Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10.
Hi,
I have configured SSL and enabled HTTPS on Apache 2.4. It is working fine.
If the docs team is interested, then they can put my instructions on
the above topic in the documentation.
The instructions are below:
--
Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10
Date: April, 2024
--
VERY IMPORTANT:
You should not follow this process for a production environment because
self-signed SSL certificate (that is being generated here) is a security risk.
You should follow this process only for the local development environment.
-
Please follow the steps listed below:
-
Step 1: Stop Apache web server if it is already running.
Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment
variable "Path". openssl.exe is in this folder.
Step 3: Open the Windows command prompt and change directory to
"absolute_path_to_apache24_dir\conf".
Step 4: On the command prompt, execute the following command:
set OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf
If "absolute_path_to_apache24_dir" contains spaces then enclose the
path in quotes.
Step 5: Check that the OPENSSL_CONF variable is set to correct directory by
executing the following command on the command prompt:
echo %OPENSSL_CONF%
Step 6: On the command prompt, execute the following command
(openssl.exe is in "absolute_path_to_apache24_dir\bin" folder):
openssl genrsa -out cert.key 2048
Step 7: On the command prompt, execute the following command:
openssl req -new -key cert.key -out cert.csr
When you execute this command, you will be asked to give input for
some fields. I had given input for only one field (and for other fields,
I just hit "Enter" key):
Common Name (e.g. server FQDN or YOUR name) []:localhost
Step 8: On the command prompt, execute the following command:
openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out cert.crt
Step 9: Change a few lines in the
"absolute_path_to_apache24_dir\conf\httpd.conf"
file. I am listing the lines after the changes. I am not listing the
original lines. You can search and change/replace the original
lines.
The changed lines are:
Define SRVROOT "absolute_path_to_apache24_dir"
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
ServerName localhost:80
Include conf/extra/httpd-ssl.conf
Step 10: Change a few lines in the
"absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file.
I am listing the lines after the changes. I am not listing the
original lines. You can search and change/replace the original
lines.
The changed lines are:
ServerName localhost:443
ServerAdmin ad...@localhost.localdomain.com
SSLCertificateFile "${SRVROOT}/conf/cert.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/cert.key"
Step 11 (Last Step): Now, you can start Apache web server and test.
Since the security certificate that was generated here is self-signed,
the browser may show you a warning that the connection/certificate,
etc. is not trusted. But since this is your local development
environment, you can ignore this warning and accept the risk and
go ahead with the testing/development, etc.
I do the same (ignore the warning and accept the risk).
End
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.
On Wed, 17 Apr 2024 at 15:36, General Email
wrote:
>
>
> Anyways, I looked more on google and I think that I have found what I was
> looking for on this page:
> https://gist.github.com/taoyuan/39d9bc24bafc8cc45663683eae36eb1a
>
Few days ago, I configured SSL and enabled HTTPS on Apache 2.4. It is
working fine.
I am listing the steps below, in case it helps someone.
--
Enabling HTTPS and Configuring SSL in Apache 2.4 on Windows 10
Date: April, 2024
--
VERY IMPORTANT:
You should not follow this process for a production environment because
self-signed SSL certificate (that is being generated here) is a security risk.
You should follow this process only for the local development environment.
-
Please follow the steps listed below:
-
Step 1: Stop Apache web server if it is already running.
Step 2: Add "absolute_path_to_apache24_dir\bin" to the system environment
variable "Path". openssl.exe is in this folder.
Step 3: Open the Windows command prompt and change directory to
"absolute_path_to_apache24_dir\conf".
Step 4: On the command prompt, execute the following command:
set OPENSSL_CONF=absolute_path_to_apache24_dir\conf\openssl.cnf
If "absolute_path_to_apache24_dir" contains spaces then enclose the
path in quotes.
Step 5: Check that the OPENSSL_CONF variable is set to correct directory by
executing the following command on the command prompt:
echo %OPENSSL_CONF%
Step 6: On the command prompt, execute the following command
(openssl.exe is in "absolute_path_to_apache24_dir\bin" folder):
openssl genrsa -out cert.key 2048
Step 7: On the command prompt, execute the following command:
openssl req -new -key cert.key -out cert.csr
When you execute this command, you will be asked to give input for
some fields. I had given input for only one field (and for other fields,
I just hit "Enter" key):
Common Name (e.g. server FQDN or YOUR name) []:localhost
Step 8: On the command prompt, execute the following command:
openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out cert.crt
Step 9: Change a few lines in the
"absolute_path_to_apache24_dir\conf\httpd.conf"
file. I am listing the lines after the changes. I am not listing the
original lines. You can search and change/replace the
original lines.
The changed lines are:
Define SRVROOT "absolute_path_to_apache24_dir"
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
ServerName localhost:80
Include conf/extra/httpd-ssl.conf
Step 10: Change a few lines in the
"absolute_path_to_apache24_dir\conf\extra\httpd-ssl.conf" file.
I am listing the lines after the changes. I am not listing the
original lines. You can search and change/replace the
original lines.
The changed lines are:
ServerName localhost:443
ServerAdmin ad...@localhost.localdomain.com
SSLCertificateFile "${SRVROOT}/conf/cert.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/cert.key"
Step 11 (Last Step): Now, you can start Apache web server and test.
Since the security certificate that was generated here is self-signed,
the browser may show you a warning that the connection/certificate,
etc. is not trusted. But since this is your local development
environment, you can ignore this warning and accept the risk and
go ahead with the testing/development, etc.
I do the same (ignore the warning and accept the risk).
End
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.
On Wed, Apr 17, 2024, 3:27 PM General Email < general.email.12341...@gmail.com> wrote: > > >> > If people are asking for advice on PHP then advise them on PHP or don't >> say anything. >> > Don't start advising them about Java. >> >> Please... I am not even making remarks about you asking openssl questions >> at httpd. >> > > > So, is this wrong forum for asking about openssl commands required for > generating certificates for enabling https on apache? > > I can easily look at openssl website or other websites and look how to > create self signed certificates. However, I was not sure if that would work > on apache. That's why I asked here. > > Most of the websites showed how to generate .pem certificates, but after > reading about ssl/https on apache website, I saw that apache requires .crt > certificates. > > Obviously, I can figure out this whole thing if I read whole openssl > manual and apache ssl configs, etc. but I don't want to invest time in that > and I was looking for a quick solution and that's why I posted here. > > > >> I think most people will understand that I try to make you see the >> difference between developing an application and how it is hosted/used what >> ever, operate within your area of expertise. >> > > I know this and I told you that I want to hard code https. Now, please > tell me how can my idea go wrong? > > Please don't tell me how other people's unrelated ideas went wrong. > > Let's have a meaningful discussion. > > I don't work for any company. > > I do freelancing. I am doing this project for a real estate client. So, > its only me who will do everything and decide everything - development, > testing, maintenance hosting, hard coding, migration, https, ssl, etc. > > I would really like to know how my idea of hardcoding https can go wrong? > Anyways, I looked more on google and I think that I have found what I was looking for on this page: https://gist.github.com/taoyuan/39d9bc24bafc8cc45663683eae36eb1a
Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.
> > > If people are asking for advice on PHP then advise them on PHP or don't > say anything. > > Don't start advising them about Java. > > Please... I am not even making remarks about you asking openssl questions > at httpd. > So, is this wrong forum for asking about openssl commands required for generating certificates for enabling https on apache? I can easily look at openssl website or other websites and look how to create self signed certificates. However, I was not sure if that would work on apache. That's why I asked here. Most of the websites showed how to generate .pem certificates, but after reading about ssl/https on apache website, I saw that apache requires .crt certificates. Obviously, I can figure out this whole thing if I read whole openssl manual and apache ssl configs, etc. but I don't want to invest time in that and I was looking for a quick solution and that's why I posted here. > I think most people will understand that I try to make you see the > difference between developing an application and how it is hosted/used what > ever, operate within your area of expertise. > I know this and I told you that I want to hard code https. Now, please tell me how can my idea go wrong? Please don't tell me how other people's unrelated ideas went wrong. Let's have a meaningful discussion. I don't work for any company. I do freelancing. I am doing this project for a real estate client. So, its only me who will do everything and decide everything - development, testing, maintenance hosting, hard coding, migration, https, ssl, etc. I would really like to know how my idea of hardcoding https can go wrong?
Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.
On Wed, Apr 17, 2024, 1:17 PM Marc wrote: > > > > > http is an insecure protocol. I don't want my website to run on > > http. So, I am hardcoding https in links in my website that refer to > > pages in my website. > > > > > > Now, I know that you will write why not redirect http to https by > > default. > > No because that is not relevant to me and what I would like to address. I > am even deploying https on tasks in private air-gapped environments. This > is not a discussion about whether or not https should be used and when. > > > > The problem with this is that if the website gets migrated to > > different provider and if people forget to redirect http to https in new > > setup then it will become a security problem. > > I know there are many idiots out there and your concern is very valid. > Most of the security breaches you read about is about such issues. > However, can you imagine the apache dev team thinking like you? Hard > coding everything to https? Can you imagine all http ports of tomcat, > httpd, jboss etc. being dropped? These people have been making rock solid > applications for decades they don't lecture others how to use or not use > https. > You will never match them in any way, why not follow their lead? > > > > Hardcoding https solves all issues. > > > > A few years back I had an argument with apple developers. They were having > in the build process of the calendar server openssl. The developers thought > for security purposes it would be better to include it in the build. This > resulted in that calenderservers were always having an old insecure > openssl, because the openssl updated by the distribution was not used. (and > nobody is going to build the application frequently) This is what happens > when application developers think they are security geniuses. > > The point I am trying to make is that you as an application developer > should be focussed on developing your application it is not your business > how this application is hosted. You should not concern yourself with things > you are not experienced in/with. Especially when it comes to something as > crucial as security. You are not removing ca certs from the trust store, > your are not setting secure ciphers, you are not setting limits on key > sizes etc. Why would you then even bother with https or http? > > With your argument you might as well hard code the domain name in your > application (like wordpress) and hardcode root name servers etc. > If you buy an egg in the store, it does not come with any requirement that > it should be used only for making cakes. Grasp this concept. > Marc, I don't know what you are trying to prove by your points + you are insulting people for no reason. If you insult people, they may insult you back. Russia attacked Ukraine and Ukraine/NATO hit Russia back. The original discussion was about openssl commands and I think that since you don't know openssl commands, you should not have said anything. Let other people do what they want to do. If they want to hardcode something, why are you bothered. I will hard code https, its my choice. It has nothing to do with you. Now, you are saying to hard code root name servers, etc. which doesn't make sense. You are taking this discussion in all sorts of directions and I don't know what you want to prove. If you want to prove that you are a very smart person and other people are fools then for that you need to play chess with all other people and win all the games. You can invite wordpress idiots to play chess with you and then if you win then probably you can tell that person that he/she is an idiot. There are many people in this world who are very smart but they don't say that other people are fools - for example, Steve Wozniak, Larry Page, Knuth, etc. If people are asking for advice on PHP then advise them on PHP or don't say anything. Don't start advising them about Java. By the way, if you insult me, I will insult you back. GE
Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.
> This is also not relevant to what I am stating. If you develop, do it > regardless of http/https that is convenient for everyone. It will be to > your own benefit. If you have to host the application on your own server, > so be it. It will be easier with choosing your https solution. You could > already be developing it now, and later you can check how to use openssl. > Last thing you want, is an application that forces https or http. > http is an insecure protocol. I don't want my website to run on http. So, I am hardcoding https in links in my website that refer to pages in my website. Now, I know that you will write why not redirect http to https by default. The problem with this is that if the website gets migrated to different provider and if people forget to redirect http to https in new setup then it will become a security problem. Hardcoding https solves all issues.
Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.
> > Here’s a possible SO question that might help you: > > https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl > Thanks Will. I will look look into it.
Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.
> But should your development be not protocol independent? If your code > works on http it should also work on https. I am getting sick of these > wordpress idiots where they still have hardcoded links everywhere and I > can't even convert a website from http to https. > Are you saying that I am a wordpress idiot?
Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.
> I think you need to search for setting up your own CA and sign certs. Windows is my development environment. Later the website will be hosted on linux and the linux hosting provider will provide SSL certificate. I had looked at https://stackoverflow.com/questions/4221874/how-do-i-allow-https-for-apache-on-localhost But it looks like many answers on this page are obsolete now. I don't think openssl commands are any differnt on windows. Yeah, they are not. But I don't know what all arguments to give to openssl. Maybe easier to get an existing cert and use that, and just ignore the > warning? > Maybe there are even easier to use tools on windows that do this all for > I actually want to use openssl. openssl.exe comes with apache 2.4 distribution.
[users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.
Hi, I was looking for openssl command(s) to generate server side certificate and key so that https start working on my apache 2.4 web server on windows. I looked on Internet but found few commands but they all used different arguments to openssl. Can someone please give me exact openssl command(s) to use. I will appreciate it. Regards, GE
Re: Problem in installing "libgnomevfs2-dev" for building OpenOffice on Debian 12.5.
Thanks Damjan. Is someone in charge of wiki pages? If not, then I will update the wiki page. Regards, GE On Wed, 28 Feb 2024 at 04:00, Damjan Jovanovic wrote: > > GnomeVFS was discontinued a long time ago, and replaced by GIO (and GVFS) > instead. > > Luckily we support both. Pass --enable-gio and --disable-gnome-vfs to > ./configure. And you can build OpenOffice without either of them, but it > would probably limit access to files on filesystems that those provide (eg. > on remote servers). > > Regards > Damjan > > On Tue, Feb 27, 2024 at 11:49 AM General Email < > general.email.12341...@gmail.com> wrote: > > > Hi, > > > > I was planning to compile OpenOffice on debian 12.5. > > > > So, I started to install all the required packages. > > > > I am following instructions given on these pages: > > https://wiki.openoffice.org/wiki/Documentation/Building_Guide_AOO and > > > > https://wiki.openoffice.org/wiki/Documentation/Building_Guide_AOO/Building_on_Linux > > > > But when I tried to install libgnomevfs2-dev, it gave me an error: "E: > > Unable to locate package libgnomevfs2-dev". > > > > The output from command line is below: > > > > > > sudo apt-get install libgnomevfs2-dev > > Reading package lists... Done > > Building dependency tree... Done > > Reading state information... Done > > E: Unable to locate package libgnomevfs2-dev > > > > > > Can anyone please suggest how to resolve this? > > > > Regards, > > GE > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > > For additional commands, e-mail: dev-h...@openoffice.apache.org > > > > - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Problem in installing "libgnomevfs2-dev" for building OpenOffice on Debian 12.5.
Hi, I was planning to compile OpenOffice on debian 12.5. So, I started to install all the required packages. I am following instructions given on these pages: https://wiki.openoffice.org/wiki/Documentation/Building_Guide_AOO and https://wiki.openoffice.org/wiki/Documentation/Building_Guide_AOO/Building_on_Linux But when I tried to install libgnomevfs2-dev, it gave me an error: "E: Unable to locate package libgnomevfs2-dev". The output from command line is below: sudo apt-get install libgnomevfs2-dev Reading package lists... Done Building dependency tree... Done Reading state information... Done E: Unable to locate package libgnomevfs2-dev Can anyone please suggest how to resolve this? Regards, GE - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: Please support/enable https by default in the Apache web sever.
> I suggest you're trolling, are you on xampps public relations team, I mean > seriously you come here pushing your agenda with arguments that don't make > sense, but can't be bothered using your real name or real email address. > I am not trolling but I don't use my real name/email address online. This is because everything online is almost public and google indexes everything. So, if someone searches for me online, he/she can find out what I am doing, where am I involved, etc. and I don't want people to know all this. GE > >
Re: Please support/enable https by default in the Apache web sever.
On Sat, 30 Sep, 2023, 9:32 pm Joe Schaefer, wrote: > It is insane to ask this project to cater to the interests of 10 people > who are so PKI illiterate, the PMC needs to put the rest of the user base > at risk just to accommodate them. > > Certs require mandatory user serviceable parts. There is no meaningful > way to provide a default. > > Thanks. > Well, if you don't want to do this, its fine. But you can't abuse the developers by calling them illiterate. Your words are abusive and offensive for no reason. I don't like abusive people like you. I will now not continue this discussion. By the way, I asked for this change in apache http server. But, may be thousands of web developers also want the same change but they didn't approach the dev people of apache http server. But anyways, this discussion has become abusive now. So I am no more interested in this discussion. GE
Re: Please support/enable https by default in the Apache web sever.
On Sat, 30 Sep, 2023, 8:00 pm Emmanuel Dreyfus, wrote: > On Sat, Sep 30, 2023 at 07:40:34PM +0530, General Email wrote: > > By the way, I don't understand how the default certificate can be abused. > > It is not signed by a trusted CA, hence your browser cannot tell if it > is speaking to your legitimate web server, or to some malware lurking > in between. Perhaps your web trafic is not worth being evesdropped, but > consider a malware could inject an exploit against your browser in your > web trafic. The attacker could just be an infected machine on the same > LAN. > > The security level of an untrusted ceritificate is not much better than > plain text HTTP. > Yes, I understand this. We will not be using the default untrusted certificate when we go live. But during development, if 10 people are working on the development of one website and each of them has their own apache http installation, then we have to generate 10 certificates and do a few changes or more than few changes to get https enabled on each of 10 installations. Having a default certificate (not signed by trusted CA) in official http server will make enabling https on each installation much easier and we won't have to generate 10 certificates, etc. Regards, GE
Re: Please support/enable https by default in the Apache web sever.
On Sat, 30 Sep, 2023, 7:06 pm Noel Butler, wrote: > On 30/09/2023 22:28, General Email wrote: > > > > On Sat, 30 Sep, 2023, 5:34 pm Will Fatherley, > wrote: > > > > Please support/enable https by default in the Apache web server. > > > HTTPS is supported already by default. I like the idea of enabling by > default, but as it stands now probably should not be done as the generation > of keying material is required; the certification of keying material, while > capable of being automated, may become overburdened or more easily abused; > and other such complications related to authentication. > > > In XAMPP (https://www.apachefriends.org/download.html) https can be > enabled easily (change of only couple of lines is required). > > XAMPP has apache http web server. > > It looks like they have a default SSL certificate in their distribution. > > Fitefox and other browsers complain something like "the certificate is not > trusted" but they also give an option of taking the risk and going ahead. > When you go ahead, you can access your site using https. > > This is good when a developer is developing a website on his local > computer. > > Later, when going for hosting the website, the hosting providers do > everything for you for supporting https. > > So, if whatever XAMPP has done in their distribution of apache http > server, if the same can be done in official apache http server then this > will be of great help during website development and testing. > > Regards, > GE > > > > > Please re-read Stefan's reply. > > It is not up to the project to dictate to administrators, there are > examples that are easy implementable, use them. The project is not to know > where you want your docroot, if you want CGI or what directories require > special permissions or options are they, configuring your host to how you > want it is your job. > > How hard is it really to uncomment one hash sign and edit a file to set > correct DocumentRoot and hostnames and where the keys are... (thats > rhetorical by the way not actually a question) > > And as for those "webhosts" doing it automatically, all we do is use a > vhost template that we created and is used when adding each host, > customised by perl or php or whatever prog language the webhost uses in > their backend. > I actually didn't understand your answer. What I said was to enable https by default and XAMPP have made it quite easy. If it can't be enabled by default then at least it should be as simple as adding one line or uncommenting one line: Listen 443. Currently, enabling https in apache http server is not easy and takes multiple steps. XAMPP doesn't require generation of SSL certificate by the user but its certificate can't be used in production and this is ok because its certificate can be used during development. I am just suggesting that why can't official apache http server do the same as XAMPP. The main problem is that it is not recommended to use XAMPP in production so we need official apache http server in production. By the way, I don't understand how the default certificate can be abused. Anyways, may be I didn't understand well enough but please have a look as to how XAMPP is doing it and whether their certificates, etc. can also be abused or not. Regards, GE
Re: Please support/enable https by default in the Apache web sever.
On Sat, 30 Sep, 2023, 5:34 pm Will Fatherley, wrote: > > Please support/enable https by default in the Apache web server. >> > > HTTPS is supported already by default. I like the idea of enabling by > default, but as it stands now probably should not be done as the generation > of keying material is required; the certification of keying material, while > capable of being automated, may become overburdened or more easily abused; > and other such complications related to authentication. > In XAMPP (https://www.apachefriends.org/download.html) https can be enabled easily (change of only couple of lines is required). XAMPP has apache http web server. It looks like they have a default SSL certificate in their distribution. Fitefox and other browsers complain something like "the certificate is not trusted" but they also give an option of taking the risk and going ahead. When you go ahead, you can access your site using https. This is good when a developer is developing a website on his local computer. Later, when going for hosting the website, the hosting providers do everything for you for supporting https. So, if whatever XAMPP has done in their distribution of apache http server, if the same can be done in official apache http server then this will be of great help during website development and testing. Regards, GE
Please support/enable https by default in the Apache web sever.
Hi, Everyone is moving to "https" these days. Almost no one is using "http" these days. Please support/enable https by default in the Apache web server. Enabling https support manually is a lengthy (and probably a little bit difficult) process. Regards, GE
Re: [klee-dev] Unexpected Output!
Thanks Dan,
I ran klee with the emit-all-errors option and I still got the same output (two
tests: one feasible and one unfeasible) and as I understand, the output should
show two unfeasible paths!
Here is the assembly.ll file generated.
; ModuleID = 'question.o'
target datalayout =
e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32-f64:32:64-v64:64:64-v128:128:128-a0:0:64-f80:32:32-n8:16:32
target triple = i386-pc-linux-gnu
@.str = private constant [2 x i8] cy\00, align 1 ; [2 x i8]* [#uses=1]
define i32 @main() nounwind {
entry:
%retval = alloca i32 ; i32* [#uses=1]
%attr1 = alloca i32 ; i32* [#uses=4]
%attr2 = alloca i32 ; i32* [#uses=3]
%y = alloca i32 ; i32* [#uses=3]
%alloca point = bitcast i32 0 to i32 ; i32 [#uses=0]
store i32 100, i32* %attr1, align 4, !dbg !0
store i32 12, i32* %attr2, align 4, !dbg !0
%0 = call i32 (...)* @klee_make_symbolic(i32* %y, i32 4, i8* getelementptr
inbounds ([2 x i8]* @.str, i32 0, i32 0)) nounwind, !dbg !7 ; i32 [#uses=0]
%1 = load i32* %y, align 4, !dbg !8 ; i32 [#uses=1]
%2 = icmp sgt i32 %1, 0, !dbg !8 ; i1 [#uses=1]
br i1 %2, label %bb, label %bb1, !dbg !8
bb: ; preds = %entry
%3 = load i32* %y, align 4, !dbg !9 ; i32 [#uses=1]
%4 = add nsw i32 %3, 7, !dbg !9 ; i32 [#uses=1]
store i32 %4, i32* %attr1, align 4, !dbg !9
store i32 500, i32* %attr2, align 4, !dbg !10
%5 = load i32* %attr1, align 4, !dbg !11 ; i32 [#uses=1]
%6 = icmp slt i32 %5, 0, !dbg !11 ; i1 [#uses=1]
%7 = zext i1 %6 to i32, !dbg !11 ; i32 [#uses=1]
%8 = call i32 (...)* @klee_assume(i32 %7) nounwind, !dbg !11 ; i32 [#uses=0]
br label %return, !dbg !11
bb1: ; preds = %entry
store i32 800, i32* %attr2, align 4, !dbg !12
%9 = load i32* %attr1, align 4, !dbg !13 ; i32 [#uses=1]
%10 = icmp slt i32 %9, 0, !dbg !13 ; i1 [#uses=1]
%11 = zext i1 %10 to i32, !dbg !13 ; i32 [#uses=1]
%12 = call i32 (...)* @klee_assume(i32 %11) nounwind, !dbg !13 ; i32
[#uses=0]
br label %return, !dbg !13
return: ; preds = %bb, %bb1
%retval3 = load i32* %retval, !dbg !14 ; i32 [#uses=1]
ret i32 %retval3, !dbg !14
}
declare void @llvm.dbg.declare(metadata, metadata) nounwind readnone
declare i32 @klee_make_symbolic(...)
declare i32 @klee_assume(...)
!0 = metadata !{i32 3, i32 0, metadata !1, null}
!1 = metadata !{i32 458763, metadata !2, i32 2, i32 0} ; [ DW_TAG_lexical_block
]
!2 = metadata !{i32 458798, i32 0, metadata !3, metadata !main, metadata
!main, metadata !main, metadata !3, i32 2, metadata !4, i1 false, i1 true,
i32 0, i32 0, null, i1 false} ; [ DW_TAG_subprogram ]
!3 = metadata !{i32 458769, i32 0, i32 1, metadata !question.c, metadata
!/home/pgbovine/klee/examples/myKleeTryouts/, metadata !4.2.1 (Based on
Apple Inc. build 5658) (LLVM build 2.7), i1 true, i1 false, metadata !, i32
0} ; [ DW_TAG_compile_uni
!4 = metadata !{i32 458773, metadata !3, metadata !, metadata !3, i32 0, i64
0, i64 0, i64 0, i32 0, null, metadata !5, i32 0, null} ; [
DW_TAG_subroutine_type ]
!5 = metadata !{metadata !6}
!6 = metadata !{i32 458788, metadata !3, metadata !int, metadata !3, i32 0,
i64 32, i64 32, i64 0, i32 0, i32 5} ; [ DW_TAG_base_type ]
!7 = metadata !{i32 5, i32 0, metadata !1, null}
!8 = metadata !{i32 7, i32 0, metadata !1, null}
!9 = metadata !{i32 9, i32 0, metadata !1, null}
!10 = metadata !{i32 10, i32 0, metadata !1, null}
!11 = metadata !{i32 11, i32 0, metadata !1, null}
!12 = metadata !{i32 15, i32 0, metadata !1, null}
!13 = metadata !{i32 16, i32 0, metadata !1, null}
!14 = metadata !{i32 19, i32 0, metadata !1, null}
Thanks
On Friday, January 24, 2014 11:43 AM, General Email
general_mail2...@yahoo.com wrote:
Thanks Dan,
I moved the klee_assume statement to the end of the conditional statement and
ran klee with the emit-all-errors option and I got the same output!
The code:
int main()
{
int attr1=100, attr2=12;
int y;
klee_make_symbolic(y, sizeof(int), y);
if(y0)
{
attr1=y+7;
attr2=500;
printf(attr2 = %d\n, attr2);
}
else
{
attr2=800;
printf(attr2 = %d\n, attr2);
}
klee_assume(attr10);
}
The output:
attr2 = 800
KLEE: ERROR: invalid klee_assume call (provably false)
attr2 = 500
KLEE: done: total instructions = 33
KLEE: done: completed paths = 2
KLEE: done: generated tests = 2
Any advise?
On Friday, January 24, 2014 11:12 AM, General Email
general_mail2...@yahoo.com wrote:
Hi,
Can anybody correct me if my notice is wrong?
I have the following code which should generate two symbolic execution paths;
none of them can by satisfiable. However Klee doesn't show
[klee-dev] How to show (get) the negative values returned in klee's .pc files?
Hi,
I need to understand how to use klee_assume and klee_assert.
I tried to implement the following assumptions (in the function listed below)
which assumed that if a symbolic variable x satisfies the condition !(0(x+5))
and that if another variable y is set to x+7, I want to check whether y is 0
or not.
--
void main()
{
int x,y;
klee_make_symbolic(x, sizeof(x), x);
klee_assume(!(0(x+5)));
klee_assume(y==x+7);
klee_assert(y0);
}
--
The result from klee showed that the assersion is satisfiable based on the
following path constraint which I couldn't understand.
array x[4] : w32 - w8 = symbolic
(query [(Eq 2880154532
(ReadLSB w32 0 x))]
false)
Also how to get the equivelant negative value of the number
2880154532?
Would you please advise?
Thanks
___
klee-dev mailing list
klee-dev@imperial.ac.uk
https://mailman.ic.ac.uk/mailman/listinfo/klee-dev
Re: [klee-dev] How to show (get) the negative values returned in klee's .pc files?
Thanks Daniel,
This is very helpful.
So, my next question is how does klee generate such a condition based on the
following set of commands?!
klee_assume(!(0(x+5)));
klee_assume(y==x+7);
klee_assert(y0);
I would appreciate if you provide me with some guidance of how klee_assume and
klee_assert work.
Again thank you so much for your help.
From: Daniel Liew daniel.l...@imperial.ac.uk
To: General Email general_mail2...@yahoo.com
Cc: klee-dev klee-dev@imperial.ac.uk
Sent: Wednesday, May 1, 2013 1:01 PM
Subject: Re: [klee-dev] How to show (get) the negative values returned in
klee's .pc files?
The path constraint is in the KQuery language ( see
http://klee.llvm.org/KQuery.html#ReadLSB_expr ). The stuff in the
square brackets are the constraints which can be understood to mean
2880154532 == (array X concatenated together). X was simply an integer
in your case so this concatenation is just concatenating 4bytes
together the integer.
Decimal constants (such as 2880154532 ) used in this way as far as I
know represent the unsigned interpretation of a bitvector.
Assuming that a two-complement representation for signed integers you
can use gdb to quickly calculate what the decimal representation of
the signed integer x is.
$ gdb
(gdb) print /t 2880154532
$1 = 10101011101010111010101110100100
# The most significant bit is 1 so we know the number is negative. We
can invert the bits and add 1 to find the absolute value (
see
http://en.wikipedia.org/wiki/Two%27s_complement#The_most_negative_number
)
(gdb) print ~(2880154532) + 1
$2 = 1414812764
(gdb) exit
So this tells you that the decimal value of integer x is -1414812764
in the constraints you showed.
Hope that helps.
On 1 May 2013 17:16, General Email general_mail2...@yahoo.com wrote:
Hi,
I need to understand how to use klee_assume and klee_assert.
I tried to implement the following assumptions (in the function listed
below) which assumed that if a symbolic variable x satisfies the condition
!(0(x+5)) and that if another variable y is set to x+7, I want to check
whether y is 0 or not.
--
void main()
{
int
x,y;
klee_make_symbolic(x, sizeof(x), x);
klee_assume(!(0(x+5)));
klee_assume(y==x+7);
klee_assert(y0);
}
--
The result from klee showed that the assersion is satisfiable based on the
following path constraint which I couldn't understand.
array x[4] : w32 - w8 = symbolic
(query [(Eq 2880154532
(ReadLSB w32 0 x))]
false)
Also how to get the equivelant negative value of the number 2880154532?
Would you please advise?
Thanks___
klee-dev mailing list
klee-dev@imperial.ac.uk
https://mailman.ic.ac.uk/mailman/listinfo/klee-dev
[klee-dev] How to get the content of a symbolic variable?
Hi,
How to get the content of a symbolic variable?
When I tried to run the code listed below, I got the following output from klee
KLEE: WARNING ONCE: calling external: printf(182324664, 182337984, (Add w32 7
(ReadLSB w32 0 inVar)))
KLEE: ERROR: /home/try1.c:53: failed external call: printf
int inVar;
klee_make_symbolic(inVar, sizeof(inVar), inVar);
int k = inVar+5;
k=k+2;
if (k0)
{
doBlock1;
}
else
{
doBlock2;
}
printf(%s%s\n, k = , k);
///
I'm interested in getting the value presented in the last agrument of the
printf function which is :(Add w32 7 (ReadLSB w32 0 inVar)).
Would you please tell me how to get this expression?
Thanks___
klee-dev mailing list
klee-dev@imperial.ac.uk
https://mailman.ic.ac.uk/mailman/listinfo/klee-dev
[klee-dev] KLEE: ERROR: failed external call: itos
Hi, I'm trying to explore how to use klee. When I run klee on a small program I got the following warning messages: KLEE: WARNING: undefined reference to function: itos KLEE: WARNING: undefined reference to function: printf KLEE: WARNING: undefined reference to function: strcat Also I got the following error message: KLEE: ERROR: /test.c:19: failed external call: itos Would you please advise? Thanks AK ___ klee-dev mailing list klee-dev@imperial.ac.uk https://mailman.ic.ac.uk/mailman/listinfo/klee-dev
Ant war task
Hi, I have a war task and I'm specifing the required libs with: lib refid=classpath / Where classpath is a path id specifing the locations of the required library files. However, Ant does not like this and complains that classpath is not a fileset (which it isn't) but why would this sort of specification be allowed in the javac task, eg src refid=classpath / but not in the war task?? Thanks. - Yahoo! Mail Use Photomail to share photos without annoying attachments.
Re: specifying include files in a lib in the war
ok, that's a way of doing it but why does the documentation for say 'fileset' and the attribute 'includes' say that you can specify a list of comma separated file names?? Petar Tahchiev [EMAIL PROTECTED] wrote: On 12/01/06, General Email wrote: That will work with 'include' but it doesn't like 'includes' and then a list of comma separated file names. That is the problem. And yes...forgot the end quote there...typo in my post. Petar Tahchiev wrote: On 12/01/06, General Email wrote: I'd like to specify a list of files to include in the inside a task. Looks like this: 0h, and also you forgot to close your quotations marks here: utils.jar,/ Doesn't ant complains it? -- Regards, Petar! - Yahoo! Photos Showcase holiday pictures in hardcover Photo Books. You design it and we'll bind it! Sorry, my fault. I see now what you want. First if you want to include a list of comma separated files you can use this: Second if you want to include a set of files you can use this: where you point to the directory you want to use and exclude certain files. Hope that helps! -- Regards, Petar! - Yahoo! Photos Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.
specifying include files in a lib in the war
I'd like to specify a list of files to include in the lib inside a war task. Looks like this: lib dir=c:/lib includes name=webService.jar, common.jar, utils.jar,/ /lib lib specifies a fileset which I though supported includes with a comma separated list of files to include. However I get an error saying that lib doesn't support includes and I'm forced to change to include (without the 's') and include each file individually. How can I get around this and specify a list of files? Thnx. - Yahoo! Photos Showcase holiday pictures in hardcover Photo Books. You design it and well bind it!
Re: specifying include files in a lib in the war
That will work with 'include' but it doesn't like 'includes' and then a list of comma separated file names. That is the problem. And yes...forgot the end quote there...typo in my post. Petar Tahchiev [EMAIL PROTECTED] wrote: On 12/01/06, General Email wrote: I'd like to specify a list of files to include in the inside a task. Looks like this: 0h, and also you forgot to close your quotations marks here: utils.jar,/ Doesn't ant complains it? -- Regards, Petar! - Yahoo! Photos Showcase holiday pictures in hardcover Photo Books. You design it and well bind it!
Ant War Problem
Hi,
I'm using JDev 10g which uses Ant v 1.5.4.
I'm having difficulty with the WAR task in Ant. I have:
war destfile=${outdir}/myApp.war webxml=.\htroot\WEB-INF\web.xml
fileset dir=.\htroot\WEB-INF\ /
/war
and I get an error:
No directory specified for ZipFileSet
and it points me to the first line of the Ant code above.
Anyone know what it's really complaining about?
Thnx
-
Yahoo! Photos
Got holiday prints? See all the ways to get quality prints in your hands ASAP.
