Re: Server key issue. need Urgent Help on it

[Gaiseric Vandal]

This means you need to create a key pair (private key with no password +
X509 certficate) for apache to use. 

Some linux distributions sometimes include a dummy key pair just for
testing.   

On Fedora Core 14 these is a /etc/pki/tls/certs/make-dummy-cert command.  


On 08/28/12 07:21, Jamshed Alam wrote:
> Dear All,
>  I have installed OpenSSL and faces this given below error when try to
> tun apache server. Kindly advice me on this, how to correct it
>
> root@zeroshell root> /etc/init.d/httpd start
> Starting httpd daemon...
> Syntax error on line 121 of /etc/httpd/conf/ssl.conf:
> SSLCertificateKeyFile: file '/etc/httpd/conf/ssl.key/server.key' does
> not exist or is empty
>
> I am looking forward to you about this error
>
> Best Regards,
> Jamshed Alam


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Server key issue. need Urgent Help on it

[latze]

Sorry for the stupid questions, but
- does this file exist on your machine (and there is no typo in the name)?
- and does it have meaningful content (a key)?

> Dear All,
>  I have installed OpenSSL and faces this given below error when try to tun
> apache server. Kindly advice me on this, how to correct it
>
> root@zeroshell root> /etc/init.d/httpd start
> Starting httpd daemon...
> Syntax error on line 121 of /etc/httpd/conf/ssl.conf:
> SSLCertificateKeyFile: file '/etc/httpd/conf/ssl.key/server.key' does not
> exist or is empty
>
> I am looking forward to you about this error
>
> Best Regards,
> Jamshed Alam
>


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Urgent Help Needed

[Sander Temme]

On Mar 21, 2010, at 12:12 AM, Anjan Koundinya.K wrote:

> What should I do? I need as a part of final year project . Please help

If your curriculum has anything to do with computing, I suggest going back and 
taking the other years before you hit the final.  Otherwise, you might try to 
put the lib directory under your OpenSSL install on your LD_LIBRARY_PATH. 

S.

-- 
san...@temme.net  http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF



smime.p7s
Description: S/MIME cryptographic signature

Urgent Help Needed

[Anjan Koundinya.K]

I have installed openssl-0.9.8e on Ubuntu 9 and installation is
successfully.  But I am trying to execute SSL client and server in shell and
get and error.

*/tmp/cceqI1DB.o: In function `main':*
*sslclient.c:(.text+0x21): undefined reference to `initialize_ctx'*
*sslclient.c:(.text+0x3a): undefined reference to `SSL_new'*
*sslclient.c:(.text+0x52): undefined reference to `BIO_new_socket'*
*sslclient.c:(.text+0x72): undefined reference to `SSL_set_bio'*
*sslclient.c:(.text+0x7e): undefined reference to `SSL_connect'*
*sslclient.c:(.text+0x92): undefined reference to `check_cert_chain'*
*/tmp/cceqI1DB.o: In function `read_write':*
*sslclient.c:(.text+0x1db): undefined reference to `SSL_write'*
*sslclient.c:(.text+0x1fb): undefined reference to `SSL_read'*
*sslclient.c:(.text+0x219): undefined reference to `SSL_get_error'*
*sslclient.c:(.text+0x25d): undefined reference to `berr_exit'*
*sslclient.c:(.text+0x26b): undefined reference to `SSL_pending'*
*sslclient.c:(.text+0x28a): undefined reference to `SSL_shutdown'*
*sslclient.c:(.text+0x298): undefined reference to `SSL_free'*
*collect2: ld returned 1 exit status*
*
*
What should I do? I need as a part of final year project . Please help

Thanks & Regards
Anjan

RE: ssl_write returned ssl_error_ssl: urgent help needed

[Jeremy Farrell]

There's probably something wrong with your code, but from the
information you've presented it's difficult to be more precise. I don't
see what your question has to do with developing OpenSSL, so I've
dropped openssl-dev from the thread.
 
http://www.catb.org/~esr/faqs/smart-questions.html
 




From: sandeep.kuma...@wipro.com
 
To: openssl-users@openssl.org; openssl-...@openssl.org
 
Hi,
 
I got some weird error. help needed urgent.
 
SSL_write() is returned with error "SSL3_WRITE_PENDING:bad write
retry". I have tried with flags "PARTIAL_WRITE" and "AUTO_RETRY" and
"MOVING BUFFER".
Still i am facing this problem. Any temporary workaround will
also be appreciated.
 
Thanks & Regards,
Sandeep

Re: ssl_write returned ssl_error_ssl: urgent help needed

[luiz]

Hi

i use the follow to write to ssl

int hb_inetSSLWrite( SSL* pSSL, int iSock,int iTimeout char * msg, int
length, int* iRet)
{

   int ret;
   int sslerr;
   int r;
   fd_set fd_r, fd_w;
   struct timeval tv;

   do
   {
  ret = SSL_write(pSSL, msg, length);
  sslerr = SSL_get_error(pSSL, ret);

  if ( ret > 0)
  {
r = 1;
*iRet = 0;
break;
  }
  *iRet = sslerr;
  FD_ZERO( &fd_r );
  FD_ZERO( &fd_w );
  if( iTimeout  > 0 )
  {
 tv.tv_sec = iTimeout   / 1000;
 tv.tv_usec = ( iTimeout  % 1000 ) * 1000;
  }

  switch (sslerr)
  {
 case SSL_ERROR_WANT_READ:
FD_SET(iSock,&fd_r);
break;
 case SSL_ERROR_WANT_WRITE:
FD_SET(iSock,&fd_w);
break;
 default:
return -1;
  }
  if( iTimeout   > 0 )
 r = select(iSock+1,&fd_r,&fd_w,NULL,&tv);
  else
 r = select(iSock+1,&fd_r,&fd_w,NULL,NULL);

   } while ( ret == -1 && r != 0 );

   if ( r == 0)
  return -1;

   return ret;
}


> Hi,
>
> I got some weird error. help needed urgent.
>
> SSL_write() is returned with error "SSL3_WRITE_PENDING:bad write retry".
> I have tried with flags "PARTIAL_WRITE" and "AUTO_RETRY" and "MOVING
> BUFFER".
> Still i am facing this problem. Any temporary workaround will also be
> appreciated.
>
> Thanks & Regards,
> Sandeep
>
> Please do not print this email unless it is absolutely necessary.
>
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you
> are not the intended recipient, you should not disseminate, distribute or
> copy this e-mail. Please notify the sender immediately and destroy all
> copies of this message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient
> should check this email and any attachments for the presence of viruses.
> The company accepts no liability for any damage caused by any virus
> transmitted by this email.
>
> www.wipro.com
>


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

ssl_write returned ssl_error_ssl: urgent help needed

[sandeep.kumar17]

Hi,

I got some weird error. help needed urgent.

SSL_write() is returned with error "SSL3_WRITE_PENDING:bad write retry".
I have tried with flags "PARTIAL_WRITE" and "AUTO_RETRY" and "MOVING
BUFFER".
Still i am facing this problem. Any temporary workaround will also be
appreciated.

Thanks & Regards,
Sandeep

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com

Re: apache http server not connecting to correct open ssl --urgent help needed

[Nikos Balkanas]

I see your problem:

Do the following with your correct LD_LIBRARY_PATH:

echo $LD_LIBRARY_PATH
ldd 

and post results

Nikos

- Original Message - 
From: "Srinivas Jonnalagadda" 

To: ; 
Cc: 
Sent: Friday, April 03, 2009 7:09 PM
Subject: Re: apache http server not connecting to correct open ssl --urgent 
help needed




hi nikos,

Thanks fo rthe information. i tried you idea but still when i restart i 
get the following message. any more information is highly appreciated. My 
LDPATH has been set to the following:

LD_LIBRARY_PATH="/usr/local/openssl098i/lib:/apps/opt/apache2/lib:$LD_LIBRARY_PATH"
export LD_LIBRARY_PATH


[Fri Apr 03 12:00:38 2009] [warn] Init: Session Cache is not configured 
[hint: SSLSessionCache]
[Fri Apr 03 12:00:38 2009] [notice] Digest: generating secret for digest 
authentication ...

[Fri Apr 03 12:00:38 2009] [notice] Digest: done
[Fri Apr 03 12:00:41 2009] [notice] Apache/2.0.63 (Unix) mod_ssl/2.0.63 
OpenSSL/0.9.8b configured -- resuming normal operations


Thanks,
srinivas Jonnalagadda




-Original Message-

From: Nikos Balkanas 
Sent: Apr 3, 2009 7:11 AM
To: openssl-users@openssl.org
Cc: openssl-...@openssl.org
Subject: Re: apache http server not connecting to correct open 
ssl --urgent help needed


Hi,

I imagine you are using a Solaris 10 machine. You also need to load
different versions of the same library. You need to set the correct
LD_LIBRARY_PATH. For 2.0.55 include in the LD_LIBARY_PATH your 0.9.8b
libraries (libssl, libcrypto). For the 2.0.63 include your 0.9.8i 
libraries

path (/usr/local/openssl098i/lib).

Best way is to create 2 scripts (start55, start63) that set up your
LD_LIBRARY_PATH correctly.

BR,
Nikos
- Original Message - 
From: "The Doctor" 

To: 
Cc: 
Sent: Friday, April 03, 2009 1:01 AM
Subject: Re: apache http server not connecting to correct open 
ssl --urgent

help needed



On Thu, Apr 02, 2009 at 05:20:30PM -0400, Srinivas Jonnalagadda wrote:

Hi,

I have openssl 0.9.8b installed with apache http server 2.0.55 on 
sloariz

machine. when i installed i used the /usr/local/ssl as prefix and i did
not use shared threads option. I was able to install successfully. On 
the

same machine i installed openssl 0.9.8i in /usr/local/openssl098i
directory and used the shared threads option. i installed apache http
2.0.63 on the same machine and when i installed i gave prefix as
/usr/local/openssl098i. my intention was tht when i start apache http
2.0.63 i should use /usr/local/openssl098i and when is start apache 
http

server 2.0.55 i should use  /usr/local/ssl. My problem now is when i
start both are connecting to openssl 0.9.8b. Please tell me how to
connect to both.





You need to make slight modifications to the Apache code!

Instead of STACK you need to specify STACK_OF( ).


Thanks,
Srinivas Jonnalagadda
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


--
Member - Liberal International This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Point to http://tv.cityonahillproductions.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: apache http server not connecting to correct open ssl --urgent help needed

[Srinivas Jonnalagadda]

hi nikos,

Thanks fo rthe information. i tried you idea but still when i restart i get the 
following message. any more information is highly appreciated. My LDPATH has 
been set to the following:
LD_LIBRARY_PATH="/usr/local/openssl098i/lib:/apps/opt/apache2/lib:$LD_LIBRARY_PATH"
 
export LD_LIBRARY_PATH


[Fri Apr 03 12:00:38 2009] [warn] Init: Session Cache is not configured [hint: 
SSLSessionCache]
[Fri Apr 03 12:00:38 2009] [notice] Digest: generating secret for digest 
authentication ...
[Fri Apr 03 12:00:38 2009] [notice] Digest: done
[Fri Apr 03 12:00:41 2009] [notice] Apache/2.0.63 (Unix) mod_ssl/2.0.63 
OpenSSL/0.9.8b configured -- resuming normal operations

Thanks,
srinivas Jonnalagadda




-Original Message-
>From: Nikos Balkanas 
>Sent: Apr 3, 2009 7:11 AM
>To: openssl-users@openssl.org
>Cc: openssl-...@openssl.org
>Subject: Re: apache http server not connecting to correct open ssl --urgent 
>help needed
>
>Hi,
>
>I imagine you are using a Solaris 10 machine. You also need to load 
>different versions of the same library. You need to set the correct 
>LD_LIBRARY_PATH. For 2.0.55 include in the LD_LIBARY_PATH your 0.9.8b 
>libraries (libssl, libcrypto). For the 2.0.63 include your 0.9.8i libraries 
>path (/usr/local/openssl098i/lib).
>
>Best way is to create 2 scripts (start55, start63) that set up your 
>LD_LIBRARY_PATH correctly.
>
>BR,
>Nikos
>- Original Message - 
>From: "The Doctor" 
>To: 
>Cc: 
>Sent: Friday, April 03, 2009 1:01 AM
>Subject: Re: apache http server not connecting to correct open ssl --urgent 
>help needed
>
>
>> On Thu, Apr 02, 2009 at 05:20:30PM -0400, Srinivas Jonnalagadda wrote:
>>> Hi,
>>>
>>> I have openssl 0.9.8b installed with apache http server 2.0.55 on sloariz 
>>> machine. when i installed i used the /usr/local/ssl as prefix and i did 
>>> not use shared threads option. I was able to install successfully. On the 
>>> same machine i installed openssl 0.9.8i in /usr/local/openssl098i 
>>> directory and used the shared threads option. i installed apache http 
>>> 2.0.63 on the same machine and when i installed i gave prefix as 
>>> /usr/local/openssl098i. my intention was tht when i start apache http 
>>> 2.0.63 i should use /usr/local/openssl098i and when is start apache http 
>>> server 2.0.55 i should use  /usr/local/ssl. My problem now is when i 
>>> start both are connecting to openssl 0.9.8b. Please tell me how to 
>>> connect to both.
>>>
>>>
>>
>>
>> You need to make slight modifications to the Apache code!
>>
>> Instead of STACK you need to specify STACK_OF( ).
>>
>>> Thanks,
>>> Srinivas Jonnalagadda
>>> __
>>> OpenSSL Project http://www.openssl.org
>>> User Support Mailing Listopenssl-users@openssl.org
>>> Automated List Manager   majord...@openssl.org
>>
>> -- 
>> Member - Liberal International This is doc...@nl2k.ab.ca
>> Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
>> Never Satan President Republic!
>> Point to http://tv.cityonahillproductions.com/
>> __
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing Listopenssl-users@openssl.org
>> Automated List Manager   majord...@openssl.org 
>
>__
>OpenSSL Project http://www.openssl.org
>User Support Mailing Listopenssl-users@openssl.org
>Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: apache http server not connecting to correct open ssl --urgent help needed

[Nikos Balkanas]

Hi,

I imagine you are using a Solaris 10 machine. You also need to load 
different versions of the same library. You need to set the correct 
LD_LIBRARY_PATH. For 2.0.55 include in the LD_LIBARY_PATH your 0.9.8b 
libraries (libssl, libcrypto). For the 2.0.63 include your 0.9.8i libraries 
path (/usr/local/openssl098i/lib).


Best way is to create 2 scripts (start55, start63) that set up your 
LD_LIBRARY_PATH correctly.


BR,
Nikos
- Original Message - 
From: "The Doctor" 

To: 
Cc: 
Sent: Friday, April 03, 2009 1:01 AM
Subject: Re: apache http server not connecting to correct open ssl --urgent 
help needed




On Thu, Apr 02, 2009 at 05:20:30PM -0400, Srinivas Jonnalagadda wrote:

Hi,

I have openssl 0.9.8b installed with apache http server 2.0.55 on sloariz 
machine. when i installed i used the /usr/local/ssl as prefix and i did 
not use shared threads option. I was able to install successfully. On the 
same machine i installed openssl 0.9.8i in /usr/local/openssl098i 
directory and used the shared threads option. i installed apache http 
2.0.63 on the same machine and when i installed i gave prefix as 
/usr/local/openssl098i. my intention was tht when i start apache http 
2.0.63 i should use /usr/local/openssl098i and when is start apache http 
server 2.0.55 i should use  /usr/local/ssl. My problem now is when i 
start both are connecting to openssl 0.9.8b. Please tell me how to 
connect to both.






You need to make slight modifications to the Apache code!

Instead of STACK you need to specify STACK_OF( ).


Thanks,
Srinivas Jonnalagadda
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


--
Member - Liberal International This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Point to http://tv.cityonahillproductions.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: apache http server not connecting to correct open ssl -- urgent help needed

[The Doctor]

On Thu, Apr 02, 2009 at 05:20:30PM -0400, Srinivas Jonnalagadda wrote:
> Hi,
> 
> I have openssl 0.9.8b installed with apache http server 2.0.55 on sloariz 
> machine. when i installed i used the /usr/local/ssl as prefix and i did not 
> use shared threads option. I was able to install successfully. On the same 
> machine i installed openssl 0.9.8i in /usr/local/openssl098i directory and 
> used the shared threads option. i installed apache http 2.0.63 on the same 
> machine and when i installed i gave prefix as /usr/local/openssl098i. my 
> intention was tht when i start apache http 2.0.63 i should use 
> /usr/local/openssl098i and when is start apache http server 2.0.55 i should 
> use  /usr/local/ssl. My problem now is when i start both are connecting to 
> openssl 0.9.8b. Please tell me how to connect to both.
> 
>


You need to make slight modifications to the Apache code!

Instead of STACK you need to specify STACK_OF( ).
 
> Thanks,
> Srinivas Jonnalagadda
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Point to http://tv.cityonahillproductions.com/ 
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

apache http server not connecting to correct open ssl -- urgent help needed

[Srinivas Jonnalagadda]

Hi,

I have openssl 0.9.8b installed with apache http server 2.0.55 on sloariz 
machine. when i installed i used the /usr/local/ssl as prefix and i did not use 
shared threads option. I was able to install successfully. On the same machine 
i installed openssl 0.9.8i in /usr/local/openssl098i directory and used the 
shared threads option. i installed apache http 2.0.63 on the same machine and 
when i installed i gave prefix as /usr/local/openssl098i. my intention was tht 
when i start apache http 2.0.63 i should use /usr/local/openssl098i and when is 
start apache http server 2.0.55 i should use  /usr/local/ssl. My problem now is 
when i start both are connecting to openssl 0.9.8b. Please tell me how to 
connect to both.


Thanks,
Srinivas Jonnalagadda
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: how to uninstall openSSL Urgent help needed

[Sander Temme]

On Mar 29, 2009, at 7:10 PM, Srinivas Jonnalagadda wrote:


I am using Sun Solaris version 10. any help i shighly appreciated.



If you mess with the OpenSSL 0.9.7 installed under /usr/sfw, you will  
lose ssh access to your server, since the installed copy of OpenSSH  
links against that OpenSSL.


I have never had trouble building Apache against my own OpenSSL  
installation on that platform.  Squid was far mor retalcitrant: I had  
to move the /usr/sfw libraries out of the way (and be careful not to  
log out of my ssh shell) during the build, or edit the configure  
script to set SSLLIBS to "/path/to/my/openssl/lib/libcrypto.a /path/to/ 
my/openssl/lib/libssl.a" to link the SSL libraries in statically.


But you did not mention Squid in the other thread.  Apache should be  
fine.


S.

--
san...@temme.net  http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF



smime.p7s
Description: S/MIME cryptographic signature

getting warnings did my make pass for 0.9.8i -- urgent help needed

[Srinivas Jonnalagadda]

Hi,

I was installing openssl-0.9.8i in /usr/local/openssl098i which is my own 
defined directory. though the dir does not exist on my sun solaris machine. I 
used the following commands and when i gave make test command i get the 
warnings but later in the end i get test uptodate. did my configure and make 
test pass? can i proceed with make install?

sudo ./config --prefix=/usr/local --openssldir=/usr/local/openssl098i shared 
threads

sudo make
sudo make test

part of my make test log is as follows:

10 handshakes of 256 bytes done
Approximate total server time:   0.19 s
Approximate total client time:   0.41 s
Test IGE mode
../util/shlib_wrap.sh ./igetest
util/opensslwrap.sh version -a
WARNING: can't open config file: /usr/local/openssl098i/openssl.cnf
OpenSSL 0.9.8i 15 Sep 2008
built on: Sun Mar 29 23:13:24 EDT 2009
platform: solaris-sparcv9-gcc
options:  bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) 
blowfish(ptr) 
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN 
-DBN_DIV2W
OPENSSLDIR: "/usr/local/openssl098i"
`test' is up to date.
-bash-3.00$



Thanks,
Srinivas J


-Original Message-
>From: Sander Temme 
>Sent: Mar 27, 2009 11:43 PM
>To: openssl-users@openssl.org
>Subject: Re: How to install 2 instances of openssl on the same machine
>
>
>On Mar 26, 2009, at 6:04 AM, Srinivas Jonnalagadda wrote:
>
>> I need to have 2 separate installations of apache2 http server  
>> refereing to 2 different versions of openssl. One is using 0.9.8b  
>> and the other uses 0.9.8i. How do i install open ssl in such a  
>> scenario. Help is urgently needed.
>
>As other respondents have said, you must install the two copies of  
>OpenSSL in separate locations.  In addition, it appears that  
>hardcoding the path to a linked library in Apache modules does not  
>work very well on Linux.  So, you must point each copy of Apache to  
>the proper copy of OpenSSL by setting the LD_LIBRARY_PATH environment  
>variable.  On Solaris, this is not necessary since the linker does the  
>right thing.
>
>If you choose to install OpenSSL in the same prefix as Apache itself  
>and start Apache using the apachectl script, you don't have to set the  
>environment variable since the script sets it to the lib directory  
>under your Apache installation, and that is also where your OpenSSL  
>libraries will be.
>
>You don't tell us which operating system you are using, but the  
>'apache2' moniker is used by Debian and its derivatives like Ubuntu.   
>If you are on Red Hat 5, you can't run a custom copy of OpenSSL since  
>Red Hat links OpenSSL into the C library, which is loaded by the httpd  
>binary before it loads its modules, and while mod_ssl may be linked  
>against your copy, you will find that the system copy always wins.
>
>S.
>
>-- 
>san...@temme.net  http://www.temme.net/sander/
>PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: how to uninstall openSSL Urgent help needed

[Srinivas Jonnalagadda]

Hi,

I am using Sun Solaris version 10. any help i shighly appreciated.

Regards,
Srinivas J

-Original Message-
>From: The Doctor 
>Sent: Mar 26, 2009 5:12 PM
>To: openssl-users@openssl.org
>Cc: "openssl-...@openssl.org" 
>Subject: Re: how to uninstall openSSL Urgent help needed
>
>On Thu, Mar 26, 2009 at 04:42:41PM -0500, Srinivas Jonnalagadda wrote:
>> Hi,
>> 
>> I would like to know how to uninstall openssl from my unix machine.
>>
>
>What machine/box are you running?  Linux? BSD? AIX? Sun?
> 
>> 
>> Thanks,
>> Srinivas Jonnalagadda 
>> __
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing Listopenssl-users@openssl.org
>> Automated List Manager   majord...@openssl.org
>> 
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> 
>
>-- 
>Member - Liberal International This is doc...@nl2k.ab.ca
>Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
>Never Satan President Republic!
>Point to http://tv.cityonahillproductions.com/ 
>
>-- 
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>__
>OpenSSL Project http://www.openssl.org
>User Support Mailing Listopenssl-users@openssl.org
>Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: how to uninstall openSSL Urgent help needed

[The Doctor]

On Thu, Mar 26, 2009 at 04:42:41PM -0500, Srinivas Jonnalagadda wrote:
> Hi,
> 
> I would like to know how to uninstall openssl from my unix machine.
>

What machine/box are you running?  Linux? BSD? AIX? Sun?
 
> 
> Thanks,
> Srinivas Jonnalagadda 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Point to http://tv.cityonahillproductions.com/ 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: how to uninstall openSSL Urgent help needed

[Kyle Hamilton]

This is a -users question, not a -dev question.

If openssl was installed from a package provided by or in the format
of your OS vendor, uninstall it using the vendor's packaging tools.

I've attached a list of files that are installed on my MacOSX machine
by 'make install'.  (the './' at the beginning of each line refers to
the $prefix that was used to configure it.)  Note that OSX's dynamic
libraries have a '.dylib' suffix, rather than a '.so' suffix on other
machines.  You may or may not have dynamic libraries, but it's
something you should look into.

Anyway, to uninstall it, just get rid of the files named herein.

However, if you have linked anything against any dynamic version of
the library, and remove it, those things will no longer work.  (They
will fail with 'unresolved reference' or 'dynamic library not found'
error.)

-Kyle H

On Thu, Mar 26, 2009 at 2:42 PM, Srinivas Jonnalagadda
 wrote:
> Hi,
>
> I would like to know how to uninstall openssl from my unix machine.
>
>
> Thanks,
> Srinivas Jonnalagadda
> __
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-us...@openssl.org
> Automated List Manager                           majord...@openssl.org
>
./bin
./bin/c_rehash
./bin/openssl
./include
./include/openssl
./include/openssl/aes.h
./include/openssl/asn1.h
./include/openssl/asn1_mac.h
./include/openssl/asn1t.h
./include/openssl/bio.h
./include/openssl/blowfish.h
./include/openssl/bn.h
./include/openssl/buffer.h
./include/openssl/cast.h
./include/openssl/comp.h
./include/openssl/conf.h
./include/openssl/conf_api.h
./include/openssl/crypto.h
./include/openssl/des.h
./include/openssl/des_old.h
./include/openssl/dh.h
./include/openssl/dsa.h
./include/openssl/dso.h
./include/openssl/dtls1.h
./include/openssl/e_os2.h
./include/openssl/ebcdic.h
./include/openssl/ec.h
./include/openssl/ecdh.h
./include/openssl/ecdsa.h
./include/openssl/engine.h
./include/openssl/err.h
./include/openssl/evp.h
./include/openssl/hmac.h
./include/openssl/idea.h
./include/openssl/krb5_asn.h
./include/openssl/kssl.h
./include/openssl/lhash.h
./include/openssl/md2.h
./include/openssl/md4.h
./include/openssl/md5.h
./include/openssl/obj_mac.h
./include/openssl/objects.h
./include/openssl/ocsp.h
./include/openssl/opensslconf.h
./include/openssl/opensslv.h
./include/openssl/ossl_typ.h
./include/openssl/pem.h
./include/openssl/pem2.h
./include/openssl/pkcs12.h
./include/openssl/pkcs7.h
./include/openssl/pq_compat.h
./include/openssl/pqueue.h
./include/openssl/rand.h
./include/openssl/rc2.h
./include/openssl/rc4.h
./include/openssl/ripemd.h
./include/openssl/rsa.h
./include/openssl/safestack.h
./include/openssl/sha.h
./include/openssl/ssl.h
./include/openssl/ssl2.h
./include/openssl/ssl23.h
./include/openssl/ssl3.h
./include/openssl/stack.h
./include/openssl/store.h
./include/openssl/symhacks.h
./include/openssl/tls1.h
./include/openssl/tmdiff.h
./include/openssl/txt_db.h
./include/openssl/ui.h
./include/openssl/ui_compat.h
./include/openssl/x509.h
./include/openssl/x509_vfy.h
./include/openssl/x509v3.h
./lib
./lib/engines
./lib/engines/lib4758cca.so
./lib/engines/libaep.so
./lib/engines/libatalla.so
./lib/engines/libcapi.so
./lib/engines/libchil.so
./lib/engines/libcswift.so
./lib/engines/libgmp.so
./lib/engines/libnuron.so
./lib/engines/libsureware.so
./lib/engines/libubsec.so
./lib/libcrypto.0.9.8.dylib
./lib/libcrypto.a
./lib/libcrypto.dylib
./lib/libssl.0.9.8.dylib
./lib/libssl.a
./lib/libssl.dylib
./lib/pkgconfig
./lib/pkgconfig/libcrypto.pc
./lib/pkgconfig/libssl.pc
./lib/pkgconfig/openssl.pc
./ssl
./ssl/certs
./ssl/man
./ssl/man/man1
./ssl/man/man1/asn1parse.1
./ssl/man/man1/ca.1
./ssl/man/man1/CA.pl.1
./ssl/man/man1/ciphers.1
./ssl/man/man1/crl.1
./ssl/man/man1/crl2pkcs7.1
./ssl/man/man1/dgst.1
./ssl/man/man1/dhparam.1
./ssl/man/man1/dsa.1
./ssl/man/man1/dsaparam.1
./ssl/man/man1/ec.1
./ssl/man/man1/ecparam.1
./ssl/man/man1/enc.1
./ssl/man/man1/errstr.1
./ssl/man/man1/gendsa.1
./ssl/man/man1/genrsa.1
./ssl/man/man1/md2.1
./ssl/man/man1/md4.1
./ssl/man/man1/md5.1
./ssl/man/man1/mdc2.1
./ssl/man/man1/nseq.1
./ssl/man/man1/ocsp.1
./ssl/man/man1/openssl.1
./ssl/man/man1/passwd.1
./ssl/man/man1/pkcs12.1
./ssl/man/man1/pkcs7.1
./ssl/man/man1/pkcs8.1
./ssl/man/man1/rand.1
./ssl/man/man1/req.1
./ssl/man/man1/ripemd160.1
./ssl/man/man1/rsa.1
./ssl/man/man1/rsautl.1
./ssl/man/man1/s_client.1
./ssl/man/man1/s_server.1
./ssl/man/man1/s_time.1
./ssl/man/man1/sess_id.1
./ssl/man/man1/sha.1
./ssl/man/man1/sha1.1
./ssl/man/man1/smime.1
./ssl/man/man1/speed.1
./ssl/man/man1/spkac.1
./ssl/man/man1/verify.1
./ssl/man/man1/version.1
./ssl/man/man1/x509.1
./ssl/man/man3
./ssl/man/man3/ASN1_generate_nconf.3
./ssl/man/man3/ASN1_generate_v3.3
./ssl/man/man3/ASN1_OBJECT_free.3
./ssl/man/man3/ASN1_OBJECT_new.3
./ssl/man/man3/ASN1_STRING_cmp.3
./ssl/man/man3/ASN1_STRING_data.3
./ssl/man/man3/ASN1_STRING_

how to uninstall openSSL Urgent help needed

[Srinivas Jonnalagadda]

Hi,

I would like to know how to uninstall openssl from my unix machine.


Thanks,
Srinivas Jonnalagadda 
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Urgent Help in regarding openssl library

[lavanya.golla]

Hi All,
 
in SSL_shutdon finction there is a check on (handshake_func = 0). What is the 
purpose of this function (handshake_func) and when is it reset to NULL.
 
Thanks & Regards,
Lavanya Golla.



From: Lavanya Golla (WT01 - TES-Enterprise Networks)
Sent: Thu 6/14/2007 1:51 PM
To: openssl-users@openssl.org; openssl-users@openssl.org
Subject: RE: Urgent Help in regarding openssl library


Hi,
 
Thank you for the repsonse.
 
But what can be the reason for bad key. Can it be that client encrypted with a 
different session key and the server is decrypting with another session's key.
 
Mostly we are seeing this fault when fresh negotiation happens.
 
Thanks & Regards,
Lavanya Golla.



From: [EMAIL PROTECTED] on behalf of Marek Marcola
Sent: Thu 6/14/2007 1:34 PM
To: openssl-users@openssl.org
Subject: RE: Urgent Help in regarding openssl library



Hello,
> In continuation with the error we have motioned before we have the
> below query:-
> 
> If an SSL record has no padding bytes then how does openSSL handle it?
If we are talking about block cipher used to establish SSL connection
like DES or AES then padding is always used.
When any side (client or server) wants to send some data to peer
then first write MAC is calculated and appended to data, next padding
is added to ensure that total length of data+mac+pad is multiple
of cipher block size.
After that, data+mac+pad is encrypted, SSL record header is added
and all this is sent to peer.
Peer should check that record data is multiple of cipher block size,
decrypt record data, get last byte of decrypted data and treat this
byte as a pad (which tells how many bytes to ignore from end of
decrypted data).

> Does openSSL consider it as bad padding?
If record data is multiple of cipher block size then after decryption
last byte of data is always treated as pad.
If this byte is bigger then record data then we have bad padding.
If this byte is bigger then cipher block size for SSL3 then we have bad
padding.
For TLS1 this byte (padding) may be up to 255.

One more information: if your data+mac is already multiple of
cipher block size then padding process adds next block
with all bytes equal to block size. For example if you use DES
(block size 8) and after adding mac you get 24 bytes of data
then after padding you will have 32 bytes of data:

 |data+mac|0x08|0x08|0x08|0x08|0x08|0x08|0x08|0x08|

But bad padding you may get for example when decryption is performed
with bad key/iv.

> In case openSSL handles this kindly mention us in which files of the
> code we can find it?
You may look at ssl/s3_pkt.c, ssl/s3_enc.c

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org 
<http://www.openssl.org/> 
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]





The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.
 
www.wipro.com

RE: Urgent Help in regarding openssl library

[Marek Marcola]

Hello,
> 
> But what can be the reason for bad key. Can it be that
> client encrypted with a different session key and the server is
> decrypting with another session's key.
This may happen for example when memory regions witch holds
this keys are damaged ... 
 
> Mostly we are seeing this fault when fresh negotiation happens.
This may happen when there are some implementation dependent
incompatibilities. For example in TLS1 padding may be up to 255
bytes, in SSL3 padding should be up to cipher block size.
OpenSSL in SSL3 and TLS1 mode sends padding which is not bigger
then cipher block size but GnuTLS almost always sends in TLS1
padding which is much bigger then cipher block size.
If SSL implementation is not prepared to service such padding
then you may get padding error message.
But here may me much more situations when you can get this error too.
I suggest to add 
SSL_CTX_set_options(ctx,SSL_OP_ALL)
to your client to workaround most of them.

Next you may try to connect to server with:
openssl s_client -connect host:port -msg -debug -state
and check what will happen.

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Urgent Help in regarding openssl library

[lavanya.golla]

Hi,
 
Thank you for the repsonse.
 
But what can be the reason for bad key. Can it be that client encrypted with a 
different session key and the server is decrypting with another session's key.
 
Mostly we are seeing this fault when fresh negotiation happens.
 
Thanks & Regards,
Lavanya Golla.



From: [EMAIL PROTECTED] on behalf of Marek Marcola
Sent: Thu 6/14/2007 1:34 PM
To: openssl-users@openssl.org
Subject: RE: Urgent Help in regarding openssl library



Hello,
> In continuation with the error we have motioned before we have the
> below query:-
> 
> If an SSL record has no padding bytes then how does openSSL handle it?
If we are talking about block cipher used to establish SSL connection
like DES or AES then padding is always used.
When any side (client or server) wants to send some data to peer
then first write MAC is calculated and appended to data, next padding
is added to ensure that total length of data+mac+pad is multiple
of cipher block size.
After that, data+mac+pad is encrypted, SSL record header is added
and all this is sent to peer.
Peer should check that record data is multiple of cipher block size,
decrypt record data, get last byte of decrypted data and treat this
byte as a pad (which tells how many bytes to ignore from end of
decrypted data).

> Does openSSL consider it as bad padding?
If record data is multiple of cipher block size then after decryption
last byte of data is always treated as pad.
If this byte is bigger then record data then we have bad padding.
If this byte is bigger then cipher block size for SSL3 then we have bad
padding.
For TLS1 this byte (padding) may be up to 255.

One more information: if your data+mac is already multiple of
cipher block size then padding process adds next block
with all bytes equal to block size. For example if you use DES
(block size 8) and after adding mac you get 24 bytes of data
then after padding you will have 32 bytes of data:

 |data+mac|0x08|0x08|0x08|0x08|0x08|0x08|0x08|0x08|

But bad padding you may get for example when decryption is performed
with bad key/iv.

> In case openSSL handles this kindly mention us in which files of the
> code we can find it?
You may look at ssl/s3_pkt.c, ssl/s3_enc.c

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org 
<http://www.openssl.org/> 
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]





The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.
 
www.wipro.com

RE: Urgent Help in regarding openssl library

[Marek Marcola]

Hello,
> In continuation with the error we have motioned before we have the
> below query:-
>  
> If an SSL record has no padding bytes then how does openSSL handle it?
If we are talking about block cipher used to establish SSL connection
like DES or AES then padding is always used.
When any side (client or server) wants to send some data to peer
then first write MAC is calculated and appended to data, next padding
is added to ensure that total length of data+mac+pad is multiple
of cipher block size.
After that, data+mac+pad is encrypted, SSL record header is added
and all this is sent to peer.
Peer should check that record data is multiple of cipher block size,
decrypt record data, get last byte of decrypted data and treat this
byte as a pad (which tells how many bytes to ignore from end of 
decrypted data).
 
> Does openSSL consider it as bad padding?
If record data is multiple of cipher block size then after decryption
last byte of data is always treated as pad.
If this byte is bigger then record data then we have bad padding.
If this byte is bigger then cipher block size for SSL3 then we have bad
padding.
For TLS1 this byte (padding) may be up to 255.

One more information: if your data+mac is already multiple of 
cipher block size then padding process adds next block 
with all bytes equal to block size. For example if you use DES
(block size 8) and after adding mac you get 24 bytes of data
then after padding you will have 32 bytes of data:

 |data+mac|0x08|0x08|0x08|0x08|0x08|0x08|0x08|0x08|

But bad padding you may get for example when decryption is performed
with bad key/iv.

> In case openSSL handles this kindly mention us in which files of the
> code we can find it?
You may look at ssl/s3_pkt.c, ssl/s3_enc.c

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Urgent Help in regarding openssl library

[lavanya.golla]

Hello All,
 
In continuation with the error we have motioned before we have the below query:-
 
If an SSL record has no padding bytes then how does openSSL handle it?
 
Does openSSL consider it as bad padding?
 
In case openSSL handles this kindly mention us in which files of the code we 
can find it?
 
Thanks & Regards,
Lavanya Golla.
 


From: [EMAIL PROTECTED] on behalf of Marek Marcola
Sent: Tue 5/29/2007 6:39 PM
To: openssl-users@openssl.org
Subject: Re: Urgent Help in regarding openssl library



Hello,
> We are mailing regrding an error we are getting while implementing
> openssl libraries for our application.
> 
> The error we get is as below:-
> SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac.
> 
> We are using open ssl 0.9.7g. Kinldy can you give us some help or at
> least suggest to us which version of open ssl resolves this problem.
When this happens:
 - connection negotiation (more information required like ssldump info)
 - random in data transfer (SSL_CTX_set_options() with SSL_OP_ALL may
help).

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org 
<http://www.openssl.org/> 
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]





The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.
 
www.wipro.com

Re: Urgent Help in regarding openssl library

[jimmy]

[EMAIL PROTECTED] wrote:

Hi All,
 
1) We are using UNIX SLES 10.
 
2) When there are large number of TLS negotiations being done in as very 
short span of time this error comes.
 


are you doing this in a multi-threaded app? in that case have you 
initialized the locking callbacks?


P.S.

such queries must be sent to openssl-users list not the 'dev' list (if 
you want a reply :).


-jb
--
The biggest problem with communication is the illusion that it has occurred.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Urgent Help in regarding openssl library

[Marek Marcola]

Hello,
> We are mailing regrding an error we are getting while implementing
> openssl libraries for our application.
>  
> The error we get is as below:-
> SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac.
>  
> We are using open ssl 0.9.7g. Kinldy can you give us some help or at
> least suggest to us which version of open ssl resolves this problem.
When this happens:
 - connection negotiation (more information required like ssldump info)
 - random in data transfer (SSL_CTX_set_options() with SSL_OP_ALL may
help).

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Urgent Help in regarding openssl library

[lavanya.golla]

Hi Team,
 
We are mailing regrding an error we are getting while implementing openssl 
libraries for our application.
 
The error we get is as below:-
SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac.
 
We are using open ssl 0.9.7g. Kinldy can you give us some help or at least 
suggest to us which version of open ssl resolves this problem.
 
Thanks & Regards,
Lavanya Golla.
 



The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.
 
www.wipro.com

urgent help needed, generating fingerprint of public key

[Tom Horstmann]

Dear list-members,

we are in need to generate sha1-fingerprints for public keys
contained in PKCS#10-certificate requests. Any tries we made
did not lead to the correct fingerprints, as the description
we got of what values to use for sha1 is vague.
Since getting the right command-sequence to get correct
fingerprints is very important and urgent for us, we like to
ask for paid assistance.

We know the correct fingerprint for the public key in the request
below would begin with "31b5".

-BEGIN CERTIFICATE REQUEST-
MIIC+zCCAeMCAQAwgbUxCzAJBgNVBAYTAkRFMUkwRwYDVQQKE0BES1RJRyBUcnVz
dENlbnRlciBmdWVyIEtyYW5rZW5oYWV1c2VyIHVuZCBMZWlzdHVuZ3NlcmJyaW5n
ZXIgUEtDMS0wKwYDVQQLEyRwcm9Tb2Z0IEVEVi1Mb2VzdW5nZW4gR21iSCB1bmQg
Q28gS0cxFDASBgNVBAsTC0lLMTIzNDU2Nzg5MRYwFAYDVQQDEw1UYW5qYSBXZWdt
YW5uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohmHF/G4P4sp+if+
iVDG5l/owRprhohSH5h8UjSbi514DVByOVKz39JGSnPdRF1pMMSqH5nDg6/EqqXw
9Rs2AvsZCZgQhy2mI5V1lhMjhrLIvBHEAxzRq+oOL2tYMqZbMKTt4ObWZH5VNK3j
Ee6rgNU6kuKQJVvUISMfP0OQPDnDSq3UmXdJsJo6bEp7UqK0ZKciznTeDuG6MPnn
E8sLqe3WufbvOoIphfLuCFhM1n0cppSO/aTi0z3RNFyPosPugrZj3PiNcoHRe+nA
ynPMoxvDt8AVIVXvU7GlrQJ9WplH0I/mdsK6OW0j8iQwiwXaqBW7j1JWlPCbrQlv
ZU1sawIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBADLzuPI26Y68iBSIL5OVHhEF
W8yspny+RKDR60IeKXgpZ2JneUmlfTnoWD2AHMKFpxxmqSA4ou89oi/zbzizX4xG
uUBerJbbajjcsSu7LWdiqv+2yNKZb0dIMSfTLrXqNw+xYpVvtEqJIm6HW118lHv+
Jk/LOrmq5/BM0258uUlZJElbq4py8SBUKLkrmOXWmFoIw/BMr+HYkAlN4zLp6DUe
nC81If3YOjKFAj8+fhOGZ8rguw4MTFPZI/teIqiCLDER9to/JpTs2SFzWXenvHaR
LBjAC9M5q2rqCrWwyq7tl++urKuve485IpzANSAQw+0N90/+ErbhZwVs/SXo/uk=
-END CERTIFICATE REQUEST-

A certificate builded upon the request and the following private
key (passphrase: proSoft)...

-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,78F84AF609C4C81A

d20+29dQYExNm+e2/X+7dZBtflmC/j6vAxy8v+/uyWU6YC68X8rIbiX1WfaOmDGE
ceW9Dhx7qeYLFxL8P0DQGr4yH9XPNXNPpTFX+VEtZcig6qtbHQWdTwEjuURB/0AE
A8GQ536BGlV0K371vtA4HhhjZOVzoEET8TGmBn0q2N/10Gr9ItxSNY3xPGqwKvEQ
EFGntkh6/Eklcezaoh6420IjkNgTkKJI1OTPEZr57uYZDy2R5VBo25kRgzcweQig
6ENRx4nF8rVJ8loO39ee71Kw3obGc50s+Cn5KPxqeppOYGr4eFD1LOvlMDL/euDc
MAYtWKrdARtJws9EAmT4mQrs3mdr+E/nCdp4a9lEIC40R9l4vQKjQy7SPzsbgyOs
Gxp4u5pvJRe+/t0Yzt+7Zx8nPO1v7YWmMFC523zZ4FDvZ6nCGfnB1ci6R5AeHxTL
ovt/NVRjduK+g7Cob8KTc1L3dcFiA0knBOFKlqNHI37Ew9dlx1ifciUKspLzCddT
kOAP9UBeMJWRdH8rTUKnoC11HmFzRmwkbGAi99YImKXZa2jdlTVs66ePrMySD10l
anS3S1YwU7a5OsJ9sAaI38JQ0vJhOZ1OOOZdka4lQ8p9mmQgIXnixzt45nUOVLze
EWaggPTolQ8i5B7Q09QkVXFMkVdILlPtts+Zw+kR4YA7uoLok/fSWsNVIP2CVHoe
YcCxSLXef0kstJQZYCEt4M6qlUXZVXBpzwAxhYnYYtXDYOnRxRtm6Z7GEmg9cZQG
mqk5aBKiCNCYCeT0q8/rgj1z6PE2SxNcODMvqOA8FOk4du8NLDbp86AGMTy2yBlV
1uS38IUTJ6s8zxEHWMUj46W9GMWpewUNuZuP5iX4RzrFzX8BP30/wl8aAuCAsEQZ
Fc9tPkbcTRJvsNcGTQbPSAGN1rOhBZsJzmAiTcc5VrguLsG5QMyqa2rwJjYI1PIB
MRwGLVukFcTXuRdmABJGv4NNmvI9upFQp0I2K2cwkV3WoTRdsD4GmhbTGDSNm2Bq
brH8uxQBgdrFvFtP+u9zLO+Aovk0K1EHh6SxMGZaXkaTNiOiNOt5Okjg8qulYZCD
GdZtdgtUOfqB4KLsqnBzwzR12QiVlGf2+ftGViioy97C0Mlf3eAko/PbGFqHHWmp
veZHhRldXfKO53SqHAkUvZFqP4lZRoTWPgrh383LzI6uU+sCv2pmfoprYc78EO7m
LMg9U3WrS/ALC27ThwqHTKAD95L9DGMqKP3tLKWQWWJfeA8myj4vKwO877IsUxi3
ktTV8mg2DH4QBurtQyifVs1DEMfiHm7cZSFrjw1V/dwvFOV20xPhHg3RD3oWr8SW
GGIwrqxS82lSUotvw/3KzinjU5+a3yiSbRs4BZtOgLnRBFB9PD+JsVb673ugxtyR
ncyUDeZG00ZSl4t6ASJmDmENLVG2x0qcD/cLwpRI8/ahyHBSjYp0Vk7MgVL5LcHL
ngrBeCGMtRTHOEE88xbjTNxGag6QuA6FrCaU2lS+FeLMADzlQkGbDxNXgQY6uQ3i
rvtGJVa4CmQ3af5fDk1SS1hAnEO8LUjJAHhXU822gy+AJR6WMwm8Dl2xyA47zz+q
-END RSA PRIVATE KEY-

...would be

-BEGIN CERTIFICATE-
MIID6DCCAtACCQCgH0lNARPS1DANBgkqhkiG9w0BAQQFADCBtTELMAkGA1UEBhMC
REUxSTBHBgNVBAoTQERLVElHIFRydXN0Q2VudGVyIGZ1ZXIgS3JhbmtlbmhhZXVz
ZXIgdW5kIExlaXN0dW5nc2VyYnJpbmdlciBQS0MxLTArBgNVBAsTJHByb1NvZnQg
RURWLUxvZXN1bmdlbiBHbWJIIHVuZCBDbyBLRzEUMBIGA1UECxMLSUsxMjM0NTY3
ODkxFjAUBgNVBAMTDVRhbmphIFdlZ21hbm4wHhcNMDUxMjIyMTQwNTQzWhcNMDYw
MTIxMTQwNTQzWjCBtTELMAkGA1UEBhMCREUxSTBHBgNVBAoTQERLVElHIFRydXN0
Q2VudGVyIGZ1ZXIgS3JhbmtlbmhhZXVzZXIgdW5kIExlaXN0dW5nc2VyYnJpbmdl
ciBQS0MxLTArBgNVBAsTJHByb1NvZnQgRURWLUxvZXN1bmdlbiBHbWJIIHVuZCBD
byBLRzEUMBIGA1UECxMLSUsxMjM0NTY3ODkxFjAUBgNVBAMTDVRhbmphIFdlZ21h
bm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiGYcX8bg/iyn6J/6J
UMbmX+jBGmuGiFIfmHxSNJuLnXgNUHI5UrPf0kZKc91EXWkwxKofmcODr8SqpfD1
GzYC+xkJmBCHLaYjlXWWEyOGssi8EcQDHNGr6g4va1gyplswpO3g5tZkflU0reMR
7quA1TqS4pAlW9QhIx8/Q5A8OcNKrdSZd0mwmjpsSntSorRkpyLOdN4O4bow+ecT
ywup7da59u86gimF8u4IWEzWfRymlI79pOLTPdE0XI+iw+6CtmPc+I1ygdF76cDK
c8yjG8O3wBUhVe9TsaWtAn1amUfQj+Z2wro5bSPyJDCLBdqoFbuPUlaU8JutCW9l
TWxrAgMBAAEwDQYJKoZIhvcNAQEEBQADggEBAGew/UtWiyOXMRNgZzohjGbcTUXC
MJzgyNohI33Mjhmi2Mu1e6kcd1SaFfgb6mhEeDWcnqgPYWEHxdkilvmAw7SScv9u
2y+bYybGUel4xanjNmTnjcSsbjjcKyq93OtNEonCDKVuMq/MsBdFtgjkB3bGxlRJ
56rBmcCLNVqnhDg/XcduM1ZVU0Ag+7jLqtnRtXJ/hnrfzJQiXw/DllGtvor9DK31
hszMoICeTK+hx4wwtiMEflvOG5BNjfYdVWR/Ctr3K4IOIYQV01DkJNDmHT57xvoH
lgsZrbf2ox08vJQMk/tuBUsuRIyzxcKdUUAI0fombnH9LPJLUtC1kka5IMk=
-END CERTIFICATE-

The public key is

-BEGIN PUBLIC KEY-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohmHF/G4P4sp+if+iVDG
5l/owRprh

BIO_write & BIO_should_retry issue - URGENT - HELP

[VGuttikar]

Hi ALL,

Please read the mail below. Need help ASAP.

thanks,
Vignesh

   

[EMAIL PROTECTED]  

x.comTo: [EMAIL PROTECTED] 

Sent by: cc: [EMAIL PROTECTED] 

owner-openssl-users@oSubject: BIO_write & 
BIO_should_retry issue   
penssl.org 

   

   

10/01/02 10:25 AM  

Please respond to  

openssl-users  

   

   





Hi All,

I have a problem with the use of BIO_write and BIO_should_retry.

I have a SSL_Session which is in a "SSL_NONBLOCKING_IO" mode.

To this, making a call to the write function.
For some strange reason, the write is returning <=0 condition. To determine
the cause of the problem,
I tried using the BIO_should_retry() function immediately after getting the
error condition.

This also seems to return a false condition and hence I am throwing an
exception.

I was going through the documentation about write and should_retry. found a
few thing there.
what I would like to know are -
[1] If the IO is NON-Blocking mode, then calling should_retry might not be
the right thing. What else could be done?
[2] Why would BIO_write fail?


thanks,
Vignesh


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Urgent help needed for installing openssl-0.9.6b on RHL 7.1

[Nilesh Barot]

Hello Gurus ,

I'm facing one typical problem while configuring openssl-0.9.6b on RedHat linux 7.1 , 
kernel 2.4.2-2.

I have successfully configured and installed openssl-0.9.6b, mod_ssl-2.8.7-1.1.3.23 
and  Apache_1.3.23  on Redhat linux 7.2 , kernel 2.4.7-10. It is also working  
properly. This installation i did with local access of servef.

Now i need to configure and install all these things remotely on one linux  box with 
telnet access.  This linux box is RHL 7.1 and 2.4.2-2.

Now while doing ./config or ./Configure linux-elf on it it is giving problem. 

First of all for major of files it is saying that [File Exists] ..

[root@abcd openssl-0.9.6b]# ./config
Operating system: i686-whatever-linux2
Configuring for linux-elf
Configuring for linux-elf
IsWindows=0
CC=gcc
CFLAG =-fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN 
-DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
EX_LIBS   =-ldl
BN_ASM=asm/bn86-elf.o asm/co86-elf.o
DES_ENC   =asm/dx86-elf.o asm/yx86-elf.o
BF_ENC=asm/bx86-elf.o
CAST_ENC  =asm/cx86-elf.o
RC4_ENC   =asm/rx86-elf.o
RC5_ENC   =asm/r586-elf.o
MD5_OBJ_ASM   =asm/mx86-elf.o
SHA1_OBJ_ASM  =asm/sx86-elf.o
RMD160_OBJ_ASM=asm/rm86-elf.o
PROCESSOR =
RANLIB=/usr/bin/ranlib
PERL  =/usr/bin/perl
THIRTY_TWO_BIT mode
DES_PTR used
DES_RISC1 used
DES_UNROLL used
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined
Makefile => Makefile.ssl
e_os.h => include/openssl/e_os.h [File exists]
e_os2.h => include/openssl/e_os2.h [File exists]
making links in crypto...
make[1]: Entering directory `/usr/local/openssl-0.9.6b/crypto'
Makefile => Makefile.ssl
crypto.h => ../include/openssl/crypto.h [File exists]
tmdiff.h => ../include/openssl/tmdiff.h [File exists]
opensslv.h => ../include/openssl/opensslv.h [File exists]
opensslconf.h => ../include/openssl/opensslconf.h [File exists]
ebcdic.h => ../include/openssl/ebcdic.h [File exists]
symhacks.h => ../include/openssl/symhacks.h [File exists]
Makefile => Makefile.ssl
making links in crypto/md2...
make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/md2'
Makefile => Makefile.ssl
md2.h => ../../include/openssl/md2.h [File exists]
md2test.c => ../../test/md2test.c [File exists]
make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/md2'
making links in crypto/md4...
make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/md4'
Makefile => Makefile.ssl
md4.h => ../../include/openssl/md4.h [File exists]
md4test.c => ../../test/md4test.c [File exists]
md4.c => ../../apps/md4.c [File exists]
make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/md4'
making links in crypto/md5...
make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/md5'
Makefile => Makefile.ssl
md5.h => ../../include/openssl/md5.h [File exists]
md5test.c => ../../test/md5test.c [File exists]
make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/md5'
making links in crypto/sha...
make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/sha'
Makefile => Makefile.ssl
sha.h => ../../include/openssl/sha.h [File exists]
shatest.c => ../../test/shatest.c [File exists]
sha1test.c => ../../test/sha1test.c [File exists]
make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/sha'
making links in crypto/mdc2...
make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/mdc2'
Makefile => Makefile.ssl
mdc2.h => ../../include/openssl/mdc2.h [File exists]
mdc2test.c => ../../test/mdc2test.c [File exists]
make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/mdc2'
making links in crypto/hmac...
make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/hmac'
Makefile => Makefile.ssl
hmac.h => ../../include/openssl/hmac.h [File exists]
hmactest.c => ../../test/hmactest.c [File exists]
make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/hmac'
making links in crypto/ripemd...
make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/ripemd'
Makefile => Makefile.ssl
ripemd.h => ../../include/openssl/ripemd.h [File exists]
rmdtest.c => ../../test/rmdtest.c [File exists]
make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/ripemd'
making links in crypto/des...
make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/des'
Makefile => Makefile.ssl
asm/perlasm => ../../perlasm
des.h => ../../include/openssl/des.h [File exists]
destest.c => ../../test/destest.c [File exists]
make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/des'
making links in crypto/rc2...
make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/rc2'
Makefile => Makefile.ssl
rc2.h => ../../include/openssl/rc2.h [File exists]
rc2test.c => ../../test/rc2test.c [File exists]
make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/rc2'
making links in crypto/rc4...
make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/rc4'
Makefile => Makefile.ssl
rc4.h => ../../include/openssl/rc4.h [File exists]
rc4test.c => ../../t

URGENT HELP! Problem with configuration

[Antonio Sindona]

Hi,
I've used in the past SSLeay with apache 1.2.xx
Now I'm trying to configure OpenSSL (last version) with apache 1.3.12. I
made tests and everything seems ok but when I try to check the
installation I get:

./openssl s_client -connect www.myhost.com:443
CONNECTED(0003)
24564:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:458:

I use thawteCp.pem and thawteCb.pem as in the past (and everything
worked very well). I use also the default openssl.cnf, but also changing
directories I obtain the same result.

Somebody has a working copy of openssl.cnf which uses this certificates,
because I think to have done it incorrectly.

Thanks a lot for speed!

Antonio Sindona
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [Re: ssh login, urgent help needed]

[Bob Beck]

>SSH has never had a GPL version, ssh-1.2.16 and previous were under
>a free license but later versions were under successively more 
>restrictive licenses.

 Acutally, no, 1.2.12 was free. after that it was
non-commercial/educational only, and as of version 2 it's something to
the effect of only left handed virgins who are teaching their children
and only while they are teaching them or something like that ;)

>Use OpenSSH :)

 Which is free.

 -Bob

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [Re: ssh login, urgent help needed]

[Eric J. Schwertfeger]

On Thu, 20 Apr 2000, Leland V. Lammert wrote:

> At 04:58 PM 4/19/00 , you wrote:
> >On Wed, 19 Apr 2000, Leland V. Lammert wrote:
> >
> >SSH has never had a GPL version, ssh-1.2.16 and previous were under
> >a free license but later versions were under successively more 
> >restrictive licenses.
> >
> >Use OpenSSH :)
> 
> *BUT* OpenSSH is still v1. How can OpenSSH talk to a v2 commercial product?

Plus, it is still restricted to non-commercial use in the US (unless you
have an RSA license).

On the other hand, if anyone wants to help me test a port of LSH (0.9.5)
which is a GPL SECSH implementation interoperable with SSH 2.0 (except for
file transfers) I'm working on just such a beast (the port, I'm not doing
much work with lsh, except for finding bugs).  It's not quite everything
that SSH is yet, as the keys aren't passphrase-protected yet, and it
doesn't have a file-transfer function, but it's improving rapidly.

http://gz.geekazoid.com/lsh/

I had originally hoped to have the port ready for 4.0, but the 4.0 release
coincided with some major steps towards stability for LSH.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [Re: ssh login, urgent help needed]

[Leland V. Lammert]

At 04:58 PM 4/19/00 , you wrote:
>On Wed, 19 Apr 2000, Leland V. Lammert wrote:
>
>SSH has never had a GPL version, ssh-1.2.16 and previous were under
>a free license but later versions were under successively more 
>restrictive licenses.
>
>Use OpenSSH :)

*BUT* OpenSSH is still v1. How can OpenSSH talk to a v2 commercial product?

 Lee

Leland V. Lammert[EMAIL PROTECTED]
   Chief Scientist Omnitec Corporation
   Network/Internet Consultants  www.omnitec.net

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

ssh login, urgent help needed

[daniel koranteng]

Hi Everyone,

I am new  to this so please bear with me.
I installed linux ssh-client SSH Version 1.2.27 and am trying to log onto
solaris servers that have ssh insstalled and sshd running. On the server the
commands 
# pkginfo -l | grep ssh  and # ps -ef | grep sshd  gave the following  output
respectively :

 PKGINST:  ssh 
  NAME:  ssh
   VERSION:  ssh 1.2.13



root   537 1  0   Apr 16 ?0:00 /opt/ssh/sbin/sshd -f
/opt/ssh/etc/ssh2/sshd2_config


Leading me to believe it has sshd running.

>From my workstation running Linux (Mandrake) I get the following  output when
I do 
# ssh -v 

SSH Version 1.2.27 [i686-unknown-linux], protocol version 1.5.
Standard version.  Does not use RSAREF.
h233-myworkstation.com: ssh_connect: getuid 501 geteuid 501 anon 1
h233-myworkstation.com: Connecting to ##.##.##.## port 22.
h233-myworkstation.com: Connection established.
h233-myworkstation.com: Remote protocol version 1.99, remote software version
2.0.13 (non-commercial)
h233-myworkstation.com: Waiting for server public key.
Connection closed by remote host.

Can someone please explain what is going on here and how to resolve it.
The man pages and faq's haven't helped.
Please recommend a ssh beginners book too.

Thanks in advance,
daniel.





Get your own FREE, personal Netscape WebMail account today at 
http://webmail.netscape.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Urgent help! -- failed in SSLv3 read client certificate.

[Max Pritikin]

So far so good.
Are you running OSP to do this? Which cisco engineer were you working with?

The "> > >6d01h: SSL: process certificate" is when IOS attempts to respond
with its client certificate. I don't know openssl but aren't you trying to
_not_ request the client cert?

- max

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dennis Xu
> Sent: Tuesday, March 14, 2000 9:13 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Urgent help! -- failed in SSLv3 read client certificate.
>
>
> IOS 12.0.7T is used in my Cisco router, which is introduced SSL to support
> OSP (interdomain VOIP settlement) communications between Cisco router and
> our application server.
> The engineer of Cisco told me, in this version, no client certificate sent
> at SSL connection setup phase. So I have to disable the client
> authentication, in order to not request client's certificate. So
> I failed on
> my server side.
>
> I tried my SSL server without  "verify". For openssl s_client, it works
> well, client really didnot send its certificate out. But for router as a
> client, it failed. The error message at both side are the same, as if it
> doesn't work.
>
> Could someone have any idea & advices?
>
> Thanks in advace,
>
> Dennis
>
> #show run
> crypto ca certificate chain netruencc.com
>  certificate 2091EC132A491950C6BD873377D5E2F5
>   308202DA 30820243 A0030201 02021020 91EC132A 491950C6 BD873377 D5E2F530
>   0D06092A 864886F7 0D010104 05003056 3111300F 06035504 07130849 6E746572
>   6E657431 17301506 0355040A 130E5665 72695369 676E2C20 496E632E 31283026
>   06035504 0B131F56 65726953 69676E20 4F6E5369 74652053 75627363 72696265
>   72204465 6D6F301E 170D3030 30333034 30303030 30305A17 0D303030 35303332
>   33353935 395A3047 3145301B 06092A86 4886F70D 01090813 0E323037 2E39352E
>   3232372E 31353130 2606092A 864886F7 0D010902 16196369 73636F32 3630302D
>   312E6E65 74727565 6E63632E 636F6D30 5C300D06 092A8648 86F70D01 01010500
>   034B0030 48024100 B61C1955 F7CA1433 2EA90FF1 F3F71E86 00088B5B 28A88E6A
>   C4927661 EF16389E 3108DE87 84EE9E6C 9E07DE56 ECDE55D3 9542006C 8C4B0E59
>   75CED1C1 34DC1621 02030100 01A381FB 3081F830 0B060355 1D0F0404 030205A0
>   302A0603 551D1104 23302182 19636973 636F3236 30302D31 2E6E6574 7275656E
>   63632E63 6F6D8704 CF5FE397 30090603 551D1304 02300030 81B10603 551D1F04
>   81A93081 A63081A3 A081A0A0 819D8681 9A6C6461 703A2F2F 64697265 63746F72
>   792E7665 72697369 676E2E63 6F6D2F4F 55203D20 56657269 5369676E 204F6E53
>   69746520 53756273 63726962 65722044 656D6F2C 204F203D 20225665 72695369
>   676E2C20 496E632E 222C204C 203D2049 6E746572 6E65743F 63657274 69666963
>   61746572 65766F63 6174696F 6E6C6973 743B6269 6E617279 3F626173 653F6F62
>   6A656374 636C6173 733D2A30 0D06092A 864886F7 0D010104 05000381 8100CD12
>   DA18A0D8 DA9D820E 322799EE ECCB222A 53696958 09757F8E 2B5E4915 37AEF874
>   27A3D6F0 61271AC9 41C73970 C2E2DED4 689FE831 85EAF7F7 7E8986DE 64E5A4B5
>   133C755A FFF9544F CE00CA98 372C4135 C3563535 26A60912 BAF35ACC 5AFE124F
>   E9644EDC 2413CD24 E22E052E 28B80F1F 13EE765F EADD0736 9C158A62 16FA
>   quit
> certificate ca 208F05124449BF80A46412941971C51B
>   30820251 308201BA A0030201 02021020 8F051244 49BF80A4 64129419 71C51B30
>   0D06092A 864886F7 0D010105 05003056 3111300F 06035504 07130849 6E746572
>   6E657431 17301506 0355040A 130E5665 72695369 676E2C20 496E632E 31283026
>   06035504 0B131F56 65726953 69676E20 4F6E5369 74652053 75627363 72696265
>   72204465 6D6F301E 170D3939 30363238 30303030 30305A17 0D303930 36323732
>   33353935 395A3056 3111300F 06035504 07130849 6E746572 6E657431 17301506
>   0355040A 130E5665 72695369 676E2C20 496E632E 31283026 06035504 0B131F56
>   65726953 69676E20 4F6E5369 74652053 75627363 72696265 72204465 6D6F3081
>   9F300D06 092A8648 86F70D01 01010500 03818D00 30818902 818100DF 5CD670BE
>   7E095A27 DAC990E0 9680D7ED FDF644CC 17D80E04 C2DD6D03 196B242C 92A59116
>   5D6EF1D2 DD81D4A6 40F2524C 05EB613A A4EAB392 365B6EB8 12312884 C1F3E0DE
>   13C9B26C EC821CAA 5765E147 05713C43 F465C748 7FBC9D31 222312BC 6135D02A
>   6DD6789E A3A98A77 4A33D182 BCAE774A 6F214931 683393F0 0FB83F02 03010001
>   A320301E 300F0603 551D1304 08300601 01FF0201 00300B06 03551D0F 04040302
>   0106300D 06092A86 4886F70D 01010505 00038181 00BC6D55 FA3E44D7 921746E3
>   B6382D50 465146F0 F760EE23 EAFB0C64 C8D50C11 5F968CAC 879A966E 48E000EF
>   85F6A3FE AF81C1B7 CCBE61E3 770ADC13 00DBC7B1 C3CD6D48 570D1614 E985CC33
>   3B77A6B7 2610A92E 802A0865 7FFC7468 16F60C69 9BB168C4 C302FEDC C100A6E7
>   539F3AF9 C7AB9E66 A59F352B 4AF1C668 6BD6C6FB 0C
>   quit
>
> - Original Message -
> From: "Max Pritikin" <[EMAIL PROTECTED]>
&g

Re: Urgent help! -- failed in SSLv3 read client certificate.

[Bodo Moeller]

On Fri, Mar 10, 2000 at 11:21:51AM -0800, Dennis Xu wrote:

> I need to accept a client's SSL connection request without client certificate 
>recieved. I try the following command, I have not defined -verify parameter. but why 
>the probelm is still there.(same as -verify)
> -
> D:\OSPSSL>openssl s_server -accept 443 -CApath .\ -CAfile MyCaCert.pem -cert .\c
> erts\SerCert.pem -key .\certs\SerKEY.pem -state

> SSL3 alert read:fatal:close notify
> SSL_accept:failed in SSLv3 read client certificate A
> ERROR
> 371:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):.\ssl\s3_pkt.c:774:
> SSL alert number 0
> shutting down SSL

You don't tell us what client software you are testing with, and what
happens at the client side (e.g. whether an "unknown CA" alert box
pops up).  If you test with s_client, you'll most likely see that this
works.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: urgent help

[Burtland Jones]

Can anyone help me with a proxy I am writing ? I would love to run a ssl proxy which

gets a connection from an unencrypted connection then connect to a secure server

and pass the data to the server encrypted, and pass the result back to the client.

That I am able to do where I have problem is when I store the open SSL connection in

a link list and then reuse it on subsequent connections from a different client.

This is what happen, my proxy writes to the server then there is a getpid from

the ssl library which then closes the connection. can some one explain why this happen.

I hope I explained it well.



Burtland
 

Re: urgent help

[Dr Stephen Henson]

Sadir Al-khafaji wrote:
> 
> openssl x509 -req -in new.cert.csr -out client.cert.cert -signkey Ca.key
> -CA saal-rsa.crt -CAkey Ca.key -CAcreateserial -days 365
> Signature ok
> subject=/C=SE/ST=na/L=na/O=na/OU=na/CN=foo.com/Email=na
> Getting Private key
> Getting CA Private Key


First problem you are using conflicting arguments. -signkey turns a
request into a self signed certificate and -CA signs it as a CA. Don't
use the -signkey argument.


> and it was ok then i was going to export it to pkcs12 and this is what i
> have got
> 
>  openssl pkcs12 -export -in saal-rsa.crt -inkey privkey.pem -name "Test"
> -caname "Test CA" -certfile new.cert.cert -out mycert.p12
> Enter PEM pass phrase:
> No certificate matches private key

If you are using OpenSSL 0.9.4 this has been known to happen. Try 0.9.5.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: urgent help

[Sadir Al-khafaji]

Richard i am sure you are righ and i am sorry if i was vague with my
question
ok lets start
Linux 2.2.13 SuSE
apache 1.3.9
here is what i have done
first i have issued a CA
then i issued a new cert with  which a signed with the following command
openssl x509 -req -in new.cert.csr -out client.cert.cert -signkey Ca.key
-CA saal-rsa.crt -CAkey Ca.key -CAcreateserial -days 365
Signature ok
subject=/C=SE/ST=na/L=na/O=na/OU=na/CN=foo.com/Email=na
Getting Private key
Getting CA Private Key
and it was ok then i was going to export it to pkcs12 and this is what i
have got

 openssl pkcs12 -export -in saal-rsa.crt -inkey privkey.pem -name "Test"
-caname "Test CA" -certfile new.cert.cert -out mycert.p12
Enter PEM pass phrase:
No certificate matches private key
saal:/cert # openssl pkcs12 -export -in new.cert.c -inkey privkey.pem
-name "Test" -caname "Test CA" -certfile saal-rsa.crt -out mycert.p12
new.cert.cert  new.cert.csr
saal:/cert # openssl pkcs12 -export -in new.cert.csr -inkey privkey.pem
-name "Test" -caname "Test CA" -certfile saal-rsa.crt -out mycert.p12
new.cert.csr
saal:/cert # openssl pkcs12 -export -in new.cert.csr -inkey privkey.pem
-name "Test" -caname "Test CA" -certfile saal-rsa.crt -out mycert.p12
Enter PEM pass phrase:
Error loading certificates from input
6114:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.csr -inkey
privkey.pem -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Enter PEM pass phrase:
Error loading certificates from input
6137:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.csr -inkey
new.cert.key -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Error loading certificates from input
6138:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.csr -inkey
privkey.pem -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Enter PEM pass phrase:
Error loading certificates from input
6139:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.cert -inkey
privkey.pem -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Enter PEM pass phrase:
Error loading private key
6140:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:243:
6140:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:399:
saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.cert -inkey
privkey.pem -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Enter PEM pass phrase:
No certificate matches private key
saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.csr -inkey
privkey.pem -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Enter PEM pass phrase:
Error loading certificates from input
6142:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.csr -inkey  -name

"Test" -caname "Test CA" -certfile saal-rsa.crt -out mycert.p12
this is everything i have done but never got it right
Thanx
Sadir




Richard Levitte - VMS Whacker wrote:

> Sadir.Al-khafaji> urgent help, i am trying to get my browser to client
> Sadir.Al-khafaji> authenticate a an ssl server but it doesn't work.
> Sadir.Al-khafaji> Can any one help me out. do i have to generate a
> Sadir.Al-khafaji> server server and a client cert signed with ca so
> Sadir.Al-khafaji> that they can authenticate.
>
> Most of the times, it's a good idea to give the server a server
> certificate (I don't know if there's any browser that doesn't want to
> check that).  The server cert can very well be self-signed as far as I
> know, but if you want to do it right, it's definitelly better to have
> it signed by a correct CA.
>
> If you want ant more substantial help, it might be a good idea if you
> shared relevant logs and error messages from the browser as well as
> from the server with us.
>
> --
> Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
> Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
> Redakteur@Stacken   \  SWEDEN   \ or +46-708-26 53 44
> Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
>Member of the OpenSSL development team
>
> Unsolicited commercial email is subject to an archival fee of $400.
> See <http://www.stacken.kth.se/~levitte/mail/> for more info.



begin:vcard 
n:Al-khafaji;Sadir
tel;cell:0709 800 909
tel;fax:08 781 27 34
tel;home:08 760 34 80
tel;work:08 781 47 48
x-mozilla-html:FALSE
org:Postcom;I&S
version:2.1
email;internet:[EMAIL PROTECTED]
title:Unix Technician
adr;quoted-printable:;;Olof Palmas GATA 29, 5tr=0D=0ANC=0D=0A10500 Stockholm;Stockholm;Stockholm;10500;Sweden
fn:SAAL002
end:vcard

 S/MIME Cryptographic Signature

Re: urgent help

[Richard Levitte - VMS Whacker]

Sadir.Al-khafaji> urgent help, i am trying to get my browser to client
Sadir.Al-khafaji> authenticate a an ssl server but it doesn't work.
Sadir.Al-khafaji> Can any one help me out. do i have to generate a
Sadir.Al-khafaji> server server and a client cert signed with ca so
Sadir.Al-khafaji> that they can authenticate.

Most of the times, it's a good idea to give the server a server
certificate (I don't know if there's any browser that doesn't want to
check that).  The server cert can very well be self-signed as far as I
know, but if you want to do it right, it's definitelly better to have
it signed by a correct CA.

If you want ant more substantial help, it might be a good idea if you
shared relevant logs and error messages from the browser as well as
from the server with us.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
   Member of the OpenSSL development team

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]