Re: oid_section questions please help!
On Tue, Nov 09, 2004, ray v wrote: Hi All! I created an OID section but I'm a little confused with how to use it. My example... oid_section = my_oids [my_oids] value1 = 1.3.6.1.4.1..1 value2 = 1.3.6.1.4.1..2 value3 = 1.3.6.1.4.1..3 If I specify the -config sample.cnf when creating the key, request and certificate this all works fine. When I recieved and outside cert request it fails with Error Loading extension section default 10765:error:2207C082:X509 V3 routines:DO_EXT_CONF:unknown extension name:v3_conf.c:123: 10765:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:92:name=oid_section Being new to this I'm not sure if I'm asking the right question. I need to add extensions to certificate during the certificate gen and signing process. The oids_section is in the global or default am I missing something here? Is there something I'm supposed to put in the [req] section regarding the new oids? All help will be appreciate... I'm loosing my hair faster then a cat in October! thanks! Well that looks like you are placing oid_section in the wrong place. The preferred way to add OIDs is via the autoconfig OID module which then makes the OID names visible to all compliant applications. Look in the config(5) manual page also at: http://www.openssl.org/docs/apps/config.html However you can't automatically add an extension just because OpenSSL has a name for an OID. The standard extensions have support code which can be used to translate parts of the configuration file into the appropriate extension syntax. You can manually include the extension using the DER: syntax or the more flexible ASN1: syntax in OpenSSL 0.9.8-dev. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: oid_section questions please help!
Thanks Dr. Henson The link you sent was the one I used to base my current configuration on. Its enivitable but I have a few more questions below. --- Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Tue, Nov 09, 2004, ray v wrote: Hi All! I created an OID section but I'm a little confused with how to use it. My example... oid_section = my_oids [my_oids] value1 = 1.3.6.1.4.1..1 value2 = 1.3.6.1.4.1..2 value3 = 1.3.6.1.4.1..3 If I specify the -config sample.cnf when creating the key, request and certificate this all works fine. When I recieved and outside cert request it fails with Error Loading extension section default 10765:error:2207C082:X509 V3 routines:DO_EXT_CONF:unknown extension name:v3_conf.c:123: 10765:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:92:name=oid_section Being new to this I'm not sure if I'm asking the right question. I need to add extensions to certificate during the certificate gen and signing process. The oids_section is in the global or default am I missing something here? Is there something I'm supposed to put in the [req] section regarding the new oids? All help will be appreciate... I'm loosing my hair faster then a cat in October! thanks! Well that looks like you are placing oid_section in the wrong place. The preferred way to add OIDs is via the autoconfig OID module which then makes the OID names visible to all compliant applications. Ok this might be a sad indicator about my skill regarding this matter. Autoconfig is? Basically all I want to do is use the OID assigned to my company to include extra data in the example below. Quite honestly if the VAL1 were seen by other applications as just the OID = value thats perfectly ok with me. O=mycompany OU=mydepartment CN=myuser VAL1=something Val2=something else Val3=some number Can I do this with out patching the openssl code and compiling special versions for each platform I have? Look in the config(5) manual page also at: http://www.openssl.org/docs/apps/config.html However you can't automatically add an extension just because OpenSSL has a name for an OID. The standard extensions have support code which can be used to translate parts of the configuration file into the appropriate extension syntax. Can you translate this into something a lay person like myself can understand? You can manually include the extension using the DER: syntax or the more flexible ASN1: syntax in OpenSSL 0.9.8-dev. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: oid_section questions please help!
On Tue, Nov 09, 2004, ray v wrote: Thanks Dr. Henson Ok this might be a sad indicator about my skill regarding this matter. Autoconfig is? Its a mechanism where compliant OpenSSL applications can load various configuration related options from a text file. Currently this includes new OIDs. This has only been documented fairly recently so not many applications currently support it. The openssl utility does though. Basically all I want to do is use the OID assigned to my company to include extra data in the example below. Quite honestly if the VAL1 were seen by other applications as just the OID = value thats perfectly ok with me. O=mycompany OU=mydepartment CN=myuser VAL1=something Val2=something else Val3=some number Can I do this with out patching the openssl code and compiling special versions for each platform I have? Ah now that's a different thing. That would be in the certificate subject name as opposed to an extension. Is there some specific reason you want your companies OIDs in there? There are a lot of standard OIDs available which might suit your purposes. Look in the config(5) manual page also at: http://www.openssl.org/docs/apps/config.html However you can't automatically add an extension just because OpenSSL has a name for an OID. The standard extensions have support code which can be used to translate parts of the configuration file into the appropriate extension syntax. Can you translate this into something a lay person like myself can understand? Well what I mean is that when a configuration file contains something like: basicConstraints=CA:TRUE, pathlength:7 it doesn't just put the string CA:TRUE, pathlength:7 in the certificate it converts this human readable string into a specifically encoded structure. In other words there's some code added to OpenSSL that translates that string into the form in the certificate. There's also some code that does the reverse operation: converts the form in the certificate into a human readable version. Other extensions have different translation code. As a result you can't just add a random OID as the extension type because OpenSSL doesn't know how to translate it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: oid_section questions please help!
That makes a great deal more sense! My company is interested in generating certificates that will only be used in house. We want to add four new fields that can be read by in house application. The purpose of doing this is mainly tracking. If I understand what you've said I can choose any OID and can equate it to a string, but openssl or other tools would need to understand what an OID database is, and my new OIDS would have to be added to that database. When the application reads the certificate it would take the OID and match it with a human readable string as assigned in the database. I guess visually what I would like to do is something like this. CN=me/V1=User/V2=sub1/V3=444/O=mycompany/OU=mydept/L=mycity/ST=mystate/C=US What I have now is CN=me/1.3.6.1.4.1.999.1=User/1.3.6.1.4.1.999.2=sub1/1.3. 6.1.4.1.999.3=444/emailAddress=meATcomp.com, O=mydep Services, OU=dept, L=mycity, ST=California, C=US As mentioned before, the above is what I have. But I can only do this if I create the key, generate the request and make the certificate. When someone sends me a certificate request I get the error listed in this messages below. I think I understand the there isn't a way to map the OID shown above to a string, unless I modify/patch openssl. This is perfectly acceptable I can code for OIDs and not text. I think the the reason why I can get the new OIDs to work is that I'm using the -config my.cnf when making the request myself. This would indicate as you've already said, I've got my OIDs in the wrong place. The question where can my new OIDs be place and what makes putting my OIDs in a different place other then the CA_default section? Thanks again Dr Henson! --- Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Tue, Nov 09, 2004, ray v wrote: Thanks Dr. Henson Ok this might be a sad indicator about my skill regarding this matter. Autoconfig is? Its a mechanism where compliant OpenSSL applications can load various configuration related options from a text file. Currently this includes new OIDs. This has only been documented fairly recently so not many applications currently support it. The openssl utility does though. Basically all I want to do is use the OID assigned to my company to include extra data in the example below. Quite honestly if the VAL1 were seen by other applications as just the OID = value thats perfectly ok with me. O=mycompany OU=mydepartment CN=myuser VAL1=something Val2=something else Val3=some number Can I do this with out patching the openssl code and compiling special versions for each platform I have? Ah now that's a different thing. That would be in the certificate subject name as opposed to an extension. Is there some specific reason you want your companies OIDs in there? There are a lot of standard OIDs available which might suit your purposes. Look in the config(5) manual page also at: http://www.openssl.org/docs/apps/config.html However you can't automatically add an extension just because OpenSSL has a name for an OID. The standard extensions have support code which can be used to translate parts of the configuration file into the appropriate extension syntax. Can you translate this into something a lay person like myself can understand? Well what I mean is that when a configuration file contains something like: basicConstraints=CA:TRUE, pathlength:7 it doesn't just put the string CA:TRUE, pathlength:7 in the certificate it converts this human readable string into a specifically encoded structure. In other words there's some code added to OpenSSL that translates that string into the form in the certificate. There's also some code that does the reverse operation: converts the form in the certificate into a human readable version. Other extensions have different translation code. As a result you can't just add a random OID as the extension type because OpenSSL doesn't know how to translate it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please Help me --Who can tell me what the SSL structure looks like?
Hi, list members. I really want help very much. I asked this question about a week ago, but nobody answer my question. I think maybe it is just because that I had not make the question clear. What I want to know is where can I find the definition of "SSL". As it appears in many functions like -- "int ssl23_get_client_hello (SSL *s)", I cannot find where it is defined. I cannot understand how the openssl make handshake as many handshake functions use this structure. I find for the whole week on the net for the definition of this structure, but nothing get. Maybe I am not good at searching. Please, anybody here who know where can I find some useful information or who know the definition of the structure helps me on this question. Thanks for taking time to read my question. And I am eagerly waiting for the answer. CynthiaDo You Yahoo!? 150MP3 1G1000
Re: Please Help me --Who can tell me what the SSL structure looks like?
From what I can see, SSL is defined as typedef struct ssl_st SSL in ssl.h. If you search for struct ssl_st in ssl.h you will find the definition for that structure. Hope that helps! On Sat, 2004-10-02 at 19:00, lu lu wrote: Hi, list members. I really want help very much. I asked this question about a week ago, but nobody answer my question. I think maybe it is just because that I had not make the question clear. What I want to know is where can I find the definition of SSL. As it appears in many functions like -- int ssl23_get_client_hello (SSL *s), I cannot find where it is defined. I cannot understand how the openssl make handshake as many handshake functions use this structure. I find for the whole week on the net for the definition of this structure, but nothing get. Maybe I am not good at searching. Please, anybody here who know where can I find some useful information or who know the definition of the structure helps me on this question. Thanks for taking time to read my question. And I am eagerly waiting for the answer. Cynthia __ Do You Yahoo!? 150MP3 1G1000 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please Help Me Before I Jump ! ! !
http://www.openssl.org/support/ On Fri, 20 Aug 2004, Buddy wrote: Anyone out there, please help me! I am disabled and do not want to continue to see your conversations, although I appreciate the reason and the cause of the conversations. I just want off the list. Thanks, Buddy - Original Message - From: Buddy To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Cc: Main Identity Sent: Friday, August 20, 2004 3:35 PM Subject: Re: Mail System Error - Returned Mail Please reply... maybe you know something I do not Thanks, Buddy - Original Message - From: Buddy To: [EMAIL PROTECTED] Cc: Main Identity Sent: Friday, August 20, 2004 3:21 PM Subject: Re: Mail System Error - Returned Mail I sent you nothing. I have been trying to get off this email freeforall trash mail list for over a year. Any advice ? Buddy ps please reply, I really want off this list. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 20, 2004 12:02 PM Subject: Mail System Error - Returned Mail ALERT!!! This e-mail in its original form contained one or more attached files that were infected with a virus or worm, or contained another type of security threat. The following attachments were infected and have been repaired: No attachments are in this category. The following attachments were deleted due to an inability to clean them: 1. file.zip: [EMAIL PROTECTED] The Following attachments were not delivered due to inbound mail policy violations: No attachments are in this category. Road Runner does not contact the sender of the infected attachment(s) in the event that they were not actually sent from the indicated party. Please contact the sender directly to alert them of their issue with infected files if you wish to do so. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. Original message text follows __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please help solve problem SSL3_GET_CLIENT_HELLO:no shared cipher
Hi,, all. Please help me solve next problem. Server with OpenSSL 0.9.7d can't accept pear connection. With very old version of OpenSSL (I think 0.9.6) work properly. I am recompile OpenSSL with CIPHER_DEBUG flag. So, fly on handshake server know only DES_CBC3_SHA suite, while OpenSSL know more suites, and clients DES_CBC_SHA too. Thanks. Next partial CHIPHER_DEBUG output: skip Name: DES-CBC3-SHA: Algo = 00502041 Algo_strength = 0081 Mask = 0fff Mask_strength ma = 0041 ma_s , maalgo=, ma_salgos= Name: DES-CBC-SHA: Algo = 00501041 Algo_strength = 0021 Mask = 0fff Mask_strength ma = 0041 ma_s , maalgo=, ma_salgos= skip DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA IDEA-CBC-SHA DHE-DSS-RC4-SHA RC4-SHA RC4-MD5 EXP1024-DHE-DSS-DES-CBC-SHA EXP1024-DES-CBC-SHA EXP1024-RC2-CBC-MD5 EDH-RSA-DES-CBC-SHA EDH-DSS-DES-CBC-SHA DES-CBC-SHA EXP1024-DHE-DSS-RC4-SHA EXP1024-RC4-SHA EXP1024-RC4-MD5 EXP-EDH-RSA-DES-CBC-SHA EXP-EDH-DSS-DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC2-CBC-MD5 EXP-RC4-MD5 skip Server has 1 from 01521638: 004F6B58:DES-CBC3-SHA Client sent 2 from 01528050: 004F6B30:DES-CBC-SHA 004F6950:NULL-SHA rt=0 rte=0 dht=1 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 1:[0041:0251]004F6B30:DES-CBC-SHA rt=0 rte=0 dht=1 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 1:[0041:0251]004F6950:NULL-SHA skip --- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Encrypt/Decrypt using EVP_Cipher functions - repost PLEASE HELP
I have a situation where an application may switch from reading to writing and back again at random. Do I need a ctx context each for decryption / encryption, or can I use the same ctx in sequence on the file? When switching from reading to writing (and vice versa), do I need to detect this change and call EVP_CipherInit_ex to alter the context ctx accordingly? Furthermore, do I need to call EVP_CipherFinal before the call to EVP_CipherInit to finalize the ctx for the prior mode? My next question involves the encryption of very short strings (less than the cipher block size)... does the ctx buffer these short strings until either another call to the Update function fills out the block and/or the Final function is called? I will have unpredictable string lengths being encrypted, and I do not want to introduce padding into the middle of the encrypted files. Thanks for your help... - Eric Morris NC State University __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Encrypt/Decrypt using EVP_Cipher functions - repost PLEASE HELP
On Thu, Apr 22, 2004, Eric Morris wrote: I have a situation where an application may switch from reading to writing and back again at random. Do I need a ctx context each for decryption / encryption, or can I use the same ctx in sequence on the file? When switching from reading to writing (and vice versa), do I need to detect this change and call EVP_CipherInit_ex to alter the context ctx accordingly? Furthermore, do I need to call EVP_CipherFinal before the call to EVP_CipherInit to finalize the ctx for the prior mode? My next question involves the encryption of very short strings (less than the cipher block size)... does the ctx buffer these short strings until either another call to the Update function fills out the block and/or the Final function is called? I will have unpredictable string lengths being encrypted, and I do not want to introduce padding into the middle of the encrypted files. It would be best to have two contexts. Any partial block is buffered when you call EVP_CipherUpdate(). The data is written out when a full block is received. Padding only occurs when you call EVP_CipherFinal(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Encrypt/Decrypt using EVP_Cipher functions - repost PLEASE HELP
Dr. Henson, Can you interleave encryption and decryption without repeated calls to EVP_CipherInit and/or EVP_CipherFinal? If not, which calls are required between encryption calls and decryption calls? Thanks for the help - Eric Morris Dr. Stephen Henson wrote: On Thu, Apr 22, 2004, Eric Morris wrote: I have a situation where an application may switch from reading to writing and back again at random. Do I need a ctx context each for decryption / encryption, or can I use the same ctx in sequence on the file? When switching from reading to writing (and vice versa), do I need to detect this change and call EVP_CipherInit_ex to alter the context ctx accordingly? Furthermore, do I need to call EVP_CipherFinal before the call to EVP_CipherInit to finalize the ctx for the prior mode? My next question involves the encryption of very short strings (less than the cipher block size)... does the ctx buffer these short strings until either another call to the Update function fills out the block and/or the Final function is called? I will have unpredictable string lengths being encrypted, and I do not want to introduce padding into the middle of the encrypted files. It would be best to have two contexts. Any partial block is buffered when you call EVP_CipherUpdate(). The data is written out when a full block is received. Padding only occurs when you call EVP_CipherFinal(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Encrypt/Decrypt using EVP_Cipher functions - repost PLEASE HELP
On Thu, Apr 22, 2004, Eric Morris wrote: Dr. Henson, Can you interleave encryption and decryption without repeated calls to EVP_CipherInit and/or EVP_CipherFinal? If not, which calls are required between encryption calls and decryption calls? As I indicated you are best using two contexts for this purpose. The context is set up according to the initial operation (decrypt or encrypt) and these are two distinct operations in most cases (stream ciphers are an exception) and additional state information is stored in the context. You can't reuse the context and swap operations without a call to EVP_CipherFinal() which will output any partial block with appropriate padding on encryption. However on decryption the call would check padding and strip it: if the data to be decrypted can really arrive in fairly arbitrary size chunks that isn't what you'd want. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PPC SSL Problem - Please help
I am trying to set up openSSL 0.9.7c on Pocket PC 2002 (WCE 3.0). After completing confgiure, namake, etc There were some error messages during testing (..\ms\testce at test enc stage). First error: cemkdir: failed to create directory 183 Second error is: at test enc stage it stops and exits the testing. To avoid this I commented out test enc code in testce file and tried to run the test agin. This time it went through the entire program with no errors on the desktop. However, there is repeated error message on PPC : Application ssltest has performed an illegal ooperation and will shut down. Program: ssltest; exception: 0x8002; Address: 0005ac90 I am totally new to SSL and am trying to set this up on PPC to run a simple communication between my desk top (as server) and PPC (as client). Appreciate any help...pointers...next steps. Thanks. _ Tired of slow downloads and busy signals? Get a high-speed Internet connection! Comparison-shop your local high-speed providers here. https://broadband.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please help
Hi I've been trying to edit and rebuild the ASN.1 database using objects.pl. I am having problems understanding what is going on. As I understand it, the file to edit is objects.txt, but if I change this file in any way, then objects.pl no longer works. Can anybody please tell me what I should be doing here? many many thanks Steve __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Please help
I *think* I understand it now, but any clarification etc. would still be most appreciated. Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of steve thornton Sent: 23 July 2003 10:09 To: [EMAIL PROTECTED] Subject: Please help Hi I've been trying to edit and rebuild the ASN.1 database using objects.pl. I am having problems understanding what is going on. As I understand it, the file to edit is objects.txt, but if I change this file in any way, then objects.pl no longer works. Can anybody please tell me what I should be doing here? many many thanks Steve __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please help
On Wed, Jul 23, 2003, steve thornton wrote: Hi I've been trying to edit and rebuild the ASN.1 database using objects.pl. I am having problems understanding what is going on. As I understand it, the file to edit is objects.txt, but if I change this file in any way, then objects.pl no longer works. Can anybody please tell me what I should be doing here? If the added lines use the correct syntax you should be OK as long as you call 'make update'. You should be careful about deleting lines from objects.txt because this will break binary compatibility with any applications that use the NIDs directly: they'd need to be recompiled. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Please help
Yes I've noticed this. Basically I am making an embedded client, and am looking for every way possible to reduce code size, and obj_dat is very big. I've more or less concluded that it is not worth the trouble, but 24k is 24k. It surely should be possible to parse the essential info (Issuer, Subject and public key info etc.) from a cert. without having all the machinery that is in OpenSSL, but achieving that within the context of OpenSSL at present would be a *lot* of work. Would you agree, have you any comments? many thanks Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson Sent: 23 July 2003 12:36 To: [EMAIL PROTECTED] Subject: Re: Please help On Wed, Jul 23, 2003, steve thornton wrote: Hi I've been trying to edit and rebuild the ASN.1 database using objects.pl. I am having problems understanding what is going on. As I understand it, the file to edit is objects.txt, but if I change this file in any way, then objects.pl no longer works. Can anybody please tell me what I should be doing here? If the added lines use the correct syntax you should be OK as long as you call 'make update'. You should be careful about deleting lines from objects.txt because this will break binary compatibility with any applications that use the NIDs directly: they'd need to be recompiled. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please help
On Wed, Jul 23, 2003, steve thornton wrote: Yes I've noticed this. Basically I am making an embedded client, and am looking for every way possible to reduce code size, and obj_dat is very big. I've more or less concluded that it is not worth the trouble, but 24k is 24k. It surely should be possible to parse the essential info (Issuer, Subject and public key info etc.) from a cert. without having all the machinery that is in OpenSSL, but achieving that within the context of OpenSSL at present would be a *lot* of work. Would you agree, have you any comments? Well if its embedded then binary compatibility wont matter if you can just recompile everything. You can delete a large number of objects in objects.txt without any major harm. There are other areas you can also look into to reduce code size such as crypto and digest algorithms, extension code, PKCS#12, PKCS#7, ENGINE etc etc. It would be *very* difficult to try to restrict OpenSSL to the sizes claimed for some SSL libraries (40K I've heard quoted for one), so hard in fact that starting again might be less effort. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Please help
Thanks for that Steve, that was the conclusion I had just come to. Now I need to convince by bosses. I wonder if they'll pay me to write things from scratch? Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson Sent: 23 July 2003 13:52 To: [EMAIL PROTECTED] Subject: Re: Please help On Wed, Jul 23, 2003, steve thornton wrote: Yes I've noticed this. Basically I am making an embedded client, and am looking for every way possible to reduce code size, and obj_dat is very big. I've more or less concluded that it is not worth the trouble, but 24k is 24k. It surely should be possible to parse the essential info (Issuer, Subject and public key info etc.) from a cert. without having all the machinery that is in OpenSSL, but achieving that within the context of OpenSSL at present would be a *lot* of work. Would you agree, have you any comments? Well if its embedded then binary compatibility wont matter if you can just recompile everything. You can delete a large number of objects in objects.txt without any major harm. There are other areas you can also look into to reduce code size such as crypto and digest algorithms, extension code, PKCS#12, PKCS#7, ENGINE etc etc. It would be *very* difficult to try to restrict OpenSSL to the sizes claimed for some SSL libraries (40K I've heard quoted for one), so hard in fact that starting again might be less effort. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
please help me!!
i have try many times. i got the same error message. == perl Configure VC-WIN32 .\ms\do_nt.bat nmake -f .\ms\nt.mak ps .net vc++(vc++ v7) . ui_compat.c cl /Fotmp32\krb5_asn.obj -Iinc32 -Itmp32 /MD /W3 /WX /G5 /Ox /O2 /Ob2 / Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DD SO_WIN32 -DOPENSSL_SYSNAME_WINNT /Fdout32 -DOPENSSL_NO_KRB5 -c .\crypto\krb5\kr b5_asn.c cl : Command line warning D4029 : optimization is not available in the standard edition compiler krb5_asn.c lib /out:out32\libeay32.lib @C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmF2.tmp 'lib' ¤£¬O¤º³¡©Î¥~³¡«ü¥O¡B ¥i°õ¦æªºµ{¦¡©Î§å¦¸ÀÉ¡C NMAKE : fatal error U1077: 'lib' : return code '0x1' Stop. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: please help me!!
On Mon, Mar 17, 2003, luke wrote: i have try many times. i got the same error message. == perl Configure VC-WIN32 .\ms\do_nt.bat nmake -f .\ms\nt.mak ps .net vc++(vc++ v7) . ui_compat.c cl /Fotmp32\krb5_asn.obj -Iinc32 -Itmp32 /MD /W3 /WX /G5 /Ox /O2 /Ob2 / Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DD SO_WIN32 -DOPENSSL_SYSNAME_WINNT /Fdout32 -DOPENSSL_NO_KRB5 -c .\crypto\krb5\kr b5_asn.c cl : Command line warning D4029 : optimization is not available in the standard edition compiler krb5_asn.c lib /out:out32\libeay32.lib @C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmF2.tmp 'lib' ¤£¬O¤º³¡©Î¥~³¡«ü¥O¡B ¥i°õ¦æªºµ{¦¡©Î§å¦¸ÀÉ¡C NMAKE : fatal error U1077: 'lib' : return code '0x1' Stop. Looks like a crippled restricted version of VC++. Try removing the /O* options by manually editing ms\nt.mak, they are on the CFLAG line right at the top. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Hi, Please help me.
Hi there, The problem that I encountered was with a call to ERR_get_error_line_data(), and has not yet been solved. I was not encountering any memory leaks with SSL_connect(). We are using OpenSSL V 0.9.6b currently, we plan to upgrade in the near future. When creating an SSL*, I tend to do the following: SSL* SSLConnection::createSSLConnection(int socket) { assert(_sslContext != 0); SSL* sslConnection = SSL_new(_sslContext); assert(sslConnection != 0); SSL_clear(sslConnection); SSL_set_fd(sslConnection, socket); return sslConnection; } I don't do anything special in the destruction, simply call SSL_shutdown(). I leave it to another part of the application to close the socket for me. Hope it helps! -Anthony "Jack Y." wrote: Hi, I am sorry to send you directly, hope it not bother. Openssl mail list seem does not work, I can not subscript one. I also send my mail to [EMAIL PROTECTED], but get no response. You seem had the same problem as me, pls give me hints, many thanks, if you do not solve the problem yet, please post this mail on mail list, many thanks. I ran into a tribble problem, my client application that use openssl 0.9.6h lose 4K memory every SSL_connect()... The product is under release, things become very clear, remove the leak, or throw openssl lib, do the total job, authentication, encryption by myself. In list, I saw many persons solve the problem by close socket before free ssl object. But it does not work in my program. So, if you are one of them, send a copy of your client program, MANY THANKS. Purify says I leak memory allocated in CRYPTO_malloc, I think it is no use. I tried CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); for ... end for CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF); CRYPTO_mem_leaks_fp(stderr); the program crash at CRYPTO_mem_leaks_fp(..)!!! I saw a post long time ago says there do have memory leak in openssl, http://marc.theaimsgroup.com/?l=openssl-usersm=99973677617001w=2, is it fixed now, if not, ...oh, hurt! My environment is: w2k professional, .9.6h The code flow of the client is as follows * SSL_CTX_new(...) * SSL_CTX_use_certificate_ASN1(...) * SSL_CTX_use_RSAPrivateKey_ASN1(...) * X509_STORE_add_cert() // To add CA cert * SSL_CTX_sess_set_cache_size(ctx, 0); * SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF); * other init actions * for ever * SSL_new(...) * create read write BIOs * SSL_connect(...) * . * SSL_shutdown(...) * closesock(...) * SSL_free(...) * ERR_remove_state(0); * ERR_free_strings(); * EVP_cleanup(); * sleep * endfor I also tried: * for ever * SSL_CTX_new(...) * SSL_CTX_use_certificate_ASN1(...) * SSL_CTX_use_RSAPrivateKey_ASN1(...) * X509_STORE_add_cert() // To add CA cert * other init actions * SSL_new(...) * create read write BIOs * SSL_connect(...) * . * SSL_shutdown(...) * closesock(...) * SSL_free(...) * SSL_CTX_free(...) * ERR_remove_state(0); * ERR_free_strings(); * EVP_cleanup(); * sleep * endfor but I still lose 4K memory every loop... My code is below for details. // TestClntSSL.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include "TestClntSSL.h" #include "Winsock2.h" #include openssl/ssl.h> #include openssl/err.h> #include openssl/md5.h> #include openssl/rand.h> #include stdio.h> #include stdlib.h> typedef struct CLIENT_PARA { SSL_CTX * pctx; char * szFile; unsigned long ulAddr; int server_port; } CLIENT_PARA; static int port = 4433; static char* server_ip = "192.168.xx.xx"; static char *ciphers = "DES-CBC3-SHA"; static int s_server_session_id_context = 1; static char *passwd = "n1234"; static char *srvr_cert_file = "c:\\VCDebug\\nnn.crt"; static char *srvr_key_file = "c:\\VCDebug\\nnn.key"; static char *ca_cert_file = "c:\\VCDebug\\ca.crt"; static char *host = "CN=mmm"; static int password_cb(char *buf,int num, int rwflag,void *userdata); SSL_CTX *initialize_ctx() { SSL_METHOD *meth; SSL_CTX *ctx; int seed_int[1000]; /* Global system initialization*/ SSL_library_init(); SSL_load_error_strings(); /* Set up a SIGPIPE handler */ // signal(SIGPIPE,sigpipe_handle); /* Create our context*/ meth=SSLv3_client_method(); ctx=SSL_CTX_new(meth); /* Load our keys and certificates*/ if(!(SSL_CTX_use_certificate_file(ctx, srvr_cert_file, SSL_FILETYPE_PEM))) { char szTemp[100] = "Can't read certificate file"; Log(szTemp); return NULL; } SSL_CTX_set_default_passwd_cb(ctx, password_cb); if(!(SSL_CTX_use_PrivateKey_file(ctx, srvr_key_file, SSL_FILETYPE_PEM))) { char szTemp[100] = "Can't read key file"; Log(szTemp); return NULL; } /* Load the CAs we trust*/ if(!(SSL_CTX_load_verify_locations(ctx, ca_cert_file,0))) { Log("Can't read CA list"); return NULL; } // Set our cipher list if(ciphers) { SSL_CTX_set_cipher_list(ctx,ciphers); } SSL_CTX_set_session_id_context(ctx, (const unsigned char*)s_server_session_id_context, sizeof
[PLEASE HELP..URGENT!!!!] OPENSSL on Compaq Tru64 or any 64-bit machine.
Hi, Is there any variable that is supposed to be set for compiling on a 64 bit machine like Compaq's Tru64?? I have used the openssl library for all the machines and it works except for Tru64. I defined 'SIXTY_FOUR_BIT' in the bn.h file and that made the session key encryption with a public key work fine. But, I still had problems using the EVP_Decrypt functions!! Please help me with this. Is there something that I have to define somewhere else for the other algorithms to work? as I had done for bn.h?? Any help would be greatly appreciated. Thanx, Jay.. = - J | - [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [PLEASE HELP..URGENT!!!!] OPENSSL on Compaq Tru64 or any 64-bit machine.
Use compiler option like: cc +DD64 eg: ./configure hpux-cc +DD64 Bye, Durai. ( [EMAIL PROTECTED]) Hi, Is there any variable that is supposed to be set for compiling on a 64 bit machine like Compaq's Tru64?? I have used the openssl library for all the machines and it works except for Tru64. I defined 'SIXTY_FOUR_BIT' in the bn.h file and that made the session key encryption with a public key work fine. But, I still had problems using the EVP_Decrypt functions!! Please help me with this. Is there something that I have to define somewhere else for the other algorithms to work? as I had done for bn.h?? Any help would be greatly appreciated. Thanx, Jay.. = - J | - [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please help: SSL_read() hang after read http 100 continue header
Lin No I am not an OpenSSL developer. However I have built several server and client applications using OpenSSL. The the following code works with IE 5.0 and the simple client program I sent you. BIO_puts(io,HTTP/1.1 100 Continue\r\n); BIO_puts(io,Server: Microsoft-IIS/5.0\r\n); BIO_puts(io,Date: Wed, 30 Oct 2002 06:34:5 6 GMT\r\n\r\n); /* the extra 0d 0a after the Date header is needed to tells the browser it has reached the end of the block before reading the 200 reponse code */ /* Without the \r\n the server sends an invalid response to the browser */ BIO_puts(io,HTTP/1.1 200 OK\r\n); BIO_puts(io,Server: Microsoft-IIS/5.0\r\n); BIO_puts(io,Date: Wed,30 Oct 20 02 06:35:07 GMT\r\n); BIO_puts(io,Content-Length: 1863\r\n); BIO_puts(io,Content-Type: text/html\r\n); BIO_puts(io,Expires: Wed, 30 Oct 2002 06:35: 07 GMT\r\n); BIO_puts(io,Cache-control: private\r\n); BIO_puts(io,\r\n); BIO_puts(io,html\r\n); BIO_puts(io,head\r\n); BIO_puts(io,titleBIO Openssl Test Server/title\r\n); BIO_puts(io,/head\r\n); BIO_puts(io,body\r\n); BIO_puts(io,centerfont face=VerdanaBIO OpenSSL Test Server/font/center\r\n); BIO_puts(io,/body\r\n); BIO_puts(io,/html\r\n); Browser output: html head titleBIO Openssl Test Server/title /head body centerfont face=VerdanaBIO OpenSSL Test Server/font/center /body /html Simple client output Wrote 17 chars Handshake completed successfully! Read 411 chars: HTTP/1.1 100 Continue Server: OpenSSL/1.0 Date: Wed, 30 Oct 2002 06:34:5 6 GMT HTTP/1.1 200 OK Date: Wed,30 Oct 20 02 06:35:07 GMT Content-Length: 1863 Content-Type: text/html Expires: Wed, 30 Oct 2002 06:35: 07 GMT Cache-control: private html head titleBIO Openssl Test Server/title /head body centerfont face=VerdanaBIO OpenSSL Test Server/font/center /body /html I am running this code on Windows 2000 Server with VC++ 6.0. Send me your client or server code so that I can look at it. - Original Message - From: Lutz Jaenicke [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 1:13 PM Subject: Re: Please help: SSL_read() hang after read http 100 continue header On Wed, Nov 13, 2002 at 09:53:34AM -0800, Lin Ma wrote: I have a client program using Openssl to send request to and receive response from a web server. SSL_read hangs if the web server sends the following headers. The following is the header dump without SSL. I think the problem is the separator 0d 0a 0d 0a between the two block of headers. No. The SSL layer does not care about the data transferred, whether it is line oriented or not. ... You can see, it is like HTTP/1.1 100 Continue Server: Microsoft-IIS/5.0 Date: Wed, 30 Oct 2002 06:34:56 GMT 0d 0a 0d 0a HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Wed, 30 Oct 2002 06:34:56 GMT Content-Length: 1863 . There is separator 0d 0a 0d 0a between the two block of headers. My program just stuck in the separator and couldn't get the following HTTP/1.1 200 OK ... If I change it to non-blocking, SSL_read() doesn't hang any more, but it keep getting SSL_ERROR_WANT_READ error, if I keeping SSL_read, it keep getting SSL_ERROR_WANT_READ and doesn't return valid data. This means, that no data has been received or at least not enough data to complete the TLS record. SSL_read() is waiting for (more) data. Use ssldump to analyze the traffic. What platform are you working on? Windows or UNIX? Can you try your program on another platform? Microsoft IIS is not know to be free of errors, but it seems to work good enough that I don't think the problem is caused by the server side. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please help: SSL_read() hang after read http 100 continue header
On Wed, Nov 13, 2002 at 09:53:34AM -0800, Lin Ma wrote: I have a client program using Openssl to send request to and receive response from a web server. SSL_read hangs if the web server sends the following headers. The following is the header dump without SSL. I think the problem is the separator 0d 0a 0d 0a between the two block of headers. No. The SSL layer does not care about the data transferred, whether it is line oriented or not. ... You can see, it is like HTTP/1.1 100 Continue Server: Microsoft-IIS/5.0 Date: Wed, 30 Oct 2002 06:34:56 GMT 0d 0a 0d 0a HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Wed, 30 Oct 2002 06:34:56 GMT Content-Length: 1863 . There is separator 0d 0a 0d 0a between the two block of headers. My program just stuck in the separator and couldn't get the following HTTP/1.1 200 OK ... If I change it to non-blocking, SSL_read() doesn't hang any more, but it keep getting SSL_ERROR_WANT_READ error, if I keeping SSL_read, it keep getting SSL_ERROR_WANT_READ and doesn't return valid data. This means, that no data has been received or at least not enough data to complete the TLS record. SSL_read() is waiting for (more) data. Use ssldump to analyze the traffic. What platform are you working on? Windows or UNIX? Can you try your program on another platform? Microsoft IIS is not know to be free of errors, but it seems to work good enough that I don't think the problem is caused by the server side. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Newbie Question Re: Public Key Encryption [Please help!!]
Hi, I am trying to encrypt a session key that I created using DES_KEY_SCHEDULE. I am using RSA_public_encrypt to encrypt the session key (8 bytes) with the public key using RSA_PKCS1_OEAP_PADDING. This creates a 64byte encrypted session key. I send this to the Server on the windows machine. But 'Importing the Encrypted Session Key' on that server fails. That's implemented using wincrypt.h functions such as CryptImportObjectEx. Further info: I used the public key received from the server (created using the asymmetric_encrypt_algorithm) and I imported that using: rsaPubKey = (RSA*) d2i_RSA_PUBKEY_bio(pub,NULL); Now, I use this to encrypt the session key: unsigned char ciphertext[512]; unsigned char iv[8]; unsigned char iv1[8]; RAND_seed(rnd_seed, sizeof (rnd_seed)); RAND_pseudo_bytes(iv,8); bytecopy(iv,iv1,8); encryptlen = RSA_public_encrypt (8, (*ks)-ks.cblock, ciphertext, rsaPubKey, RSA_PKCS1_OAEP_PADDING); if(encryptlen == -1) { fprintf (stderr, ERROR: Failed to encrypt using public key\n); goto proc_exit; } The length after this is 64, which is preferred. So, after all this when I finally send the 'ciphertext' chars as the encrypted session key, the server fails to import it using CryptImportKey (from wincrypt.h). The ERROR RECEIVED says: Either the algorithm that works with the public key you are trying to import is not supported by this CSP, or an attempt was made to import a session key that was encrypted with something other than one of your public keys If anyone has come into a similar problem or anything close, please let me know. Any help will be tremendously appreciated. If you like to know more details or are interested in working with me on this, please let me know. Thanx in advance, J.. = - J | - [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please Help!!!
In message [EMAIL PROTECTED] on Mon, 22 Apr 2002 19:16:13 -0700, Paul Mallary [EMAIL PROTECTED] said: pmallary I have been trying to figure this out on my own for the past day or so and am stumped. I have installed all of the necessary stuff for openssl to compile but I keep getting these error messages when I configure and make... Which version of gcc did you use? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please Help!!!
In message [EMAIL PROTECTED] on Mon, 22 Apr 2002 22:38:47 -0700, Aleksey Sanin [EMAIL PROTECTED] said: aleksey IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very aleksey bad expirience with it in the past. If it is possible, try aleksey gcc 2.95.3. Is that just on Solaris, or a recommendation to avoid gcc 3 in general? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please Help!!!
I've tried it on Solaris and Linux. IMHO, in both cases it is not polished as well as it should be. Probably there exist projects there you have to use 3.0 because of its new features. But it's not the case for me. Aleksey. Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Mon, 22 Apr 2002 22:38:47 -0700, Aleksey Sanin [EMAIL PROTECTED] said: aleksey IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very aleksey bad expirience with it in the past. If it is possible, try aleksey gcc 2.95.3. Is that just on Solaris, or a recommendation to avoid gcc 3 in general? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
gcc 3 (was Re: Please Help!!!)
On Tue, Apr 23, 2002 at 10:06:41AM +0200, Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Mon, 22 Apr 2002 22:38:47 -0700, Aleksey Sanin [EMAIL PROTECTED] said: aleksey IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very aleksey bad expirience with it in the past. If it is possible, try aleksey gcc 2.95.3. Is that just on Solaris, or a recommendation to avoid gcc 3 in general? One thing to be careful about when using gcc 3 is whether it was configured with a shared libgcc or not: for instance, the Solaris binary packages of gcc 3 from sunfreeware.com do use a shared libgcc (as it's the default), which introduces a dependency of shared libraries produced by gcc -shared on the shared libgcc. So you have to set LD_LIBRARY_PATH or LD_RUN_PATH to $prefix/lib where you installed gcc, if you want the library to load, and they'll never work on another Solaris machine unless you copy over the libgcc_s.so too. gcc 3 configured with --disable-shared doesn't suffer from this problem. joe __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please Help!!!
Aleksey Sanin wrote: IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very bad expirience with it in the past. If it is possible, try gcc 2.95.3. I've had recently the occasion to compiles openssl 0.9.6 out of the box without problem with both 2.95.3 and 3.0.3 under Solaris. But with 2.95.3, I had a mysterious coredump inside dlopen everytime I was trying to load a Chrysalis pkcs#11 library inside my application program. I was not able to understand what was happening and I did not have the problem with 3.0.3, so I went on with that one. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please Help!!!
I have been trying to figure this out on my own for the past day or so and am stumped. I have installed all of the necessary stuff for openssl to compile but I keep getting these error messages when I configure and make... ./Configure solaris-sparcv8-gcc shared no-threads JUST A SECTION OF THE ./Configure Makefile = Makefile.ssl comp.h = ../../include/openssl/comp.h [File exists] make[2]: Leaving directory `/export/install/packages/openssl-0.9.6c/crypto/comp' make[1]: Leaving directory `/export/install/packages/openssl-0.9.6c/crypto' making links in ssl... make[1]: Entering directory `/export/install/packages/openssl-0.9.6c/ssl' Makefile = Makefile.ssl ssl.h = ../include/openssl/ssl.h [File exists] ssl2.h = ../include/openssl/ssl2.h [File exists] ssl3.h = ../include/openssl/ssl3.h [File exists] ssl23.h = ../include/openssl/ssl23.h [File exists] tls1.h = ../include/openssl/tls1.h [File exists] Then when I run make JUST A SECTION + rm -f libcrypto.so.0 + rm -f libcrypto.so + rm -f libcrypto.so.0.9.6 + rm -f libssl.so.0 + rm -f libssl.so + rm -f libssl.so.0.9.6 making all in crypto... make[1]: Entering directory `/export/install/packages/openssl-0.9.6c/crypto' ( echo #ifndef MK1MF_BUILD; \ echo /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */; \ echo #define CFLAGS \gcc -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRA SPARC -DMD5_ASM\; \ echo #define PLATFORM \solaris-sparcv9-gcc\; \ echo #define DATE \`date`\; \ echo #endif ) buildinf.h gcc -I. -I../include -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -D MD5_ASM -c -o cryptlib.o cryptlib.c In file included from cryptlib.c:59: /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:36:27: iso/stdio_iso.h: No such file or directory In file included from cryptlib.c:59: /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:194: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:229: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:230: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:236: parse error before size_t /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:241: parse error before size_t /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:250: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:252: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:276: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:285: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:286: parse error before FILE /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:287: parse error before '*' token cryptlib.c:60:20: string.h: No such file or directory What is wrong with what I am doing? Any help would be a life saver! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please Help!!!
IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very bad expirience with it in the past. If it is possible, try gcc 2.95.3. Aleksey Sanin Paul Mallary wrote: I have been trying to figure this out on my own for the past day or so and am stumped. I have installed all of the necessary stuff for openssl to compile but I keep getting these error messages when I configure and make... ./Configure solaris-sparcv8-gcc shared no-threads JUST A SECTION OF THE ./Configure Makefile = Makefile.ssl comp.h = ../../include/openssl/comp.h [File exists] make[2]: Leaving directory `/export/install/packages/openssl-0.9.6c/crypto/comp' make[1]: Leaving directory `/export/install/packages/openssl-0.9.6c/crypto' making links in ssl... make[1]: Entering directory `/export/install/packages/openssl-0.9.6c/ssl' Makefile = Makefile.ssl ssl.h = ../include/openssl/ssl.h [File exists] ssl2.h = ../include/openssl/ssl2.h [File exists] ssl3.h = ../include/openssl/ssl3.h [File exists] ssl23.h = ../include/openssl/ssl23.h [File exists] tls1.h = ../include/openssl/tls1.h [File exists] Then when I run make JUST A SECTION + rm -f libcrypto.so.0 + rm -f libcrypto.so + rm -f libcrypto.so.0.9.6 + rm -f libssl.so.0 + rm -f libssl.so + rm -f libssl.so.0.9.6 making all in crypto... make[1]: Entering directory `/export/install/packages/openssl-0.9.6c/crypto' ( echo #ifndef MK1MF_BUILD; \ echo /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */; \ echo #define CFLAGS \gcc -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRA SPARC -DMD5_ASM\; \ echo #define PLATFORM \solaris-sparcv9-gcc\; \ echo #define DATE \`date`\; \ echo #endif ) buildinf.h gcc -I. -I../include -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -D MD5_ASM -c -o cryptlib.o cryptlib.c In file included from cryptlib.c:59: /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:36:27: iso/stdio_iso.h: No such file or directory In file included from cryptlib.c:59: /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:194: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:229: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:230: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:236: parse error before size_t /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:241: parse error before size_t /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:250: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:252: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:276: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:285: parse error before '*' token /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:286: parse error before FILE /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.0.3/include/stdio.h:287: parse error before '*' token cryptlib.c:60:20: string.h: No such file or directory What is wrong with what I am doing? Any help would be a life saver! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please help on stupid compile on VC++
Hi, i try to link with nmake utility under prompt openssl with a mixture library that I took in part from Linux 2.4 because I hadn't them on my system and other library were standard of Visual C++ 6.0 like stdlib.h. At finish i take these errors. what do you suggest? I should try also with Linux stdlib.h? Best regards and thanks in advance Marco Puccio this is result: Microsoft (R) Program Maintenance Utility Version 6.00.8168.0 Copyright (C) Microsoft Corp 1988-1998. All rights reserved. Building OpenSSL cl /Fotmp32dll\hw_aep.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /O b2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fd out32dll /GD -D_WINDLL -D_DLL -c .\crypto\engine\hw_aep.c hw_aep.c .\crypto\engine\hw_aep.c(61) : error C2014: preprocessor command must start as f irst nonwhite space C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(100) : error C2059: s yntax error : 'type' C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(366) : error C2143: s yntax error : missing '{' before '__cdecl' C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(440) : error C2143: s yntax error : missing '{' before '__cdecl' .\crypto\engine\hw_aep.c(192) : error C2061: syntax error : identifier 'recorded _pid' .\crypto\engine\hw_aep.c(192) : error C2059: syntax error : ';' .\crypto\engine\hw_aep.c(192) : error C2513: '/*global*/ ' : no variable declare d before '=' .\crypto\engine\hw_aep.c(468) : warning C4018: '=' : signed/unsigned mismatch .\crypto\engine\hw_aep.c(623) : error C2065: 'pid_t' : undeclared identifier .\crypto\engine\hw_aep.c(623) : error C2146: syntax error : missing ';' before i dentifier 'curr_pid' .\crypto\engine\hw_aep.c(623) : error C2065: 'curr_pid' : undeclared identifier .\crypto\engine\hw_aep.c(627) : warning C4013: 'getpid' undefined; assuming exte rn returning int .\crypto\engine\hw_aep.c(631) : error C2065: 'recorded_pid' : undeclared identif ier NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please help ...
Hi, I tried to build openssl on my win98se system and fail each time. Can i download the binaries somewhere? Regards, Paul.
Please help - startssl fails due to the following errors:
[Thu Dec 20 16:48:20 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows)[Thu Dec 20 16:48:20 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long That is from my error_log. Any ideas how to fix this? -MK
Re: Please help - startssl fails due to the following errors:
Fixed it. Had to reinstall apache+modssl after reinstalling openssl - Original Message - From: Mike K To: [EMAIL PROTECTED] Sent: Thursday, December 20, 2001 2:00 PM Subject: Please help - startssl fails due to the following errors: [Thu Dec 20 16:48:20 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows)[Thu Dec 20 16:48:20 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long That is from my error_log. Any ideas how to fix this? -MK
problems with private keys... please help! urgent!
Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. I did that. Now when I try to run startssl, I get errors on BOTH virtual domains. The domain that had once worked produces these errors: [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The domain2, that I couldn't get to work before the upgrade, produces these errors: [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows) [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long - For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this same unable to load key error for any key I try to get the md5 checksum for Any help in getting both of my virtual domain's (the two that need SSL) working is greatly appreciated. Thanks. -Mike PS: Here is the Virtual Server entry from httpd.conf for domain2... domain1 has the exact same (but updated ip and paths) NamevirtualHost xxx.xxx.xxx.44:443 VirtualHost xxx.xxx.xxx.44:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt DocumentRoot /home/hosting/domain2.com/public_html ServerName domain2.com CustomLog /www/logs/domain2.com combined ErrorLog /www/logs/domain2_error_log SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Directory /home/hosting/domain2.com/public_html/cgi-bin SSLOptions +StdEnvVars /Directory Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$ SSLOptions +StdEnvVars /Files /VirtualHost __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problems with private keys... please help! urgent!
For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this error when I use an incorrect password... check your password.. - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 1:31 PM Subject: problems with private keys... please help! urgent! Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. I did that. Now when I try to run startssl, I get errors on BOTH virtual domains. The domain that had once worked produces these errors: [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The domain2, that I couldn't get to work before the upgrade, produces these errors: [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows) [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long - For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this same unable to load key error for any key I try to get the md5 checksum for Any help in getting both of my virtual domain's (the two that need SSL) working is greatly appreciated. Thanks. -Mike PS: Here is the Virtual Server entry from httpd.conf for domain2... domain1 has the exact same (but updated ip and paths) NamevirtualHost xxx.xxx.xxx.44:443 VirtualHost xxx.xxx.xxx.44:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt DocumentRoot /home/hosting/domain2.com/public_html ServerName domain2.com CustomLog /www/logs/domain2.com combined ErrorLog /www/logs/domain2_error_log SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Directory /home/hosting/domain2.com/public_html/cgi-bin SSLOptions +StdEnvVars /Directory Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$ SSLOptions +StdEnvVars /Files /VirtualHost __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problems with private keys... please help! urgent!
It never asked me for a password - Original Message - From: Saju Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 10:23 AM Subject: Re: problems with private keys... please help! urgent! For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this error when I use an incorrect password... check your password.. - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 1:31 PM Subject: problems with private keys... please help! urgent! Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. I did that. Now when I try to run startssl, I get errors on BOTH virtual domains. The domain that had once worked produces these errors: [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The domain2, that I couldn't get to work before the upgrade, produces these errors: [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows) [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long - For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this same unable to load key error for any key I try to get the md5 checksum for Any help in getting both of my virtual domain's (the two that need SSL) working is greatly appreciated. Thanks. -Mike PS: Here is the Virtual Server entry from httpd.conf for domain2... domain1 has the exact same (but updated ip and paths) NamevirtualHost xxx.xxx.xxx.44:443 VirtualHost xxx.xxx.xxx.44:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt DocumentRoot /home/hosting/domain2.com/public_html ServerName domain2.com CustomLog /www/logs/domain2.com combined ErrorLog /www/logs/domain2_error_log SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Directory /home/hosting/domain2.com/public_html/cgi-bin SSLOptions +StdEnvVars /Directory Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$ SSLOptions +StdEnvVars /Files /VirtualHost __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problems with private keys... please help! urgent!
If the private key has been created with a password (usually is); then the same password needs to be supplied using the -passin argument. for ex: openssl rsa -noout -modulus -in server.key -passin pass:mypasswd | openssl md5 If the -passin argument is not used; it could be picking up a default passin password from the openssl.cnf file. Check the openssl.cnf for a default passin and make sure it matches the password you used to create the private key. --- - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 2:32 PM Subject: Re: problems with private keys... please help! urgent! It never asked me for a password - Original Message - From: Saju Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 10:23 AM Subject: Re: problems with private keys... please help! urgent! For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this error when I use an incorrect password... check your password.. - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 1:31 PM Subject: problems with private keys... please help! urgent! Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. I did that. Now when I try to run startssl, I get errors on BOTH virtual domains. The domain that had once worked produces these errors: [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The domain2, that I couldn't get to work before the upgrade, produces these errors: [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows) [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long - For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this same unable to load key error for any key I try to get the md5 checksum for Any help in getting both of my virtual domain's (the two that need SSL) working is greatly appreciated. Thanks. -Mike PS: Here is the Virtual Server entry from httpd.conf for domain2... domain1 has the exact same (but updated ip and paths) NamevirtualHost xxx.xxx.xxx.44:443 VirtualHost xxx.xxx.xxx.44:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt DocumentRoot /home/hosting/domain2.com/public_html ServerName domain2.com CustomLog /www/logs/domain2.com combined ErrorLog /www/logs/domain2_error_log SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Directory /home/hosting/domain2.com/public_html/cgi-bin SSLOptions +StdEnvVars /Directory Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$ SSLOptions +StdEnvVars /Files /VirtualHost __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List
Re: problems with private keys... please help! urgent!
Same problem regarding unable to load key when doing this. I know my pass is correct Any other ideas? Thanks for the help. Is this error the reason why apache wont startssl? -Mike - Original Message - From: Saju Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 11:33 AM Subject: Re: problems with private keys... please help! urgent! If the private key has been created with a password (usually is); then the same password needs to be supplied using the -passin argument. for ex: openssl rsa -noout -modulus -in server.key -passin pass:mypasswd | openssl md5 If the -passin argument is not used; it could be picking up a default passin password from the openssl.cnf file. Check the openssl.cnf for a default passin and make sure it matches the password you used to create the private key. --- - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 2:32 PM Subject: Re: problems with private keys... please help! urgent! It never asked me for a password - Original Message - From: Saju Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 10:23 AM Subject: Re: problems with private keys... please help! urgent! For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this error when I use an incorrect password... check your password.. - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 1:31 PM Subject: problems with private keys... please help! urgent! Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. I did that. Now when I try to run startssl, I get errors on BOTH virtual domains. The domain that had once worked produces these errors: [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The domain2, that I couldn't get to work before the upgrade, produces these errors: [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows) [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long - For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this same unable to load key error for any key I try to get the md5 checksum for Any help in getting both of my virtual domain's (the two that need SSL) working is greatly appreciated. Thanks. -Mike PS: Here is the Virtual Server entry from httpd.conf for domain2... domain1 has the exact same (but updated ip and paths) NamevirtualHost xxx.xxx.xxx.44:443 VirtualHost xxx.xxx.xxx.44:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt DocumentRoot /home/hosting/domain2.com/public_html ServerName domain2.com CustomLog /www/logs/domain2.com combined ErrorLog /www/logs/domain2_error_log SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Directory /home/hosting/domain2.com/public_html/cgi-bin SSLOptions +StdEnvVars /Directory Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$ SSLOptions +StdEnvVars /Files /VirtualHost __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED
RE: problems with private keys... please help! urgent!
Mike, Are the CA of these files self-signed? If they are why not trying regenerating new public/private key pairs. It looks to me like the files you have are corrupted. The error routines:X509_check_private_key:key values mismatch means that the certificate you are loading does not belong to the private key you have specified. If the CA is not self-signed (i.e. from Verisign or Thawte ) then I would still create some temporary self-signed key pairs and try using them to test your overall system setup. If the ones you just generated work then I would say your old files got corrupted. If they don't then I would say that something is wrong with your install/compile of openssl. ( Or something else. :) - Andrew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike K Sent: Tuesday, December 18, 2001 3:34 PM To: [EMAIL PROTECTED] Subject: Re: problems with private keys... please help! urgent! Same problem regarding unable to load key when doing this. I know my pass is correct Any other ideas? Thanks for the help. Is this error the reason why apache wont startssl? -Mike - Original Message - From: Saju Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 11:33 AM Subject: Re: problems with private keys... please help! urgent! If the private key has been created with a password (usually is); then the same password needs to be supplied using the -passin argument. for ex: openssl rsa -noout -modulus -in server.key -passin pass:mypasswd | openssl md5 If the -passin argument is not used; it could be picking up a default passin password from the openssl.cnf file. Check the openssl.cnf for a default passin and make sure it matches the password you used to create the private key. --- - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 2:32 PM Subject: Re: problems with private keys... please help! urgent! It never asked me for a password - Original Message - From: Saju Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 10:23 AM Subject: Re: problems with private keys... please help! urgent! For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this error when I use an incorrect password... check your password.. - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 1:31 PM Subject: problems with private keys... please help! urgent! Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. I did that. Now when I try to run startssl, I get errors on BOTH virtual domains. The domain that had once worked produces these errors: [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The domain2, that I couldn't get to work before the upgrade, produces these errors: [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows) [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long - For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this same unable to load key error for any key I try to get the md5 checksum for Any help in getting both of my virtual domain's (the two that need SSL) working is greatly appreciated. Thanks. -Mike PS: Here is the Virtual Server entry from httpd.conf for domain2... domain1 has the exact same (but updated ip and paths) NamevirtualHost xxx.xxx.xxx.44:443 VirtualHost xxx.xxx.xxx.44:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM
Re: problems with private keys... please help! urgent!
# openssl genrsa -des3 -out test.key 1024 warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus ...++ ...++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: # openssl rsa -noout -text -in test.key read RSA key unable to load key # openssl rsa -noout -text -passin pass:test -in test.key read RSA key unable to load key # openssl rsa -noout -text -in test.key -passin pass:test read RSA key unable to load key # Any ideas? -Mike - Original Message - From: Andrew T. Finnell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 12:28 PM Subject: RE: problems with private keys... please help! urgent! Mike, Are the CA of these files self-signed? If they are why not trying regenerating new public/private key pairs. It looks to me like the files you have are corrupted. The error routines:X509_check_private_key:key values mismatch means that the certificate you are loading does not belong to the private key you have specified. If the CA is not self-signed (i.e. from Verisign or Thawte ) then I would still create some temporary self-signed key pairs and try using them to test your overall system setup. If the ones you just generated work then I would say your old files got corrupted. If they don't then I would say that something is wrong with your install/compile of openssl. ( Or something else. :) - Andrew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike K Sent: Tuesday, December 18, 2001 3:34 PM To: [EMAIL PROTECTED] Subject: Re: problems with private keys... please help! urgent! Same problem regarding unable to load key when doing this. I know my pass is correct Any other ideas? Thanks for the help. Is this error the reason why apache wont startssl? -Mike - Original Message - From: Saju Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 11:33 AM Subject: Re: problems with private keys... please help! urgent! If the private key has been created with a password (usually is); then the same password needs to be supplied using the -passin argument. for ex: openssl rsa -noout -modulus -in server.key -passin pass:mypasswd | openssl md5 If the -passin argument is not used; it could be picking up a default passin password from the openssl.cnf file. Check the openssl.cnf for a default passin and make sure it matches the password you used to create the private key. --- - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 2:32 PM Subject: Re: problems with private keys... please help! urgent! It never asked me for a password - Original Message - From: Saju Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 10:23 AM Subject: Re: problems with private keys... please help! urgent! For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this error when I use an incorrect password... check your password.. - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 1:31 PM Subject: problems with private keys... please help! urgent! Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. I did that. Now when I try to run startssl, I get errors on BOTH virtual domains. The domain that had once worked produces these errors: [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The domain2, that I couldn't get to work before the upgrade, produces these errors: [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows) [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long - For domain1, I tried to check
Re: problems with private keys... please help! urgent!
On Tue, Dec 18, 2001 at 01:28:00PM -0800, Mike K wrote: # openssl genrsa -des3 -out test.key 1024 warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus ...++ ...++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: Ok. # openssl rsa -noout -text -in test.key read RSA key At this point, you should be asked for the pass phrase! unable to load key I cannot reproduce this behaviour. What is your platform etc? Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problems with private keys... please help! urgent!
FreeBSD3.4-REL with Openssl 0.9.6b -Mike - Original Message - From: Lutz Jaenicke [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 1:34 PM Subject: Re: problems with private keys... please help! urgent! On Tue, Dec 18, 2001 at 01:28:00PM -0800, Mike K wrote: # openssl genrsa -des3 -out test.key 1024 warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus ...++ ...++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: Ok. # openssl rsa -noout -text -in test.key read RSA key At this point, you should be asked for the pass phrase! unable to load key I cannot reproduce this behaviour. What is your platform etc? Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please help me, fix the problem
Hey. I can't enter the page: www.cardkingdom.com, because I come to a site called SSL/TLS-aware Apache webserver or something. I hope you can fix this problem, so I can see the page I want to visit. Thannk you. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please help
Salam, Signing a request has no relation with signing requests. To do so try what follows: 1/ Request Generation: openssl req -new -out cert.req 2/ request Signature: openssl req -ca -config path/openssl.cnf -in cert.req -out cert.pem path: path to openssl.cnf configuration file (may be /usr/share/ssl/openssl.cnf). Verify that directories and your CA and key files in the openssl.cnf file are correct. bye Haikel MEJRI Security Enginner National Digital Certification Agency TUNISIA On Friday 30 November 2001 01:44, you wrote: Dear All, I am finding problems while generating a certificate with openssl. When I want to generate a signed certificate using this command: openssl x509 -req -CA /usr/local/ca/cacert.crt -CAkey /usr/local/ca/private/cakey.pem -days 365 -in /tmp/req.pem -out /tmp/signed_req.pem -CAcreateserial --I get this problem 27182:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: TRUSTED CERTIFICATE Please can anybody help me solve this problem Thanking you in advance Hafida __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please, help me!
Dear Admin I have a long question. I got an error message during update openssl. The error message is like this - root@proxy imsi]# rpm -Uvh openssl-0.9.6-9.i386.rpm openssl ## /sbin/ldconfig: File /lib/libext-2.so.7 is too small, not checked. /sbin/ldconfig: File /lib/libext-2.so.7 is too small, not checked. /sbin/ldconfig: Input file /usr/lib/libcrypto.so not found. /sbin/ldconfig: Input file /usr/lib/libssl.so not found. - Would you give me a solution of this problem? Because of this problem, there's an error in executing httpd. The error message is below -- Nov 19 16:23:57 proxy httpd: Syntax error on line 265 of /etc/httpd/conf/httpd.conf: Nov 19 16:23:57 proxy httpd: Cannot load /etc/httpd/modules/libssl.so into server: symbol __sysconf, version GLIBC_2.2 not defined in file libc.so.6 with link time reference Nov 19 16:23:57 proxy httpd: httpd startup failed - The line 265 on /etc/httpd/conf/httpd.conf is below - LoadModule ssl_module modules/libssl.so - My OS is redhat 7.0. Please, give me an answer. Thanks. Your life on the net
Please help. Apache openssl problems.
Title: Message No matter what I do, I can't seem to connect via https. I keep getting the error: [Wed Oct 17 07:02:10 2001] [error] [client 66.65.3.10] Invalid method in requestt From what I have read, this means that I am trying to talk https on a port that only speaks http. I have tried everything that I can think of. I have commented out the virtual servers. That did nothing. I put them back in, then I read something about putting an sslengine on directive in the virtual hosts, so Idid that. Same thing. This is apache 1.3.22 on a sparc/Solaris 7 box. Here's what's in the conf. Main section: # Support for Random Seed Generation#SSLRandomSeed startup builtinSSLRandomSeed connect builtin ## Port: The port to which the standalone server listens. For# ports 1023, you will need httpd to be run as root initially.#Port 80 SSL Support When we also provide SSL we have to listen to the ## standard HTTP port (see above) and to the HTTPS port##IfDefine SSLListen 80Listen 443/IfDefine# VirtualHost 66.65.3.10:80 ScriptAlias /cgi-bin/ "/export/apache/877baskets/cgi-bin/" Directory "/export/apache/877baskets/cgi-bin/" AllowOverride All Options None Order allow,deny Allow from all /Directory ServerAdmin [EMAIL PROTECTED] DocumentRoot /export/apache/877baskets ServerName www.877baskets.com ErrorLog logs/877baskets.com-error_log CustomLog logs/87baskets.com-access_log common TransferLog logs/877baskets.com-access_log /VirtualHost VirtualHost 66.65.3.10:443 ScriptAlias /cgi-bin/ "/export/apache/877baskets/cgi-bin/" Directory "/export/apache/877baskets/cgi-bin/" AllowOverride All Options None Order allow,deny Allow from all /Directory ServerAdmin [EMAIL PROTECTED] DocumentRoot /export/apache/877baskets ServerName www.877baskets.com ErrorLog logs/877baskets.com-error_log CustomLog logs/87baskets.com-access_log common TransferLog logs/877baskets.com-access_log SSLEngine On/VirtualHost Any ideas? Thanks in advance Scott
Newbie-Please Help!
I apolozige I'm a newbie. This is my first request and I've gone fairly far on reading the documentation I have found. I have totally gotten Apache up on mod_SSL and am trying to get openssl to work. It worksI only have one stumbing block concerning the -rand functionality. the details: Linux 2.2.16-22 #1 Tue Aug 22 16:16:55 EDT 2000 i586 unknown Apache/1.3.12 10312100 OpenSSL 0.9.6a 5 Apr 2001 I'm having trouble with the -rand command...I'm missing a critical piece of information which I have not been able to figure out on my own. Whenever I use the -rand modifier, my terminal just sits there and hangs - I guess on the random number generator. I type the following. openssl genrsa -rand /dev/urandom -out www.domain.com.key 1024 it hangs... This command information was gotten from Thawte. If I type this: openssl genrsa -out www.domain.com.key 1024 everything works but it complains about the random number generator not being properly seeded. Thawte told me that I could create an encrypted keyHowever, I plain on this being a virtual servers with multiple SSL's and I don't want to keep track of every username/password and then have to remember them just to boot up which is what I was warned would happen from Thawte. Anybody know what I'm doing wrong? URANDOM: I log in as root, but the files in /dev are hidden from me. There seems to be a file called urandom there though. Sending the command as -rand /dev/urandom is what is specified by thawte. Is there a different way you would recommend seeding the crypto library. I apologize but I'm definetly a newbie at this. Thank You very much. Mike b. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please help me!
Hello Ryan! Thank you very much. I have added the line in the Certificate Extensions section of my openssl.cnf file: crlDistributionPoints=URI:http://cert.vrn.ru/crl/main.crl and then I made some certificates with this extensions. Such certificates have the following value of CRL Distribution Points: [1]CRL Distribution Point Distribution Point Name: Full Name: URL=http://cert.vrn.ru/crl/main.crl I suppose it's ok at this step. But the next step... It's not clear for me. MS Outlook Express tries to check if the certificate has been revoked or not, but it says The digital ID has not been revoked or revocation information for this certificate could not be determined. The CRL has been made with the following command: openssl ca -gencrl -out crl.pem -config openssl.cnf passin pass: Then I copied crl.pem file into appropriate directory of my web server and rename it(file) to main.crl I made certificate, then revoked it for testing, and then made a CRL as I wrote above. Have I made a mistake? Why MS Outlook Express does not say me that the certificate has been revoked? Yours sincerely, Valery E-mail: [EMAIL PROTECTED] - Original Message - From: Ryan Hurst [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 26, 2001 10:15 PM Subject: RE: Please help me! Valery -- This field in a certificate points to where the issuer will make its certificate revocation list available. If you are using OpenSSL or OpenCA (based off of OpenSSL) to issue your certificates you will want to probably put up a web server or LDAP capable directory where you can make your certificate revocation list available; refer to the absolute URL for this list in this extension. You may also want to include an AIA (authorityInformationAccess) extension as well, this can point to a OCSP responder capable of responding with individual certificate statuses. The Microsoft platform implements its revocation handling in a library called cryptnet.dll; this supports all the transports that WinInet supports (http/s,ftp,ldap/s,file). When the CryptoAPI applications that use revocation checking (Outlook can be configured to do this and in Office XP it is the default behavior), cryptnet will attempt to retrieve the CRL specified in this extension and use it for revocation checking. There are also alternate revocation providers available windows that implement additional protocols (OCSP, SCVP, CRL, CRLdp); ValiCert produces one such provider. I hope this helps. Ryan -Original Message- From: Valery [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 1:12 AM To: [EMAIL PROTECTED] Subject: Please help me! Hello! I used the certificate extensions crlDistributionPoints in my openssl.cnf file. And I faced the following problem. What should I indicate in thihs field (crlDistributionPoints)? I need that MS Outlook Express checks if the certificate has been revoked or not when it is on-line? What do I need to do? Yours faithfully, Valery E-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Please help me!
Valery -- This field in a certificate points to where the issuer will make its certificate revocation list available. If you are using OpenSSL or OpenCA (based off of OpenSSL) to issue your certificates you will want to probably put up a web server or LDAP capable directory where you can make your certificate revocation list available; refer to the absolute URL for this list in this extension. You may also want to include an AIA (authorityInformationAccess) extension as well, this can point to a OCSP responder capable of responding with individual certificate statuses. The Microsoft platform implements its revocation handling in a library called cryptnet.dll; this supports all the transports that WinInet supports (http/s,ftp,ldap/s,file). When the CryptoAPI applications that use revocation checking (Outlook can be configured to do this and in Office XP it is the default behavior), cryptnet will attempt to retrieve the CRL specified in this extension and use it for revocation checking. There are also alternate revocation providers available windows that implement additional protocols (OCSP, SCVP, CRL, CRLdp); ValiCert produces one such provider. I hope this helps. Ryan -Original Message- From: Valery [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 1:12 AM To: [EMAIL PROTECTED] Subject: Please help me! Hello! I used the certificate extensions crlDistributionPoints in my openssl.cnf file. And I faced the following problem. What should I indicate in thihs field (crlDistributionPoints)? I need that MS Outlook Express checks if the certificate has been revoked or not when it is on-line? What do I need to do? Yours faithfully, Valery E-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please Help: Crypto library with Visual C++
Dear All, Thousand thanks for your help. I really appreciate that. Your help really means a lot to me... Now, the problem is about the VC setting, I am not sure how to set the directory settings for the project For example, I copied all the files from the directory crypto in the openssl-x-x to another directory, and then rename it to openssl. I include the header file of envelope evp/evp.h. But when I compile the file, the compiler complains it couldn't find the file openssl/opensslconf.h (which exists in the crypto directory). I hope you could understand my problem. So... I am really confused on how to set up the directory. I don't want to modify all the header files. Is there alternative ways? Please help. Thousand thanks. Wish you all the best. Best regards, Jordan Cheun Ngen, Chong INF-4067 Universiteit Twente Postbus 217 7500 AE Enschede The Netherlands Distributed and Embedded Systems (DIES) Office Phone: +31 53 4894655 Web site: http://www.cs.utwente.nl/~chong Email Add.: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
??: Please Help: Crypto library with Visual C++
Title: ??: Please Help: Crypto library with Visual C++ i think all necessary files for your application is as follows: openssl-0.9.6a/out32dll/ : ssleay32.dll libeay32.dll ssleay32.lib libeay32.rls openssl-0.9.6a/inc32/openssl - this directory contains all head files needed you can do this by two means first : you copy the inc32/openssl to the vc include directory such as D:\Program Files\Microsoft Visual Studio\VC98\INCLUDE\openssl ... vc++ can find this head file automaticly. this one seems much more easy ..haha second ..you make a directory called include parallel to your project diectory.. copy openssl head files to this directory .. then in your project setting: c++ /preprocessor /additonal include directories ... add : ..\include then all ok .. have a good time -ÔʼÓʼþ- ·¢¼þÈË: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]´ú±í Jordan C N Chong ·¢ËÍʱ¼ä: 2001Äê9ÔÂ10ÈÕ 15:43 ÊÕ¼þÈË: openss-user Ö÷Ìâ: Please Help: Crypto library with Visual C++ Dear All, Thousand thanks for your help. I really appreciate that. Your help really means a lot to me... Now, the problem is about the VC setting, I am not sure how to set the directory settings for the project For example, I copied all the files from the directory crypto in the openssl-x-x to another directory, and then rename it to openssl. I include the header file of envelope evp/evp.h. But when I compile the file, the compiler complains it couldn't find the file openssl/opensslconf.h (which exists in the crypto directory). I hope you could understand my problem. So... I am really confused on how to set up the directory. I don't want to modify all the header files. Is there alternative ways? Please help. Thousand thanks. Wish you all the best. Best regards, Jordan Cheun Ngen, Chong INF-4067 Universiteit Twente Postbus 217 7500 AE Enschede The Netherlands Distributed and Embedded Systems (DIES) Office Phone: +31 53 4894655 Web site: http://www.cs.utwente.nl/~chong Email Add.: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Please Help: Crypto library with Visual C++
Title: ??: Please Help: Crypto library with Visual C++ thousand thanks for your help :D it helps a lot and it works fine now... Now, pls. one more thing, I tried to decode a Base64 encoded string into the string is (for example) :KljL0/zpzt8Y/UtenpqyMPt3JjQTFV5uofM349JXCY1z2i08XKzTW7LlpgnPDLh48Trbq6b/TErJ3UwFvbo8TOf8l4Xnp9yI6RtTWJlVZzJ5+AnY7lKLThSq8fgpVqwnJGVjfIHev6AI9qKHT+8vhN9tTacdU6WkZ6oYiOTb0jE= I am not sure how Do you know where I could some example codes, or perhaps some references on this stuff? very struggling indeed :) Thanks again for everything. Best regards,Jordan Cheun Ngen, ChongINF-4067 Universiteit TwentePostbus 2177500 AE EnschedeThe NetherlandsDistributed and Embedded Systems (DIES)Office Phone: +31 53 4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.: [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of YONG.YUESent: Monday, September 10, 2001 11:17 AMTo: '[EMAIL PROTECTED]'Subject: ??: Please Help: Crypto library with Visual C++ i think all necessary files for your application is as follows: openssl-0.9.6a/out32dll/ : ssleay32.dll libeay32.dll ssleay32.lib libeay32.rls openssl-0.9.6a/inc32/openssl - this directory contains all head files needed you can do this by two means first : you copy the inc32/openssl to the vc include directory such as D:\Program Files\Microsoft Visual Studio\VC98\INCLUDE\openssl ... vc++ can find this head file automaticly. this one seems much more easy ..haha second ..you make a directory called include parallel to your project diectory.. copy openssl head files to this directory .. then in your project setting: c++ /preprocessor /additonal include directories ... add : ..\include then all ok .. have a good time -ÔʼÓʼþ- ·¢¼þÈË: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]´ú±í Jordan C N Chong ·¢ËÍʱ¼ä: 2001Äê9ÔÂ10ÈÕ 15:43 ÊÕ¼þÈË: openss-user Ö÷Ìâ: Please Help: Crypto library with Visual C++ Dear All, Thousand thanks for your help. I really appreciate that. Your help really means a lot to me... Now, the problem is about the VC setting, I am not sure how to set the directory settings for the project For example, I copied all the files from the directory "crypto" in the "openssl-x-x" to another directory, and then rename it to "openssl". I include the header file of envelope "evp/evp.h". But when I compile the file, the compiler complains it couldn't find the file "openssl/opensslconf.h" (which exists in the "crypto" directory). I hope you could understand my problem. So... I am really confused on how to set up the directory. I don't want to modify all the header files. Is there alternative ways? Please help. Thousand thanks. Wish you all the best. Best regards, Jordan Cheun Ngen, Chong INF-4067 Universiteit Twente Postbus 217 7500 AE Enschede The Netherlands Distributed and Embedded Systems (DIES) Office Phone: +31 53 4894655 Web site: http://www.cs.utwente.nl/~chong Email Add.: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
??: Please Help: Crypto library with Visual C++
Title: ??: Please Help: Crypto library with Visual C++ u can follow this link: http://www.openssl.org/docs/crypto/BIO_f_base64.html# --: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Jordan C N Chong: 2001910 18:04: [EMAIL PROTECTED]: RE: Please Help: Crypto library with Visual C++ thousand thanks for your help :D it helps a lot and it works fine now... Now, pls. one more thing, I tried to decode a Base64 encoded string into the string is (for example) :KljL0/zpzt8Y/UtenpqyMPt3JjQTFV5uofM349JXCY1z2i08XKzTW7LlpgnPDLh48Trbq6b/TErJ3UwFvbo8TOf8l4Xnp9yI6RtTWJlVZzJ5+AnY7lKLThSq8fgpVqwnJGVjfIHev6AI9qKHT+8vhN9tTacdU6WkZ6oYiOTb0jE= I am not sure how Do you know where I could some example codes, or perhaps some references on this stuff? very struggling indeed :) Thanks again for everything. Best regards,Jordan Cheun Ngen, ChongINF-4067 Universiteit TwentePostbus 2177500 AE EnschedeThe NetherlandsDistributed and Embedded Systems (DIES)Office Phone: +31 53 4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.: [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of YONG.YUESent: Monday, September 10, 2001 11:17 AMTo: '[EMAIL PROTECTED]'Subject: ??: Please Help: Crypto library with Visual C++ i think all necessary files for your application is as follows: openssl-0.9.6a/out32dll/ : ssleay32.dll libeay32.dll ssleay32.lib libeay32.rls openssl-0.9.6a/inc32/openssl - this directory contains all head files needed you can do this by two means first : you copy the inc32/openssl to the vc include directory such as D:\Program Files\Microsoft Visual Studio\VC98\INCLUDE\openssl ... vc++ can find this head file automaticly. this one seems much more easy ..haha second ..you make a directory called include parallel to your project diectory.. copy openssl head files to this directory .. then in your project setting: c++ /preprocessor /additonal include directories ... add : ..\include then all ok .. have a good time -ÔʼÓʼþ- ·¢¼þÈË: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]´ú±í Jordan C N Chong ·¢ËÍʱ¼ä: 2001Äê9ÔÂ10ÈÕ 15:43 ÊÕ¼þÈË: openss-user Ö÷Ìâ: Please Help: Crypto library with Visual C++ Dear All, Thousand thanks for your help. I really appreciate that. Your help really means a lot to me... Now, the problem is about the VC setting, I am not sure how to set the directory settings for the project For example, I copied all the files from the directory "crypto" in the "openssl-x-x" to another directory, and then rename it to "openssl". I include the header file of envelope "evp/evp.h". But when I compile the file, the compiler complains it couldn't find the file "openssl/opensslconf.h" (which exists in the "crypto" directory). I hope you could understand my problem. So... I am really confused on how to set up the directory. I don't want to modify all the header files. Is there alternative ways? Please help. Thousand thanks. Wish you all the best. Best regards, Jordan Cheun Ngen, Chong INF-4067 Universiteit Twente Postbus 217 7500 AE Enschede The Netherlands Distributed and Embedded Systems (DIES) Office Phone: +31 53 4894655 Web site: http://www.cs.utwente.nl/~chong Email Add.: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Please Help: Crypto library with Visual C++
Title: ??: Please Help: Crypto library with Visual C++ Dear Yong Yue I am sorry to bother you again. The description is clear enough on the URL you gave me. However, I looked at the BIO explanation on http://www.columbia.edu/~ariel/ssleay/bio.html I am not sure how to read in some data from a file to the BIO filter/sink/source Is there any example for this purpose? I am really really terribly sorry to bother you. Thanks for your help. Wish you all the best. Best regards,Jordan Cheun Ngen, ChongINF-4067 Universiteit TwentePostbus 2177500 AE EnschedeThe NetherlandsDistributed and Embedded Systems (DIES)Office Phone: +31 53 4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.: [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of YONG.YUESent: Monday, September 10, 2001 12:19 PMTo: '[EMAIL PROTECTED]'Subject: ??: Please Help: Crypto library with Visual C++ u can follow this link: http://www.openssl.org/docs/crypto/BIO_f_base64.html# -原始邮件-发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]代表 Jordan C N Chong发送时间: 2001年9月10日 18:04收件人: [EMAIL PROTECTED]主题: RE: Please Help: Crypto library with Visual C++ thousand thanks for your help :D it helps a lot and it works fine now... Now, pls. one more thing, I tried to decode a Base64 encoded string into the string is (for example) :KljL0/zpzt8Y/UtenpqyMPt3JjQTFV5uofM349JXCY1z2i08XKzTW7LlpgnPDLh48Trbq6b/TErJ3UwFvbo8TOf8l4Xnp9yI6RtTWJlVZzJ5+AnY7lKLThSq8fgpVqwnJGVjfIHev6AI9qKHT+8vhN9tTacdU6WkZ6oYiOTb0jE= I am not sure how Do you know where I could some example codes, or perhaps some references on this stuff? very struggling indeed :) Thanks again for everything. Best regards,Jordan Cheun Ngen, ChongINF-4067 Universiteit TwentePostbus 2177500 AE EnschedeThe NetherlandsDistributed and Embedded Systems (DIES)Office Phone: +31 53 4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.: [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of YONG.YUESent: Monday, September 10, 2001 11:17 AMTo: '[EMAIL PROTECTED]'Subject: ??: Please Help: Crypto library with Visual C++ i think all necessary files for your application is as follows: openssl-0.9.6a/out32dll/ : ssleay32.dll libeay32.dll ssleay32.lib libeay32.rls openssl-0.9.6a/inc32/openssl - this directory contains all head files needed you can do this by two means first : you copy the inc32/openssl to the vc include directory such as D:\Program Files\Microsoft Visual Studio\VC98\INCLUDE\openssl ... vc++ can find this head file automaticly. this one seems much more easy ..haha second ..you make a directory called include parallel to your project diectory.. copy openssl head files to this directory .. then in your project setting: c++ /preprocessor /additonal include directories ... add : ..\include then all ok .. have a good time -ÔʼÓʼþ- ·¢¼þÈË: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]´ú±í Jordan C N Chong ·¢ËÍʱ¼ä: 2001Äê9ÔÂ10ÈÕ 15:43 ÊÕ¼þÈË: openss-user Ö÷Ìâ: Please Help: Crypto library with Visual C++ Dear All, Thousand thanks for your help. I really appreciate that. Your help really means a lot to me... Now, the problem is about the VC setting, I am not sure how to set the directory settings for the project For example, I copied all the files from the directory "crypto" in the "openssl-x-x" to another directory, and then rename it to "openssl". I include the header file of envelope "evp/evp.h". But when I compile the file, the compiler complains it couldn't find the file "openssl/opensslconf.h" (which exists in the "crypto" directory). I hope you could understand my problem. So... I am really confused on how to set up the directory. I don't want to modify all the header files. Is there alternative ways? Please help. Thousand thanks. Wish you all the best. Best regards, Jordan Cheun Ngen, Chong INF-4067 Universiteit Twente Postbus 217 7500 AE Enschede The Netherlands Distributed and Embedded Systems (DIES)
: Please Help: Crypto library with Visual C++
Title: ??: Please Help: Crypto library with Visual C++ oh nothing do not be nervous i think if you want to read data from a file first you must construct a BIO * mbio = BIO_new_file(filename , "rb") object then build another BIO* b64 =BIO_new(BIO_f_base64()); then mbio = BIO_push(b64, mbio); all ok ... read data from while((inlen = BIO_read(mbio, inbuf, strlen(message))) 0) { do as you wish }// remember free all bio resource BIO_free_all(bio); can this solve your problem?
RE: Please Help: BIO!!
Title: ??: Please Help: Crypto library with Visual C++ Hi, Thanks for your reply. I have tried, still the memory leak problem happens :) and the whole application crashes my code is like this: BIO *bio, *b64;BIO *bio_out;char inbuf[128];int inlen;b64 = BIO_new(BIO_f_base64());bio = BIO_new_file("content.key", "rb"); bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);bio = BIO_push(b64, bio);while ((inlen = BIO_read(bio, inbuf, 128)) 0) {BIO_write(bio_out, inbuf, inlen);} BIO_free_all(bio); what I wish to do is, read the data from the file content.key and then decode the data and then convert the decoded data in to a char * (or perhaps to another new file) but here what i do is just print out the decoded data :) i am sorry to bother you that much. pls forgive and pls help if you have the time :D thousand thanks. Wish you all the best. Best regards,Jordan Cheun Ngen, ChongINF-4067 Universiteit TwentePostbus 2177500 AE EnschedeThe NetherlandsDistributed and Embedded Systems (DIES)Office Phone: +31 53 4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.: [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of ??Sent: Monday, September 10, 2001 1:24 PMTo: '[EMAIL PROTECTED]'Subject: ??: Please Help: Crypto library with Visual C++ oh nothing do not be nervous i think if you want to read data from a file first you must construct a BIO * mbio = BIO_new_file(filename , "rb") object then build another BIO* b64 =BIO_new(BIO_f_base64()); then mbio = BIO_push(b64, mbio); all ok ... read data from while((inlen = BIO_read(mbio, inbuf, strlen(message))) 0) { do as you wish }// remember free all bio resource BIO_free_all(bio); can this solve your problem?
: Please Help: BIO!!
Title: ??: Please Help: Crypto library with Visual C++ oh when application crash .. it normally beacause link mfc lib problem you may try use mfc in shared dll or mfc instatic dll it may ok.. as for memory leak .. begin .. OpenSSL_add_all_algorithms();SSL_load_error_strings(); your code... End: ERR_free_strings();EVP_cleanup(); see u later...:) -原始邮件-发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]代表 Jordan C N Chong发送时间: 2001年9月10日 19:43收件人: [EMAIL PROTECTED]主题: RE: Please Help: BIO!! Hi, Thanks for your reply. I have tried, still the memory leak problem happens :) and the whole application crashes my code is like this: BIO *bio, *b64;BIO *bio_out;char inbuf[128];int inlen;b64 = BIO_new(BIO_f_base64());bio = BIO_new_file("content.key", "rb"); bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);bio = BIO_push(b64, bio);while ((inlen = BIO_read(bio, inbuf, 128)) 0) {BIO_write(bio_out, inbuf, inlen);} BIO_free_all(bio); what I wish to do is, read the data from the file content.key and then decode the data and then convert the decoded data in to a char * (or perhaps to another new file) but here what i do is just print out the decoded data :) i am sorry to bother you that much. pls forgive and pls help if you have the time :D thousand thanks. Wish you all the best. Best regards,Jordan Cheun Ngen, ChongINF-4067 Universiteit TwentePostbus 2177500 AE EnschedeThe NetherlandsDistributed and Embedded Systems (DIES)Office Phone: +31 53 4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.: [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of ??Sent: Monday, September 10, 2001 1:24 PMTo: '[EMAIL PROTECTED]'Subject: ??: Please Help: Crypto library with Visual C++ oh nothing do not be nervous i think if you want to read data from a file first you must construct a BIO * mbio = BIO_new_file(filename , "rb") object then build another BIO* b64 =BIO_new(BIO_f_base64()); then mbio = BIO_push(b64, mbio); all ok ... read data from while((inlen = BIO_read(mbio, inbuf, strlen(message))) 0) { do as you wish }// remember free all bio resource BIO_free_all(bio); can this solve your problem?
RE: Please Help: BIO!!
Title: ??: Please Help: Crypto library with Visual C++ HI :D Sorry to bother you again. I think I have found the reason :) it is because the Project setting is incorrect (thanks for your hints indeed) I have to set the Code Generation (under tag C/C++), the "Use run-time library" to "Multithreaded DLL" :D All the best. Best regards,Jordan Cheun Ngen, ChongINF-4067 Universiteit TwentePostbus 2177500 AE EnschedeThe NetherlandsDistributed and Embedded Systems (DIES)Office Phone: +31 53 4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.: [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of ??Sent: Monday, September 10, 2001 1:48 PMTo: '[EMAIL PROTECTED]'Subject: ??: Please Help: BIO!! oh when application crash .. it normally beacause link mfc lib problem you may try use mfc in shared dll or mfc instatic dll it may ok.. as for memory leak .. begin .. OpenSSL_add_all_algorithms();SSL_load_error_strings(); your code... End: ERR_free_strings();EVP_cleanup(); see u later...:) -原始邮件-发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]代表 Jordan C N Chong发送时间: 2001年9月10日 19:43收件人: [EMAIL PROTECTED]主题: RE: Please Help: BIO!! Hi, Thanks for your reply. I have tried, still the memory leak problem happens :) and the whole application crashes my code is like this: BIO *bio, *b64;BIO *bio_out;char inbuf[128];int inlen;b64 = BIO_new(BIO_f_base64());bio = BIO_new_file("content.key", "rb"); bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);bio = BIO_push(b64, bio);while ((inlen = BIO_read(bio, inbuf, 128)) 0) {BIO_write(bio_out, inbuf, inlen);} BIO_free_all(bio); what I wish to do is, read the data from the file content.key and then decode the data and then convert the decoded data in to a char * (or perhaps to another new file) but here what i do is just print out the decoded data :) i am sorry to bother you that much. pls forgive and pls help if you have the time :D thousand thanks. Wish you all the best. Best regards,Jordan Cheun Ngen, ChongINF-4067 Universiteit TwentePostbus 2177500 AE EnschedeThe NetherlandsDistributed and Embedded Systems (DIES)Office Phone: +31 53 4894655Web site: http://www.cs.utwente.nl/~chongEmail Add.: [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of ??Sent: Monday, September 10, 2001 1:24 PMTo: '[EMAIL PROTECTED]'Subject: ??: Please Help: Crypto library with Visual C++ oh nothing do not be nervous i think if you want to read data from a file first you must construct a BIO * mbio = BIO_new_file(filename , "rb") object then build another BIO* b64 =BIO_new(BIO_f_base64()); then mbio = BIO_push(b64, mbio); all ok ... read data from while((inlen = BIO_read(mbio, inbuf, strlen(message))) 0) { do as you wish }// remember free all bio resource BIO_free_all(bio); can this solve your problem?
RE: Please Help: Crypto
Dear Dirk, Have a look at http://www.iconsinc.com/~agray/ossldev/nt and pick the workspace for the version of OpenSSL you want to use (you'll still need to download the src tarball of OpenSSLvx.y.z). CU, Dirk Thanks for your reply. I don't understand here. All I wish to do is to use the OpenSSL cryptography library... but not OpenSSL.. Although I have already installed the OpenSSL with Apache server on my machine... 1. to do enc/decryption 2. signature generation and verification 3. certificate management However I wish to know whether there is a specific direction on achieving that... like: 1. how to use the provided OpenSSL crypto API? 2. any settings on VC++ 6.0 for that? 3. any library (.LIB) needed? etc. Please help. Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please help me to find the differences......
Hi all, I have a doubt regarding the conversion of public key to DER form Please take time to go through the following code... BIO *bio; X509_REQ *req; /* The X509_REQ from which we extract the public key */ unsigned char *data; int length; EVP_PKEY *ppubkey ; ... .. ppubkey = X509_REQ_get_pubkey(req); bio = BIO_new(BIO_s_mem()); /* write the public key to the bio */ i2d_PUBKEY_bio(bio,ppubkey); /* retrieve the memory pointer of the bio */ length = BIO_get_mem_data(bio, data); printf( "Length%d\n", length); When I do like this I get the length as 94 When I use int icnt; EVP_PKEY ppubKey; X509_REQ *req; /* Request from which we extract public key */ unsigned char pkeyBuff[500]; ppubkey = X509_REQ_get_pubkey(req);/* Get the public key */ icnt = i2d_PUBKEY(ppubKey,pkeyBuf); printf("Length%d\n", icnt); In this case I get the length as 74. I didnt understand the concept of the BIO structure in the former case. Can any one explain me what makes the length more in the former than the later case. Please help me to understand better the concept Thanks in advance... Regards Suram
PLease help! Using LWP to check to see if Secure Server is running
use LWP::UserAgent; my $ua = new LWP::UserAgent; my $req = new HTTP::Request('GET', 'https://www.someserver.com'); my $res = $ua-request($req); print $res-code."\n"; The return code is always 501 with secure servers, and 200 with non-secure. Should this code work? I know the ssl server is up and listening, yet I get the 501 code. All I need this to do is see if it is still taking requests. I installed the openssl, and all neccessary packages. RedHat 7.0, Perl5.6.0. Doesn't throw any errors? Any help is very appreciated! Thanks, Frank Belfie Datacomm Engineer Commerce Bank, N.A. [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: PLease help! Using LWP to check to see if Secure Server is running
My guess is LWP by default sends requests to port 80. There must be a method to specify a different port... The request string where you specified the url... my $req = new HTTP::Request('GET', 'https://www.someserver.com'); ...just get's added the the http header inside the tcp payload and interpreted by the http daemon on port 80. -- Jack VargaSMTS | [EMAIL PROTECTED] Circadence Corporation | 303.413.8800 x 1082 4888 Perl East Circle | Boulder, Colorado 80301 -Original Message- From: Frank Belfie [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 08, 2001 2:20 PM To: [EMAIL PROTECTED] Subject: PLease help! Using LWP to check to see if Secure Server is running use LWP::UserAgent; my $ua = new LWP::UserAgent; my $req = new HTTP::Request('GET', 'https://www.someserver.com'); my $res = $ua-request($req); print $res-code."\n"; The return code is always 501 with secure servers, and 200 with non-secure. Should this code work? I know the ssl server is up and listening, yet I get the 501 code. All I need this to do is see if it is still taking requests. I installed the openssl, and all neccessary packages. RedHat 7.0, Perl5.6.0. Doesn't throw any errors? Any help is very appreciated! Thanks, Frank Belfie Datacomm Engineer Commerce Bank, N.A. [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: PLease help! Using LWP to check to see if Secure Server is ru nning
Sorry. This is not correct. LWP apparently doesn't support HTTPS out of the box because of the complexities associated with key exchanges and cert mgmt. -Original Message- From: Varga, Jack [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 08, 2001 2:39 PM To: '[EMAIL PROTECTED]' Subject: RE: PLease help! Using LWP to check to see if Secure Server is ru nning My guess is LWP by default sends requests to port 80. There must be a method to specify a different port... The request string where you specified the url... my $req = new HTTP::Request('GET', 'https://www.someserver.com'); ...just get's added the the http header inside the tcp payload and interpreted by the http daemon on port 80. -- Jack VargaSMTS| [EMAIL PROTECTED] Circadence Corporation| 303.413.8800 x 1082 4888 Perl East Circle | Boulder, Colorado 80301 -Original Message- From: Frank Belfie [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 08, 2001 2:20 PM To: [EMAIL PROTECTED] Subject: PLease help! Using LWP to check to see if Secure Server is running use LWP::UserAgent; my $ua = new LWP::UserAgent; my $req = new HTTP::Request('GET', 'https://www.someserver.com'); my $res = $ua-request($req); print $res-code."\n"; The return code is always 501 with secure servers, and 200 with non-secure. Should this code work? I know the ssl server is up and listening, yet I get the 501 code. All I need this to do is see if it is still taking requests. I installed the openssl, and all neccessary packages. RedHat 7.0, Perl5.6.0. Doesn't throw any errors? Any help is very appreciated! Thanks, Frank Belfie Datacomm Engineer Commerce Bank, N.A. [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PLease help! Using LWP to check to see if Secure Server is running
Might look at the LWP::SecureSocket module in the CPAN archives. I've never tried it, but from the description it work with what you're looking to do. "Varga, Jack" wrote: Sorry. This is not correct. LWP apparently doesn't support HTTPS out of the box because of the complexities associated with key exchanges and cert mgmt. -Original Message- From: Varga, Jack [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 08, 2001 2:39 PM To: '[EMAIL PROTECTED]' Subject: RE: PLease help! Using LWP to check to see if Secure Server is ru nning My guess is LWP by default sends requests to port 80. There must be a method to specify a different port... The request string where you specified the url... my $req = new HTTP::Request('GET', 'https://www.someserver.com'); ...just get's added the the http header inside the tcp payload and interpreted by the http daemon on port 80. -- Jack VargaSMTS| [EMAIL PROTECTED] Circadence Corporation| 303.413.8800 x 1082 4888 Perl East Circle | Boulder, Colorado 80301 -Original Message- From: Frank Belfie [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 08, 2001 2:20 PM To: [EMAIL PROTECTED] Subject: PLease help! Using LWP to check to see if Secure Server is running use LWP::UserAgent; my $ua = new LWP::UserAgent; my $req = new HTTP::Request('GET', 'https://www.someserver.com'); my $res = $ua-request($req); print $res-code."\n"; The return code is always 501 with secure servers, and 200 with non-secure. Should this code work? I know the ssl server is up and listening, yet I get the 501 code. All I need this to do is see if it is still taking requests. I installed the openssl, and all neccessary packages. RedHat 7.0, Perl5.6.0. Doesn't throw any errors? Any help is very appreciated! Thanks, Frank Belfie Datacomm Engineer Commerce Bank, N.A. [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: please help me first!
¾ç½Â¸ð£¬ÄúºÃ£¡ Opensslreq -new -x509 -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem Opensslreq -out reqU.pem -keyout keyU.pem -new Opensslca -policy policy_anything -out certU.pem -infiles reqU.pem Opensslpkcs12 -in certU.pem -inkey reqU.pem -certfile ./demoCA/cacert.pem -out certU.p12 -export -name "user" -inkey keyU.pem I success creation certificate. I cann't append the sample certificate! why? ÔÚ 2001-03-05 10:40:00 ÄúдµÀ£º Help please!! First!! Sorry!! I am unfamilier with things English!! I was test with openssl. I create certificate follow later.. 1."root ca generation" Opensslreq -new -x509 -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem 2.User certification generation" Opensslreq -out reqU.pem -keyout keyU.pem -new Opensslca -policy policy_anything -out certU.pem -infiles reqU.pem Opensslpkcs12 -in certU.pem -inkey reqU.pem -certfile ./demoCA/cacert.pem -out certU.p12 -export -name "user" -inkey keyU.pem I success creation certificate. I appended my sample certificate! Question! I'm create intermediation CA(?) follow sample.. openSSL req -new -keyout keyM.pem -out reqM.pem openSSL x509 -req -in reqM.pem -extensions v3_usr -CA ./democa/cacert.pem -CAkey ./democa/private/cakey.pem -CAcreateserial -out certM.pem openssl x509 -x509toreq -in certM.pem -signkey keyM.pem -out tmp.pem openssl ca -policy policy_anything -out certM1.pem -infiles tmpM.pem openssl pkcs12 -in certM1.pem -inkey keyM.pem -certfile ./democa/cacert.pem -out certM.p12 -export -name "remoteM" and i install But that added user certification How create intermediation CA(?) ? i want install intermediation CA(?) but i don't know I want openssl sample command that create down issue! Please help me! Ö Àñ£¡ zgleaf [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
please help apache-ssl
Hello all i am new on this list. linux machine redhat 6.2. i compiled openssl-0.9.6. then patch and compiled apache-1.3.14 with no problems. after that i have make certs with the following commands: cd /usr/local/ssl/private openssl genrsa -des3 -out MyCA.key openssl genrsa -des3 -out ServerCA.key openssl genrsa -des3 -out ClientCA.key cd ../certs openssl req -new x509 -days 90 -key ../private/MyCA.key -out MyCA.crt openssl req -new -key ../private/ServerCA.key -out ServerCA.csr openssl req -new -key ../privateClientCA.key -out ClientCA.csr openssl ca -cert MyCA.crt -in ServerCA.csr -keyfile ../private/MyCA.key -out ServerCA.crt openssl ca -cert MyCA.crt -in ClientCA.csr -keyfile ../private/MyCA.key -out ClientCA.crt openssl pkcs12 -export -in MyCA.crt -inkey ../private/MyCA.key -out MyCA.pfx in httpd.conf: SSLCACertificatePath /usr/local/ssl/certs SSLCACertificateFile /usr/local/ssl/certs/ClientCA.crt SSLCertificateFile /usr/local/ssl/certs/ServerCA.crt SSLCertificateKeyFile /usr/local/ssl/private/ServerCA.key SSLVerifyClient 1 SSLVerifyDepth 1 with SSLVerifyClient0 there is no problem with SSLVerifyClient 1, i cant cennoct to the server in the error_log is the following message: [Tue Feb 20 16:01:14 2001] /usr/local/src/apache_1.3.14/src/modules/ssl/gcache started[Tue Feb 20 16:01:14 2001] [debug] apache_ssl.c(369): Random input /dev/urandom(1024) - 1024[Tue Feb 20 16:01:14 2001] [info] created shared memory segment #118657[Tue Feb 20 16:01:14 2001] /usr/local/src/apache_1.3.14/src/modules/ssl/gcache started[Tue Feb 20 16:01:14 2001] [notice] Apache/1.3.14 Ben-SSL/1.42 (Unix) configured-- resuming normal operations[Tue Feb 20 16:01:14 2001] [info] Server built: Feb 16 2001 16:46:27[Tue Feb 20 16:01:27 2001] [debug] apache_ssl.c(369): Random input /dev/urandom(1024) - 1024[Tue Feb 20 16:01:29 2001] [error] SSL_accept failed[Tue Feb 20 16:01:29 2001] [error] error:140890B0:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificates returned what is wrong? i use netscape 4.75 please help christoph hubmann
Re: please help apache-ssl
I dont know much about modssl, but If you set SSLVerifyClient to 1 you are telling the server to authenticate its clients (criptographically verify the clients identity). An entitity (lets say somebody connecting to your server) needs a certificate in order to be athenticated, but hardly any web user has his own certificate (You have to buy it or make your own certification authority and make the server trust it). And thats is your error message: your browser does not have a certificate. Just dont set SSLVerifyClient to 1, if you want usual people (99% of web users) to be able to get into your web. Christoph Hubmann wrote: in httpd.conf:SSLCACertificatePath /usr/local/ssl/certsSSLCACertificateFile /usr/local/ssl/certs/ClientCA.crtSSLCertificateFile /usr/local/ssl/certs/ServerCA.crtSSLCertificateKeyFile /usr/local/ssl/private/ServerCA.keySSLVerifyClient 1SSLVerifyDepth 1 with SSLVerifyClient 0 there is no problemwith SSLVerifyClient 1, i cant cennoct to the server in the error_log is the following message:[Tue Feb 20 16:01:14 2001] /usr/local/src/apache_1.3.14/src/modules/ssl/gcache s tarted [Tue Feb 20 16:01:14 2001] [debug] apache_ssl.c(369): Random input /dev/urandom( 1024) - 1024 [Tue Feb 20 16:01:14 2001] [info] created shared memory segment #118657 [Tue Feb 20 16:01:14 2001] /usr/local/src/apache_1.3.14/src/modules/ssl/gcache s tarted [Tue Feb 20 16:01:14 2001] [notice] Apache/1.3.14 Ben-SSL/1.42 (Unix) configured -- resuming normal operations [Tue Feb 20 16:01:14 2001] [info] Server built: Feb 16 2001 16:46:27 [Tue Feb 20 16:01:27 2001] [debug] apache_ssl.c(369): Random input /dev/urandom( 1024) - 1024 [Tue Feb 20 16:01:29 2001] [error] SSL_accept failed [Tue Feb 20 16:01:29 2001] [error] error:140890B0:SSL routines:SSL3_GET_CLIENT_C ERTIFICATE:no certificates returned what is wrong? i use netscape 4.75 please help christoph hubmann -- Jorge Olmos Fors __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Help ! Please help me !
Oh dear, sounds like you're in a right pickle. Don't forget to call this first: SSLeay_add_all_algorithms(); It fills out some structures in SSL library that may be the cause of your problems (I had the same problems as you, and this fixed it, after much debugging). There's no need to call RSA_new() as the RSA_generate_key() allocates the memory for you. I am using ssl 0.9.0b, but I think it's more or less the same as openssl. Good luck! Tat. It fills in some static data in the crypto lib and may be the cause of your problem. "Andr0xL1A0zs_Joo/Digital_Reality/MSM/IBCGroup%IBCGROUP" wrote: Hi, I'm a beginner programmer and I have been dropped into a big cryptographic project. My boss went away, and told me what to do still he comes back. I have to do the following things in C: -generate an RSA key pair -write it out in a file in DER or PEM format I tryed the following code: #include stdio.h #include stdlib.h #include openssl/rsa.h void main() { RSA *rsa; FILE *file; int modulus_size = 1024; int public_exponent = 65535; RAND_screen(); rsa = RSA_new(); rsa = RSA_generate_key(modulus_size, public_exponent, NULL,NULL); file=fopen("out.rsa","w"); PEM_write_RSAPrivateKey(file,rsa,NULL,NULL,0,NULL,NULL); fclose(file); } But I get a nice error box from Windows with the following: This program has performed an illegal operation, and will be closed The problem must be with the PEM_write_RSAPrivateKey. What should I do ? Or if you can't tell how to write in DER format, then just simply tell how works the RSA_print_fp(..) function because I've got the same error message with it. Thank you Joo Andras __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- +--- | Tat Sing Kong Bsc(Hons) | Senior Technical Architect | Consegna Advanced Technologies Ltd | 1st Floor, 30-32 Thomas Street | Manchester, M4 1ER, United Kingdom | http://www.consegna.co.uk | Tel : +44 (0)161 833 3777 (x30) | Fax : +44 (0)161 833 3636 | Email : [EMAIL PROTECTED] begin:vcard n:Kong;Tat Sing tel;fax:+44 (0)161 833 3636 tel;work:+44 (0)161 833 3777 x-mozilla-html:FALSE url:www.consegna.co.uk org:Consegna Advanced Technlogies Ltd version:2.1 email;internet:[EMAIL PROTECTED] title:Senior Software Architect adr;quoted-printable:;;1st Floor=0D=0A30-32 Thomas Street=0D=0A;Manchester;;M4 1ER; fn:Tat Sing Kong end:vcard S/MIME Cryptographic Signature
Help ! Please help me !
Hi, I'm a beginner programmer and I have been dropped into a big cryptographic project. My boss went away, and told me what to do still he comes back. I have to do the following things in C: -generate an RSA key pair -write it out in a file in DER or PEM format I tryed the following code: #include stdio.h #include stdlib.h #include openssl/rsa.h void main() { RSA *rsa; FILE *file; int modulus_size = 1024; int public_exponent = 65535; RAND_screen(); rsa = RSA_new(); rsa = RSA_generate_key(modulus_size, public_exponent, NULL,NULL); file=fopen("out.rsa","w"); PEM_write_RSAPrivateKey(file,rsa,NULL,NULL,0,NULL,NULL); fclose(file); } But I get a nice error box from Windows with the following: This program has performed an illegal operation, and will be closed The problem must be with the PEM_write_RSAPrivateKey. What should I do ? Or if you can't tell how to write in DER format, then just simply tell how works the RSA_print_fp(..) function because I've got the same error message with it. Thank you Joo Andras __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Unable to Build OPen ssl -please help (urgent)
Hi I am trying to install openssl on solaris 5.6 . i am running config command . there is no problem with it. but make command is not completed successfully ,and it is unable to create target . when i run make ,the following output is generated .please see this ,and let me know whow can i solve this problem , do i need to change source code ? help me out ,its very urgent. thank you dilip MAKE output --- gcc -I.. -I../../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_AS M -c read_pwd.c read_pwd.c: In function `des_read_pw': read_pwd.c:281: warning: implicit declaration of function `fileno' read_pwd.c: In function `pushsig': read_pwd.c:405: storage size of `sa' isn't known read_pwd.c:422: warning: implicit declaration of function `sigaction' read_pwd.c:422: invalid use of undefined type `struct sigaction' read_pwd.c:405: warning: unused variable `sa' read_pwd.c: In function `popsig': read_pwd.c:448: invalid use of undefined type `struct sigaction' read_pwd.c: At top level: read_pwd.c:202: storage size of `savsig' isn't known *** Error code 1 make: Fatal error: Command failed for target `read_pwd.o' Current working directory /home/ocbcdev/process/openssl-0.9.6/openssl-0.9.6/cryp to/des *** Error code 1 make: Fatal error: Command failed for target `subdirs' Current working directory /home/ocbcdev/process/openssl-0.9.6/openssl-0.9.6/cryp to *** Error code 1 make: Fatal error: Command failed for target `all' __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Unable to Build OPen ssl -please help (urgent)
Hi I am trying to install openssl on solaris 5.6 . i am running config command . there is no problem with it. but make command is not completed successfully ,and it is unable to create target . when i run make ,the following output is generated .please see this ,and let me know whow can i solve this problem , do i need to change source code ? help me out ,its very urgent. thank you dilip MAKE output --- gcc -I.. -I../../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_AS M -c read_pwd.c read_pwd.c: In function `des_read_pw': read_pwd.c:281: warning: implicit declaration of function `fileno' read_pwd.c: In function `pushsig': read_pwd.c:405: storage size of `sa' isn't known read_pwd.c:422: warning: implicit declaration of function `sigaction' read_pwd.c:422: invalid use of undefined type `struct sigaction' read_pwd.c:405: warning: unused variable `sa' read_pwd.c: In function `popsig': read_pwd.c:448: invalid use of undefined type `struct sigaction' read_pwd.c: At top level: read_pwd.c:202: storage size of `savsig' isn't known *** Error code 1 make: Fatal error: Command failed for target `read_pwd.o' Current working directory /home/ocbcdev/process/openssl-0.9.6/openssl-0.9.6/cryp to/des *** Error code 1 make: Fatal error: Command failed for target `subdirs' Current working directory /home/ocbcdev/process/openssl-0.9.6/openssl-0.9.6/cryp to *** Error code 1 make: Fatal error: Command failed for target `all' __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
I need the 'bc' script/tool. Please help!
Hello, I have a nearly 'hand crafted' Linux system on which I use the 2.xx rpm tool. So I tried to compile openssl-0.9.6 with 'rpm -ta openssl-0.9.6.tar.gz. The compilation went good sofar but stops with an error during the test phase. Where can I grep 'bc' or in which rpm-src package is it located? test 4 done starting big number library test, could take a while... test BN_add test BN_sub test BN_lshift1 test BN_lshift (fixed) test BN_lshift test BN_rshift1 test BN_rshift test BN_sqr test BN_mul test BN_div test BN_div_recp test BN_mod test BN_mod_mul test BN_mont test BN_mod_exp test BN_exp running bc Failed! bc: /bin/sh: bc: command not found make[1]: *** [test_bn] Error 255 make[1]: Leaving directory `/usr/src/redhat/BUILD/openssl-0.9.6/test' make: *** [tests] Error 2 Bad exit status from /var/tmp/rpm-tmp.40706 (%build) 230.420u 35.090s 5:09.84 85.6% 0+0k 0+0io 628566pf+0w Thank you very much, Dieter BTW Please CC directly to my home address. -- Dieter Nützel Graduate Student, Computer Science University of Hamburg Department of Computer Science Cognitive Systems Group Vogt-Kölln-Straße 30 D-22527 Hamburg, Germany email: [EMAIL PROTECTED] @home: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Symmetric Cipher Usage Please Help
I've read the docs. I've seen the source. I still don't totally understand. I'm trying to be a good doobie and use the High-level EVP_ functions for my RC4, RC2, and DES calls. Butwhat about setting up the key?If I'm doing password based stuff do I need to use \ EVP_BytesToKey ?? or does EVP_EncryptInitdo everything I need in this case? Advice ora few lines of code would be very much appreciated. I'd also like to contribute some step-by-step documented examples(along with some C++ wrappers) once Iunderstand better. Eventually I will be buying wholesale intoOpenSSL for our crypto infrastructure. I will be using RC4 RC2 DESCBC RSA and DSA keypair generation Diffie-Hellman Signing/Verifying Certs Certs and more Certs... ...but I have been using the RSA (boo hiss...) toolkits and they are more canned and well documented... Just trying to wade through this and then hopefully I can contribute... Please cc replies to [EMAIL PROTECTED]
Re: Symmetric Cipher Usage Please Help
Matthew Cross wrote: I've read the docs. I've seen the source. I still don't totally understand. I'm trying to be a good doobie and use the High-level EVP_ functions for my RC4, RC2, and DES calls. But what about setting up the key? If I'm doing password based stuff do I need to use \ EVP_BytesToKey ?? or does EVP_EncryptInit do everything I need in this case? Advice or a few lines of code would be very much appreciated. I'd also like to contribute some step-by-step documented examples (along with some C++ wrappers) once I understand better. It depends on what you mean by "password based stuff". EVP_BytesToKey() can do that but its non standard, you generate a random salt of length PKCS5_SALT_LEN bytes (8) include an iteration count and then the password in the data and datal arguments. You get back a key and iv which you can use for EVP_EncryptInit() and friends. The iteration count and salt have to be transferred along with the encrypted data. There's an example in the cipher application. An alternative technique is to use the EVP_PBE_CipherInit() function which support PKCS#5 (v1.5 and v2.0) and PKCS#12 password based encryption. That isn't documented but it is used in the PKCS#8 routines. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: please, please help - Install on Slack fails....
On Friday, September 22, 2000, at 06:16 PM, Robert Hajime Lanning wrote: Did you install the kernel as /usr/src/linux? and did you atleast do a make menuconfig dep yes, i did. that's what's so freaky. ORIGINAL MESSAGE: As written by Joshua Brown: Please help! I will happily pay any list member who can help me get this running... I am pretty familiar with linux, and I usually do my own installations, but i don't understand what is going on here. I need to get this system working, and it's very frustrating. I am a smart and completely linux literate person, so I can answer your questions about exactly what I'm doing. PLEASE HELP! I have the source for the latest openssl installed in: /usr/src/openssl-0.9.5a I am using slackware 7.1 with the latest stable linux kernel. 'config' runs just fine, (see below) but when i use make, it fails very quickly. here's what i am getting: making all in crypto... make[1]: Entering directory `/usr/src/openssl-0.9.5a/crypto' ( echo "#ifndef MK1MF_BUILD"; \ echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \ echo " #define CFLAGS \"gcc -DTHREADS -D_REENTRANT -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM\""; \ echo " #define PLATFORM \"linux-elf\""; \ echo " #define DATE \"`date`\""; \ echo "#endif" ) buildinf.h gcc -I. -I../include -DTHREADS -D_REENTRANT -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c cryptlib.c -o cryptlib.o In file included from /usr/include/errno.h:36, from ../include/openssl/err.h:82, from cryptlib.h:74, from cryptlib.c:61: /usr/include/bits/errno.h:25: linux/errno.h: No such file or directory make[1]: *** [cryptlib.o] Error 1 make[1]: Leaving directory `/usr/src/openssl-0.9.5a/crypto' make: *** [all] Error 1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: please, please help - Install on Slack fails....
This problem is reported by a variety of people in different contexts and the solution seems to be the same. /usr/include/linux is not pointing to the correct location. On my redhat it points to ../src/linux/include/linux However ../src/linux/include/linux points in turn to /usr/src/linux-2.2.14 Joshua Brown wrote: Please help! I will happily pay any list member who can help me get this running... I am pretty familiar with linux, and I usually do my own installations, but i don't understand what is going on here. I need to get this system working, and it's very frustrating. I am a smart and completely linux literate person, so I can answer your questions about exactly what I'm doing. PLEASE HELP! I have the source for the latest openssl installed in: /usr/src/openssl-0.9.5a I am using slackware 7.1 with the latest stable linux kernel. 'config' runs just fine, (see below) but when i use make, it fails very quickly. here's what i am getting: making all in crypto... make[1]: Entering directory `/usr/src/openssl-0.9.5a/crypto' ( echo "#ifndef MK1MF_BUILD"; \ echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \ echo " #define CFLAGS \"gcc -DTHREADS -D_REENTRANT -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM\""; \ echo " #define PLATFORM \"linux-elf\""; \ echo " #define DATE \"`date`\""; \ echo "#endif" ) buildinf.h gcc -I. -I../include -DTHREADS -D_REENTRANT -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c cryptlib.c -o cryptlib.o In file included from /usr/include/errno.h:36, from ../include/openssl/err.h:82, from cryptlib.h:74, from cryptlib.c:61: /usr/include/bits/errno.h:25: linux/errno.h: No such file or directory make[1]: *** [cryptlib.o] Error 1 make[1]: Leaving directory `/usr/src/openssl-0.9.5a/crypto' make: *** [all] Error 1 here is the (truncated) output of config: Operating system: i686-whatever-linux2 Configuring for linux-elf IsWindows=0 CC=gcc CFLAG =-DTHREADS -D_REENTRANT -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM EX_LIBS = BN_ASM=asm/bn86-elf.o asm/co86-elf.o DES_ENC =asm/dx86-elf.o asm/yx86-elf.o BF_ENC=asm/bx86-elf.o CAST_ENC =asm/cx86-elf.o RC4_ENC =asm/rx86-elf.o RC5_ENC =asm/r586-elf.o MD5_OBJ_ASM =asm/mx86-elf.o SHA1_OBJ_ASM =asm/sx86-elf.o RMD160_OBJ_ASM=asm/rm86-elf.o PROCESSOR = RANLIB=/usr/bin/ranlib PERL =/usr/local/bin/perl THIRTY_TWO_BIT mode DES_PTR used DES_RISC1 used DES_UNROLL used BN_LLONG mode RC4_INDEX mode RC4_CHUNK is undefined making links etc bla bla bla __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: please, please help - Install on Slack fails....
On Friday, September 22, 2000, at 06:51 PM, Nikhil G. Daddikar wrote: This problem is reported by a variety of people in different contexts and the solution seems to be the same. /usr/include/linux is not pointing to the correct location. On my redhat it points to ../src/linux/include/linux However ../src/linux/include/linux points in turn to /usr/src/linux-2.2.14 Nikhil, Thank you for your response. You are exactly right. Richard Levitte pointed out to me what file was missing, and I was able to track down the broken link in /usr/include/linux. Joshua brown __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please Help
I cannot get openssl to make without errors. I keep getting "No such file or directory" on the first 11 file then a cryptlib.o Error 1. I am trying to installSSH on a Solaris 2.6 box. Any thoughts? William Pleasants Qwest Communications Network Security Engineer
Re: please help with understanding client authentication
I've been building a small https client everything has gone quite well. Now I've been told that I need to include support for client authentication using a standard x.509 certificate I am stumped. How do you manage client trust to your server? how do you know that you are really communicating in a confidential way with the intended server? Is there a configuration file with 'trusted CAs or server certs', etc?, Is the certificate just going to be a file? Do I just have to set a path to it, or is there some sort of installation that I need to do? It depends what kind of https client software you are building. As you can tell, I'm at a real basic level with this one. I've looked at the command line tool documentation, but I don't know what I'm looking for. You can for example (mis)use a PKCS12 file containing a user key-pair/cert and even some trust base. For example, if you want to make a simple client/server protocol based on https between some client software and one service, where each user has access to his/her server, you could use a file (or a hardware token) with three things: - a key/pair for the user, - a corresponding cert - a cert of the server containing a service URL somewhere. This file completely describes the information concerning a user. (The client software may need one configuration parameter about https proxies, this might be handled independantly from the user parms and considered as a parameter of the workstation and not of the USER.) Peter Sylvester __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: please help with understanding client authentication
The certificate can be an ASN1 or PEM format file. To use a certificate, you must also have a private key file (also in PEM or ASN1 format). The certificate must be the public key for the private key file. Both of these files can be created using the openssl utility. Example: Generate a 1024 bit private key file, encoded with 3DES password found in the file 3des.key and output the private key to rsa.prv: openssl genrsa -rand random.file -des3 -passout file:3des.key -out rsa.prv 1024 Generate a certificate request based on the private key and output the certificate request to cert.req (note my.config is a config file based on the format in the documentation): openssl req -new -config my.config -key rsa.prv -passin file:3des.key -out cert.req If you have a CA (Entrust, etc.) send the the cert.req file to get the certificate. For testing you can use the openssl's CA utility: openssl ca -config testCA.config -in cert.req -out cert.cert For the client code to actually utilize the rsa.prv file and the cert.cert file (from the above example) check out the API: SSL_CTX_use_certificate_file SSL_CTX_use_PrivateKey_file This should be enough to get you in trouble. If any of this is wrong, sorry! Jon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Randall Ward Sent: Wednesday, August 09, 2000 1:28 PM To: '[EMAIL PROTECTED]' Subject: please help with understanding client authentication I've been building a small https client everything has gone quite well. Now I've been told that I need to include support for client authentication using a standard x.509 certificate I am stumped. Is the certificate just going to be a file? Do I just have to set a path to it, or is there some sort of installation that I need to do? As you can tell, I'm at a real basic level with this one. I've looked at the command line tool documentation, but I don't know what I'm looking for. Any help at all would be most useful. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please help a little more with client authentication
I know know lots and lots about client authentication and certificates. Thanks everyone for your help! Now: there's one big thing that I don't understand. If I am going to be building an https client that will authenticate itself with a certificate of some kind, does that client need to have access to the private key corresponding to the certificate? I know that may be a really dumb question, but it has some big implications for my little project. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: please help with understanding client authentication
[EMAIL PROTECTED] wrote: Hi Randal, I am trying to get OpenSSL to import private key files. You can load a private key with PEM_read_PrivateKey() (defined in openssl/pem.h) -Original Message- From: EXT Randall Ward [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 09, 2000 1:28 PM To: '[EMAIL PROTECTED]' Subject: please help with understanding client authentication I've been building a small https client everything has gone quite well. Now I've been told that I need to include support for client authentication using a standard x.509 certificate I am stumped. Is the certificate just going to be a file? Do I just have to set a path to it, or is there some sort of installation that I need to do? You load a certificate with PEM_read_X509() (defined in openssl/pem.h) parameters are: fp: file pointer x: pointer for in object, leasve it NULL cb: callback for passphrase (only needed for private key) u: parameter passed to callback cb has the form: int cb(char *buf, int size, int rwflag, void *userdata); buf: buffer for pass phrase size: size of buf rwflag: on read you can ignore this userdata: param u from PEM_read...() (Assuming key and certificate are stored in PEM...) these private key and certificate you can set insert in the SSL data: int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); int SSL_use_certificate(SSL *ssl, X509 *x); (from openssl/ssl.h) By Goetz -- Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
please help with understanding client authentication
I've been building a small https client everything has gone quite well. Now I've been told that I need to include support for client authentication using a standard x.509 certificate I am stumped. Is the certificate just going to be a file? Do I just have to set a path to it, or is there some sort of installation that I need to do? As you can tell, I'm at a real basic level with this one. I've looked at the command line tool documentation, but I don't know what I'm looking for. Any help at all would be most useful. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Secure Reverse Proxy - SSL Error - Please Help
Hi there. I'm attempting to setup a reverse proxy using OpenBSD-2.7, OpenSSL-0.9.5a, mod_ssl-2.6.4_1.3.12, and Apache-1.3.12. Up to this point, I've gotten the reverse proxy setup and it runs correctly for retrieving port 80 based materials. But I cannot get Apache to launch with SSL support. Here is the error that I am getting from apache-rproxy.elog: [Mon Jun 19 05:26:09 2000] [error] mod_ssl: Init: (openliness-qa.mydomain.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [Mon Jun 19 05:26:09 2000] [error] OpenSSL: error:0B080074::lib(11) :func(128) :reason(116) Can anyone help me? I have the cert for openliness-qa on the rproxy server. Do I actually need the key as well or is the proxy becoming transparent after the certificate has been passed from the Proxy to the client? If I'm really curious why http will work, but attempting to start https is failing. Here is my httpd.conf file. ## ## apache-rproxy.conf -- Apache configuration for Reverse Proxy Usage ## # server type ServerType standalone Port 80 Listen 443 MinSpareServers 2 StartServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 100 # server operation parameters KeepAliveon MaxKeepAliveRequests 100 KeepAliveTimeout 15 Timeout 400 IdentityCheckoff HostnameLookups on # paths to runtime files PidFile /opt/apache/logs/apache-rproxy.pid LockFile /opt/apache/logs/apache-rproxy.lock ErrorLog /opt/apache/logs/apache-rproxy.elog # unused paths ServerRoot /opt/apache DocumentRoot /tmp CacheRoot/tmp TypesConfig /dev/null AccessConfig /dev/null ResourceConfig /dev/null AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLEngine on SSLPassPhraseDialog builtin SSLSessionCache dbm:/opt/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/opt/apache/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /opt/apache/logs/ssl_engine_log SSLLogLevel info SSLCertificateFile /opt/apache/conf/ssl.crt/snakeoil-rsa.crt SSLCertificateKeyFile /opt/apache/conf/ssl.key/snakeoil-rsa.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog /opt/apache/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # speed up and secure processing Directory / Options -FollowSymLinks -SymLinksIfOwnerMatch AllowOverride None /Directory # the status page for monitoring the reverse proxy Location /rproxy-status SetHandler server-status /Location # enable the URL rewriting engine RewriteEngineon RewriteLogLevel 2 NameVirtualHost webhome.mydomain.com:80 NameVirtualHost openliness-qa.mydomain.com:443 VirtualHost webhome.mydomain.com:80 SSLDisable ServerName webhome.mydomain.com CustomLog/opt/apache/logs/apache-rproxy-wh.dlog "%{%v/%T}t %h - %{SERVER}e URL: %U" RewriteLog /opt/apache/logs/apache-rproxy-wh.rwlog TransferLog /opt/apache/logs/apache-rproxy-wh.tlog # define a rewriting map with value-lists where # mod_rewrite randomly chooses a particular value RewriteMap server rnd:/opt/apache/conf/apache-rproxy-wh.conf-servers # make sure the status page is handled locally # and make sure no one uses our proxy except ourself RewriteRule^/apache-rproxy-status.* - [L] RewriteRule^(http|ftp)://.* - [F] # now choose the possible servers for particular URL types RewriteRule^/(.*\.(cgi|shtml))$ to://${server:dynamic}/$1 [S=1] RewriteRule^/(.*)$ to://${server:static}/$1 # and delegate the generated URL by passing it # through the proxy module RewriteRule^to://([^/]+)/(.*)http://$1/$2 [E=SERVER:$1,P,L] # and make really sure all other stuff is forbidden # when it should survive the above rules... RewriteRule.*- [F] # enable the Proxy module without caching ProxyRequestson NoCache * # setup URL reverse mapping for redirect reponses ProxyPassReverse / http://webhome.mydomain.com/ /VirtualHost VirtualHost openliness-qa.mydomain.com:443 ServerName
PLEASE HELP ME...............................!!!!
hi, You know that OpenSSL supports DES for encryption of data.So if you want to establish a communication link between client server then you must use a secret key. Now my question is,What the certificate contains? I mean what public keys it contains for what purpose they can be used? Could anybody tell me,before encryption of actual data using secret key, what are the necessary steps that could be performed to share the secret key? ThanX --Radha __ Do You Yahoo!? Yahoo! Photos -- now, 100 FREE prints! http://photos.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PLEASE HELP ME...............................!!!!
Hi, in short: using SSL you have two parts of encryption: first a public/secret key system (asymmetric cryptographie) is used to establish a connection and to agree for a common secret key. When both parties have agreed to that common secret key (which is, in short, encrypted with the public keys (very short, this is) ) the common secret key is used for the encrypting of the exchanged data. So, for agreement for a common secret key, asymmetric cryptographie is used. To be sure you use the true public key of your partie (so nobody elses key, maybe that of an man-in-the-middle) you get a certificate. Why a certificate? Because chances are high that you do not know all keys of all people/server you want to correspond with. So you get a certificate which is signed by a CA (certificate authority) that you know and that you can trust. More to find in literature. Hops this helps Doris On Tue, 13 Jun 2000, Pamu Radhakrishna wrote: hi, You know that OpenSSL supports DES for encryption of data.So if you want to establish a communication link between client server then you must use a secret key. Now my question is,What the certificate contains? I mean what public keys it contains for what purpose they can be used? Could anybody tell me,before encryption of actual data using secret key, what are the necessary steps that could be performed to share the secret key? ThanX --Radha __ Do You Yahoo!? Yahoo! Photos -- now, 100 FREE prints! http://photos.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
please help
Hi, my name is Hungdan Ly and I just downloaded the Crypt-SSLeay-0.16. I'm running Perl v5.00502. I got your contact info from the README file. Sorry to inconvenience you but I need your help. I'm trying to write a perl script that will go to an https server (let's call it server1.mydomain.com) on the net and post a file. I received this error message: 500 (Internal Server Error) Can't connect to server1.mydomain.com:443 (Bad file number) I made sure that server1.mydomain.com is resolvable on the machine that I'm running. I then tried to run the example script provided (net_ssl_test) and here is a snip of what occurred: - - -snip - - - # ./net_ssl_test HEAD server1.mydomain.com 443 Net::SSL: SSL negotiation failed at ./net_ssl_test line 9 Net::SSL: Bad file number at ./net_ssl_test line 9 Net::SSL: Bad file number at ./net_ssl_test line 9 Use of uninitialized value at /opt/ACMLperl/lib/site_perl/5.005/sun4-solaris/Net/SSL.pm line 53. Net::SSL: Bad file number at ./net_ssl_test line 9 Can't connect to server1.mydomain.com:443 at ./net_ssl_test line 9. - - -snip ends - - - I'm stuck at this point. Any help you can provide is greatly appreciated. Thanks in advance for your help. -Hungdan Ly 212-887-2930 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Douglas!Please help me
Hello! It is first time for me to work on your "openssl" security software.So iam requesting you to send me the testing program(for clientserver)in "C" which uses your"openssl API"functions of C language.when i run that (the program that you are going to send )programs(client program server program)on different machines it should also provide the features such as encryption,decryption, message digest,MAC,..etc. waiting for your response... bye Radhakrishna 1) I already have a job :-), please at least try for your self first. If you fail you will know how to state your problem as a question, and many people will be willing to help you. If you really want somebody to send you code you could ask in a more humble tone, like: "I am not so experienced and after reading the example code in the distribution, I still do not understand, does anybody know if there is a very basic example somewhere?" 2) Personally I inherited some code, so I didnt start from scratch, but there is plenty of other code to look at in: your-dir/openssl-0.9.5a/apps/ your-dir/openssl-0.9.5a/demos/ There is probably also some code in the mail list archives. /Douglas __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Still have a problem in SSL, please help me
Dear all, So far I recieved 2 mails. One of them is a question about our project, and the other was recommending me to try s_server.c and s_client.c in apps/ However, I think that these files are about specifing the options from the command line argument. May be I didn't clear myself. In fact, We need to use the SSL not the openssl but we use the files and the libraries used by openssl. We need to know how to make the client and the Server connect to each other. How to chooese the ciphers, the sessions, the certificates, and the private public keys If any one has worked in this field, can he send us his work (docs or source code),and be sure that we will mention his name in our project presentation to help us in the SSL. Please, we need a quick answers... Waiting for you mails. Thanks Nevine __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SMIME SIGN MESSAGE - PLEASE HELP ME
Hello all, I tray signing simple text file over openssl tool with thi comand: /usr/local/ssl/bin/openssl smime -sign -in mail.txt -text -out mail.msg -signer user.pem This comand write this error: Can't read recipient certificate file user.pem13916:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: ANY PRIVATE KEY Please help me Thank you very much Ivo MACHULDA
Re: Please help
-Im new to all this. What the plan is for me and a friend to make a -webpage with a few different sections. We would like to be able to -update it from one page. A page that would let us choose what section -it will be added to, write the new news or whatever and post it -automatically and making the changes to the html code. Well, it's not that this should be answered in this form, but If anyone uses FileMaker 5 (I used it because it was the only thing available and stable, Access sux.) then I have something I'm willing to open source. With FMP5, you can make a database of HTML code bits, called BODY PARTS for obvious reasons. Then you can assemble each page of your site by choosing the body parts in order of appearance. The advantage: if you have to change something dynamically from time to time, you now have the ability to modify a common HTML segement (say a navigation bar) in one step. Yes, I know server-side includes are the same thing, but this leaves cleaner directories and some people don't have SSI's... -Brendan Robert --- I am surviving the BS Y2K problem like everyone else in the world... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Please help
Im new to all this. What the plan is for me and a friend to make a webpage with a few different sections. We would like to be able to update it from one page. A page that would let us choose what section it will be added to, write the new news or whatever and post it automatically and making the changes to the html code. Can you give me ANY advice or suggestions or anything to help us with this? I really have no idea where to even start with this project. Any help at all will be greatly appreciated. Thankyou in advance for any help, J PS. Im a broke college student and he is a broke hischool student so we have 0 cash. =( __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
MORE: Please Help: Newbie trying to understand cacert
I was too hasty posting that last message. I thought I had started from scratch, but it looks like my cacert.pem was out of sync with my signed certs (I had created demoCA several times). I just rebuilt the whole thing and now s_client has no errors, but s_server still reports "SSL3 alert read:warning:no certificate". I'm rebuilding the third party environment now to see if that changes anything. Will post again if I still have problems. Sorry, Ed -Original Message- From: Trembicki-Guy, Ed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 19, 1999 12:00 PM To: [EMAIL PROTECTED] Subject: Please Help: Newbie trying to understand cacert Help! Am I missing something? The openssl utilities, s_server and s_client seem to work (with some errors reported), but the third party app that I'm trying to use that wraps the libraries still fails. I built openssl-0.9.4 on HPUX 11 with -DNO_RSA. The directory structure is /dnbusr1/guye/ssl/openssl-0.9.4/{etc.} From the directory, /dnbusr1/guye/ssl/openssl-0.9.4/apps/, I followed the instructions for creating a DSA CA, DSA parameters, DSA server client certs, and DH parameters as follows: openssl gendh -out dhparam.pem 1024 openssl dsaparam 1024 -out dsa1024.pem openssl req -x509 -newkey dsa:dsa1024.pem -out dsaca.pem CA.sh -newca cp privkey.pem demoCA/private/cakey.pem cp dsaca.pem demoCA/cacert.pem openssl req -newkey dsa:dsa1024.pem -out newreq.pem CA.sh -signreq cat dhparam.pem newcert.pem privkey.pem server.pem openssl req -newkey dsa:dsa1024.pem -out newreq.pem CA.sh -signreq cat dhparam.pem newcert.pem privkey.pem client.pem cp client.pem ../server.pem The last four command were to create a server.pem in a separate directory for the s_client utility. I ran the s_server and s_client utilities as follows: openssl 21 | tee server.log OpenSSL s_server -state -debug -verify 1 -CApath demoCA -CAfile cacert.pem and openssl 21 | tee client.log OpenSSL s_client -state -debug -verify 1 -CApath apps/demoCA -CAfile apps/demoCA/cacert.pem I have attached server.log and client.log files, which show some complaints about no certificate (server log) and unable to get local issuer and verify first certificate (client.log). The utilities still proceed to the point where what I type at the client is sent to the server and vice versa. When I try the same thing with the third party app, I get a connection failure. With the limited logging support that it has (similar to the -state flag), I get the following: Server: Failed Connection Attempt SSL: 0 24576 HANDSHAKE_START SSL: ACCEPT 24576 ACCEPT_LOOP SSL: ACCEPT SSL3_SR_CLNT_HELLO_A ACCEPT_LOOP SSL: ACCEPT SSL3_SW_SRVR_HELLO_A ACCEPT_LOOP SSL: ACCEPT SSL3_SW_CERT_A ACCEPT_LOOP SSL: ACCEPT SSL3_SW_KEY_EXCH_A ACCEPT_LOOP SSL: ACCEPT SSL3_SW_SRVR_DONE_A ACCEPT_LOOP SSL: ACCEPT SSL3_SW_FLUSH ACCEPT_EXIT Client: Connect Error: -1 SSL: 0 20480 HANDSHAKE_START SSL: CONNECT 20480 CONNECT_LOOP SSL: CONNECT SSL3_CW_CLNT_HELLO_A CONNECT_LOOP SSL: CONNECT SSL3_CR_SRVR_HELLO_A CONNECT_EXIT I believe the number 24576 (0x6000) equates to BEFORE|ACCEPT and 20480 (0x5000) equates to BEFORE|CONNECT. I have also attached cacert.pem, server.pem and client.pem. Can someone please tell me if I've done something wrong? I thought maybe it has something to do with cacert.pem, because when I try to load it in the third party app* it returns an error structure with the following: #PEM109 108 #X509 112 9 which I believe translates to 109 = PEM_F_PEM_READ_BIO 108 = PEM_R_NO_START_LINE and 112 = X509_F_X509_LOAD_CRL_FILE 9 = ??? *the app appears to call the following library routines: X509_LOOKUP_file(), X509_STORE_add_lookup() and X509_LOOKUP_ctrl, which returns 0, at which point I retrieve the error structure. I'm not even sure if this is what is preventing the connection, but any help at all is most appreciated. Thanks, Ed Trembicki-Guy p.s. The attached files are in PC format (cr/lf) as I ftp'ed them from the Unix machine in ascii mode. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
please help a newbie
Hello all. I am brand new to OpenSSL and I'm hoping that one of you can point me towards some (current) sample code or another appropriate resource. I am working on a project with a rapidly-approaching deadline, so I don't have a lot of time to search through the actual OpenSSL source trying to learn the API. I would really appreciate any help you all give give... Cheers, Joel __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certificate problem :-( please help
I just had the same problem today. I fixed it but I dont know exactly what I did that made it work. I checked the hostname -f and it gave me an alias at first, try hostname -vf and lookfor h_name=`...'. Even if your using a vhost you should use your regular host name in the csr. Good Luck! Barry Hill wrote: Dear open-ssl experts! I´ve turned to the mailing list as I have a problem getting openssl to work. Basically, I can´t get the server's certificate signature to work. Apache fires up OK in non-ssl mode, but the following errors occur in ssl mode: Netscape (Linux): "The server´s certificate has an invalid signature. You will not be able to connect to this site securely". Opera Browser: "Transmission failure" I've enclosed the logs in the hope that someone will be able to help! Please, it´s important! SSL_Engine_Log: [info] Server: Apache/1.3.6, Interface: mod_ssl/2.3.5, Library: OpenSSL/0.9.3a [info] Init: 1st startup round (still not detached) [info] Init: Initializing OpenSSL library [info] Init: Loading certificate private key of SSL-aware server box.company.de:443 [info] Init: 2nd startup round (already detached) [info] Init: Reinitializing OpenSSL library [info] Session Cache Status: 0 elements [info] Init: Seeding PRNG with 8 bytes of entropy [info] Init: Generating temporary RSA private keys (512/1024 bits) [info] Init: Configuring temporary DH parameters (512/1024 bits) [info] Init: Initializing (virtual) servers for SSL [info] Init: Configuring server box.company.de:443 for SSL protocol [info] Connection to child 0 established (server box.company.de:443) [error] SSL handshake failed (client 195.8.91.231, server box.company.de:443) (OpenSSL library error foll [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name!?] Apache error_log: [Mon Jul 19 11:51:58 1999] [error] mod_ssl: SSL handshake failed (client 212.41... [Mon Jul 19 11:51:58 1999] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name!?] BTW: the server name I entered when making the certificate is the output of "hostname -f". I just can't see what's wrong... Barry __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]