subject:"trying to understand handshake in s23

Re: trying to understand handshake in s23_srvr.c

2001-02-03 Thread terr


 I'm having a problem getting apache and openssl 0.9.6 running.  I'm getting the 
following message.
 
 [Sat Feb  3 18:40:27 2001] [notice] Apache/1.3.14 Ben-SSL/1.42 (Unix) configured -- 
resuming normal operations
 [Sat Feb  3 18:40:27 2001] [info] Server built: Feb  3 2001 18:40:04
 [Sat Feb  3 18:40:57 2001] [debug] apache_ssl.c(369): Random input /dev/urandom(1024) 
-> 1024
 [Sat Feb  3 18:40:58 2001] [error] SSL_accept failed
 [Sat Feb  3 18:40:58 2001] [error] error:1407609C:SSL 
routines:SSL23_GET_CLIENT_HELLO:http request
 
 
 So I put some debugging code in and found out that the server is recieving the 
following request:
 
 GET / HTTP/
 
 This is in the buffer (char *)p
 
 I am under the impression that this is correct.  
 
 
 Can someone enlightn me?
 
 thanx
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: trying to understand handshake in s23_srvr.c

2001-02-05 Thread Richard Levitte - VMS Whacker


From: [EMAIL PROTECTED]

terr>  So I put some debugging code in and found out that the server
terr>  is recieving the following request:
terr>  
terr>  GET / HTTP/
terr>  
terr>  This is in the buffer (char *)p
terr>  
terr>  I am under the impression that this is correct.  

That is not correct.  A correct string would be:

GET / HTTP/1.0

You might want to read RFC2616 to know more about HTTP.

Anyhow, the message:

error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

means that a (non-encrypted) message has been sent where SSL was
expected.  In other words, someone has tried to access the following:

http://whatever:443/

instead of

https://whatever:443/

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: trying to understand handshake in s23_srvr.c

2001-02-05 Thread Richard Levitte - VMS Whacker


From: [EMAIL PROTECTED]

Oh, and now I realised some bloody fsck moronic software is replaying
messages.  The message I just answered to has the following headers.
rly-mx1.maxis.net.my seems to be at fault:

Received: from ossp.org ([EMAIL PROTECTED] [62.208.181.50])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id LAA00084
for <[EMAIL PROTECTED]>; Mon, 5 Feb 2001 11:36:52 +0100 (MET)
Received: by mail.ossp.org (Sendmail 8.11.0+/smtpfeed 1.07) for openssl-users-L2
id f15AYLT12727; Mon, 5 Feb 2001 11:34:21 +0100 (CET)
Received: by mail.ossp.org (Sendmail 8.11.0+) via ESMTP for <[EMAIL PROTECTED]>
from opensource.ee.ethz.ch id f15AXfj12724; Mon, 5 Feb 2001 11:33:41 +0100 
(CET)
Received: by en5.engelschall.com (Sendmail 8.9.2/smtpfeed 1.06) for openssl-users-L
id LAA01845; Mon, 5 Feb 2001 11:33:27 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
<[EMAIL PROTECTED]>
from rly-mx1.maxis.net.my id LAA01828; Mon, 5 Feb 2001 11:33:19 +0100 (MET)
Received: from mail pickup service by rly-mx1.maxis.net.my with Microsoft SMTPSVC;
 Mon, 5 Feb 2001 18:32:07 +0800
Received: from mail pickup service by rly-mx1.maxis.net.my with Microsoft SMTPSVC;
 Mon, 5 Feb 2001 11:11:14 +0800
Received: from rly-mx1.maxis.net.my ([202.75.130.117]) by rly-mx1.maxis.net.my  with 
Microsoft SMTPSVC(5.5.1877.467.46);
 Sun, 4 Feb 2001 10:14:21 +0800
Received: from ossp.org (ossp1.ossp.org [62.208.181.50]) by rly-mx1.maxis.net.my with 
SMTP (MailShield v2.0 - WIN32 Oct 17 2000 11:47:19); Sun, 04 Feb 2001 10:14:20 +0800
Received: by mail.ossp.org (Sendmail 8.11.0+/smtpfeed 1.07) for openssl-users-L2
id f142BhD32658; Sun, 4 Feb 2001 03:11:43 +0100 (CET)
[...]

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

trying to understand handshake in s23_srvr.c apache 1.3.14 + openssl 0.9.6 solutions

2001-02-03 Thread terr


OK - I think I found it.

For anyone trying to configure this there are aome pointers.

1)  The httpsd.conf file found in the apache directory, typically in 
/usr/local/apache_1.3.14/conf  is not used.  The server instead looks for
httpd.conf.  You can grab the one Ben Laurie created and mofify it heavily.  Pay 
careful attention to the paths where things are found.

2)  Ben has set up heap as his virtual machine.  The server seems to key on the port 
number as follows:

  - standard http port is 80
  - secure https port is 443

  - you typically want the server to listen to both ports  (and you can use Ben's 8887 
and  for testing if you wish)

  - Apache is dumb as a brick and does NOT KNOW which protocol is running on which 
port.  You need to tell it like this.

Port 80
Listen 80
Listen 443

NameVirtualHost www.mydomain.com


ServerAdmin [EMAIL PROTECTED]
DocumentRoot /webroot/
ServerName www.mydomain.com
ServerPath /mydomain
ErrorLog logs/error-log-mydomin
TransferLog logs/access-log-mydomin
SSLDisable


When the http requst comes in on port 80 it is directed to a virtual host which does 
NOT run https.  If you do not do this then apache will fire the handshake into the 
openSSL code and it will result in a trap in routine s23_srvr.c around line 285 or so. 
 Of course the error message will not clue you in to the fact that apache is trying to 
feed http protocol into https code.

3)  Debugging output is enabled in the code.  Before you put it into production you 
will probably want to disable it and recompile.

4)  There is a LOT of configuration that you need to do.  

5)  Note: the above example has somne special directives that are designed for Name 
Based Virtual Hosting.  In particular the ServerPath directive allows you some support 
for brain dead old browsers such the one shipped in OS/2.  Read all about it in the 
apache docs.  It really does not belong in here but there's a tip anyway.

6)  You do not seem to have to do any patching to openSSL 0.9.6 (0.9.5a does require 
the patch)

If peeople want I'll document all this and put it up on my website.  Just let me know.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: trying to understand handshake in s23_srvr.c

Re: trying to understand handshake in s23_srvr.c

Re: trying to understand handshake in s23_srvr.c

trying to understand handshake in s23_srvr.c apache 1.3.14 + openssl 0.9.6 solutions

4 matches

Site Navigation

Mail list logo

Footer information