it for more than just this one web server and a bit of prior
planning might pay off down the road.
Good luck!
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
Math & Computing Technology \ [EMAIL PROTECTED]
POB 3707
version number.
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
Math & Computing Technology \ [EMAIL PROTECTED]
POB 3707 M/S 7L-40, Seattle, WA 98124-2207 \ Prototype Systems Group
_
y and
everything else in the child process? What the heck else would I have
to do in this architecture.
Does anyone have experience with SSL in forked environments? Thanks for
your advice. I have seen some hits on fork behavior in the archives but
no answers.
--
Boeing Phantom Works
Linux and Solaris.
Are you checking all of the return codes? Perhaps if you posted
enough of your code to show what you're doing, someone will have a
suggestion?
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
Math & Computing Technology
at making their Java
implementation work, I'd probably try their implementation before anything
else if I needed a Java SSL solution today. But, don't forget that
PureTLS is out there if you need it.
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-32
l
-lcrypto" to your cc command, like this:
gcc -o rsa_test rsa_test.c -lssl -lcrypto
That should get you past this particular problem. Be prepared for
*many* more like this and worse. If you like puzzles, you'll do fine.
Programming computers to do useful things is a walk in a maze, but
the
Dr. Stephen Henson wrote:
On Mon, Feb 23, 2004, Paul L. Allen wrote:
[... tracking my problem partially through the OpenSSL libraries ...]
I'm stumped!
I'm not immediately sure what the problem is either. It might be stack
corruption somewhere or something confusing the malloc lib
Paul L. Allen wrote:
Dr. Stephen Henson wrote:
OK, that seems to rule out the low level socket read and write calls
being the
cause.
Have you tried this in the latest 0.9.7 snapshot BTW? IIRC some fixes
have
been made to buffering BIOs.
I'll try that this evening. After that I'm
,
and there was nothing on the stack above that. Very strange.
I think the buffering BIO is a likely suspect.
I'll proceed as if the buffering BIO has been proven guilty and see
where that takes me. :-)
Thanks, Steve!
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen,
Paul L. Allen wrote:
Dr. Stephen Henson wrote:
On Wed, Feb 18, 2004, Paul L. Allen wrote:
[ ... problem statement omitted ...]
Firstly I hope you are checking the return values from BIO_gets(),
BIO_puts()
and BIO_flush().
Yes, I am. All are OK up to the hang.
Presumably you are using a
including just before the final hang, there are bytes waiting to be
flushed. No error is ever reported until the final hang.
Is this an interesting enough problem? Anybody have any ideas?
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
Math & Computing Tech
archived on-line. Check it out here:
http://www.mail-archive.com/[EMAIL PROTECTED]/
Cheers!
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
Math & Computing Technology \ [EMAIL PROTECTED]
POB 3707 M/S 7L-40, Seattle, WA 98124-2207 \ Proto
o this list now.
Did this one make it?
Thanks,
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
Math & Computing Technology \ [EMAIL PROTECTED]
POB 3707 M/S 7L-40, Seattle, WA 98124-2207 \ Prototype Systems Group
_
are at
http://www.rtfm.com/sslbook/examples. You might want to acquire a
book. Eric's "SSL and TLS" is excellent. I understand there is now
an O'Reilly title on the subject as well.
Good luck!
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
Math & Computing Technology \ [EMA
Mozilla can use SSL for NNTP, POP, and SMTP connections, so
its source code will have client code for each of those service types.
Mozilla knows how to provide client certs if the server requests them,
but it's up to the server to do that. I've coded servers that require
client certs, but I don't
ause there's no payoff for the effort.
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
Math & Computing Technology \ [EMAIL PROTECTED]
POB 3707 M/S 7L-40, Seattle, WA 98124-2207 \ Prototype Systems Group
_
with /usr/ucb/cc is remove it and then make sure some real
compiler (like gcc) is in your path. It's been many years since there
has been any need for a special backward-compatibility compiler on
Solaris.
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425)
Nils Larsch wrote:
>
> Paul L. Allen wrote:
> > One of our customers showed up with a certificate that OpenSSL's x509
> > subcommand doesn't appear to like. It complains about the public key:
> >
> > [paula@bluesky C_pdp]$ /usr/local/ssl/bin/openssl x509 -
been out for nearly two
months has a bug on Solaris 8, but I'm not sure how else to interpret
this.
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
Math & Computing Technology \ [EMAIL PROTECTED]
POB 3707 M/S 7L-
ot likely the problem, unless there's a configuration
error. You can verify this by watching a connection attempt with
ssldump. If you see Apache requesting a client cert, but the client
doesn't send one, the problem is likely with the client.
Good luck!
Paul Allen
--
Boeing Phantom Wor
can be built under the 1.3 JDK and the
resulting class files work fine with classes compiled under 1.4.
The OpenSSL stuff on the server side is modelled closely after Eric's
sample code and gave no problems at all.
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 86
Eric Rescorla wrote:
>
> "Paul L. Allen" <[EMAIL PROTECTED]> writes:
> > Eric Rescorla wrote:
> > Hmmm... When I watch a demo client and server with client
> > authentication,
> > I see the client's cert going over the wire. I wonder why I d
Eric Rescorla wrote:
>
> "Paul L. Allen" <[EMAIL PROTECTED]> writes:
> > Eric Rescorla wrote:
> > > > I've watched my Java client connecting to my OpenSSL server using
> > > > ssldump. I can see the server's cert going over to the
Eric Rescorla wrote:
>
> "Paul L. Allen" <[EMAIL PROTECTED]> writes:
> > JSSE stores keys and certificates in its own private format managed
> > by a thing called "keytool". In the JSSE documentation, no mention
> > is ever made of a CA. Ke
e
taken more energy than we wanted to devote to that component of the
project.
I'll be following OpenCA over time. The notion of a free CA is fairly
attractive, and if it was also well-documented, standards-compliant, and
stable, it would be compelling.
Paul Allen
--
Boeing Phantom Works
_
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
he
typical Linux system will have that stuff under /usr. The usual
location when you build from source is under /usr/local.
Note that the argument to the --with-ssl-dir= switch is the OpenSSL
install directory, not the subdirectory that has the libraries. In
your case, it's pro
28 matches
Mail list logo
