Re: About OpenSSL 0.9.7 release

2002-04-05 Thread Lutz Jaenicke 

On Fri, Apr 05, 2002 at 12:27:34PM +0200, Francesco Dal Bello wrote:
 I'm planning my activity, and so I like to know (if possible) what is the 
approximately time for 0.9.7 release.

Nobody will give you a timeframe. (This is not meant as an offense. We are more
or less waiting for one or two bugs to be fixed, especially the BIGNUM
problem on 64bit platforms.)

 I have tried to build my company utility with openssl-0.9.7-stable-SNAP-20020226 
and 
 I have obtained a mistake (a function doesn't exist anymore). This mistake doesn't 
exist using 0.9.6c release.

 The 0.9.7 will be quite compatible backwards? 

It is our intention to be as compatible as possible except for changes
required to fix bugs and extend functionality.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

To: Francesco Dal Bello Re: R: need help

2002-04-05 Thread Alberto Isais 
Thanks for replying again. Now, i have these error messages. Please help me again. Sorry for disturbing you again. 

C:\opensslnmake -f ms\nt.mak
Microsoft (R) Program Maintenance Utility Version 6.00.8168.0Copyright (C) Microsoft Corp 1988-1998. All rights reserved.
Building OpenSSL cl /Fotmp32\cryptlib.obj -Iinc32 -Itmp32 /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5 -c .\crypto\cryptlib.ccryptlib.ctmp32\e_os.h(294) : fatal error C1083: Cannot open include file: 'unistd.h': Nosuch file or directoryNMAKE : fatal error U1077: 'cl' : return code '0x2'
 Francesco Dal Bello [EMAIL PROTECTED] wrote: 
I have install activeperl with default setting.Try  nmake -f ms\nt.mak-Messaggio originale-Da: Alberto T Isais [mailto:[EMAIL PROTECTED]]Inviato: sabato 6 aprile 2002 0.59A: [EMAIL PROTECTED]Oggetto: need helpThank you Sir Francesco for helping me. i did that and now i have new errors. Can you still help me with this one? My system is windows 2000 OS SP1, Windows 2000 DDK, ActivePerl-5.6.1.631-MSWin32-x86, and MSVC++ 6. By the way, how did you install activepearl?C:\opensslnmake -f ms\ntdll.makMicrosoft (R) Program Maintenance Utility Version 6.00.8168.0Copyright (C) Microsoft Corp 1988-1998. All rights reserved.Building OpenSSLcopy nul+ .\crypto\buildinf.h tmp32dll\buildinf.hnul.\crypto\buildinf.h1 file(s) copied.copy nul+ .\crypto\opensslconf.h inc32\opens!
 sl\opensslconf.hnul.\crypto\opensslconf.h1 file(s) copied.cl /Fotmp32dll\o_time.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN-DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll -DOPENSSL_NO_KRB5 -D_WINDLL -D_DLL -DOPENSSL_BUILD_SHLIBCRYPTO -c .\crypto\o_time.co_time.c.\crypto\o_time.c(79) : error C2220: warning treated as error - no object file generated.\crypto\o_time.c(79) : warning C4013: 'gmtime_r' undefined; assuming extern returning intNMAKE : fatal error U1077: 'cl' : return code '0x2'Stop.C:\openssl[EMAIL PROTECTED] wrote:I have build OpenSSL on my platform (very similar to your plat) with those steps and they had worked fine. Unpack openssl package (openssl-0.9.7-stable-SNAP-20020226 in my case) on HD (ex. C:\OpenSSL)You don't have to modify anything.Copy VCVARS32.BAT on this folder (for convenience).Instal

l ActivePerl (you have alredy do it).Go to cmd session. Go to C:\OpenSSL. VCVARS32 perl Configure VC-WIN32 ms\do_ms nmake -f ms\ntdll.makFrancescoDal Bello-Messaggio originale-Da: Alberto T Isais [mailto:[EMAIL PROTECTED]]Inviato: venerd?5 aprile 2002 0.47A: [EMAIL PROTECTED]Cc: [EMAIL PROTECTED]Oggetto: Re: R: need helpThank you very much for attending to my needs. However, i already did that - i ran VCVARS32.BAT before, still the same problem. My system is windows 2000 OS SP1, Windows 2000 DDK, ActivePerl-5.6.1.631-MSWin32-x86, and MSVC++ 6. I opened the hw_aep.c it has the line #include . I tried to search for that file and found only one! It is in the active pearl directory(C:\perl\site\lib\Tk\pTk\compat). I tried to include this directory in t!
 he c++ environment and i receive the error messages below. i still think that this is not the unistd.h needed. Please help me on this one. i also included the steps i did to compile it. please see below.Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-1999 Microsoft Corp.C:\cd C:\openssl-engine-0.9.6cC:\openssl-engine-0.9.6cperl Configure VC-WIN32Configuring for VC-WIN32IsWindows=1CC =clCFLAG =-DTHREADS -DDSO_WIN32EX_LIBS =BN_ASM =bn_asm.oDES_ENC =des_enc.o fcrypt_b.oBF_ENC =bf_enc.oCAST_ENC =c_enc.oRC4_ENC =rc4_enc.oRC5_ENC =rc5_enc.oMD5_OBJ_ASM =SHA1_OBJ_ASM =RMD160_OBJ_ASM=PROCESSOR =RANLIB =truePERL =perlTHIRTY_TWO_BIT modeBN_LLONG modeRC4_INDEX modeRC4_CHUNK is undefinedConfigured for VC-WIN32.C:\o!
 penssl-engine-0.9.6cms\do_masmGenerating x86 for MASM asse

mberBignumDES"crypt(3)"BlowfishCAST5RC4MD5SHA1RIPEMD160RC5\32C:\openssl-engine-0.9.6cperl util\mkfiles.pl 1MINFOC:\openssl-engine-0.9.6crem perl util\mk1mf.pl VC-MSDOS no-sock ms\msdos.makC:\openssl-engine-0.9.6crem perl util\mk1mf.pl VC-W31-32 ms\w31.makC:\openssl-engine-0.9.6cperl util\mk1mf.pl dll VC-W31-32 1ms\w31dll.makC:\openssl-engine-0.9.6cperl util\mk1mf.pl VC-WIN32 1ms\nt.makC:\openssl-engine-0.9.6cperl util\mk1mf.pl dll VC-WIN32 1ms\ntdll.makC:\openssl-engine-0.9.6cperl util\mkdef.pl 16 libeay 1ms\libeay16.defC:\openssl-engine-0.9.6cperl util\mkdef.pl 32 libeay 1ms\libeay32.defC:\openssl-engine-0.9.6cperl util\mkdef.pl 16 ssleay 1ms\ssleay16.defC:\openssl-en!
 gine-0.9.6cperl util\mkdef.pl 32 ssleay 1ms\ssleay32.defC:\openssl-engine-0.9.6cvcvars32.batSetting environment for using Microsoft Visual C++ tools.C:\openssl-engine-0.9.6cC:\openssl-engine-0.9.6cnmake -f ms\ntdll.makMicrosoft (R) Program Maintenance Utility Version 6.00.8168.0Copyright (C) Microsoft Corp 1988-1998. All rights

Re: About OpenSSL 0.9.7 release

2002-04-05 Thread Kenneth R. Robinette 

Date sent:  Fri, 5 Apr 2002 14:03:03 +0200
From:   Lutz Jaenicke [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: About OpenSSL 0.9.7 release
Organization:   BTU Cottbus, Allgemeine Elektrotechnik
Send reply to:  [EMAIL PROTECTED]

Just my two cents; lots of people are waiting for the 0.9.7 release, 
many for over a year.  If I remember correctly, the one or two bugs 
that still are pending have been pending for over a year.  How about 
rolling those fixes into a special release and let the many 
thousands of us that do not have to support 64 bit platforms be on 
our way.

Ken

On Fri, Apr 05, 2002 at 12:27:34PM +0200, Francesco Dal Bello wrote:
 I'm planning my activity, and so I like to know (if possible) what is the 
approximately time for 0.9.7 release.

Nobody will give you a timeframe. (This is not meant as an offense. 
We are more
or less waiting for one or two bugs to be fixed, especially the 
BIGNUM
problem on 64bit platforms.)

 I have tried to build my company utility with openssl-0.9.7-stable-SNAP-20020226 
and 
 I have obtained a mistake (a function doesn't exist anymore). This mistake doesn't 
exist using 0.9.6c release.

 The 0.9.7 will be quite compatible backwards? 

It is our intention to be as compatible as possible except for 
changes
required to fix bugs and extend functionality.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project 
http://www.openssl.org
User Support Mailing Listopenssl-
[EMAIL PROTECTED]
Automated List Manager   
[EMAIL PROTECTED]
_
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542, International 281-560-9170
[EMAIL PROTECTED]
http://www.securenetterm.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Is OpenSSL Production Ready?

2002-04-05 Thread Mark H. Wood 

On Thu, 4 Apr 2002, Michael Kobar wrote:
[snip]
 Perhaps OpenSSL.org should accept and post commercial product names
 and/or start a voluntary OpenSSL Inside type branding program (like
 the powered by Apache logo).

Watch out for that xxx Inside.  I hear that Intel is suing some
nonprofit for daring to call themselves Yoga Inside, on the (ludicrous
IMHO) grounds that that name harms their trademark.

-- 
Mark H. Wood, Lead System Programmer   [EMAIL PROTECTED]
MS Windows *is* user-friendly, but only for certain values of user.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Is OpenSSL Production Ready?

2002-04-05 Thread Mark H. Wood 

On Thu, 4 Apr 2002, Lutz Jaenicke wrote:
 To be precise: according to the OpenSSL license every program that uses
 the library and advertises its SSL capabilities also must advertise the
 use of OpenSSL.

Actually this is a problem -- it means you can't link OpenSSL libraries
with any GPLed code which you intend to distribute.  I'm facing the
necessity of having to use the not-quite-ready-for-prime-time GNUtls
package instead of OpenSSL for a project I'm contemplating, because it
builds on an application licensed under the GPL.  (And I have no idea how
hard it's going to be to get *both* compatibly installed on one box.)

IIRC the Ethereal folk have also run up against this problem.

I'm not asking for anything at this time; I just wanted to provide a
couple of data points.

-- 
Mark H. Wood, Lead System Programmer   [EMAIL PROTECTED]
MS Windows *is* user-friendly, but only for certain values of user.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: FTP with SSL

2002-04-05 Thread Richard Koenning 

At 01:55 05.04.2002 +0200, you wrote:
heh, i didn't mean to insult anyone of the great ppl who put a lot of effort 
into the ftp-tls specs. i'm currently working on a client-side implemenation 
myself. i spent lots of time to get the command  data encryption to work.
it 
was pretty hard for me because of the fact that it's not that common yet, i 
found few documents/sources which i could use, so I just wanted to state
that 
ftp-tls isn't really as widespread and easy-to-use as shttp or secure mail 
is. ftp-tls is a great thing, tho and i hope it will be established soon 
(same with ssl-irc, btw).

Have a look at the client and server implementations at
ftp://ftp.runestig.com/pub/
I found these very helpful for me.
Ciao,
Richard
-- 
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Exception

2002-04-05 Thread Zamangoer, Ferruh 

Hi all,

the following error occurs when I want make a search querie from Java ==
slapd.
I have copy my selfsigned root certificate to client side and use the
keytool to import the certificate into the keystore.

Java output: 
Root exception is javax.net.ssl.SSLException: untrusted server cert chain

slapd output:

TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data

#Error occurs here
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS: can't accept.
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10


What's going wrong 

Thanks in advance

regards 
Ferruh
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Is OpenSSL Production Ready?

2002-04-05 Thread Lutz Jaenicke 

On Fri, Apr 05, 2002 at 08:15:04AM -0500, Mark H. Wood wrote:
 On Thu, 4 Apr 2002, Lutz Jaenicke wrote:
  To be precise: according to the OpenSSL license every program that uses
  the library and advertises its SSL capabilities also must advertise the
  use of OpenSSL.
 
 Actually this is a problem -- it means you can't link OpenSSL libraries
 with any GPLed code which you intend to distribute.  I'm facing the
 necessity of having to use the not-quite-ready-for-prime-time GNUtls
 package instead of OpenSSL for a project I'm contemplating, because it
 builds on an application licensed under the GPL.  (And I have no idea how
 hard it's going to be to get *both* compatibly installed on one box.)
 
 IIRC the Ethereal folk have also run up against this problem.
 
 I'm not asking for anything at this time; I just wanted to provide a
 couple of data points.

Besides the OpenSSL license itself large parts of the code were written
by EAY and his license still applies without any option of the OpenSSL
team to influence it as long as EAY does not change his license.
The OpenSSL team members are aware of this problem but there is not much
we can do for the reason stated above.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Apache/OpenSSL Handshake timeout

2002-04-05 Thread Gary W 

I am getting a timeout error, from not
reading all the bytes from the client(?).
The client can talk to retrieve the jar file,
but when it sends an RMI, it balks.
I obviously have 8443 open for SSL, and my certs
must be OK. Is it a client problem?


Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6
Solaris 2.6

(this is the jar download - it works over port 8443)
[04/Apr/2002 09:01:00 29031] [info]  Connection to child 0 established
(server x:8443, client x)
[04/Apr/2002 09:01:01 29031] [info]  Seeding PRNG with 1160 bytes of
entropy
[04/Apr/2002 09:01:01 29031] [trace] OpenSSL: Handshake: start
[04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: before/accept
initialization
[04/Apr/2002 09:01:02 29031] [debug] OpenSSL: read 11/11 bytes from
BIO#0021FE88 [mem: 00234C20] (BIO dump follows)
+-+
| : 80 46 01 03 00 00 2d 00-00 00 10
.F-  |
+-+
[04/Apr/2002 09:01:02 29031] [debug] OpenSSL: read 61/61 bytes from
BIO#0021FE88 [mem: 00234C2B] (BIO dump follows)
+-+
...
+-+
[04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 read client
hello A
[04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 write server
hello A
[04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop: SSLv3 write
certificate A
[04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop: SSLv3 write server
done A
[04/Apr/2002 09:01:03 29031] [debug] OpenSSL: write 937/937 bytes to
BIO#0021FE88 [mem: 00242048] (BIO dump follows)
+-+
...

[04/Apr/2002 09:01:40 29031] [debug] OpenSSL: write 23/23 bytes to
BIO#0021FE88 [mem: 0023D430] (BIO dump follows)
+-+
...
+-+
[04/Apr/2002 09:01:40 29031] [trace] OpenSSL: Write: SSL negotiation
finished successfully
[04/Apr/2002 09:01:40 29031] [info]  Connection to child 0 closed with
standard shutdown (server x:8443, client x)


(this RMI call fails)

[03/Apr/2002 08:11:48 29033] [info]  Connection to child 2 established
(server  removed:8443, client  removed)
[03/Apr/2002 08:11:48 29033] [info]  Seeding PRNG with 1160 bytes of
entropy
[03/Apr/2002 08:11:48 29033] [trace] OpenSSL: Handshake: start
[03/Apr/2002 08:11:48 29033] [trace] OpenSSL: Loop: before/accept
initialization
[03/Apr/2002 08:11:48 29033] [debug] OpenSSL: read 7/11 bytes from
BIO#00242AA8 [mem: 00237C38] (BIO dump follows)
+-+
| : 4a 52 4d 49 00 02 4b
JRMI..K  |
+-+
[03/Apr/2002 08:12:10 29033] [debug] OpenSSL: I/O error, 4 bytes
expected to read on BIO#00242AA8 [mem: 00237C3F]
[03/Apr/2002 08:12:10 29033] [trace] OpenSSL: Exit: error in SSLv2/v3
read client hello A
[03/Apr/2002 08:12:10 29033] [error] SSL handshake timed out (client
171.64.70.217, server 


Gary
-- 
You have heard that it was said, 'An eye for an eye and a tooth for a
tooth.' 
But I say to you, 'Do not resist one who is evil. But if any one strikes
 you on the right cheek, turn to him the other also'
  Matthew 38-40
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Apache/OpenSSL Handshake timeout

2002-04-05 Thread Jeremy Walton 

Question is this for winxp running IE5 or IE6?

Jeremy Walton
DICE Corporation

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Gary W
Sent: Friday, April 05, 2002 11:44 AM
To: [EMAIL PROTECTED]
Subject: Apache/OpenSSL Handshake timeout


I am getting a timeout error, from not
reading all the bytes from the client(?).
The client can talk to retrieve the jar file,
but when it sends an RMI, it balks.
I obviously have 8443 open for SSL, and my certs
must be OK. Is it a client problem?


Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6
Solaris 2.6

(this is the jar download - it works over port 8443) [04/Apr/2002
09:01:00 29031] [info]  Connection to child 0 established (server
x:8443, client x) [04/Apr/2002 09:01:01 29031] [info]  Seeding PRNG with
1160 bytes of entropy [04/Apr/2002 09:01:01 29031] [trace] OpenSSL:
Handshake: start [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop:
before/accept initialization [04/Apr/2002 09:01:02 29031] [debug]
OpenSSL: read 11/11 bytes from BIO#0021FE88 [mem: 00234C20] (BIO dump
follows)
+---
--+
| : 80 46 01 03 00 00 2d 00-00 00 10
.F-  |
+---
--+
[04/Apr/2002 09:01:02 29031] [debug] OpenSSL: read 61/61 bytes from
BIO#0021FE88 [mem: 00234C2B] (BIO dump follows)
+---
--+
...
+---
--+
[04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 read client
hello A [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 write
server hello A [04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop: SSLv3
write certificate A [04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop:
SSLv3 write server done A [04/Apr/2002 09:01:03 29031] [debug] OpenSSL:
write 937/937 bytes to BIO#0021FE88 [mem: 00242048] (BIO dump follows)
+---
--+
...

[04/Apr/2002 09:01:40 29031] [debug] OpenSSL: write 23/23 bytes to
BIO#0021FE88 [mem: 0023D430] (BIO dump follows)
+---
--+
...
+---
--+
[04/Apr/2002 09:01:40 29031] [trace] OpenSSL: Write: SSL negotiation
finished successfully [04/Apr/2002 09:01:40 29031] [info]  Connection to
child 0 closed with standard shutdown (server x:8443, client x)


(this RMI call fails)

[03/Apr/2002 08:11:48 29033] [info]  Connection to child 2 established
(server  removed:8443, client  removed) [03/Apr/2002 08:11:48 29033]
[info]  Seeding PRNG with 1160 bytes of entropy [03/Apr/2002 08:11:48
29033] [trace] OpenSSL: Handshake: start [03/Apr/2002 08:11:48 29033]
[trace] OpenSSL: Loop: before/accept initialization [03/Apr/2002
08:11:48 29033] [debug] OpenSSL: read 7/11 bytes from BIO#00242AA8 [mem:
00237C38] (BIO dump follows)
+---
--+
| : 4a 52 4d 49 00 02 4b
JRMI..K  |
+---
--+
[03/Apr/2002 08:12:10 29033] [debug] OpenSSL: I/O error, 4 bytes
expected to read on BIO#00242AA8 [mem: 00237C3F] [03/Apr/2002 08:12:10
29033] [trace] OpenSSL: Exit: error in SSLv2/v3 read client hello A
[03/Apr/2002 08:12:10 29033] [error] SSL handshake timed out (client
171.64.70.217, server 


Gary
-- 
You have heard that it was said, 'An eye for an eye and a tooth for a
tooth.' 
But I say to you, 'Do not resist one who is evil. But if any one strikes
 you on the right cheek, turn to him the other also'
  Matthew 38-40
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Apache/OpenSSL Handshake timeout

2002-04-05 Thread Gary W 

Jeremy,

Server runs Solaris 2.6, 
client uses Netscape 4.79 and IE5 on W2k

Gary

 Walton wrote:
 
 Question is this for winxp running IE5 or IE6?
 
 Jeremy Walton
 DICE Corporation
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of Gary W
 Sent: Friday, April 05, 2002 11:44 AM
 To: [EMAIL PROTECTED]
 Subject: Apache/OpenSSL Handshake timeout
 
 I am getting a timeout error, from not
 reading all the bytes from the client(?).
 The client can talk to retrieve the jar file,
 but when it sends an RMI, it balks.
 I obviously have 8443 open for SSL, and my certs
 must be OK. Is it a client problem?
 
 Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6
 Solaris 2.6
 
 (this is the jar download - it works over port 8443) [04/Apr/2002
 09:01:00 29031] [info]  Connection to child 0 established (server
 x:8443, client x) [04/Apr/2002 09:01:01 29031] [info]  Seeding PRNG with
 1160 bytes of entropy [04/Apr/2002 09:01:01 29031] [trace] OpenSSL:
 Handshake: start [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop:
 before/accept initialization [04/Apr/2002 09:01:02 29031] [debug]
 OpenSSL: read 11/11 bytes from BIO#0021FE88 [mem: 00234C20] (BIO dump
 follows)
 +---
 --+
 | : 80 46 01 03 00 00 2d 00-00 00 10
 .F-  |
 +---
 --+
 [04/Apr/2002 09:01:02 29031] [debug] OpenSSL: read 61/61 bytes from
 BIO#0021FE88 [mem: 00234C2B] (BIO dump follows)
 +---
 --+
 ...
 +---
 --+
 [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 read client
 hello A [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 write
 server hello A [04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop: SSLv3
 write certificate A [04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop:
 SSLv3 write server done A [04/Apr/2002 09:01:03 29031] [debug] OpenSSL:
 write 937/937 bytes to BIO#0021FE88 [mem: 00242048] (BIO dump follows)
 +---
 --+
 ...
 
 [04/Apr/2002 09:01:40 29031] [debug] OpenSSL: write 23/23 bytes to
 BIO#0021FE88 [mem: 0023D430] (BIO dump follows)
 +---
 --+
 ...
 +---
 --+
 [04/Apr/2002 09:01:40 29031] [trace] OpenSSL: Write: SSL negotiation
 finished successfully [04/Apr/2002 09:01:40 29031] [info]  Connection to
 child 0 closed with standard shutdown (server x:8443, client x)
 
 (this RMI call fails)
 
 [03/Apr/2002 08:11:48 29033] [info]  Connection to child 2 established
 (server  removed:8443, client  removed) [03/Apr/2002 08:11:48 29033]
 [info]  Seeding PRNG with 1160 bytes of entropy [03/Apr/2002 08:11:48
 29033] [trace] OpenSSL: Handshake: start [03/Apr/2002 08:11:48 29033]
 [trace] OpenSSL: Loop: before/accept initialization [03/Apr/2002
 08:11:48 29033] [debug] OpenSSL: read 7/11 bytes from BIO#00242AA8 [mem:
 00237C38] (BIO dump follows)
 +---
 --+
 | : 4a 52 4d 49 00 02 4b
 JRMI..K  |
 +---
 --+
 [03/Apr/2002 08:12:10 29033] [debug] OpenSSL: I/O error, 4 bytes
 expected to read on BIO#00242AA8 [mem: 00237C3F] [03/Apr/2002 08:12:10
 29033] [trace] OpenSSL: Exit: error in SSLv2/v3 read client hello A
 [03/Apr/2002 08:12:10 29033] [error] SSL handshake timed out (client
 171.64.70.217, server
 
 Gary
 --
 You have heard that it was said, 'An eye for an eye and a tooth for a
 tooth.'
 But I say to you, 'Do not resist one who is evil. But if any one strikes
  you on the right cheek, turn to him the other also'
   Matthew 38-40
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]

-- 
You have heard that it was said, 'An eye for an eye and a tooth for a
tooth.' 
But I say to you, 'Do not resist one who is evil. But if any one strikes
 you on the right cheek, turn to him the other also'
  Matthew 38-40
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL

Problems installing openssl-0.9.6c on Windows 2000 box

2002-04-05 Thread [EMAIL PROTECTED] 



Can anyone help me,

I am trying to install openssl-0.9.6c through 
cygwin ona Windows 2000 box. Here is the error message I receive when I 
run the make command.

Devon Jones@CR718118-A /tmp/openssl-0.9.6c$ 
make+ rm -f libcrypto+ rm -f libsslmaking all in 
crypto...make[1]: Entering directory `/tmp/openssl-0.9.6c/crypto'gcc -I. 
-I../include -DDSO_WIN32 -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
-Wall -c -o cryptlib.o cryptlib.cmake[1]: gcc: Command not 
foundmake[1]: *** [cryptlib.o] Error 127make[1]: Leaving directory 
`/tmp/openssl-0.9.6c/crypto'make: *** [sub_all] Error 1

Can anyone help me?

Sincerely,

Andrew Plata

Re: imaps/pop3s certificates

2002-04-05 Thread Sage 

Mark,

Thank you!  I followed your suggestion and it works like a charm, so the
problem itself is solved... of course, I'm not particularly sure why this
works when the regular CA.pl signing script doesn't.  What is being done
here that isn't being done by the CA script?

Sage


- Original Message -
From: Mark D. Baushke [EMAIL PROTECTED]
To: Sage [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, April 05, 2002 1:27 AM
Subject: Re: imaps/pop3s certificates


 Hi Sage,

 I have done something like the following in a similar situation...

   mkdir new-directory
   cd new-directory
   echo create a new Certificate Authority certificate
   CA.pl -newca
   mv demoCA/cacert.pem demoCA/cacert.pem.old
   openssl x509 -in demoCA/cacert.pem.old -signkey demoCA/private/cakey.pem
\
   -days 1825 -out demoCA/cacert.pem
   rm demoCA/cacert.pem.old
   openssl x509 -inform pem -in demoCA/cacert.pem -outform der -out
demoCA/cacert.der

   echo now create and sign the new mail certificate
   openssl req -new -nodes -keyout mail.key.pem -out mail.req.pem
   openssl ca -policy policy_anything -out mail.cert.pem -infiles
mail.req.pem
   openssl gendh 512  mail.dh.pem
   echo now paste everything together that you need
   echo the private key, the signed certificate and the dh parameters
   cat mail.key.pem mail.cert.pem mail.dh.pem  ipop3d.pem

 Now place copies of demoCA/cacert.pem and demoCA/cacert.der on a web
 page someplace where folks can download them and add them to their
 mail user agent.

 You should now be able to test your pop3 server using something like

openssl s_client -CAfile cacert.pem -showcerts -host 127.1 -port 995

 There are probably 'better' ways to do the job, but the above seems to
 work okay for me.

 Good luck,
 -- Mark

  Message-ID: 005f01c1dc4d$5b9a5cc0$6f5ce0ce@webmaster
  From: Sage [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Subject: imaps/pop3s certificates
  Date: Thu, 4 Apr 2002 20:55:31 -0600
 
  I'm using RedHat 7.1, which has its own SSL-wrapped pop3 server.
Turning it
  on is simply a matter of running ntsysv and checking the pop3s option.
It
  does, however, require a digital certificate in order to run.  I can cd
to
  /usr/share/ssl/certs and run make ipop3d.pem but this only produces a
  self-signed test certificate.  It works, and the server runs, but an
email
  client (most notably Outlook Express) will query the user as to whether
he
  or she wants to trust the self-signed certificate before it will connect
to
  the server.  And it has to ask the user this every time the email client
  opens.  I want to eliminate this.
 
  I would have thought that I could create my own self-signed CA
certificate,
  and use that to sign the cert used by the pop3s server, but I can't even
get
  the server to run using the certs that I make with openssl.  I'm using
the
  CA.sh and CA.pl scripts, and following the obvious steps in order:
  ./CA.sh -newca, ./CA.sh -newreq, ./CA.sh -sign
 
  This all seems to work, and generates a newcert.pem file for me, but
this is
  very different from the self-signed ipop3d.pem cert that is generated by
  'make'.  The ipop3d.pem file includes an RSA Private Key, and the
  newcert.pem file does not (at least, as far as I can see). The
newcert.pem
  file also includes a lot of header info that I don't understand (forgive
me,
  I'm very new to this), and which is not included in the ipop3d.pem file.
If
  I try to use the newcert.pem file as the certificate for the secure pop3
  server, the server won't run at all.
 
  I'm stuck.  I've been trying for two full days to get this to work, and
I
  guess it's time to admit I need help... is it even possible to do what
I'm
  trying to do, and if so, what am I doing wrong?  Can anybody help?
 
  I'm using RedHat 7.1 and OpenSSL 0.9.6-3.  If anybody can help me figure
out
  what I'm doing wrong, I'd greatly appreciate it. :)
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing List[EMAIL PROTECTED]
  Automated List Manager   [EMAIL PROTECTED]
 


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

install SSLftp in Solaris 8 SPARC

2002-04-05 Thread Carlos Alberto Pelaez 



Hello everybody. I try to install SSLftp 0.13 
verison in a Solaris 8 SPARC box and i found problems. I edit the file Makefile 
and uncomment the line of SunOS 5 and make CC = gcc . etc. But, when i try 
to compile, appear errors with inet_addr.c, cmds.c, etc . Something can help me 
with this procedure ?
Thanks

 
CAPA

questions/RFEs about X509_NAME

2002-04-05 Thread Aleksey Sanin 

Hi, All!

I have few questions/RFEs to OpenSSL developers about
X509 and X509_NAME structures. I run into some problems
when I've tried to use some low-level functions and I wonder is
it worth to patch OpenSSL instead writing custom functions
in my library. I am not absolutelly sure that all my points are valid so
please correct me if I am wrong.

Thank you in advance,

Aleksey Sanin.
http://www.aleksey.com/xmlsec

Questions List:
--
1) Sorting of the X509_NAME_ENTRY elements in X509_NAME structure
(for X509 subject and issuer fields).
Right now OpenSSL reads the entries in the order they appear in the
certificate (or in the order you are adding them if you are creating cert).
I am not sure but I do not remember any order restrictions in the X509 
rfc or
DName RFC (http://www.ietf.org/rfc/rfc2253.txt).  And this scares me in 
general
because implementation relaying on the order is likely to have interop 
problems.
The suggestion is to sort X509_NAME_ENTRY elements after reading or
creating the cert or before using any order depending function
(hashing, comparison, search, etc.)

2) X509_NAME_ENTRY_cmp function missed
In order to do the sorting described above a new X509_NAME_ENTRY_cmp
function is required. I think it should be implemented something
like this:

int  X509_NAME_ENTRY_cmp(const X509_NAME_ENTRY **a, const 
X509_NAME_ENTRY **b) {
   return(OBJ_cmp((*a)-object, (*b)-object));
}

3) X509_NAME_cmp function compares set field of X509_NAME
After doing sorting as described in 1) I run into another problem:
the function X509_NAME_cmp compares set field of X509_NAME
as follows (the interesting lines are marked ):

for (i=sk_X509_NAME_ENTRY_num(a-entries)-1; i=0; i--)
{
na=sk_X509_NAME_ENTRY_value(a-entries,i);
nb=sk_X509_NAME_ENTRY_value(b-entries,i);
j=na-value-length-nb-value-length;
if (j) return(j);
j=memcmp(na-value-data,nb-value-data,
na-value-length);
if (j) return(j);
 j=na-set-nb-set;
 if (j) return(j);
}


AFAIK, the set field stores the X509_NAME_ENTRY position in
the list. I am not sure that comparing positions in this way is
a right thing here because we are *already* doing this by itterating
thru all X509_NAME_ENTRY entires in the X509_NAME. And of course,
this comparisson fails after sorting :)
I suggest to remove these two lines marked with .




__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Exception

2002-04-05 Thread Cameron Morris 

If you are using Sun's implementation of JSSE then you can set the
javax.net.debug=all property and it will give you a lot more
information.  I've found it very usefull in figuring out problems like
this. 

My guess would be that the program doesn't know where your keystore is.
 The keystore is identified by the javax.net.ssl.trustStore property.

You can set the properties on the command line like this:
java -Djavax.net.debug=all
-Djavax.net.ssl.trustStore=/mykeystore.keystore MyProgram 

Or you can set them in your code like this:
System.setProperty(javax.net.ssl.trustStore, path);

Attached is one of our JavaLDAP samples that we have for
SSLConnections.

Furthermore, if you are using Novell's JavaLDAP api (as opposed to
JNDI) that is posted on OpenLDAP.  Compile a debug version of the jar
(ant debug) and then set the property ldap.debug=TraceAll and
that'll give you tons of information - Maybe more that you care to have
for SSL.

Hope that helps.
- Cameron



Cameron Morris
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Re: Exception With Attachment this time

2002-04-05 Thread Cameron Morris 

Here is the sample I promised.

Cameron Morris
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com 



 Cameron Morris [EMAIL PROTECTED] 04/05/02 10:14AM 
If you are using Sun's implementation of JSSE then you can set the
javax.net.debug=all property and it will give you a lot more
information.  I've found it very usefull in figuring out problems like
this. 

My guess would be that the program doesn't know where your keystore
is.
 The keystore is identified by the javax.net.ssl.trustStore
property.

You can set the properties on the command line like this:
java -Djavax.net.debug=all
-Djavax.net.ssl.trustStore=/mykeystore.keystore MyProgram 

Or you can set them in your code like this:
System.setProperty(javax.net.ssl.trustStore, path);

Attached is one of our JavaLDAP samples that we have for
SSLConnections.

Furthermore, if you are using Novell's JavaLDAP api (as opposed to
JNDI) that is posted on OpenLDAP.  Compile a debug version of the jar
(ant debug) and then set the property ldap.debug=TraceAll and
that'll give you tons of information - Maybe more that you care to
have
for SSL.

Hope that helps.
- Cameron



Cameron Morris
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com 





SSLConnection.java
Description: Binary data

To: Francesco Dal Bello Re: R: need help

2002-04-05 Thread Red 


thanks for help but nothing is still change now errors are:

what can I do now?


 cl /Fotmp32\hw_aep.obj  -Iinc32 -Itmp32 /MD /W3 /WX /G5 /Ox /O2 
/Ob2 /Gs
0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fdout32
  -c .\crypto\engine\hw_aep.c
hw_aep.c
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(691) : error C2220: warning 
treated a
s error - no object file generated
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(691) : warning C4273: 'unlink' : 
inco
nsistent dll linkage.  dllexport assumed.
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\stdlib.h(353) : error C2375: '_exit' : 
redefin
ition; different linkage
 C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(491) : see declaration 
of '_e
xit'
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\stdlib.h(367) : warning C4028: formal 
paramete
r 1 different from declaration
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\stdlib.h(385) : warning C4028: formal 
paramete
r 1 different from declaration
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(175) : warning C4028: formal parameter 1
different from declaration
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(176) : warning C4028: formal parameter 1
different from declaration
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(176) : warning C4028: formal parameter 2
different from declaration
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(181) : warning C4028: formal parameter 1
different from declaration
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(225) : error C2375: 'access' : 
redefiniti
on; different linkage
 C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(248) : see declaration 
of 'ac
cess'
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(228) : error C2375: 'close' : 
redefinitio
n; different linkage
 C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(296) : see declaration 
of 'cl
ose'
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(230) : error C2375: 'dup' : 
redefinition;
  different linkage
 C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(437) : see declaration 
of 'du
p'
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(231) : error C2375: 'dup2' : 
redefinition
; different linkage
 C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(440) : see declaration 
of 'du
p2'
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(234) : error C2375: 'isatty' : 
redefiniti
on; different linkage
 C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(668) : see declaration 
of 'is
atty'
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(236) : error C2375: 'lseek' : 
redefinitio
n; different linkage
 C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(279) : see declaration 
of 'ls
eek'
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(239) : error C2375: 'read' : 
redefinition
; different linkage
 C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(301) : see declaration 
of 're
ad'
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(244) : warning C4028: formal parameter 1
different from declaration
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(244) : warning C4273: 'unlink' : 
inconsis
tent dll linkage.  dllexport assumed.
C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(245) : error C2375: 'write' : 
redefinitio
n; different linkage
 C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(305) : see declaration 
of 'wr
ite'
inc32\openssl/e_os.h(198) : warning C4005: 'ssize_t' : macro redefinition
 C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(194) : see previous 
definitio
n of 'ssize_t'
.\crypto\engine\hw_aep.c(192) : error C2061: syntax error : identifier 
'recorded
_pid'
.\crypto\engine\hw_aep.c(192) : error C2059: syntax error : ';'
.\crypto\engine\hw_aep.c(192) : error C2513: '/*global*/ ' : no variable 
declare
d before '='
.\crypto\engine\hw_aep.c(468) : warning C4018: '=' : signed/unsigned mismatch
.\crypto\engine\hw_aep.c(623) : error C2065: 'pid_t' : undeclared identifier
.\crypto\engine\hw_aep.c(623) : error C2146: syntax error : missing ';' 
before i
dentifier 'curr_pid'
.\crypto\engine\hw_aep.c(623) : error C2065: 'curr_pid' : undeclared identifier
.\crypto\engine\hw_aep.c(631) : error C2065: 'recorded_pid' : undeclared 
identif
ier
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.


At 13.07 05/04/2002 +0200, you wrote:

I have install activeperl with default setting.
Try
  nmake -f ms\nt.mak


-Messaggio originale-
Da: Alberto T Isais [mailto:[EMAIL PROTECTED]]
Inviato: sabato 6 aprile 2002 0.59
A: [EMAIL PROTECTED]
Oggetto: need help


Thank you Sir Francesco for helping me. i did that and now i have new 
errors. Can you still help me with this one? My system is windows 2000 OS 
SP1, Windows 2000 DDK, ActivePerl-5.6.1.631-MSWin32-x86, and MSVC++ 6. By 
the way, how did you install activepearl?

C:\opensslnmake -f ms\ntdll.mak

Microsoft (R) Program Maintenance Utility   Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

Building OpenSSL
 copy nul+ .\crypto\buildinf.h tmp32dll\buildinf.h
nul
.\crypto\buildinf.h
 1 file(s) copied.
 copy nul+ .\crypto\opensslconf.h inc32\openssl\opensslconf.h
nul
.\crypto\opensslconf.h
 1 file(s) copied.
 cl

Problems installing openssl-0.9.6c on Windows 2000 box

2002-04-05 Thread Andrew Plata 




Can anyone help me,

I am trying to install openssl-0.9.6c through 
cygwin ona Windows 2000 box. Here is the error message I receive when I 
run the make command.

Devon Jones@CR718118-A /tmp/openssl-0.9.6c$ 
make+ rm -f libcrypto+ rm -f libsslmaking all in 
crypto...make[1]: Entering directory `/tmp/openssl-0.9.6c/crypto'gcc -I. 
-I../include -DDSO_WIN32 -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
-Wall -c -o cryptlib.o cryptlib.cmake[1]: gcc: Command not 
foundmake[1]: *** [cryptlib.o] Error 127make[1]: Leaving directory 
`/tmp/openssl-0.9.6c/crypto'make: *** [sub_all] Error 1

Can anyone help me?

Sincerely,

Andrew Plata

Re: Problems installing openssl-0.9.6c on Windows 2000 box

2002-04-05 Thread Sean O'Riordain 

Andrew,
- make[1]: gcc: Command not found
it seems to me that make is trying to use the command gcc... but this 
is not available... as a double check try typing gcc at the command 
line... if that works double check your PATH...

cheers,
Sean

Andrew Plata wrote:

 Can anyone help me,

  

 I am trying to install openssl-0.9.6c through cygwin on a Windows 2000 
 box. Here is the error message I receive when I run the make command.

  

 Devon Jones@CR718118-A mailto:Jones@CR718118-A /tmp/openssl-0.9.6c
 $ make
 + rm -f libcrypto
 + rm -f libssl
 making all in crypto...
 make[1]: Entering directory `/tmp/openssl-0.9.6c/crypto'
 gcc -I. -I../include -DDSO_WIN32 -DTERMIOS -DL_ENDIAN 
 -fomit-frame-pointer -O3 -
 m486 -Wall   -c -o cryptlib.o cryptlib.c
 make[1]: gcc: Command not found
 make[1]: *** [cryptlib.o] Error 127
 make[1]: Leaving directory `/tmp/openssl-0.9.6c/crypto'
 make: *** [sub_all] Error 1

  

 Can anyone help me?

  

 Sincerely,

  

 Andrew Plata



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Problem with client certificate authentication.

2002-04-05 Thread Kevin Regan 


I get the following error on the client:

24611:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error:s3_pkt.c:985:SSL alert number 51
24611:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:

and on the server:

24610:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type
is not 01:rsa_pk1.c:100:
24610:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.c:459:
24610:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa
signature:s3_srvr.c:1635:
24610:error:140780E5:SSL routines:SSL23_READ:ssl handshake
failure:s23_lib.c:180:

When attempting to do client authentication (with SSL_CTX_set_verify on the
server).
I've created the certificate and key programatically using the OpenSSL API.
The client
seems to have no problem verifying the server certificate, but the server
dies when trying
to verify the client.

Any ideas?

Sincerely,
Kevin Regan

Kevin Regan
Technical Lead
Houston UNIX Team
Office: 2200
Phone: 713-548-1767

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]