Re: problems connecting to peer
Dustin Swint wrote: Aug 21 16:57:05 pearl stunnel[9253]: SSL_connect: error:24064064: random number generator:SSLEAY_RAND_BYTES:PRNG not seeded Read: http://www.stunnel.org/faq/troubleshooting.html#ToC18 Best regards, Mike __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: read X509 certificate from DER format file using d2i_X509
Ok,
I modified that,and added the OpenSSL_add_all_algorithms(), but to no avail.
Any other hints ?
Thanks kind regards,
dirk L.
int
validate_ssl (int ok, char *ip, char *protocol, char *subject,char *issuer, unsigned
char *cert, int length, int depth,char **message)
{
char *cp;
char *Fname = validate_ssl;
int i;
int len;
char *mp;
int rc;
char *status;
X509 *pem_cert;
char* name;
char* errmsg = NULL;
int ldap_err;
int version;
char* dirname;
unsigned char *p;
OpenSSL_add_all_algorithms();
rc = ok SSLok;
/*pem_cert = X509_new();*/
if (!cert)
fprintf(stderr, validate_ssl: DER certificate not available\n);
/*the ASN1-parsing functions increment the pointer, so to avoid problems use a
temporary pointer */
/*http://www.openssl.org/support/faq.html#PROG3
*/
p = cert;
pem_cert = d2i_X509(NULL, p, length);
version = X509_get_version(pem_cert);
fprintf(stderr, version %d\n,version);
22/08/2001 1:36:15, Dr S N Henson [EMAIL PROTECTED] wrote:
dirk laurijssen wrote:
Hi,
Altough mentioned in the faq http://www.openssl.org/support/faq.html#PROG3 , I
can't seem to get the DER-certificate loaded appropriately into the X509-
struct.
[stuff deleted]
int
validate_ssl (int ok, char *ip, char *protocol, char *subject,
char *issuer, unsigned char *cert, int length, int depth,
char **message)
{
X509 *new_cert = d2i_X509(NULL, cert, sizeof(cert));
version = X509_get_version(new_cert);
}
sizeof(cert) since cert is of type (char *) will just give you the
size of a pointer (typically 4) what you want is the size of the buffer
pointed to by cert which might be 'length' from the prototype...
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
*
Dirk Laurijssen
Syntegra, creating winners in the digital economy.
+32 2 247 92 20 - Check us out at www.syntegra.be
*
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: no shared ciphers
On Tue, Aug 21, 2001 at 03:04:59PM -0600, Nathan Bell wrote: I have a very unfortunate bug. Whenever I try to have a client connect to my server, the handshake fails because of SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER) being called. My session has no ciphers in it (???) but my context has ten. Why doesn't the call to ssl3_choose_cipher (s3_srvr.c line 766) use the context's cipher list if it can? It is already using the context's cipher_id list. I don't get your point. The list of ciphers available/configured is transformed into the the cipher ids to compare them with the cipher ids sent by the client. If no shared cipher is found, you have a problem with some preconditions missing. (Preconditions listed in man SSL_CTX_set_cipher_list, which is available in an updated version at www.openssl.org.) Also consider checking out SSL_CTX_check_private_key() (described in man SSL_CTX_use_certificate. I use my own socket and file i/o, could that be the problem? No. ... SSL_accept(ssl_session); // this always returns -1, erroring out at s3_srvr.c line 766 Doesn't look bad at a first glance. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Antigen found W32/Navidad.e@M (McAfee4) virus
Antigen for Exchange found Emanuel.exe infected with W32/Navidad.e@M (McAfee4) virus. The file is currently Removed. The message, Rejected Message, was sent from [EMAIL PROTECTED] and was discovered in SMTP Messages\Inbound located at Corrent Organization/First Administrative Group/CORMAIL01. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Computer Virus
Achtung, die von Ihnen versandte Mail enthaelt entweder einen Computer Virus oder mindestens eine beigefuegte Datei des Typs BAT, CHM, CMD, COM, CPL, EXE, HLP, INF, INS, ISP, JAR, JS, JSE, LNK, MDB, MDE, MSC, MSI, MSP, MST, OCX, PIF, PL, REG, SCR, SCT, SHB, SHS, VB, VBE, VBS, WSC, WSF, WSH und wurde daher nicht an den Empfaenger weitergeleitet. Wenn Sie Dateien der genannten Typen senden wollen, koennen Sie diese innerhalb einer ZIP oder TAR Datei, welche Sie Ihrer Mail beifuegen, uebertragen. Attention, your mail contains either a computer virus or one of the following attachment types: BAT, CHM, CMD, COM, CPL, EXE, HLP, INF, INS, ISP, JAR, JS, JSE, LNK, MDB, MDE, MSC, MSI, MSP, MST, OCX, PIF, PL, REG, SCR, SCT, SHB, SHS, VB, VBE, VBS, WSC, WSF, WSH. These types are not delivered to the final recipients. If you want to send one of these types, please encode them as ZIP or TAR files. [EMAIL PROTECTED] - Unsent message follows - Received: from ossp1.ossp.org(62.208.181.50) by mozart.adv.magwien.gv.at via smap (V2.0) id xma023104; Wed, 22 Aug 01 12:19:04 +0200 Received: by mail.ossp.org (Sendmail 8.11.0+/smtpfeed 1.12) for openssl-users-L2 id f7MAHKV51254; Wed, 22 Aug 2001 12:17:20 +0200 (CEST) Received: by mail.ossp.org (Sendmail 8.11.0+) via ESMTP for [EMAIL PROTECTED] from opensource.ee.ethz.ch id f7MAHJm51251; Wed, 22 Aug 2001 12:17:19 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2/smtpfeed 1.06) for openssl-users-L id MAA06029; Wed, 22 Aug 2001 12:16:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for [EMAIL PROTECTED] from smarthost1.mail.easynet.fr id MAA06022; Wed, 22 Aug 2001 12:16:15 +0200 (MET DST) Received: from mailhub3.mail.easynet.fr (slb-1-sippriv.mail.easynet.fr [10.0.1.57]) by smarthost1.mail.easynet.fr (Postfix) with ESMTP id DDC4DBA9D for [EMAIL PROTECTED]; Wed, 22 Aug 2001 12:16:14 +0200 (CEST) Received: (qmail 8251 invoked by uid 0); 22 Aug 2001 10:16:19 - Received: (qmail 60288 invoked from network); 20 Aug 2001 16:04:29 - Received: from unknown (HELO mx1.mail.easynet.fr) ([10.0.1.58]) (envelope-sender [EMAIL PROTECTED]) by mailhub1.mail.easynet.fr (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 20 Aug 2001 16:04:29 - Received: from ossp.org (ossp1.ossp.org [62.208.181.50]) by mx1.mail.easynet.fr (Postfix) with ESMTP id 7D4B6B6B8 for [EMAIL PROTECTED]; Mon, 20 Aug 2001 18:04:29 +0200 (CEST) Received: by mail.ossp.org (Sendmail 8.11.0+/smtpfeed 1.12) for openssl-users-L2 id f7KFva913563; Mon, 20 Aug 2001 17:57:36 +0200 (CEST) Received: by mail.ossp.org (Sendmail 8.11.0+) via ESMTP for [EMAIL PROTECTED] from opensource.ee.ethz.ch id f7KFvYm13559; Mon, 20 Aug 2001 17:57:34 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2/smtpfeed 1.06) for openssl-users-L id RAA19343; Mon, 20 Aug 2001 17:56:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for [EMAIL PROTECTED] from mailscreen2.btitele.com id RAA19317; Mon, 20 Aug 2001 17:55:51 +0200 (MET DST) Date: Mon, 20 Aug 2001 17:55:51 +0200 (MET DST) From: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Received: for [EMAIL PROTECTED]; smtpmailfrom [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Rejected Message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=_=_NextPart_1 Sender: [EMAIL PROTECTED] Precedence: bulk Reply-To: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] X-List-Manager: OpenSSL Majordomo [version 1.94.4] X-List-Name: openssl-users X-Header-From: [EMAIL PROTECTED] X-Header-From: [EMAIL PROTECTED] - Message body suppressed - __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Rejected: Rejected Message
Your message was rejected because it has an apparently executable attachment Emanuel.exe. Please read http://www.scms.waikato.ac.nz/help/mail/policy.html __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
WARNING. You sent a potential virus or unauthorised code
The MessageLabs Virus Control Centre discovered a possible virus or unauthorised code (such as a joke program or trojan) in an email sent by you. Please read this whole email carefully. It explains what has happened to your email, which suspected virus has been caught, and what to do if you need help. Some details about the infected message To help identify the email: The message sender was [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] (if this is not your email address, the message sender possibly belongs to a mailing list to which you both subscribe.) The message was titled 'Rejected Message' The message date was Mon, 20 Aug 2001 17:55:51 +0200 (MET DST) The message identifier was [EMAIL PROTECTED] The message recipients were [EMAIL PROTECTED] To help identify the virus: Scanner 1 (F-Secure) reported the following: F-Secure Anti-Virus for i386-linux Release 4.08 build 2260 sign.def version 2001-08-21 fsmacro.def version 2001-08-20 sign2.def version 2001-08-21 632828_3MA-X-MSDOWNLOAD_Emanuel.exe infection: W95/Navidad.16896 2 files scanned 1 infections found The message was diverted into the virus holding pen on mail server server-16.tower-4.starlabs.net (id 632828_998475214) and will be held for 30 days before being destroyed. What should you do now? If you sent the email from a corporate network, you should first contact your local Helpdesk or System Administrator for advice. They will be able to help you disinfect your workstation. If you sent the email from a personal or home account, you will need to disinfect your computer yourself. To do this you will need an anti-virus program. We suggest using one of the leading industry anti-virus packages such as McAfee, F-Secure or Cybersoft, which cost £15-£30 per copy. Getting more help If you believe this message to be a false alarm or you require further assistance, you can email Star Internet Support at:- [EMAIL PROTECTED] or contact Star Helpdesk by telephone on:- +44 (0) 1285 884433 Please quote the following Virus Pen ID when contacting Support. mail server server-16.tower-4.starlabs.net (id 632828_998475214) If replying by email, please forward this entire email. _ This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. For further information visit http://www.messagelabs.com/stats.asp __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Antigen found W32/Navidad-B (Sophos) virus
Antigen for Exchange found Emanuel.exe infected with W32/Navidad-B (Sophos) virus. The file is currently Removed. The message, Rejected Message, was sent from [EMAIL PROTECTED] and was discovered in Wilt, Paul\Inbox located at BellHowell/UMI Ann Arbor/AAMAIL01. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Antigen found Win32 (Norman,Sophos) virus
Antigen for Exchange found Emanuel.exe infected with Win32 (Norman,Sophos) virus. The file is currently Removed. The message, Rejected Message, was sent from [EMAIL PROTECTED] and was discovered in IMC Queues\Inbound located at NDS/NDS-JER/NDSILBRIDGE. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Delivery error re: Rejected Message
This message was rejected by the mail hub at The University of Birmingham (bham.ac.uk) because it has an apparently executable attachment Emanuel.exe. The email rejected was not delivered to the following recipients: [EMAIL PROTECTED] Executable attachments are not being accepted at The University if Birmingham because they have been used by recent viruses such as that described in http://www.fsecure.com/v-descs/love.htm and http://vil.nai.com/vil/dispVirus.asp?virus_k=98797 Regrettably, it is possible that some legitimate communications could be refused by this measure and we apologise for any inconvenience caused. If this was a legitimate communication concerning University business please contact [EMAIL PROTECTED] for advice with a full explanation about the nature of the communication. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Wasn't someone joking about the virus being posted by an autoresponder
At least I thought it was a joke. Steven __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: read X509 certificate from DER format file using d2i_X509
dirk laurijssen wrote: Ok, I modified that,and added the OpenSSL_add_all_algorithms(), but to no avail. Any other hints ? Thanks kind regards, dirk L. What value do you get from X509_get_version? It returns the value of the version field which is one less than the certificate version. BTW OpenSSL_add_all_algorithms() isn't needed to check the version field and it certainly shouldn't be called repeatedly in a funtion: just once at startup. However I notice: pem_cert = d2i_X509(NULL, p, length); Is the data in PEM format (text with BEGIN and END lines?) if so you can't use d2i_X509, you need a memory BIO instead. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[Virus - Rejected]: Rejected Message
Your message has not been delivered to its addressees because antivirus software (VirusScan http://www.nai.com) detected that it contained a computer virus or some other code (see below) that could cause damage to the computer network of Mote Marine Laboratory. Please check the attachments you send and ensure that they contain no viruses. If you are sure that your messages are virus free yet keep receiving this notification please contact the Information Systems Division staff who can be reached via e-mail at [EMAIL PROTECTED] or 941-388-4441. We are sorry for any inconvenience but hope that you will appreciate that the reason this action is being taken is to ensure reliable and secure operation of MML e-mail system. Thanks MML IS Division. --- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Mon, 20 Aug 2001 17:55:51 +0200 (MET DST) Subject: [Virus - Rejected]: Rejected Message REASON: VIRUS MAGIC: Emanuel.exe Found the W32/Navidad.e@M virus !!! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Wasn't someone joking about the virus being posted by an autoresponder
Hi, Steven Reddie [SMTP:[EMAIL PROTECTED]] wrote: Subject: Wasn't someone joking about the virus being posted by an autoresponder At least I thought it was a joke. No Joke. The virus scanner run by btitele.com bounces the virus back on the list again and again. Sadly it doesn't tell us who the subscriber from that site is... Thomas __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: REPOST: Read from uninitialized memory
On Tue, Aug 21, 2001 at 01:27:27PM -0700, Patrick Li wrote:
I used purify as I figured out it may give me some directions on why my SSL
client program is failing randomly. As purify reported 3 places there are
reading from memory leaks.
1. SHA1_Update: I ignored this one as it is generating random bytes.
Check out openssl/crypto/md_rand.c. You will find that there is some
#ifdef PURIFY section to make PURIFY shut up. Seems this is no issue.
2. asn1_Finish: called indirectly from ssl_verify_cert_chain()
Hmm...
3. BN_from_montgomery: This one is called by RSA_public_decrypt and
RSA_public_encrypt. I was using openssl 0.9.6 release and I found out that
in subsequent releases, the following bug is fixed
*) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
obtain lock CRYPTO_LOCK_RSA before setting rsa-_method_mod_{n,p,q}.
(RSA objects have a reference count access to which is protected
by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
so they are meant to be shared between threads.)
[Bodo Moeller, Geoff Thorpe; original patch submitted by
Reddie, Steven [EMAIL PROTECTED]]
I recompiled my client again under 0.9.6.b and I don't see my SSL client
crashed when PURIFY reported BN_from_montgomery reading from unitialized
memory. I have test program for my SSL client and it is spawning 10 threads
and from each thread, it is doing send/connect to the SSL server. That's
explains why my SSL client is failing at random. At least, I hope that is
the cause of my problem.
BUT my SSL client program still fails randomly with purify reporting
asn1_Finish is reading uninitialized memory.
I checked the changes list of openssl and found the followings
+) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
ASN1_ITEM and no wrapper functions.
[Steve Henson]
This fix is going to be released in opessl 0.9.7. I am wondering if this is
the bug that I am hitting.
Steve rewrote large parts of the ASN.1 code. It may help you or not.
I don't think waiting for it is the way to go.
There are some portions with #ifdef PURIFY around it, so I would think
that PURIFY gives you hints, but they may be false.
I never dealt with threading, so I don't think I can help you with special
problems caused by threading.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
OpenSSL + Engines + Neutrino
Has anyone used OpenSSL under Neutrino with a hardware accelerator? I would appreciate any configuration details you can share. Thanks, James Dabbs [EMAIL PROTECTED] TGA Technologies, Inc. Suite 140, 100 Pinnacle Way Norcross, GA 30071 770-441-2100 ext 126 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Failed to clean virus file QUA1C129466D2ADE20.txt
The file you have sent was infected with a virus but InterScan E-Mail VirusWall could not clean it. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
InterScan NT Alert
Sender, InterScan has detected virus(es) in your e-mail attachment. Date: Wed, 22 Aug 2001 06:19:14 -0400 Method: Mail From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] File: QUA1C129466D2ADE20.txt Action: clean failed - deleted Virus: TROJ_NAVIDAD.E __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
InterScan NT Alert
Mittente, il sistema antivirus ha individuato un virus nel file allegato. Date: Wed, 22 Aug 2001 12:05:23 +0200 (W. Europe Daylight Time) Method: Mail From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] File: QUA1C129466D2ADE20.txt Action: clean failed - deleted Virus: TROJ_NAVIDAD.E __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: REPOST: Read from uninitialized memory
--- Patrick Li [EMAIL PROTECTED] escreveu: Hi Lutz, Thanks for replying my question. I used purify as I figured out it may give me some directions on why my SSL client program is failing randomly. As purify reported 3 places there are reading from memory leaks. ... Well, I don't have Purify, but NuMega BoundsChecker (that is a similar product for M$-Windows). NuMega reports Read uninitialized memory for this simple code: int i, x; char buf [256]; for (i = 0; i 256; ++i) buf[i] = i; for (i = 0; i 256; ++i) x = buf [i]; // --- NuMega reports uninitialized memory when i = 191 (0xBF) NuMega instruments the code, fills all buffers with the byte 0xBF, and checks if you read 0xBF back. When you read 0xBF the warning is given. I think that Purify uses a similar method for detecting uninitialized memory. The OpenSSL buffer has binary data, maybe Purify had found the uninitialized memory magic value. ___ Yahoo! GeoCities Tenha seu lugar na Web. Construa hoje mesmo sua home page no Yahoo! GeoCities. É fácil e grátis! http://br.geocities.yahoo.com/
Report to Recipient(s)
** This is a message from the Scottish Qualifications Authority. We in the Scottish Qualifications Authority hope that our e-mail always goes to the person to whom it is addressed - but if you have received this e-mail by mistake, please let us know right away by replying to the sender or to [EMAIL PROTECTED] Also, if the message is not for you, please respect the privacy of this e-mail by not disclosing its contents, copying or forwarding it, or any attachments, to anyone else. Thanks for your help with this. Scottish Qualifications Authority Hanover House, 24 Douglas Street,GLASGOW G2 7NQ and Ironmills Road, DALKEITH EH22 1LE www.sqa.org.uk ** Incident Information:- Originator:[EMAIL PROTECTED] Recipients:[EMAIL PROTECTED], CN=Tony Douglas/O=sqa Subject: Rejected Message WARNING: The file Emanuel.exe you received was infected with the W32/Navidad.e@M virus. The file attachment was not successfully cleaned. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL on itanium [going offtopic]
On Tue, 21 Aug 2001, chirs charter wrote: Nice observations. The alpha is gone now? When did DEC discontinue it? DEC was discontinued. Its corpse was dismembered and sold to various companies, and Compaq got most of the silicon designs (including the aXp and the DS21x4x Tulip Ethernet chip) after the manufacturing facilities were sold to Intel.* Now Compaq has sold the processor design itself to Intel, prompting fears that it will die as soon as existing contracts expire. Maybe at least Intel will finally learn something about computer organization by studying it. -- * Cabletron got most of the networking gear, Quantum acquired the disk and tape drives, and Oracle got RDB. Compaq also got the VAX and Alpha gear and the StorageWorks unit. Some outfit I'd never heard of got the terminals and printers unit and was still making VT5xx last I heard. Anybody know whatever happened to the Dragon graphics chip? -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Make a good day. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Wasn't someone joking about the virus being posted by an autoresponder
I still think this would all stop if the openssl mail server rejected (and deleted) the virus before sending the message to everyone on the list. Thomas Bätzler wrote: Hi, Steven Reddie [SMTP:[EMAIL PROTECTED]] wrote: Subject: Wasn't someone joking about the virus being posted by an autoresponder At least I thought it was a joke. No Joke. The virus scanner run by btitele.com bounces the virus back on the list again and again. Sadly it doesn't tell us who the subscriber from that site is... Thomas __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Nathan Bell Companion Corporation Evelyn Manufacturing 801-943-7277 Etc... )); __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: SSL_CTX 's app_verify_callback .... what for is this..??
Hi, What do u suggest on this, Openssl is not compatible with C++ code..?? Any work arounds for this..?? Thanks Aslam -Original Message- From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 2:49 PM To: [EMAIL PROTECTED] Subject: Re: SSL_CTX 's app_verify_callback what for is this..?? On Tue, Aug 21, 2001 at 02:39:19PM -0400, Aslam wrote: But from ssl.h, it seems that app_verify_callback prototype should be like int (*app_verify_callback)(); Then how to pass SSL_CTX to app_verify_callback Please grep for app_verify_callback in openssl/ssl/*.[ch] and see what I mean. Please note, that func() in C means: no prototype, arguments are not checked. (In C++, func() means no arguments - in C func(void).) Best regards, Lutz PS. I wrote X509_STORE_CTX, not SSL_CTX, even though that does not matter with respect to the discussion above. -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
No Subject
Hi, I have done a bit of research into this topic and some of my findings directly oppose what was said about the itanium not matching the P3 Mhz to Mhz. I have found out that the 0.9.6 distributions of OSSL do not include Itanium assembly implementations for much (maybe any Itanium assembly at all, I didn't look) of the CPU intensive operations, including RSA/ModExp. So OSSL uses the C routines which are, to say the least, not optimum. It's also worth remebering that the Itanium uses EPIC(explicitly parallel instruction computing) and that in order to see the performance it's capable of it must be programmed appropriately. It has been suggested that if there were optimised assmebly routines for the Itanium it would certainly beat the P3 Mhz/Mhz. Anyone care to comment on this? Thanks, Diarmuid -Original Message- From: Steven Reddie [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:45 AM To: [EMAIL PROTECTED] Subject: RE: OpenSSL on itanium You know that DEC's been discontinued (bought by Compaq)? I read that Compaq is selling (sold?) the Alpha to Intel right now. um = micrometer (millionth of a meter) which is the track width of the microprocessor. I thought 0.15um was state of the art, but it seems that it's now 0.13um. 0.35um is older technology. Regards, Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of chirs charter Sent: Wednesday, 22 August 2001 9:44 AM To: [EMAIL PROTECTED] Subject: Re: OpenSSL on itanium Nice observations. The alpha is gone now? When did DEC discontinue it? Lastly in the measurement what does "um" stand for? Thanks --- Bryan-TheBS-Smith [EMAIL PROTECTED] wrote: Diarmuid Oneill wrote: When I download and build OpenSSL (which works fine!) and run the openssl speed rsa1024 tests, I get around 68 rsa signings/sec. When I run this on a 4 CPU (700Mhz) P3 machine I get around 103 private rsa signings/sec. I understand that the test is running on 1 cpu only but that's the case for both machines. It looks like most of the functions are integer. Itanium is slower, MHz for MHz, than just about any x86 Pro+ processor at integer (even using optimized code). Only at floating point does Itanium do about 2x a P3, MHz for MHz (and the P4 is slower than the P3, MHz for MHz, unless you use "lossy"/interpolated SSE instructions). -- TheBS P.S. It's sad to see a 3-year old design at 0.35um, the Alpha 264 667MHz/4MB, can toast the 0.13um Itanium 733MHz/4MB at floating point. Too bad Alpha is gone now. Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Wasn't someone joking about the virus being posted by an autoresponder
On Wed, 22 Aug 2001 08:05:24 -0600, Nathan Bell [EMAIL PROTECTED] wrote: I still think this would all stop if the openssl mail server rejected (and deleted) the virus before sending the message to everyone on the list. Just out of curiosity, why are attachments allowed on the list in the first place? Is there any legitimate reason for it? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL_CTX 's app_verify_callback .... what for is this..??
On Wed, Aug 22, 2001 at 10:09:12AM -0400, Aslam wrote:
What do u suggest on this, Openssl is not compatible with C++ code..?? Any
work arounds for this..??
I don't see a problem. The header files have the necessary
#ifdef __cplusplus
extern C {
#endif
wrapping. So what you are going to supply is a callback
int app_verify_callback(X509_STORE_CTX *ctx)
{
...
}
WARNING: Steve Henson put quite some effort into writing/extending OpenSSL's
internal verification mechanisms. I would strongly recommend to stay with
these routines unless you have a very special reason.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Failed to clean virus file QUA1C129466D2ADE20.txt
Hello postmaster, + stop your silly antivirus program + Wednesday, August 22, 2001, 12:35:41 PM, you wrote: pni The file you have sent was infected with a virus but InterScan E-Mail VirusWall pni could not clean it. pni __ pni OpenSSL Project http://www.openssl.org pni User Support Mailing List[EMAIL PROTECTED] pni Automated List Manager [EMAIL PROTECTED] -- Boris [MCSE, CNA] ... X-ITEC : Consulting * Programming * Net-Security * Crypto-Research : [PRIVATE ADDRESS:] : Boris Köster eMail [EMAIL PROTECTED] http://www.x-itec.de : Grüne 33-57368 Lennestadt Germany Tel: +49 (0)2721 989400 : 101 PERFECTION - SECURITY - STABILITY - FUNCTIONALITY :.. Everything I am writing is (c) by Boris Köster and may not be rewritten or distributed in any way without my permission. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Crypt::SSLeay
Hello I want to install Crypt::SSLeay on AIX box for HTTPS support.I wanted to know which is a better option SSLeay or OPENSSL for AIX operating system?Are there any specific steps i need to follow for this installation? I am really thankful for to you attend to this query. Thanks Regards satish _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: private key
Thanks. I looked at the asn1parse output and found that d2i_RSAPrivateKey() expected an INTEGER for the version number in the ASN1.DER file but it read something else so it exited. --- Dr S N Henson [EMAIL PROTECTED] wrote: Fiel Cabral wrote: I'm writing a program that uses openssl to read the private key from a ASN1.DER encoded file. The openssl API outputs the following: 17752:error:0D080071::lib(13) :func(128) :reason(113):a_int.c:191: 17752:error:0D09D082::lib(13) :func(157) :reason(130):d2i_r_pr.c:124: I'm using the load_key() function from openssl/apps/x509.c but I got this error. I'm sure that my file is valid. Can anyone give me some hints? Depends on the format of the private key. You might need to use a different function or be unable to use it at all if its an undocumented proprietary format (Oracle webserver is one example that). See what: openssl asn1parse -inform DER -in key.der produces. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
W2k wiazrd
Bingo! The string: bash-2.04# OpenSSL ca -out request.pem -notext -infiles certreq.txt where -out =the cert to be generated, and -infiles =the pending request, the -notext option supresses the plaintext form of the certificate to the output file. IIS 5 seems to like this. output looks like: -BEGIN CERTIFICATE- MIIECDCCA3GgAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx EjAQBgNVBAgTCU1pbm5lc290YTEQMA4GA1UEBxMHQmF5cG9ydDEdMBsGA1UEChMU QW5kZXJzZW4gQ29ycG9yYXRpb24xJDAiBgNVBAsTG0luZm9ybWF0aW9uIFJpc2sg TWFuYWdlbWVudDEgMB4GA1UEAxMXZGFlbW9uLmFuZGVyc2VuY29ycC5jb20xLzAt BgkqhkiG9w0BCQEWIGVyaWMubmV2YWxhaW5lbkBhbmRlcnNlbmNvcnAuY29tMB4X DTAxMDgyMjE1NDI0MVoXDTAyMDgyMjE1NDI0MVowgYIxCzAJBgNVBAYTAlVTMRIw EAYDVQQIEwlNaW5uZXNvdGExHTAbBgNVBAoTFEFuZGVyc2VuIENvcnBvcmF0aW9u MSwwKgYDVQQLEyNBbmRlcnNlbiBDb3Jwb3JhdGlvbiBJVFMgRGVwYXJ0bWVudDES MBAGA1UEAxMJYnB3ZWJkZXYzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq /cnKscpUJUOFKbYkzTtj+sb8EpRViqhKPsENV8WL3c2v9FGe4QI0/G956EYMSLe9 XQwlImLb3iR+Ag5eyg/bXD4UA7ENXE94Uudlu7b+aYkOprnYCISkUHez0qM86MVP cjb2txt4W+9wcXWjsonRbUm6uBg08JvAKs3Yd0qHbwIDAQABo4IBQTCCAT0wCQYD VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm aWNhdGUwHQYDVR0OBBYEFBmAhoIdiu9OFnABdQWmtTm/MgyKMIHiBgNVHSMEgdow gdehgdGkgc4wgcsxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlNaW5uZXNvdGExEDAO BgNVBAcTB0JheXBvcnQxHTAbBgNVBAoTFEFuZGVyc2VuIENvcnBvcmF0aW9uMSQw IgYDVQQLExtJbmZvcm1hdGlvbiBSaXNrIE1hbmFnZW1lbnQxIDAeBgNVBAMTF2Rh ZW1vbi5hbmRlcnNlbmNvcnAuY29tMS8wLQYJKoZIhvcNAQkBFiBlcmljLm5ldmFs YWluZW5AYW5kZXJzZW5jb3JwLmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQAoMkwE 8zNv4R4C7+JDtY50Iq/xlkm1BpfM6/SpRIWg6zXmB+fbOxwW5oyD4BJ944Poki7I qki2c7OSrMn0ZT/qpoEsYkXrC81klKY3730rcOnl0wZqsAYA43/8E90Fdn8o2L7n +jLGEJmyilSCdSdP1V3H9j5w/oPdojVEli0DZg== -END CERTIFICATE- The only problem I have left, is getting the cert to work properly. IE won't load the page, something about unable to verify signing authority. I suspect I need to hang the signing CERT out on a web page for verification. I'm not sure though *** Eric Nevalainen CISSP phone: 651-264-7164 Information Risk Management fax: 651-264-5614 Andersen Corporation Cel: 651-470-4307 100 Fourth Avenue North Pager: 651-470-4307 Bayport MN 55003 [EMAIL PROTECTED] *** -Original Message- From: Robert Krenn [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 9:21 AM To: Nevalainen, Eric Subject: Re: curious On Wed, 22 Aug 2001, Nevalainen, Eric wrote: Robert, I was wondering if you had received an answer to your question on the openssl list the other day. I find myself in much the same situation. HI, no I have not received any answer to it yet. I've been too busy to test the various ideas I have on the issue. One idea could be that openssl creates the certificates in .pem format and MS IIS need to get the certificate in some other format. I belive I saw something about this on the openssl-list yesterday. I keep your mail and send you a note if I get it working. Regards //Robert --- Frontyard Communications AB Tel: +46 8 56844100 http://www.frontyard.com ISDN: +46 8 4488012 Fax: +46 8 56844101 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: How I can use Cryptoswitf device with openssl engine 0.9.6 ?
Are you at OpenSSL engine 0.9.6 or 0.9.6b? There were some fixes to the engine code between 0.9.6 and 0.9.6b which will be relevant to you if you are on FreeBSD, AIX, or HP UX (particularly HP UX, but FreeBSD and AIX do require some extra options to be passed to config, at version 0.9.6, for the engine DSO code to work properly). I have some instructions which I can email you, but, due to the fixes I mentioned, I have slightly different versions of the instructions depending on whether you are using 0.9.6 or 0.9.6a/0.9.6b (the fixes got applied in 0.9.6a, so there is no change in what you need to do between 0.9.6a and 0.9.6b). You can also email our Technical Support in France ([EMAIL PROTECTED]) for assistance from someone in your own time zone in getting your CryptoSwift device working with OpenSSL. Lynn Gazis Rainbow Technologies -Original Message-From: Patrick FRAIZ [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 22, 2001 3:10 AMTo: [EMAIL PROTECTED]Subject: How I can use Cryptoswitf device with openssl engine 0.9.6 ? Thanks, Patrick FRAIZPhone 33 (0)1 55 63 42 28Fax 33 (0)1 55 63 54 01ADP-GSI 148, rue Anatole France92688 Levallois-Perret Cedex - France
Re: Openssl on Itanium
Sorry should have had subjectRe OpenSSL on itanium Hi, I have done a bit of research into this topic and some of my findings directly oppose what was said about the itanium not matching the P3 Mhz to Mhz. I have found out that the 0.9.6 distributions of OSSL do not include Itanium assembly implementations for much (maybe any Itanium assembly at all, I didn't look) of the CPU intensive operations, including RSA/ModExp. So OSSL uses the C routines which are, to say the least, not optimum. It's also worth remebering that the Itanium uses EPIC(explicitly parallel instruction computing) and that in order to see the performance it's capable of it must be programmed appropriately. It has been suggested that if there were optimised assmebly routines for the Itanium it would certainly beat the P3 Mhz/Mhz. Anyone care to comment on this? Thanks, Diarmuid Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Openssl on Itanium
Diarmuid Oneill wrote: I have found out that the 0.9.6 distributions of OSSL do not include Itanium assembly implementations for much (maybe any Itanium assembly at all, I didn't look) of the CPU intensive operations, including RSA/ModExp. So OSSL uses the C routines which are, to say the least, not optimum. It's also worth remebering that the Itanium uses EPIC(explicitly parallel instruction computing) and that in order to see the performance it's capable of it must be programmed appropriately. It has been suggested that if there were optimised assmebly routines for the Itanium it would certainly beat the P3 Mhz/Mhz. Anyone care to comment on this? If you use GCC, the IA-64 target *IS* an optimizing compiler that can re-order instruction for EPIC. Or weren't you aware of the whole concept of EPIC, compiler-based optimization? -- TheBS -- Bryan TheBS Smith mailto:[EMAIL PROTECTED]chat:thebs413 Engineer AbsoluteValue Systems, Inc. http://www.linux-wlan.org PresidentSmithConcepts, Inc.http://www.SmithConcepts.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
