openssl error

2007-09-19 Thread richard zhao 
Hello, All,
  is anybody experienced the following error:
   
  error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record 
mac
   
  thank you for any help in advance.
   
  Richard

   
-
 Check out  the hottest 2008 models today at Yahoo! Autos.

OpenSSL Error

2008-02-26 Thread Subhankar Katyayan 
Dear All,

I am facing some problem when I tried to compile the application. This 
application was building fine, but after adding a file called 
"digestclient.c" (to support HTTPs), it's throwing the following error. 
Can anyone give some input on this.

digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]

Subhankar Kumar Katyayan
=-=-=
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you

OpenSSL Error

2008-02-27 Thread Subhankar Katyayan 
I have downloaded and installed "Win32OpenSSL-0_9_8g.exe" in "C:\OpenSSL" 
and I have linked it as follows, and my workpspace is "C:\dhsmv1\api2"

Project -> Settings -> C/C++ (tab) -> Preprocessor (Category:) -> 
Additional include directories -> ../../OpenSSL/include/openssl

Project -> Settings -> C/C++ (tab) -> Preprocessor (Category:) -> 
Preprocessor definitions -> ENABLE_SSL

Project -> Settings -> Link (tab) -> Input (Category:) -> Additional 
library path -> ../../OpenSSL/lib/VC

Project -> Settings -> Link (tab) -> Input (Category:) -> Object/library 
modules ->  libeay32.lib ssleay32.lib libeay32MD.lib libeay32MDd.lib 
libeay32MT.lib libeay32MTd.lib ssleay32MD.lib ssleay32MDd.lib 
ssleay32MT.lib ssleay32MTd.lib

But still I am getting following error. Please let me know, if I am doing 
something worng in settings or somewhere else.

digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED]

Subhankar Kumar Katyayan
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com

Experience certainty.   IT Services
Business Solutions
Outsourcing




[EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
02/27/2008 01:38 AM
Please respond to
openssl-users@openssl.org


To
openssl-users@openssl.org
cc
openssl-users@openssl.org, [EMAIL PROTECTED]
Subject
Re: OpenSSL Error






Hello,
> I am facing some problem when I tried to compile the application. This 
application was 
> building fine, but after adding a file called "digestclient.c" (to 
support HTTPs), it's 
> throwing the following error. Can anyone give some input on this. 
> 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 


> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
&g

OpenSSL error:

2008-03-03 Thread Arp222 

hi 
i am getting the following error when i run the command:

gcc -o client client.o -lcrypto -lssl

In function 'main':
undefined reference to 'init_OpenSSL'
undefined reference to 'handle_error'

--- what shud i do?
please help!
-- 
View this message in context: 
http://www.nabble.com/OpenSSL-error%3A-tp15764487p15764487.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

openssL error:

2008-03-10 Thread Arp22 

hi i am getting the following error when i run the command: 

gcc -o client client.o -lcrypto -lssl 

In function 'main': undefined reference to 'init_OpenSSL' undefined
reference to 'handle_error' --- what shud i do? please help!
-- 
View this message in context: 
http://www.nabble.com/openssL-error%3A-tp15949473p15949473.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

openssl error

1999-10-28 Thread Joe Schiavone 


Hello,

AM trying to test my openssl enabled apache server using the
following command;
openssl s_client -connect MYHOSTNAME:443   
I get some good info followed by some that looks "not so good".
can anyone explain this error or tell me where to go to
look it up?  Results are as follows;

CONNECTED(0004)
depth=0 /C=US/ST=X/L=X/O=XX 
[EMAIL PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=XXX/L=/O=XXX 
[EMAIL PROTECTED]
verify return:1
673:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake 
failure:s3_pkt.c:774:SSL alert number 40
673:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:203


--
Joseph J. Schiavone Jr.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSL error

2001-12-10 Thread Hardej, Andrew 


I compiled OpensSSL 0.9.6b on Solaris 2.7 successfully.

When I now try to compile OpenSSH (specifically ./configure) I get the
following error:

checking for OpenSSL directory... configure: error: Could not find working
OpenSSL library, please install or check config.log

Are you able to tell me what I am doing wrong?



*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter. 
*
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL Error

2008-02-26 Thread Marek . Marcola 
Hello,
> I am facing some problem when I tried to compile the application. This 
application was 
> building fine, but after adding a file called "digestclient.c" (to 
support HTTPs), it's 
> throwing the following error. Can anyone give some input on this. 
> 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 

> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 

> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 

Add -lcrypto -lssl libraries to linking process.

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL Error

2008-02-26 Thread Subhankar Katyayan 
Where I'll get these libraries   "-lcrypto" and "-lssl". 

I am using "Win32OpenSSL-0_9_8g.exe" and I couldn't able to find those 
libraries you've mentioned.

Subhankar Kumar Katyayan
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com

Experience certainty.   IT Services
Business Solutions
Outsourcing




[EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
02/27/2008 01:38 AM
Please respond to
openssl-users@openssl.org


To
openssl-users@openssl.org
cc
openssl-users@openssl.org, [EMAIL PROTECTED]
Subject
Re: OpenSSL Error






Hello,
> I am facing some problem when I tried to compile the application. This 
application was 
> building fine, but after adding a file called "digestclient.c" (to 
support HTTPs), it's 
> throwing the following error. Can anyone give some input on this. 
> 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 


> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 


> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 

Add -lcrypto -lssl libraries to linking process.

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

ForwardSourceID:NT4BDE 
=-=-=
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you

Re: OpenSSL Error

2008-02-26 Thread Subhankar Katyayan 
To add on in my prev mail. The C file which I am trying to compile on 
window having some linking issue, but at the same time when I tried to 
build it on Linux it was building fine. 

Where I'll get these libraries   "-lcrypto" and "-lssl". 

I am using "Win32OpenSSL-0_9_8g.exe" and I couldn't able to find those 
libraries you've mentioned.


Subhankar Kumar Katyayan
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com

Experience certainty.   IT Services
Business Solutions
Outsourcing




Subhankar Katyayan/CHN/TCS
Sent by: Subhankar Katyayan
02/27/2008 12:15 PM

To
openssl-users@openssl.org
cc
openssl-users@openssl.org, [EMAIL PROTECTED]
Subject
Re: OpenSSL Error





Where I'll get these libraries   "-lcrypto" and "-lssl". 

I am using "Win32OpenSSL-0_9_8g.exe" and I couldn't able to find those 
libraries you've mentioned.

Subhankar Kumar Katyayan
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com

Experience certainty.   IT Services
Business Solutions
Outsourcing




[EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
02/27/2008 01:38 AM
Please respond to
openssl-users@openssl.org


To
openssl-users@openssl.org
cc
openssl-users@openssl.org, [EMAIL PROTECTED]
Subject
Re: OpenSSL Error






Hello,
> I am facing some problem when I tried to compile the application. This 
application was 
> building fine, but after adding a file called "digestclient.c" (to 
support HTTPs), it's 
> throwing the following error. Can anyone give some input on this. 
> 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 


> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 


> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 

Add -lcrypto -lssl libraries to linking process.

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

ForwardSourceID:NT4BDE 

ForwardSourceID:NT4C1E 
=-=-=
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you

Re: OpenSSL Error

2008-02-28 Thread Subhankar Katyayan 
What are these errors and any solution for the below mentioned error. I am 
using "Win32OpenSSL-0_9_8g.exe".

libeay32MDd.lib(b_print.obj) : error LNK2001: unresolved external symbol 
__ftol2
libeay32MDd.lib(b_print.obj) : error LNK2001: unresolved external symbol 
__aulldvrm


Subhankar Kumar Katyayan
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com

Experience certainty.   IT Services
Business Solutions
Outsourcing




Subhankar Katyayan <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED]
02/27/2008 07:27 PM
Please respond to
openssl-users@openssl.org


To
openssl-users@openssl.org
cc
[EMAIL PROTECTED]
Subject
OpenSSL Error







I have downloaded and installed "Win32OpenSSL-0_9_8g.exe" in "C:\OpenSSL" 
and I have linked it as follows, and my workpspace is "C:\dhsmv1\api2" 

Project -> Settings -> C/C++ (tab) -> Preprocessor (Category:) -> 
Additional include directories -> ../../OpenSSL/include/openssl 

Project -> Settings -> C/C++ (tab) -> Preprocessor (Category:) -> 
Preprocessor definitions -> ENABLE_SSL 

Project -> Settings -> Link (tab) -> Input (Category:) -> Additional 
library path -> ../../OpenSSL/lib/VC 

Project -> Settings -> Link (tab) -> Input (Category:) -> Object/library 
modules ->  libeay32.lib ssleay32.lib libeay32MD.lib libeay32MDd.lib 
libeay32MT.lib libeay32MTd.lib ssleay32MD.lib ssleay32MDd.lib 
ssleay32MT.lib ssleay32MTd.lib 

But still I am getting following error. Please let me know, if I am doing 
something worng in settings or somewhere else. 

digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] 

digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] 

digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] 
digestclient.obj : error LNK2001: unresolved external symbol [EMAIL PROTECTED] 

Subhankar Kumar Katyayan
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com

Experience certainty.IT Services
   Business Solutions
   Outsourcing
 


[EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED] 
02/27/2008 01:38 AM 

Please respond to
openssl-users@openssl.org


To
openssl-users@openssl.org 
cc
openssl-users@openssl.org, [EMAIL PROTECTED] 
Subject
Re: OpenSSL Error








Hello,
> I am facing some problem when I tried to compile the application. This 
application was 
> building fine, but after adding a file called "digestclient.c" (to 
support HTTPs), it's 
> throwing the following error. Can anyone give some input on this. 
> 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL PROTECTED] 
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL 
> PROTECTED] 


> digestclient.obj : error LNK2001: unresolved external symbol 
[EMAIL P

Re: openssL error:

2008-03-10 Thread jimmy bahuleyan 

Arp22 wrote:
hi i am getting the following error when i run the command: 

gcc -o client client.o -lcrypto -lssl 


In function 'main': undefined reference to 'init_OpenSSL' undefined
reference to 'handle_error' --- what shud i do? please help!


I hope the fact that these are not Openssl functions should clear things 
up for you.


So, basically find the code for those two missing functions and add it 
to your build. (Or you could remove references to the two functions; 
your action should depend on your code)


-jb
--
I used to think I was indecisive, but now I'm not so sure.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

OpenSSL error : 0D09F007

2005-11-18 Thread rajat.garg 



Greetings,
 
We are using OpenSSL
with OpenOSP to set up a CA and getting following error. Would greatly
appreciate if you can throw some pointers :
 

 
22:57:56.499 01
ccmldap.c  ccm_lookup_ldap_by_subje 0224 Checking for CA certificate
first22:57:56.499 01 ccmldap.c  ccm_lookup_ldap_by_subje 0235 Found CA
cert; convert to internal format
22:57:56.499*01*ccmldap.c
*ccm_lookup_ldap_by_subje*0245*Failed to convert ASN.1 CA
cert22:57:56.499*01*ccmldap.c *ccm_lookup_ldap_by_subje*0245*OpenSSL:
error:0D09F007:asn1 encoding routines:d2i_X509:expecting an asn1
sequence22:57:56.499 01 ccmldap.c  ccm_lookup_ldap_by_subje
0445 )) Unlocking &ccm.ldap.access_mutex22:57:56.499 01 ccmldap.c 
ccm_lookup_ldap_by_subje 0445 Unlocked
&ccm.ldap.access_mutex
 
 
The commands used to
create certificate are as per attached make_ca.sh file. The other attached files
are
decoded certificate,
openssl.cnf and openosp.cnf file that we are using in our setup. Kindly let
me
know what possibly
could be wrong.
 
Best
Regards,
Rajat
 
 


Confidentiality Notice 

The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately
and destroy all copies of this message and any attachments.
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#

# This definition stops the following lines choking if HOME isn't
# defined.
HOME= .
RANDFILE= /usr/openosp/random
#RANDFILE   = $ENV::HOME/.rnd

# Extra OBJECT IDENTIFIER info:
#oid_file   = $ENV::HOME/.oid
oid_section = new_oids

# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions= 
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)

[ new_oids ]

# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6


[ ca ]
default_ca  = CA_default# The default ca section


[ CA_default ]

dir = ./demoCA  # Where everything is kept
certs   = $dir/certs# Where the issued certs are kept
crl_dir = $dir/crl  # Where the issued crl are kept
database= $dir/index.txt# database index file.
new_certs_dir   = $dir/newcerts # default place for new certs.

certificate = $dir/cacert.pem   # The CA certificate
serial  = $dir/serial   # The current serial number
crl = $dir/crl.pem  # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE= $dir/private/.rand# private random number file

x509_extensions = usr_cert  # The extentions to add to the cert

name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions= crl_ext

default_days= 365   # how long to certify for
default_crl_days= 30# how long before next CRL
default_md  = md5   # which md to use.
preserve= no# keep passed DN ordering

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy  = policy_match

# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName= match
organizationalUnitName  = optional
commonName  = supplied
emailAddress= optional

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName= optional
organizationName= optional
organizationalUnitName  = optional
commonName  = supplied
emailAddress= optional


[ req ]
default_bits= 1024
default_keyfile = privkey.pem
distinguished_name  = req_distinguished_name
attributes  = req_attributes
x509_extensions = v3_ca # The e

OpenSSL error : 0D09F007

2005-11-18 Thread rajat.garg 



Greetings,
 
We are using OpenSSL
with OpenOSP to set up a CA and getting following error  while initializing the OSP
server.  
We would greatly appreciate if you can
throw some pointers :
 

22:57:56.499 01
ccmldap.c  ccm_lookup_ldap_by_subje 0224 Checking for CA certificate
first22:57:56.499 01 ccmldap.c  ccm_lookup_ldap_by_subje 0235 Found CA
cert; convert to internal format
22:57:56.499*01*ccmldap.c
*ccm_lookup_ldap_by_subje*0245*Failed to convert ASN.1 CA
cert22:57:56.499*01*ccmldap.c *ccm_lookup_ldap_by_subje*0245*OpenSSL:
error:0D09F007:asn1 encoding routines:d2i_X509:expecting an asn1
sequence22:57:56.499 01 ccmldap.c  ccm_lookup_ldap_by_subje
0445 )) Unlocking &ccm.ldap.access_mutex22:57:56.499 01 ccmldap.c 
ccm_lookup_ldap_by_subje 0445 Unlocked
&ccm.ldap.access_mutex
 
 
The commands used to
create certificate are as per attached make_ca.sh file. The other attached files
are
decoded certificate,
openssl.cnf and openosp.cnf file that we are using in our setup. Kindly let
me
know what possibly
could be wrong.
 
Best
Regards,
Rajat
 


Confidentiality Notice 

The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately
and destroy all copies of this message and any attachments.


openssl.cnf
Description: openssl.cnf


openosp.cnf
Description: openosp.cnf
# ./openssl x509 -in /usr/openosp/cacert.der -inform der -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=IN, O=Wipro, CN=OSPServer
Validity
Not Before: Nov 15 11:27:44 2005 GMT
Not After : Nov 15 11:27:44 2015 GMT
Subject: C=IN, O=Wipro, CN=OSPServer
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:cd:3e:e1:99:34:39:de:7e:5a:63:ab:65:7c:5f:
0d:14:6a:1a:00:89:91:32:35:64:67:b2:20:4e:9c:
f2:c0:13:f6:ab:e6:6d:a0:53:a7:23:d8:66:49:49:
2e:56:11:36:94:dc:d9:88:cf:34:d6:f1:4a:ff:41:
64:27:3d:3c:07:2c:a8:fa:81:82:7b:60:4e:7e:8b:
5a:0f:19:ad:7d:3d:b8:cc:7f:57:17:11:89:a8:e5:
b7:cf:00:70:9b:b4:ab:4c:e2:fc:d1:a5:3a:ac:66:
00:e1:bc:61:a8:5d:20:59:f0:fd:ca:e9:07:91:f1:
de:91:16:6f:d1:2d:2e:29:d9
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
c7:17:f5:b4:e2:f5:0d:bd:f5:17:7c:77:e2:1e:56:40:78:13:
34:52:d8:4f:be:43:24:d1:c2:3d:3f:16:53:0d:14:1e:be:0a:
cd:71:59:d3:b0:fd:c4:76:75:b6:72:7e:65:06:f0:e5:34:d1:
16:4c:67:14:eb:0e:52:a8:41:ff:3a:89:82:7d:43:d5:87:aa:
4d:d4:ef:b6:cc:bd:40:e6:ec:c2:cc:e0:b8:90:74:ca:41:ee:
ef:85:83:9e:2a:5b:b1:39:00:5d:b4:e1:b8:f8:e6:55:9b:d7:
04:22:0f:f5:14:32:69:31:da:24:6b:6e:f9:9a:6b:29:78:10:
1d:83
-BEGIN CERTIFICATE-
MIIB1jCCAT+gAwIBAgIBBTANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJJTjEO
MAwGA1UEChMFV2lwcm8xEjAQBgNVBAMTCU9TUFNlcnZlcjAeFw0wNTExMTUxMTI3
NDRaFw0xNTExMTUxMTI3NDRaMDExCzAJBgNVBAYTAklOMQ4wDAYDVQQKEwVXaXBy
bzESMBAGA1UEAxMJT1NQU2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDNPuGZNDneflpjq2V8Xw0UahoAiZEyNWRnsiBOnPLAE/ar5m2gU6cj2GZJSS5W
ETaU3NmIzzTW8Ur/QWQnPTwHLKj6gYJ7YE5+i1oPGa19PbjMf1cXEYmo5bfPAHCb
tKtM4vzRpTqsZgDhvGGoXSBZ8P3K6QeR8d6RFm/RLS4p2QIDAQABMA0GCSqGSIb3
DQEBBAUAA4GBAMcX9bTi9Q299Rd8d+IeVkB4EzRS2E++QyTRwj0/FlMNFB6+Cs1x
WdOw/cR2dbZyfmUG8OU00RZMZxTrDlKoQf86iYJ9Q9WHqk3U77bMvUDm7MLM4LiQ
dMpB7u+Fg54qW7E5AF204bj45lWb1wQiD/UUMmkx2iRrbvmaayl4EB2D
-END CERTIFICATE-
#!/bin/ksh

# Shell script: make_ca.sh
#
# Purpose:  Make a CA certificate using OpenSSL commands
#
# (C) COPYRIGHT DATA CONNECTION LIMITED 2000
#
# $Revision::   1.2$ $Modtime::   Aug 02 2000 10:05:42   $

SSL_PATH=${SSL_PATH:-/usr/local/ssl}

#
# Create a request
#
$SSL_PATH/bin/openssl req -new -newkey rsa:1024 -config $SSL_PATH/openssl.cnf \
-out careq.pem -keyout cakey.pem -nodes

#
# Create a temporary self-signed cert that we can use as a CA cert
#
$SSL_PATH/bin/openssl x509 -req -in careq.pem -signkey cakey.pem \
-extfile $SSL_PATH/openssl.cnf -extensions v3_ca -out cacert0.pem

#
# Sign the request using the temporary CA cert that we just made.
# This effectively results in another CA cert, but this one has a
# serial number.
#
$SSL_PATH/bin/openssl x509 -req -in careq.pem -CAkey cakey.pem \
-CA cacert0.pem -CAserial serial.txt -CAcreateserial \
-extfile $SSL_PATH/openssl.cnf -extensions v3_ca -days 3652 -outform DER \
-out cacert.der

#
# Delete the files we no longer need.
#
rm careq.pem
rm cacert0.pem

Openssl Error + Apache

2006-10-07 Thread gary.mack 
Hi there ~
 
I have an Apache installation running mod_ssl and would like to setup another 
VirtualHost that runs under SSL on a different port (e.g. 8443). The default 
site on port 443 is running fine with SSL. The new certificate I have installed 
for the second site appears to be incorrect or the version of OpenSSL I have is 
not up to date. This causes Apache to crash. Can someone look at the error(s) 
below and please tell me where to start or how to fix it? 
 
Errors:
[Fri Oct  6 13:37:21 2006] [error] mod_ssl: Init: Unable to read server 
certificate from file /apache/conf

/mycertificatename.crt (OpenSSL library error follows)

[Fri Oct  6 13:37:21 2006] [error] OpenSSL: error:0D0680A8:asn1 encoding 
routines:ASN1_CHECK_TLEN:wrong tag

[Fri Oct  6 13:37:21 2006] [error] OpenSSL: error:0D07803A:asn1 encoding 
routines:ASN1_ITEM_EX_D2I:nested 

asn1 error

Thanks in advance
 
 
Gary
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error

2001-11-16 Thread Glover Barker 


I hate to distract from the original issue, but what is ethereal?  Some
kind of dump or sniffer?  Where can it be found?


   
   
Rod Gilchrist  
   
<[EMAIL PROTECTED]>To: [EMAIL PROTECTED]  
   
Sent by:cc:
   
owner-openssl-users@o   Subject:     Re: openssl error 
   
penssl.org 
   
   
   
   
   
11/15/2001 02:36 PM
   
Please respond to  
   
openssl-users  
   
   
   
   
   






"MacDonald, Allan R [AMSTA-AR-FSF-A]" wrote:

> I am using openssl with Oracle Webtogo and the Apache 1.3.12 server. When
I
> implemented SSL on the server I thought all was well until we had to turn
> off port 80. Then my webtogo app stopped working and gave me the error
> listed below. Any help with this would be very helpful. Thanks.
>
> [14/Nov/2001 11:57:12 00621] [error] SSL handshake failed: HTTP spoken on
> HTTPS port; trying to send HTML error page (OpenSSL library error
follows)
> [14/Nov/2001 11:57:12 00621] [error] OpenSSL: error:1407609C:SSL
> routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to
HTTPS
> port!?]

Forgive the obvious answer...

Your apache is listening on port 443 and your app is configured to
only send SSL (HTTPS) on that port?

Download ethereal and have a look at what's happening on the wire.
Its a good investment of a half hour.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error

2001-11-16 Thread Rod Gilchrist 



Glover Barker wrote:

> I hate to distract from the original issue, but what is ethereal?  Some
> kind of dump or sniffer?  Where can it be found?
>

It comes up at the top of the google hit list on the name.

www.ethereal.com.

Yes, its great. 10 minute install, hit capture->start and
select an interface. Runs on most platforms.

Read the documentation about the reset button. Its
confusing at first as to what its doing, and you need
to know.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL error

2001-12-10 Thread Lutz Jaenicke 

On Mon, Dec 10, 2001 at 12:08:51PM -0500, Hardej, Andrew  wrote:
> 
> I compiled OpensSSL 0.9.6b on Solaris 2.7 successfully.
> 
> When I now try to compile OpenSSH (specifically ./configure) I get the
> following error:
> 
> checking for OpenSSL directory... configure: error: Could not find working
> OpenSSL library, please install or check config.log
> 
> Are you able to tell me what I am doing wrong?

Yes! You don't follow the directive given. It tells you to check out the
error messages in config.log.

Regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

libcurl / openssl error

2002-11-15 Thread Moffet, Scott 
I'm having a strange error with libCurl in HP-UX 11.00, using OpenSSL 0.9.6g.

I have my wrapper class in two projects.  One is a standalone project and it works 
fine.  The other is inside a server that uses OpenSSL for the inbound client 
connections, so the SSL_library_init() and such are in the main() function.  The SSL 
descriptors that set the input method to TLS server occur inside threads.

Then, from inside that thread, my wrapper class tries to post to a web page and gets 
an error, shutting down the connection.  The VEBOSE output is:

CUROPT_VEBOSE is set to TRUE
* About to connect() to ah1hpux1.linkpoint.com:443
* Connected to ah1hpux1.linkpoint.com (192.168.40.32) port 443
* SSL: error::lib(0):func(0):reason(0)* Closing connection #0

I put the errors into a text string and the text is:
curl_errors = "SSL: error::lib(0):func(0):reason(0)"

libcURL SHOULD be using a seperate instance of OpenSSL, but is it possible that the 
client and server are colliding?  This indicates SSL had no error ... any guess why 
it's shutting down the connection?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Openssl Error + Apache

2006-10-08 Thread Dr. Stephen Henson 
On Sat, Oct 07, 2006, [EMAIL PROTECTED] wrote:

> Hi there ~
>  
> I have an Apache installation running mod_ssl and would like to setup another 
> VirtualHost that runs under SSL on a different port (e.g. 8443). The default 
> site on port 443 is running fine with SSL. The new certificate I have 
> installed for the second site appears to be incorrect or the version of 
> OpenSSL I have is not up to date. This causes Apache to crash. Can someone 
> look at the error(s) below and please tell me where to start or how to fix 
> it? 
>  
> Errors:
> [Fri Oct  6 13:37:21 2006] [error] mod_ssl: Init: Unable to read server 
> certificate from file /apache/conf
> 
> /mycertificatename.crt (OpenSSL library error follows)
> 
> [Fri Oct  6 13:37:21 2006] [error] OpenSSL: error:0D0680A8:asn1 encoding 
> routines:ASN1_CHECK_TLEN:wrong tag
> 
> [Fri Oct  6 13:37:21 2006] [error] OpenSSL: error:0D07803A:asn1 encoding 
> routines:ASN1_ITEM_EX_D2I:nested 
> 
> asn1 error
> 
> Thanks in advance
>  

That indicates it doesn't like the certificate file in mycertificatename.crt.
It may be corrupt or in the wrong format. Try the command:

openssl x509 -in mycertificatename.crt

to see if you get the same error.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Openssl Error + Apache

2006-10-08 Thread gary.mack 
I ran the command below and I did receive an error so it looks like something 
is indeed wrong with the SSL Certificate. If anyone has any ideas how what I 
can look at regarding this error I would appreciate it. Thanks
 
2705:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:pem_lib.c:662:Expecting: TRUSTED CERTIFICATE



From: [EMAIL PROTECTED] on behalf of Dr. Stephen Henson
Sent: Sun 10/8/2006 12:01 PM
To: openssl-users@openssl.org
Subject: Re: Openssl Error + Apache



On Sat, Oct 07, 2006, [EMAIL PROTECTED] wrote:

> Hi there ~
> 
> I have an Apache installation running mod_ssl and would like to setup another 
> VirtualHost that runs under SSL on a different port (e.g. 8443). The default 
> site on port 443 is running fine with SSL. The new certificate I have 
> installed for the second site appears to be incorrect or the version of 
> OpenSSL I have is not up to date. This causes Apache to crash. Can someone 
> look at the error(s) below and please tell me where to start or how to fix it?
> 
> Errors:
> [Fri Oct  6 13:37:21 2006] [error] mod_ssl: Init: Unable to read server 
> certificate from file /apache/conf
>
> /mycertificatename.crt (OpenSSL library error follows)
>
> [Fri Oct  6 13:37:21 2006] [error] OpenSSL: error:0D0680A8:asn1 encoding 
> routines:ASN1_CHECK_TLEN:wrong tag
>
> [Fri Oct  6 13:37:21 2006] [error] OpenSSL: error:0D07803A:asn1 encoding 
> routines:ASN1_ITEM_EX_D2I:nested
>
> asn1 error
>
> Thanks in advance
> 

That indicates it doesn't like the certificate file in mycertificatename.crt.
It may be corrupt or in the wrong format. Try the command:

openssl x509 -in mycertificatename.crt

to see if you get the same error.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Openssl Error + Apache

2006-10-09 Thread Siew San Yu 
It means that the file that it's attempting to read
does not have the proper format of a .crt. Take a look
of your cert in notepad, does the first line shows
something like ---BEGIN CERTIFICATE .
If no, then regenerate your cert.

SS
--- [EMAIL PROTECTED] wrote:

> I ran the command below and I did receive an error
> so it looks like something is indeed wrong with the
> SSL Certificate. If anyone has any ideas how what I
> can look at regarding this error I would appreciate
> it. Thanks
>  
> 2705:error:0906D06C:PEM routines:PEM_read_bio:no
> start line:pem_lib.c:662:Expecting: TRUSTED
> CERTIFICATE
> 
> 
> 
> From: [EMAIL PROTECTED] on behalf of
> Dr. Stephen Henson
> Sent: Sun 10/8/2006 12:01 PM
> To: openssl-users@openssl.org
> Subject: Re: Openssl Error + Apache
> 
> 
> 
> On Sat, Oct 07, 2006, [EMAIL PROTECTED] wrote:
> 
> > Hi there ~
> > 
> > I have an Apache installation running mod_ssl and
> would like to setup another VirtualHost that runs
> under SSL on a different port (e.g. 8443). The
> default site on port 443 is running fine with SSL.
> The new certificate I have installed for the second
> site appears to be incorrect or the version of
> OpenSSL I have is not up to date. This causes Apache
> to crash. Can someone look at the error(s) below and
> please tell me where to start or how to fix it?
> > 
> > Errors:
> > [Fri Oct  6 13:37:21 2006] [error] mod_ssl: Init:
> Unable to read server certificate from file
> /apache/conf
> >
> > /mycertificatename.crt (OpenSSL library error
> follows)
> >
> > [Fri Oct  6 13:37:21 2006] [error] OpenSSL:
> error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN:wrong tag
> >
> > [Fri Oct  6 13:37:21 2006] [error] OpenSSL:
> error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested
> >
> > asn1 error
> >
> > Thanks in advance
> > 
> 
> That indicates it doesn't like the certificate file
> in mycertificatename.crt.
> It may be corrupt or in the wrong format. Try the
> command:
> 
> openssl x509 -in mycertificatename.crt
> 
> to see if you get the same error.
> 
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys:
> see homepage
> OpenSSL project core developer and freelance
> consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
>
__
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List   
> openssl-users@openssl.org
> Automated List Manager  
> [EMAIL PROTECTED]
> 
> 
>
__
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List   
> openssl-users@openssl.org
> Automated List Manager  
> [EMAIL PROTECTED]
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Openssl Error + Apache

2006-10-09 Thread gary.mack 
It appears the certificate file was pasted in the file wrong. It was
missing the -BE of -BEGIN CERTIFICATE-. 

Thank you for the help everyone.



Gary Mack
Associate Systems Administrator
www.hubbardone.com
Phone:  (312) 873 - 6886
Fax:  (312) 873 - 6801
[EMAIL PROTECTED]

 

Hubbard One is a Thomson Elite Business.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Siew San Yu
Sent: Monday, October 09, 2006 3:28 AM
To: openssl-users@openssl.org
Subject: RE: Openssl Error + Apache

It means that the file that it's attempting to read
does not have the proper format of a .crt. Take a look
of your cert in notepad, does the first line shows
something like ---BEGIN CERTIFICATE .
If no, then regenerate your cert.

SS
--- [EMAIL PROTECTED] wrote:

> I ran the command below and I did receive an error
> so it looks like something is indeed wrong with the
> SSL Certificate. If anyone has any ideas how what I
> can look at regarding this error I would appreciate
> it. Thanks
>  
> 2705:error:0906D06C:PEM routines:PEM_read_bio:no
> start line:pem_lib.c:662:Expecting: TRUSTED
> CERTIFICATE
> 
> 
> 
> From: [EMAIL PROTECTED] on behalf of
> Dr. Stephen Henson
> Sent: Sun 10/8/2006 12:01 PM
> To: openssl-users@openssl.org
> Subject: Re: Openssl Error + Apache
> 
> 
> 
> On Sat, Oct 07, 2006, [EMAIL PROTECTED] wrote:
> 
> > Hi there ~
> > 
> > I have an Apache installation running mod_ssl and
> would like to setup another VirtualHost that runs
> under SSL on a different port (e.g. 8443). The
> default site on port 443 is running fine with SSL.
> The new certificate I have installed for the second
> site appears to be incorrect or the version of
> OpenSSL I have is not up to date. This causes Apache
> to crash. Can someone look at the error(s) below and
> please tell me where to start or how to fix it?
> > 
> > Errors:
> > [Fri Oct  6 13:37:21 2006] [error] mod_ssl: Init:
> Unable to read server certificate from file
> /apache/conf
> >
> > /mycertificatename.crt (OpenSSL library error
> follows)
> >
> > [Fri Oct  6 13:37:21 2006] [error] OpenSSL:
> error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN:wrong tag
> >
> > [Fri Oct  6 13:37:21 2006] [error] OpenSSL:
> error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested
> >
> > asn1 error
> >
> > Thanks in advance
> > 
> 
> That indicates it doesn't like the certificate file
> in mycertificatename.crt.
> It may be corrupt or in the wrong format. Try the
> command:
> 
> openssl x509 -in mycertificatename.crt
> 
> to see if you get the same error.
> 
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys:
> see homepage
> OpenSSL project core developer and freelance
> consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
>
__
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List   
> openssl-users@openssl.org
> Automated List Manager  
> [EMAIL PROTECTED]
> 
> 
>
__
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List   
> openssl-users@openssl.org
> Automated List Manager  
> [EMAIL PROTECTED]
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

OpenSSL error using xsupplicant

2005-05-13 Thread Mário Lopes 
Hello!

I'm using OpenSSL along with xsupplicant in order to authenticate on a
802.1x protected wireless network. This network makes use of eap-ttls
and everything runs fine until I get my first disconnection. After
that, xsupplicant tries to reconnect again, but fails after getting
the following error from OpenSSL (/var/log/xsupplicant.log):

OpenSSL Error -- error:14095044:lib(20):func(149):reason(68)

I don't know, at all, which one is faulty: if xsupplicant is causing
the error or if it is just a problem with openssl. Strangely, a
fellowship of mine is using Ubuntu with the same packages and he
doesn't have this error (so, xsupplicant successfully reconnects).

I'm using SuSE 9.3 and I've update openssl from 0.9.7e-3 to version
0.97g to see if this would work, but without results, the error keeps
on showing up. I'm using xsupplicant 1.0.1 and the wireless card is a
ipw2200 with the latest drivers available (1.0.3) and firmware too.

My mate has exacly the same configuration: Ubuntu with xsupplicant
1.0.1, ipw2200 with the same drivers/firmware and openssl0.9.7e-3 and
he doesn't get that error. Apart from that, the logs generated on
/var/log/messages and /var/log/xsupplicant are exacly the same to
mine.

I hope you can get me further details in what could be generating that error.

Best Regards,

Mário Lopes
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

OpenSSL error in mod_ssl.

2001-04-27 Thread Jason Aras 


I do not know if this is the correct place to post this, but the only
error message I see is OpenSSL errors in apache's output.

here goes...

[Fri Apr 27 18:06:19 2001] [error] mod_ssl: SSL handshake failed (server
www.hidden.com:443, client hidden) (OpenSSL library error
follows)
[Fri Apr 27 18:06:19 2001] [error] OpenSSL: error:0607C084:digital
envelope routines:func(124) :reason(132)
[Fri Apr 27 18:06:19 2001] [error] OpenSSL: error:0607B086:digital
envelope routines:func(123) :reason(134)
[Fri Apr 27 18:06:19 2001] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered
details of a re-created server certificate?]

I just built the server with both 9.6 and 9.6a with the same results.

Here is what ver of apache It is running w/ mods

 Apache/1.3.19 (Unix) AuthPG/1.2 PHP/4.0.4pl1 mod_ssl/2.8.2 OpenSSL/0.9.6


thank you

Jason

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Dreaded OpenSSL: error:140890C7

2002-03-07 Thread Jean-Claude Bourut 

Hi,

I'am trying to authenticate clients connecting to my server.

[06/Mar/2002 18:45:19 25124] [info]  Connection to child 3 established
(server hub-1.trema.com:443, client 66.54.34.7)
[06/Mar/2002 18:45:19 25124] [info]  Seeding PRNG with 512 bytes of
entropy
[06/Mar/2002 18:45:19 25124] [trace] OpenSSL: Handshake: start
[06/Mar/2002 18:45:19 25124] [trace] OpenSSL: Loop: before/accept
initialization
[06/Mar/2002 18:45:19 25124] [trace] OpenSSL: Loop: SSLv3 read client
hello A
[06/Mar/2002 18:45:19 25124] [trace] OpenSSL: Loop: SSLv3 write server
hello A
[06/Mar/2002 18:45:19 25124] [trace] OpenSSL: Loop: SSLv3 write
certificate A
[06/Mar/2002 18:45:19 25124] [trace] OpenSSL: Loop: SSLv3 write
certificate request A
[06/Mar/2002 18:45:19 25124] [trace] OpenSSL: Loop: SSLv3 flush data
[06/Mar/2002 18:45:20 25124] [trace] OpenSSL: Write: SSLv3 read client
certificate B
[06/Mar/2002 18:45:20 25124] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate B
[06/Mar/2002 18:45:20 25124] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate B
[06/Mar/2002 18:45:20 25124] [error] SSL handshake failed (server
hub-1.trema.com:443, client 66.54.34.7) (OpenSSL library error follows)
[06/Mar/2002 18:45:20 25124] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]

>From the error message I can imagine two problems:
- the client has not sent any certificate
- the client has sent an unknown certificate.

Can anybody help me sorting out this ?

A Google lookup retrieves a lot of  "OpenSSL: error:140890C7".
Most of the time, people have invoked the ClientAuthentication by
mistake.

Regards

--
Jean-Claude Bourut
Trema
1300, routes des Crêtes
Sophia Antipolis
06560 Valbonne FRANCE
Tel +33 4 92 38 81 04
Fax +33 4 92 38 81 99



begin:vcard 
n:Bourut;Jean-Claude
tel;fax:+33 (0) 9238 8199
tel;work:+33 (0) 9238 8100
x-mozilla-html:TRUE
org:Trema Laboratories
adr:;;1300 route des cretes;Sophia Antipolis;;06560;FRANCE
version:2.1
email;internet:[EMAIL PROTECTED]
title:Senior Software Engineer
note;quoted-printable:  (=0D=0A   ))=0D=0A C|~~|=0D=0A `--'
end:vcard

Apache + mod_ssl (OpenSSL Error)

2002-11-14 Thread Manoj Kithany 

Hi Experts!

I want to INSTALL and CONFIGURE my APACHE 1.3.27 for SSL. I am using IBM AIX 
box.
So, I got mod_ssl from the IBM site and installed it in following way(after 
READing INSTALL file for 2 hrs;-(


#pwd
/opt/freeware/src/packages/SOURCES/mod_ssl-2.8.11-1.3.27

# ./configure --with-apache=../apache_1.3.27 
--with-ssl=/Downloads/openssl-0.9.6g --with-crt=/usr/local/ssl/bin/cert.cer 
--with-key=/usr/local/ssl/bin/private.key --prefix=/kit --enable-shared=ssl

#cd ..
#cd apache_1.3.27
#make
#make certificate
#make install

This DOCUMENTATION was given in README file in the above directory.

Later, I start my APACHE for SSL as shown below and get ERROR:

#./apachectl startssl
./apachectl startssl: httpd could not be started


So, I finally READ the LOG file "error_log" and checked it shows:

[error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key 
(OpenSSL library error follows)
[error] OpenSSL: error:24064064:random number 
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN lib


Do you know what this error would be? I have already installed EGD entrophy 
and is it stored in /dev/egd-pool
Any links/pointers on this is appreciated.

Thanks!

_
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSL Error (Apache + mod_ssl)

2002-11-15 Thread Manoj Kithany 
Hi:

My Apache is NOT working.the log file shows:

[Fri Nov 15 15:35:57 2002] [error] mod_ssl: Init: Failed to generate 
temporary 512 bit RSA private key (OpenSSL library error follows)
[Fri Nov 15 15:35:57 2002] [error] OpenSSL: error:24064064:random number 
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri Nov 15 15:35:57 2002] [error] OpenSSL: error:04069003:rsa 
routines:RSA_generate_key:BN lib


I am using Apache 1.3.27, mod_ssl 2.8.11 on IBM AIX 5.1 box.







_
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Openssl Error Code Translation

2009-01-29 Thread tanu dutt 
Hi,

Can anybody tell how can I translate Openssl Error code to error description.
I am calling ERR_peak_last_error(). The error code that I am receiving is 
b901.
Is this a valid error code. How can I verify it.

Thanks
Tanu

Need help on OpenSSL error

2008-06-03 Thread Phakin Chirachinda 
Dear Sir/Madam,

I'm currently using Crypt::OpenSSL::RSA module with perl linking with OpenSSL 
0.9.8h to encrypt/decrypt message and transport over HTTP POST request to Java 
application on the other side.  When Encrypting with the given public key, Java 
application can receive the data perfectly.  But when Java side encrypt message 
with private key (which is the pair for our public key), and reply back, we 
found the following error while trying to decrypt message:

RSA.xs:202: OpenSSL error: block type is not 01 at ...

Please kindly suggest how we could get around this issue.

Currently, we use PKCS1 padding.  Please kindly see below for our perl script 
used.

  $RSA_Decrypt = Crypt::OpenSSL::RSA->new_public_key( $PublicKey );
  $RSA_Decrypt->use_pkcs1_padding();
  my $TmpText = decode_base64( $CipherText );

  my $PlainText = $RSA_Decrypt->public_decrypt( $TmpText ); 
  #--> Error on the line above

Thank you and Best Regards,
Phakin Ch.


  
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Apache + mod_ssl (OpenSSL Error)

2002-11-15 Thread Lutz Jaenicke 
On Thu, Nov 14, 2002 at 10:52:00PM +, Manoj Kithany wrote:
> 
> Hi Experts!
> 
> I want to INSTALL and CONFIGURE my APACHE 1.3.27 for SSL. I am using IBM 
> AIX box.
> So, I got mod_ssl from the IBM site and installed it in following way(after 
> READing INSTALL file for 2 hrs;-(
> 
> 
> #pwd
> /opt/freeware/src/packages/SOURCES/mod_ssl-2.8.11-1.3.27

> So, I finally READ the LOG file "error_log" and checked it shows:
> 
> [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key 
> (OpenSSL library error follows)
> [error] OpenSSL: error:24064064:random number 
> generator:SSLEAY_RAND_BYTES:PRNG not seeded
> [error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN lib
> 
> 
> Do you know what this error would be? I have already installed EGD entrophy 
> and is it stored in /dev/egd-pool
> Any links/pointers on this is appreciated.

/dev/egd-pool is only queried automatically starting with OpenSSL 0.9.7.
For 0.9.6x you have to enter the appropriate path using the SSLRandomSeed
directive in httpd.conf. Details are found in the manual.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL Error (Apache + mod_ssl)

2002-11-16 Thread David Schwartz 

On Fri, 15 Nov 2002 22:51:05 +, Manoj Kithany wrote:
>Hi:
>
>My Apache is NOT working.the log file shows:
>
>[Fri Nov 15 15:35:57 2002] [error] mod_ssl: Init: Failed to generate
>temporary 512 bit RSA private key (OpenSSL library error follows)
>[Fri Nov 15 15:35:57 2002] [error] OpenSSL: error:24064064:random number
>generator:SSLEAY_RAND_BYTES:PRNG not seeded
>[Fri Nov 15 15:35:57 2002] [error] OpenSSL: error:04069003:rsa
>routines:RSA_generate_key:BN lib
>
>
>I am using Apache 1.3.27, mod_ssl 2.8.11 on IBM AIX 5.1 box.

Check the FAQ. This is quite possibly the most frequently asked OpenSSL 
question.

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Openssl Error Code Translation

2009-01-29 Thread Dave Thompson 
> From: owner-openssl-us...@openssl.org On Behalf Of tanu dutt
> Sent: Thursday, 29 January, 2009 08:31

> Can anybody tell how can I translate Openssl Error code to error
description.
> I am calling ERR_peak_last_error(). The error code that I am receiving is
b901.
> Is this a valid error code. How can I verify it.

I assume that's a typo and you mean 'peek'.

That value is in the ERR_LIB_USER range, so it's up to your application.
If it has (set-up and) done the appropriate ERR_load_strings,
then ERR_error_string and friends should expand/explain it for you.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Need help on OpenSSL error

2008-06-03 Thread Marek . Marcola 
Hello,

[EMAIL PROTECTED] wrote on 06/03/2008 04:40:10 AM:

> Dear Sir/Madam,
> 
> I'm currently using Crypt::OpenSSL::RSA module with perl linking with 
OpenSSL 0.9.8h to 
> encrypt/decrypt message and transport over HTTP POST request to Java 
application on the 
> other side.  When Encrypting with the given public key, Java application 
can receive the
> data perfectly.  But when Java side encrypt message with private key 
(which is the pair 
> for our public key), and reply back, we found the following error while 
trying to decrypt message:
> 
> RSA.xs:202: OpenSSL error: block type is not 01 at ...
> 
> Please kindly suggest how we could get around this issue.
> 
> Currently, we use PKCS1 padding.  Please kindly see below for our perl 
script used.
> 
>   $RSA_Decrypt = Crypt::OpenSSL::RSA->new_public_key( $PublicKey );
>   $RSA_Decrypt->use_pkcs1_padding();
>   my $TmpText = decode_base64( $CipherText );
> 
>   my $PlainText = $RSA_Decrypt->public_decrypt( $TmpText ); 
>   #--> Error on the line above
Double check that public key used to decrypt java message is really pair
to private key on encryption side.

You may use NO PADDING and look at decrypted data to check that this data
looks reasonable or not.

You should consider also that data encrypted with private key may by 
decrypted
by anyone with public key (if public key is really public).

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

OpenSSL Error: expecting an asn1 sequence

2001-01-29 Thread Wenzel, Markus 

Hi OpenSSL Users,

After replacing the self-signed certificate by a real Verisign certificate I
get the following error
message in ssl_engine_log:

[29/Jan/2001 10:30:46 05379] [error] Init: Unable to read server certificate
frm file /usr/local/apache_t3.1/conf/ssl.crt/server.crt (OpenSSL library
error follows)

[29/Jan/2001 10:30:46 05379] [error] OpenSSL: error:0D09F007:asn1 encoding
routines:d2i_X509:expecting an asn1 sequence

Used packages are:
Apache 1.3.12
OpenSSL 0.9.5a
mod_ssl 2.6.6.-1.3.12

Operating System is Linux RH6.1

Thank you for your help in advance

best regards,

Markus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Apache+SSL Not working ---OpenSSL Error?

2002-11-12 Thread Manoj Kithany 
Hi Experts:

I have Apache(with SSL) on my IBM AIX Box. I installed it using RPM.
When I run my APACHE as ssl using: "./apachectl startssl" I get following 
error:
--
# ./apachectl startssl
./apachectl startssl: httpd could not be started
#
--

So, when I check following LOG files - I have following:


Filename: error_log

[Tue Nov 12 10:04:37 2002] [error] mod_ssl: Init: Unable to read server 
certificate from file /usr/local/ssl/bin/public.csr (OpenSSL library error 
follows)
[Tue Nov 12 10:04:37 2002] [error] OpenSSL: error:0D09F007:asn1 encoding 
routines:d2i_X509:expecting an asn1 sequence




Filename: ssl_engine_log

[12/Nov/2002 10:04:37 28132] [info]  Server: Apache/1.3.27, Interface: 
mod_ssl/2.8.11, Library: OpenSSL/0.9.6e
[12/Nov/2002 10:04:37 28132] [info]  Init: 1st startup round (still not 
detached)
[12/Nov/2002 10:04:37 28132] [info]  Init: Initializing OpenSSL library
[12/Nov/2002 10:04:37 28132] [info]  Init: Loading certificate & private key 
of SSL-aware server www.kithany.com:443
[12/Nov/2002 10:04:37 28132] [error] Init: Unable to read server certificate 
from file /usr/local/ssl/bin/public.csr (OpenSSL library error follows)
[12/Nov/2002 10:04:37 28132] [error] OpenSSL: error:0D09F007:asn1 encoding 
routines:d2i_X509:expecting an asn1 sequence


Do anyone of you Experts know what is the above ERROR for and how to remove 
that?

THANKS!






_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Apache+SSL Not working ---OpenSSL Error?

2002-11-12 Thread Manoj Kithany 
Hi Tim:

THANKS for your email.

What is TEST SERVER Program?






To make sure that this is an openssl issue, and not
your apache configuration, or the hardware that you
are using (I noticed the ssl_engine_log), try running
the test server program that is with the openssl
distribution.

Regards,

Tim
--- Manoj Kithany <[EMAIL PROTECTED]> wrote:
> Hi Experts:
>
> I have Apache(with SSL) on my IBM AIX Box. I
> installed it using RPM.
> When I run my APACHE as ssl using: "./apachectl
> startssl" I get following
> error:
>
--
> # ./apachectl startssl
> ./apachectl startssl: httpd could not be started
> #
>
--
>
> So, when I check following LOG files - I have
> following:
>
>

> Filename: error_log
>
> [Tue Nov 12 10:04:37 2002] [error] mod_ssl: Init:
> Unable to read server
> certificate from file /usr/local/ssl/bin/public.csr
> (OpenSSL library error
> follows)
> [Tue Nov 12 10:04:37 2002] [error] OpenSSL:
> error:0D09F007:asn1 encoding
> routines:d2i_X509:expecting an asn1 sequence
>

>
>
>

> Filename: ssl_engine_log
>
> [12/Nov/2002 10:04:37 28132] [info]  Server:
> Apache/1.3.27, Interface:
> mod_ssl/2.8.11, Library: OpenSSL/0.9.6e
> [12/Nov/2002 10:04:37 28132] [info]  Init: 1st
> startup round (still not
> detached)
> [12/Nov/2002 10:04:37 28132] [info]  Init:
> Initializing OpenSSL library
> [12/Nov/2002 10:04:37 28132] [info]  Init: Loading
> certificate & private key
> of SSL-aware server www.kithany.com:443
> [12/Nov/2002 10:04:37 28132] [error] Init: Unable to
> read server certificate
> from file /usr/local/ssl/bin/public.csr (OpenSSL
> library error follows)
> [12/Nov/2002 10:04:37 28132] [error] OpenSSL:
> error:0D09F007:asn1 encoding
> routines:d2i_X509:expecting an asn1 sequence
>

>
> Do anyone of you Experts know what is the above
> ERROR for and how to remove
> that?
>
> THANKS!



_
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

compiling openssl: error with no-ssl2 flag

2007-06-11 Thread Smith, Steven G \(Steven\) 
I posted earlier on a similar topic, and I have since found out that
"no-ssl2" will build openssl without support for SSLv2 ciphers.
Unfortunately, I am using RedHat's Source RPM to do the build, and it
seems to be having an error due to the no-ssl2 flag.  You can see the
error below, and trying the "else" gcc statement below manually from the
command line produces the same error (however, the "if" gcc statement
does not produce the error).  

I'm not an expert in this area, so I am looking for a little direction.
Did I find a bug, or do I just have some problems in my configuration?
Are there any workarounds for this?

Thanks,
Steve




if [ "linux-shared" = "hpux-shared" -o "linux-shared" = "darwin-shared"
] ; then \
  gcc -o openssl -DMONOLITH -I.. -I../include -I/usr/kerberos/include
-fPIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-DKRB5_MIT -DOPENSSL_NO_ASM -DOPENSSL_NO_IDEA -DOPENSSL_NO_MDC2
-DOPENSSL_NO_RC5 -DOPENSSL_NO_EC -I/usr/kerberos/include
-DOPENSSL_NO_SSL2 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -m32
-march=i386 -mtune=pentium4 -Wa,--noexecstack openssl.o verify.o
asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o
ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.o
genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o
s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o
pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o  ../libssl.a
-L/usr/kerberos/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv
../libcrypto.a -L/usr/kerberos/lib -ldl -lz ; \
else \
  gcc -o openssl -DMONOLITH -I.. -I../include -I/usr/kerberos/include
-fPIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-DKRB5_MIT -DOPENSSL_NO_ASM -DOPENSSL_NO_IDEA -DOPENSSL_NO_MDC2
-DOPENSSL_NO_RC5 -DOPENSSL_NO_EC -I/usr/kerberos/include
-DOPENSSL_NO_SSL2 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -m32
-march=i386 -mtune=pentium4 -Wa,--noexecstack openssl.o verify.o
asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o
ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.o
genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o
s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o
pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o  -L.. -lssl
-L/usr/kerberos/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv
-L.. -lcrypto -L/usr/kerberos/lib -ldl -lz ; \
fi
../libssl.so: undefined reference to `SSLv2_method'
collect2: ld returned 1 exit status
make[1]: *** [openssl] Error 1
make[1]: Leaving directory
`/home/smithsg/src/rpm/BUILD/openssl-0.9.7a/apps'
make: *** [sub_all] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.70164 (%build)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.70164 (%build)


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

OpenSSL error: sslv3 alert bad record mac

2004-04-22 Thread Jason A. Pfeil 
Greetings, List!

I am having difficulty with pine connecting from one of my machines to
my SSL IMAP server.  What happens is that when I start pine, it asks for
my password and I give it.  It connects to the server and then tells me
that there was an error and the connection vanishes.  Then I go back to
the folder list, reselect the folder, and voila!  It works just fine.

When the first connection vanishes, I get this error in my logfile:

imapd-ssl: couriertls: read: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert 
bad record mac

I have tracked this down with the courier-imap people and they can't
figure out the issue.  I cannot replicate it with the exact same version
of pine and openssl on another box.  I have rebuild openssl *and* pine
on the affected box many times.

I am using pine 4.58 and openssl:

% openssl version
OpenSSL 0.9.7d 17 Mar 2004

Pine is linked against it:

% ldd /usr/bin/pine
libldap.so.2 => /usr/lib/libldap.so.2 (0x40036000)
liblber.so.2 => /usr/lib/liblber.so.2 (0x4006d000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40079000)
libncurses.so.5 => /lib/libncurses.so.5 (0x4008b000)
libpam.so.0 => /lib/libpam.so.0 (0x400d)
libdl.so.2 => /lib/libdl.so.2 (0x400d8000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x400dc000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x400ef000)
libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x40155000)
libcom_err.so.3 => /usr/lib/libcom_err.so.3 (0x4024f000)
libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x40251000)

libc.so.6 => /lib/libc.so.6 (0x40282000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x403b1000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x403c4000)


I am running gentoo linux and it is up to date as of a few days ago.

Any suggestions that anyone here may have will be *extremely* welcome.

Thanks!

--Jason

-- 
Jason A. Pfeil   jason=at=jasonpfeil.com.NOSPAM
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Unknown openssl error in my apache logfiles ...

2005-03-02 Thread Matthew McHugh 
Hello,

I have an https Apache website that proxies to an IIS webserver.  The site
is secure with openssl (mod_ssl) version OpenSSL 0.9.7d.  I am getting the
following errors in my weblogs:

[Wed Mar  2 14:55:37 2005] [error] OpenSSL: error:0D0680A8:asn1 encoding
routine
s:ASN1_CHECK_TLEN:wrong tag
[Wed Mar  2 14:55:37 2005] [error] OpenSSL: error:0D06C03A:asn1 encoding
routine
s:ASN1_D2I_EX_PRIMITIVE:nested asn1 error
[Wed Mar  2 14:55:37 2005] [error] OpenSSL: error:0D06703A:asn1 encoding
routine
s:a2i_ASN1_STRING:nested asn1 error

I have never seen these before and the basic Google searches don't provide a
lot of help.  Any assistance on this will be much appreciated.


Thanks,


Matt

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

OpenSSL Error: [links] Segmentation fault on Configure

2002-09-19 Thread Ron Parker 

I have a Linux Redhat 6.2 system running apache web server.  I'm trying 
to update my existing ssl implementation with openssl-0.9.6g.  Existing 
config was compiled from source tar.

When I type in "configure" I get:

Operating system: i586-whatever-linux2
This system (linux-elf) is not supported. See file INSTALL for details.

I thought this was wierd since it is a linux-elf system and this was 
exactly what I typed in for previous implementation which is 0.9.3a.

So, I moved on to: ./Configure linux-elf, which give me the following:

[root@dns openssl-0.9.6g]# ./Configure linux-elf
Configuring for linux-elf
IsWindows=0
CC=gcc
CFLAG =-fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H 
-DL_ENDIA
N -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM 
-DRMD160_AS
M
EX_LIBS   =-ldl
BN_ASM=asm/bn86-elf.o asm/co86-elf.o
DES_ENC   =asm/dx86-elf.o asm/yx86-elf.o
BF_ENC=asm/bx86-elf.o
CAST_ENC  =asm/cx86-elf.o
RC4_ENC   =asm/rx86-elf.o
RC5_ENC   =asm/r586-elf.o
MD5_OBJ_ASM   =asm/mx86-elf.o
SHA1_OBJ_ASM  =asm/sx86-elf.o
RMD160_OBJ_ASM=asm/rm86-elf.o
PROCESSOR =
RANLIB=/usr/bin/ranlib
PERL  =/usr/bin/perl5
THIRTY_TWO_BIT mode
DES_PTR used
DES_RISC1 used
DES_UNROLL used
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined
Makefile => Makefile.ssl
make: *** [links] Segmentation fault (core dumped)
[root@dns openssl-0.9.6g]#

This also happens when I go back and try to run ./config or ./Configure 
linux-elf from original source tar (the one which is now running).  I 
have no idea what to do from here.  Could someone please give me some 
suggestions on what may be causing this, and what to do about it?  Thanks.

-ron

-- 
Ron Parker
Software Creations http://www.scbbs.com
Self-Administration Web Site   http://saw.scbbs.com
Civil War Online Library   http://civilwar.scbbs.com
VSB Interest Group http://vsb.scbbs.com



-- 
Ron Parker
Software Creations http://www.scbbs.com
Self-Administration Web Site   http://saw.scbbs.com
Civil War Online Library   http://civilwar.scbbs.com
VSB Interest Group http://vsb.scbbs.com


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Apache+SSL Not working ---OpenSSL Error?

2002-11-12 Thread Charles B Cranston 
Manoj Kithany wrote:

> [12/Nov/2002 10:04:37 28132] [error] Init: Unable to read server certificate
> from file /usr/local/ssl/bin/public.csr (OpenSSL library error follows)
> [12/Nov/2002 10:04:37 28132] [error] OpenSSL: error:0D09F007:asn1 encoding
> routines:d2i_X509:expecting an asn1 sequence

> Do anyone of you Experts know what is the above ERROR for and how to remove
> that?

My guess is that public.csr is a Certificate Signing Request
(csr) and not a Certificate?  They are very different objects.

To remove the error you would send the csr to a Certificate Authority
and get a Server Certificate, which Apache would be able to use.

Don't expect this to be free.

-- 

Charles B. (Ben) Cranston
mailto:zben@;umd.edu
http://www.wam.umd.edu/~zben
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Apache+SSL Not working ---OpenSSL Error?

2002-11-12 Thread Tim Regovich 
To make sure that this is an openssl issue, and not
your apache configuration, or the hardware that you
are using (I noticed the ssl_engine_log), try running
the test server program that is with the openssl
distribution.

Regards,

Tim
--- Manoj Kithany <[EMAIL PROTECTED]> wrote:
> Hi Experts:
> 
> I have Apache(with SSL) on my IBM AIX Box. I
> installed it using RPM.
> When I run my APACHE as ssl using: "./apachectl
> startssl" I get following 
> error:
>
--
> # ./apachectl startssl
> ./apachectl startssl: httpd could not be started
> #
>
--
> 
> So, when I check following LOG files - I have
> following:
> 
>

> Filename: error_log
> 
> [Tue Nov 12 10:04:37 2002] [error] mod_ssl: Init:
> Unable to read server 
> certificate from file /usr/local/ssl/bin/public.csr
> (OpenSSL library error 
> follows)
> [Tue Nov 12 10:04:37 2002] [error] OpenSSL:
> error:0D09F007:asn1 encoding 
> routines:d2i_X509:expecting an asn1 sequence
>

> 
> 
>

> Filename: ssl_engine_log
> 
> [12/Nov/2002 10:04:37 28132] [info]  Server:
> Apache/1.3.27, Interface: 
> mod_ssl/2.8.11, Library: OpenSSL/0.9.6e
> [12/Nov/2002 10:04:37 28132] [info]  Init: 1st
> startup round (still not 
> detached)
> [12/Nov/2002 10:04:37 28132] [info]  Init:
> Initializing OpenSSL library
> [12/Nov/2002 10:04:37 28132] [info]  Init: Loading
> certificate & private key 
> of SSL-aware server www.kithany.com:443
> [12/Nov/2002 10:04:37 28132] [error] Init: Unable to
> read server certificate 
> from file /usr/local/ssl/bin/public.csr (OpenSSL
> library error follows)
> [12/Nov/2002 10:04:37 28132] [error] OpenSSL:
> error:0D09F007:asn1 encoding 
> routines:d2i_X509:expecting an asn1 sequence
>

> 
> Do anyone of you Experts know what is the above
> ERROR for and how to remove 
> that?
> 
> THANKS!
> 
> 
> 
> 
> 
> 
>
_
> STOP MORE SPAM with the new MSN 8 and get 2 months
> FREE* 
> http://join.msn.com/?page=features/junkmail
> 
>
__
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List   
> [EMAIL PROTECTED]
> Automated List Manager  
[EMAIL PROTECTED]


__
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Apache+SSL Not working ---OpenSSL Error?

2002-11-12 Thread Himanshu Soni 
You can also check to make sure that the certificate that apache+mod_ssl
is trying to read is in Base64...Everytime, I get these errors, 9 times
of 10, its because my certificate is in DER format where apache is
expecting it in PEM (Base64).


-Original Message-
From: [EMAIL PROTECTED]
[mailto:owner-openssl-users@;openssl.org] On Behalf Of Manoj Kithany
Sent: Tuesday, November 12, 2002 3:19 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Apache+SSL Not working ---OpenSSL Error?

Hi Tim:

THANKS for your email.

What is TEST SERVER Program?




>
>To make sure that this is an openssl issue, and not
>your apache configuration, or the hardware that you
>are using (I noticed the ssl_engine_log), try running
>the test server program that is with the openssl
>distribution.
>
>Regards,
>
>Tim
>--- Manoj Kithany <[EMAIL PROTECTED]> wrote:
> > Hi Experts:
> >
> > I have Apache(with SSL) on my IBM AIX Box. I
> > installed it using RPM.
> > When I run my APACHE as ssl using: "./apachectl
> > startssl" I get following
> > error:
> >
>--
> > # ./apachectl startssl
> > ./apachectl startssl: httpd could not be started
> > #
> >
>--
> >
> > So, when I check following LOG files - I have
> > following:
> >
> >
>---
-
> > Filename: error_log
> >
> > [Tue Nov 12 10:04:37 2002] [error] mod_ssl: Init:
> > Unable to read server
> > certificate from file /usr/local/ssl/bin/public.csr
> > (OpenSSL library error
> > follows)
> > [Tue Nov 12 10:04:37 2002] [error] OpenSSL:
> > error:0D09F007:asn1 encoding
> > routines:d2i_X509:expecting an asn1 sequence
> >
>---
-
> >
> >
> >
>---
-
> > Filename: ssl_engine_log
> >
> > [12/Nov/2002 10:04:37 28132] [info]  Server:
> > Apache/1.3.27, Interface:
> > mod_ssl/2.8.11, Library: OpenSSL/0.9.6e
> > [12/Nov/2002 10:04:37 28132] [info]  Init: 1st
> > startup round (still not
> > detached)
> > [12/Nov/2002 10:04:37 28132] [info]  Init:
> > Initializing OpenSSL library
> > [12/Nov/2002 10:04:37 28132] [info]  Init: Loading
> > certificate & private key
> > of SSL-aware server www.kithany.com:443
> > [12/Nov/2002 10:04:37 28132] [error] Init: Unable to
> > read server certificate
> > from file /usr/local/ssl/bin/public.csr (OpenSSL
> > library error follows)
> > [12/Nov/2002 10:04:37 28132] [error] OpenSSL:
> > error:0D09F007:asn1 encoding
> > routines:d2i_X509:expecting an asn1 sequence
> >
>---
-
> >
> > Do anyone of you Experts know what is the above
> > ERROR for and how to remove
> > that?
> >
> > THANKS!


_
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error (unable to load certificate)

2002-12-06 Thread Wolfgang Ziegler 
At 22:44 06.12.2002 +0100, Richard Levitte - VMS Whacker wrote:
>In message <[EMAIL PROTECTED]> on Fri, 06 Dec 2002 
>19:51:04 +0100, Wolfgang Ziegler <[EMAIL PROTECTED]> said:
>
>Wolfgang.Ziegler> when trying to get the subject out of a certificate
>Wolfgang.Ziegler> from our local test CA I get the following error:
>Wolfgang.Ziegler> 
>Wolfgang.Ziegler> openssl x509 -noout -in usercert.pem -subject
>Wolfgang.Ziegler> unable to load certificate
>Wolfgang.Ziegler> 26416:error:0D081072:asn1 encoding 
>routines:d2i_ASN1_OBJECT:expecting an object:a_object.c:217:
>Wolfgang.Ziegler> 26416:error:0D084070:asn1 encoding routines:d2i_ASN1_SET:error 
>parsing set element:a_set.c:198:address=134815299 offset=-134815267
>Wolfgang.Ziegler> 26416:error:0D11D004:asn1 encoding 
>routines:d2i_X509_CERT_AUX:nested asn1 error:x_x509a.c:82:address=134815295 offset=4
>Wolfgang.Ziegler> 26416:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 
>lib:pem_lib.c:290:
>
>Hmm, I've seen something similar.  If you do the following, what do
>you get?
>
>openssl asn1parse -i -in usercert.pem

nothing, there is no output at all

>-- 
>Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
>Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
>\  SWEDEN   \ or +46-708-26 53 44
>Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
>Member of the OpenSSL development team: http://www.openssl.org/
>
>Unsolicited commercial email is subject to an archival fee of $400.
>See  for more info.

--
 Fraunhofer-Institute for Algorithms and Scientific Computing (SCAI)
   Schloss Birlinghoven, D-53754 Sankt Augustin, Germany
Tel: +49 2241 14 2258Fax: +49 2241 14 2889   http://www.scai.fraunhofer.de
 "Heut ist nicht so kalt wie gestern, trotzdem dass heut kaelter ist"
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Strange OpenSSL error when trying to use OpenVPN

2008-03-25 Thread Richard Hartmann 
Hi all,

I have my own CA tree, with the relevant part being:

 root CA {1}
 \- VPN CA {2}
\- server CA {3}
   |- server certificate {4}
   \- client certificate {5}

I put 1 & 2 into /etc/ssl/certs/ of the server and 3 into
/etc/openvpn/default/default-ca.pem . The server does, of course, use
its server certificate & privkey.

The client has a single CA file with 1, 2 & 3's certificates
concatenated. It also has its own client certificate & privkey.

Verifying the trust chain with openssl verify -verbose -CAfile foo works
for all five certificates with foo holding 1, 2 & 3.


Yet, when I want to connect to the server, OpenVPN dies with:

Tue Mar 25 15:04:53 2008 us=886000 Incoming Ciphertext -> TLS
Tue Mar 25 15:04:53 2008 us=886000 VERIFY OK: depth=3, /CN=root_CA
Tue Mar 25 15:04:53 2008 us=886000 VERIFY ERROR: depth=2,
error=certificate signature failure: /CN=VPN_CA
Tue Mar 25 15:04:53 2008 us=886000 SSL alert (write): fatal: decrypt error
Tue Mar 25 15:04:53 2008 us=886000 TLS_ERROR: BIO read
tls_read_plaintext error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Mar 25 15:04:53 2008 us=886000 TLS Error: TLS object -> incoming
plaintext read error
Tue Mar 25 15:04:53 2008 us=886000 TLS Error: TLS handshake failed

(The name strings for 1 & 2 being shortened to root_CA & VPN_CA respectively)


man verify tells me:

7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
the signature of the certificate is invalid.

which does not make sense, seeing as the path verifies OK when doing the
same thing manually and even using the very same file for the
verification that the OpenVPN client is using.


So, if anyone has any idea or an educated guess about the cause or hints
to get better debug output, please tell me.


Thanks in advance :)
Richard
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

OpenSSL error: sslv3 alert bad record mac (fwd)

2004-05-04 Thread Jason A. Pfeil 
Hrm...I am curious if anyone on the list has any idea about what might
be going on with this error.  I saw a prior thread that just ended over
a year ago with no resolution or explanation.

Thanks!

-- 
Jason A. Pfeil   jason=at=jasonpfeil.com.NOSPAM

-- Forwarded message --
Date: Thu, 22 Apr 2004 14:47:16 -0400 (EDT)
From: Jason A. Pfeil <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: OpenSSL error: sslv3 alert bad record mac

Greetings, List!

I am having difficulty with pine connecting from one of my machines to
my SSL IMAP server.  What happens is that when I start pine, it asks for
my password and I give it.  It connects to the server and then tells me
that there was an error and the connection vanishes.  Then I go back to
the folder list, reselect the folder, and voila!  It works just fine.

When the first connection vanishes, I get this error in my logfile:

imapd-ssl: couriertls: read: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert 
bad record mac

I have tracked this down with the courier-imap people and they can't
figure out the issue.  I cannot replicate it with the exact same version
of pine and openssl on another box.  I have rebuild openssl *and* pine
on the affected box many times.

I am using pine 4.58 and openssl:

% openssl version
OpenSSL 0.9.7d 17 Mar 2004

Pine is linked against it:

% ldd /usr/bin/pine
libldap.so.2 => /usr/lib/libldap.so.2 (0x40036000)
liblber.so.2 => /usr/lib/liblber.so.2 (0x4006d000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40079000)
libncurses.so.5 => /lib/libncurses.so.5 (0x4008b000)
libpam.so.0 => /lib/libpam.so.0 (0x400d)
libdl.so.2 => /lib/libdl.so.2 (0x400d8000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x400dc000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x400ef000)
libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x40155000)
libcom_err.so.3 => /usr/lib/libcom_err.so.3 (0x4024f000)
libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x40251000)

libc.so.6 => /lib/libc.so.6 (0x40282000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x403b1000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x403c4000)


I am running gentoo linux and it is up to date as of a few days ago.

Any suggestions that anyone here may have will be *extremely* welcome.

Thanks!

--Jason

-- 
Jason A. Pfeil   jason=at=jasonpfeil.com.NOSPAM
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

trying to compile libssh2 and get openssl error

2009-02-25 Thread clump 

I'm following instructions in this pdf:

curl.haxx.se/libcurl/c/Using-libcurl-with-SSH-support-in-Visual-Studio-2008.pdf

In compiling libssh2 per the instructions, I get this error in VSC++2008:

Cannot open include file: 'openssl/opensslconf.h': No such file or directory

In fact I get that same error repeated 16 times.  But, the file is sitting
there in the very place it's searching for it. The include path is correct. 
Has anyone been around this block?
-- 
View this message in context: 
http://www.nabble.com/trying-to-compile-libssh2-and-get-openssl-error-tp22197487p22197487.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

openssl error while retreaving key from smartcard from wpa_supplicant?

2007-06-25 Thread Carles Fernandez i Julia 
Hi
I'm currently trying to authenticate using EAP-TLS using smartcard with
wpa_supplicant and I get this error:

OpenSSL: tls_connection_engine_private_key - Private key failed
verification error:140A30B1:SSL routines:SSL_check_private_key:no
certificate assigned

I got some messages "Error: can't open /var/run/openct/status: No such
file or directory" but I get these messages always when I use my
smartcard reader (and it works).

I've googled and i got nothing useful. Any idea?

ps: I've ***ed personal data from attached files

thanks,
Carles



ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
fast_reauth=1
pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
pkcs11_module_path=/usr/lib/opensc-pkcs11.so

network={
ssid="*"
key_mgmt=WPA-EAP
eap=TLS
proto=WPA
pairwise=TKIP
group=TKIP
identity="[EMAIL PROTECTED]"
ca_cert="/etc/wpa_supplicant/CA_CATCertPP_GlobalTrust.crt"
#client_cert="/etc/cert/user.pem"

#   scan_ssid=1
engine=1

# The engine configured here must be available. Look at
# OpenSSL engine support in the global section.
# The key available through the engine must be the private key
# matching the client certificate configured above.

# use the opensc engine
#engine_id="opensc"
#key_id="45"

# use the pkcs11 engine
engine_id="pkcs11"
key_id="e451d1d1197caf4c74c33d9143986a28c9c34a55"

# Optional PIN configuration; this can be left out and PIN will be
# asked through the control interface
pin=""
}

[EMAIL PROTECTED]:~$ sudo wpa_supplicant -D wext -i eth1 -c 
/etc/wpa_supplicant/wpa_supplicant.conf -ddd
Initializing interface 'eth1' conf '/etc/wpa_supplicant/wpa_supplicant.conf' 
driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> 
'/etc/wpa_supplicant/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group='0' (DEPRECATED)
eapol_version=1
fast_reauth=1
pkcs11_engine_path='/usr/lib/engines/engine_pkcs11.so'
pkcs11_module_path='/usr/lib/opensc-pkcs11.so'
Line: 17 - start of a new network block
ssid - hexdump_ascii(len=7):
 ** ** ** ** **  *
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00
proto: 0x1
pairwise: 0x8
group: 0x8
identity - hexdump_ascii(len=40):
 ** ** ** ** ** *** ** ** ***
ca_cert - hexdump_ascii(len=48):
 2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63   /etc/wpa_supplic
 61 6e 74 2f 43 41 5f 43 41 54 43 65 72 74 50 50   ant/CA_CATCertPP
 5f 47 6c 6f 62 61 6c 54 72 75 73 74 2e 63 72 74   _GlobalTrust.crt
engine=1 (0x1)
engine_id - hexdump_ascii(len=6):
 70 6b 63 73 31 31 pkcs11
key_id - hexdump_ascii(len=40):
 65 34 35 31 64 31 64 31 31 39 37 63 61 66 34 63   e451d1d1197caf4c
 37 34 63 33 33 64 39 31 34 33 39 38 36 61 32 38   74c33d9143986a28
 63 39 63 33 34 61 35 35   c9c34a55
pin - hexdump_ascii(len=4): [REMOVED]
Priority group 0
   id=0 ssid='***'
Initializing interface (2) 'eth1'
ENGINE: Loading dynamic engine
ENGINE: Loading pkcs11 Engine from /usr/lib/engines/engine_pkcs11.so
ENGINE: 'SO_PATH' '/usr/lib/engines/engine_pkcs11.so'
ENGINE: 'ID' 'pkcs11'
ENGINE: 'LIST_ADD' '1'
ENGINE: 'LOAD' '(null)'
ENGINE: 'MODULE_PATH' '/usr/lib/opensc-pkcs11.so'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=21 WE(source)=16 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf
WEXT: Operstate: linkmode=1, operstate=5
Own MAC address: 00:13:02:61:79:24
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wpa_driver_wext_set_drop_unencrypted
Setting scan request: 0 sec 10 usec
ctrl_interface_group=0
Added interface eth1
RTM_NEWLINK: operstate=0 ifi_flags=0x1002 ()
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Trying to get current scan results first without requesting a new scan to speed 
up initial association
Received 1539 bytes of scan results (7 BSSes)
Scan results: 7
Selecting BSS from prior

openssl error (in grid ftp) with non-Globus certificate

2002-11-27 Thread Wolfgang Ziegler 
Hi,

when trying to use a certificate from our local test CA I encountered
the following error:

wolf@packcs-e0:~/.globus > /opt/globus/bin/openssl x509 -noout -in 
usercert.pem -subject
unable to load certificate
26416:error:0D081072:asn1 encoding routines:d2i_ASN1_OBJECT:expecting an 
object:a_object.c:217:
26416:error:0D084070:asn1 encoding routines:d2i_ASN1_SET:error parsing set 
element:a_set.c:198:address=134815299 offset=-134815267
26416:error:0D11D004:asn1 encoding routines:d2i_X509_CERT_AUX:nested asn1 
error:x_x509a.c:82:address=134815295 offset=4
26416:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:290:

Doing a verification of the certificate results in:

wolf@packcs-e0:~/.globus > /opt/globus/bin/openssl verify -CApath 
/etc/grid-security/certificates usercert.pem
usercert.pem: OK
wolf@packcs-e0:~/.globus >

Doing the same with my (outdated) Globus certificate works well, the first 
command
results the Subject string, the second tells me that my certificate has 
expired.

The openssl version is: OpenSSL 0.9.6g 9 Aug 2002

Does anybody see what is going wrong?

Thanks,

Wolfgang


--
  Fraunhofer-Institute for Algorithms and Scientific Computing (SCAI)
   Schloss Birlinghoven, D-53754 Sankt Augustin, Germany
Tel: +49 2241 14 2258Fax: +49 2241 14 2889http://www.scai.fraunhofer.de
  "Heut ist nicht so kalt wie gestern, trotzdem dass heut kaelter ist"
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error while retreaving key from smartcard from wpa_supplicant?

2007-06-25 Thread Marek Marcola 
Hello,
> I'm currently trying to authenticate using EAP-TLS using smartcard with
> wpa_supplicant and I get this error:
> 
> OpenSSL: tls_connection_engine_private_key - Private key failed
> verification error:140A30B1:SSL routines:SSL_check_private_key:no
> certificate assigned
> 
> I got some messages "Error: can't open /var/run/openct/status: No such
> file or directory" but I get these messages always when I use my
> smartcard reader (and it works).
> 
Looks like you have not configured X509 private key certificate.

> plain text document attachment (wpa_supplicant.conf)
> ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=0
> eapol_version=1
> fast_reauth=1
> pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
> pkcs11_module_path=/usr/lib/opensc-pkcs11.so
> 
> network={
> ssid="*"
> key_mgmt=WPA-EAP
> eap=TLS
> proto=WPA
> pairwise=TKIP
> group=TKIP
> identity="[EMAIL PROTECTED]"
> ca_cert="/etc/wpa_supplicant/CA_CATCertPP_GlobalTrust.crt"
> #client_cert="/etc/cert/user.pem"
I'm not sure but this maybe the place to configure certificate.
You should have your private key certificate. This certificate may be
located in plain file. To check that your certificate certifies proper
private key you may do something like that (test example):

$ openssl rsa -engine chil -in rsa-test2 -inform engine -modulus -noout
engine "chil" set.
Modulus=D14731D19EF32A3D458EE61B219A0E019...
$ openssl x509 -in rsa-test2-crt.pem -modulus -noout
Modulus=D14731D19EF32A3D458EE61B219A0E019

and you should get the same numbers.

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error while retreaving key from smartcard from wpa_supplicant?

2007-06-26 Thread Carles Fernandez i Julia 
En/na Marek Marcola ha escrit:
> Hello,
>   
>> I'm currently trying to authenticate using EAP-TLS using smartcard with
>> wpa_supplicant and I get this error:
>>
>> OpenSSL: tls_connection_engine_private_key - Private key failed
>> verification error:140A30B1:SSL routines:SSL_check_private_key:no
>> certificate assigned
>>
>> I got some messages "Error: can't open /var/run/openct/status: No such
>> file or directory" but I get these messages always when I use my
>> smartcard reader (and it works).
>>
>> 
> Looks like you have not configured X509 private key certificate.
>
>   
>> plain text document attachment (wpa_supplicant.conf)
>> ctrl_interface=/var/run/wpa_supplicant
>> ctrl_interface_group=0
>> eapol_version=1
>> fast_reauth=1
>> pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
>> pkcs11_module_path=/usr/lib/opensc-pkcs11.so
>>
>> network={
>> ssid="*"
>> key_mgmt=WPA-EAP
>> eap=TLS
>> proto=WPA
>> pairwise=TKIP
>> group=TKIP
>> identity="[EMAIL PROTECTED]"
>> ca_cert="/etc/wpa_supplicant/CA_CATCertPP_GlobalTrust.crt"
>> #client_cert="/etc/cert/user.pem"
>> 
> I'm not sure but this maybe the place to configure certificate.
> You should have your private key certificate. This certificate may be
> located in plain file. To check that your certificate certifies proper
> private key you may do something like that (test example):
>   
That's the point : I have the private key certificate stored in the
smartcard, not located in a plain file. That's why I commented the line
above.

> $ openssl rsa -engine chil -in rsa-test2 -inform engine -modulus -noout
> engine "chil" set.
> Modulus=D14731D19EF32A3D458EE61B219A0E019...
> $ openssl x509 -in rsa-test2-crt.pem -modulus -noout
> Modulus=D14731D19EF32A3D458EE61B219A0E019
>
> and you should get the same numbers.
>
>   
I've tried in all ways to try this with the pkcs11 module to use my
smartcard to do the test but I didn't reach. Maybe the structure is
different when not operating with files.
> Best regards,
>   
Thank you for your effort!

-- 

..
 __
/ /  Carles Fernàndez
  C E / S / C A  Dept. de Comunicacions
  /_/Centre de Supercomputació de Catalunya

  Gran Capità, 2-4 (Edifici Nexus) · 08034 Barcelona
  T. 93 205 6464 · F.  93 205 6979 · [EMAIL PROTECTED]
.. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error while retreaving key from smartcard from wpa_supplicant?

2007-07-02 Thread Nils Larsch 

Carles Fernandez i Julia wrote:
...

That's the point : I have the private key certificate stored in the
smartcard, not located in a plain file. That's why I commented the line
above.


the engine doesn't support using certificates stored on smart cards
(and I don't even think that this extremly useful).

Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error while retreaving key from smartcard from wpa_supplicant?

2007-07-03 Thread Carles Fernandez i Julia 
En/na Nils Larsch ha escrit:
> Carles Fernandez i Julia wrote:
> ...
>> That's the point : I have the private key certificate stored in the
>> smartcard, not located in a plain file. That's why I commented the line
>> above.
>
> the engine doesn't support using certificates stored on smart cards
> (and I don't even think that this extremly useful).
But this engine, pkcs11-opensc, is designed to do this (using
certificates on smartcards).
>
> Nils
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   [EMAIL PROTECTED]
>
>


-- 

..
 __
/ /  Carles Fernàndez
  C E / S / C A  Dept. de Comunicacions
  /_/Centre de Supercomputació de Catalunya

  Gran Capità, 2-4 (Edifici Nexus) · 08034 Barcelona
  T. 93 205 6464 · F.  93 205 6979 · [EMAIL PROTECTED]
.. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error while retreaving key from smartcard from wpa_supplicant?

2007-07-03 Thread Nils Larsch 

Carles Fernandez i Julia wrote:

En/na Nils Larsch ha escrit:

Carles Fernandez i Julia wrote:
...

That's the point : I have the private key certificate stored in the
smartcard, not located in a plain file. That's why I commented the line
above.

the engine doesn't support using certificates stored on smart cards
(and I don't even think that this extremly useful).

But this engine, pkcs11-opensc, is designed to do this (using
certificates on smartcards).


the engine is designed to use the token for the cryptographic
operation (i.e. signing, decrypting with the private key) and
not as a storage device for public objects (smartcards are terrible
slow so you normally want to reduce the communication with the
card as much as possible).

Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[SOLVED] Re: Strange OpenSSL error when trying to use OpenVPN

2008-03-26 Thread Richard Hartmann 
My certificate uses a SHA256 hash and the client has OpenSSL 0.9.7.
0.9.8 is needed to support SHA256 hashes.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error while retreaving key from smartcard from wpa_supplicant?

2008-08-28 Thread Sergio 

Hi,

first, until 0.6.4 devel version of wpa_supplicant, it requires a copy 
of client cert sitting on hard disk. 0.6.4 has cert_id field.
at this moment i have got exactly the same error. Using wpa_supplicant 
under linux client works. With openssl engine, i only need to indicate 
key_id, cert_id and pin, and then authentication is performed.
Using wpa_supplicant under windows, the things are different. Really 
only two fields into wpa_supplicant.conf change, that is:


pkcs11_engine_path=C:\Archivos de programa\Smart card 
bundle\engine_pkcs11.dll
pkcs11_module_path=C:\Archivos de programa\Smart card 
bundle\UsrPkcs11.dll, a module provided for a spanish authority, who 
provides my smartcard. With this module i can do some operations like 
list objects and so on. Under linux, was enough to put opensc-pkcs11.so 
because opensc has specific drivers to my smartcard, but not under 
windows, because of this, i put the dll directly.


I have got two errors:

1.- pin - hexdump_ascii(len=6): [REMOVED] during the parse of 
configuration file


2.- TLS: Failed to load private key
EAPOL: EAP parameter needed
CTRL-REQ-PIN-0:PIN needed for SSID kely
EAP-TLS: Failed to initialize SSL.
EAP-TLS: Requesting Smartcard PIN
EAPOL: EAP parameter needed
CTRL-REQ-PIN-0:PIN needed for SSID kely
EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
EAP: Pending PIN/passphrase request - skip Nak

but really i think here is not the correct place to ask for this
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]