subject:"Please help"

Hi

I've been trying to edit and rebuild the ASN.1 database using objects.pl. I
am having problems understanding what is going on. As I understand it, the
file to edit is objects.txt, but if I change this file in any way, then
objects.pl no longer works. Can anybody please tell me what I should be
doing here?

many many thanks

Steve


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Please help

I *think* I understand it now, but any clarification etc. would still be
most appreciated.

Steve

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of steve thornton
Sent: 23 July 2003 10:09
To: [EMAIL PROTECTED]
Subject: Please help

Hi

I've been trying to edit and rebuild the ASN.1 database using objects.pl. I
am having problems understanding what is going on. As I understand it, the
file to edit is objects.txt, but if I change this file in any way, then
objects.pl no longer works. Can anybody please tell me what I should be
doing here?

many many thanks

Steve

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please help

2003-07-23 Thread Dr. Stephen Henson

On Wed, Jul 23, 2003, steve thornton wrote:

 Hi
 
 I've been trying to edit and rebuild the ASN.1 database using objects.pl. I
 am having problems understanding what is going on. As I understand it, the
 file to edit is objects.txt, but if I change this file in any way, then
 objects.pl no longer works. Can anybody please tell me what I should be
 doing here?
 

If the added lines use the correct syntax you should be OK as long as you call
'make update'. You should be careful about deleting lines from objects.txt
because this will break binary compatibility with any applications that use
the NIDs directly: they'd need to be recompiled.

Steve.
--
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Please help

Yes I've noticed this. Basically I am making an embedded client, and am
looking for every way possible to reduce code size, and obj_dat is very big.
I've more or less concluded that it is not worth the trouble, but 24k is
24k.
It surely should be possible to parse the essential info (Issuer, Subject
and public key info etc.) from a cert. without having all the machinery that
is in OpenSSL, but achieving that within the context of OpenSSL at present
would be a *lot* of work. Would you agree, have you any comments?

many thanks

Steve


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: 23 July 2003 12:36
To: [EMAIL PROTECTED]
Subject: Re: Please help


On Wed, Jul 23, 2003, steve thornton wrote:

 Hi

 I've been trying to edit and rebuild the ASN.1 database using objects.pl.
I
 am having problems understanding what is going on. As I understand it, the
 file to edit is objects.txt, but if I change this file in any way, then
 objects.pl no longer works. Can anybody please tell me what I should be
 doing here?


If the added lines use the correct syntax you should be OK as long as you
call
'make update'. You should be careful about deleting lines from objects.txt
because this will break binary compatibility with any applications that use
the NIDs directly: they'd need to be recompiled.

Steve.
--
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please help

2003-07-23 Thread Dr. Stephen Henson

On Wed, Jul 23, 2003, steve thornton wrote:

 Yes I've noticed this. Basically I am making an embedded client, and am
 looking for every way possible to reduce code size, and obj_dat is very big.
 I've more or less concluded that it is not worth the trouble, but 24k is
 24k.
 It surely should be possible to parse the essential info (Issuer, Subject
 and public key info etc.) from a cert. without having all the machinery that
 is in OpenSSL, but achieving that within the context of OpenSSL at present
 would be a *lot* of work. Would you agree, have you any comments?
 

Well if its embedded then binary compatibility wont matter if you can just
recompile everything.

You can delete a large number of objects in objects.txt without any major
harm. 

There are other areas you can also look into to reduce code size such as
crypto and digest algorithms, extension code, PKCS#12, PKCS#7, ENGINE etc etc.

It would be *very* difficult to try to restrict OpenSSL to the sizes
claimed for some SSL libraries (40K I've heard quoted for one), so hard in
fact that starting again might be less effort.

Steve.
--
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Please help

Thanks for that Steve, that was the conclusion I had just come to. Now I
need to convince by bosses. I wonder if they'll pay me to write things from
scratch?

Steve

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: 23 July 2003 13:52
To: [EMAIL PROTECTED]
Subject: Re: Please help


On Wed, Jul 23, 2003, steve thornton wrote:

 Yes I've noticed this. Basically I am making an embedded client, and am
 looking for every way possible to reduce code size, and obj_dat is very
big.
 I've more or less concluded that it is not worth the trouble, but 24k is
 24k.
 It surely should be possible to parse the essential info (Issuer, Subject
 and public key info etc.) from a cert. without having all the machinery
that
 is in OpenSSL, but achieving that within the context of OpenSSL at present
 would be a *lot* of work. Would you agree, have you any comments?


Well if its embedded then binary compatibility wont matter if you can just
recompile everything.

You can delete a large number of objects in objects.txt without any major
harm.

There are other areas you can also look into to reduce code size such as
crypto and digest algorithms, extension code, PKCS#12, PKCS#7, ENGINE etc
etc.

It would be *very* difficult to try to restrict OpenSSL to the sizes
claimed for some SSL libraries (40K I've heard quoted for one), so hard in
fact that starting again might be less effort.

Steve.
--
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

please help me!!

2003-03-17 Thread luke


 i have try many times.
 i got the same error message.
 ==
 perl Configure VC-WIN32
 .\ms\do_nt.bat
 nmake -f .\ms\nt.mak

 ps .net vc++(vc++ v7)

 .
 ui_compat.c
 cl /Fotmp32\krb5_asn.obj  -Iinc32 -Itmp32 /MD /W3 /WX /G5 /Ox /O2
 /Ob2 /
 Gs0 /GF /Gy
 /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DD
 SO_WIN32 -DOPENSSL_SYSNAME_WINNT /Fdout32 -DOPENSSL_NO_KRB5  -c
 .\crypto\krb5\kr
 b5_asn.c
 cl : Command line warning D4029 : optimization is not available in the
 standard
 edition compiler
 krb5_asn.c
 lib /out:out32\libeay32.lib
 @C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmF2.tmp

 'lib' ¤£¬O¤º³¡©Î¥~³¡«ü¥O¡B
 ¥i°õ¦æªºµ{¦¡©Î§å¦¸ÀÉ¡C
 NMAKE : fatal error U1077: 'lib' : return code '0x1'
 Stop.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: please help me!!

2003-03-17 Thread Dr. Stephen Henson

On Mon, Mar 17, 2003, luke wrote:

 
  i have try many times.
  i got the same error message.
  ==
  perl Configure VC-WIN32
  .\ms\do_nt.bat
  nmake -f .\ms\nt.mak
 
  ps .net vc++(vc++ v7)
 
  .
  ui_compat.c
  cl /Fotmp32\krb5_asn.obj  -Iinc32 -Itmp32 /MD /W3 /WX /G5 /Ox /O2
  /Ob2 /
  Gs0 /GF /Gy
  /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DD
  SO_WIN32 -DOPENSSL_SYSNAME_WINNT /Fdout32 -DOPENSSL_NO_KRB5  -c
  .\crypto\krb5\kr
  b5_asn.c
  cl : Command line warning D4029 : optimization is not available in the
  standard
  edition compiler
  krb5_asn.c
  lib /out:out32\libeay32.lib
  @C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmF2.tmp
 
  'lib' ¤£¬O¤º³¡©Î¥~³¡«ü¥O¡B
  ¥i°õ¦æªºµ{¦¡©Î§å¦¸ÀÉ¡C
  NMAKE : fatal error U1077: 'lib' : return code '0x1'
  Stop.
 

Looks like a crippled restricted version of VC++. Try removing the /O* options
by manually editing ms\nt.mak, they are on the CFLAG line right at the top.

Steve.
--
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Hi, Please help me.

2003-01-09 Thread Anthony Neal



Hi there,
The problem that I encountered was with a call to ERR_get_error_line_data(),
and has not yet been solved. I was not encountering any memory leaks
with SSL_connect(). We are using OpenSSL V 0.9.6b currently, we plan
to upgrade in the near future.
When creating an SSL*, I tend to do the following:
SSL*
SSLConnection::createSSLConnection(int socket)
{
 assert(_sslContext != 0);
 SSL* sslConnection = SSL_new(_sslContext);
 assert(sslConnection != 0);
 SSL_clear(sslConnection);
 SSL_set_fd(sslConnection, socket);
 return sslConnection;
}
I don't do anything special in the destruction, simply call SSL_shutdown().
I leave it to another part of the application to close the socket for me.
Hope it helps!
-Anthony

"Jack Y." wrote:
Hi,
 I am sorry to send you directly, hope it not bother.
 Openssl mail list seem does not work, I can not
subscript one. I also send my mail to [EMAIL PROTECTED],
but get no response.
 You seem had the same problem as me, pls give me
hints, many thanks, if you do not solve the problem yet, please post this
mail on mail list, many thanks.
 I ran into a tribble problem, my client application
that use openssl 0.9.6h lose 4K memory every SSL_connect()...
 The product is under release, things become very
clear, remove the leak, or throw openssl lib, do the total job, authentication,
encryption by myself.
 In list, I saw many persons solve the problem by
close socket before free ssl object. But it does not work in my program.
So, if you are one of them, send a copy of your client program, MANY THANKS.
 Purify says I leak memory allocated in CRYPTO_malloc,
I think it is no use.
 I tried
 CRYPTO_malloc_debug_init();
 CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 for
 ...
 end for
 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
 CRYPTO_mem_leaks_fp(stderr);
 the program crash at CRYPTO_mem_leaks_fp(..)!!!
 I saw a post long time ago says there do have memory
leak in openssl, http://marc.theaimsgroup.com/?l=openssl-usersm=99973677617001w=2,
is it fixed now, if not, ...oh, hurt!
 My environment is: w2k professional, .9.6h
The code flow of the client is as follows
* SSL_CTX_new(...)
* SSL_CTX_use_certificate_ASN1(...)
* SSL_CTX_use_RSAPrivateKey_ASN1(...)
* X509_STORE_add_cert() // To add CA cert
* SSL_CTX_sess_set_cache_size(ctx, 0);
* SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF);
* other init actions
* for ever
 * SSL_new(...)
 * create read  write BIOs
 * SSL_connect(...)
 * .
 * SSL_shutdown(...)
 * closesock(...)
 * SSL_free(...)
 * ERR_remove_state(0);
 * ERR_free_strings();
 * EVP_cleanup();
 * sleep
* endfor
I also tried:
* for ever
 * SSL_CTX_new(...)
 * SSL_CTX_use_certificate_ASN1(...)
 * SSL_CTX_use_RSAPrivateKey_ASN1(...)
 * X509_STORE_add_cert() // To add CA cert
 * other init actions
 * SSL_new(...)
 * create read  write BIOs
 * SSL_connect(...)
 * .
 * SSL_shutdown(...)
 * closesock(...)
 * SSL_free(...)
 * SSL_CTX_free(...)
 * ERR_remove_state(0);
 * ERR_free_strings();
 * EVP_cleanup();
 * sleep
* endfor
but I still lose 4K memory every loop...
My code is below for details.
// TestClntSSL.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "TestClntSSL.h"
#include "Winsock2.h"
#include openssl/ssl.h>
#include openssl/err.h>
#include openssl/md5.h>
#include openssl/rand.h>
#include stdio.h>
#include stdlib.h>
typedef struct CLIENT_PARA
{
 SSL_CTX * pctx;
 char * szFile;
 unsigned long ulAddr;
 int server_port;
} CLIENT_PARA;
static int port = 4433;
static char* server_ip = "192.168.xx.xx";
static char *ciphers = "DES-CBC3-SHA";
static int s_server_session_id_context = 1;
static char *passwd = "n1234";
static char *srvr_cert_file = "c:\\VCDebug\\nnn.crt";
static char *srvr_key_file = "c:\\VCDebug\\nnn.key";
static char *ca_cert_file = "c:\\VCDebug\\ca.crt";
static char *host = "CN=mmm";
static int password_cb(char *buf,int num,
 int rwflag,void *userdata);
SSL_CTX *initialize_ctx()
{
 SSL_METHOD *meth;
 SSL_CTX *ctx;
 int seed_int[1000];
 /* Global system initialization*/
 SSL_library_init();
 SSL_load_error_strings();
 /* Set up a SIGPIPE handler */
// signal(SIGPIPE,sigpipe_handle);
 /* Create our context*/
 meth=SSLv3_client_method();
 ctx=SSL_CTX_new(meth);
 /* Load our keys and certificates*/
 if(!(SSL_CTX_use_certificate_file(ctx,
 srvr_cert_file, SSL_FILETYPE_PEM)))
 {
 char szTemp[100] = "Can't
read certificate file";
 Log(szTemp);
 return NULL;
 }
 SSL_CTX_set_default_passwd_cb(ctx,
 password_cb);
 if(!(SSL_CTX_use_PrivateKey_file(ctx,
 srvr_key_file, SSL_FILETYPE_PEM)))
 {
 char szTemp[100] = "Can't
read key file";
 Log(szTemp);
 return NULL;
 }
 /* Load the CAs we trust*/
 if(!(SSL_CTX_load_verify_locations(ctx,
 ca_cert_file,0)))
 {
 Log("Can't read CA list");
 return NULL;
 }
 // Set our cipher list
 if(ciphers)
 {
 SSL_CTX_set_cipher_list(ctx,ciphers);
 }
 SSL_CTX_set_session_id_context(ctx,

(const unsigned char*)s_server_session_id_context,

sizeof

[PLEASE HELP..URGENT!!!!] OPENSSL on Compaq Tru64 or any 64-bit machine.

2002-11-28 Thread J

Hi,

Is there any variable that is supposed to be set for compiling on a 64 bit machine like
Compaq's Tru64?? I have used the openssl library for all the machines and it works 
except
for Tru64.  I defined 'SIXTY_FOUR_BIT' in the bn.h file and that made the session key
encryption with a public key work fine.  But, I still had problems using the 
EVP_Decrypt
functions!! 

Please help me with this.  Is there something that I have to define somewhere else for
the other algorithms to work? as I had done for bn.h??

Any help would be greatly appreciated.

Thanx,
 Jay..


=
- J
  | 
  - [EMAIL PROTECTED]

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [PLEASE HELP..URGENT!!!!] OPENSSL on Compaq Tru64 or any 64-bit machine.

2002-11-28 Thread Durairaj

Use compiler option like: cc +DD64
eg: ./configure hpux-cc +DD64


Bye,
Durai. ( [EMAIL PROTECTED])
Hi,

Is there any variable that is supposed to be set for compiling on a 64 bit machine 
like
Compaq's Tru64?? I have used the openssl library for all the machines and it works 
except
for Tru64.  I defined 'SIXTY_FOUR_BIT' in the bn.h file and that made the session key
encryption with a public key work fine.  But, I still had problems using the 
EVP_Decrypt
functions!! 

Please help me with this.  Is there something that I have to define somewhere else for
the other algorithms to work? as I had done for bn.h??

Any help would be greatly appreciated.

Thanx,
 Jay..


=
- J
  | 
  - [EMAIL PROTECTED]

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]




__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please help: SSL_read() hang after read http 100 continue header

2002-11-13 Thread marcus.carey

Lin

No I am not an OpenSSL developer.  However I have built several server and
client applications using OpenSSL.

The the following code works with IE 5.0 and the simple client program I
sent you.

 BIO_puts(io,HTTP/1.1 100 Continue\r\n);
 BIO_puts(io,Server: Microsoft-IIS/5.0\r\n);
 BIO_puts(io,Date: Wed, 30 Oct 2002 06:34:5 6 GMT\r\n\r\n);
 /* the extra 0d 0a after the Date header is needed to tells the browser it
has reached the end of the block before reading the 200 reponse code */
/* Without the \r\n the server sends an invalid response to the browser */

 BIO_puts(io,HTTP/1.1 200 OK\r\n);
 BIO_puts(io,Server: Microsoft-IIS/5.0\r\n);
 BIO_puts(io,Date: Wed,30 Oct 20 02 06:35:07 GMT\r\n);
 BIO_puts(io,Content-Length: 1863\r\n);
 BIO_puts(io,Content-Type: text/html\r\n);
 BIO_puts(io,Expires: Wed, 30 Oct 2002 06:35: 07 GMT\r\n);
 BIO_puts(io,Cache-control: private\r\n);
 BIO_puts(io,\r\n);

 BIO_puts(io,html\r\n);
 BIO_puts(io,head\r\n);
 BIO_puts(io,titleBIO Openssl Test Server/title\r\n);
 BIO_puts(io,/head\r\n);
 BIO_puts(io,body\r\n);
 BIO_puts(io,centerfont face=VerdanaBIO OpenSSL Test
Server/font/center\r\n);
 BIO_puts(io,/body\r\n);
 BIO_puts(io,/html\r\n);




Browser output:
html
head
titleBIO Openssl Test Server/title
/head
body
centerfont face=VerdanaBIO OpenSSL Test Server/font/center
/body
/html

Simple client output

Wrote 17 chars
Handshake completed successfully!
Read 411 chars:
HTTP/1.1 100 Continue
Server: OpenSSL/1.0
Date: Wed, 30 Oct 2002 06:34:5 6 GMT

HTTP/1.1 200 OK
Date: Wed,30 Oct 20 02 06:35:07 GMT
Content-Length: 1863
Content-Type: text/html
Expires: Wed, 30 Oct 2002 06:35: 07 GMT
Cache-control: private

html
head
titleBIO Openssl Test Server/title
/head
body
centerfont face=VerdanaBIO OpenSSL Test Server/font/center
/body
/html


I am running this code on Windows 2000 Server with VC++ 6.0.  Send me your
client or server code so that I can look at it.


- Original Message -
From: Lutz Jaenicke [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Wednesday, November 13, 2002 1:13 PM
Subject: Re: Please help: SSL_read() hang after read http 100 continue
header


 On Wed, Nov 13, 2002 at 09:53:34AM -0800, Lin Ma wrote:
  I have a client program using Openssl to send request to and receive
  response from a web server. SSL_read hangs if the web server sends the
  following headers.
 
  The following is the header dump without SSL. I think the problem is the
  separator 0d 0a 0d 0a between the two block of headers.

 No. The SSL layer does not care about the data transferred, whether it
 is line oriented or not.

 ...
  You can see, it is like
  HTTP/1.1 100 Continue
  Server: Microsoft-IIS/5.0
  Date: Wed,  30 Oct 2002 06:34:56 GMT
  0d 0a 0d 0a
  HTTP/1.1 200 OK
  Server: Microsoft-IIS/5.0
  Date: Wed,  30 Oct 2002 06:34:56 GMT
  Content-Length: 1863
  .
 
  There is separator 0d 0a 0d 0a between the two block of headers. My
program
  just stuck in the separator and couldn't get the following HTTP/1.1 200
OK
  ...
 
  If I change it to non-blocking, SSL_read() doesn't hang any more, but it
  keep getting SSL_ERROR_WANT_READ error, if I keeping SSL_read, it keep
  getting SSL_ERROR_WANT_READ and doesn't return valid data.

 This means, that no data has been received or at least not enough data
 to complete the TLS record. SSL_read() is waiting for (more) data.

 Use ssldump to analyze the traffic.
 What platform are you working on? Windows or UNIX? Can you try your
 program on another platform?
 Microsoft IIS is not know to be free of errors, but it seems to work
 good enough that I don't think the problem is caused by the server side.

 Best regards,
 Lutz
 --
 Lutz Jaenicke [EMAIL PROTECTED]
 http://www.aet.TU-Cottbus.DE/personen/jaenicke/
 BTU Cottbus, Allgemeine Elektrotechnik
 Universitaetsplatz 3-4, D-03044 Cottbus
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please help: SSL_read() hang after read http 100 continue header

2002-11-13 Thread Lutz Jaenicke

On Wed, Nov 13, 2002 at 09:53:34AM -0800, Lin Ma wrote:
 I have a client program using Openssl to send request to and receive
 response from a web server. SSL_read hangs if the web server sends the
 following headers.
  
 The following is the header dump without SSL. I think the problem is the
 separator 0d 0a 0d 0a between the two block of headers.

No. The SSL layer does not care about the data transferred, whether it
is line oriented or not.

...
 You can see, it is like
 HTTP/1.1 100 Continue
 Server: Microsoft-IIS/5.0
 Date: Wed,  30 Oct 2002 06:34:56 GMT
 0d 0a 0d 0a
 HTTP/1.1 200 OK
 Server: Microsoft-IIS/5.0
 Date: Wed,  30 Oct 2002 06:34:56 GMT
 Content-Length: 1863
 .
  
 There is separator 0d 0a 0d 0a between the two block of headers. My program
 just stuck in the separator and couldn't get the following HTTP/1.1 200 OK
 ... 
  
 If I change it to non-blocking, SSL_read() doesn't hang any more, but it
 keep getting SSL_ERROR_WANT_READ error, if I keeping SSL_read, it keep
 getting SSL_ERROR_WANT_READ and doesn't return valid data.

This means, that no data has been received or at least not enough data
to complete the TLS record. SSL_read() is waiting for (more) data.

Use ssldump to analyze the traffic.
What platform are you working on? Windows or UNIX? Can you try your
program on another platform?
Microsoft IIS is not know to be free of errors, but it seems to work
good enough that I don't think the problem is caused by the server side.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Newbie Question Re: Public Key Encryption [Please help!!]

2002-07-16 Thread J


Hi,

I am trying to encrypt a session key that I created using DES_KEY_SCHEDULE.  I am using
RSA_public_encrypt to encrypt the session key (8 bytes) with the public key using
RSA_PKCS1_OEAP_PADDING.  This creates a 64byte encrypted session key.  I send this to 
the
Server on the windows machine.  But 'Importing the Encrypted Session Key' on that 
server
fails. That's implemented using wincrypt.h functions such as CryptImportObjectEx.  

Further info: I used the public key received from the server (created using the
asymmetric_encrypt_algorithm) and I imported that using: 

rsaPubKey = (RSA*) d2i_RSA_PUBKEY_bio(pub,NULL);

Now, I use this to encrypt the session key:
unsigned char   ciphertext[512];
unsigned char   iv[8];
unsigned char   iv1[8];
RAND_seed(rnd_seed, sizeof (rnd_seed));
RAND_pseudo_bytes(iv,8);
bytecopy(iv,iv1,8);
encryptlen  =   RSA_public_encrypt (8, (*ks)-ks.cblock,
ciphertext, rsaPubKey,
RSA_PKCS1_OAEP_PADDING);
if(encryptlen == -1)
{
fprintf (stderr, ERROR: Failed to encrypt using public key\n);
goto proc_exit;
}


The length after this is 64, which is preferred.  So, after all this when I finally 
send
the 'ciphertext' chars as the encrypted session key, the server fails to import it 
using
CryptImportKey (from wincrypt.h).  The ERROR RECEIVED says:

Either the algorithm that works with the public key you are trying to import is not
supported by this CSP, or an attempt was made to import a session key that was 
encrypted
with something other than one of your public keys


If anyone has come into a similar problem or anything close, please let me know.  
Any
help will be tremendously appreciated.  If you like to know more details or are
interested in working with me on this, please let me know.

Thanx in advance,
 J..



=
- J
  | 
  - [EMAIL PROTECTED]

__
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please Help!!!

2002-04-23 Thread Richard Levitte - VMS Whacker


In message [EMAIL PROTECTED] 
on Mon, 22 Apr 2002 19:16:13 -0700, Paul Mallary [EMAIL PROTECTED] said:

pmallary I have been trying to figure this out on my own for the past day or so and 
am stumped. I have installed all of the necessary stuff for openssl to compile but I 
keep getting these error messages when I configure and make...

Which version of gcc did you use?

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please Help!!!

2002-04-23 Thread Richard Levitte - VMS Whacker


In message [EMAIL PROTECTED] on Mon, 22 Apr 2002 22:38:47 -0700, Aleksey 
Sanin [EMAIL PROTECTED] said:

aleksey IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very
aleksey bad expirience with it in the past. If it is possible, try
aleksey gcc 2.95.3. 

Is that just on Solaris, or a recommendation to avoid gcc 3 in
general?

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please Help!!!

2002-04-23 Thread Aleksey Sanin


I've tried it on Solaris and Linux. IMHO, in both cases it is not polished
as well as it should be. Probably there exist projects there you have to
use 3.0 because of its new features. But it's not the case for me.


Aleksey.


Richard Levitte - VMS Whacker wrote:

In message [EMAIL PROTECTED] on Mon, 22 Apr 2002 22:38:47 -0700, Aleksey 
Sanin [EMAIL PROTECTED] said:

aleksey IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very
aleksey bad expirience with it in the past. If it is possible, try
aleksey gcc 2.95.3. 

Is that just on Solaris, or a recommendation to avoid gcc 3 in
general?



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

gcc 3 (was Re: Please Help!!!)

2002-04-23 Thread Joe Orton


On Tue, Apr 23, 2002 at 10:06:41AM +0200, Richard Levitte - VMS Whacker wrote:
 In message [EMAIL PROTECTED] on Mon, 22 Apr 2002 22:38:47 -0700, 
Aleksey Sanin [EMAIL PROTECTED] said:
 
 aleksey IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very
 aleksey bad expirience with it in the past. If it is possible, try
 aleksey gcc 2.95.3. 
 
 Is that just on Solaris, or a recommendation to avoid gcc 3 in
 general?

One thing to be careful about when using gcc 3 is whether it was
configured with a shared libgcc or not: for instance, the Solaris binary
packages of gcc 3 from sunfreeware.com do use a shared libgcc (as it's
the default), which introduces a dependency of shared libraries produced
by gcc -shared on the shared libgcc.  So you have to set
LD_LIBRARY_PATH or LD_RUN_PATH to $prefix/lib where you installed gcc,
if you want the library to load, and they'll never work on another
Solaris machine unless you copy over the libgcc_s.so too.

gcc 3 configured with --disable-shared doesn't suffer from this problem.

joe

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please Help!!!

2002-04-23 Thread Jean-Marc Desperrier


Aleksey Sanin wrote:

 IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very bad 
 expirience
 with it in the past. If it is possible, try gcc 2.95.3.

I've had recently the occasion to compiles openssl 0.9.6 out of the box 
without problem with both 2.95.3 and 3.0.3 under Solaris.

But with 2.95.3, I had a mysterious coredump inside dlopen everytime I 
was trying to load a Chrysalis pkcs#11 library inside my application 
program.
I was not able to understand what was happening and I did not have the 
problem with 3.0.3, so I went on with that one.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Please Help!!!

2002-04-22 Thread Paul Mallary


I have been trying to figure this out on my own for the past day or so and am stumped. 
I have installed all of the necessary stuff for openssl to compile but I keep getting 
these error messages when I configure and make...
 
./Configure solaris-sparcv8-gcc shared no-threads
JUST A SECTION OF THE ./Configure
Makefile = Makefile.ssl
comp.h = ../../include/openssl/comp.h [File exists]
make[2]: Leaving directory `/export/install/packages/openssl-0.9.6c/crypto/comp'
make[1]: Leaving directory `/export/install/packages/openssl-0.9.6c/crypto'
making links in ssl...
make[1]: Entering directory `/export/install/packages/openssl-0.9.6c/ssl'
Makefile = Makefile.ssl
ssl.h = ../include/openssl/ssl.h [File exists]
ssl2.h = ../include/openssl/ssl2.h [File exists]
ssl3.h = ../include/openssl/ssl3.h [File exists]
ssl23.h = ../include/openssl/ssl23.h [File exists]
tls1.h = ../include/openssl/tls1.h [File exists]
 
Then when I run make
JUST A SECTION
+ rm -f libcrypto.so.0
+ rm -f libcrypto.so
+ rm -f libcrypto.so.0.9.6
+ rm -f libssl.so.0
+ rm -f libssl.so
+ rm -f libssl.so.0.9.6
making all in crypto...
make[1]: Entering directory `/export/install/packages/openssl-0.9.6c/crypto'
( echo #ifndef MK1MF_BUILD; \
echo   /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */; \
echo   #define CFLAGS \gcc -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultrasparc -O3 
-fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRA
SPARC -DMD5_ASM\; \
echo   #define PLATFORM \solaris-sparcv9-gcc\; \
echo   #define DATE \`date`\; \
echo #endif ) buildinf.h
gcc -I. -I../include -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultrasparc -O3 
-fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -D
MD5_ASM   -c -o cryptlib.o cryptlib.c
In file included from cryptlib.c:59:
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:36:27: 
iso/stdio_iso.h: No such file or directory
In file included from cryptlib.c:59:
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:194: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:229: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:230: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:236: parse error 
before size_t
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:241: parse error 
before size_t
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:250: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:252: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:276: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:285: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:286: parse error 
before FILE
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:287: parse error 
before '*' token
cryptlib.c:60:20: string.h: No such file or directory
 
What is wrong with what I am doing? Any help would be a life saver!
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please Help!!!

2002-04-22 Thread Aleksey Sanin


IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very bad expirience
with it in the past. If it is possible, try gcc 2.95.3.

Aleksey Sanin

Paul Mallary wrote:

I have been trying to figure this out on my own for the past day or so and am 
stumped. I have installed all of the necessary stuff for openssl to compile but I 
keep getting these error messages when I configure and make...
 
./Configure solaris-sparcv8-gcc shared no-threads
JUST A SECTION OF THE ./Configure
Makefile = Makefile.ssl
comp.h = ../../include/openssl/comp.h [File exists]
make[2]: Leaving directory `/export/install/packages/openssl-0.9.6c/crypto/comp'
make[1]: Leaving directory `/export/install/packages/openssl-0.9.6c/crypto'
making links in ssl...
make[1]: Entering directory `/export/install/packages/openssl-0.9.6c/ssl'
Makefile = Makefile.ssl
ssl.h = ../include/openssl/ssl.h [File exists]
ssl2.h = ../include/openssl/ssl2.h [File exists]
ssl3.h = ../include/openssl/ssl3.h [File exists]
ssl23.h = ../include/openssl/ssl23.h [File exists]
tls1.h = ../include/openssl/tls1.h [File exists]
 
Then when I run make
JUST A SECTION
+ rm -f libcrypto.so.0
+ rm -f libcrypto.so
+ rm -f libcrypto.so.0.9.6
+ rm -f libssl.so.0
+ rm -f libssl.so
+ rm -f libssl.so.0.9.6
making all in crypto...
make[1]: Entering directory `/export/install/packages/openssl-0.9.6c/crypto'
( echo #ifndef MK1MF_BUILD; \
echo   /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */; \
echo   #define CFLAGS \gcc -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultrasparc -O3 
-fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRA
SPARC -DMD5_ASM\; \
echo   #define PLATFORM \solaris-sparcv9-gcc\; \
echo   #define DATE \`date`\; \
echo #endif ) buildinf.h
gcc -I. -I../include -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultrasparc -O3 
-fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -D
MD5_ASM   -c -o cryptlib.o cryptlib.c
In file included from cryptlib.c:59:
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:36:27: 
iso/stdio_iso.h: No such file or directory
In file included from cryptlib.c:59:
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:194: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:229: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:230: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:236: parse error 
before size_t
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:241: parse error 
before size_t
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:250: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:252: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:276: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:285: parse error 
before '*' token
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:286: parse error 
before FILE
/usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:287: parse error 
before '*' token
cryptlib.c:60:20: string.h: No such file or directory
 
What is wrong with what I am doing? Any help would be a life saver!
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Please help on stupid compile on VC++

2002-04-04 Thread Red


Hi,

i try to link with nmake utility under prompt openssl with a mixture 
library that I took in part from Linux 2.4 because
  I hadn't them on my system and other library were standard of Visual C++ 
6.0 like stdlib.h. At finish i take these errors.

what do you suggest? I should try also with Linux stdlib.h?

Best regards and thanks in advance

Marco Puccio

this is result:

Microsoft (R) Program Maintenance Utility Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

Building OpenSSL
cl /Fotmp32dll\hw_aep.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /O
b2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN 
-DDSO_WIN32 /Fd
out32dll /GD -D_WINDLL -D_DLL -c .\crypto\engine\hw_aep.c
hw_aep.c
.\crypto\engine\hw_aep.c(61) : error C2014: preprocessor command must start 
as f
irst nonwhite space
C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(100) : error 
C2059: s
yntax error : 'type'
C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(366) : error 
C2143: s
yntax error : missing '{' before '__cdecl'
C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(440) : error 
C2143: s
yntax error : missing '{' before '__cdecl'
.\crypto\engine\hw_aep.c(192) : error C2061: syntax error : identifier 
'recorded
_pid'
.\crypto\engine\hw_aep.c(192) : error C2059: syntax error : ';'
.\crypto\engine\hw_aep.c(192) : error C2513: '/*global*/ ' : no variable 
declare
d before '='
.\crypto\engine\hw_aep.c(468) : warning C4018: '=' : signed/unsigned mismatch
.\crypto\engine\hw_aep.c(623) : error C2065: 'pid_t' : undeclared identifier
.\crypto\engine\hw_aep.c(623) : error C2146: syntax error : missing ';' 
before i
dentifier 'curr_pid'
.\crypto\engine\hw_aep.c(623) : error C2065: 'curr_pid' : undeclared identifier
.\crypto\engine\hw_aep.c(627) : warning C4013: 'getpid' undefined; assuming 
exte
rn returning int
.\crypto\engine\hw_aep.c(631) : error C2065: 'recorded_pid' : undeclared 
identif
ier
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.







__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Please help ...

2002-03-24 Thread Paul E. Prak




Hi,

I tried to build openssl on my win98se system and 
fail each time.

Can i download the binaries somewhere?

Regards,

Paul.

Please help - startssl fails due to the following errors:

2001-12-20 Thread Mike K




 
[Thu Dec 20 16:48:20 2001] [error] mod_ssl: Init: 
Private key not found (OpenSSL library error follows)[Thu Dec 20 16:48:20 
2001] [error] OpenSSL: error:0D06B078:asn1 encoding 
routines:ASN1_get_object:header too long

That is from my error_log.

Any ideas how to fix this?

-MK

Re: Please help - startssl fails due to the following errors:

2001-12-20 Thread Mike K




Fixed it. Had to reinstall apache+modssl 
after reinstalling openssl

  - Original Message - 
  From: 
  Mike K 
  To: [EMAIL PROTECTED] 
  Sent: Thursday, December 20, 2001 2:00 
  PM
  Subject: Please help - startssl fails due 
  to the following errors:
  
   
  [Thu Dec 20 16:48:20 2001] [error] mod_ssl: Init: 
  Private key not found (OpenSSL library error follows)[Thu Dec 20 16:48:20 
  2001] [error] OpenSSL: error:0D06B078:asn1 encoding 
  routines:ASN1_get_object:header too long
  
  That is from my error_log.
  
  Any ideas how to fix this?
  
  -MK

problems with private keys... please help! urgent!


Hi all...

Before upgrading, one of my virtual domains (ip based) had SSL setup and was
working fine.  The second domain did not work.  The error was odd according
to people in IRC support channels, and I was told to upgrade to all of the
latest versions.

I did that.

Now when I try to run startssl, I get errors on BOTH virtual domains.

The domain that had once worked produces these errors:

[Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443)
Unable to configure RSA server private key (OpenSSL library error follows)
[Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch

The domain2, that I couldn't get to work before the upgrade, produces these
errors:

[Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found
(OpenSSL library error follows)
[Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding
routines:ASN1_get_object:header too long

-

For domain1, I tried to check the md5's of each of the key and crt...

The md5 for the crt shows up fine.  When I try to get the md5 for the .key,
I get this error:

# openssl rsa -noout -modulus -in server.key | openssl md5
read RSA key
unable to load key
d41d8cd98f00b204e9800998ecf8427e


I get this same unable to load key error for any key I try to get the md5
checksum for


Any help in getting both of my virtual domain's (the two that need SSL)
working is greatly appreciated.

Thanks.

-Mike


PS:  Here is the Virtual Server entry from httpd.conf for domain2... domain1
has the exact same (but updated ip and paths)


NamevirtualHost xxx.xxx.xxx.44:443
VirtualHost xxx.xxx.xxx.44:443
SSLEngine On
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key
SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt
DocumentRoot /home/hosting/domain2.com/public_html
ServerName domain2.com
   CustomLog /www/logs/domain2.com combined
   ErrorLog /www/logs/domain2_error_log
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
Directory /home/hosting/domain2.com/public_html/cgi-bin
SSLOptions +StdEnvVars
/Directory
Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$
SSLOptions +StdEnvVars
/Files
/VirtualHost

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: problems with private keys... please help! urgent!

2001-12-18 Thread Saju Paul


 For domain1, I tried to check the md5's of each of the key and crt...

 The md5 for the crt shows up fine.  When I try to get the md5 for the
.key,
 I get this error:

 # openssl rsa -noout -modulus -in server.key | openssl md5
 read RSA key
 unable to load key
 d41d8cd98f00b204e9800998ecf8427e

I get this error when I use an incorrect password...  check your password..


- Original Message -
From: Mike K [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 1:31 PM
Subject: problems with private keys... please help! urgent!


 Hi all...

 Before upgrading, one of my virtual domains (ip based) had SSL setup and
was
 working fine.  The second domain did not work.  The error was odd
according
 to people in IRC support channels, and I was told to upgrade to all of the
 latest versions.

 I did that.

 Now when I try to run startssl, I get errors on BOTH virtual domains.

 The domain that had once worked produces these errors:

 [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443)
 Unable to configure RSA server private key (OpenSSL library error follows)
 [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509
certificate
 routines:X509_check_private_key:key values mismatch

 The domain2, that I couldn't get to work before the upgrade, produces
these
 errors:

 [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found
 (OpenSSL library error follows)
 [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding
 routines:ASN1_get_object:header too long

 -

 For domain1, I tried to check the md5's of each of the key and crt...

 The md5 for the crt shows up fine.  When I try to get the md5 for the
.key,
 I get this error:

 # openssl rsa -noout -modulus -in server.key | openssl md5
 read RSA key
 unable to load key
 d41d8cd98f00b204e9800998ecf8427e


 I get this same unable to load key error for any key I try to get the
md5
 checksum for


 Any help in getting both of my virtual domain's (the two that need SSL)
 working is greatly appreciated.

 Thanks.

 -Mike


 PS:  Here is the Virtual Server entry from httpd.conf for domain2...
domain1
 has the exact same (but updated ip and paths)


 NamevirtualHost xxx.xxx.xxx.44:443
 VirtualHost xxx.xxx.xxx.44:443
 SSLEngine On
 SSLCipherSuite
 ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key
 SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt
 DocumentRoot /home/hosting/domain2.com/public_html
 ServerName domain2.com
CustomLog /www/logs/domain2.com combined
ErrorLog /www/logs/domain2_error_log
 SetEnvIf User-Agent .*MSIE.* \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
 Directory /home/hosting/domain2.com/public_html/cgi-bin
 SSLOptions +StdEnvVars
 /Directory
 Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$
 SSLOptions +StdEnvVars
 /Files
 /VirtualHost

 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: problems with private keys... please help! urgent!


It never asked me for a password


- Original Message -
From: Saju Paul [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 10:23 AM
Subject: Re: problems with private keys... please help! urgent!


  For domain1, I tried to check the md5's of each of the key and crt...
 
  The md5 for the crt shows up fine.  When I try to get the md5 for the
 .key,
  I get this error:
 
  # openssl rsa -noout -modulus -in server.key | openssl md5
  read RSA key
  unable to load key
  d41d8cd98f00b204e9800998ecf8427e

 I get this error when I use an incorrect password...  check your
password..


 - Original Message -
 From: Mike K [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Tuesday, December 18, 2001 1:31 PM
 Subject: problems with private keys... please help! urgent!


  Hi all...
 
  Before upgrading, one of my virtual domains (ip based) had SSL setup and
 was
  working fine.  The second domain did not work.  The error was odd
 according
  to people in IRC support channels, and I was told to upgrade to all of
the
  latest versions.
 
  I did that.
 
  Now when I try to run startssl, I get errors on BOTH virtual domains.
 
  The domain that had once worked produces these errors:
 
  [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443)
  Unable to configure RSA server private key (OpenSSL library error
follows)
  [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509
 certificate
  routines:X509_check_private_key:key values mismatch
 
  The domain2, that I couldn't get to work before the upgrade, produces
 these
  errors:
 
  [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found
  (OpenSSL library error follows)
  [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding
  routines:ASN1_get_object:header too long
 
  -
 
  For domain1, I tried to check the md5's of each of the key and crt...
 
  The md5 for the crt shows up fine.  When I try to get the md5 for the
 .key,
  I get this error:
 
  # openssl rsa -noout -modulus -in server.key | openssl md5
  read RSA key
  unable to load key
  d41d8cd98f00b204e9800998ecf8427e
 
 
  I get this same unable to load key error for any key I try to get the
 md5
  checksum for
 
 
  Any help in getting both of my virtual domain's (the two that need SSL)
  working is greatly appreciated.
 
  Thanks.
 
  -Mike
 
 
  PS:  Here is the Virtual Server entry from httpd.conf for domain2...
 domain1
  has the exact same (but updated ip and paths)
 
 
  NamevirtualHost xxx.xxx.xxx.44:443
  VirtualHost xxx.xxx.xxx.44:443
  SSLEngine On
  SSLCipherSuite
  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key
  SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt
  DocumentRoot /home/hosting/domain2.com/public_html
  ServerName domain2.com
 CustomLog /www/logs/domain2.com combined
 ErrorLog /www/logs/domain2_error_log
  SetEnvIf User-Agent .*MSIE.* \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0
  Directory /home/hosting/domain2.com/public_html/cgi-bin
  SSLOptions +StdEnvVars
  /Directory
  Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$
  SSLOptions +StdEnvVars
  /Files
  /VirtualHost
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing List[EMAIL PROTECTED]
  Automated List Manager   [EMAIL PROTECTED]

 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: problems with private keys... please help! urgent!

2001-12-18 Thread Saju Paul


If the private key has been created with a password (usually is); then the
same password needs to be supplied using the -passin argument.

for ex:

 openssl rsa -noout -modulus -in server.key -passin pass:mypasswd | openssl
md5

If the -passin argument is not used; it could be picking up a default passin
password from the openssl.cnf file.  Check the openssl.cnf for a default
passin and make sure it matches the password you used to create the private
key.

---

- Original Message -
From: Mike K [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 2:32 PM
Subject: Re: problems with private keys... please help! urgent!


 It never asked me for a password


 - Original Message -
 From: Saju Paul [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Tuesday, December 18, 2001 10:23 AM
 Subject: Re: problems with private keys... please help! urgent!


   For domain1, I tried to check the md5's of each of the key and crt...
  
   The md5 for the crt shows up fine.  When I try to get the md5 for the
  .key,
   I get this error:
  
   # openssl rsa -noout -modulus -in server.key | openssl md5
   read RSA key
   unable to load key
   d41d8cd98f00b204e9800998ecf8427e
 
  I get this error when I use an incorrect password...  check your
 password..
 
 
  - Original Message -
  From: Mike K [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Tuesday, December 18, 2001 1:31 PM
  Subject: problems with private keys... please help! urgent!
 
 
   Hi all...
  
   Before upgrading, one of my virtual domains (ip based) had SSL setup
and
  was
   working fine.  The second domain did not work.  The error was odd
  according
   to people in IRC support channels, and I was told to upgrade to all of
 the
   latest versions.
  
   I did that.
  
   Now when I try to run startssl, I get errors on BOTH virtual domains.
  
   The domain that had once worked produces these errors:
  
   [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init:
(.com:443)
   Unable to configure RSA server private key (OpenSSL library error
 follows)
   [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509
  certificate
   routines:X509_check_private_key:key values mismatch
  
   The domain2, that I couldn't get to work before the upgrade, produces
  these
   errors:
  
   [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not
found
   (OpenSSL library error follows)
   [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1
encoding
   routines:ASN1_get_object:header too long
  
   -
  
   For domain1, I tried to check the md5's of each of the key and crt...
  
   The md5 for the crt shows up fine.  When I try to get the md5 for the
  .key,
   I get this error:
  
   # openssl rsa -noout -modulus -in server.key | openssl md5
   read RSA key
   unable to load key
   d41d8cd98f00b204e9800998ecf8427e
  
  
   I get this same unable to load key error for any key I try to get
the
  md5
   checksum for
  
  
   Any help in getting both of my virtual domain's (the two that need
SSL)
   working is greatly appreciated.
  
   Thanks.
  
   -Mike
  
  
   PS:  Here is the Virtual Server entry from httpd.conf for domain2...
  domain1
   has the exact same (but updated ip and paths)
  
  
   NamevirtualHost xxx.xxx.xxx.44:443
   VirtualHost xxx.xxx.xxx.44:443
   SSLEngine On
   SSLCipherSuite
   ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
   SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key
   SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt
   DocumentRoot /home/hosting/domain2.com/public_html
   ServerName domain2.com
  CustomLog /www/logs/domain2.com combined
  ErrorLog /www/logs/domain2_error_log
   SetEnvIf User-Agent .*MSIE.* \
   nokeepalive ssl-unclean-shutdown \
   downgrade-1.0 force-response-1.0
   Directory /home/hosting/domain2.com/public_html/cgi-bin
   SSLOptions +StdEnvVars
   /Directory
   Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$
   SSLOptions +StdEnvVars
   /Files
   /VirtualHost
  
   __
   OpenSSL Project http://www.openssl.org
   User Support Mailing List[EMAIL PROTECTED]
   Automated List Manager   [EMAIL PROTECTED]
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing List[EMAIL PROTECTED]
  Automated List Manager   [EMAIL PROTECTED]
 

 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List

Re: problems with private keys... please help! urgent!


Same problem regarding unable to load key when doing this.  I know my pass
is correct 

Any other ideas?

Thanks for the help.

Is this error the reason why apache wont startssl?

-Mike

- Original Message -
From: Saju Paul [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 11:33 AM
Subject: Re: problems with private keys... please help! urgent!


 If the private key has been created with a password (usually is); then the
 same password needs to be supplied using the -passin argument.

 for ex:

  openssl rsa -noout -modulus -in server.key -passin pass:mypasswd |
openssl
 md5

 If the -passin argument is not used; it could be picking up a default
passin
 password from the openssl.cnf file.  Check the openssl.cnf for a default
 passin and make sure it matches the password you used to create the
private
 key.

 ---

 - Original Message -
 From: Mike K [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Tuesday, December 18, 2001 2:32 PM
 Subject: Re: problems with private keys... please help! urgent!


  It never asked me for a password
 
 
  - Original Message -
  From: Saju Paul [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Tuesday, December 18, 2001 10:23 AM
  Subject: Re: problems with private keys... please help! urgent!
 
 
For domain1, I tried to check the md5's of each of the key and
crt...
   
The md5 for the crt shows up fine.  When I try to get the md5 for
the
   .key,
I get this error:
   
# openssl rsa -noout -modulus -in server.key | openssl md5
read RSA key
unable to load key
d41d8cd98f00b204e9800998ecf8427e
  
   I get this error when I use an incorrect password...  check your
  password..
  
  
   - Original Message -
   From: Mike K [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Tuesday, December 18, 2001 1:31 PM
   Subject: problems with private keys... please help! urgent!
  
  
Hi all...
   
Before upgrading, one of my virtual domains (ip based) had SSL setup
 and
   was
working fine.  The second domain did not work.  The error was odd
   according
to people in IRC support channels, and I was told to upgrade to all
of
  the
latest versions.
   
I did that.
   
Now when I try to run startssl, I get errors on BOTH virtual
domains.
   
The domain that had once worked produces these errors:
   
[Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init:
 (.com:443)
Unable to configure RSA server private key (OpenSSL library error
  follows)
[Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509
   certificate
routines:X509_check_private_key:key values mismatch
   
The domain2, that I couldn't get to work before the upgrade,
produces
   these
errors:
   
[Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not
 found
(OpenSSL library error follows)
[Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1
 encoding
routines:ASN1_get_object:header too long
   
-
   
For domain1, I tried to check the md5's of each of the key and
crt...
   
The md5 for the crt shows up fine.  When I try to get the md5 for
the
   .key,
I get this error:
   
# openssl rsa -noout -modulus -in server.key | openssl md5
read RSA key
unable to load key
d41d8cd98f00b204e9800998ecf8427e
   
   
I get this same unable to load key error for any key I try to get
 the
   md5
checksum for
   
   
Any help in getting both of my virtual domain's (the two that need
 SSL)
working is greatly appreciated.
   
Thanks.
   
-Mike
   
   
PS:  Here is the Virtual Server entry from httpd.conf for domain2...
   domain1
has the exact same (but updated ip and paths)
   
   
NamevirtualHost xxx.xxx.xxx.44:443
VirtualHost xxx.xxx.xxx.44:443
SSLEngine On
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key
SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt
DocumentRoot /home/hosting/domain2.com/public_html
ServerName domain2.com
   CustomLog /www/logs/domain2.com combined
   ErrorLog /www/logs/domain2_error_log
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
Directory /home/hosting/domain2.com/public_html/cgi-bin
SSLOptions +StdEnvVars
/Directory
Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$
SSLOptions +StdEnvVars
/Files
/VirtualHost
   
   
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED

RE: problems with private keys... please help! urgent!

2001-12-18 Thread Andrew T. Finnell


Mike,

Are the CA of these files self-signed? If they are why
not trying regenerating new public/private key pairs. It looks to me
like the files you have are corrupted. The error
routines:X509_check_private_key:key values mismatch means that the
certificate you are loading does not belong to the private key you have
specified. 
If the CA is not self-signed (i.e. from Verisign or Thawte )
then I would still create some temporary self-signed key pairs and try
using them to test your overall system setup. If the ones you just
generated work then I would say your old files got corrupted. If they
don't then I would say that something is wrong with your install/compile
of openssl. ( Or something else. :) 

- Andrew

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Mike K
Sent: Tuesday, December 18, 2001 3:34 PM
To: [EMAIL PROTECTED]
Subject: Re: problems with private keys... please help! urgent!


Same problem regarding unable to load key when doing this.  I know my
pass is correct 

Any other ideas?

Thanks for the help.

Is this error the reason why apache wont startssl?

-Mike

- Original Message -
From: Saju Paul [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 11:33 AM
Subject: Re: problems with private keys... please help! urgent!


 If the private key has been created with a password (usually is); then

 the same password needs to be supplied using the -passin argument.

 for ex:

  openssl rsa -noout -modulus -in server.key -passin pass:mypasswd |
openssl
 md5

 If the -passin argument is not used; it could be picking up a default
passin
 password from the openssl.cnf file.  Check the openssl.cnf for a 
 default passin and make sure it matches the password you used to 
 create the
private
 key.

 ---

 - Original Message -
 From: Mike K [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Tuesday, December 18, 2001 2:32 PM
 Subject: Re: problems with private keys... please help! urgent!


  It never asked me for a password
 
 
  - Original Message -
  From: Saju Paul [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Tuesday, December 18, 2001 10:23 AM
  Subject: Re: problems with private keys... please help! urgent!
 
 
For domain1, I tried to check the md5's of each of the key and
crt...
   
The md5 for the crt shows up fine.  When I try to get the md5 
for
the
   .key,
I get this error:
   
# openssl rsa -noout -modulus -in server.key | openssl md5 read 
RSA key unable to load key
d41d8cd98f00b204e9800998ecf8427e
  
   I get this error when I use an incorrect password...  check your
  password..
  
  
   - Original Message -
   From: Mike K [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Tuesday, December 18, 2001 1:31 PM
   Subject: problems with private keys... please help! urgent!
  
  
Hi all...
   
Before upgrading, one of my virtual domains (ip based) had SSL 
setup
 and
   was
working fine.  The second domain did not work.  The error was 
odd
   according
to people in IRC support channels, and I was told to upgrade to 
all
of
  the
latest versions.
   
I did that.
   
Now when I try to run startssl, I get errors on BOTH virtual
domains.
   
The domain that had once worked produces these errors:
   
[Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init:
 (.com:443)
Unable to configure RSA server private key (OpenSSL library 
error
  follows)
[Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509
   certificate
routines:X509_check_private_key:key values mismatch
   
The domain2, that I couldn't get to work before the upgrade,
produces
   these
errors:
   
[Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key 
not
 found
(OpenSSL library error follows)
[Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1
 encoding
routines:ASN1_get_object:header too long
   
-
   
For domain1, I tried to check the md5's of each of the key and
crt...
   
The md5 for the crt shows up fine.  When I try to get the md5 
for
the
   .key,
I get this error:
   
# openssl rsa -noout -modulus -in server.key | openssl md5 read 
RSA key unable to load key
d41d8cd98f00b204e9800998ecf8427e
   
   
I get this same unable to load key error for any key I try to 
get
 the
   md5
checksum for
   
   
Any help in getting both of my virtual domain's (the two that 
need
 SSL)
working is greatly appreciated.
   
Thanks.
   
-Mike
   
   
PS:  Here is the Virtual Server entry from httpd.conf for 
domain2...
   domain1
has the exact same (but updated ip and paths)
   
   
NamevirtualHost xxx.xxx.xxx.44:443
VirtualHost xxx.xxx.xxx.44:443
SSLEngine On
SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM

Re: problems with private keys... please help! urgent!


# openssl genrsa -des3 -out test.key 1024
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
...++
...++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
# openssl rsa -noout -text -in test.key 
read RSA key
unable to load key
# openssl rsa -noout -text -passin pass:test -in test.key 
read RSA key
unable to load key
# openssl rsa -noout -text -in test.key -passin pass:test
read RSA key
unable to load key
#


Any ideas?

-Mike

- Original Message - 
From: Andrew T. Finnell [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 12:28 PM
Subject: RE: problems with private keys... please help! urgent!


 Mike,
 
 Are the CA of these files self-signed? If they are why
 not trying regenerating new public/private key pairs. It looks to me
 like the files you have are corrupted. The error
 routines:X509_check_private_key:key values mismatch means that the
 certificate you are loading does not belong to the private key you have
 specified. 
 If the CA is not self-signed (i.e. from Verisign or Thawte )
 then I would still create some temporary self-signed key pairs and try
 using them to test your overall system setup. If the ones you just
 generated work then I would say your old files got corrupted. If they
 don't then I would say that something is wrong with your install/compile
 of openssl. ( Or something else. :) 
 
 - Andrew
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of Mike K
 Sent: Tuesday, December 18, 2001 3:34 PM
 To: [EMAIL PROTECTED]
 Subject: Re: problems with private keys... please help! urgent!
 
 
 Same problem regarding unable to load key when doing this.  I know my
 pass is correct 
 
 Any other ideas?
 
 Thanks for the help.
 
 Is this error the reason why apache wont startssl?
 
 -Mike
 
 - Original Message -
 From: Saju Paul [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Tuesday, December 18, 2001 11:33 AM
 Subject: Re: problems with private keys... please help! urgent!
 
 
  If the private key has been created with a password (usually is); then
 
  the same password needs to be supplied using the -passin argument.
 
  for ex:
 
   openssl rsa -noout -modulus -in server.key -passin pass:mypasswd |
 openssl
  md5
 
  If the -passin argument is not used; it could be picking up a default
 passin
  password from the openssl.cnf file.  Check the openssl.cnf for a 
  default passin and make sure it matches the password you used to 
  create the
 private
  key.
 
  ---
 
  - Original Message -
  From: Mike K [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Tuesday, December 18, 2001 2:32 PM
  Subject: Re: problems with private keys... please help! urgent!
 
 
   It never asked me for a password
  
  
   - Original Message -
   From: Saju Paul [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Tuesday, December 18, 2001 10:23 AM
   Subject: Re: problems with private keys... please help! urgent!
  
  
 For domain1, I tried to check the md5's of each of the key and
 crt...

 The md5 for the crt shows up fine.  When I try to get the md5 
 for
 the
.key,
 I get this error:

 # openssl rsa -noout -modulus -in server.key | openssl md5 read 
 RSA key unable to load key
 d41d8cd98f00b204e9800998ecf8427e
   
I get this error when I use an incorrect password...  check your
   password..
   
   
- Original Message -
From: Mike K [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 1:31 PM
Subject: problems with private keys... please help! urgent!
   
   
 Hi all...

 Before upgrading, one of my virtual domains (ip based) had SSL 
 setup
  and
was
 working fine.  The second domain did not work.  The error was 
 odd
according
 to people in IRC support channels, and I was told to upgrade to 
 all
 of
   the
 latest versions.

 I did that.

 Now when I try to run startssl, I get errors on BOTH virtual
 domains.

 The domain that had once worked produces these errors:

 [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init:
  (.com:443)
 Unable to configure RSA server private key (OpenSSL library 
 error
   follows)
 [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509
certificate
 routines:X509_check_private_key:key values mismatch

 The domain2, that I couldn't get to work before the upgrade,
 produces
these
 errors:

 [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key 
 not
  found
 (OpenSSL library error follows)
 [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1
  encoding
 routines:ASN1_get_object:header too long

 -

 For domain1, I tried to check

Re: problems with private keys... please help! urgent!

2001-12-18 Thread Lutz Jaenicke


On Tue, Dec 18, 2001 at 01:28:00PM -0800, Mike K wrote:
 # openssl genrsa -des3 -out test.key 1024
 warning, not much extra random data, consider using the -rand option
 Generating RSA private key, 1024 bit long modulus
 ...++
 ...++
 e is 65537 (0x10001)
 Enter PEM pass phrase:
 Verifying password - Enter PEM pass phrase:

Ok.

 # openssl rsa -noout -text -in test.key 
 read RSA key
At this point, you should be asked for the pass phrase!
 unable to load key

I cannot reproduce this behaviour.
What is your platform etc?

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: problems with private keys... please help! urgent!


FreeBSD3.4-REL with Openssl 0.9.6b

-Mike

- Original Message - 
From: Lutz Jaenicke [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 1:34 PM
Subject: Re: problems with private keys... please help! urgent!


 On Tue, Dec 18, 2001 at 01:28:00PM -0800, Mike K wrote:
  # openssl genrsa -des3 -out test.key 1024
  warning, not much extra random data, consider using the -rand option
  Generating RSA private key, 1024 bit long modulus
  ...++
  ...++
  e is 65537 (0x10001)
  Enter PEM pass phrase:
  Verifying password - Enter PEM pass phrase:
 
 Ok.
 
  # openssl rsa -noout -text -in test.key 
  read RSA key
 At this point, you should be asked for the pass phrase!
  unable to load key
 
 I cannot reproduce this behaviour.
 What is your platform etc?
 
 Best regards,
 Lutz
 -- 
 Lutz Jaenicke [EMAIL PROTECTED]
 BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
 Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
 Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Please help me, fix the problem

2001-12-15 Thread Alfred Kwak


Hey. I can't enter the page: www.cardkingdom.com, because I come to a site 
called SSL/TLS-aware Apache webserver or something.
I hope you can fix this problem, so I can see the page I want to visit.
Thannk you.

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please help

2001-11-30 Thread Haikel MEJRI


Salam,

Signing a request has no relation with signing requests.
To do so try what follows:

1/ Request Generation:
openssl req -new -out cert.req

2/ request Signature:
openssl req -ca -config path/openssl.cnf -in cert.req -out cert.pem

path: path to openssl.cnf configuration file (may be 
/usr/share/ssl/openssl.cnf).
Verify that directories and your CA and key files in the openssl.cnf file are 
correct.

bye

Haikel MEJRI
Security Enginner
National Digital Certification Agency
TUNISIA


On Friday 30 November 2001 01:44, you wrote:
 Dear All,
 I am finding problems while generating a certificate with openssl. When I
 want to generate a signed certificate using this command:

 openssl x509 -req -CA /usr/local/ca/cacert.crt -CAkey
 /usr/local/ca/private/cakey.pem -days 365 -in /tmp/req.pem -out
 /tmp/signed_req.pem -CAcreateserial

 --I get this problem
 27182:error:0906D06C:PEM routines:PEM_read_bio:no start
 line:pem_lib.c:662:Expecting: TRUSTED CERTIFICATE

 Please can anybody help me solve this problem

 Thanking you in advance   Hafida


 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Please, help me!

2001-11-23 Thread




Dear Admin

I have a long question.

I got an error message during update openssl. The error message is like this
-
root@proxy imsi]# rpm -Uvh openssl-0.9.6-9.i386.rpm 
openssl ## 
/sbin/ldconfig: File /lib/libext-2.so.7 is too small, not checked. 
/sbin/ldconfig: File /lib/libext-2.so.7 is too small, not checked. 
/sbin/ldconfig: Input file /usr/lib/libcrypto.so not found. 

/sbin/ldconfig: Input file /usr/lib/libssl.so not found. 
-

Would you give me a solution of this problem?
Because of this problem, there's an error in executing httpd.

The error message  is below
-- 
Nov 19 16:23:57 proxy httpd: Syntax error on line 265 
of /etc/httpd/conf/httpd.conf: 
Nov 19 16:23:57 proxy httpd: Cannot load /etc/httpd/modules/libssl.so into 
server: symbol __sysconf, 
version GLIBC_2.2 not defined in file libc.so.6 with link time reference 
Nov 19 16:23:57 proxy httpd: httpd startup failed 
- 

The line 265 on /etc/httpd/conf/httpd.conf is below
- 
LoadModule ssl_module modules/libssl.so 
- 

My OS is redhat 7.0. 
Please, give me an answer. Thanks.









 Your life on the net

Please help. Apache openssl problems.

2001-10-17 Thread Scott Statland

Title: Message



No matter what I do, 
I can't seem to connect via https.
I keep getting the 
error:
[Wed Oct 17 07:02:10 
2001] [error] [client 66.65.3.10] Invalid method in requestt From what 
I have read, this means that I am trying to talk https on a port that only 
speaks http.

I have tried 
everything that I can think of.

I have commented out 
the virtual servers.
That did 
nothing.
I put them back in, 
then I read something about putting an sslengine on directive in the virtual 
hosts, so Idid that. 
Same 
thing.
This is apache 
1.3.22 on a sparc/Solaris 7 box.
Here's what's in the 
conf.

Main 
section:
# Support for Random 
Seed Generation#SSLRandomSeed startup builtinSSLRandomSeed connect 
builtin

## Port: The 
port to which the standalone server listens. For# ports  1023, you will 
need httpd to be run as root initially.#Port 80

 SSL 
Support When we also provide SSL we have to listen to the 
## standard HTTP port (see above) and to the HTTPS 
port##IfDefine SSLListen 80Listen 
443/IfDefine#

VirtualHost 
66.65.3.10:80 ScriptAlias /cgi-bin/ 
"/export/apache/877baskets/cgi-bin/" 
 Directory 
"/export/apache/877baskets/cgi-bin/" AllowOverride 
All Options None Order 
allow,deny Allow from all 
/Directory  ServerAdmin [EMAIL PROTECTED] 
DocumentRoot /export/apache/877baskets ServerName www.877baskets.com 
ErrorLog logs/877baskets.com-error_log CustomLog 
logs/87baskets.com-access_log common TransferLog 
logs/877baskets.com-access_log /VirtualHost

VirtualHost 
66.65.3.10:443 ScriptAlias /cgi-bin/ 
"/export/apache/877baskets/cgi-bin/" 
 Directory 
"/export/apache/877baskets/cgi-bin/" AllowOverride 
All Options None Order 
allow,deny Allow from all 
/Directory  ServerAdmin [EMAIL PROTECTED] 
DocumentRoot /export/apache/877baskets ServerName www.877baskets.com 
ErrorLog logs/877baskets.com-error_log CustomLog 
logs/87baskets.com-access_log common TransferLog 
logs/877baskets.com-access_log  SSLEngine 
On/VirtualHost
Any 
ideas?

Thanks in 
advance

Scott

Newbie-Please Help!

2001-10-15 Thread ComCity


I apolozige I'm a newbie.  This is my first request and I've gone fairly far
on reading the documentation I have found.  I have totally gotten Apache up
on mod_SSL and am trying to get openssl to work.  It worksI only have
one stumbing block concerning the -rand functionality.

the details:

Linux 2.2.16-22 #1 Tue Aug 22 16:16:55 EDT 2000 i586 unknown
Apache/1.3.12  10312100
OpenSSL 0.9.6a 5 Apr 2001

I'm having trouble with the -rand command...I'm missing a critical piece of
information which I have not been able to figure out on my own.  Whenever I
use the -rand modifier, my terminal just sits there and hangs - I guess on
the random number generator.  I type the following.

openssl genrsa -rand /dev/urandom -out www.domain.com.key 1024
it hangs...
This command information was gotten from Thawte.

If I type this:
openssl genrsa -out www.domain.com.key 1024
everything works but it complains about the random number generator not
being properly seeded.

Thawte told me that I could create an encrypted keyHowever, I plain on
this being a virtual servers with multiple SSL's and I don't want to keep
track of every username/password and then have to remember them just to boot
up which is what I was warned would happen from Thawte.

Anybody know what I'm doing wrong?

URANDOM:
I log in as root, but the files in /dev are hidden from me.  There seems to
be a file called urandom there though.  Sending the command as
-rand /dev/urandom  is what is specified by thawte.  Is there a different
way you would recommend seeding the crypto library.  I apologize but I'm
definetly a newbie at this.

Thank You very much.
Mike b.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Please help me!

2001-09-27 Thread Valery


Hello Ryan!

Thank you very much.

I have added the line in the Certificate Extensions section of my
openssl.cnf file:

crlDistributionPoints=URI:http://cert.vrn.ru/crl/main.crl

and then I made some certificates with this extensions.
Such certificates have the following value of CRL Distribution Points:
[1]CRL Distribution Point

  Distribution Point Name:

  Full Name:

  URL=http://cert.vrn.ru/crl/main.crl

I suppose it's ok at this step.
But the next step... It's not clear for me.

MS Outlook Express tries to check if the certificate has been revoked or
not, but it says The digital ID has not been revoked or revocation
information for this certificate could not be determined.

 The CRL has been made with the following command:
openssl ca -gencrl -out crl.pem -config openssl.cnf passin pass:

Then I copied crl.pem file into appropriate directory of my web server and
rename it(file) to main.crl

I made certificate, then revoked it for testing, and then made a CRL as I
wrote above.

Have I made a mistake? Why MS Outlook Express does not say me that the
certificate has been revoked?

Yours sincerely,
 Valery
 E-mail: [EMAIL PROTECTED]





- Original Message -
From: Ryan Hurst [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 26, 2001 10:15 PM
Subject: RE: Please help me!


 Valery --

 This field in a certificate points to where the issuer will make its
 certificate revocation list available. If you are using OpenSSL or OpenCA
 (based off of OpenSSL) to issue your certificates you will want to
probably
 put up a web server or LDAP capable directory where you can make your
 certificate revocation list available; refer to the absolute URL for this
 list in this extension. You may also want to include an AIA
 (authorityInformationAccess) extension as well, this can point to a OCSP
 responder capable of responding with individual certificate statuses.

 The Microsoft platform implements its revocation handling in a library
 called cryptnet.dll; this supports all the transports that WinInet
supports
 (http/s,ftp,ldap/s,file). When the CryptoAPI applications that use
 revocation checking (Outlook can be configured to do this and in Office XP
 it is the default behavior), cryptnet will attempt to retrieve the CRL
 specified in this extension and use it for revocation checking. There are
 also alternate revocation providers available windows that implement
 additional protocols (OCSP, SCVP, CRL, CRLdp); ValiCert produces one such
 provider.

 I hope this helps.

 Ryan

 -Original Message-
 From: Valery [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 26, 2001 1:12 AM
 To: [EMAIL PROTECTED]
 Subject: Please help me!

 Hello!
 I used the certificate extensions crlDistributionPoints in my
openssl.cnf
 file.
 And I faced the following problem.

 What should I indicate in thihs field (crlDistributionPoints)?

 I need that MS Outlook Express checks if the certificate has been revoked
or
 not when it is on-line? What do I need to do?

 Yours faithfully,
 Valery
 E-mail: [EMAIL PROTECTED]








__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Please help me!

2001-09-26 Thread Ryan Hurst


Valery --

This field in a certificate points to where the issuer will make its
certificate revocation list available. If you are using OpenSSL or OpenCA
(based off of OpenSSL) to issue your certificates you will want to probably
put up a web server or LDAP capable directory where you can make your
certificate revocation list available; refer to the absolute URL for this
list in this extension. You may also want to include an AIA
(authorityInformationAccess) extension as well, this can point to a OCSP
responder capable of responding with individual certificate statuses.

The Microsoft platform implements its revocation handling in a library
called cryptnet.dll; this supports all the transports that WinInet supports
(http/s,ftp,ldap/s,file). When the CryptoAPI applications that use
revocation checking (Outlook can be configured to do this and in Office XP
it is the default behavior), cryptnet will attempt to retrieve the CRL
specified in this extension and use it for revocation checking. There are
also alternate revocation providers available windows that implement
additional protocols (OCSP, SCVP, CRL, CRLdp); ValiCert produces one such
provider.

I hope this helps.

Ryan 

-Original Message-
From: Valery [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 26, 2001 1:12 AM
To: [EMAIL PROTECTED]
Subject: Please help me!

Hello!
I used the certificate extensions crlDistributionPoints in my openssl.cnf
file.
And I faced the following problem.

What should I indicate in thihs field (crlDistributionPoints)?

I need that MS Outlook Express checks if the certificate has been revoked or
not when it is on-line? What do I need to do?

Yours faithfully,
Valery
E-mail: [EMAIL PROTECTED]






__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Please Help: Crypto library with Visual C++


Dear All,


Thousand thanks for your help. I really appreciate that. Your help really
means a lot to me...

Now, the problem is about the VC setting,

I am not sure how to set the directory settings for the project

For example, I copied all the files from the directory crypto in the
openssl-x-x to another directory, and then rename it to openssl. I
include the header file of envelope evp/evp.h. But when I compile the
file, the compiler complains it couldn't find the file
openssl/opensslconf.h (which exists in the crypto directory).

I hope you could understand my problem. So... I am really confused on how
to set up the directory. I don't want to modify all the header files. Is
there alternative ways? Please help. Thousand thanks. Wish you all the best.



Best regards,

Jordan Cheun Ngen, Chong
INF-4067 Universiteit Twente
Postbus 217
7500 AE Enschede
The Netherlands

Distributed and Embedded Systems (DIES)

Office Phone: +31 53 4894655
Web site: http://www.cs.utwente.nl/~chong
Email Add.: [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

??: Please Help: Crypto library with Visual C++

2001-09-10 Thread YONG.YUE

Title: ??: Please Help: Crypto library with Visual C++

i think all necessary files for your application is as follows:

openssl-0.9.6a/out32dll/ : ssleay32.dll libeay32.dll
ssleay32.lib libeay32.rls

openssl-0.9.6a/inc32/openssl - this directory contains all head files needed

you can do this by two means
first : you copy the inc32/openssl to the vc include directory such as
D:\Program Files\Microsoft Visual Studio\VC98\INCLUDE\openssl ...
vc++ can find this head file automaticly.
this one seems much more easy ..haha

second ..you make a directory called include parallel to your project diectory..
copy openssl head files to this directory ..
then in your project setting: c++ /preprocessor /additonal include directories ... add : ..\include

then all ok ..
have a good time

Dear All,

Thousand thanks for your help. I really appreciate that. Your help really
means a lot to me...

Now, the problem is about the VC setting,

I am not sure how to set the directory settings for the project

For example, I copied all the files from the directory crypto in the
openssl-x-x to another directory, and then rename it to openssl. I
include the header file of envelope evp/evp.h. But when I compile the
file, the compiler complains it couldn't find the file
openssl/opensslconf.h (which exists in the crypto directory).

I hope you could understand my problem. So... I am really confused on how
to set up the directory. I don't want to modify all the header files. Is
there alternative ways? Please help. Thousand thanks. Wish you all the best.

Best regards,

Jordan Cheun Ngen, Chong
INF-4067 Universiteit Twente
Postbus 217
7500 AE Enschede
The Netherlands

Distributed and Embedded Systems (DIES)

Office Phone: +31 53 4894655
Web site: http://www.cs.utwente.nl/~chong
Email Add.: [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]

RE: Please Help: Crypto library with Visual C++

Title: ??: Please Help: Crypto library with Visual C++

thousand thanks for your help :D

it
helps a lot and it works fine now...

Now,
pls. one more thing,

I
tried to decode a Base64 encoded string into
the
string is (for example)
:KljL0/zpzt8Y/UtenpqyMPt3JjQTFV5uofM349JXCY1z2i08XKzTW7LlpgnPDLh48Trbq6b/TErJ3UwFvbo8TOf8l4Xnp9yI6RtTWJlVZzJ5+AnY7lKLThSq8fgpVqwnJGVjfIHev6AI9qKHT+8vhN9tTacdU6WkZ6oYiOTb0jE=

I am
not sure how

Do you
know where I could some example codes, or perhaps some references on this
stuff?
very
struggling indeed :)

Thanks
again for everything.

Best
regards,Jordan Cheun Ngen,
ChongINF-4067 Universiteit TwentePostbus 2177500 AE EnschedeThe
NetherlandsDistributed and Embedded Systems
(DIES)Office Phone: +31 53
4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.:
[EMAIL PROTECTED]

-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of YONG.YUESent: Monday, September 10, 2001 11:17
AMTo: '[EMAIL PROTECTED]'Subject: ??: Please
Help: Crypto library with Visual C++
i think all necessary files for your application is as
follows:
openssl-0.9.6a/out32dll/ : ssleay32.dll
libeay32.dll

ssleay32.lib
libeay32.rls
openssl-0.9.6a/inc32/openssl - this directory contains all
head files needed
you can do this by two means first :
you copy the inc32/openssl to the vc include directory such as
D:\Program Files\Microsoft Visual
Studio\VC98\INCLUDE\openssl ... vc++ can find this
head file automaticly. this one seems much more easy
..haha
second ..you make a directory called include parallel to your
project diectory.. copy openssl head files to this
directory .. then in your project setting: c++
/preprocessor /additonal include directories ... add : ..\include
then all ok .. have a good time

-ÔÊ¼ÓÊ¼þ- ·¢¼þÈË:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]´ú±í
Jordan C N Chong ·¢ËÍÊ±¼ä: 2001Äê9ÔÂ10ÈÕ 15:43
ÊÕ¼þÈË: openss-user Ö÷Ìâ: Please
Help: Crypto library with Visual C++
Dear All,
Thousand thanks for
your help. I really appreciate that. Your help really means a lot to me...
Now, the problem is
about the VC setting,
I am not sure how
to set the directory settings for the project
For example, I
copied all the files from the directory "crypto" in the "openssl-x-x" to another directory, and then rename it to "openssl".
I include the header file of envelope "evp/evp.h". But
when I compile the file, the compiler complains it
couldn't find the file "openssl/opensslconf.h" (which
exists in the "crypto" directory).
I hope you could
understand my problem. So... I am really confused on how to set up the directory. I don't want to modify all the header files.
Is there alternative ways? Please help. Thousand
thanks. Wish you all the best.
Best regards, Jordan Cheun Ngen, Chong INF-4067 Universiteit
Twente Postbus 217 7500 AE
Enschede The Netherlands
Distributed and Embedded Systems (DIES) Office Phone: +31 53 4894655 Web site: http://www.cs.utwente.nl/~chong Email Add.: [EMAIL PROTECTED]
__
OpenSSL
Project
http://www.openssl.org User Support
Mailing
List
[EMAIL PROTECTED] Automated List
Manager
[EMAIL PROTECTED]

??: Please Help: Crypto library with Visual C++

2001-09-10 Thread YONG.YUE

Title: ??: Please Help: Crypto library with Visual C++

u can
follow this link: http://www.openssl.org/docs/crypto/BIO_f_base64.html#

--: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] Jordan C N
Chong: 2001910 18:04:
[EMAIL PROTECTED]: RE: Please Help: Crypto library with
Visual C++
thousand thanks for your help :D

it
helps a lot and it works fine now...

Now,
pls. one more thing,

I am
not sure how

Do
you know where I could some example codes, or perhaps some references on this
stuff?
very
struggling indeed :)

Thanks again for everything.

Best
regards,Jordan Cheun Ngen,
ChongINF-4067 Universiteit TwentePostbus 2177500 AE
EnschedeThe NetherlandsDistributed and Embedded Systems
(DIES)Office Phone: +31 53
4894655Web site: http://www.cs.utwente.nl/~chongEmail
Add.:
[EMAIL PROTECTED]

-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
YONG.YUESent: Monday, September 10, 2001 11:17
AMTo: '[EMAIL PROTECTED]'Subject: ??: Please
Help: Crypto library with Visual C++
i think all necessary files for your application is as
follows:
openssl-0.9.6a/out32dll/ : ssleay32.dll
libeay32.dll

ssleay32.lib
libeay32.rls
openssl-0.9.6a/inc32/openssl - this directory contains all
head files needed
you can do this by two means first :
you copy the inc32/openssl to the vc include directory such as
D:\Program Files\Microsoft Visual
Studio\VC98\INCLUDE\openssl ... vc++ can find this
head file automaticly. this one seems much more easy
..haha
second ..you make a directory called include parallel to
your project diectory.. copy openssl head files to
this directory .. then in your project
setting: c++ /preprocessor /additonal include directories ... add :
..\include
then all ok .. have a good
time

-ÔÊ¼ÓÊ¼þ- ·¢¼þÈË:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]´ú±í
Jordan C N Chong ·¢ËÍÊ±¼ä: 2001Äê9ÔÂ10ÈÕ
15:43 ÊÕ¼þÈË: openss-user Ö÷Ìâ: Please Help: Crypto library with Visual C++
Dear All,
Thousand thanks
for your help. I really appreciate that. Your help really means a lot to me...
Now, the problem
is about the VC setting,
I am not sure how
to set the directory settings for the project
For example, I
copied all the files from the directory "crypto" in the "openssl-x-x" to another directory, and then rename it to "openssl".
I include the header file of envelope "evp/evp.h".
But when I compile the file, the compiler complains
it couldn't find the file "openssl/opensslconf.h"
(which exists in the "crypto" directory).
I hope you could
understand my problem. So... I am really confused on how to set up the directory. I don't want to modify all the header files.
Is there alternative ways? Please help. Thousand
thanks. Wish you all the best.
Best regards, Jordan Cheun Ngen, Chong INF-4067
Universiteit Twente Postbus 217 7500 AE Enschede The Netherlands
Distributed and Embedded Systems (DIES) Office Phone: +31 53 4894655 Web site: http://www.cs.utwente.nl/~chong
Email Add.: [EMAIL PROTECTED]
__
OpenSSL
Project
http://www.openssl.org User Support Mailing
List
[EMAIL PROTECTED] Automated List
Manager
[EMAIL PROTECTED]

RE: Please Help: Crypto library with Visual C++

Title: ??: Please Help: Crypto library with Visual C++

Dear
Yong Yue

I am
sorry to bother you again. The description is clear enough on the URL you gave
me.
However, I looked at the BIO explanation on http://www.columbia.edu/~ariel/ssleay/bio.html
I am
not sure how to read in some data from a file to the BIO
filter/sink/source

Is
there any example for this purpose?

I am
really really terribly sorry to bother you. Thanks for your help. Wish you all
the best.

-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of YONG.YUESent: Monday, September 10, 2001 12:19
PMTo: '[EMAIL PROTECTED]'Subject: ??: Please
Help: Crypto library with Visual C++
u can
follow this link: http://www.openssl.org/docs/crypto/BIO_f_base64.html#

-原始邮件-发件人: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]代表 Jordan C N
Chong发送时间: 2001年9月10日 18:04收件人:
[EMAIL PROTECTED]主题: RE: Please Help: Crypto library with
Visual C++
thousand thanks for your help
:D

it
helps a lot and it works fine now...

Now, pls. one more thing,

I
tried to decode a Base64 encoded string into
the string is (for example)
:KljL0/zpzt8Y/UtenpqyMPt3JjQTFV5uofM349JXCY1z2i08XKzTW7LlpgnPDLh48Trbq6b/TErJ3UwFvbo8TOf8l4Xnp9yI6RtTWJlVZzJ5+AnY7lKLThSq8fgpVqwnJGVjfIHev6AI9qKHT+8vhN9tTacdU6WkZ6oYiOTb0jE=

I
am not sure how

Do
you know where I could some example codes, or perhaps some references on
this stuff?
very struggling indeed :)

Thanks again for everything.

Best
regards,Jordan Cheun
Ngen, ChongINF-4067 Universiteit TwentePostbus 2177500 AE
EnschedeThe NetherlandsDistributed and Embedded Systems
(DIES)Office Phone: +31
53 4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.:
[EMAIL PROTECTED]

-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
YONG.YUESent: Monday, September 10, 2001 11:17
AMTo: '[EMAIL PROTECTED]'Subject: ??: Please
Help: Crypto library with Visual C++
i think all necessary files for your application is as
follows:
openssl-0.9.6a/out32dll/ : ssleay32.dll
libeay32.dll

ssleay32.lib
libeay32.rls
openssl-0.9.6a/inc32/openssl - this directory contains all
head files needed
you can do this by two means first
: you copy the inc32/openssl to the vc include directory such as
D:\Program Files\Microsoft Visual
Studio\VC98\INCLUDE\openssl ... vc++ can find this
head file automaticly. this one seems much more
easy ..haha
second ..you make a directory called include parallel to
your project diectory.. copy openssl head files to
this directory .. then in your project
setting: c++ /preprocessor /additonal include directories ... add :
..\include
then all ok .. have a good
time

-ÔÊ¼ÓÊ¼þ- ·¢¼þÈË:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]´ú±í
Jordan C N Chong ·¢ËÍÊ±¼ä: 2001Äê9ÔÂ10ÈÕ
15:43 ÊÕ¼þÈË: openss-user Ö÷Ìâ: Please Help: Crypto library with Visual C++
Dear All,
Thousand thanks
for your help. I really appreciate that. Your help really means a lot to me...
Now, the
problem is about the VC setting,
I am not sure
how to set the directory settings for the project
For example, I
copied all the files from the directory "crypto" in the "openssl-x-x" to another directory, and then rename it to
"openssl". I include the header file of envelope
"evp/evp.h". But when I compile the file, the
compiler complains it couldn't find the file "openssl/opensslconf.h" (which exists in the "crypto"
directory).
I hope you
could understand my problem. So... I am really confused on how
to set up the directory. I don't want to modify all the
header files. Is there alternative ways? Please
help. Thousand thanks. Wish you all the best.
Best regards, Jordan Cheun Ngen, Chong INF-4067
Universiteit Twente Postbus 217 7500 AE Enschede The Netherlands

Distributed and Embedded Systems (DIES)

: Please Help: Crypto library with Visual C++

2001-09-10 Thread

Title: ??: Please Help: Crypto library with Visual C++



oh 
nothing do not be nervous
i think 
if you want to read data from a file 
first you 
must construct a 

BIO * mbio = BIO_new_file(filename , "rb") object 

then build another BIO* b64 =BIO_new(BIO_f_base64()); 
then mbio = BIO_push(b64, 
mbio); 

all ok ...
read data from 

while((inlen = BIO_read(mbio, 
inbuf, strlen(message)))  0)
{
do as you 
wish
}// remember free all bio resource BIO_free_all(bio);
can this solve your problem?

RE: Please Help: BIO!!

Title: ??: Please Help: Crypto library with Visual C++



Hi,

Thanks 
for your reply. I have tried, still the memory leak problem happens 
:)
and 
the whole application crashes

my 
code is like this:

BIO *bio, *b64;BIO 
*bio_out;char inbuf[128];int 
inlen;b64 = BIO_new(BIO_f_base64());bio = 
BIO_new_file("content.key", "rb"); bio_out = BIO_new_fp(stdout, 
BIO_NOCLOSE);bio = BIO_push(b64, bio);while ((inlen = 
BIO_read(bio, inbuf, 128))  0) {BIO_write(bio_out, inbuf, 
inlen);}

BIO_free_all(bio);

what I 
wish to do is, read the data from the file content.key 
and 
then decode the data 
and 
then convert the decoded data in to a char * (or perhaps to another new 
file)
but 
here what i do is just print out the decoded data :)

i am 
sorry to bother you that much.

pls 
forgive
and 
pls help if you have the time :D

thousand thanks. Wish you all the 
best.

Best 
regards,Jordan Cheun Ngen, 
ChongINF-4067 Universiteit TwentePostbus 2177500 AE EnschedeThe 
NetherlandsDistributed and Embedded Systems 
(DIES)Office Phone: +31 53 
4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.: 
[EMAIL PROTECTED]

  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On 
  Behalf Of ??Sent: Monday, September 10, 2001 1:24 
  PMTo: '[EMAIL PROTECTED]'Subject: ??: Please 
  Help: Crypto library with Visual C++
  oh 
  nothing do not be nervous
  i think 
  if you want to read data from a file 
  first 
  you must construct a 
  
  BIO * mbio = BIO_new_file(filename , "rb") object 
  
  then build another BIO* b64 =BIO_new(BIO_f_base64()); 
  then mbio = BIO_push(b64, 
  mbio); 
  
  all ok 
  ...
  read data from 
  
  while((inlen = 
  BIO_read(mbio, inbuf, strlen(message)))  0)
  {
  do as you 
  wish
  }// remember free all bio resource BIO_free_all(bio);
can this solve your problem?

: Please Help: BIO!!

2001-09-10 Thread

Title: ??: Please Help: Crypto library with Visual C++




oh 
when application crash .. it normally beacause link mfc lib 
problem
you 
may try use mfc in shared dll or mfc instatic dll
it 
may ok..
as 
for memory leak ..

begin ..
OpenSSL_add_all_algorithms();SSL_load_error_strings();

your code...
End:

ERR_free_strings();EVP_cleanup();

see 
u later...:)

  -原始邮件-发件人: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]代表 Jordan C N 
  Chong发送时间: 2001年9月10日 19:43收件人: 
  [EMAIL PROTECTED]主题: RE: Please Help: 
  BIO!!
  Hi,
  
  Thanks for your reply. I have tried, still the memory 
  leak problem happens :)
  and 
  the whole application crashes
  
  my 
  code is like this:
  
  BIO *bio, *b64;BIO 
  *bio_out;char inbuf[128];int 
  inlen;b64 = BIO_new(BIO_f_base64());bio = 
  BIO_new_file("content.key", "rb"); bio_out = BIO_new_fp(stdout, 
  BIO_NOCLOSE);bio = BIO_push(b64, bio);while ((inlen 
  = BIO_read(bio, inbuf, 128))  0) {BIO_write(bio_out, 
  inbuf, inlen);}
  
  BIO_free_all(bio);
  
  what 
  I wish to do is, read the data from the file content.key 
  and 
  then decode the data 
  and 
  then convert the decoded data in to a char * (or perhaps to another new 
  file)
  but 
  here what i do is just print out the decoded data :)
  
  i am 
  sorry to bother you that much.
  
  pls 
  forgive
  and 
  pls help if you have the time :D
  
  thousand thanks. Wish you all the 
  best.
  
  Best 
  regards,Jordan Cheun Ngen, 
  ChongINF-4067 Universiteit TwentePostbus 2177500 AE 
  EnschedeThe NetherlandsDistributed and Embedded Systems 
  (DIES)Office Phone: +31 53 
  4894655Web site: http://www.cs.utwente.nl/~chongEmail 
  Add.: 
  [EMAIL PROTECTED]
  
-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]]On Behalf Of 
??Sent: Monday, September 10, 2001 1:24 PMTo: 
'[EMAIL PROTECTED]'Subject: ??: Please Help: Crypto 
library with Visual C++
oh 
nothing do not be nervous
i 
think if you want to read data from a file 
first 
you must construct a 

BIO * mbio = BIO_new_file(filename , "rb") object 

then build another BIO* b64 =BIO_new(BIO_f_base64()); 
then mbio = BIO_push(b64, 
mbio); 

all ok 
...
read data from 

while((inlen = 
BIO_read(mbio, inbuf, strlen(message)))  0)
{
do as you 
wish
}// remember free all bio resource BIO_free_all(bio);
can this solve your problem?

RE: Please Help: BIO!!