subject:"NET\:\:SSLeay"

error when trying to use Net::SSLeay perl module under IIS6

2008-04-13 Thread DAVID NEILL

This list was given as a place to ask general questions regarding the 
Net::SSLeay module for perl.  I'm having success using the module in a perl 
command-line script to perform an authenticated login to my mail server to send 
E-mail.  When I try to adapt the same code to work from a CGI script from an 
IIS6 server (2003 server), I get the error listed at the bottom of this message.

I've re-installed the Net:SSLeay module with the --force option to re-install 
the SSLeah.dll
(ppm install --force http://theoryx5.uwinnipeg.ca/ppms/Net-SSLeay.ppd) 
and confirmed and accepted the dll file install in D:\Perl\bin
How do I go about fixing this?  I've changed the permissions on all the files 
involved to give 
IUSR_computername (the account IIS runs under) full control over all the files, 
modules, directories, dlls involved.  I also added permissions for 'everyone' 
to the same
effect.  I am still getting the below error message.  Thanks for your time.


Can't load 'D:/Perl/site/lib/auto/Net/SSLeay/SSLeay.dll' for module 
Net::SSLeay: load_file:Access is denied at D:/Perl/lib/DynaLoader.pm line 230.
 at D:/Perl/site/lib/IO/Socket/SSL.pm line 18
Compilation failed in require at D:/Perl/site/lib/IO/Socket/SSL.pm line 18.
BEGIN failed--compilation aborted at D:/Perl/site/lib/IO/Socket/SSL.pm line 18.
Compilation failed in require at D:/Perl/site/lib/Net/SMTP/SSL.pm line 8.
BEGIN failed--compilation aborted at D:/Perl/site/lib/Net/SMTP/SSL.pm line 8.
Compilation failed in require at D:\Inetpub\wwwroot\upload\filechucker.pl line 
8467.
BEGIN failed--compilation aborted at D:\Inetpub\wwwroot\upload\filechucker.pl 
line 8467.

For help, please send mail to this site's webmaster, giving this error message 
and the time and date of the error.

Re: Net ssleay on Active Perl

2008-02-22 Thread Sisyphus

- Original Message - 
From: "Norm Bumbieris" <[EMAIL PROTECTED]>

To: 
Sent: Saturday, February 23, 2008 4:42 PM
Subject: Net ssleay on Active Perl

Dear Users

I am presently trying to insert Net ssleay V1.32 into Active Perl V5.8.0
build 805 for Windows XP SP2. I downloaded the relevant zip file, however,
I
am having real problems getting it to compile and install. It appears that
there is somewhere out there a module for Active Perls PPM however I have
been unable to find a repository with it and a location if known would be
greatly appreciated.

I have already managed to successfully download and compile openssl
V0.9.8G.

You can get Net-SSLeay-1.32 from the uwinnipeg rep:
ppm install http://theoryx5.uwinnipeg.ca/ppms/Net-SSLeay.ppd

I'm not sure whether that will work with the openssl that you have compiled.
(During the 'ppm install' you'll be prompted to install a pre-built openssl,
which you might need to do if you want that ppm to work.)

I built Net-SSLeay against 0.9.8g a few days ago. To get it to build, I
discarded the Makefile.PL that shipped with the Net-SSLeay-1.32 source and
used this one instead:

use ExtUtils::MakeMaker;

WriteMakefile(
 PREREQ_PM => {
  'Sub::Uplevel' => '0',
  'Test::Exception' => '0',
  'Array::Compare' => '0',
  'Tree::DAG_Node' => '0',
  'Test::Warn' => '0',
  'MIME::Base64' =>0,
  },
 NAME => 'Net::SSLeay',
 INC => '-IC:/_32/msys/local/ssl/include',
 LIBS => 
['-LC:/_32/msys/local/ssl/lib -lssl -lcrypto -LC:/_32/msys/local/lib -lz'],

 VERSION_FROM => 'lib/Net/SSLeay.pm',
);

If you amend the INC setting to point to the location of your openssl 
includes, and amend the LIBS settings to reflect the name and location of 
the import/static libraries on your box, then it will probably work for you. 
I had actually built a static openssl lib using MinGW, but I think things 
will be (generically) the same with your perl and openssl.

You can ignore the -LC:/_32/msys/local/lib -lz' unless you built your 
openssl with zlib compression support. Even then, if you built a dynamic 
openssl (dll) you can probably still ignore it. (If you get linking errors 
relating to 'compress' and 'deflate' then you'll know you need to link to 
libz.lib.)

If you want to go that way (instead of the ppm route), but have trouble 
getting that Makefile.PL to work, feel free to get back to us.

Cheers,
Rob 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Net ssleay on Active Perl

2008-02-22 Thread Norm Bumbieris

 
 
Dear Users
 
I am presently trying to insert Net ssleay V1.32 into Active Perl V5.8.0
build 805 for Windows XP SP2. I downloaded the relevant zip file, however, I
am having real problems getting it to compile and install. It appears that
there is somewhere out there a module for Active Perls PPM however I have
been unable to find a repository with it and a location if known would be
greatly appreciated.
 
I have already managed to successfully download and compile openssl V0.9.8G.
 
 
Thanks
Norm Bumbieris

Net::SSLeay

2005-08-15 Thread Morris Hooten

I need to direct the perl module Net::SSLeay to
include OpenSSL headers from /opt/SUNWconn/crypto/include, such as with
the compiler flag: -I /opt/SUNWconn/crypto/include

It must also be directed to include references to the appropriate
libraries. The Sun cryptographic libraries must be included as well. The
following linker flags will accomplish this: -L/opt/SUNWconn/crypto/lib
-R/opt/SUNWconn/crypto/lib \ -lcrypto -lssl -lcryptography -lnvpair

How do I do this?

Thanks
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay 1.25 fails under mod_perl

2004-11-29 Thread David Oberlitner

Hi,
The following code:
use Net::SSLeay qw(post_https make_form);
my ($page, $response, %reply_headers) = post_https('ssl.aspidon.net', 
443, '/test.html', '', make_form(var1 => 'one', var2 => 'two' ));
print "response: $response\n";

Yields this error when executed in mod_perl 1.29:
response : HTTP/1.0 900 NET OR SSL ERROR
SSL_connect 8810: 1 - error:140D308A:SSL 
routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable

When executed from a shell on the same system it works.
I am hopeful that someone can give me a pointer as to what may cause the 
error in a mod_perl environment.

Thanks,
David
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net-SSLeay, post_https Too many arguments, and doc bug

2004-05-27 Thread Ron Pero

In using Net::SSLeay for the first time, I believe I have found a
documentation bug or two.

1.

My perl compiler complained about this:
use Net::SSLeay, qw(get_https post_https sslcat make_headers make_form);

I removed the comma and now it is fine:
use Net::SSLeay qw(get_https post_https sslcat make_headers make_form);

2.

More importantly, using the example code from the section, Using Client
Certificates, I get this apache error:
Too many arguments for Net::SSLeay::post_https at myscript.cgi line 446,
near "$path_to_key8)"
Execution of relay_response.cgi aborted due to compilation errors.
[Wed May 26 16:41:57 2004] [error] [client 11.111.111.111] Premature end of
script headers: myscript.cgi

I searched the email archive of this list, but a search for "Too many
arguments" gets reduced to just "arguments". And a search for "path_to_key8"
was useless.

This is the sample code:
($page, $response, %reply_headers)
 = post_https('www.bacus.pt', 443, '/foo.cgi',   # 3b
  make_headers('Authorization' =>
   'Basic ' .
MIME::Base64::encode("$user:$pass",'')),
  make_form(OK   => '1', name => 'Sampo'),
  $mime_type6, $path_to_crt7, $path_to_key8);

This is what mine looks like:
my $mime_type6 = 'text/xml';
my $path_to_crt7 = '/my/path/mycert.der';
my $path_to_key8 = '/my/path/mykey1024.pem';
use Net::SSLeay qw(post_https);
my ($page, $response, %reply_headers) = post_https('partners.somewhere.com',
443, '/s/MyXml?pid=12345&pacct=My_Acct', '', $xml_text, $mime_type6,
$path_to_crt7, $path_to_key8);

Documentation bug? Or something else?

Thank you,

Ron Pero

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

X.509 extensions with Net::SSleay

2004-03-04 Thread Manuel Gil Perez

Hello everyone,

I'm developing a Perl application and I need to work with X.509
certificates. For this, I need the Net:SSLeay module (Perl extension for
usign OpenSSL) but I have a two doubts:

  1) I have tried to look up documentation about this module but I haven't
found any specified doc (as OpenSSL documentation). Somebody know any URL??
  2) I need to get the extensions from one certificate. Is there any command
into this module??

Thanks and regards,

  Manuel Gil.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

using read function in Perl module Net::SSLeay

2004-01-22 Thread Anthony D . Minkoff

Newbie here, both to Perl and to SSL.

I have two questions regarding how to use Net::SSLeay::read.

- QUESTION #1 
-

My first question regards the usage of Net::SSLeay::get_error.

I see in the man pages for the C functions SSL_read() and 
SSL_get_error() that,
in order to determine the case of a failure of SSL_read(), you call
SSL_get_error().  The return value of SSL_read() is passed as a 
parameter to
SSL_get_error():

SSL* ssl; void* buf; int num; int ret; int err;
ret = SSL_read(ssl,buf,num);
if(ret<0) err = SSL_get_error(ssl,ret);
Net::SSLeay's wrapper of SSL_get_error() looks just like the C 
function.  Its
usage is:

    $err = Net::SSLeay::get_error($ssl,$ret);

However, Net::SSLeay's wrapper of the SSL_read() looks a little 
different from
the C function.  Its usage is:

    $got = Net::SSLeay::read($ssl);

If the read is successful, Net::SSLeay::read returns the data that is 
read; if
the connection has been closed, it returns the empty string; if an error
occurs, it returns undef.

So, if SSL_read() fails and returns a negative value, that value is not
returned by Net::SSLeay::read.  I need to pass this value as the second
parameter to Net::SSLeay::get_error, but I don't have it.  So how do I 
identify
the specific error that occured?

[Note: the thread's error queue doesn't seem to have anything.  In my 
code,
Net::SSLeay::ERR_peek_error returns 0 after Net::SSLeay::read returns 
undef.
However, in C code, I find that SSL_get_error() can identify the error 
although
ERR_peek_error returns 0.]

- QUESTION #2 
-

My second question regards how to determine when an SSL connection, 
based on a
non-blocking socket, is ready for reading.  I wrote the following code:

# $select_set is a select set for the socket underlying my SSL 
connection.
while (1) {
my $rset = $select_set;
select $rset,undef,undef,undef;
while (1) {
    my $got = Net::SSLeay::read($ssl);
if (!defined $got) {
last;
}
if ($got eq "") {
print "socket closed\n";
Net::SSLeay::free($ssl);
return;
}
print "Got this: [$got]\n";
}
}

This seems to work, but given my understanding of SSL, I suspect that 
there may
be a flaw here.  I understand that, because of renegotiation or 
whatever, it is
sometimes necessary for the SSL library to write to the socket in order 
to
complete a requested read operation.  So I suspect that my code is 
susceptible
to the following condition:

In a call to Net::SSLeay::read, a write is necessary.  However, the 
socket is
not immediately available for writing, and it is non-blocking, so
Net::SSLeay::read fails.  Execution returns to the select statement.  
The
select is waiting for the socket to be ready for reading, but whoever 
is on the
other end of the connection isn't sending any data because he's waiting 
for my
system to write whatever it was trying to write, so my process just 
sits there
in the select statement, waiting for the wrong thing, and waiting, and
waiting...

So, is it sometimes necessary to select for write-availability of the 
socket?
And under what condition is that?  I tried the following:

my $rset = $select_set;
my $wset = Net::SSLeay::want_write($ssl) ? $select_set : undef;
select $rset,$wset,undef,undef;
However, with this code, it gets into state in which want_write is 
consistently
returning true although the socket is available for writing, so select 
returns
immediately, and the process spins through this loop very rapidly, 
consuming
all available CPU cycles.

What am I supposed to do here?  Is the original version of the code 
actually
correct, and not susceptible to my imagined flaw?  If not, what is the
correction?  One possibility that has occurred to me is to pass a 
timeout to
select, so execution will return from select and call read 
periodically, "just
in case."  That strikes me as unaesthetic, but I guess it's a 
possibility, if
there isn't a more elegant "correct" solution.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay nonblocking sockets and timeouts

2003-11-18 Thread Stella Power

Hi,

I'm using the Net::SSLeay perl module to connect to a site over HTTPS and
which also implements certificates.  I was originally using 'post_https()'
and got that to work  - though I did have to fix it's prototype in SSLeay.pm.
However, as far as I can gather this doesn't use nonblocking sockets.  So
I've started writing it using the lower level API, and have tried to
implement nonblocking sockets.  However, I don't think I've done it
correctly.  If someone could glance over this code and let me know where I;ve
gone wrong, that would be most helpful.  Note the code below works fine
when I don't try to make the socket nonblocking, and it also contains a lot
more error checking than pasted here!

Thanks,
Stella


my $sin  = sockaddr_in($port, $dest_ip); 
my $proto = getprotobyname('tcp');
if (socket  (SSLCAT_S, &PF_INET, &SOCK_STREAM, $proto)) {
if (CORE::connect (SSLCAT_S, $sin)) {
my $old_out = select (SSLCAT_S); $| = 1; select ($old_out);
$flags = fcntl(SSLCAT_S, F_GETFL, 0);
fcntl(SSLCAT_S, F_SETFL, $flags | O_NONBLOCK);
$got = 1;
    }
 } else {
close SSLCAT_S;
    return undef;
 }

Net::SSLeay::load_error_strings();
Net::SSLeay::SSLeay_add_ssl_algorithms();
Net::SSLeay::randomize();

my $ctx = Net::SSLeay::CTX_new();
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
Net::SSLeay::set_cert_and_key($ctx, $self->{_cert}, $self->{_key});
my $ssl = Net::SSLeay::new($ctx);
Net::SSLeay::set_fd($ssl, fileno(SSLCAT_S));

$got = Net::SSLeay::connect($ssl);
my $server_cert = Net::SSLeay::get_peer_certificate($ssl);
my($written, $errs) = Net::SSLeay::ssl_write_all($ssl, $request);
($got, $errs) = Net::SSLeay::ssl_read_all($ssl);

Net::SSLeay::X509_free($server_cert) if defined $server_cert;
Net::SSLeay::free($ssl);
Net::SSLeay::CTX_free($ctx);
close SSLCAT_S;



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: client certificates and Net::SSLeay

2003-11-12 Thread Stella Power

ok never mind, got it working.  My server certificate had expired.

Thanks for all your help.
Stella

On Wed, Nov 12, 2003 at 01:23:15PM +, Stella Power wrote:
> ok I think I figured out one problem - the client side was using a cert
> signed with a password protected key, which my script was unable to deal
> with.  Having fixed that, I am now getting error 
> 
> 140890B2 : SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 
> on the server side.
> 
> and error:
> 14094418 : SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> on the client side.
> 
> Looking at the Net::SSLeay module, it seems to fail on the
> 'get_peer_certificate' line.  I'm presuming that it has a list of known CA's
> somewhere, and hence there must be some way of adding another CA to it.  Does
> anyone know if there is a function to do this? is it
> Net::SSLeay::CTX_set_client_CA_list() by any chance?  I can't seem to find
> any examples for this, could someone point me in the right direction?
> 
> thanks Lutz for letting me know about the 'openssl errstr' command by the
> way, it's quite useful!
> 
> Thanks,
> Stella
> 
> 
> On Wed, Nov 12, 2003 at 12:51:58PM +0100, Lutz Jaenicke wrote:
> > On Wed, Nov 12, 2003 at 10:53:58AM +, Stella Power wrote:
> > > I was wondering if anyone on this list could help me.  I'm trying to use the
> > > post_https() function in Net::SSLeay to post to a website that needs a valid
> > > client certificate.
> > ...
> > > However, the server fails to validate my cert.  I'm not sure if it is the
> > > module or my actual cert which is wrong.
> >  
> > > I then used the path to newcert.pem for $cert_path above, and the path to
> > > newreq.pem as the $key_path above (post_https() line).
> > > 
> > > I get the following errors in /var/log/httpd/error_log
> > > mod_ssl: SSL handshake failed (server renegade.dev.ie.alphyra.com:443, client
> > > 192.168.1.146) (OpenSSL library error follows)
> > > [error] OpenSSL: error:140890C7:lib(20):func(137):reason(199)
> > 
> > [EMAIL PROTECTED]:~/cc/openssl-0.9.7-stable/ssl$ openssl errstr 140890C7
> > error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a 
> > certificate
> > 
> > Your client does not send a certificate, even though requested.
> > So the problem is on the client side.
> > 
> > Best regards,
> > Lutz
> > -- 
> > Lutz Jaenicke [EMAIL PROTECTED]
> > http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> > BTU Cottbus, Allgemeine Elektrotechnik
> > Universitaetsplatz 3-4, D-03044 Cottbus
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: client certificates and Net::SSLeay

2003-11-12 Thread Stella Power

ok I think I figured out one problem - the client side was using a cert
signed with a password protected key, which my script was unable to deal
with.  Having fixed that, I am now getting error 

140890B2 : SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 
on the server side.

and error:
14094418 : SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
on the client side.

Looking at the Net::SSLeay module, it seems to fail on the
'get_peer_certificate' line.  I'm presuming that it has a list of known CA's
somewhere, and hence there must be some way of adding another CA to it.  Does
anyone know if there is a function to do this? is it
Net::SSLeay::CTX_set_client_CA_list() by any chance?  I can't seem to find
any examples for this, could someone point me in the right direction?

thanks Lutz for letting me know about the 'openssl errstr' command by the
way, it's quite useful!

Thanks,
Stella

On Wed, Nov 12, 2003 at 12:51:58PM +0100, Lutz Jaenicke wrote:
> On Wed, Nov 12, 2003 at 10:53:58AM +, Stella Power wrote:
> > I was wondering if anyone on this list could help me.  I'm trying to use the
> > post_https() function in Net::SSLeay to post to a website that needs a valid
> > client certificate.
> ...
> > However, the server fails to validate my cert.  I'm not sure if it is the
> > module or my actual cert which is wrong.
>  
> > I then used the path to newcert.pem for $cert_path above, and the path to
> > newreq.pem as the $key_path above (post_https() line).
> > 
> > I get the following errors in /var/log/httpd/error_log
> > mod_ssl: SSL handshake failed (server renegade.dev.ie.alphyra.com:443, client
> > 192.168.1.146) (OpenSSL library error follows)
> > [error] OpenSSL: error:140890C7:lib(20):func(137):reason(199)
> 
> [EMAIL PROTECTED]:~/cc/openssl-0.9.7-stable/ssl$ openssl errstr 140890C7
> error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a 
> certificate
> 
> Your client does not send a certificate, even though requested.
> So the problem is on the client side.
> 
> Best regards,
>   Lutz
> -- 
> Lutz Jaenicke [EMAIL PROTECTED]
> http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> BTU Cottbus, Allgemeine Elektrotechnik
> Universitaetsplatz 3-4, D-03044 Cottbus
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

NET::SSLeay : Client cert Authenticated at URL level

2002-12-17 Thread Tim Reast

Hi,
I am trying to 'GET' and 'POST' to a secure server requiring a
client-side certificate from Perl which authenticates my certificate at the
URL level (i.e. https://www.abc.com/atdb). My attempts using 'do_https' have
failed miserably because I think 'do_https' is attempting to authenticate at
the site level (www.abc.com) where my certificate is not valid.

  Does anyone have any pointers or code examples of how I use NET::SSLeay to
connect to a server that authenticates at the URL level?

  I am using NET::SSLeay v1.21 and OpenSSL 0.9.6g

Thanks,
Tim Reast
[EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Compiling the perl module Net::SSLeay with perl 5.8 with ithreads.

2002-10-19 Thread alan.mannering




Hi Folks,
 
Using Perl5.8 with ithreads, the perl module 
Net::SSLeay does not compile/make with 
some/most/all versions of openssl up to and 
including 0.9.6g ( also 0.9.6h ).
 
( it works without the ithreads ).
 
You can successfully compile/make this module with 
Perl5.8 ithreads if you use 
 
OpenSSL 0.9.8-dev XX xxx ... its a dev version, available 
in the SNAPSHOT directory NOT the normal SOURCE download directory. 
 
Apparently,  Net::SSLeay also compiles/makes with   http://www.openssl.org/source/openssl-0.9.7-beta3.tar.gz 
 
which you can get from the source directory 
.(  I've not tried this one myself ).
 
With a huge amount of thanks to Ben.
 
Cheer all  
 
Simon Clewer

Re: NET::SSLeay

2002-08-17 Thread Lutz Jaenicke


On Fri, Aug 16, 2002 at 04:41:59PM -0400, Joel wrote:
> rpm -q openssl-devel
> openssl-devel-0.9.5a-2
...
> + /usr/bin/perl Makefile.PL /usr
> That's is newer than what this module was tested with (0.9.3a). You
> should
> consider checking if there is a newer release of this module
> available. Everything will probably work OK, though.
> + make OPTIMIZE=-O2 -m486 -fno-strength-reduce PREFIX=/usr
> In file included from /usr/include/openssl/pem.h:66,
>  from /usr/include/openssl/ssl.h:147,
>  from SSLeay.xs:55:
> /usr/include/openssl/evp.h:97: openssl/idea.h: No such file or directory

You seem to be using Redhat. Redhat's openssl-packages have some algorithms
removed for legal (patent) reasons.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

NET::SSLeay

2002-08-16 Thread Joel


I am having problems installing NET::SSLeay on my machine...here is all
the pertinant information.  If there is anything else that can help in
my fixing this problem let me know...Thanks

~joel

rpm -q openssl
openssl-0.9.5a-2

rpm -q openssl-devel
openssl-devel-0.9.5a-2

Redhat based on 6.2

uname -a
2.2.14-VA.2.1 #1 Mon Jul 31 21:58:22 PDT 2000 i686 unknown

rpm -ba /usr/src/redhat/SPECS/perl-Net_SSLeay.spec > error
+ umask 022
+ cd /usr/src/redhat/BUILD
+ rm -rf /var/tmp/perl-Net_SSLeay-1.05-5-root
+ cd /usr/src/redhat/BUILD
+ rm -rf Net_SSLeay-1.05
+ /usr/bin/bzip2 -dc /usr/src/redhat/SOURCES/Net_SSLeay-1.05.tar.bz2
+ tar -xf -
+ STATUS=0
+ [ 0 -ne 0 ]
+ cd Net_SSLeay-1.05
++ /usr/bin/id -u
+ [ 0 = 0 ]
+ /bin/chown -Rhf root .
++ /usr/bin/id -u
+ [ 0 = 0 ]
+ /bin/chgrp -Rhf root .
+ /bin/chmod -Rf a+rX,g-w,o-w .
+ exit 0
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd Net_SSLeay-1.05
+ rm -rf /var/tmp/perl-Net_SSLeay-1.05-5-root
+ /usr/bin/perl Makefile.PL /usr
That's is newer than what this module was tested with (0.9.3a). You
should
consider checking if there is a newer release of this module
available. Everything will probably work OK, though.
+ make OPTIMIZE=-O2 -m486 -fno-strength-reduce PREFIX=/usr
In file included from /usr/include/openssl/pem.h:66,
 from /usr/include/openssl/ssl.h:147,
 from SSLeay.xs:55:
/usr/include/openssl/evp.h:97: openssl/idea.h: No such file or directory

make: *** [SSLeay.o] Error 1
Bad exit status from /var/tmp/rpm-tmp.17811 (%build)


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay and Perl 5.8 .

2002-08-01 Thread Simon Clewer ( superquote.com )


Hi,

Has anybody got the perl module Net::SSLeay to compile for perl 5.8 with
ithreads ?

I get a parse error thus ..!!


sqhome1:/var/www/mq/ssl/Net_SSLeay.pm-1.18# make
cp ptrtstrun.pl blib/lib/Net/ptrtstrun.pl
cp SSLeay.pm blib/lib/Net/SSLeay.pm
AutoSplitting blib/lib/Net/SSLeay.pm (blib/lib/auto/Net/SSLeay)
blib/lib/Net/SSLeay.pm: some names are not unique when truncated to 8
characters:
 directory blib/lib/auto/Net/SSLeay:
  do_https3.al, do_https2.al, do_https4.al, do_https.al truncate to do_https
  get_https.al, get_https3.al, get_https4.al truncate to get_http
  head_https.al, head_https3.al, head_https4.al truncate to head_htt
  post_https.al, post_https3.al, post_https4.al truncate to post_htt
  put_https.al, put_https3.al, put_https4.al truncate to put_http
  ssl_read_all.al, ssl_read_until.al, ssl_read_CRLF.al truncate to ssl_read
  ssl_write_all.al, ssl_write_CRLF.al truncate to ssl_writ
make[1]: Entering directory
`/home/var/www/mq/ssl/Net_SSLeay.pm-1.18/Net-SSLeay-Handle-0.50'
cp Handle.pm ../blib/lib/Net/SSLeay/Handle.pm
make[1]: Leaving directory
`/home/var/www/mq/ssl/Net_SSLeay.pm-1.18/Net-SSLeay-Handle-0.50'
/home/var/www/mq/sqperl5.8/bin/perl
/var/www/mq/sqperl5.8/lib/5.8.0/ExtUtils/xsubpp  -typemap
/var/www/mq/sqperl5.8/lib/5.8.0/ExtUtils/typemap -typemap typemap  SSLeay.xs
> SSLeay.xsc && mv SSLeay.xsc SSLeay.c
cc -c  -I/usr/local/ssl/include -D_REENTRANT -D_GNU_SOURCE -fno-strict-alias
ing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O   -DV
ERSION=\"1.18\" -DXS_VERSION=\"1.18\" -fpic
"-I/var/www/mq/sqperl5.8/lib/5.8.0/i586-linux-thread-multi/CORE"   SSLeay.c
In file included from /usr/local/ssl/include/openssl/evp.h:89,
 from /usr/local/ssl/include/openssl/x509.h:67,
 from /usr/local/ssl/include/openssl/ssl.h:122,
 from SSLeay.xs:76:
/usr/local/ssl/include/openssl/des.h:193: parse error before `&'
make: *** [SSLeay.o] Error 1
sqhome1:/var/www/mq/ssl/Net_SSLeay.pm-1.18#

Any ideas ??

Cheers
Simon
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay .. https-proxy-sniff.pl .. How can I snoop an MSIE browser session.

2002-03-15 Thread POP account for superquote.co.uk


thanks, looks like it might help.

- Original Message -
From: GOLDING,CHARLTON (Non-HP-Corvallis,ex1) <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 15, 2002 12:45 AM
Subject: RE: Net::SSLeay .. https-proxy-sniff.pl .. How can I snoop an MSIE
browser session.


> WinPcap came in handy for me at one stage, you might find some tools here:
>
>
> http://security.oreilly.com/news/securingnt2_1200.html
>
>
> Chet
>
> -Original Message-
> From: Martin Witzel [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, March 13, 2002 2:59 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Net::SSLeay .. https-proxy-sniff.pl .. How can I snoop an
MSIE
> browser session.
>
>
> Check out ettercap ( ettercap.sourceforge.net  )
> No personal experience, though.
>
> Regards, Martin
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Net::SSLeay .. https-proxy-sniff.pl .. How can I snoop an MSIE browser session.

2002-03-14 Thread GOLDING,CHARLTON (Non-HP-Corvallis,ex1)


WinPcap came in handy for me at one stage, you might find some tools here:

 
http://security.oreilly.com/news/securingnt2_1200.html


Chet

-Original Message-
From: Martin Witzel [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, March 13, 2002 2:59 AM
To: [EMAIL PROTECTED]
Subject: Re: Net::SSLeay .. https-proxy-sniff.pl .. How can I snoop an MSIE
browser session.


Check out ettercap ( ettercap.sourceforge.net  )
No personal experience, though.

Regards, Martin

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay .. https-proxy-sniff.pl .. How can I snoop an MSIE browsersession.

2002-03-13 Thread Martin Witzel



Check out ettercap ( ettercap.sourceforge.net  )
No personal experience, though.

Regards, Martin

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay .. https-proxy-sniff.pl .. How can I snoop an MSIE browser session.

2002-03-13 Thread Sean O'Riordain

For all sniffing, I use ethereal (.com), free and very useful - recently 
helped me setup an ipsec connection - pointing out that the two ends 
were proposing different crypto sets.  While I haven't used it for 
debugging ssl, I'd be quite sure there is useful information to be gleaned.

Sean O'Riordain

POP account for superquote.co.uk wrote:
> Hi,
> 
> I'm using the most excellent https-proxy-sniff from the perl module
> Net::SSLeay.
> 
> It works fine to sniff a secure transaction from a linux client on the local
> host ( to a remote server ), but fails when I try to sniff a transaction
> from MSIE on a windows client on the local ( private ) network.
> 
> Anybody got any ideas ? Anybody succeeded at this before ?
> 
> Cheers
> Simon Clewer

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay .. https-proxy-sniff.pl .. How can I snoop an MSIE browser session.

2002-03-13 Thread POP account for superquote.co.uk


Hi,

I'm using the most excellent https-proxy-sniff from the perl module
Net::SSLeay.

It works fine to sniff a secure transaction from a linux client on the local
host ( to a remote server ), but fails when I try to sniff a transaction
from MSIE on a windows client on the local ( private ) network.

Anybody got any ideas ? Anybody succeeded at this before ?

Cheers
Simon Clewer
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: install Net::SSLeay cause problems with apache libssl.so

2002-02-10 Thread Brian Young


I am sorry.  I spoke too soon.  I have gotten ssl working again and you 
can ignore this post.

-Brian Young

On Monday, February 11, 2002, at 12:42  PM, Brian Young wrote:

> Hello,
>
> I recently installed the perl SSLeay module.  After I did this, the 
> mod_ssl apache module stopped working and my browser gives me the 
> following error:
>
> Unable to connect, SSL_connect() failed: [397:error:140770FC:SSL 
> routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:460: ]
>
> Until I installed SSLeay the apache config worked perfectly.  The 
> appache error log does not show any messages when a browser attempts to 
> access via SSL.  I am not 100% sure that the SSLeay install caused my 
> problems, but I have not found anything else could have interfered with 
> my installed system.
>
> Can anyone suggest what may have happened, or a good way to trouble 
> shoot this problem?
>
> Thank you
>
> -Brian Young
>
>
> Software versions:
>   Mac OS X 10.1.2
>   Apache/1.3.22 (Darwin)
>   mod_ssl/2.8.5
>   OpenSSL/0.9.5a.
>   NET::SSLeay v1.12
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

install Net::SSLeay cause problems with apache libssl.so

2002-02-10 Thread Brian Young


Hello,

I recently installed the perl SSLeay module.  After I did this, the 
mod_ssl apache module stopped working and my browser gives me the 
following error:

Unable to connect, SSL_connect() failed: [397:error:140770FC:SSL 
routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:460: ]

Until I installed SSLeay the apache config worked perfectly.  The 
appache error log does not show any messages when a browser attempts to 
access via SSL.  I am not 100% sure that the SSLeay install caused my 
problems, but I have not found anything else could have interfered with 
my installed system.

Can anyone suggest what may have happened, or a good way to trouble 
shoot this problem?

Thank you

-Brian Young


Software versions:
   Mac OS X 10.1.2
   Apache/1.3.22 (Darwin)
   mod_ssl/2.8.5
   OpenSSL/0.9.5a.
   NET::SSLeay v1.12

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

openssl and Net::SSLeay

2002-01-16 Thread John Lien



Hi.
I'm trying to get off the ground with two Perl modules that are new to me -
Net::SSLeay or Crypt::SSLeay.

My question really applies to either module since they need similar arguments. 
As an example my for question, this snippet is from the Net::SSLeay doc:

  ($page, $response, %reply_headers)
 = post_https('www.bacus.pt', 443, '/foo.cgi',   # 3b
  make_headers('Authorization' =>
   'Basic ' . MIME::Base64::encode("$user:$pass")),
  make_form(OK   => '1', name => 'Sampo'),
  $mime_type6, $path_to_crt7, $path_to_key8);

The 3 args $mime_type6, $path_to_crt7 and $path_to_key8 have me confused.

Question #1: I can export my certificate from IE or Netscape and get it in what
I think is a PKCS12 format.  I can then use this openssl command to get myself
a PEM file:

openssl pkcs12 -in my.pfx -out my.pem

But apparently I need two files $path_to_crt7 and $path_to_key8.  By their
names I can see they are some sort of certificate and key files.  Could I get a
little more info about what those two files are?  And does anyone know the
openssl command to generate them from a PKCS12 file?  Or do I need to run the
openssl command twice with two different output filenames?

Question #2: What should the value for mime_type6 be?

Thanks for your help,
John


=
John Lien
FriedWire Inc
Boulder, CO
303.447.0288 x28

__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

install of Net::SSLeay

2001-10-22 Thread Boex,Matthew W.



don't know if this is the right place for this question, sorry if it
isn't...

i am having problems installing Net::SSLeay on my machine.  I am going
through  a proxy server,  I didn't see anything in the Readme regarding
them.  Anyone install the module using a proxy server?

matt

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

perl -cw warning on Net::SSLeay::randomize

2001-05-02 Thread Xeno Campanoli


Not like this is a deadly sin, but it would be nice if the following bug
were fixed.  The "$rnsf" variable yields a warning from perl -w on the
following line, when a  blank
or false $rn_seed_file is passed:

unless ($rnsf || -r $Net::SSLeay::random_device || $seed || || -S
$egd_path) {


-- 
Email:  [EMAIL PROTECTED] (home home page: 
http://www.aa.net/~xeno)
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: non-blocking example for Net::SSLeay

2001-04-30 Thread Noel Burton-Krahn


Hi "M",

Here's a test program which negotiates an SSL connection and sends
data in a single process (no threads, all async IO).  

I've also included a patch for Net-SSLeay-1.06.  I had to add a few
macros to Net::SSLeay to support the async error returns.  I also
fixed the makefile to detect openssl.exe under Windows.

Hope it helps.

--Noel

> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: non-blocking example for Net::SSLeay
> Date: Sun, 29 Apr 2001 17:59:46 -0700 (PDT)
> 
> 
> I'm trying to write a tiny SSL webserver.  It would really
> help to have an example of how to set up and use non-blocking
> SSL calls with a select statement or similar.  The problem
> here is implementing CGI: the CGI script wants normal I/O
> through normal file descriptiors, and I see that it's my
> job to do SSL_read and copy the result into that file
> descriptor, and copy output from the CGI script into SSL_write.
> 
> I need to select() on the CGI processes output pipe, and the
> SSL input pipe, and service requests as they come in.
> 
> I'm writing this in perl, using Net::SSLeay.  I've patched
> the echo example code into my tiny webserver, so if I'm
> doing the SSL_reads and SSL_writes in the main process, it works,
> but of course, the cgi part fails miserably.
> 
> Does the underlying BIO interface mean if I do a fcntl
> O_NONBLOCK on the NS (network socket) that SSL will somehow
> figure that out?   I don't see a BIO_set sort of thing
> to set nonblocking behavior for the BIO or SSL.   The
> docs are a bit sparse, here.
> 
> Maybe a new call: SSL_select($ssl,$readfds,$writefds,$exceptfds,$timeout)
> what it might do internally is do a select on the ssl network
> socket read and the rest of the $readfs, but loop around and
> try again if the network socket read didn't complete a pending
> SSL_read?  Can  SSL writes not be similarly monitored,
> they can just be set as nonblocking?




#! /usr/bin/perl -w

use lib '../lib';
use Socket;
use QV::OS;
use Net::SSLeay qw(1.07 die_now die_if_ssl_error);
Net::SSLeay::load_error_strings();
Net::SSLeay::SSLeay_add_ssl_algorithms();
Net::SSLeay::randomize();

use strict;

sub ssl_ctx {
my($io) = @_;
my($ctx, $ssl);

$ctx = Net::SSLeay::CTX_new() or die_now("Failed to create SSL_CTX $!");
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)
and die_if_ssl_error("CTX_set_options");
$ssl = Net::SSLeay::new($ctx) or die_now("Failed to create SSL $!");
Net::SSLeay::set_fd($ssl, fileno($io))
and die_if_ssl_error("set_fd");
return $ssl;
}

sub ssl_err_select {
    my($ret, $ssl, $io, $sel_read, $sel_write) = @_;
    my($i);
my($fileno) = fileno($io);

vec($$sel_read, $fileno, 1) = 0;
vec($$sel_write, $fileno, 1) = 0;

if( $ret < 0 ) {
$i = Net::SSLeay::get_error($ssl, $ret);
if( $i == &Net::SSLeay::ERROR_WANT_READ ) {

# debug
print("ERROR_WANT_READ: fileno=" . fileno($io) . "\n");

vec($$sel_read, $fileno, 1) = 1;
$ret = undef;
}
elsif( $i == &Net::SSLeay::ERROR_WANT_WRITE ) {

# debug
print("ERROR_WANT_WRITE: fileno=" . fileno($io) . "\n");

vec($$sel_write, $fileno, 1) = 1;
$ret = undef;
}
}
return $ret;
}

#-
my($buf, $off);

$off = 0;
if( @ARGV || ! -t STDIN ) {
local($/) = undef;
$buf = <>;
}
else {
$buf = "Hello from Alice";
}


my($ssl_A, $connect_A, 
   $ssl_B, $accept_B,
   $rfds, $wfds, $sel_read, $sel_write,
   $s, $i, $x);

($a, $b) = QV::OS->socket_pair();
select($a); $|=1; 
select($b); $|=1; 
select(STDOUT);

QV::OS->io_nonblock($a, 1);
QV::OS->io_nonblock($b, 1);

# debug
print("fileno(A)=", fileno($a), "\n");
print("fileno(B)=", fileno($b), "\n");

$ssl_A = ssl_ctx($a);
#Net::SSLeay::set_connect_state($ssl_A);
Net::SSLeay::use_RSAPrivateKey_file($ssl_A, 'b-rsa.pem',
&Net::SSLeay::FILETYPE_PEM);
die_if_ssl_error("private key");
Net::SSLeay::use_certificate_file($ssl_A, 'b-cert.pem',
   &Net::SSLeay::FILETYPE_PEM);
die_if_ssl_error("certificate");


$ssl_B = ssl_ctx($b);
#Net::SSLeay::set_connect_state($ssl_B);
Net::SSLeay::use_RSAPrivateKey_file($ssl_B, 'b-rsa.pem',
&Net::SSLeay::FILETYPE_PEM);
die_if_ssl_error("private key");
Net::SSLeay::use_certificate_file($ssl_B, 'b-cert.pem',
   &Net::SSLeay::FILETYPE_PEM);
die_if_

Re: non-blocking example for Net::SSLeay

2001-04-30 Thread Eric Rescorla


[EMAIL PROTECTED] writes:
> I'm trying to write a tiny SSL webserver.  It would really
> help to have an example of how to set up and use non-blocking
> SSL calls with a select statement or similar.  The problem
> here is implementing CGI: the CGI script wants normal I/O
> through normal file descriptiors, and I see that it's my
> job to do SSL_read and copy the result into that file
> descriptor, and copy output from the CGI script into SSL_write.
> 
> I need to select() on the CGI processes output pipe, and the
> SSL input pipe, and service requests as they come in.
The sample code from my book on SSL includes a program that
uses select() on the terminal and on the SSL input pipe, which
is a pretty isomorphic problem. You can download it at:

http://www.rtfm.com/sslbook/examples/

> Does the underlying BIO interface mean if I do a fcntl
> O_NONBLOCK on the NS (network socket) that SSL will somehow
> figure that out? 
Yes. The errors bubble up the stack to the SSL library.

> Maybe a new call: SSL_select($ssl,$readfds,$writefds,$exceptfds,$timeout)
> what it might do internally is do a select on the ssl network
> socket read and the rest of the $readfs, but loop around and
> try again if the network socket read didn't complete a pending
> SSL_read? 
You could do this, but it would interfere with other pieces
of software that want to run the event loop (X programs, for
instance, often want to).

> Can  SSL writes not be similarly monitored,
> they can just be set as nonblocking?
The basic problem you're facing is that SSL reads and writes must
happen at record boundaries, so, for instance, just because there's
data on the pipe doesn't mean that an entire record is ready to read.
Your program really has to be prepared to handle the situation where
even though select() says things are ready, they're not.  There's
pretty extensive discussion of the details of using select() with
OpenSSL in Chapter 8 of my book, which also (of course) includes
extensive documentation of the aforementioned sample code.

-Ekr

[Eric Rescorla   [EMAIL PROTECTED]]
Author of "SSL and TLS: Designing and Building Secure Systems"
  http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSL and Net::SSLeay from Perl on Novell NetWare

2001-02-28 Thread John Townsend


Can anyone give me an idea what it would take to set up OpenSSL and the 
Net::SSLeay Perl module on a Novell NetWare server so that it can be used from a 
Perl script to retrieve a page by HTTPS?  Or does Novell have another way to do 
this with its API or something from a Perl script or C/C++ program?  Thanks!

--
John E. Townsend
Sr. Software Engineer  "Machines should work;
LEXIS-NEXIS people should think."
Dayton OH, USA-- IBM Pollyanna Principle
[EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay and certificate verification

2001-02-19 Thread Shaughnessy, Ian


Hi - 
I have been for some time trying to figure out how to do certificate
verification with the Net::SSLeay perl module.  Unfortunately there is no
documentation on this anywhere in the module, and the one sample program
which uses callbacks does not fail if it is an invalid cert.  Also
unfortunately, I can not find very much good documentation in general on how
to do this, so i apologize if I do not explain my problem very well.
Basically what I am trying to do is this:

 /usr/local/ssl/bin/openssl s_client -connect www.equifax.com:443  -verify
-1 -CApath .

With a thawte certificate and hashed symlink in the local directory, but in
a perl script.  The trick here is the -1 verification, I want this perl
script to fail unless it can have -1 verification (sorry if incorrect term).
Right now, the callback.pl script verifies at 1, so it will verify any site
you connect to provided only you have some (any) cert.  How do i get it to
only verify if it can trace the cert chain back up to, say thawte?  Here is
a copy of the verify function (and what sets it) also.


$ctx = Net::SSLeay::CTX_new() or die_now("Failed to create SSL_CTX $!");
Net::SSLeay::CTX_set_default_verify_paths($ctx);
Net::SSLeay::CTX_load_verify_locations($ctx, '', $cert_dir)
or die_now("CTX load verify loc=`$cert_dir' $!");
Net::SSLeay::CTX_set_verify($ctx, 0, \&verify);
die_if_ssl_error('callback: ctx set verify');

sub verify {
my ($ok, $x509_store_ctx) = @_;

    print " Verify called ($ok)\n";
my $x = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx);
if ($x) {
print "Certificate:\n";
print "  Subject Name: "
    . Net::SSLeay::X509_NAME_oneline(
Net::SSLeay::X509_get_subject_name($x))
        . "\n";
print "  Issuer Name:  "
. Net::SSLeay::X509_NAME_oneline(
Net::SSLeay::X509_get_issuer_name($x))
. "\n";
}
$callback_called++;
return $ok; #$ok; # 1=accept cert, 0=reject
}



When I run this without the thawte certificate, while connecting to
mycio.com (issued by equifax, issued by thawte), verify is called, and
returns:
 Verify called (0)
Certificate:
  Subject Name: /C=US/O=Equifax Secure Inc/CN=Equifax Secure E-Business CA-2
  Issuer Name:  /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Server
[EMAIL PROTECTED]
 Verify called (1)
Certificate:
  Subject Name: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Server
[EMAIL PROTECTED]
  Issuer Name:  /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Server
[EMAIL PROTECTED]
 Verify called (1)
Certificate:
  Subject Name: /C=US/O=Equifax Secure Inc/CN=Equifax Secure E-Business CA-2
  Issuer Name:  /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Server
[EMAIL PROTECTED]
 Verify called (1)
Certificate:
  Subject Name: /C=US/ST=California/L=Santa Clara/O=Network
Associates/OU=myCIO.com/CN=www.mycio.com
  Issuer Name:  /C=US/O=Equifax Secure Inc/CN=Equifax Secure E-Business CA-2


However, when I try to connect to a site using a snakeoil cert, it returns
 Verify called (0)
Certificate:
  Subject Name:
/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/C
[EMAIL PROTECTED]
  Issuer Name:
/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/C
[EMAIL PROTECTED]
 Verify called (1)
Certificate:
  Subject Name:
/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/C
[EMAIL PROTECTED]
  Issuer Name:
/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/C
[EMAIL PROTECTED]


And still verifies.  What do I need to do?  Once again, I apologize if this
sounds silly, but I can not find _any_ good documentation about this, and I
have never done any C openssl stuff.  Thanks.

 -Ian
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Installing Net::SSLeay on HP

2000-12-19 Thread Lutz Jaenicke

On Tue, Dec 19, 2000 at 02:37:08PM +0100, Hampus S?derstr?m wrote:
> I have a working SSL installation on a HP machine.
> 
> When I try to install the perl module Net::SSLeay i get the following error:
> 
> ld: (Warning) At least one PA 2.0 object file (SSLeay.o) was detected. The linked 
>output may not run on a PA 1.x system.

Ignore this warning. It says, that the software will only run on PA8000 or
later processors. You only need to care if you have older machines around
(roughly said <=1996) and you want to run the executable on these machines.

> ld: Invalid loader fixup in text space needed in output file for symbol "$005C0032" 
>in input file "/usr/local/ssl/lib/libssl.a(ssl_lib.o)"

I never touched Net::SSLeay, but I would guess that you are trying to
convert items from a static library -- that were not compiled with "+Z"
(would be -fPIC for gcc) and hence are not relocatable -- into a shared library.

That is not possible. In this case you must recompile the OpenSSL libraries
with the appropriate flag set.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Installing Net::SSLeay on HP

2000-12-19 Thread Hampus Söderström




I have a working SSL installation on a HP 
machine.
 
When I try to install the perl module Net::SSLeay i get the 
following error:
 
ld: (Warning) At least one PA 2.0 object file (SSLeay.o) was 
detected. The linked output may not run on a PA 1.x system.ld: Invalid 
loader fixup in text space needed in output file for symbol "$005C0032" in input 
file "/usr/local/ssl/lib/libssl.a(ssl_lib.o)"
 
Any HP gurus that know what that could be 
?

Re: Net::SSLeay - Openssl make test - 5 test failed

2000-12-04 Thread Jackie Chan


How do you know that your OPenSSL installation was succsesful?

-blue0ne
http://www.digitz.org



On Mon, 4 Dec 2000, Volker Duerr wrote:

> Hi everybody,
> I have got a problem with openssl and the Perl module Net:SSLeay. After
> installing openssl (installation seemed o.k), I tried to install
> Net:SSLeay, but the make test failed. I am runing a i686 linux,
> kernel-2.2.16, gcc 2.95.2, perl 5.005_03 and glibc-2.1. I tried a
> installation with Net::SSLeay 1.04 and 0.9.3a and 1.05 and 0.9.5a. Later
> I changed Net:SSLeay and openssl.
> 
> Make test generates always the following errors:
> Spawning a test server port 1212, pid=6478
> Your vendor hast not defined SSLeay macro sslcat at examples/sslcat.pl
> line 14
> ***not ok 3
> 
> Your vendor has not defined SSLeay macro randomize at
> examples/minicli.pl line 8
> ***not ok 4
> 
> connect: Connection refused (Verbindungsaufbau abgelehnt) at
> examples/callback line 28
> ***not ok 5
> 
> Sending 1 MB over localhost, may take a while (and some VM)
> connect: connection refused at example/bulk.pl line 18
> *** not ok 6
> 
> Sending 1 MB over pipes, may take a while
> Your vendor has not defined SSLeay macro set_server_and_key at
> examples/stdio_bulk.pl line 16
> **not ok 7
> 
> I don't know what I have to do to avoid these errors. I would appreciate
> any hint or information to solve this problems.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay EGD patch

2000-12-01 Thread Ed Kubaitis


Hello all,

Attached is a patch that adds OpenSSL RAND_egd support to
Net_SSLeay.pm-1.05.

With this patch, Net_SSLeay built with OpenSSL 0.9.6
passes 'make test' on a system without /dev/urandom:
SunOS 5.6 Generic_105181-06 sun4u sparc SUNW,Ultra-2.
(However, it hasn't been tested in production.)

It works with either of the entropy gathering daemons
recommended by the OpenSSL developers: Brian Warner's
egd-0.8 or Lutz Jaenicke's prngd-0.2.5.

The patch was also set to Net_SSLeay author Sampo Kellomaki.
 
--
Ed Kubaitis ([EMAIL PROTECTED])
CCSO - University of Illinois - Urbana-Champaign

*** ../Net_SSLeay.pm-1.05/SSLeay.pm Sat Jul 31 02:27:00 1999
--- ./SSLeay.pm Fri Dec  1 06:54:49 2000
***
*** 665,670 ****
--- 665,671 
  Net::SSLeay::RAND_cleanup();
  Net::SSLeay::RAND_load_file($file_name, $how_many_bytes);
  Net::SSLeay::RAND_write_file($file_name);
+ Net::SSLeay::RAND_egd($path);
  
  Actually you should consider using the following helper functions:
  
***
*** 1150,1165 
  ### Arrange some randomness for eay PRNG
  
  sub randomize {
! my ($rn_seed_file, $seed) = @_;
  
  RAND_seed(rand() + $$);  # Stir it with time and pid
  
! unless (-r $rn_seed_file || -r $Net::SSLeay::random_device || $seed) {
warn "Random number generator not seeded!!!\n" if $trace;
  }
  
  RAND_load_file($rn_seed_file, -s _) if -r $rn_seed_file;
  RAND_seed($seed) if $seed;
  RAND_load_file($Net::SSLeay::random_device, $Net::SSLeay::how_random/8)
if -r $Net::SSLeay::random_device;
  }
--- 1151,1171 
  ### Arrange some randomness for eay PRNG
  
  sub randomize {
! my ($rn_seed_file, $seed, $egd_path) = @_;
  
+ $egd_path = $ENV{'EGD_PATH'} if $ENV{'EGD_PATH'};
+ $egd_path = '/tmp/entropy'   unless $egd_path;
+ 
  RAND_seed(rand() + $$);  # Stir it with time and pid
  
! unless (-r $rn_seed_file || -r $Net::SSLeay::random_device || $seed
!   || -S $egd_path ) {
warn "Random number generator not seeded!!!\n" if $trace;
  }
  
  RAND_load_file($rn_seed_file, -s _) if -r $rn_seed_file;
  RAND_seed($seed) if $seed;
+ RAND_egd($egd_path) if -S $egd_path;
  RAND_load_file($Net::SSLeay::random_device, $Net::SSLeay::how_random/8)
if -r $Net::SSLeay::random_device;
  }
*** ../Net_SSLeay.pm-1.05/SSLeay.xs Sat Jul 31 02:46:27 1999
--- ./SSLeay.xs Thu Nov 30 08:39:44 2000
***
*** 2155,2160 
--- 2155,2164 
  RAND_write_file(file_name)
   char *  file_name
  
+ int
+ RAND_egd(path)
+  char *  path
+ 
  #define REM40 "Minimal X509 stuff..., this is a bit ugly and should be put in its 
own modules Net::SSLeay::X509.pm"
  
  X509_NAME*
*** ../Net_SSLeay.pm-1.05/examples/bulk.pl  Mon Jan  4 19:13:32 1999
--- ./examples/bulk.pl  Thu Nov 30 09:58:28 2000
*******
*** 8,13 
--- 8,14 ----
  Net::SSLeay::load_error_strings();
  Net::SSLeay::ERR_load_crypto_strings();
  Net::SSLeay::SSLeay_add_ssl_algorithms();
+ Net::SSLeay::randomize();
  
  ($dest_serv, $port, $how_much) = @ARGV;  # Read command line
  $port = getservbyname  ($port, 'tcp')   unless $port =~ /^\d+$/;
*** ../Net_SSLeay.pm-1.05/examples/callback.pl  Sat Jul 31 02:49:09 1999
--- ./examples/callback.pl  Thu Nov 30 09:55:16 2000
***
*** 12,17 
--- 12,18 ----
  Net::SSLeay::load_error_strings();
  Net::SSLeay::ERR_load_crypto_strings();
  Net::SSLeay::SSLeay_add_ssl_algorithms();
+ Net::SSLeay::randomize();
  
  ($dest_serv, $port, $cert_dir) = @ARGV;  # Read command line
  
*** ../Net_SSLeay.pm-1.05/examples/stdio_bulk.plMon Jan  4 19:13:33 1999
--- ./examples/stdio_bulk.plThu Nov 30 10:00:48 2000
*******
*** 8,13 
--- 8,14 ----
  use Net::SSLeay qw(die_now die_if_ssl_error);
  Net::SSLeay::load_error_strings();
  Net::SSLeay::SSLeay_add_ssl_algorithms();
+ Net::SSLeay::randomize();
  #$Net::SSLeay::trace = 2;
  
  ($cert_pem, $key_pem, $how_much) = @ARGV;  # Read command line

perl Net::SSLeay patch

2000-11-29 Thread Thomas Morin


Hello,

I already sent this to Sampo Kellomäki ([EMAIL PROTECTED]), the maintainer of
this module, but had no answer yet. Since the last release of this package
was more than one year ago, I'd like to know if anybody knows if the
development of this module is beeing continued or not. I'd also like to
know if their is a better place to post such a patch.

While using Net:SSLeay to give SSL ability to a perl program, I ran into
trouble due to  Net::SSLeay::ssl_read_until returning shorter strings than
expected. It seems to me that it is simply due to a wront test (testing 
"$got" instead of "defined $got") which make the function return when it
read a zero.

Here is the 2-line patch that corrects this behavior both for read_until
and read_all.

Regards,

-tom

--
== Thomas.Morin @webmotion.com 
== SysAdmin/R&D  www.webmotion.com 
== Phone   [613] 731 4046 +113
== Fax [613] 260 9545 
--



--- SSLeay.pm   Thu Nov 16 20:36:43 2000
+++ SSLeay.new.pm   Thu Nov 16 21:04:23 2000
@@ -1052,7 +1052,7 @@
. length($reply) . " bytes, VM=$vm)\n" if $trace>3;
$reply .= $got;
#$reply = $got;  # *** DEBUG
-} while ($got && $how_much > 0);
+} while (defined $got && $how_much > 0);
 return wantarray ? ($reply, $errs) : $reply;
 }
 
@@ -1107,7 +1107,7 @@
 warn "  got `$got' (" . length($got) . ':'
 . length($reply) . " bytes, VM=$vm)\n" if $trace>2;
 $reply .= $got;
-} while ($got &&
+} while (defined $got &&
   ( $length_delimit==0 || substr($reply, length($reply)-
 $length_delimit) ne $delimit
   ) &&

post_https in Net::SSLeay to passwd protected location

2000-10-26 Thread Paul


Hi I was wondering if anyone can give me hand with this, I feel like I have 
ran into a dead end. I am dedicated user of  Net::SSLeay module for perl. I 
was wondering if anyone would be able to lend me a hand with a problem that 
I have recently come to experience (perhaps due to my personal 
inexperience..).  What I am trying to do is to POST something
into a script that requires password authentication.  I have included below 
a sample of the code that I use to successfully authenticate myself, 
however, the form data is not being passed and the default script response 
is returned.  It seems it behaves in the same manner as if I would use 
get_https.  For my particular purpose, the script I am trying to submit the 
data to only accepts form data via POST method so I am restricted to using 
post_https.
Would you be able to help me out or explain what I am doing wrong.  I thank 
you in advance.

Paul.

---snip---
my $user="username";
my $pass="password";
#
use MIME::Base64;
use Net::SSLeay qw(get_https post_https sslcat make_headers make_form);
#
my $encodedstr=encode_base64("$user:$pass");
#
($page,$response,%reply_headers) = post_https (
'www.host.com',
443,
'script.cgi',
make_headers(
'Authorization' =>'Basic ' . $encodedstr
),
make_form(
'name1' => 'value1',
'name2' => 'value2,
)
);
---snip---

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay on NT4

2000-10-19 Thread co


Im going to install Net::SSLeay 1,03 on NT4.

I am trying to figure out which steps i should take when installing 1,03
on NT4...?
I think i have to alter the Makefile.pl script in some ways but im not
sure about
pathdirection to my ssleay.exe.

I would greatly appreciate any advices that anyone could give...

Thanks a million for that this forum is available.

Best Regards,
//Christian Otrel
[EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay install horks

2000-10-17 Thread R.Munden


This is what I'm getting from Net::SSLeay-1.05:

openssl-0.9.3a is installed
AIX 4.3 installed
RS/6000
Standard AIX C compiler
perl 5005_03 installed from IBM package (I didn't do it)


Any Ideas?


/tmp/Net_SSLeay.pm-1.05 ->make clean
rm -rf SSLeay.c ./blib Makefile.aperl
blib/arch/auto/Net/SSLeay/extralib
s.all perlmain.c mon.out core so_locations pm_to_blib *~ */*~ */*/*~ *.o *.a
per
l.exe SSLeay.bs SSLeay.bso SSLeay.def SSLeay.exp
mv Makefile Makefile.old > /dev/null 2>&1
/tmp/Net_SSLeay.pm-1.05 ->./Makefile.PL -t
Checking for OpenSSL-0.9.3a or newer...
I could not find your OpenSSL in `/usr/local/ssl'
Please provide OpenSSL-0.9.3a installation directory (get from
 http://www.openssl.org/ if you don't have it; please note that
 SSLeay is no longer supported, see README) (C-c to abort):
/u03/openssl
You have OpenSSL-0.9.3a installed in /u03/openssl
Checking if your kit is complete...
Looks good
Writing Makefile for Net::SSLeay
mkdir blib
mkdir blib/lib
mkdir blib/lib/Net
cp SSLeay.pm blib/lib/Net/SSLeay.pm
AutoSplitting blib/lib/Net/SSLeay.pm (blib/lib/auto/Net/SSLeay)
blib/lib/Net/SSLeay.pm: some names are not unique when truncated to 8
characters
:
 directory blib/lib/auto/Net/SSLeay:
  ssl_read_all.al, ssl_read_until.al, ssl_read_CRLF.al truncate to ssl_read
  ssl_write_all.al, ssl_write_CRLF.al truncate to ssl_writ
/usr/bin/perl "-I/usr/opt/perl5/lib/5.00503/aix"
"-I/usr/opt/perl5/lib/5
.00503" -e 'use ExtUtils::Mksymlists;  Mksymlists("NAME" => "Net::SSLeay",
"DL_F
UNCS" => {  }, "FUNCLIST" => [], "DL_VARS" => []);'




/usr/bin/perl -I/usr/opt/perl5/lib/5.00503/aix -I/usr/opt/perl5/lib/5.00
503 /usr/opt/perl5/lib/5.00503/ExtUtils/xsubpp  -typemap
/usr/opt/perl5/lib/5.00
503/ExtUtils/typemap -typemap typemap SSLeay.xs >xstmp.c && mv xstmp.c
SSLeay.c




cc -c -I/u03/openssl/include -D_ALL_SOURCE -D_ANSI_C_SOURCE -D_POSIX_SOU
RCE -qmaxmem=16384 -O -DVERSION=\"1.05\"  -DXS_VERSION=\"1.05\"  -I/usr/
opt/
perl5/lib/5.00503/aix/CORE  SSLeay.c
"SSLeay.c", line 2505.16: 1506-068 (W) Operation between types "unsigned
char*"
and "const unsigned char*" is not allowed.
"SSLeay.c", line 2538.16: 1506-068 (W) Operation between types "unsigned
char*"
and "const unsigned char*" is not allowed.
mkdir blib/arch
mkdir blib/arch/auto
mkdir blib/arch/auto/Net
mkdir blib/arch/auto/Net/SSLeay
Running Mkbootstrap for Net::SSLeay ()
chmod 644 SSLeay.bs
LD_RUN_PATH="/u03/openssl/lib" ld -o
blib/arch/auto/Net/SSLeay/SSLeay.so
  -bhalt:4 -bM:SRE -bI:/usr/opt/perl5/lib/5.00503/aix/CORE/perl.exp -bE:SSLe
ay.e
xp -b noentry -lc
SSLeay.o-L/u03/openssl -L/u03/openssl/lib -lssl -lcrypto
chmod 755 blib/arch/auto/Net/SSLeay/SSLeay.so
cp SSLeay.bs blib/arch/auto/Net/SSLeay/SSLeay.bs
chmod 644 blib/arch/auto/Net/SSLeay/SSLeay.bs
PERL_DL_NONLAZY=1
/usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/opt/perl5/
lib/5.00503/aix -I/usr/opt/perl5/lib/5.00503 test.pl
1..16
ok 1
ok 2
Spawning a test server on port 1212, pid=20632...
Your vendor has not defined SSLeay macro sslcat at examples/sslcat.pl line
14
*** not ok 3

Your vendor has not defined SSLeay macro randomize at examples/minicli.pl
line 8
*** not ok 4

connect: A remote host refused an attempted connect operation. at
examples/callb
ack.pl line 30.
*** not ok 5

Sending 1 MB over localhost, may take a while (and some VM)...
connect: A remote host refused an attempted connect operation. at
examples/bulk.
pl line 18.
...took 1 secs (1024 KB/s)
*** not ok 6

Sending 1 MB over pipes, may take a while (and some VM)...
Your vendor has not defined SSLeay macro set_server_cert_and_key at
examples/std
io_bulk.pl line 16
...took 1 secs (1024 KB/s)
*** not ok 7

Now about to contact external sites...
www.bacus.pt
www.openssl.org
www.apache-ssl.org
www.cdw.com
www.rsa.com
developer.netscape.com
banking.wellsfargo.com
secure.worldgaming.net
www.engelschall.com
You have 5 seconds of time to hit Ctrl-C if you do not like this.
*** 5 tests failed already.
Following tests _will_ fail if you do not have network
connectivity (or if the servers are down or have changed).
Your vendor has not defined SSLeay macro sslcat at test.pl line 123
make: 1254-004 The error code from the last command is 22.


Stop.
/tmp/Net_SSLeay.pm-1.05 ->

"... one of the main causes of the fall of the Roman Empire was that,
lacking zero, they had no way to indicate successful termination of their C
programs."


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay/Net::LDAPS problem

2000-10-11 Thread Richard Levitte - VMS Whacker


From: Edwin Chiu <[EMAIL PROTECTED]>

Edwin.Chiu> It's a common problem with SSLeay and OpenSSL, it assumes
Edwin.Chiu> a finite file. So just do this:
Edwin.Chiu> 
Edwin.Chiu> head -100 /dev/urandom > $HOME/.random

That's trusting there will be 100 \n's in a finite and relatively
short time, isn't it?  :-)

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay/Net::LDAPS problem

2000-10-11 Thread Edwin Chiu


It's a common problem with SSLeay and OpenSSL, it assumes a finite file. So
just do this:

head -100 /dev/urandom > $HOME/.random

And use that to seed the PRNG... or some systems have a
/var/run/random-seed, which only gets
updated at boot time and readable only by root

Edwin

Jie Gao wrote:

> Sorry I forgot to say this is on Sparc/Solaris 7.
>
> On Wed, 11 Oct 2000, Jie Gao wrote:
>
> > Date: Wed, 11 Oct 2000 15:10:58 +1100 (EST)
> > From: Jie Gao <[EMAIL PROTECTED]>
> > Reply-To: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
> > Subject: Net::SSLeay/Net::LDAPS problem
> >
> > Hi All,
> >
> > I have a test script using Net::LDAPS, but it never stops reading from
> > /dev/urandom. Here's some of the truss output:
> >
> > stat("/dev/urandom", 0x000C38CC)= 0
> > stat("/dev/urandom", 0x000C38CC)= 0
> > stat("/dev/urandom", 0xFFBEEF18)= 0
> > open("/dev/urandom", O_RDONLY)  = 5
> > fstat64(5, 0xFFBEED60)  = 0
> > ioctl(5, TCGETA, 0xFFBEECEC)Err#6 ENXIO
> > read(5, "E3 *AD10B8 j l = F *E3 *".., 8192) = 8192
> > read(5, " @ ` ~B7029EEA12DB I @ `".., 8192) = 8192
> > read(5, "EFA4D81BF0 : X L Z yEFA4".., 8192) = 8192
> > read(5, " mACBADA W18E9971D | mAC".., 8192) = 8192
> > read(5, "80E7A8 9 ` V " YAABB80E7".., 8192) = 8192
> > read(5, " E95 o 0 V vA6 f8A = H |".., 8192) = 8192
> > read(5, " jC78B A S82F7 6D4 T8A I".., 8192) = 8192
> > read(5, "89 *8FED J C7F1E9EC989 *".., 8192) = 8192
> > read(5, "18EE82F6 WA9C8DFE3E818EE".., 8192) = 8192
> > read(5, "87CD83 u19 2CF mE1BC87CD".., 8192) = 8192
> > read(5, "97 {ED911F f 61F u P97 {".., 8192) = 8192
> > read(5, "D80EFA02 C\rECC9ACF3D80E".., 8192) = 8192
> > read(5, "\0E805DA S8FF7D8 5DB\0E8".., 8192) = 8192
> > read(5, "15A2E48AB49A A JAE ^\0 g".., 8192) = 8192
> > read(5, "89809B o L ZAC rB2 mB7 U".., 8192) = 8192
> > read(5, " KB8 _CB Z f C8E8FB8 KB8".., 8192) = 8192
> > read(5, "\t8AA9DF o L80AC CDB\t8A".., 8192) = 8192
> > read(5, "9C pB7A8C78BD9DF87AB9C p".., 8192) = 8192
> > read(5, " <   vF8BA l } YD785 <  ".., 8192) = 8192
> > read(5, " FFB1CE2C6 j8AABC1 - FFB".., 8192) = 8192
> > read(5, "E0 K o VBE v lF3 t yE0 K".., 8192) = 8192
> > read(5, " >8FBB 7 ?F1F9D1D89501E8".., 8192) = 8192
> > read(5, "B0 5B7 MF5EC879E839C 6A5".., 8192) = 8192
> > read(5, " 2 k95 1E10E8E18F013 2 k".., 8192) = 8192
> > read(5, "F7 . Y U94\0 >F2EC #F7 .".., 8192) = 8192
> > read(5, "ABB5 *   G\nFB P83 gABB5".., 8192) = 8192
> > read(5, " a9205\bB2 O s jACD2 a92".., 8192) = 8192
> > read(5, "DA cEE83C81DF2 r ] "DA c".., 8192) = 8192
> > read(5, "BDA6F5 J q \ rB7 o lBDA6".., 8192) = 8192
> > read(5, "F0DE _84 19403AEB8E6 H88".., 8192) = 8192
> > read(5, "88 kC2FA g N92 QB589 ^D8".., 8192) = 8192
> > read(5, "A3AF T u # }9BB685B3A3AF".., 8192) = 8192
> > read(5, "03CDA6D3D0D2 CAC r v03CD".., 8192) = 8192
> > read(5, " e J0795 UFF n91D415 e J".., 8192) = 8192
> > read(5, "FB99A2 * a h O1C16 :FB99".., 8192) = 8192
> > read(5, "07D8 ND7 VAE @FBA3E207D8".., 8192) = 8192
> > read(5, "CA889F )A0FE86A3 \92CA88".., 8192) = 8192
> > read(5, "AB L PF7AC {9F g9F LC1DD".., 8192) = 8192
> >
> > This goes on and on and on
> >
> >
> > Jie
> >
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
> >
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Getting Net::SSLeay 1.05 Perl module interface to OpenSSL 0.9 .5a working

2000-09-27 Thread Jie Gao


Hi All,

I have actually a different problem with this setup:

'make test' always fails with the site "www.openssl.org".


Jie

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Getting Net::SSLeay 1.05 Perl module interface to OpenSSL 0.9.5a working

2000-09-26 Thread Dearnaley (EXT), Roger



> I've been trying to get version 1.05 of the Net::SSLeay Perl module
> interface to OpenSSL to build with version 0.9.5a of OpenSSL. 
> So far I've
> been hitting a lot of problems (I'm actually doing this under NT with
> ActiveState Perl 5.005_03, but most of the problems that I've 
> solved so far
> look like they would equally be problems under UNIX: e.g. 
> SSLeay.c includes
> some Perl header files which define "mod", "seed", and "list", which
> confuses various of the OpenSSL header files).
> 
> Is there anyone here who has managed to get this combination 
> to work (either
> on UNIX or on NT)? If so, how did you do it?
> 
> --Roger Dearnaley <[EMAIL PROTECTED]>

The next major problem I've run into is that all the C function definitions
in the SSLeay.xs file in Net::SSLeay (from which the SSLeay.c file is
automagically generated) are in old K&R form, which is not ANSI-compliant.
This would be OK but for the fact that Visual C++ is being called with the
-TP flag which tells it to go into C++ mode, including requiring
ANSI-compliant function definitions, and that replacing this with the -TC
flag to force it back into C mode causes a bunch of stuff in various
Perl-related header files that are being included to blow up. The obvious
solution is to edit the SSLeay.xs file by hand into ANSI-compliant form,
which I can do, but I really hate to have to list as part of an installation
procedure. The ideal solution would be for whoever is currently maintaining
Net::SSLeay to fix this and bring out a new version.

I've also tried linking against OpenSSL 0.9.6, and it didn't help.

--Roger Dearnaley <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Getting Net::SSLeay 1.05 Perl module interface to OpenSSL 0.9.5a working

2000-09-26 Thread Dearnaley (EXT), Roger


> I got it working (Net::SSLeay-1.05/openSSL-0.9.5a)with ease under
> perl5.005_03 on FreeBSD3.2.  Considering the problems I have had with
> crypto stuff, compiling it was great, even got it running on AIX 4.3.x
> but had to use openSSL-0.9.3a.

What problems, if any, did you have, and how did you solve them?

--Roger Dearnaley <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[Perl] Callback in Net::SSLeay?

2000-08-03 Thread em


Hi,

  I am writing a client which would do https upload to a secure 
server using Net::SSLeay. However, I am not sure how to make sure I 
have connected to the authentic server (not a trojan one in the 
middle). I have looked in the callback.pl in the example directory 
but I don't think it is doing the certificate verification there. So 
my question is, how to verify the authenticity of the connection? Any 
code snippets or pointers would be welcome. Thank you all in advance.

-- 
Ein Moke


--
Hong Kong Government Universal Free E-mail Accounts
from HKMAIL.NET -  http://www.hkmail.net/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

problem with perl module Net::SSLeay and client authenticated SSL3

2000-07-12 Thread laurenz_brein




I have a problem in the following situation:

I have OpenSSL 0.9.5a on AIX 4.3.3.
I use Perl 5.005_03 and the perl module Net::SSLeay 1.05, and after some
effort got the latter to run.

I write my problem here as I know no other forum for Net::SSLeay.

I want to open a client authenticated SSL v3 session to an IBM HTTP Server.

This works fine from Netscape, and I also succeed with 'openssl s_client'
with the following parameters:
  openssl s_client -connect $host:$port -CApath $capath -CAfile $cafile
  -cert $certfile -key $keyfile -ssl3 -ign_eof -quiet

Now I need to do the same thing from perl.

The relevant section of the perl script I use is:

# network connection has been opened sucessfully

$ctx = Net::SSLeay::CTX_new() or die_now("Failed to create SSL_CTX $!");
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL) and
die_if_ssl_error("F
ailed in CTX_set_options");
Net::SSLeay::CTX_load_verify_locations($ctx, $cafile, $cadir);
die_if_ssl_error("Failed in CTX_load_verify_locations");
Net::SSLeay::CTX_use_PrivateKey_file($ctx, $keyfile,
&Net::SSLeay::FILETYPE_PEM)
;
die_if_ssl_error("Failed in CTX_use_PrivateKey_file $!");
Net::SSLeay::CTX_use_certificate_file($ctx, $certfile,
&Net::SSLeay::FILETYPE_PE
M);
die_if_ssl_error("Failed in CTX_use_certificate_file");
$ssl = Net::SSLeay::new($ctx) or die_now("Failed to create SSL $!");
Net::SSLeay::set_fd($ssl, fileno(S));   # Must use fileno
die_if_ssl_error("Failed in set_fd");
print Net::SSLeay::dump_peer_certificate($ssl);
$res = Net::SSLeay::connect($ssl);
die_if_ssl_error("Failed in connect");
print "Cipher '" . Net::SSLeay::get_cipher($ssl) . "'\n";

Running this script fails at connect, the output is:

Subject Name: NO X509_NAME
Issuer  Name: NO X509_NAME
Failed in connect 14624: 1 - error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3
 alert handshake failure
14624: Failed in connect

In the HTTP server error log I get:

SSL handshake failed, invalid certificate.

But the client certificate file I supply is the same as for 'openssl
s_client'
where it works.

Thanks for any help,
Laurenz Brein

   Telephon: ++43-1-21145/3256e-mail: [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay gives error "handshake failure" for some sites...

2000-06-04 Thread Surat Bhati


I have installed follwong on Solaris

   openssl .9.3a c library
   Net::SSLeay 1.05 Perl module

At the time of make test of openssl .9.3a , it said sometjing like:

"
unable to load 'random state'
What this means is that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in.
"

I simply ignored it. Everything else was fine.

The test of Net::SSLeay given some message like:

Random number generator not seeded!!!
Now about to contact external sites...
.
ok 8 www.bacus.pt
ok 9 www.openssl.org (Apache/1.3.6 (Unix) mod_perl/1.20 mod_ssl/2.3.5 
OpenSSL/0.
9.3a DAV/0.9.8)
ok 10 www.apache-ssl.org (Apache/1.3.12 Ben-SSL/1.40 (Unix))
ok 11 www.cdw.com (Microsoft-IIS/5.0)
SSL_write 22078: 1 - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
failure
ok 12 www.rsa.com ()
ok 13 developer.netscape.com (Netscape-Enterprise/3.6)
ok 14 banking.wellsfargo.com (Netscape-Enterprise/3.6 SP2)
ok 15 secure.worldgaming.net (Stronghold/2.3 Apache/1.2.6 C2NetUS/2010)
ok 16 www.engelschall.com (Apache/1.3.6 (Unix) mod_perl/1.20 mod_ssl/2.3.5 
OpenS
SL/0.9.3a DAV/0.9.8)
All tests completed OK.

Please see the Error "SSL_write 22078: 1 - error:140790E5:SSL 
routines:SSL23_WRITE:ssl handshake failure" .

Now I installed it , sub https_post  work with some sites (say 
https://networksolutions.com) very well but for some https sites
(say https://nirula.com, https://www.sure-pay.com/xml) it gives the error 
like:

SSL_write 1122: 1 - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
failure

Please help me to rectify the problem.

TIA.

-Surat Singh Bhati






Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay for NT

2000-06-04 Thread Surat Bhati



I have installed the "OpenSSL 0.9.3a" on WinNT4 succesfully.
and want to install the Net::SSLeay 1.05

I am using the VC6++ , Net::SSLeay requires lot of changes in
the header files and .xs file.

I have done following changes:

1) The ssl\include\bn.h file contains a  bn_blinding_ststructure
 definition with a "mod" member.  Rename it to "modnum".
2) In the \usr\local\ssl\include\ssl.h file, a function declaration
used a argument
name of "list", which appears to be an MSVC reserved word, as this
generates acompiler error (under VC6 at least).  Rename the argument to
"listref".
3) ssleay.xs - Conversion errors with regards to the
SSL_CTX_set_verify function.
Attempting to convert a (SV *) to a (void *) - This is easy tofix:
SSL_CTX_set_verify(ctx,mode,(int(*)(void))&ssleay_ctx_verify_callback_glue);
4) got the  undefined error for RAND_seed(), RAND_xxx(), etc...:
   Add: #include  in ssleay.xs before "buffer.h"

5) changed the functions like

static int
not_here(s)
char *s;
{
..
..
}

To

static int
not_here(char *s)
{
..
..
}

in file SSLeay.xs

But now I run the nmake it gives the error:


cl.exe -c -Ic:/ssl/include -Od -MD -DNDEBUG -TP -GX -DWIN32 -D_CONSOLE 
-DNO_STRICT -DHAVE_DES_FCRYPT -DPERL_OBJECT -Od -MD -DNDEBUG -TP -GX 
-DVERSION=\"1.05\"  -DXS_VERSION=\"1.05\"  -ID:\Perl\lib\CORE  SSLeay.c
SSLeay.c
c:\ssl\inc32\openssl\rand.h(68) : error C2838: illegal qualified name in 
member declaration
SSLeay.xs(1627) : error C2664: 'SSL_CTX_set_verify' : cannot convert 
parameter 3 from 'int (__cdecl *)(void)' to 'int (__cdecl *)(int,struct 
x509_store_state_st *)'
This conversion requires a reinterpret_cast, a C-style cast or 
function-style cast
SSLeay.c(2508) : error C2440: '=' : cannot convert from 'const char *' to 
'char *'
Conversion loses qualifiers
SSLeay.c(2541) : error C2440: '=' : cannot convert from 'const char *' to 
'char *'
Conversion loses qualifiers

Please help me to install it.


-Surat Singh Bhati



Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Huge problems with Net::SSLeay

2000-04-13 Thread Alexander Darke


Ok, first of all

Linux server2.x.net 2.2.12-20 #1 Mon Sep 27 10:25:54 EDT 1999 i586 unknown

gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)


I'm currently running OpenSSL 0.9.4, with little problems. We went to 
install Net:SSLeay and have had nothing but problems. I've poured over 
websites, over mailing lists (including this one) and while I see many 
answers that look like pieces of the trail, it's just not fixing what's 
wrong. So, here's what happens, followed by what I've tried.

[root@server2 Net_SSLeay.pm-1.05]# make test
Writing "Makefile.aperl" for this perl
Checking for OpenSSL-0.9.3a or newer...
I could not find your OpenSSL in `DIR='
Please provide OpenSSL-0.9.3a installation directory (get from
  http://www.openssl.org/ if you don't have it; please note that
  SSLeay is no longer supported, see README) (C-c to abort):
/usr/local/ssl
You have OpenSSL-0.9.4 installed in /usr/local/ssl
That's is newer than what this module was tested with (0.9.3a). You should
consider checking if there is a newer release of this module
available. Everything will probably work OK, though.
Writing Makefile.aperl for Net::SSLeay
make -f Makefile.aperl perl
make[1]: Entering directory `/home/darke/Net_SSLeay.pm-1.05'
Writing perlmain.c
cd . && cc -c  -I/usr/lib/perl5/5.00503/i386-linux/CORE  -Dbool=char 
-DHAS_BOOL -I/usr/local/include -O2 \
-DVERSION=\"1.05\" \
-DXS_VERSION=\"1.05\" -I/usr/lib/perl5/5.00503/i386-linux/CORE perlmain.c
cat /usr/lib/perl5/5.00503/i386-linux/auto/DynaLoader/extralibs.ld >> 
blib/arch/auto/Net/SSLeay/extralibs.all
cat blib/arch/auto/Net/SSLeay/extralibs.ld >> 
blib/arch/auto/Net/SSLeay/extralibs.all
cc -L/usr/local/lib -rdynamic -o perl -O2 
./perlmain.o  blib/arch/auto/Net/SSLeay/SSLeay.a 
/usr/lib/perl5/5.00503/i386-linux/auto/DynaLoader/DynaLoader.a 
/usr/lib/perl5/5.00503/i386-linux/CORE/libperl.a `cat 
blib/arch/auto/Net/SSLeay/extralibs.all` -lnsl -ldl -lm -lc -lposix -lcrypt
blib/arch/auto/Net/SSLeay/SSLeay.a(SSLeay.o): In function 
`XS_Net__SSLeay_want':
SSLeay.o(.text+0x71dd): undefined reference to `SSL_want'
blib/arch/auto/Net/SSLeay/SSLeay.a(SSLeay.o): In function 
`XS_Net__SSLeay_SSLeay_add_ssl_algorithms':
SSLeay.o(.text+0x7961): undefined reference to `SSL_library_init'
collect2: ld returned 1 exit status
make[1]: *** [perl] Error 1
make[1]: Leaving directory `/home/darke/Net_SSLeay.pm-1.05'
make: *** [perl] Error 2

This is after multiple attempts to use CPAN, configure it from source, etc. 
I always got the SSL_library_init problem. Undefined symbol. I went through 
the readmes, tried a few things (like the files that are really in 
/usr/local/ssl/include/openssl, etc). No dice. I scanned this mailing list, 
and noticed that someone said that they had this same problem in BSD and 
that it had to do with cc and gcc not playing well together, so I went into 
the makefile manually and altered cc= to gcc and ld= to gcc and the 
LINKTYPE to static, after what I read here, and the above is the output 
after that attempt.

I ran an nm on /usr/local/ssl/include/libssl.a and SSL_library_init is 
indeed in there, but I must confess, I don't really understand that output. 
Nor what I am supposed to do to make sure that the linking is working 
properly.

The truly bizarre thing is that Net::SSLeay on another box of ours installs 
without a hitch with none of these problems on our other server with 
openssl-0.9.3a. And while I am about to go downgrade the box I am currently 
talking about to it to see if that fixes the problem, the main reason I am 
writing in is because according to what I've read, this SHOULD work on 
0.9.4, so I'm confused, I guess. Has anyone encountered this and the 
gcc/static solution didn't work for them? Did you find a solution?

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Huge problems with Net::SSLeay 2

2000-04-13 Thread Alexander Darke


I downgraded to OpenSSL 0.9.3a on this box and have the same problem

cpan> test Net::SSLeay
Running make for SAMPO/Net_SSLeay.pm-1.05.tar.gz
   Unwrapped into directory /root/.cpan/build/Net_SSLeay.pm-1.05
   Has already been processed within this session
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl -Iblib/arch -Iblib/lib 
-I/usr/lib/perl5/5.00503/i386-linux -I/usr/lib/perl5/5.00503 test.pl
1..16
Can't load 'blib/arch/auto/Net/SSLeay/SSLeay.so' for module Net::SSLeay: 
blib/arch/auto/Net/SSLeay/SSLeay.so: undefined symbol: SSL_library_init at 
/usr/lib/perl5/5.00503/i386-linux/DynaLoader.pm line 169.

  at test.pl line 17
BEGIN failed--compilation aborted at test.pl line 17.
not ok 1
make: *** [test_dynamic] Error 2
   /usr/bin/make test -- NOT OK


I am at a complete and utter loss. Any help is appreciated.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Net::SSLeay and RAND_seed bug? BUG FOUND!

2000-03-16 Thread marcel-za . bucher


Found the bug myself!
Change ST(1) in SSLeay.xs:2142 to ST(0), this is presumably the id of the 
$buffer parameter...

SSLeay.xs:2142:
-   char * buf = SvPV( ST(1), len);
+   char * buf = SvPV( ST(0), len);

> Hi all
> 
> I've run into a problem with Net::SSLeay::RAND_seed($buf).
> 
> I'm working on WinNT4 with Net::SSLeay 1.05 and OpenSSL 0.9.5.
> (I'll be posting instructions how to get those two to work 
> together on NT as soon as the Net::SSLeay homepage is up again)
> 
> Since OpenSSL 0.9.5 complains when the PRNG is not seeded I'm 
> using RAND_seed to provide some initial data. Because this 
> didn't seem to help while debugging my perl scripts I built 
> debug versions of Net::SSLeay and OpenSSL and tried to track it down. 
> 
> I found that /crypto/rand/rand_lib.c/RAND_seed(const 
> void *buf, int num) ALWAYS gets called with a buffer pointing 
> to the value "*Net::SSLeay::RAND_seed" and num = 23!!! 
> (Except when run in the ActiveState debugger; then the buffer 
> always points to "1" and num=5, which is definetely to 
> few bytes, so OpenSSL complains).
> 
> There seems to be a problem with the interface from 
> Net::SSLeay::RAND_seed() to OpenSSL:RAND_seed(). Does anybody 
> know how to fix this?
> 
> 
> Thanks Marcel
> 
> (PS: Sampo, is there any Net::SSLeay 1.0.6 in the queue?)
> 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay and RAND_seed bug?

2000-03-16 Thread marcel-za . bucher


Hi all

I've run into a problem with Net::SSLeay::RAND_seed($buf).

I'm working on WinNT4 with Net::SSLeay 1.05 and OpenSSL 0.9.5.
(I'll be posting instructions how to get those two to work together on NT as 
soon as the Net::SSLeay homepage is up again)

Since OpenSSL 0.9.5 complains when the PRNG is not seeded I'm using RAND_seed 
to provide some initial data. Because this didn't seem to help while debugging 
my perl scripts I built debug versions of Net::SSLeay and OpenSSL and tried to 
track it down. 

I found that /crypto/rand/rand_lib.c/RAND_seed(const void *buf, int 
num) ALWAYS gets called with a buffer pointing to the value 
"*Net::SSLeay::RAND_seed" and num = 23!!! (Except when run in the ActiveState 
debugger; then the buffer always points to "1" and num=5, which is 
definetely to few bytes, so OpenSSL complains).

There seems to be a problem with the interface from Net::SSLeay::RAND_seed() to 
OpenSSL:RAND_seed(). Does anybody know how to fix this?


Thanks Marcel

(PS: Sampo, is there any Net::SSLeay 1.0.6 in the queue?)

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay on Linux

1999-12-28 Thread Jason Terry


Try this to find Net::SSLeay

locate Net/SSLeay.pm


- Original Message - 
From: "Kevsurf" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 27, 1999 10:20 AM
Subject: Net::SSLeay on Linux


> Hello,
> 
> I have installed the RPM for Net::SSLeay, and need to
> know what to do next so that I know it is installed.
> 
> Also, how can I use the 'whereis' command to find
> Net::SSLeay?
> 
> I have tried 'whereis Net::SSLeay' and it doesn't
> work.
> 
> I'm running RedHat 6.0
> 
> Any help is appreciated.
> 
> Thanks,
> Kevin
> 
> _
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to get Net::SSLeay to work with client cert

1999-12-01 Thread Marko Asplund

On Tue, 30 Nov 1999, Reiner Buehl wrote:

> I'd like to post some stuff to a https server from a perl script
> using client cert secured SSL v3 connections. At the moment everything
> works with server cert SSL v2 but I have no idea how to switch to
> SSL v3.

you can specify the prefered protocol version with
$Net::SSLeay::ssl_version. see SSLeay.pm.

> How do I tell my script which cert file to use and which 
> password is needed to use it? Is this possible with perl and Net::SSLeay
> (or another perl module) and if so could somebody point me to some
> sample code for this particular case?

for RSA key exchange you could use
Net::SSLeay::CTX_use_RSAPrivateKey_file() and
Net::SSLeay::CTX_use_certificate_file()
routines for example.

also, if you're using Net::SSLeay for talking to a web server you might
want to check out libwww-perl.

best regards,
--
aspa

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

How to get Net::SSLeay to work with client cert

1999-11-30 Thread Reiner Buehl


Hi 

I'd like to post some stuff to a https server from a perl script
using client cert secured SSL v3 connections. At the moment everything
works with server cert SSL v2 but I have no idea how to switch to
SSL v3. How do I tell my script which cert file to use and which 
password is needed to use it? Is this possible with perl and Net::SSLeay
(or another perl module) and if so could somebody point me to some
sample code for this particular case?

Regards, Reiner.

--
Reiner Buehl Internet:
P.O. Box 100324  [EMAIL PROTECTED]
70747 Leinfelden-Echterdingen 
Germany
--

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: found a https server Net::SSLeay cant use..?

1999-10-20 Thread Sampo Kellomaki


[EMAIL PROTECTED] writes:

>  I can talk to sw40.pacbell.com via netscape and IE5 (https://sw40.pacbell.com/)
>  but not via LWP::request, nor, Net::SSLeay (probably for the same reason).
> 
>  Does this error indicate something is wrong on their server, or something
>  is wrong in Net::SSLeay?
>  please help! I cant find any way round this..
> 
>  SSL_connect 30470: 1 - error:1408D06E:SSL routines:SSL3_GET_KEY_EXCHANGE:bad dh p 
>length
>  ok 9 sw40.pacbell.com ()

>From error message I'd judge that its trying to use Diffie Hellman based
authentication instead of RSA. That would be pretty exotic in deed and
although this in theory should work with OpenSSL, I wouldn't be
surprised if it does not work in real life. If they really are using
DH, you should inform OpenSSL development team so they can test
interoperability against it.

At any rate I made following experiments

    perl -MNet::SSLeay -MData::Dumper -e '$Net::SSLeay::ssl_version=2; print 
Dumper Net::SSLeay::get_https("sw40.pacbell.com", 443, "/")'

This fails with ssl handshake failure error code.

perl -MNet::SSLeay -MData::Dumper -e '$Net::SSLeay::ssl_version=3; print 
Dumper Net::SSLeay::get_https("sw40.pacbell.com", 443, "/")'

This works to the extent that the server sends a forbidden response,
so perhaps its once again the OpenSSL SSL version detection heuristic
being incompatible with some servers (SilverStream Server/3.0 in this
case).

--Sampo

> 
>  thanks a lot!
>  -Justin
> 
> -- 
> Justin Beech, owner, http://www.dslreports.com, the best dsl directory!
> Ph: 1 212 706 9129 (ah), or 1 917 749 8968 (anytime). Email: [EMAIL PROTECTED]
> See http://www.dslreports.com/r3/dsl/contacts for more contact info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: HELP: the ssl3 switch for Net::SSLeay (perl)

1999-10-18 Thread Sampo Kellomaki


"Gregory Luneau" <[EMAIL PROTECTED]> writes:

> This is a multi-part message in MIME format.
> 
> --=_NextPart_000_0036_01BF1171.59F3F4C0
> Content-Type: text/plain;
>   charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> 
> It seems that the -ssl3 switch makes all the difference in the success to
> connecting to some servers.
> 
> ./openssl s_client -connect www.tsecuret.com:443
> CONNECTED(0004)
> write:errno=104
> 
> ./openssl s_client -ssl3 -connect www.tsecuret.com:443
> 
> 
> If so, anybody knows the switch to use in the perl module Net::SSLeay that
> uses OpenSSL that would it force it to use SSLv3?

use Net::SSLeay;
$Net::SSLeay::ssl_version = 3;

RTFM. Or look at the top of SSLeay.pm.

--Sampo
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Re: Net::SSLeay (1.05) and Windows NT

1999-09-24 Thread Doug E Courtney


Ed,
Is it possible for you to summarize the list of fixes that were need
to get Net::SSleay to compile and work on NT. Also are you using the
LWP perl library to to https POSTS

Thanks

Doug

-- 
Doug Courtney
[EMAIL PROTECTED]
(732)576-5572
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Re: Net::SSLeay (1.05) and Windows NT

1999-09-23 Thread Ed Eddington


I have successfully installed Net::SSLeay on the picky NT machine now. Here 
is the last fix I had to make to get it to compile (in addition to the 
others posted previously for NT).


nmake error:

SSLeay.c(2508) : error C2440: '=' : cannot convert from 'const char *' to
'char *'
 Conversion loses qualifiers
SSLeay.c(2541) : error C2440: '=' : cannot convert from 'const char *' to
'char *'
 Conversion loses qualifiers

The fix:  (Remove 'const' from variable declaration in SSL.h to match 
ssleay.xs)

SSL.h:

const char  * SSL_get_cipher_list(SSL *s,int n);
->
char  * SSL_get_cipher_list(SSL *s,int n);

const char *SSL_CIPHER_get_name(SSL_CIPHER *c);
->
char *  SSL_CIPHER_get_name(SSL_CIPHER *c);


Ed Eddington


--
From:   Ed Eddington[SMTP:[EMAIL PROTECTED]]
Sent:   Tuesday, September 21, 1999 11:09 AM
To: '[EMAIL PROTECTED]'
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject:Re: Net::SSLeay (1.05) and Windows NT

I am getting the problem below and was wondering if anyone has found a 
workaround for this on NT. I had to follow all of the other workarounds 
previously posted here (bn.h, ssl.h, rand.h, ssleay.xs...) and saw no fix 
for this one.

Compiling with "nmake -I" gets past this error, but then it never builds a 
"SSLeay.obj" and dies at link.

Using: NT4.0, VC++5.0, nmake version 1.62.7022
Perl 5.005_03 (ActiveState)
OpenSSL-0.9.4
Net::SSL-1.05

Any help would be appreciated.

Ed Eddington
[EMAIL PROTECTED]


> "Miguel Angel Fraga" <[EMAIL PROTECTED]> writes:
>> I got a lot of errors, so after some changes it looks better...
>> but i don't know how to resolve this error message (and i don't
>> know if it is the last one...):
>>
>>  Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 
80x86
>>  Copyright (C) Microsoft Corp 1984-1998. All rights reserved.
>>
>>  SSLeay.c
>>  SSLeay.c(2508) : error C2440: '=' : cannot convert from 'const char *' 
to
>> 'char *'
>> Conversion loses qualifiers
>>  SSLeay.c(2541) : error C2440: '=' : cannot convert from 'const char *' 
to
>> 'char *'
>> Conversion loses qualifiers
>>  NMAKE : fatal error U1077: 'cl.exe' : return code '0x2'
>>  Stop.
>
>This is the same place where gcc warns aboput losing const. The
>warning is not dangerous, I just need to figure out how to get XS
>compiler to pass const qualifier correctly.
>
>In short term, you should look in your compiler's documentation to find
>the flag that allows you to turn this error into just a warning and then
>ignore it. I'm sure there is such a flag in your compiler.
>
>Please let me know what the solution is.
>
>--Sampo

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [OpenSSL] Re: Net::SSLeay, mod_perl and mod_ssl

1999-09-23 Thread Sampo Kellomaki


=?UTF-8?B?UmnEjWFyZGFzIMSMZXBhcw==?= <[EMAIL PROTECTED]> writes:

> --ibTvN161/egqYuK8
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> 
> On Tue Sep 21 13:38:24 1999 +
>(Antradienis, 1999 m. rugs=C4=97jo 21 d. 15:38:24 CEST),
>   Sampo Kellomaki wrote:
> 
> > =3D?UTF-8?B?UmnEjWFyZGFzIMSMZXBhcw=3D=3D?=3D <[EMAIL PROTECTED]> writes:
> > > Is it possible to use these things together?
> > > Net::SSLeay works when I start Apache without mod_ssl. With
> > > mod_ssl Apache gives [notice] caught SIGTERM, shutting down
> > > just after startup.
> > > What I need is to retrieve a page from remote https host.
> > > I probably can play with ProxyPass, but maybe there is some more
> > > straight way?
> >=20
> > What you are trying to do is... have https server with a CGI running
> > under mod_perl registry and this CGI needs to use Net::SSLeay.pm?
> >=20
>   It's mod_perl handler, but that is not a problem - Net::SSLeay
> fails to load at all IMHO with mod_ssl.
> 
> > It ought to work, but I've never tested it. There is nothing in the
> > design that should prevent this. Basically Net::SSLeay is as innocent
> > module as can be, just some glue to a C library. That has been done in
> > many other modules and they are known to work well under mod_perl.
> >=20
> > Perhaps you should try first your program as pure CGI (i.e. not under
> > registry of mod_perl). If that works, then try using non i/o (socket)
> > related parts of Net::SSLeay (perhaps just calling some initialization
> > and set up functions).
> >=20
>   It works under mod_perl as well, just without mod_ssl.
> I guess there is some C libraries conflict (?), mod_ssl uses OpenSSL as wel=
> l.

True, both use dynamic linking to do their deed. From what I
understand, as long as they both were compiled against the same
version of a .so this should not be a problem. Never-the-less,
you could try statically linking one of the other.

I'm not exactly a guru with dynamic loading - Ralf, what do you think
about this?

--Sampo

> --=20
> 
>   Ri=C4=8Dardas =C4=8Cepas
> ~~
> ~
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay, mod_perl and mod_ssl

1999-09-17 Thread Ričardas Čepas



Hi,

Is it possible to use these things together?
Net::SSLeay works when I start Apache without mod_ssl. With
mod_ssl Apache gives [notice] caught SIGTERM, shutting down
just after startup.
What I need is to retrieve a page from remote https host.
I probably can play with ProxyPass, but maybe there is some more
straight way?

Thanks,
-- 

  Ričardas Čepas
~~
~
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Trouble installing Net::SSLeay

1999-09-09 Thread Rick Torzynski


I'm trying to install the Perl Net::SSLeay 1.05 module to use
encryption.  I successfully installed OpenSSl version 0.9.4, but when I
run Makefile.PL -t, I keep getting the same error.  I'm on a system with
Linux 2.0.38, gcc version 2.7.2.3.  I'd appreciate any help on this one.

Rick Torzynski

Here's the error I'm getting:

Makefile.PL -t
Checking for OpenSSL-0.9.3a or newer...
You have OpenSSL-0.9.3a installed in /usr/local/ssl
Checking if your kit is complete...
Looks good
Writing Makefile for Net::SSLeay
cp SSLeay.pm ./blib/lib/Net/SSLeay.pm
AutoSplitting Net::SSLeay (./blib/lib/auto/Net/SSLeay)
Net::SSLeay: some names are not unique when truncated to 8 characters:
 ssl_read_all, ssl_read_until, ssl_read_CRLF truncate to ssl_read
 ssl_write_all, ssl_write_CRLF truncate to ssl_writ
/usr/bin/perl -I/usr/lib/perl5/i586-linux/5.003 -I/usr/lib/perl5
/usr/lib/perl5/
ExtUtils/xsubpp  -typemap /usr/lib/perl5/ExtUtils/typemap -typemap
typemap SSLea
y.xs >SSLeay.tc && mv SSLeay.tc SSLeay.c
cc -c -I/usr/local/ssl/include -Dbool=char -DHAS_BOOL
-I/usr/local/include -O2
  -DVERSION=\"1.04\" -DXS_VERSION=\"1.04\" -fpic
-I/usr/lib/perl5/i586-linux/5.0
03/CORE  SSLeay.c
SSLeay.c: In function `XS_Net__SSLeay_SSL_get_cipher_list':
SSLeay.c:2478: warning: assignment discards `const' from pointer target
type
SSLeay.c: In function `XS_Net__SSLeay_SSL_get_cipher':
SSLeay.c:2511: warning: assignment discards `const' from pointer target
type
SSLeay.c: In function `XS_Net__SSLeay_SSL_set_verify':
SSLeay.c:2566: warning: passing arg 3 of `SSL_set_verify' from
incompatible poin
ter type
Running Mkbootstrap for Net::SSLeay ()
chmod 644 SSLeay.bs
LD_RUN_PATH="/usr/local/ssl/lib" cc -o
blib/arch/auto/Net/SSLeay/SSLeay.so -shar
ed -L/usr/local/lib SSLeay.o-L/usr/local/ssl -L/usr/local/ssl/lib
-lssl -lcr
ypto
chmod 755 blib/arch/auto/Net/SSLeay/SSLeay.so
cp SSLeay.bs ./blib/arch/auto/Net/SSLeay/SSLeay.bs
chmod 644 blib/arch/auto/Net/SSLeay/SSLeay.bs
PERL_DL_NONLAZY=1 /usr/bin/perl -I./blib/arch -I./blib/lib
-I/usr/lib/perl5/i586
-linux/5.003 -I/usr/lib/perl5 test.pl
1..15
/usr/bin/perl: can't resolve symbol 'RAND_seed'
/usr/bin/perl: can't resolve symbol 'ERR_clear_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'BUF_MEM_new'
/usr/bin/perl: can't resolve symbol 'BUF_MEM_grow'
/usr/bin/perl: can't resolve symbol 'BIO_ctrl'
/usr/bin/perl: can't resolve symbol 'BIO_ctrl'
/usr/bin/perl: can't resolve symbol 'BIO_pop'
/usr/bin/perl: can't resolve symbol 'BUF_MEM_free'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'RAND_bytes'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'i2d_X509'
/usr/bin/perl: can't resolve symbol 'i2d_X509'
/usr/bin/perl: can't resolve symbol 'RAND_bytes'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'RAND_bytes'
/usr/bin/perl: can't resolve symbol 'ERR_put_error'
/usr/bin/perl: can't resolve symbol 'd2i_X509'
/usr/bin/perl: can't resolve symbol 'sk_X509_new_null'
/usr/bin/perl: can't resolve symbol 'sk_X509_push'
/usr/bin/perl: can't resolve symbol 'EVP_DigestInit'
/usr/bin/perl: can't resolve symbol 'EVP_DigestUpdate'
/usr/bin/perl: can't resolve symbol 'EVP_DigestUpdate'
/usr/bin/perl: can't resolve symbol 'i2d_X509'
/usr/bin/perl: can't resolve symbol 'i2d_X509'
/usr/bin/perl: can't resolve symbol 'EVP_DigestUpdate'
/usr/bin/perl: can't resolve symbol 'X509_get_pubkey'
/usr/bin/perl: can't resolve symbol 'EVP_VerifyFinal'
/usr/bin/perl: can't resolve symbol 'EVP_PKEY_free'
/usr/bin/perl: can't reso

Re: https and POST functions using Net::SSLeay ???

1999-08-16 Thread Joshua Chamas

Luke Higgins wrote:
> 
> Hello all,
> 
> I just installed Net::SSLeay and OpenSSL-0.9.4 on my redhat 6.0 system and was
> looking for an example of using Net::SSLeay to perform a POST request on a
> https site that requires authentication.  The example in the Net::SSLeay
> distribution (examples/get_authenticated_page.pl) works fine to retrieve the
> page with the POST form - but I can't seem to figure out where to go now.
> 
> Also, what is the comparison with Net::SSLeay and Crypt-SSLeay? The readme for
> libwww says that Net::SSLeay is no longer supported and to use Crypt-SSLeay.  I
> would appreciate any explanation about the competing modules and their history?
> 

Crypt::SSLeay is a module that I just took over, and hadn't
been maintained for over a year by the original author, Gisle Aas.  
I am maintaining it so that LWP:: libraries can make https requests.  
If you want access to the OpenSSL API, use Net::SSLeay.  

What is particularly nice about Crypt::SSLeay is cross 
platform (+WinNT) and backwards compatible build support.  

Further I have added a feature that downgrades SSL connection 
attempts from SSL23 to SSL2 for old buggy servers, so that 
all SSL https servers that I have tested can be connected
to.  This is in my latest dev .11 version, which you can
email me for if interested.  v.10 is in CPAN.

About POST, hadn't tried it, but might just work with 
Crypt::SSLeay, not sure.

-- Joshua
__
Joshua Chamas  Chamas Enterprises Inc.
NODEWORKS - web link monitoringLong Beach, CA  USA  1-562-432-2469
http://www.nodeworks.com   http://www.chamas.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

https and POST functions using Net::SSLeay ???

1999-08-16 Thread Luke Higgins


Hello all,

I just installed Net::SSLeay and OpenSSL-0.9.4 on my redhat 6.0 system and was
looking for an example of using Net::SSLeay to perform a POST request on a
https site that requires authentication.  The example in the Net::SSLeay
distribution (examples/get_authenticated_page.pl) works fine to retrieve the
page with the POST form - but I can't seem to figure out where to go now.

Also, what is the comparison with Net::SSLeay and Crypt-SSLeay? The readme for
libwww says that Net::SSLeay is no longer supported and to use Crypt-SSLeay.  I
would appreciate any explanation about the competing modules and their history?


Thanks a lot,
Luke
 
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

FYI: Net::SSLeay-1.05 works with OpenSSL-0.9.4

1999-08-09 Thread Sampo Kellomaki


I tested Net::SSLeay-1.05 with OpenSSL-0.9.4. Works fine. You can
safely ignore the warning about too new OpenSSL

Test was performed on

Net::SSLeay-1.05
OpenSSL-0.9.4
perl5.005_02
i686
Linux-2.0.35
egcs-1.1.1 rel
glibc-2.0.6

--Sampo

== Net::SSLeay perl module at http://www.bacus.pt/Net_SSLeay/index.html ==
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay::sslcat()

1999-08-06 Thread Russ Taylor


Can anyone help a beginner *please*?

My ISP supplied me with the the following information;
platform   = OpenBSD/i386 2.5
perl   = 5.005_03
OpenSSL= 0.9.3a
C compiler = gcc 2.5
libc   = bsd

When I ran Sampo's examples/sslcat.pl script via telnet by typing "perl
sslcat.pl" at the command line as follows I get;

mimosa:examples {105} perl sslcat.pl
localhost 443 get


SSL_connect 19562: 1 - error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown proto
col
-1SSL_connect 19562: 1 - error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown pro
tocol

---

Is that what I should have gotten?

I'm wondering if this has anything to do with my script failing which worked
for a month and now now longer works even though AuthorizeNet and my ISP
both claim nothing on their servers has changed.

The following is a simplified but hopefully executable segment of my
complete script;

#!/usr/bin/perl

# Flush buffers.
  $| = 1;

# Set output type.
  print STDOUT "Content-type: text/html\n\n";

# Turn on verbose SSLeay debugging.
  $Net::SSLeay::trace = 3;

# Set SSL version.
$Net::SSLeay::ssl_version = 2;
# I've tried 1, 2 and 3.

$host = "www.authorize.net";
$port = "443";
$processing_script = "/scripts/authnet25/AuthRequest.asp";
$agent = "NAS/1.0";
$data = "LOGIN=testdrive&TYPE=NA&AMOUNT=49.95
 &NAME=John%20Doe&METHOD=VISA&CARDNUM=400700027
 &EXPDATE=09/99&ECHODATA=TRUE";

# Get the message length.
  $msgLength=length($data);

# This stuff is required by AuthorizeNet's server I'm told.
  $request  = "POST $processing_script HTTP/1.0\n";
  $request .= "Accept: www/source\n";
  $request .= "Accept: text/html\n";
  $request .= "Accept: text/plain\n";
  $request .= "User-Agent: $agentVersion\n";
  $request .= "Content-type: application/x-www-form-urlencoded\n";
# Add the message length.
  $request .= "Content-length: $msgLength\n\n";
# add the data.
  $request .= $data;

# Load the Net:SSLeay module.
use Net::SSLeay qw(sslcat);

# Send and receive data.
$reply = Net::SSLeay::sslcat($host, $port, $request);
# or die "Can't connect to $host\n";

# Print the reply in the format we received it.
print STDOUT "$reply\n\n";

exit;
# EOF

---

My script returns the following;

mimosa:cgi-bin {112} an-ssl.cgi
Content-type: text/html

Opening connection to www.authorize.net:443 (0)
Creating SSL 2 context...
Creating SSL connection (context was '910848')...
Setting fd (ctx 910848, con 911104)...
Entering SSL negotiation phase...
SSLeay connect returned 1
Cipher `EXP-RC2-CBC-MD5'
Subject Name: /C=US/ST=Utah/L=Provo/O=NETSolutions International
Inc/OU=Transaction Pro
cessing/CN=www.authorize.net
Issuer  Name: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
sslcat 5883: sending 321 bytes...
cat: /proc/5883/stat: No such file or directory
  write_all VM at entry=
cat: /proc/5883/stat: No such file or directory
  written so far 321:321 bytes (VM=)
waiting for reply...
cat: /proc/5883/stat: No such file or directory
  got 0:0 bytes (VM=).
Got 0 bytes.



When I run the Sampo's test.pl script he supplied it returns;

mimosa:cgi-bin {114} perl test.pl
1..16
ok 1
ok 2
Spawning a test server on port 1212, pid=17581...
ok 3
ok 4
Use of uninitialized value at examples/callback.pl line 47.
ok 5
Sending 1 MB over localhost, may take a while (and some VM)...
...took 3 secs (341 KB/s)
ok 6
Sending 1 MB over pipes, may take a while (and some VM)...
...took 4 secs (256 KB/s)
ok 7
Now about to contact external sites...
www.bacus.pt
www.openssl.org
www.apache-ssl.org
www.cdw.com
www.rsa.com
developer.netscape.com
banking.wellsfargo.com
secure.worldgaming.net
www.engelschall.com
You have 5 seconds of time to hit Ctrl-C if you do not like this.
So far there were no errors in tests.
Following tests _will_ fail if you do not have network
connectivity (or if the servers are down or have changed).
ok 8 www.bacus.pt
ok 9 www.openssl.org (Apache/1.3.6 (Unix) mod_perl/1.20 mod_ssl/2.3.5
OpenSSL/0.9.3a DA
V/0.9.8)
ok 10 www.apache-ssl.org (Apache/1.3.6 Ben-SSL/1.36 (Unix))
ok 11 www.cdw.com (Microsoft-IIS/4.0)
ok 12 www.rsa.com (Netscape-Enterprise/3.6)
ok 13 developer.netscape.com (Netscape-Enterprise/3.6)
ok 14 banking.wellsfargo.com (Netscape-Enterprise/3.6 SP2)
ok 15 secure.worldgaming.net (Stronghold/2.3 Apache/1.2.6 C2NetUS/2010)
ok 16 www.engelschall.com (Apache/1.3.6 (Unix) mod_perl/1.20 mod_ssl/2.3.5
OpenSSL/0.9.
3a DAV/0.9.8)
All tests completed OK.

--

When I replace www.bacus.pt through out Sampo's script with
www.authorize.net it now returns;

mimosa

Re: Problems with Net::SSLeay

1999-08-04 Thread Sampo Kellomaki


"Ferrari, Nelson" <[EMAIL PROTECTED]> writes:

> If I run:
> perl -MNet::SSLeay -I Library -e 'print
> Net::SSLeay::get_https("www.quickcommerce.net", 443,
> "/scripts/qc25/merchantlogin.asp")'
> 
> I get:
> 
> SSL_write 9396: 1 - error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl
> handshake failure
> HTTP/1.0 900 NET OR SSL ERROR
> 
> SSL_write 9396: 1 - error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl
> handshake failure
> 
> Any ideas? It is working for www.bacus.pt.

I think this has to do with SSL23 vs SSL3. Recently in a similar case
it was enough to add

$Net::SSLeay::ssl_version = 3;

just after `use Net::SSLeay;'

I believe this is general problem with OpenSSL. Has anyone tried this
with s_client? The problem never manifests if you force either SSL2 or
SSL3, but does happen with SSL23, so perhaps the version autodetection
is broken.

--Sampo

> Using Netscape 4.56, I can access this site
> (www.quickcommerce.net/scripts/qc25/merchantlogin.asp) without problems 100%
> of times.
> 
> I am also writing to them, since they say they support SSLeay (in
> http://www.ecx.com/qc/authrequest.htm).
> 
> Thanks for your help.
>  )\(elson
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: ANNOUNCE: Net::SSLeay perl module 1.05

1999-08-04 Thread Michael


> On 3 Aug 1999, Sampo Kellomaki wrote:
> 
> > ...
> > Now, could you provide me a snippet showing how I can discover in Perl
> > that I am running on Windows platform. That way Makefile.PL will be
> > able to automatically adapt.
> > ...
> 
> i've been told that the following does the job succesfully:
>  use English;
>  ...
>  if( $OSNAME eq 'MSWin32' ) { # aka $^O

I think it needs to read
   if( $OSNAME eq 'MSWin32' ) { 
  reboot!
 }

>  ...
> 
> --
>  aspa
> 
> 
> __ OpenSSL Project
> http://www.openssl.org User Support Mailing List   
> [EMAIL PROTECTED] Automated List Manager
>   [EMAIL PROTECTED]
> 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay 1.03 make_form behaviour

1999-08-03 Thread Sampo Kellomaki


Ed Eddington <[EMAIL PROTECTED]> writes:
> The problem I noticed was in the "make_form" logic. In creating the 
> key-value pairs for the request, this routine leaves a trailing '=' if the 
> last key has no value. MY code was leaving a trailing '=' already. Then 
> "make_form" added a second trailing '='.
> 
> So, if the string of key-value pairs you pass to "make_form" contains a 
> trailing '=', like this:
> 
> $cgi_string = 'this=that&now=then¬hing='
> 
> Then, "make_form" will leave another '=' at the end, effectively giving 
> you:
> 
> this = 'that'
> now = 'then'
> nothing = '='<- not what I wanted here!

Sorry, but I do not understand what you mean. make_form() never eats
input in format of your $cgi_string, albeit it attempts to produce
that. It eats "hash like" list of name value pairs. If the list has
odd number of elements then the last name is dealt with as having
empty value. Please provide a snippet demonstrating the problem.

> 
> I added the following workaround to my code to hack off any double trailing 
> '=' after doing "make_form"...
> (Perl code follows)
> 
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> sub do_https_post {
>   my $string = make_form ($cgi_string);#correct trailing '=' bug in 

You go wrong here. If you already have your CGI string formatted, you do
not need make_form(). make_form() is precisely used to format cgi strings,
like this:

$cgi_string = make_form('this'=>'that', 'now'=>'then', 'nothing'=>'');

You basically got the right idea on make_headers().
> 
>   ($page, $response, %reply_headers)
>= post_https($server, $port, $uri,
> make_headers(
> 'User-Agent' => $user_agent,
> 'Referer'=> $refer_url,
> 'Authorization' => $credentials,
> ),
> $string
>  );
> }

--Sampo
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay perl module 1.04 released, supports OpenSSL-0.9.3a FINALLY

1999-08-03 Thread Lars Eggert


-BEGIN PGP SIGNED MESSAGE-

  sampo> That symbol is supposed to come from libssl.a. Please check with
  sampo> nm. Then verify or experiment with compiler flags to see that it is
  sampo> indeed getting linked. Investigate if this has anything to do with
  sampo> OpenSSL library being dynamically loading.

The problems described in my previous post where due to OpenSSL config picking
gcc as a compiler, while the Net::SSLeay MakeMaker script picks cc/ld to build
things. They don't seem to interact well when building/using shared
libraries. Hand-editing the generated Net::SSLeay Makefile to explicitly use
gcc to build and link made it work on both FreeBSD-2.2.6 and Solaris.

Lars
__
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/~larse/   University of Southern California

-BEGIN PGP SIGNATURE-
Version: 2.6.2

iQCVAwUBN6dJoNZcnpRveo1xAQH9TgP5AZZrF7mZNfskH3/r+oaFLWGrrw3Z1JUZ
vAfY3qWi7zrWNEjOQi12FXpVyYgqp1GUMtAT9gfjqKvo1OjlZIEM3luPv99AKPMk
S76ZhxPCOIZ9SPcQhXN7W+5XytZELrxfzliwAOGw7/2zZYhOTlmSwVLUNqkmHfLC
Jxgd4se2jEg=
=y4tE
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: ANNOUNCE: Net::SSLeay perl module 1.05

1999-08-03 Thread Sampo Kellomaki


Tran Duc Trung <[EMAIL PROTECTED]> writes:

> Miguel Ángel Monjas Llorente <[EMAIL PROTECTED]> writes:
> > Any clue?
> 
> I had to modify Makefile.PL to be able to compile
> 
> 1) added .exe suffix to the test of executability of openssl
> 
> orig:
> until (-x "$openssl_path/bin/openssl") {
> mine:
> until (-x "$openssl_path/bin/openssl.exe") {

Makes sense.

> 
> 2) near the end of the file I ignored the comments regarding WIN32,
>commented out the LIBS lines and added this line
> 
> 'MYEXTLIB'=> "$openssl_path/lib/ssleay32.lib $openssl_path/lib/libeay32.lib",

Ok.

> After that it compiles. 'nmake test' also almost okay except the
> test which requires fork() and the 'Making self signed certificate
> just for these tests' section in test.pl, which has the line
> 
> system "examples/makecert.pl examples $ssleay_path $silent";
> 
> Win32 is not UNIX, hash bang does not work here. So I changed it to
> 
> system "perl examples/makecert.pl examples $ssleay_path $silent";
> 
> or probably even better is
> 
> system "$^X examples/makecert.pl examples $ssleay_path $silent";

True.

Now, could you provide me a snippet showing how I can discover in Perl
that I am running on Windows platform. That way Makefile.PL will be
able to automatically adapt.

Also, please let me know which Visual C++ (if any) you used. It seems
the strictness of error checking varies between versions.

Look forward to these fixes being integrated in 1.06.

--Sampo
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay perl module 1.04 released, supports OpenSSL-0.9.3a FINALLY

1999-08-03 Thread Sampo Kellomaki

Lars Eggert <[EMAIL PROTECTED]> writes:

> -BEGIN PGP SIGNED MESSAGE-
> 
>   sampo> I just wrapped a new release. This is quite rough and badly tested
>   sampo> release so if you are in production environment and happy with 1.03,
>   sampo> don't upgrade yet. If on the other hand you have been longing for
>   sampo> OpenSSL-0.9.3a compatibility (i.e. compatibility with latest mod_ssl
>   sampo> and Apache-1.3.6), you should check this release.
> 
> I grabbed Net::SSLeay 1.05 and OpenSSL-0.9.3a. OpenSSL compiled and went
> through the tests fine. Net::SSLeay also compiled fine, but I see the
> following errors during the test run; any ideas on how to fix these?
> 
> On FreeBSD 2.2.6:
> PERL_DL_NONLAZY=1 /usr/local/bin/perl5 -Iblib/arch -Iblib/lib 
>-I/usr/local/lib/perl5/5.00502/i386-freebsd -I/usr/local/lib/perl5/5.00502 test.pl
> 1..16
> Can't load 'blib/arch/auto/Net/SSLeay/SSLeay.so' for module Net::SSLeay: Undefined 
>symbol "_SSL_library_init" in perl5:blib/arch/auto/Net/SSLeay/SSLeay.so at 
>/usr/local/lib/perl5/5.00502/i386-freebsd/DynaLoader.pm line 168.

That symbol is supposed to come from libssl.a. Please check with
nm. Then verify or experiment with compiler flags to see that it is
indeed getting linked. Investigate if this has anything to do with
OpenSSL library being dynamically loading.

Regarding your platform, I'm a bit unfamiliar with linkin on *BSD
platforms. Can you explain why the symbol has an underscore in front
of it? On Linux it does not.

> On Solaris-5.1
> PERL_DL_NONLAZY=1 /local/bin/perl5 -I./blib/arch -I./blib/lib 
>-I/local/perl5.004_04/lib/sun4-solaris/5.00404 -I/local/perl5.004_04/lib test.pl
> 1..16
> Can't load './blib/arch/auto/Net/SSLeay/SSLeay.so' for module Net::SSLeay: ld.so.1: 
>/local/bin/perl5: fatal: relocation error: file 
>./blib/arch/auto/Net/SSLeay/SSLeay.so: symbol __umoddi3: referenced symbol not found 
>at /local/perl5.004_04/lib/sun4-solaris/5.00404/DynaLoader.pm line 166.

I believe this error has the same roots as the one on FreeBSD, its
just random hashing that link fails first with umoddi3. Wait a
second...  to me it seems that __umoddi3 is supposed to come from libc
(on Linux anyway, other candidate could be some compiler specific
runtime library).

--Sampo
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay (1.05) and Windows NT

1999-08-03 Thread Sampo Kellomaki

"Miguel Angel Fraga" <[EMAIL PROTECTED]> writes:
> I got a lot of errors, so after some changes it looks better...
> but i don't know how to resolve this error message (and i don't
> know if it is the last one...):
> 
>  Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 80x86
>  Copyright (C) Microsoft Corp 1984-1998. All rights reserved.
> 
>  SSLeay.c
>  SSLeay.c(2508) : error C2440: '=' : cannot convert from 'const char *' to
> 'char *'
> Conversion loses qualifiers
>  SSLeay.c(2541) : error C2440: '=' : cannot convert from 'const char *' to
> 'char *'
> Conversion loses qualifiers
>  NMAKE : fatal error U1077: 'cl.exe' : return code '0x2'
>  Stop.

This is the same place where gcc warns aboput losing const. The
warning is not dangerous, I just need to figure out how to get XS
compiler to pass const qualifier correctly.

In short term, you should look in your compiler's documentation to find
the flag that allows you to turn this error into just a warning and then
ignore it. I'm sure there is such a flag in your compiler.

Please let me know what the solution is. 

--Sampo
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay 1.03

1999-08-03 Thread Ed Eddington


I noticed a "slight" bug in the previous version Net::SSleay-0.9.1c 
generating the HTTPS POST request (post_https). It may be present in the 
new release, I don't know.

The problem I noticed was in the "make_form" logic. In creating the 
key-value pairs for the request, this routine leaves a trailing '=' if the 
last key has no value. MY code was leaving a trailing '=' already. Then 
"make_form" added a second trailing '='.

So, if the string of key-value pairs you pass to "make_form" contains a 
trailing '=', like this:

$cgi_string = 'this=that&now=then¬hing='

Then, "make_form" will leave another '=' at the end, effectively giving 
you:

this = 'that'
now = 'then'
nothing = '='<- not what I wanted here!

I added the following workaround to my code to hack off any double trailing 
'=' after doing "make_form"...
(Perl code follows)

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
sub do_https_post {
  my $string = make_form ($cgi_string);#correct trailing '=' bug in 
post_https
  $string =~ s/(.?)(=)=/$1$2/; #remove double '=' if 
present

  ($page, $response, %reply_headers)
 = post_https($server, $port, $uri,
make_headers(
'User-Agent' => $user_agent,
'Referer'=> $refer_url,
'Authorization' => $credentials,
),
$string
 );
}
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

Ed Eddington
[EMAIL PROTECTED]
PCR

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: ANNOUNCE: Net::SSLeay perl module 1.05

1999-08-03 Thread Miguel Ángel Monjas Llorente


Tran Duc Trung wrote:
> 
> Miguel Ángel Monjas Llorente <[EMAIL PROTECTED]> writes:
> 
> > [...]
> >
> > has anyone tested the Windows support?
> >
> > I've seen that the Makefile.PL is almost the same. So, I haven't been
> > able to make anything.
> >
> > Any clue?
> 
> I had to modify Makefile.PL to be able to compile
> 
> 1) added .exe suffix to the test of executability of openssl
> 
> orig:
> until (-x "$openssl_path/bin/openssl") {
> mine:
> until (-x "$openssl_path/bin/openssl.exe") {

Assuming that openSSl is used, I tried out32dll instead of bin, but
looks fine.

> 2) near the end of the file I ignored the comments regarding WIN32,
>commented out the LIBS lines and added this line
> 
> 'MYEXTLIB'  => "$openssl_path/lib/ssleay32.lib $openssl_path/lib/libeay32.lib",

I'll try

> After that it compiles. 'nmake test' also almost okay except the
> test which requires fork() and the 'Making self signed certificate
> just for these tests' section in test.pl, which has the line
> 
> system "examples/makecert.pl examples $ssleay_path $silent";
> 
> Win32 is not UNIX, hash bang does not work here. So I changed it to
> 
> system "perl examples/makecert.pl examples $ssleay_path $silent";
> 
> or probably even better is
> 
> system "$^X examples/makecert.pl examples $ssleay_path $silent";

Thank you.

--
  Miguel Angel Monjas
  Ericsson Spain
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: ANNOUNCE: Net::SSLeay perl module 1.05

1999-08-03 Thread Tran Duc Trung


Miguel Ángel Monjas Llorente <[EMAIL PROTECTED]> writes:

> [...]
> 
> has anyone tested the Windows support?
> 
> I've seen that the Makefile.PL is almost the same. So, I haven't been
> able to make anything.
> 
> Any clue?

I had to modify Makefile.PL to be able to compile

1) added .exe suffix to the test of executability of openssl

orig:
until (-x "$openssl_path/bin/openssl") {
mine:
until (-x "$openssl_path/bin/openssl.exe") {

2) near the end of the file I ignored the comments regarding WIN32,
   commented out the LIBS lines and added this line

'MYEXTLIB'  => "$openssl_path/lib/ssleay32.lib $openssl_path/lib/libeay32.lib",

After that it compiles. 'nmake test' also almost okay except the
test which requires fork() and the 'Making self signed certificate
just for these tests' section in test.pl, which has the line

system "examples/makecert.pl examples $ssleay_path $silent";

Win32 is not UNIX, hash bang does not work here. So I changed it to

system "perl examples/makecert.pl examples $ssleay_path $silent";

or probably even better is

system "$^X examples/makecert.pl examples $ssleay_path $silent";

trung

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay (1.05) and Windows NT

1999-08-02 Thread Miguel Angel Fraga



Hi,

I'm trying to compile and run Net::SSLeay (1.05) under Windows NT
using VC++ 6.0, i have modified Makefile.PL in order to adjust it
to my current configuration.

I got a lot of errors, so after some changes it looks better...
but i don't know how to resolve this error message (and i don't
know if it is the last one...):

 Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 80x86
 Copyright (C) Microsoft Corp 1984-1998. All rights reserved.

 SSLeay.c
 SSLeay.c(2508) : error C2440: '=' : cannot convert from 'const char *' to
'char *'
Conversion loses qualifiers
 SSLeay.c(2541) : error C2440: '=' : cannot convert from 'const char *' to
'char *'
Conversion loses qualifiers
 NMAKE : fatal error U1077: 'cl.exe' : return code '0x2'
 Stop.


RETVAL = SSL_get_cipher_list(s, n);   //  <--- line 2508

RETVAL = SSL_get_cipher(s);   //  <--- line 2541


Does anybody know how to compile and run Net::SSLeay (1.05)
under Windows NT?
Or where i could find somebody who could answer my questions
on this matter?

Thanks in advance

Miguel Angel Fraga



// -

bn.h

 BIGNUM *modulo; /* just a reference */// line 255

BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *modulo);  // line
405


ssl.h
-
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *listxxx);  // line
1013
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *listxxx);
// line 1014


rand.h
--
 void (*seedxxx)(const void *buf, int num);  // line 68


SSLeay.xs
-
#include "openssl/rand.h"   // line 54 (new)

not_here(char *s)// line 73
// char *s; // line 74

constant(char *name, int arg)// line 83
// char *name;  // line 84
// int arg;  // line 85



// ---  makefile  ---
>perl makefile.pl

Checking for OpenSSL-0.9.3a or newer...
You have OpenSSL-0.9.3 installed in \OpenSSL-0.9.3
Checking if your kit is complete...
Looks good
Writing Makefile for Net::SSLeay


// ---  nmake  ---
>nmake

Microsoft (R) Program Maintenance Utility   Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

mkdir blib
...
mkdir blib\man3
cp SSLeay.pm blib\lib\Net\SSLeay.pm
AutoSplitting blib\lib\Net\SSLeay.pm (blib\lib\auto/Net\SSLeay)
blib\lib\Net\SSLeay.pm: some names are not unique when truncated to 8
characters:
 directory blib\lib\auto/Net\SSLeay:
  ssl_read_all.al, ssl_read_until.al, ssl_read_CRLF.al truncate to ssl_read
  ssl_write_all.al, ssl_write_CRLF.al truncate to ssl_writ
C:\Perl\bin\perl.exe -IC:\Perl\lib -IC:\Perl\lib
C:\Perl\lib\ExtUtils/xs
ubpp  -typemap C:\Perl\lib\ExtUtils\typemap -typemap typemap SSLeay.xs
>SSLeay.t
c && C:\Perl\bin\perl.exe -IC:\Perl\lib -IC:\Perl\lib -MExtUtils::Command -e
mv
SSLeay.tc SSLeay.c




cl.exe -c -I\OpenSSL-0.9.3/_inc -O2 -MD -DNDEBUG -TP -GX -DWIN32 -D_CONS
OLE -DNO_STRICT -DHAVE_DES_FCRYPT -DPERL_OBJECT -O2 -MD -DNDEBUG -TP -GX
 -DV
ERSION=\"1.05\"  -DXS_VERSION=\"1.05\"  -IC:\Perl\lib\CORE  SSLeay.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 80x86
Copyright (C) Microsoft Corp 1984-1998. All rights reserved.

SSLeay.c
SSLeay.c(2508) : error C2440: '=' : cannot convert from 'const char *' to
'char *'
Conversion loses qualifiers
SSLeay.c(2541) : error C2440: '=' : cannot convert from 'const char *' to
'char *'
Conversion loses qualifiers
NMAKE : fatal error U1077: 'cl.exe' : return code '0x2'
Stop.












__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay perl module 1.04 released, supports OpenSSL-0.9.3a FINALLY

1999-08-02 Thread Lars Eggert


-BEGIN PGP SIGNED MESSAGE-

  sampo> I just wrapped a new release. This is quite rough and badly tested
  sampo> release so if you are in production environment and happy with 1.03,
  sampo> don't upgrade yet. If on the other hand you have been longing for
  sampo> OpenSSL-0.9.3a compatibility (i.e. compatibility with latest mod_ssl
  sampo> and Apache-1.3.6), you should check this release.

I grabbed Net::SSLeay 1.05 and OpenSSL-0.9.3a. OpenSSL compiled and went
through the tests fine. Net::SSLeay also compiled fine, but I see the
following errors during the test run; any ideas on how to fix these?

On FreeBSD 2.2.6:
PERL_DL_NONLAZY=1 /usr/local/bin/perl5 -Iblib/arch -Iblib/lib 
-I/usr/local/lib/perl5/5.00502/i386-freebsd -I/usr/local/lib/perl5/5.00502 test.pl
1..16
Can't load 'blib/arch/auto/Net/SSLeay/SSLeay.so' for module Net::SSLeay: Undefined 
symbol "_SSL_library_init" in perl5:blib/arch/auto/Net/SSLeay/SSLeay.so at 
/usr/local/lib/perl5/5.00502/i386-freebsd/DynaLoader.pm line 168.

 at test.pl line 17
BEGIN failed--compilation aborted at test.pl line 17.
not ok 1
*** Error code 2

Stop.
Exit 1


On Solaris-5.1
PERL_DL_NONLAZY=1 /local/bin/perl5 -I./blib/arch -I./blib/lib 
-I/local/perl5.004_04/lib/sun4-solaris/5.00404 -I/local/perl5.004_04/lib test.pl
1..16
Can't load './blib/arch/auto/Net/SSLeay/SSLeay.so' for module Net::SSLeay: ld.so.1: 
/local/bin/perl5: fatal: relocation error: file ./blib/arch/auto/Net/SSLeay/SSLeay.so: 
symbol __umoddi3: referenced symbol not found at 
/local/perl5.004_04/lib/sun4-solaris/5.00404/DynaLoader.pm line 166.

 at test.pl line 17
BEGIN failed--compilation aborted at test.pl line 17.
not ok 1
make: *** [test_dynamic] Error 2
Exit 2

Lars
__
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/~larse/   University of Southern California

-BEGIN PGP SIGNATURE-
Version: 2.6.2

iQCVAwUBN6X81tZcnpRveo1xAQHFNAQAtHHf2y/nCo4H6h8HTUIACefMnkC8DSQP
QZdYuqwZYg+hPmZM7s7aNmxJ/xPN1Z/Vf/T0vuVuvmfE07EJiSWy9fxqm4RShwWb
Aq9ofS+Kc89tXRSAQkMMWnu/kvCndjgI0oS76823RP8f8AbLuBmEm9SWNjAd/rw2
AJzWCfEHoNA=
=ArNN
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

openssl and net-ssleay

1999-07-13 Thread David Braginsky


I am trying to create a secure scriptible client in perl, and thought
net-ssleay would be the best choice. I am developing under nt (not my own
choice) but it shouldn't matter. I have been trying to get server
certificate verification to work, but the documentation states that the
examples provided are unstable, and when i try to run them they do not work.

Does anyone have any perl code i could look at for certificate verification?

thanks in advance
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: NET::SSLeay for NT

1999-05-13 Thread Dave Clark

At 05:52 PM 05/12/1999 , Fariba wrote:
>Hello,
>
>I need to install SSLeay on NT server.  I have download the version of
>openSSL1_0.9.1c and trying to compile it for NT in VC++. I was hoping to get
>some feedback from anyone who has done this process.

I was able to build OpenSSL 0.9.2b on NT server 4.0 using VC++ 5.0,
without a problem.  I just followed the instructions in Install.w32.
What problems are you having?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

NET::SSLeay for NT

1999-05-12 Thread Fariba Bolandhemat


Hello,

I need to install SSLeay on NT server.  I have download the version of
openSSL1_0.9.1c and trying to compile it for NT in VC++. I was hoping to get
some feedback from anyone who has done this process.

Thanks in advance.

Fariba
UCLA
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Net::SSLeay - missing tmp rsa key

1999-03-31 Thread CJ Holmes


>ssl accept: () 21782: 1 - error:1409B0AC:SSL
>routines:SSL3_SEND_SERVER_KEY_EXCHANGE:missing tmp rsa key
>
>Has anyone gotten this script to run? Does anyone know what "missing tmp
>rsa key means?". Is this missing from netscape's end or from Net::SSLeay's
>end?

I haven't run that script, but I know what the error means.  It means that
your browser only supports "exportable" encryption and SSL doesn't have a
lowered-strength RSA key to use to establish the session.  Hopefully, there
is something to configure in the script to allow exportable ciphers that
will, in turn, generate an exportable RSA temporary key and add it to the
context.

I don't know how the perl bindings work with OpenSSL, but the right thing
to do in C is:

RSA *exportKey = NULL;
exportKey = RSA_generate_key(512, 3, NULL, 0);
if(exportKey)
SSL_CTX_set_tmp_rsa(sslctx,exportKey);


cjh
<<<>>>
CJ Holmes   It is completely configurable -
StarNineyou just can't change the settings.
Senior Software Engineer


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Net::SSLeay - missing tmp rsa key

1999-03-31 Thread Julien Beasley


Hello fellow SSL users,

When using the https-proxy-snif.pl that comes with the distribution of
Net::SSLeay in the examples directory, the perl script seems to initiate
the SSL handshake with by browser (Netscape) correctly, but then dies with
the following error:

ssl accept: () 21782: 1 - error:1409B0AC:SSL
routines:SSL3_SEND_SERVER_KEY_EXCHANGE:missing tmp rsa key

Has anyone gotten this script to run? Does anyone know what "missing tmp
rsa key means?". Is this missing from netscape's end or from Net::SSLeay's
end?

>From Netscape's point of view, it sees the certificate, presents me with
the windows to accept the certificate, and then pops up a window saying

"An i/o error occurred during security authorisation. Please try your
connection again"

(I am using Net::SSLeay 1.03 with Openssl 0.9.1.c on RedHat 5.2)

Thanks a lot,

Julien
[EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: compiling Net::SSLeay on WIn32 (Win98)

1999-02-16 Thread Ulrich Kroener



Maybe a C/C++ incompatibility problem? Try extern "C" {} wrapping.

---Jack Velte <[EMAIL PROTECTED]> wrote:
> then using MS C, v5 i get this:
> 
> C:/PERL/BIN/PERL.EXE -IC:/Perl/lib -IC:/Perl/lib
C:/Perl/lib/ExtUtils/xsubpp  -typemap C:/Perl/lib/ExtUtils/typemap
-typemap typemap SSLeay.xs >SSLeay.tc && C:/PERL/BIN/PERL.EXE
-IC:/Perl/lib -IC:/Perl/lib -MExtUtils::Command -e mv SSLeay.tc SSLeay.c
> cl.exe -c -I../openss~1.1c/inc32 -O2 -MD -DNDEBUG -TP -GX -DWIN32
-D_CONSOLE -DNO_STRICT -DHAVE_DES_FCRYPT -DPERL_OBJECT -O2 -MD
-DNDEBUG -TP -GX-DVERSION=\"1.03\" -DXS_VERSION=\"1.03\" 
-IC:/Perl/lib/CORE  SSLeay.c
> Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 11.00.7022
for 80x86
> Copyright (C) Microsoft Corp 1984-1997. All rights reserved.
> 
> SSLeay.c
> ../openss~1.1c/inc32\bn.h(266) : error C2143: syntax error : missing
';' before '->'

_
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

compiling Net::SSLeay on WIn32 (Win98)

1999-02-16 Thread Jack Velte





hi sampo,
 
i'm trying to compile your Net::SSLeay.  i 
do Not have a lot of experience compiling perl modules -- i usually
get them from 
Activestate.  i really would like to use LWP with https, though, so i'm 
slogging my way through
this.
 
i was able to compile the ssleay version from openssl 0.9.1c, 
so that's current.  it ran through all the included
tests ok.
 
in openssl i am using the C version of the `bn' code because i 
don't have an assembler.
 
I'm using Windows 98; the MS Visual C++ compiler 
version 5; Activestate Perl 5.005_02; GNU make for
msdos (part of the GNU tools 
for MSDOS, which include the GNU C compiler.)
 
i commented out the ssleay checking code in 
makefile.pl.
 
`perl makefile.pl' produces a makefile that needs a fair 
amount of unix -> MSDOS fixing, including fixing \'s to /'s,
and throwing away some unused but undefined 
macros.
 
then using MS C, v5 i get this:
C:/PERL/BIN/PERL.EXE -IC:/Perl/lib 
-IC:/Perl/lib C:/Perl/lib/ExtUtils/xsubpp  -typemap 
C:/Perl/lib/ExtUtils/typemap -typemap typemap SSLeay.xs >SSLeay.tc && 
C:/PERL/BIN/PERL.EXE -IC:/Perl/lib -IC:/Perl/lib -MExtUtils::Command -e mv 
SSLeay.tc SSLeay.ccl.exe -c -I../openss~1.1c/inc32 -O2 -MD -DNDEBUG -TP -GX 
-DWIN32 -D_CONSOLE -DNO_STRICT -DHAVE_DES_FCRYPT -DPERL_OBJECT -O2 -MD -DNDEBUG 
-TP -GX    -DVERSION=\"1.03\" 
-DXS_VERSION=\"1.03\"  -IC:/Perl/lib/CORE  
SSLeay.cMicrosoft (R) 32-bit C/C++ Optimizing Compiler Version 11.00.7022 
for 80x86Copyright (C) Microsoft Corp 1984-1997. All rights 
reserved.
 
SSLeay.c../openss~1.1c/inc32\bn.h(266) : 
error C2143: syntax error : missing ';' before 
'->'../openss~1.1c/inc32\bn.h(266) : error C2238: unexpected token(s) 
preceding ';'../openss~1.1c/inc32\bn.h(417) : error C2143: syntax error : 
missing ')' before '->'../openss~1.1c/inc32\bn.h(417) : error C2059: 
syntax error : '->'../openss~1.1c/inc32\bn.h(417) : error C2059: syntax 
error : ')'../openss~1.1c/inc32\bn.h(426) : error C2143: syntax error : 
missing ')' before '->'../openss~1.1c/inc32\bn.h(426) : error C2059: 
syntax error : '->'../openss~1.1c/inc32\bn.h(426) : error C2501: 'PL_na' 
: missing decl-specifiers../openss~1.1c/inc32\bn.h(426) : error C2062: type 
'unsigned long' unexpected../openss~1.1c/inc32\bn.h(426) : error C2501: 'b' 
: missing decl-specifiers../openss~1.1c/inc32\bn.h(426) : warning C4228: 
nonstandard extension used : qualifiers after comma in declarator list are 
ignored../openss~1.1c/inc32\bn.h(426) : error C2062: type 'int' 
unexpected../openss~1.1c/inc32\bn.h(426) : error C2059: syntax error : 
')'../openss~1.1c/inc32\bn.h(426) : error C2501: 'nb' : missing 
decl-specifiers../openss~1.1c/inc32\bn.h(426) : warning C4228: nonstandard 
extension used : qualifiers after comma in declarator list are 
ignored../openss~1.1c/inc32\asn1.h(138) : fatal error C1903: unable to 
recover from previous error(s); stopping compilationMAKE.EXE: *** 
[SSLeay.obj] Error 2
 
--
Using GCC i get this:
 
gcc.exe -c 
-I../openss~1.1c/inc32  
-DVERSION=\"1.03\" -DXS_VERSION=\"1.03\"  
-IC:/Perl/lib/CORE  SSLeay.cIn file included from 
C:\Perl\lib\CORE\config.h:2100, 
from 
C:\Perl\lib\CORE\perl.h:137, 
from SSLeay.xs:20:C:\Perl\lib\CORE\win32.h:32: warning: `__declspec' 
redefined*Initialization*:1: warning: this is the location of the previous 
definitionIn file included from 
D:\CYGNUS\CYGWIN~1\H-I586~1\BIN\..\lib\gcc-lib\i586-cygwin32\egcs-2.91.57\..\..\..\..\i586-cygwin32\include\errno.h:1, 
from 
C:\Perl\lib\CORE\perl.h:574, 
from 
SSLeay.xs:20:D:\CYGNUS\CYGWIN~1\H-I586~1\BIN\..\lib\gcc-lib\i586-cygwin32\egcs-2.91.57\..\..\..\..\i586-cygwin32\include\sys/errno.h:109: 
warning: `ENOTSOCK' redefinedC:\Perl\lib\CORE\sys/socket.h:54: warning: this 
is the location of the previous definitionIn file included from 
C:\Perl\lib\CORE\perl.h:1100, 
from SSLeay.xs:20:C:\Perl\lib\CORE\dosish.h:119: warning: `Stat' 
redefinedC:\Perl\lib\CORE\win32.h:261: warning: this is the location of the 
previous definitionIn file included from 
C:\Perl\lib\CORE\config.h:2100, 
from 
C:\Perl\lib\CORE\perl.h:137, 
from SSLeay.xs:20:C:\Perl\lib\CORE\win32.h:287: warning: redefinition of 
`caddr_t'D:\CYGNUS\CYGWIN~1\H-I586~1\BIN\..\lib\gcc-lib\i586-cygwin32\egcs-2.91.57\..\..\..\..\i586-cygwin32\include\sys/types.h:65: 
warning: `caddr_t' previously declared hereIn file included from 
..\openss~1.1c\inc32\asn1.h:67, 
from 
..\openss~1.1c\inc32\x509.h:67, 
from 
..\openss~1.1c\inc32\ssl.h:147, 
from SSLeay.xs:29:..\openss~1.1c\inc32\bn.h:426: parse error before 
`?'MAKE.EXE: *** [SSLeay.obj] Error 1
help?
 
-jack

84 matches

Mail list logo