Re: using an on-disk session caching framework

Geoff Thorpe wrote: > The hash-database means the only way to remove expired sessions is to iterate across the entire database! Or you maintain an auxillary database that maps the expiry time to a list of session IDs. This could be a btree (perhaps with a bucket of session IDs, to avoid dulic

Re: using an on-disk session caching framework

On Thursday 31 Oct 2002 8:56 pm, Bear Giles wrote: > Edward Chan wrote: > > The default behavior of server-side session caching is > > to cache session in memory. This is probably not > > gonna work very well if there are a lot of connections > > to the server > > > > It says to "open file nam

RE: Windows: Code Signing Certificate

Title: Message Thanx, Franck, I'll post an update after my head clears; I find using openssl very confusing, not to mention stressful (although that may be due to the fact that I've never gotten CA.pl to work properly; I always have to go back and read the CA.pl source to figure out what the

Re: PRNG not seeded ERROR!!!!

Hi, I would like to ask one more question in connection to this one. How would you gather randomness or entryopy on a system that doesn't have any /dev/egd-pool or /dev/urandom or /dev/random. What cn be good sources of randomness and how do I know how much randomness is required? Regards Sura

RE: Windows: Code Signing Certificate

Title: Message www.tldp.org SSL-Certificates HOWTO   feel free to send an update based on your experience...   -Original Message-From: Mark Olbert [mailto:[EMAIL PROTECTED]]Sent: Friday, 1 November 2002 4:53 To: [EMAIL PROTECTED]Subject: Windows: Code Signing Certificate Can anyo

RE: Building openssl on Win2K

Thanks to all who replied with suggestions. It turned out to be something completely different. I had used PKZIP to unzip and untar the distribution tarball and - surprise! - rather than creating links (Windows shortcuts) where appropriate, it creates 0-byte files! That meant that all of the header

Windows: Code Signing Certificate

Title: Message Can anyone direct me to documentation (or a howto) on using openssl to create a digital certificate that can be used to sign macros in an Excel worksheet?   I've successfully created and installed a root certificate authority for myself under Windows, but when I try to sign co

Re: using an on-disk session caching framework

Edward Chan wrote: The default behavior of server-side session caching is to cache session in memory. This is probably not gonna work very well if there are a lot of connections to the server It says to "open file named according to session id". However, session_id contains non-ascii chars,

Re: Building openssl on Win2K

check the version of perl you are using. I had the exact same problem and upgrading my perl version fixed all of the issues. I am sorry, but I do not have version numbers handy. Regards, Tim --- Noel Burton-Krahn <[EMAIL PROTECTED]> wrote: > Right, I remember I had a ton of problems building > op

Re: to secure a directory

The data you're talking is some configuration file or something? The application that use this data ... can decrypt the data?, or could you add this functionality to those applications... i think your using symmetric cryptography... that's easy... you have to use the EVP librery... if not... your

Re: anybody using EGADS?

The OpenSSL PRNG feels that it is fully seeded with 160 bits, i.e. 20 bytes of entropy. In rand_lcl.h the symbol ENTROPY_NEEDED is defined to 20. In 0.9.6g at least. Tim --- Edward Chan <[EMAIL PROTECTED]> wrote: > Hi Stephen, > > Thanks for the reply. You're absolutely right. It > does

Re: HP and OpenSSL

There is an hp-ux depot here : http://hpux.cs.utah.edu/hppd/hpux/Languages/openssl-0.9.6d/     Ryan Frantz wrote: Has anyone successfully installed OpenSSL on an HP-UX box?  See the error below: ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.

RSA Secure Server CA cert expire

Hi there, I compiled libwww with Openssl. When I test the client program, wwwssl, against my secure server, I have CA certificate expired error. Actually the CA for the server cert is not expired. I found later that OpenSSL try to replace the server CA cert with the corresponding one in its own sto

HP and OpenSSL

Has anyone successfully installed OpenSSL on an HP-UX box?  See the error below:   ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o/usr/lib/dld.sl: Can't find path for shared library: libfl.sl/usr/lib/dld.sl: No such file or directory***

Re: Building openssl on Win2K

Right, I remember I had a ton of problems building openssl under cygwin.  No problems at all with ActiveState perl in an NT DOS prompt.   --Noel   - Original Message - From: Gait Boxman To: [EMAIL PROTECTED] Sent: Thursday, October 31, 2002 12:45 PM Subject: Re:

Re: SSL_read() hang after read http 100 continue headers

Looks like your code is impatient. When you get continue, 4 retries won't be enough to get the next response. Basically, if you get an SSL_ERROR_WANT_READ, you just need to keep continuing to retry the SSL_read, if you expect more data that is. So, if you expect a server response, keep tryin

Re: Building openssl on Win2K

I did it, and without any problem worth mentioning. Your troubles might be with two things, though. One might be the perl configure .. that is needed to set up the makefile, there is mention of a specific perl distro req'd, I just ran it with the one I had, and it worked fine (could be the r

OpenSSL and Onboard Private Key Processing

Hello: Just wondering if anyone has attempted to use OpenSSL in an environment where the private key generated by a CA/RA is only available on a smart key token, and cannot be extracted. That is all of the private key processing must be done on board the token's processor, and so the key is not ava

Building openssl on Win2K

Okay, I give up.I followed the build instructions in INSTALL.W32 for VC++ only to find an unparseable makefile (ntdll.mak) with carriage returns embedded in the names of two macros (e.g. SSL^MOBJ=$(OBJ_D)\ssl.obj ...).When I fixed that, I discovered that the makefile was attempting to copy f

to secure a directory

Hello !Here is my problem : I wrote 2 codes : a server under linux and client forlinux (and windows). The server sends datas to a client (which is on an othercomputer denoted  by C) and the connection is secured using openssl. Theclient stores those datas in a directory of C but I would lik

to secure a directory

Hello !Here is my problem : I wrote 2 codes : a server under linux and client forlinux (and windows). The server sends datas to a client (which is on an othercomputer denoted  by C) and the connection is secured using openssl. Theclient stores those datas in a directory of C but I would lik

RE: Invalid command "SSLEngine" ?

You can start be making sure that mod_ssl is either linked statically or (Bloaded dynamically via a LoadModule call in your conf/httpd.conf file. (B (B (B-Original Message- (BFrom: [EMAIL PROTECTED] (B[mailto:[EMAIL PROTECTED]] On Behalf Of Eric Tan (BSent: Wednesday, October 30, 200

RE: Compiler Recomendations Solaris 8 (and RedHat 8 too!)

What is the error? -Original Message- From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy@;hp.com] Sent: Thursday, October 31, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: Compiler Recomendations Solaris 8 (and RedHat 8 too!) I compiled openssl 9-6g on redhat 7.3 with

RE: Compiler Recomendations Solaris 8

I haven't seen a recommendation. I have gotten it to work with gcc 3.2 fine on solaris 8... David -Original Message- From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy@;hp.com] Sent: Thursday, October 31, 2002 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: Compiler Recomenda

Re: SSL_set_fd() harmful when using nonblocking sockets?

I believe I have seen the OS return 0 on a 2nd read even when not at EOF. I'll try to come up with a test case to demonstrate it. (See http://groups.google.com/groups?selm=3DB8738F.2000409%40kegel.com for a related thread.) - Dan "Noel Burton-Krahn" [EMAIL PROTECTED] wrote: Uh... Dan, read() alw

RE: PRNG not seeded ERROR!!!!

Install prngd. It's better. You can get egd package with egc to seed prngd, but you don't need it. You can just cat a bunch of files into the prngd seed file. David -Original Message- From: Manoj Kithany [mailto:MKITHANY@;utah.gov] Sent: Thursday, October 31, 2002 11:56 AM To: [EMAIL P

to secure a directory

Hello !Here is my problem : I wrote 2 codes : a server under linux and client forlinux (and windows). The server sends datas to a client (which is on an othercomputer denoted  by C) and the connection is secured using openssl. Theclient stores those datas in a directory of C but I would like

MD5_Init

Having problems with MD5_Init when attempting to use common messenger programs (i.e.- ymessenger). error - relocation error: /opt/ymessenger/bin/ymessenger.bin undefined symbol: MD5_Init - Using latest version 0.9.6g. Attempted using config --prefix=/usr and /usr/local. Neither have fixed is

SSL_read() hang after read http 100 continue headers

Hi,My program is using OpenSSL function SSL_read() to read http content.It works fine for most of the headers, but after it receives HTTP/1.1100 Continue header (the first block of headers), it will hang there. It should continue to read the headers (which is HTTP/1.1 200 OK...). The follow

Invalid command "SSLEngine" ?

Hi, Why it show invalid command "SSLEngine", when running "./apachectl startssl"? How to make it work? Thank you very much! Best Regards, Eric Tan _ 1874(³¯«³¨³)¡A¦A¨£ÅSµ·º¿²ú(¦óÃý¸Ö)¡A·à¤l¤s¤U(ù¤å)... Over 800 latest ringtones,

Re: PRNG not seeded ERROR!!!!

Thanks Erwann: I checked my System and have installed PRNG. I checked it by using: — # ps -ef | grep prng root 47354 6518 0 14:13:01 - 0:03 /opt/freeware/sbin/prngd

Re: PRNG not seeded ERROR!!!!

On Thu, 31 Oct 2002, Manoj Kithany wrote: > THANKS for your reply. > I checked the url before I posted my query to this List. I am bit Sorry if I offended you. You didn't specify in your first post that you checked the URL, and since this question is in the FAQ, that means it is asked a *lot* of

RE: Building 0.9.6g --RH8.0

Attached is the openssl.spec file for Red Hat 8.0, which is what Red Hat uses to build their openssl package, presumably with gcc 3.2. If you can make some sense of it, you'll probably find out how to get openssl to compile. Ignore the configure options no-idea, no-mdc2 and no-rc5. These are only

RE: Compiler Recomendations Solaris 8

the package I got from openssl did not include shared librarys - hence why I am keen to compile it myself. good suggestion though -Original Message- From: Boyle Owen [mailto:Owen.Boyle@;swx.com] Sent: Thursday, October 31, 2002 4:54 PM To: [EMAIL PROTECTED] Subject: RE: Compiler Recomen

Re: PRNG not seeded ERROR!!!!

Hi Mr. Erwann: THANKS for your reply. I checked the url before I posted my query to this List. I am bit confused - should I need to install EGD or PRNG? I checked my IBM Server and could'nt find /dev/random? Can you/anyone please help? THANKS! Manoj G. Kithany >>> [EMAIL PROTECTED] 10

RE: Compiler Recomendations Solaris 8

Sorry - I meant to get the package for openssl! (not for gcc...) -Original Message- From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy@;hp.com] Sent: Donnerstag, 31. Oktober 2002 17:20 To: '[EMAIL PROTECTED]' Subject: RE: Compiler Recomendations Solaris 8 I have installed g

Re: Rolling a Windows Secure Webserver...

This question is asked a lot. With asynchornous sockets, you need to check the err using SSL_get_error. If the error IS SSSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE then you need to call SSL_accept again. I would reccommend adding the FD back into your select queue based on the read/write status,

RE: Compiler Recomendations Solaris 8

I have installed gcc 2.95 package from sun freeware. I am trying to compile openssl-9.6g it is failing. Could some one recomend a compiler version / package to compile openssl-9.6g -Original Message- From: Boyle Owen [mailto:Owen.Boyle@;swx.com] Sent: Thursday, October 31, 2002 4:14 PM To

RE: Compiler Recomendations Solaris 8 (and RedHat 8 too!)

I compiled openssl 9-6g on redhat 7.3 with gcc 2.96 and was told to use 3 or 2.95 (still failing) I am using 2.95 on Solaris and it is failing with the same error as redhat so I am lost as to what is a recomended GCC -Original Message- From: [EMAIL PROTECTED] [mailto:John.Airey@;rnib.org

Re: PRNG not seeded ERROR!!!!

On Thu, 31 Oct 2002, Manoj Kithany wrote: > I installing OPENSSL and when running I get following ERROR - wonder > why: > -- > # ./openssl req -new -nodes -keyout private.key -out public.csr > Using configuration from /usr/loc

RE: Compiler Recomendations Solaris 8

I don't understand - the packge is a binary so you don't need to compile. It's like RPM on linux. -Original Message- From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy@;hp.com] Sent: Donnerstag, 31. Oktober 2002 16:58 To: '[EMAIL PROTECTED]' Subject: RE: Compiler Recomendatio