLC
http://www.proteus-technologies.com

From: [EMAIL PROTECTED] on behalf of Marko Asplund
Sent: Mon 2/13/2006 2:13 PM
To: openssl-users@openssl.org
Subject: Re: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl 
applications?

Richard Eggert wrote:
 > ...
> My best guess at what's happening is that mod_ssl is preloading libssl
> and configuring it according to its own requirements (and mod_ssl
> doesn't care about the certificates of other servers), and when my code
> runs (later) under mod_perl, the variables I'm sending it are being
> completely ignored.

Apache/mod_ssl server configuration should not interfere with your
libwww-perl/OpenSSL client configuration in any way.

try to do some printf debugging and print the relevant environment
variable values to a log file. do the variables have the correct values
when the script is being run?

br. aspa
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

<>

RE: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl applications?

2006-02-13 Thread Richard Eggert

Yep.  Environment variables are being set.  I've even tried including a SetEnv 
in the Apache config instead of setting the variables inside my code.  I've 
written them to the log, and they're definitely being set.  They're just being 
ignored.  As I said before, the problem goes away if I just disable mod_ssl and 
connect to the server using regular HTTP (while continuing to use HTTPS to 
connect to Tomcat within my code).  mod_ssl on => HTTPS_CA_FILE ignored (or the 
code that's executed by whatever reads the variable fails for some reason).  
mod_ssl off => HTTPS_CA_FILE gets used to validate Tomcat's certificate.   I 
can only assume that some global variable is being set when mod_ssl is 
configured that causes the change to HTTPS_CA_FILE (or HTTPS_CA_DIR) to be 
ignored when they're used by code running within mod_perl.  Two of us worked on 
it for hours and that's the only conclusion we could draw, though neither of 
would have thought that was the case before we saw it for ourselves.

Rich Eggert
Member of Technical Staff
Proteus Technologies, LLC
http://www.proteus-technologies.com

From: [EMAIL PROTECTED] on behalf of Marko Asplund
Sent: Mon 2/13/2006 2:13 PM
To: openssl-users@openssl.org
Subject: Re: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl 
applications?

Richard Eggert wrote:
 > ...
> My best guess at what's happening is that mod_ssl is preloading libssl
> and configuring it according to its own requirements (and mod_ssl
> doesn't care about the certificates of other servers), and when my code
> runs (later) under mod_perl, the variables I'm sending it are being
> completely ignored.

Apache/mod_ssl server configuration should not interfere with your
libwww-perl/OpenSSL client configuration in any way.

try to do some printf debugging and print the relevant environment
variable values to a log file. do the variables have the correct values
when the script is being run?

br. aspa
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

<>

Re: [Crypt::SSLeay] mod_ssl overrides settings by mod_perl applications?

2006-02-13 Thread Marko Asplund


Richard Eggert wrote:
> ...
My best guess at what's happening is that mod_ssl is preloading libssl 
and configuring it according to its own requirements (and mod_ssl 
doesn't care about the certificates of other servers), and when my code 
runs (later) under mod_perl, the variables I'm sending it are being 
completely ignored.


Apache/mod_ssl server configuration should not interfere with your 
libwww-perl/OpenSSL client configuration in any way.


try to do some printf debugging and print the relevant environment 
variable values to a log file. do the variables have the correct values 
when the script is being run?



br. aspa
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] mod_ssl overrides settings by mod_perl applications?

2006-02-13 Thread Richard Eggert

I'm having a problem getting Crypt::SSLeay to authenticate 
server certificates when running under mod_perl on a web server that has mod_ssl 
enabled.  I'm not sure if this is a bug with Crypt::SSLeay, mod_ssl, 
mod_perl, Net::SSLeay, or the underlying OpenSSL libraries, but I'm hoping 
someone here will at least be able to narrow down where the problem lies.  
Additionally, I'm running under a fairly old Linux distribution (Red Hat AS 3.0) 
with Perl 5.8.0, Apache 2.0.40, mod_perl 1.99_07, and libssl 0.9.6, but 
given that I haven't seen this problem reported anywhere else, let alone 
reported as having been fixed, I'm fairly confident that it still applies to 
more recent software versions.
 
Here's an overview of what I'm trying to 
do:
 
I've written a component that runs on a Perl-based 
web portal system residing under mod_perl on an Apache web server configured 
with mod_ssl.  User authentication is handled by the Perl-based portal 
framework, and my component connects to a servlet on a Tomcat server residing on 
a separate machine.  Due to the sensitive nature of the data being handled, 
all connections (from the user to the web server and from the web server to 
Tomcat) are being done via HTTPS.  For security reasons, I need to validate 
the Tomcat server's certificate.  I'm using LWP::UserAgent in conjunction 
with Crypt::SSLeay, and my Perl component is setting the appropriate environment 
variable (HTTPS_CA_FILE and/or HTTPS_CA_DIR, I've tried both) as per the 
Crypt::SSLeay documentation.
 
As a test scenario, I configured Tomcat with a 
self-signed certificate, and my component is using a bogus CA bundle.  The 
expected behavior is that the connection to Tomcat should fail due to the 
mismatched certificates.
 
 
However, what actually happens is that all requests 
sent to Tomcat succeed without even so much as a warning about the invalid 
certificate.
 
In the process of trying to narrow down the cause 
of the problem, I tried a number of things.
 
I tried running the snippet of code handling the 
HTTPS request to Tomcat as a standalone script with the exact same (mismatched) 
certificates in place.  This resulted in the expected behavior 
(failure due to invalid server certificate).
 
I tried disabling mod_ssl and connecting to the web 
server via HTTP instead of HTTPS (while still using HTTPS for the connection to 
Tomcat).  This also resulted in the expected behavior.
 
I tried running the snippet of code as a standalone 
script that gets invoked (in backticks) by my mod_perl component.  This 
resulted in the expected behavior.  
 
It's only when mod_ssl is enabled that my component 
behaves incorrectly and fails to properly validate the server's certificate 
against the CA bundle.
 
 
My best guess at what's happening is that mod_ssl 
is preloading libssl and configuring it according to its own requirements 
(and mod_ssl doesn't care about the certificates of other servers), and 
when my code runs (later) under mod_perl, the variables I'm sending it are 
being completely ignored.
 
 
Can this be fixed, or can anyone think of any 
viable workarounds for this (that don't involve running my code as a standalone 
script)?
 
 
Thanks.

Crypt::SSLeay build problem

2005-11-24 Thread Richard Proctor

Hi,

Crypt::SSLeay build problem

I run a Cobalt RaQ4 server that has a number of sites.  I need to twesk the
(perl) shopping suite of one of the users so it works with a credit card
company.  To do this it needs to send https messages.  The server can happily
recieve https.

The system (built on RedHat) has a built in partial installation of openssl,
(without libraries), that is not enough to allow my to install
Crypt::SSLeay.  

I have built a new complete version in another place, so as not to disturb
the existing use of the built in version.

I then built and tried to test Crypt::SSLeay which resulted in errors.

*** Log of building Crypt::SSLeay

[root Crypt-SSLeay-0.51]# perl Makefile.PL
No OpenSSL installation found, usually in /usr/local/openssl
Which OpenSSL build path do you want to link against?  /wws/bin


BUILD INFORMATION


ssl dir:/wws/bin
libraries:  -lssl -lcrypto -lgcc -lRSAglue -lrsaref
include dir:/wws/bin/include
ssl header: openssl/ssl.h
ssl candidate:  /wws/bin; /wws/bin/include/openssl; OpenSSL 0.9.8



Note (probably harmless): No library found for -lgcc
Note (probably harmless): No library found for -lRSAglue
Note (probably harmless): No library found for -lrsaref
Writing Makefile for Crypt::SSLeay

*** Log of building Crypt::SSLeay
[root Crypt-SSLeay-0.51]# make
cc -c -I/wws/bin/include -Dbool=char -DHAS_BOOL -I/usr/local/include -O2-DVE
RSION=\"0.51\" -DXS_VERSION=\"0.51\" -fpic -I/usr/lib/perl5/5.00503/i386-linux/C
ORE  SSLeay.c
SSLeay.xs: In function `XS_Crypt__SSLeay__Conn_new':
SSLeay.xs:252: warning: passing arg 2 of `SSL_set_info_callback' from incompatib
le pointer type
Running Mkbootstrap for Crypt::SSLeay ()
chmod 644 SSLeay.bs
LD_RUN_PATH="/wws/bin/lib" cc -o blib/arch/auto/Crypt/SSLeay/SSLeay.so  -shared
-L/usr/local/lib SSLeay.o-L/wws/bin/lib -lssl -lcrypto
chmod 755 blib/arch/auto/Crypt/SSLeay/SSLeay.so
cp SSLeay.bs blib/arch/auto/Crypt/SSLeay/SSLeay.bs
chmod 644 blib/arch/auto/Crypt/SSLeay/SSLeay.bs
Manifying blib/man3/Crypt::SSLeay.3

*** Log of testing Crypt::SSLeay

[root Crypt-SSLeay-0.51]# make test
PERL_DL_NONLAZY=1 /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.00503/
i386-linux -I/usr/lib/perl5/5.00503 -e 'use Test::Harness qw(&runtests $verbose)
; $verbose=0; runtests @ARGV;' t/*.t
t/net_ssl...dubious
Test returned status 0 (wstat 11, 0xb)
Undefined subroutine &Test::Harness::WCOREDUMP called at /usr/lib/perl5/5.00503/
Test/Harness.pm line 288.
make: *** [test_dynamic] Error 255

What is wrong, how do I fix it?

Thanks.

Richard



-- 
Personal [EMAIL PROTECTED]http://www.waveney.org
Telecoms [EMAIL PROTECTED]  http://www.WaveneyConsulting.com
Web services [EMAIL PROTECTED]http://www.wavwebs.com
Independent Telecomms Specialist, ATM expert, Web Analyst & Services

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] Compile problems on Linux

2004-08-29 Thread Tijmen Ruizendaal

hello,
i'm trying to compile Crypt::SSLeay on a Debian woody box with
openssl-0.9.7d-4.backports.org.1

This is the output from Makefile.PL:

[16:51:26] [usr:tijmen] [EMAIL PROTECTED] \> perl ./Makefile.PL
Found OpenSSL (version OpenSSL 0.9.7) installed at /usr
Which OpenSSL build path do you want to link against? [/usr]


BUILD INFORMATION


ssl dir:/usr
libraries:  -lssl -lcrypto -lgcc -lRSAglue -lrsaref
include dir:/usr/include
ssl header: openssl/ssl.h
ssl candidate:  /usr; /usr/include/openssl; OpenSSL 0.9.7



Note (probably harmless): No library found for -lgcc
Note (probably harmless): No library found for -lRSAglue
Note (probably harmless): No library found for -lrsaref
Writing Makefile for Crypt::SSLeay
[16:51:29] [usr:tijmen] [EMAIL PROTECTED] \>

The output from 'make' is very big so i've put it online here:
http://fokdat.nl/~tijmen/ssleay_compile_output.txt

Does somebody know how to solve this problem?
offcourse, i tried google :-D

Thanks
Tijmen Ruizendaal
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Segmentation fault when accessing TLS web server using OpenSSL and Crypt::SSLeay

2004-06-18 Thread Josh Chamas

Scialino Marco wrote:
Hi, 

I hope someone can give me help on this.
After installing perl, openssl and Crypt::SSLeay I built a simple perl
program to connect to a web server that has *only* Transport Layer
Protocol (TLS V1) enabled, but I get a segmentation fault. 

The same program has no problem if connecting to a SSL V3 server.
This is the stack I use on Solaris 2.8: 

perl 5.005_03
OpenSSL 0.9.6g
Crypt:SSLeay 0.45
I have not heard of this problem before, but have not known the situation
with just TLS V1 enabled.  You might try another openssl version, either
earlier/later in the 0.9.6x series, or perhaps 0.9.7, or go earlier.
Note if you have a problem getting Crypt::SSLeay to compile with
an earlier version, you can get earlier versions of Crypt::SSLeay
at backpan here:
  http://backpan.cpan.org/modules/by-authors/id/C/CH/CHAMAS/
Regards,
Josh

Josh Chamas, Founder| NodeWorks - http://www.nodeworks.com
Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com
http://www.chamas.com   | Apache::ASP - http://www.apache-asp.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Segmentation fault when accessing TLS web server using OpenSSL and Crypt::SSLeay

2004-06-18 Thread Scialino Marco

Hi, 

I hope someone can give me help on this.

After installing perl, openssl and Crypt::SSLeay I built a simple perl
program to connect to a web server that has *only* Transport Layer
Protocol (TLS V1) enabled, but I get a segmentation fault. 

The same program has no problem if connecting to a SSL V3 server.

This is the stack I use on Solaris 2.8: 

perl 5.005_03
OpenSSL 0.9.6g
Crypt:SSLeay 0.45

All these items were compiled by gcc 3.3.2.

Here is the code I try to execute:

#!/usr/local/bin/perl
   use LWP::UserAgent;
   use HTTP::Request::Common;

   $url = "https://:/";

   $ua  = LWP::UserAgent->new;

   $res = $ua->request(GET $url);  # get the http response

   $http_res_string = $res->status_line;   # get http result

   print "\n http result: $http_res_string";

   $str = $res->as_string; # get html page
   print "\n$str";

   exit;


By inserting print statement here and there I saw that I get the
segmentation fault when executing the line:

$res = $ua->request(GET $url);



Any help gratly appreciated, thanks, 

Marco 




__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Crypt::SSLeay & client certificate authentication

2004-04-23 Thread Sean Evans

Reposting this since it got lost in the churn.

I have a Perl script using that is failing mysteriously to connect with
an HTTPS site requiring client certificates for authentication. Here's
the command that allows me to connect to the site in question:

openssl s_client -connect hostname:443 -cert test.crt
 -key test.key -CAfile cacerts.crt -prexit

I can then do a GET on the directory protected with cert auth. Something
key to note is that the connection is not successfu1l unless -CAfile is
present to show the server that my client's certificate (test.crt)
chains to a CA trusted by the server.

Here is debug output from my script:

-BEGIN OUTPUT
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
SSL_connect:SSL renegotiate ciphers
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:unknown CA
SSL_connect:failed in SSLv3 read finished A
-END OUTPUT-

The Perl module my script is using, Crypt::SSLeay, has options
comparable to -CAfile and -CAdir, but when specified I get the following
debug output which seems to be telling me that the *client* failed to
verify the server's cert:

-BEGIN OUTPUT-SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown CA
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
-END OUTPUT-

So I need to figure out where things are going wrong in Crypt::SSLeay,
which is basically just a wrapper around OpenSSL. Since I was successful
in connecting with s_client, I looked in s_client.c and found this:

  SSL_CTX_set_verify(ctx,verify,verify_callback);
  if (!set_cert_stuff(ctx,cert_file,key_file))
goto end;

  if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
  (!SSL_CTX_set_default_verify_paths(ctx)))
{
  /* BIO_printf(bio_err,"error setting default verify
locations\n"); */
  ERR_print_errors(bio_err);
  /* goto end; */
}

  store = SSL_CTX_get_cert_store(ctx);
  X509_STORE_set_flags(store, vflags);

  con=SSL_new(ctx);

So it would appear that SSL_CTX_load_verify_locations is the OpenSSL
function that gets called with CAfile. Looking inside SSLeay.xs, which
implements the Perl glue to OpenSSL functions, I find:

  SV*
  SSL_CTX_set_verify(ctx)
SSL_CTX* ctx
PREINIT:
  char* CAfile;
  char* CAdir;
CODE:
  CAfile=getenv("HTTPS_CA_FILE");
  CAdir =getenv("HTTPS_CA_DIR");

  if(!CAfile && !CAdir) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
RETVAL = newSViv(0);
  } else {
SSL_CTX_load_verify_locations(ctx,CAfile,CAdir);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
RETVAL = newSViv(1);
  }
OUTPUT:
  RETVAL

This appears to be doing the right thing since it calls
SSL_CTX_load_verify_locations, but I am unsure that I understand Perl XS
well enough to confirm this.

It may be unimportant, but the only suspicious thing I can see is that
s_client calls SSL_CTX_set_verify before calling
SSL_CTX_load_verify_locations whereas SSLeay.xs reverses the order of
those calls. Is that significant? If not, does anyone have hints as to
where to look for a solution?

Thanks,
-- 
Sean Evans

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Crypt::SSLeay & client certificate authentication

2004-04-20 Thread Sean Evans

I have a Perl script using that is failing mysteriously to connect with 
an HTTPS site requiring client certificates for authentication. Here's 
the command that allows me to connect to the site in question:

openssl s_client -connect hostname:443 -cert test.crt
-key test.key -CAfile cacerts.crt -prexit

I can then do a GET on the directory protected with cert auth. Something 
key to note is that the connection is not successfu1l unless -CAfile is
present to show the server that my client's certificate (test.crt)
chains to a CA trusted by the server.

Here is debug output from my script:

-BEGIN OUTPUT
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
SSL_connect:SSL renegotiate ciphers
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:unknown CA
SSL_connect:failed in SSLv3 read finished A
-END OUTPUT-

The Perl module my script is using, Crypt::SSLeay, has options 
comparable to -CAfile and -CAdir, but when specified I get the following 
debug output which seems to be telling me that the *client* failed to 
verify the server's cert:

-BEGIN OUTPUT-SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown CA
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
-END OUTPUT-

So I need to figure out where things are going wrong in Crypt::SSLeay, 
which is basically just a wrapper around OpenSSL. Since I was successful 
in connecting with s_client, I looked in s_client.c and found this:

 SSL_CTX_set_verify(ctx,verify,verify_callback);
 if (!set_cert_stuff(ctx,cert_file,key_file))
   goto end;

 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 (!SSL_CTX_set_default_verify_paths(ctx)))
   {
 /* BIO_printf(bio_err,"error setting default verify
locations\n"); */
 ERR_print_errors(bio_err);
 /* goto end; */
   }

 store = SSL_CTX_get_cert_store(ctx);
 X509_STORE_set_flags(store, vflags);

 con=SSL_new(ctx);

So it would appear that SSL_CTX_load_verify_locations is the OpenSSL
function that gets called with CAfile. Looking inside SSLeay.xs, which 
implements the glue to OpenSSL functions, I find:

 SV*
 SSL_CTX_set_verify(ctx)
   SSL_CTX* ctx
   PREINIT:
 char* CAfile;
 char* CAdir;
   CODE:
 CAfile=getenv("HTTPS_CA_FILE");
 CAdir =getenv("HTTPS_CA_DIR");

 if(!CAfile && !CAdir) {
   SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
   RETVAL = newSViv(0);
 } else {
   SSL_CTX_load_verify_locations(ctx,CAfile,CAdir);
   SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
   RETVAL = newSViv(1);
 }
   OUTPUT:
 RETVAL

This appears to be doing the right thing since it calls
SSL_CTX_load_verify_locations, but I am unsure that I understand Perl XS
well enough to confirm this.

It may be unimportant, but the only suspicious thing I can see is that
s_client calls SSL_CTX_set_verify before calling 
SSL_CTX_load_verify_locations whereas SSLeay.xs reverses the order of
those calls. Is that significant? If not, does anyone have hints as to 
where to look for a solution?

Thanks,
-- 
Sean Evans

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] Windows XP - VS.NET 2003 setup problems

2003-10-02 Thread Kevin Lane

I'm hoping someone this list might be able to help me out.  I've been 
working on getting this setup for about a week now and I feel like I'm 
just this close but I'm missing one key element and don't know what it 
is.  I'm trying to get the Crypt::SSLeay module setup for Perl 5.8 
(Active Perl) so I can write a program that will access Secure Web pages 
in hopes to eventually upload and download files programatically.  
Here's what I've done.

1.  Installed Activer Perl 5.8 Binary
2.  Installed Visual Studio .NET 2003
3.  Downloaded the latest OpenSSL - Extracted to C:\
4.  Opened Visual Studio Command prompt and went to c:\openssl-0.9.7c
5.  Ran: perl Configure VC-WIN32
6.  Did:  ms\do_masm
7.  Did:  nmake -f ms\ntdll.mak
8.  Did:  cd out32dll and then ..\ms\test and it passed ok.  So I think 
the Openssl Part compiled fine
9.  Created all the c:\openssl directories like the Install.W32 file 
said and copied all the files to them
10.  Now on too Crypt::SSLeay - First I tried to use PPM3 I found some 
repositories that had this module but I always got the
Error: no suitable installation target found for package Crypt-SSLeay.
I tried setting a different target but obviosly I didn't get it right 
because it kept giving me the same error.  So I mived on to using CPAN I 
installed that module using PPM3 and it went through and installed a 
whole slew of other modules, it downloaded and compiled everyting just 
fine. So I got out of PPM and go into CPAN and did a M Crypt::SSLeay and 
it gave me the description of the module version..and all the info about 
the module.  So I go ahead with the
11.  install Crypt::SSLeay
It does a lot of fetching and verify's the CHECKSUM.  Then it presents 
me with this

Found OpenSSL (version OpenSSL 0.9.7) installed at c:/openssl
Which Openssl build path do you want to link against [c:/openssl]
I accept the default because I figure that, that is the reason for 
creating that directory and copying all the library's DLL's and stuff.
it goes through and everything looks fine I think.  There are some 
warnings like No library found for '-lRSAglue' and No library found for 
'-lrsaref', and farther down in there is a warning that looks like

c1 : warning c4349: /Ff is deprecated and will not be supported in 
future versions of Visual C++; remove /Gf or use /GF instead
SSLeay.xs(252) : warning c4090: 'function' : different 'const' qualifiers
SSLeay.xs(252) : warning formal: formatl parameter 1 different from 
declaration
SSLeay:xs(299) : warning c4018: '>' : signed/unsigned mismatch
SSLeay.xs(302) : warning c4018 '>=' : signed/unsigned mismatch
SSLeay.xs(305) : warning c4018 '>' : signed/unsigned mismatch
SSLeay.xs(336) : warning c4018 '>' : signed/unsigned mismatch
SSLeay.xs(344) : warning c4018 '>' : signed/unsigned mismatch
SSLeay.xs(352) : warning c4018 '<' : signed/unsigned mismatch

Then it says

"Running Mkbootstrap for Crypt::SSLeay ()"

it finished creating SSLeay.lib and stuff and checks the nmake program 
and says -- OK
does the Test and I see
net_sslok
ssl_context...ok 
All Tests Successful

and then it does the Make install and Installs all the files to the 
C:\perl\site\lib\auto\crypt\ssleay, C:\perl\site\lib\Net\SSL, and the 
C:\perl\site\lib\crypt\ directories and finally it appends the 
installation info to the C\lib\perllocal.pod and once again checks the 
nmake install and says  --OK

I don't know of any other setup procedures and I'm not too sure about 
proxies or certificates but when I try to execute this command

lwp-request https://www.nodeworks.com

I get the 500 SSL negotiation failed error

If anyone has any idea what this is as a result of please let me know, 
I'm running out of ideas.

Thanks,
Kevin


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [Crypt::SSLeay] compile problems on Linux

2002-12-31 Thread Lutz Jaenicke

On Tue, Dec 31, 2002 at 12:40:36AM +0200, CamCorder wrote:
> I'm using OpenSSL-0.9.6g and Crypt-SSLeay-0.45. I just encountered a
> compile problem which dumps these lines : 
> [root@localhost Crypt-SSLeay-0.45]# make
> gcc -c  -I/usr/local/openssl/include -D_REENTRANT -D_GNU_SOURCE
> -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
> -I/usr/include/gdbm -O2 -march=i386 -mcpu=i686   -DVERSION=\"0.45\"
> -DXS_VERSION=\"0.45\" -fpic
> "-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"   SSLeay.c
> In file included from /usr/local/openssl/include/openssl/evp.h:89,
>  from /usr/local/openssl/include/openssl/x509.h:67,
>  from /usr/local/openssl/include/openssl/ssl.h:122,
>  from crypt_ssleay_version.h:1,
>  from SSLeay.xs:20:
> /usr/local/openssl/include/openssl/des.h:193: parse error before '&'
> token
> make: *** [SSLeay.o] Error 1
> 
> When I removed the 
> openssl/des.h:193: -> char *crypt(const char *buf,const char *salt);
> line from des.h it compiled and the binary works well now. Just wanted
> to notify developers. Sorry if this is a wrong place to put . 

This problem has finally been resolved by removing the crypt() support
in OpenSSL 0.9.7.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] compile problems on Linux

2002-12-30 Thread CamCorder

I'm using OpenSSL-0.9.6g and Crypt-SSLeay-0.45. I just encountered a
compile problem which dumps these lines : 
[root@localhost Crypt-SSLeay-0.45]# make
gcc -c  -I/usr/local/openssl/include -D_REENTRANT -D_GNU_SOURCE
-fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-I/usr/include/gdbm -O2 -march=i386 -mcpu=i686   -DVERSION=\"0.45\"
-DXS_VERSION=\"0.45\" -fpic
"-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"   SSLeay.c
In file included from /usr/local/openssl/include/openssl/evp.h:89,
 from /usr/local/openssl/include/openssl/x509.h:67,
 from /usr/local/openssl/include/openssl/ssl.h:122,
 from crypt_ssleay_version.h:1,
 from SSLeay.xs:20:
/usr/local/openssl/include/openssl/des.h:193: parse error before '&'
token
make: *** [SSLeay.o] Error 1

When I removed the 
openssl/des.h:193: -> char *crypt(const char *buf,const char *salt);
line from des.h it compiled and the binary works well now. Just wanted
to notify developers. Sorry if this is a wrong place to put . 


Distro = Redhat 8.0
Kernel = 2.4.20
Perl = 5.8.0 (redhat build)

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Crypt::SSLeay - https and reuse of session id

2002-12-22 Thread Lutz Jaenicke

On Sat, Dec 21, 2002 at 10:28:38AM +0100, Thomas Hörndlein wrote:
> I'm using LWP::UserAgent and Crypt::SSLeay to access a webserver via 
> https which basically works. Unfortunatly a new handshake is done each 
> time the UserAgent accesses an URL. Is it possible to reuse the 
> Session-ID I got when the script connects to the webserver the first 
> time for follow-up sessions?

It is not sufficient to reuse a "Session-ID". You actually have to
reuse the session, including the pre-master secret etc.
I am not familiar with Crypt::SSLeay but reusing session normally means
to maintain a session database, probably shared between processes...
Thus, if it is not supported by Crypt:SSLeay...

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Crypt::SSLeay - https and reuse of session id

2002-12-22 Thread Thomas Hörndlein

Hello,

I'm using LWP::UserAgent and Crypt::SSLeay to access a webserver via 
https which basically works. Unfortunatly a new handshake is done each 
time the UserAgent accesses an URL. Is it possible to reuse the 
Session-ID I got when the script connects to the webserver the first 
time for follow-up sessions?

I would be grateful for any infos,

Thomas

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [ Crypt::SSLeay ] FYI

2002-12-21 Thread Lutz Jaenicke

On Fri, Dec 20, 2002 at 04:08:40PM +0100, H.Merijn Brand wrote:
> Crypt-SSLeah-0.45 successfully built and installed on
> 
> HP-UX 11.00  perl-5.6.1, perl-5.8.0, blead@18335  openssl-0.9.6g
> cygwin-1.3.17-1  perl-5.8.0/64, blead@18228/32openssl-0.9.6h-1
> 
> HP-UX needed -lgcc (Makefile.PL did this automatically) for _umoddi3, just as
> AIX-4.3

-lgcc is only needed, if any part was built with gcc.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[ Crypt::SSLeay ] FYI

2002-12-20 Thread H.Merijn Brand

Crypt-SSLeah-0.45 successfully built and installed on

HP-UX 11.00  perl-5.6.1, perl-5.8.0, blead@18335  openssl-0.9.6g
cygwin-1.3.17-1  perl-5.8.0/64, blead@18228/32openssl-0.9.6h-1

HP-UX needed -lgcc (Makefile.PL did this automatically) for _umoddi3, just as
AIX-4.3

-- 
H.Merijn BrandAmsterdam Perl Mongers (http://amsterdam.pm.org/)
using perl-5.6.1, 5.8.0 & 633 on HP-UX 10.20 & 11.00, AIX 4.2, AIX 4.3,
  WinNT 4, Win2K pro & WinCE 2.11.  Smoking perl CORE: [EMAIL PROTECTED]
http:[EMAIL PROTECTED]/   [EMAIL PROTECTED]
send smoke reports to: [EMAIL PROTECTED], QA: http://qa.perl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Crypt::SSLeay Raven conflict using apache and web services.

2002-11-30 Thread Keary Suska

Title: Re: Crypt::SSLeay Raven conflict using apache and web services.

on 11/29/02 8:13, [EMAIL PROTECTED] purportedly said:

Myself and one of my companies¹ associates are in the process of implementing a connection between our systems using web services. Our associates are using Apache with the Raven SSL module and mod_perl. They are trying to connect to our system via a call through SOAP::Lite via HTTPS this required the introduction of Crypt:SSLeay and OpenSSL. The problem is that when apache is running Raven and the web service client, implemented in perl, running under mod perl, tries to make a call via HTTPS it fails and gives an error stating this ³child pid 14308 exit signal Segmentation Fault (11).² If we disable raven the web service client connects without error also if we make the call over standard HTTP it connects without error it is just when Apache and the web service client are running SSL simultaneously. I am under the opinion that the two are fighting for a resource lower down the chain, but I do not have the expertise in these particular implementations of SSL software to know what both are precisely doing. I would like to know if anyone has heard of such a conflict and if there is possibly a known remedy for this problem. Any help would be greatly appreciated.

IIRC, mod_perl must be loaded in httpd.conf before Raven SSL. Also, Raven should probably be loaded as a DSO, as historically they have had many conflicts when installed statically.

Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"

Crypt::SSLeay Raven conflict using apache and web services.

2002-11-29 Thread Kenton Smeltzer









To anyone that can help,

Myself and one of my companies’ associates are in the
process of implementing a connection between our systems using web services.
Our associates are using Apache with the Raven SSL module and mod_perl. They
are trying to connect to our system via a call through SOAP::Lite via HTTPS
this required the introduction of Crypt:SSLeay and OpenSSL. The problem is that
when apache is running Raven and the web service client, implemented in perl, running
under mod perl, tries to make a call via HTTPS it fails and gives an error
stating this “child pid 14308 exit signal Segmentation Fault (11).”
If we disable raven the web service client connects without error also if we make
the call over standard HTTP it connects without error it is just when Apache
and the web service client are running SSL simultaneously. I am under the
opinion that the two are fighting for a resource lower down the chain, but I do
not have the expertise in these particular implementations of SSL software to
know what both are precisely doing. I would like to know if anyone has heard of
such a conflict and if there is possibly a known remedy for this problem. Any
help would be greatly appreciated.

 

Thanks,

Kenton

Re: [Crypt::SSLeay] compile problems on HP-UX 11.11

2002-11-06 Thread Lutz Jaenicke

On Tue, Nov 05, 2002 at 04:04:11PM +0100, Hiemisch Joerg wrote:
> Hi All,
> I have some trouble to compile SSLeay on HP-UX 11.11
> 
> I installed a new system with latest recommended patches ( including perl
> 5.6.1 ).
> 
> # perl -v
> 
> This is perl, v5.6.1 built for PA-RISC1.1-thread-multi
> (with 1 registered patch, see perl -V for more detail)
> 
> Copyright 1987-2001, Larry Wall
> 
> Binary build 627 provided by ActiveState Tool Corp.
> http://www.ActiveState.com
> Built 21:42:53 Jun 20 2001
> 
> 
> 
> I installed openssl 0.9.6.d from HP-UX Software Porting Center.
> I installed gcc 3.2 from HP-UX Software Porting Center.
> 
> When I try to install SSLeay I get the following output.
> 
> # pwd
> /tmp/Crypt-SSLeay-0.45
> # make
> gcc -c -I/usr/local/include -D_POSIX_C_SOURCE=199506L -D_HPUX_SOURCE
> -L/lib/pa1.1 -DUINT32_MAX_BROKEN -mpa-risc-1-1 -fPIC -fno-strict-aliasing
> -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O
> -DVERSION=\"0.45\"  -DXS_VERSION=\"0.45\" -fPIC
> -I/opt/perl/lib/5.6.1/PA-RISC1.1-thread-multi/CORE  SSLeay.c
> cc1: warning: changing search order for system directory
> "/usr/local/include"
> cc1: warning:   as it has already been specified as a non-system directory
> In file included from
> /opt/perl/lib/5.6.1/PA-RISC1.1-thread-multi/CORE/perl.h:713,
>  from SSLeay.xs:13:
> /usr/include/sys/socket.h:439: parse error before "sendfile"
> /usr/include/sys/socket.h:440: parse error before "bsize_t"
> /usr/include/sys/socket.h:441: parse error before "sendpath"
> /usr/include/sys/socket.h:442: parse error before "bsize_t"
> /usr/include/sys/socket.h:456: parse error before "__sendfile64"
> /usr/include/sys/socket.h:456: parse error before "bsize_t"
> /usr/include/sys/socket.h:457: parse error before "__sendpath64"
> /usr/include/sys/socket.h:457: parse error before "bsize_t"
> /usr/include/sys/socket.h:459: parse error before "sendfile"
> /usr/include/sys/socket.h: In function `sendfile':
> /usr/include/sys/socket.h:459: parse error before "bsize_t"
> /usr/include/sys/socket.h: At top level:
> /usr/include/sys/socket.h:460: parse error before "sendpath"
> /usr/include/sys/socket.h: In function `sendpath':
> /usr/include/sys/socket.h:460: parse error before "bsize_t"
> *** Error exit code 1
> 
> Stop.
> #
> 
> What does it mean?
> Can anybody help me?

gcc has special requirements for the header files. Some of it must
be modified for use with gcc. For this very reason, gcc has private
copies of those header files including the necessary modifications.
If gcc was built on another system (version of the operating system)
conflicts like the one shown might appear.
I cannot say, in how far "perl" specialties may lead to additional
complications in this regard.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [Crypt::SSLeay] make test fails on Linux

2002-10-30 Thread Keary Suska

on 10/29/02 11:44 AM, [EMAIL PROTECTED] purportedly said:

> I've just found another post on the ml archives
> concerning my problem, but didn't find any reply, so:
> 
> root@hwsx:~/.cpan/build/Crypt-SSLeay-0.45# make test
> 
> PERL_DL_NONLAZY=1 /usr/bin/perl -Iblib/arch -Iblib/lib
> -I/usr/lib/perl5/i386-linux -I/usr/lib/perl5 -e 'use Test::Harness
> qw(&runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t
> t/net_ssl...dubious
> Test returned status 0 (wstat 11, 0xb)
> t/ssl_context...dubious
> Test returned status 0 (wstat 11, 0xb)
> FAILED--2 test scripts could be run, alas--no output ever seen
> make: *** [test_dynamic] Error 2

It can be many things. What URL did you provide for testing? Can you access
that URL through your browser?

Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] make test fails on Linux

2002-10-29 Thread Filippo Solinas


Hi there,

I've just found another post on the ml archives
concerning my problem, but didn't find any reply, so:

root@hwsx:~/.cpan/build/Crypt-SSLeay-0.45# make test

PERL_DL_NONLAZY=1 /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/i386-linux 
-I/usr/lib/perl5 -e 'use Test::Harness qw(&runtests $verbose); $verbose=0; runtests 
@ARGV;' t/*.t
t/net_ssl...dubious
Test returned status 0 (wstat 11, 0xb)
t/ssl_context...dubious
Test returned status 0 (wstat 11, 0xb)
FAILED--2 test scripts could be run, alas--no output ever seen
make: *** [test_dynamic] Error 2


- Slackware 8.1 kernel 2.4.18
- Perl 5.6.1
- OpenSSL 0.9.6e
- Crypt-SSLeay-0.45


Any idea?

Thanks,

ph.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] problems

2002-10-18 Thread Foong-Ying Rousey

Hi,

I'm trying to acess https  urls using LWP module behind a firewall, can't  get it to 
work. I've installed the Crypt::SSLeay
module.

I'm using the lwp-ssl-test that came with Crypt::SSLeay to debug.

I have no problems acessing http urls.

When I run

lwp-ssl-test -d -proxy http://gate.***.com:81 https://www.nodeworks.com

LWP::UserAgent::new: ()
LWP::UserAgent::proxy: https http://gate.***.com:81
LWP::UserAgent::request: ()
LWP::UserAgent::send_request: HEAD https://www.nodeworks.com/
LWP::UserAgent::_need_proxy: Proxied to http://gate.***.com:81
LWP::Protocol::http::request: ()
LWP::UserAgent::request: Simple response: Internal Server Error
HTTPS_PROXY = http://gate.***.com:81
$VAR1 = bless( {
 '_protocol' => 'HTTP/1.1',
 '_request' => bless( {
'_method' => 'HEAD',
'_headers' => bless( {
   'user-agent' => 
'libwww-perl/5.65'
 }, 'HTTP::Headers' ),
'_uri' => bless( do{\(my $o = 
'https://www.nodeworks.com/')}, 'URI::https' ),
'_content' => ''
  }, 'HTTP::Request' ),
 '_headers' => bless( {
'client-response-num' => 1,
'content-type' => 'text/html',
'connection' => 'close',
'date' => 'Fri, 18 Oct 2002 14:00:43 GMT',
'server' => 'NetCache (NetApp/5.2.1R1D12)',
'client-date' => 'Fri, 18 Oct 2002 14:00:44 
GMT',
'content-length' => 302
  }, 'HTTP::Headers' ),
 '_msg' => 'Server Error',
 '_rc' => 500,
 '_content' => ''
   }, 'HTTP::Response' );

How can I tell  where the problem is?

Thanks,
Foong-Ying


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] Looking for modern version of Perl binaries for Win32

2002-10-11 Thread Clinton Pierce


Looking for a bit of help here.  I need to do some LWP work over https, and
the proxy method for the LWP::UserAgent module doesn't do http-CONNECT style
proxying (it simply re-isses the GET).

According to the manpage, Crypt::SSLeay (0.45) does thorugh the
$ENV{HTTPS_PROXY} interface but the version made available by Activestate
(0.17) doesn't seem to.

Does anyone have a modern Win32/Activestate compatable version of
Crypt::SSLeay compiled and wouldn't mind giving me the binaries?

Thank you!
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] Compile problems with DynaLoader?

2002-10-10 Thread Matt Wagner



Hey guys,

I've had three customers now who couldn't get the Crypt::SSLeay module
successfully installed, and I had no success myself either.  There all
normal Redhat LINUX servers, without any special configuration (that I know
of).

Anyway, when running "make test", I always get the following:


t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for
module Crypt::SSLeay: blib/arch/auto/Crypt/SSLeay/SSLeay.so: undefined
symbol: SSLeay_add_all_algorithms at
/usr/lib/perl5/5.6.1/i386-linux/DynaLoader.pm line 206.
 at blib/lib/Crypt/SSLeay/CTX.pm line 2
Compilation failed in require at blib/lib/Crypt/SSLeay/CTX.pm line 2.


The server is running Perl v5.6.1 for i386-linux.  Any help would be greatly
appreciated.

Thank you,
Matt Wagner

Envex Developments
Your CGI Script Specialists
http://www.envex.net/



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Verifying Server Certificates in Perl using LWP HTTPS and Crypt::SSLeay

2002-09-04 Thread Martin Sjögren


ons 2002-09-04 klockan 10.18 skrev [EMAIL PROTECTED]:
> > NOTE: Please cc all responses directly to me.  Thanks in advance.
> 
> I think that's not fair.
> You ask on a public list, so the answers should be public too,
> that's what a mailinglist is for ...

I think what he's trying to say is that he's not subscribed :)


Regards,
Martin




signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signeradmeddelandedel

Re: Verifying Server Certificates in Perl using LWP HTTPS and Crypt::SSLeay

2002-09-04 Thread h . rueter


Hi,


> How can I instruct Perl to verify the server certificate? I'm making the 
> request using Perl & LWP, which uses Crypt::SSLeay for HTTPS.
> 
> I'd like to a) verify that the server's certificate is valid and b) verify
> 
> the issuers certificate from the local databse of trusted issuers.
> 
> NOTE: Please cc all responses directly to me.  Thanks in advance.

I think that's not fair.
You ask on a public list, so the answers should be public too,
that's what a mailinglist is for ...

> Franklin

Harry

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Verifying Server Certificates in Perl using LWP HTTPS and Crypt::SSLeay

2002-09-03 Thread Franklin DeMatto


How can I instruct Perl to verify the server certificate? I'm making the 
request using Perl & LWP, which uses Crypt::SSLeay for HTTPS.

I'd like to a) verify that the server's certificate is valid and b) verify 
the issuers certificate from the local databse of trusted issuers.

NOTE: Please cc all responses directly to me.  Thanks in advance.

Franklin




Franklin DeMatto
Senior  Analyst, qDefense Penetration Testing
http://qDefense.com
qDefense: Specialized Security Solutions

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Crypt::SSLeay --- how do I supply username and password?

2002-08-21 Thread Mark Ginsburg



Hello,

I have installed OpenSSL from openssl.org.  I have installed
Crypt::SSLeay. 

My situation is that I am trying to compose a POST to an https: server.

Using a webbrowser, the server will come back and ask for my username and
password.  How do I set these so that the POST works in my Perl program? 
In the readme file for Crypt:SSLeay, I saw some mention of setting ENV
variables in the proxy situation, but I have no proxies in my case.

Thanks


Mark

*
* Dr. Mark Ginsburg *
* Assistant Professor, MIS Dept.*
* U. of Arizona *
* 1130 E Helen St., #430BB  *
* Tucson, AZ 85719  *
*   *
* [EMAIL PROTECTED]  *
*
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] compile problems on Slackware Linux 8.1

2002-07-30 Thread Tim Legg


I'm getting an unusual problem, (maybe).  I've seen
this problem posted before on this list and many
others, but haven't been able to figure out the
problem yet.

I'll just tell you that I'm trying to compile and
install Crypt::SSLeay so I can use Fetchyahoo.  If
that makes any difference or not.

Anyway, I'll start by the error or warning messages
generated from perl Makefile.PL:


Note (probably harmless): No library found for -lgcc
Note (probably harmless): No library found for
-lRSAglue
Note (probably harmless): No library found for
-lrsaref


Followed by a successfull make, and an error ridden
make test / make install:


PERL_DL_NONLAZY=1 /usr/bin/perl -Iblib/arch -Iblib/lib
-I/usr/lib/perl5/i386-linux -I/usr/lib/perl5 -e 'use
Test::Harness qw(&runtests $verbose); $verbose=0;
runtests @ARGV;' t/*.t
t/net_ssl...dubious
Test returned status 0 (wstat 11, 0xb)
t/ssl_context...dubious
Test returned status 0 (wstat 11, 0xb)
FAILED--2 test scripts could be run, alas--no output
ever seen
make: *** [test_dynamic] Error 2


Does anyone know what could cause this?  All I want is
my Fetchyahoo to get my mail without giving me this
message:


Logging in insecurely via plaintext as Legg83.


Thanks in advance.

__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSL - Crypt ::SSLeay & LWP

2002-07-29 Thread Eric Wilson




Can someone provide me some assistance on 
incorporating the following on a cobalt RAQ4 running linux
 
OpenSSL - a C library
 
Crypt::SSLeay and LWP
 
I need to install the before mentioned modules and 
I am definitly wet behind the ears when it comes to this... Thank 
You
 
Eric Wilson

Crypt::SSLeay Build with Perl 5.8.0RC3

2002-07-19 Thread Richard Chadwick


I'm trying to get Crypt::SSLeay 0.41 working with Perl 5.8.0RC3 on Linux 
2.2.18 system with gcc 2.95.2

The problem I can't get past is:

gcc -c  -I/usr/local/openssl/include -D_REENTRANT -D_GNU_SOURCE 
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE 
-D_FILE_OFFSET_BITS=64 -O3   -DVERSION=\"0.41\" -DXS_VERSION=\"0.41\" 
-fpic "-I/local/lib/perl5/5.8.0/i686-linux-thread-multi/CORE"   SSLeay.c
In file included from /usr/local/openssl/include/openssl/evp.h:89,
 from /usr/local/openssl/include/openssl/x509.h:67,
 from /usr/local/openssl/include/openssl/ssl.h:122,
 from crypt_ssleay_version.h:1,
 from SSLeay.xs:20:
/usr/local/openssl/include/openssl/des.h:193: parse error before `&'
make: *** [SSLeay.o] Error 1

-- 
Richard Chadwick
Atlantic Systems Group Inc.Phone:  wk. +1.506.460.5400 [x217]
845 Prospect St. Suite 100   Fax:  +1.506.460.5411
Fredericton, NBPager:  +1.506.557-3634
Canada  E3B 2T7   E-mail: [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Crypt::SSLeay ver 0.37.0 or later

2002-07-17 Thread Greulich, Jeanne M.

Title: Crypt::SSLeay ver 0.37.0 or later





Hello,


I am looking for a compiled version of the Crypt:SSLeay module for Windows 2000 that is version0.37 or later.  I have found that Active State has a version 0.17.0 but it does not have features I need.  

Is anyone aware of one?  


Thank You


Jeanne Greulich

Crypt::SSLeay 0.35 patch

2002-06-16 Thread Doug Silver


Hi All -

I'm using Crypt-SSLeay-0.35 on a FreeBSD system.  I've consistently
seen the following errors and finally got around to investigating
what might be causing them:

Use of uninitialized value in substitution (s///) at 
/usr/local/lib/perl5/site_perl/5.6.1/mach/Net/SSL.pm line 363.
Use of uninitialized value in division (/) at 
/usr/local/lib/perl5/site_perl/5.6.1/mach/Net/SSL.pm line 115.

I've included the following patch if anyone is interested and/or to
be used in future revisions.

I'm not on this list, so please cc me directly.

Thanks!
-- 
~~~
Doug Silver
Network Manager
Urchin Software Corp.   http://www.urchin.com
~~~
--- SSL.pm  Wed Oct 31 18:55:56 2001
+++ SSL.pm.new  Sun Jun 16 10:10:05 2002
@@ -112,8 +112,10 @@
if ($^O ne 'MSWin32') {
$SIG{ALRM} = sub { $self->die_with_error("SSL connect
timeout") };
# timeout / 2 because we have 3 possible connects here
-   my $alarm_timeout = ($self->timeout / 2) || 60;
-   alarm($alarm_timeout);
+   if (defined $self->timeout) {
+  my $alarm_timeout = ($self->timeout / 2) || 60;
+  alarm($alarm_timeout);
+   }
}
 
my $rv;
@@ -360,7 +362,7 @@
$proxy_server = $ENV{$_};
last if $proxy_server;
 }
-$proxy_server =~ s|^https?://||i;
+if (defined $proxy_server){$proxy_server =~ s|^https?://||i;}
 
 $proxy_server;
 }

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Crypt::SSLeay - net_ssl_test - Perl

2002-06-06 Thread Keary Suska


on 6/6/02 9:45 AM, [EMAIL PROTECTED] purportedly said:

> Hi.
> 
> When using the net_ssl_test script I get this error:
> WEB SITE: www.nwoasis.org:443
> CIPHER: RC4-MD5
> THIS IS: /C=US/O=BONNEVILLE POWER ADMINISTRATION/OU=BONNEVILLE POWER
> ADMINISTRATION/CN=www.nwoasis.org
> CERTIFIED BY: /C=US/O=Digital Signature Trust Co./OU=TrustID
> Server/CN=TrustID Server CA A5
> 
> #!/usr/bin/ksh
> export HTTPS_CA_FILE='./dt_ca.crt';
> export  HTTPS_CA_DIR='.';
> export HOST='https://www.nwoasis.org';
> ./net_ssl_test -cert=./dt_cl.crt -key=./dt.key -d GET $HOST
> 
> SSL_connect:error in SSLv3 read server certificate B
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2 write client hello A
> SSL_connect:error in SSLv2 read server hello B
> == FAILED TO CONNECT ==
> Error: SSL negotiation failed: error:1407E086:SSL
> routines:SSL2_SET_CERTIFICATE:certificate verify failed at
> /usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/Net/SSL.pm line 215.
> ;  at /usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/Net/SSL.pm line 146.

If I understand the process correctly, you must have the proper CA file for
the particular CA, in this case "Digital Signature Trust Co.". If you are
not acting as your own CA, you need to download the proper root CA from the
certificate vendor.

Keary Suska
(719) 473-6431


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Crypt::SSLeay - net_ssl_test - Perl

2002-06-06 Thread John Lien


Hi.

When using the net_ssl_test script I get this error:

== FAILED TO CONNECT ==
Error: SSL negotiation failed: error:1407E086:SSL
routines:SSL2_SET_CERTIFICATE:certificate verify failed at

In one test case it seems to work; in the other it fails.  I'm not sure
where I went wrong.  The details of what I've done are below.

SECTION 1 - shows the openssl commands I used to parse the PCKS12 file.
SECTION 2 - shows the script and output that runs well
SECTION 3 - shows the script and output that fails
SECTION 4 - shows my environment

I am behind a firewall, but we dont use a proxy.  I'd greatly appreciate any
help.

Thanks,
John


- SECTION 1 
I created my files like this:

pkcs12 -in dt.pfx -cacerts -nodes -nokeys -out dt_ca.crt
Enter Import Password:
MAC verified OK
pkcs12 -in dt.pfx -clcerts -nodes -nokeys -out dt_cl.crt
Enter Import Password:
MAC verified OK
pkcs12 -in dt.pfx -nocerts -nodes -out dt.key
Enter Import Password:
MAC verified OK

I tested the cert files with these commands:
x509 -in dt_ca.crt -noout -text
x509 -in dt_cl.crt -noout -text
rsa -in dt.key -noout -text

and they seemed to pass.

- SECTION 2 

When I run this (HTTPS_CA* are commented out):

#!/usr/bin/ksh
#export HTTPS_CA_FILE='./dt_ca.crt';
#export  HTTPS_CA_DIR='.';
export HOST='https://www.nwoasis.org';
./net_ssl_test -cert=./dt_cl.crt -key=./dt.key -d GET $HOST


I get this output (which I think looks ok):

ieh1: dt_test.ksh
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
WEB SITE: www.nwoasis.org:443
CIPHER: RC4-MD5
THIS IS: /C=US/O=BONNEVILLE POWER ADMINISTRATION/OU=BONNEVILLE POWER
ADMINISTRATION/CN=www.nwoasis.org
CERTIFIED BY: /C=US/O=Digital Signature Trust Co./OU=TrustID
Server/CN=TrustID Server CA A5

SSL_connect:SSL renegotiate ciphers
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Content-Location: https://206.137.58.66/index.html
Date: Wed, 05 Jun 2002 22:48:21 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Tue, 16 Nov 1999 22:18:40 GMT
ETag: "8de44898030bf1:311f5"
Content-Length: 1038
...

- SECTION 3 

When I add in the HTTPS_CA variables and run this:

#!/usr/bin/ksh
export HTTPS_CA_FILE='./dt_ca.crt';
export  HTTPS_CA_DIR='.';
export HOST='https://www.nwoasis.org';
./net_ssl_test -cert=./dt_cl.crt -key=./dt.key -d GET $HOST

I get this output (which looks bad):

ieh1: digi_test.ksh
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:error in SSLv2 read server hello B
== FAILED TO CONNECT ==
Error: SSL negotiation failed: error:1407E086:SSL
routines:SSL2_SET_CERTIFICATE:certificate verify failed at
/usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/Net/SSL.pm line 215.
;  at /usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/Net/SSL.pm line 146.


If you need to use a proxy, please pass it in as an argument like

  ./net_ssl_test -p 127.0.0.1:8080

which sets $ENV{HTTPS_PROXY} for you.

- SECTION 4 
Environment:
Perl v5.6.1
Solaris 8
Crypt-SSLeay-0.37
OpenSSL 0.9.6 24 Sep 2000
-

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] Compile problems on cobalt raq

2002-04-28 Thread Admo.net Administrator









I am using a cobalt raq3 and I cannot get Crypt::SSLeay to compile correctly.

 

Here’s some output:

[root@www Crypt-SSLeay-0.37]# make

cc -c -I/usr/local/ssl/include -Dbool=char -DHAS_BOOL -I/usr/local/include
-O2    -DVERSION=\"0.37\"
-DXS_VERSION=\"0.37\" -fpic
-I/usr/lib/perl5/5.00503/i386-linux/CORE  SSLeay.c

SSLeay.c: In
function `XS_Crypt__SSLeay__Err_get_error_string':

SSLeay.c:88: `aTHX_' undeclared
(first use in this function)

SSLeay.c:88: (Each undeclared identifier is reported only
once

SSLeay.c:88: for each function it appears in.)

SSLeay.c:88: parse error before string constant

SSLeay.c:91: `dXSTARG' undeclared
(first use in this function)

SSLeay.xs:83: parse error before `unsigned'

SSLeay.xs:86: `l' undeclared (first use in this function)

SSLeay.xs:90: `buf' undeclared
(first use in this function)

SSLeay.c:104: `targ' undeclared
(first use in this function)

SSLeay.c:104: `XSprePUSH'
undeclared (first use in this function)

SSLeay.c: In
function `XS_Crypt__SSLeay__CTX_new':

SSLeay.c:113: `aTHX_' undeclared
(first use in this function)

SSLeay.c:113: parse error before string constant

SSLeay.c: In
function `XS_Crypt__SSLeay__CTX_free':

SSLeay.c:162: `aTHX_' undeclared
(first use in this function)

SSLeay.c:162: parse error before string constant

SSLeay.c: In
function `XS_Crypt__SSLeay__CTX_set_cipher_list':

SSLeay.c:182: `aTHX_' undeclared
(first use in this function)

SSLeay.c:182: parse error before string constant

SSLeay.c:187: `dXSTARG' undeclared
(first use in this function)

SSLeay.c:197: `XSprePUSH'
undeclared (first use in this function)

SSLeay.c:197: `targ' undeclared
(first use in this function)

SSLeay.c: In
function `XS_Crypt__SSLeay__CTX_use_certificate_file':

SSLeay.c:206: `aTHX_' undeclared
(first use in this function)

SSLeay.c:206: parse error before string constant

SSLeay.c:212: `dXSTARG' undeclared
(first use in this function)

SSLeay.c:222: `XSprePUSH'
undeclared (first use in this function)

SSLeay.c:222: `targ' undeclared
(first use in this function)

SSLeay.c: In
function `XS_Crypt__SSLeay__CTX_use_PrivateKey_file':

SSLeay.c:231: `aTHX_' undeclared
(first use in this function)

SSLeay.c:231: parse error before string constant

SSLeay.c:237: `dXSTARG' undeclared
(first use in this function)

SSLeay.c:247: `XSprePUSH'
undeclared (first use in this function)

SSLeay.c:247: `targ' undeclared
(first use in this function)

SSLeay.c: In
function `XS_Crypt__SSLeay__CTX_check_private_key':

SSLeay.c:256: `aTHX_' undeclared
(first use in this function)

SSLeay.c:256: parse error before string constant

SSLeay.c:260: `dXSTARG' undeclared
(first use in this function)

SSLeay.c:270: `XSprePUSH'
undeclared (first use in this function)

SSLeay.c:270: `targ' undeclared
(first use in this function)

SSLeay.c: In
function `XS_Crypt__SSLeay__CTX_set_verify':

SSLeay.c:279: `aTHX_' undeclared
(first use in this function)

SSLeay.c:279: parse error before string constant

SSLeay.c: In
function `XS_Crypt__SSLeay__Conn_new':

SSLeay.c:317: `aTHX_' undeclared
(first use in this function)

SSLeay.c:317: parse error before string constant

SSLeay.c: In
function `XS_Crypt__SSLeay__Conn_free':

SSLeay.c:371: `aTHX_' undeclared
(first use in this function)

SSLeay.c:371: parse error before string constant

SSLeay.c: In
function `XS_Crypt__SSLeay__Conn_set_fd':

SSLeay.c:391: `aTHX_' undeclared
(first use in this function)

SSLeay.c:391: parse error before string constant

SSLeay.c:396: `dXSTARG' undeclared
(first use in this function)

SSLeay.c:406: `XSprePUSH'
undeclared (first use in this function)

SSLeay.c:406: `targ' undeclared
(first use in this function)

SSLeay.c: In
function `XS_Crypt__SSLeay__Conn_connect':

SSLeay.c:415: `aTHX_' undeclared
(first use in this function)

SSLeay.c:415: parse error before string constant

SSLeay.c:419: `dXSTARG' undeclared
(first use in this function)

SSLeay.c:429: `XSprePUSH'
undeclared (first use in this function)

SSLeay.c:429: `targ' undeclared
(first use in this function)

SSLeay.c: In
function `XS_Crypt__SSLeay__Conn_accept':

SSLeay.c:438: `aTHX_' undeclared
(first use in this function)

SSLeay.c:438: parse error before string constant

SSLeay.c:442: `dXSTARG' undeclared
(first use in this function)

SSLeay.c:452: `XSprePUSH'
undeclared (first use in this function)

SSLeay.c:452: `targ' undeclared
(first use in this function)

SSLeay.c: In
function `XS_Crypt__SSLeay__Conn_write':

SSLeay.c:461: `aTHX_' undeclared
(first use in this function)

SSLeay.c:461: parse error before string constant

SSLeay.c: In
function `XS_Crypt__SSLeay__Conn_read':

SSLeay.c:513: `aTHX_' undeclared
(first use in this function)

SSLeay.

Crypt::SSLeay Client-SSL problem

2002-02-22 Thread POLearyUK

Hi

I am currently having a problem with Client-SSL authentification with version 0.37. I am given a pkcs#7 type certificate which I have converted to PEM using openssl 0.9b. It passes through use_certificate_file without issue.

However when I use LWP to connect I keep receiving a 403.7 on the host IIS system. Any Light you can shed would be greatfully appreciated

Here is an example of what I am using.


#!/usr/bin/perl

use HTTP::Request::Common;
use LWP::Debug qw(+);
use LWP::UserAgent;

my $uploadUrl = "https://XXX";

$ENV{'HTTPS_DEBUG'} = 1;

$ENV{'HTTPS_VERSION'} = '3';

$ENV{'HTTPS_CERT_FILE'} = 'cert.pem';

my $ua = LWP::UserAgent->new;

my $response = $ua->request(GET $uploadUrl);

#print $response->content;
print "\n\n\n\n\n";
#print $ua;
print $response->as_string;

if ($response->is_success) {
print "OK\n";
#print $response->content;
} else {
#   print $response->error_as_HTML;
}

Thanks 
Patrick

Crypt::SSLeay - make test fails on redhat 6.2

2002-02-22 Thread Chuck Russo


Has anyone ever come across this before?

[root@myhost Crypt-SSLeay-0.37]# Makefile.PL
Found OpenSSL (version OpenSSL 0.9.5) installed at /usr/local/ssl
Which OpenSSL build path do you want to link against? [/usr/local/ssl]


BUILD INFORMATION


ssl dir:/usr/local/ssl
libraries:  -lssl -lcrypto -lgcc -lRSAglue -lrsaref
include dir:/usr/local/ssl/include
ssl header: openssl/ssl.h
ssl candidate:  /usr/local/ssl; /usr/local/ssl/include/openssl; OpenSSL 0.9.5



Checking if your kit is complete...
Looks good
Note (probably harmless): No library found for -lgcc
Note (probably harmless): No library found for -lRSAglue
Note (probably harmless): No library found for -lrsaref
Writing Makefile for Crypt::SSLeay



[root@myhost Crypt-SSLeay-0.37]# make
mkdir blib
mkdir blib/lib
mkdir blib/lib/Crypt
mkdir blib/arch
mkdir blib/arch/auto
mkdir blib/arch/auto/Crypt
mkdir blib/arch/auto/Crypt/SSLeay
mkdir blib/lib/auto
mkdir blib/lib/auto/Crypt
mkdir blib/lib/auto/Crypt/SSLeay
mkdir blib/man3
cp lib/Net/SSL.pm blib/lib/Net/SSL.pm
cp lib/Crypt/SSLeay/MainContext.pm blib/lib/Crypt/SSLeay/MainContext.pm
cp lib/Crypt/SSLeay/CTX.pm blib/lib/Crypt/SSLeay/CTX.pm
cp SSLeay.pm blib/lib/Crypt/SSLeay.pm
cp lib/Crypt/SSLeay/Conn.pm blib/lib/Crypt/SSLeay/Conn.pm
cp lib/Crypt/SSLeay/X509.pm blib/lib/Crypt/SSLeay/X509.pm
cp lib/Crypt/SSLeay/Err.pm blib/lib/Crypt/SSLeay/Err.pm
/usr/local/bin/perl -I/usr/local/lib/perl5/5.6.0/i686-linux 
-I/usr/local/lib/perl5/5.6.0 
/usr/local/lib/perl5/5.6.0/ExtUtils/xsubpp  -typemap 
/usr/local/lib/perl5/5.6.0/ExtUtils/typemap -typemap typemap SSLeay.xs > 
SSLeay.xsc && mv SSLeay.xsc SSLeay.c
cc -c -I/usr/local/ssl/include -fno-strict-aliasing -I/usr/local/include 
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"0.37\" 
-DXS_VERSION=\"0.37\" -fpic 
-I/usr/local/lib/perl5/5.6.0/i686-linux/CORE  SSLeay.c
Running Mkbootstrap for Crypt::SSLeay ()
chmod 644 SSLeay.bs
LD_RUN_PATH="/usr/local/ssl/lib" cc -o 
blib/arch/auto/Crypt/SSLeay/SSLeay.so  -shared -L/usr/local/lib 
SSLeay.o-L/usr/local/ssl/lib -lssl -lcrypto
chmod 755 blib/arch/auto/Crypt/SSLeay/SSLeay.so
cp SSLeay.bs blib/arch/auto/Crypt/SSLeay/SSLeay.bs
chmod 644 blib/arch/auto/Crypt/SSLeay/SSLeay.bs
Manifying blib/man3/Crypt::SSLeay.3



[root@myhost Crypt-SSLeay-0.37]# make test
PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib 
-I/usr/local/lib/perl5/5.6.0/i686-linux -I/usr/local/lib/perl5/5.6.0 -e 
'use Test::Harness qw(&runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t
t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for 
module Crypt::SSLeay: blib/arch/auto/Crypt/SSLeay/SSLeay.so: undefined 
symbol: OPENSSL_free at /usr/local/lib/perl5/5.6.0/i686-linux/DynaLoader.pm 
line 200.
  at blib/lib/Crypt/SSLeay/CTX.pm line 2
Compilation failed in require at blib/lib/Crypt/SSLeay/CTX.pm line 2.
Compilation failed in require at blib/lib/Crypt/SSLeay/MainContext.pm line 8.
Compilation failed in require at t/ssl_context.t line 3.
BEGIN failed--compilation aborted at t/ssl_context.t line 3.
t/ssl_context...dubious
 Test returned status 255 (wstat 65280, 0xff00)
FAILED--1 test script could be run, alas--no output ever seen
make: *** [test_dynamic] Error 2
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Crypt::SSLeay

2001-12-27 Thread timotac


Thanks, for your help.  I will have to try it out when I get a chance, 
as a higher priority job has been assigned to me.
On 23 Dec 2001 at 20:43, Joshua Chamas wrote:

> [EMAIL PROTECTED] wrote:
> > 
> > I made sure Crypt::SSLeay was installed.
> > ppm -query yields Crypt-SSLeay [0.17.1]
> > 
> > the script looks like this:
> > 
> > use LWP::UserAgent;
> > 
> > $ENV{HTTPS_VERSION} = '3';
> > $ENV{HTTPS_CERT_FILE} = 'd:\certs\mycert.pem';
> > $ENV{HTTPS_KEY_FILE}  = 'd:\certs\mykey.pem';
> > $ENV{HTTPS_CA_FILE}  = 'd:\certs\server.pem';
> > 
> 
> If this means that you have version .17 of Crypt::SSLeay installed,
> then your HTTPS_CA_FILE config won't be picked up.  Support for this
> was added in version .29 of the module looks like.  You can 
> ask ActiveState to compile this version of the module for you for
> your perl build version if they haven't already.
> 
> Also, be sure to use the ./lwp-ssl-test script with the -d
> option when debugging for the first time with Crypt::SSLeay, 
> the magic here is setting:
> 
> $ENV{HTTPS_DEBUG} = 1;
> 
> in your script to get debugging output.  This option was
> added in version .31 of the module.
> 
> --Josh
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Crypt::SSLeay

2001-12-27 Thread timotac


Thanks for your reply.  My work on this has been shelved for a 
higher priority (Kerberos stuff, getting to play with all sorts of new 
stuff) and letting the c coder duplicate the work.  Unfortunately, the 
machine is on an internal network, so I don't know how I could have 
tested your suggestion.  

On 21 Dec 2001 at 12:04, Keary Suska wrote:

> Unfortunately, error messages do not propagate well from SSLeay to LWP, so
> LWP often doesn't give informative messages. It is likely, however, that the
> peer certificate verification is failing. To ensure SSL works correctly,
> comment out all the $ENV lines showing in your script below, and try to
> connect to any public site (that supports SSL, of course) using https.
> 
> If that works, then at least the SSL underpinnings are fine. It would also
> indicate the likelihood of a peer verification problem. I don't recall the
> peer verification setup exactly, but IIRC you have to tell SSL where to find
> the root CA certificates, so it can choose the right one for verification.
> At least this is a clue to what may be going wrong...
> 
> Keary Suska
> Esoteritech, Inc.
> "Leveraging Open Source for a better Internet"
> 
> > From: [EMAIL PROTECTED]
> > Reply-To: [EMAIL PROTECTED]
> > Date: Fri, 21 Dec 2001 06:44:47 -0500
> > To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> > Subject: Re: Crypt::SSLeay
> > 
> > On 16 Dec 2001 at 2:43, Joshua Chamas wrote:
> > 
> >> timotac wrote:
> >>> 
> >>> I have a small perl script I wrote that retrieves files using
> >>> LWP::UserAgent to get files from a cert protected directory off o a web
> >>> server.  The script works fine on *nix boxes.  Now I have to get it to
> >>> work on an NT box, and I am new to perl on NT.
> >>> I installed activestate perl, then mingw.  I compiled openssl, which
> >>> seemed to work just fine (no error messages) using the included
> >>> instructions for mingw.
> >>> Installed the Net::SSLeay package.  Move the script over, changed things
> >>> 
> >> 
> >> Crypt::SSLeay & Net::SSLeay are 2 different things.  With ActiveState perl,
> >> try to install Crypt::SSLeay for LWP::UserAgent support with the ppm
> >> installer at $PERL/bin/ppm.pl or some such, then:
> >> 
> >> ppm> install Crypt-SSLeay
> >> 
> >> If it installs a recent enough Crypt::SSLeay, you should be fine.
> >> If not you can ask activestate to compile the latest version for
> >> their ppm repository.
> >> 
> >> --Josh
> >> 
> > 
> > I made sure Crypt::SSLeay was installed.
> > ppm -query yields Crypt-SSLeay [0.17.1]
> > 
> > the script looks like this:
> > 
> > use LWP::UserAgent;
> > 
> > $ENV{HTTPS_VERSION} = '3';
> > $ENV{HTTPS_CERT_FILE} = 'd:\certs\mycert.pem';
> > $ENV{HTTPS_KEY_FILE}  = 'd:\certs\mykey.pem';
> > $ENV{HTTPS_CA_FILE}  = 'd:\certs\server.pem';
> > 
> > $ua = new LWP::UserAgent;
> > $httpreq = "https://server.com/reports/today.log";
> > $req = HTTP::Request('GET',"$httpreq");
> > $res = $ua->request($req);
> > if ($res->is_error()) {
> > print "Return code ", $res->code,"\n";
> > print "Message ", $res->message, "\n";
> > exit;
> > }
> > 
> > print "Content:\n", $res->content;
> > 
> > 
> > This yields:
> > 
> > Return code 500
> > Message read failed:
> > 
> > 
> > Note that this code works on a linux box, and the https string is valid if
> > entered in 
> > netscape on the NT box I am attempting to use.
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
> > 
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Crypt::SSLeay

2001-12-21 Thread timotac


On 16 Dec 2001 at 2:43, Joshua Chamas wrote:

> timotac wrote:
> > 
> > I have a small perl script I wrote that retrieves files using
> > LWP::UserAgent to get files from a cert protected directory off o a web
> > server.  The script works fine on *nix boxes.  Now I have to get it to
> > work on an NT box, and I am new to perl on NT.
> > I installed activestate perl, then mingw.  I compiled openssl, which
> > seemed to work just fine (no error messages) using the included
> > instructions for mingw.
> > Installed the Net::SSLeay package.  Move the script over, changed things
> > 
> 
> Crypt::SSLeay & Net::SSLeay are 2 different things.  With ActiveState perl,
> try to install Crypt::SSLeay for LWP::UserAgent support with the ppm 
> installer at $PERL/bin/ppm.pl or some such, then:
> 
>   ppm> install Crypt-SSLeay
> 
> If it installs a recent enough Crypt::SSLeay, you should be fine.
> If not you can ask activestate to compile the latest version for
> their ppm repository.
> 
> --Josh
> 

I made sure Crypt::SSLeay was installed.  
ppm -query yields Crypt-SSLeay [0.17.1]

the script looks like this:

use LWP::UserAgent;

$ENV{HTTPS_VERSION} = '3';
$ENV{HTTPS_CERT_FILE} = 'd:\certs\mycert.pem'; 
$ENV{HTTPS_KEY_FILE}  = 'd:\certs\mykey.pem';
$ENV{HTTPS_CA_FILE}  = 'd:\certs\server.pem';

$ua = new LWP::UserAgent;
$httpreq = "https://server.com/reports/today.log";
$req = HTTP::Request('GET',"$httpreq");
$res = $ua->request($req);
if ($res->is_error()) {
print "Return code ", $res->code,"\n";
print "Message ", $res->message, "\n";
exit;
}

print "Content:\n", $res->content;


This yields:

Return code 500
Message read failed:


Note that this code works on a linux box, and the https string is valid if entered in 
netscape on the NT box I am attempting to use.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Crypt::SSLeay

2001-12-14 Thread timotac


I have a small perl script I wrote that retrieves files using
LWP::UserAgent to get files from a cert protected directory off o a web
server.  The script works fine on *nix boxes.  Now I have to get it to
work on an NT box, and I am new to perl on NT.
I installed activestate perl, then mingw.  I compiled openssl, which
seemed to work just fine (no error messages) using the included
instructions for mingw.
Installed the Net::SSLeay package.  Move the script over, changed things

to match the new environment.  The script is returning web error 500.  I

am thinking that it is not correctly passing the certs.  I tried to
compile Crypt::SSLeay myself, but I am getting make errors, so maybe I
will try nmake.  I did note that perl Makefile.PL does not find the
openssl libraries.  I also noted the the libraries for openssl are in
the out directory, and no include or inc32 directories exists.  Do I
need to create these and where should they be located?



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[Crypt::SSLeay] How to compile with aCC on hpux 11.0?

2001-11-30 Thread BRIX,THOMAS (HP-Germany,ex2)


Hi all,

is there a way to compile Crypt-SSLeay-0.35   
using a aCC  B3910B A.03.30
on hp-ux 11.0?

tia
Best regards
Thomas Brix
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Subject: [Crypt::SSLeay] compile problems on Solaris

2001-11-28 Thread Joshua Chamas


> Test::Harness qw(&runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t
> t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module 
>Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: relocation
> error: file blib/arch/auto/Crypt/SSLeay/SSLeay.so: symbol SSL_set_fd: referenced 
>symbol not found at
> /usr/local/lib/perl5/5.6.1/i86pc-solaris/DynaLoader.pm line 206.
>  at blib/lib/Crypt/SSLeay/CTX.pm line 2

Are your openssl libs in your LD_LIBRARY_PATH ?  This could cause
this error.  If this is your fix, please confirm, as I'll 
make this an FAQ for Solaris platforms.

--Josh


> Terence Pua wrote:
> 
> i have solaris 8 running on an x86 machine and perl 5.6.1.
> 
> i'm trying to install Crypt::SSLeay and i get the following problems...
> 
> tpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35> sudo perl Makefile.PL
> Password:
> Found OpenSSL (version OpenSSL 0.9.6) installed at /usr/local/ssl
> Which OpenSSL build path do you want to link against? [/usr/local/ssl]
> 
> 
> BUILD INFORMATION
> 
> 
> ssl dir:/usr/local/ssl
> libraries:  -lssl -lcrypto -lgcc -lRSAglue -lrsaref
> include dir:/usr/local/ssl/include
> ssl header: openssl/ssl.h
> ssl candidate:  /usr/local/ssl; /usr/local/ssl/include/openssl; OpenSSL 0.9.6
> 
> 
> 
> Note (probably harmless): No library found for -lRSAglue
> Note (probably harmless): No library found for -lrsaref
> Writing Makefile for Crypt::SSLeay
> tpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35> sudo make
> gcc -c -I/usr/local/ssl/include -fno-strict-aliasing -I/usr/local/include 
>-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O   -DVERSION=\"0.35\"
> -DXS_VERSION=\"0.35\" -fPIC -I/usr/local/lib/perl5/5.6.1/i86pc-solaris/CORE  SSLeay.c
> Running Mkbootstrap for Crypt::SSLeay ()
> chmod 644 SSLeay.bs
> rm -f blib/arch/auto/Crypt/SSLeay/SSLeay.so
> LD_RUN_PATH="/usr/local/ssl/lib:/usr/local/lib" gcc  -G -L/usr/local/lib SSLeay.o  
>-o blib/arch/auto/Crypt/SSLeay/SSLeay.so   -L/usr/local/ssl/lib
> -lssl -lcrypto -lgcc
> chmod 755 blib/arch/auto/Crypt/SSLeay/SSLeay.so
> cp SSLeay.bs blib/arch/auto/Crypt/SSLeay/SSLeay.bs
> chmod 644 blib/arch/auto/Crypt/SSLeay/SSLeay.bs
> Manifying blib/man3/Crypt::SSLeay.3
> tpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35> sudo make install
> Files found in blib/arch: installing files in blib/lib into architecture dependent 
>library tree
> Installing /usr/local/man/man3/Crypt::SSLeay.3
> Writing 
>/usr/local/lib/perl5/site_perl/5.6.1/i86pc-solaris/auto/Crypt/SSLeay/.packlist
> Appending installation info to /usr/local/lib/perl5/5.6.1/i86pc-solaris/perllocal.pod
> tpua@s6 ~torrance/.cpan/build/Crypt-SSLeay-0.35> sudo make test
> PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib 
>-I/usr/local/lib/perl5/5.6.1/i86pc-solaris -I/usr/local/lib/perl5/5.6.1 -e 'use
> Test::Harness qw(&runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t
> t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module 
>Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: relocation
> error: file blib/arch/auto/Crypt/SSLeay/SSLeay.so: symbol SSL_set_fd: referenced 
>symbol not found at
> /usr/local/lib/perl5/5.6.1/i86pc-solaris/DynaLoader.pm line 206.
>  at blib/lib/Crypt/SSLeay/CTX.pm line 2
> Compilation failed in require at blib/lib/Crypt/SSLeay/CTX.pm line 2.
> Compilation failed in require at blib/lib/Crypt/SSLeay/MainContext.pm line 8.
> Compilation failed in require at t/ssl_context.t line 3.
> BEGIN failed--compilation aborted at t/ssl_context.t line 3.
> t/ssl_context...dubious
> Test returned status 255 (wstat 65280, 0xff00)
> FAILED--1 test script could be run, alas--no output ever seen
> make: *** [test_dynamic] Error 2
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]