RE: Configuration error
When I try to start the server.. It gives the following error.. httpd: Syntax error on line 993 of /etc/httpd/conf/httpd.conf: Expected /IfDefine but saw /IfDefin I have checked several times. Help me to locate the problem Please have a look at this thread: http://www.mail-archive.com/gentoo-user@lists.gentoo.org/msg06228.html Regards, Tom Horstmann __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Library loading issue on multi processor Windows 2003
Hello! We've got an issue using openssl (0.9.8a to 0.9.8d) libraries with our product. It works fine on any Unix or even on most windows platforms. But, unfortunately, it crashes if run on a quadri pro Xeon Windows 2003 platform. There is no evidence that's the only platform to show this issue, but it actually happens on at least four instances of such a machine. The stack of the crash often contains RAND_POLL but doesn't seem to be reliable. We could reproduce the same issue with the very simple code attached here. It crashes only if a bunch of executables are launched in a very short time. Sounds like a real time issue at loading time ... quite strange. Well loading time is an hypothesis based on the stack: most of the time it appears to happen before entering main. We know that windows loads and initialises the DLL modules before calling main ... hence our hypothesis A command line like the following one may be usefull to reproduce the issue (it creates 200 wrnd instances): for %i in (0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j) do start /min /high wrnd.exe start /min /high wrnd.exe start /min /high wrnd.exe start /min /high wrnd.exe start /min /high wrnd.exe start /min /high wrnd.exe start /min /high wrnd.exe start /min /high wrnd.exe start /min /high wrnd.exe start /min /high wrnd.exe wrnd.exe being built from the attached sample source code Any hint or help around such an issue will be really welcome. In case it could matter, here are the command lines used to build the executable: c:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\Bin\cl.exe -IC:\3rdparty\openssl-0.9.8a\inc32 -Ic:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\Include /D WIN32 /GR /Ob1 /Oi /Ot /Gs /Gm- /Gy /D NDEBUG /MD /Zi /GL /wd4786 /GB /Oy /TC /c /W3 /EHsc /Zm1000 -c -o test.obj test.c c:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\Bin\link.exe /LTCG:status /nologo /nodefaultlib /out:wrnd.exe test.obj C:\openssl\lib\libeay32.lib C:\openssl\lib\ssleay32.lib c:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\lib\msvcrt.lib c:\Program Files\Microsoft SDK\lib\kernel32.lib c:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\lib\OLDNAMES.lib -- alea+ Luc #include stdio.h #include time.h #include openssl/err.h #include openssl/ssl.h #include openssl/rand.h #ifdef WIN32 #include windows.h #define my_sleep(n) Sleep(1000*(n)) #else #define my_sleep(n) sleep(n) #endif int main(int argc) { register int i, j; int retcode = 0; time_t start, end; char buffer [2000]; unsigned char data [512]; const char *file = NULL; const char rng_seed [] = string to make the random number \ generator think it has entropy ;); time(start); if (argc != 1) { #ifdef WIN32 DebugBreak(); #else while (argc != 1) { sleep(1); } #endif } ERR_load_crypto_strings (); SSL_load_error_strings (); file = RAND_file_name (buffer, sizeof (buffer)); if (file != NULL) { printf(Rand file = %s\n, file); retcode = RAND_load_file (file, -1); } #ifdef WIN32 RAND_screen (); #endif if (file == NULL || !retcode) { if (RAND_status () == 0) { RAND_seed (rng_seed, sizeof (rng_seed) - 1); } } printf(RAND_status = %d\n, RAND_status()); j=123; for (i=0; i41; i++) { my_sleep(1+(data[j]%13)); if (!RAND_bytes(data, 512)) { printf(Rand generation stopped at step %d\n, i); ERR_print_errors_fp(stdout); break; } j=data[j]; } if (file != NULL) { retcode = RAND_write_file (file); } RAND_cleanup (); ERR_print_errors_fp(stdout); EVP_cleanup (); CRYPTO_cleanup_all_ex_data (); ERR_remove_state (0); ERR_free_strings (); time(end); printf(time ellapsed: %d seconds\n, (int)(end-start)); return retcode; } begin:vcard fn:Luc Perthuis n:Perthuis;Luc org:Atempo S.A.;Engineering adr:;;PIBS;VANNES;;56000;FRANCE email;internet:[EMAIL PROTECTED] title:Core Technologies Group Manager tel;work:02 97 68 40 26 tel;fax:02 97 68 40 25 tel;cell:06 89 16 96 37 note;quoted-printable:Enabling Information Lifecycle Strategies=0D=0A= x-mozilla-html:TRUE url:http://www.atempo.com version:2.1 end:vcard
Re: memory leaks - what am I doing wrong?
Please reference http://www.openssl.org/support/faq.html#PROG13 -- I think I've detected a memory leak, is this a bug? Thanks! It doesn't matter if I call those cleaning functions, the leaks are still there. /* --- cut here --- */ #include openssl/ssl.h #include openssl/bio.h #include openssl/err.h #include openssl/engine.h #include openssl/conf.h int main(int argc, char *argv[]) { SSL_library_init(); //ERR_remove_state(0); //ERR_free_strings(); ENGINE_cleanup(); CONF_modules_unload(1); return 1; } /* --- cut here --- */ valgrind: still reachable: 1,336 bytes in 81 blocks. What now? My problem is, I dont't know _where to read_ about doing it right. The large output about blocks allocated from openssl makes it hard to find my own leaks. That's quite confusing. These functions I'm now using. Can someone please look at it and tell me a little bit more where I should pay attention about freeing things? ,- | SSL_library_init(); | | SSL_CTX* pCtx = SSL_CTX_new(SSLv3_client_method()) | | SSL_CTX_use_certificate_chain_file(pCtx, client.crt) | SSL_CTX_use_PrivateKey_file(pCtx, client.key, SSL_FILETYPE_PEM) | SSL_CTX_check_private_key(pCtx) | SSL_CTX_load_verify_locations(pCtx, ca.crt, NULL)) | | BIO* pBio = BIO_new_buffer_ssl_connect(pCtx) | | BIO_get_ssl(pBio, pSsl); | SSL_set_mode(pSsl, SSL_MODE_AUTO_RETRY); | | BIO_set_conn_hostname(pBio, HOSTNAME); | BIO_set_conn_port(pBio, HTTPS_PORT); | BIO_do_connect(pBio) | | SSL_CTX_set_verify(pCtx, VERIFY_SWITCHES, NULL); | SSL_CTX_set_verify_depth(pCtx, 1); | | SSL_get_verify_result(pSsl) | | BIO_write(pBio, REQUEST, sizeof(REQUEST)); | BIO_flush(pBio) | BIO_gets(pBio, buffer, buffer_size); | | SSL_CTX_free(pCtx); | BIO_free_all(pBio); `- thanks in advance Lars __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: memory leaks - what am I doing wrong?
Please reference http://www.openssl.org/support/faq.html#PROG13 -- I think I've detected a memory leak, is this a bug? Thanks! It doesn't matter if I call those cleaning functions, the leaks are still there. In most cases the cause of an apparent memory leak is an OpenSSL internal table that is allocated when an application starts up. Since such tables do not grow in size over time they are harmless. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: memory leaks - what am I doing wrong?
On Mon, Feb 05, 2007, Lars Uhlmann wrote: Please reference http://www.openssl.org/support/faq.html#PROG13 -- I think I've detected a memory leak, is this a bug? Thanks! It doesn't matter if I call those cleaning functions, the leaks are still there. /* --- cut here --- */ #include openssl/ssl.h #include openssl/bio.h #include openssl/err.h #include openssl/engine.h #include openssl/conf.h int main(int argc, char *argv[]) { SSL_library_init(); //ERR_remove_state(0); //ERR_free_strings(); ENGINE_cleanup(); CONF_modules_unload(1); return 1; } /* --- cut here --- */ valgrind: still reachable: 1,336 bytes in 81 blocks. What now? You haven't included EVP_cleanup() and CRYPTO_cleanup_all_ex_data() mentioned in that FAQ. My problem is, I dont't know _where to read_ about doing it right. The large output about blocks allocated from openssl makes it hard to find my own leaks. That's quite confusing. These functions I'm now using. Can someone please look at it and tell me a little bit more where I should pay attention about freeing things? ,- | SSL_library_init(); | | SSL_CTX* pCtx = SSL_CTX_new(SSLv3_client_method()) | | SSL_CTX_use_certificate_chain_file(pCtx, client.crt) | SSL_CTX_use_PrivateKey_file(pCtx, client.key, SSL_FILETYPE_PEM) | SSL_CTX_check_private_key(pCtx) | SSL_CTX_load_verify_locations(pCtx, ca.crt, NULL)) | | BIO* pBio = BIO_new_buffer_ssl_connect(pCtx) | | BIO_get_ssl(pBio, pSsl); | SSL_set_mode(pSsl, SSL_MODE_AUTO_RETRY); | | BIO_set_conn_hostname(pBio, HOSTNAME); | BIO_set_conn_port(pBio, HTTPS_PORT); | BIO_do_connect(pBio) | | SSL_CTX_set_verify(pCtx, VERIFY_SWITCHES, NULL); | SSL_CTX_set_verify_depth(pCtx, 1); | | SSL_get_verify_result(pSsl) | | BIO_write(pBio, REQUEST, sizeof(REQUEST)); | BIO_flush(pBio) | BIO_gets(pBio, buffer, buffer_size); | | SSL_CTX_free(pCtx); | BIO_free_all(pBio); `- Freeing up should be after you've completed all OpenSSL functions in this example after BIO_free_all(pBio); Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: memory leaks - what am I doing wrong?
Lars, I assume you are running this inside a loop inside of main() and that is how you can tell there is a leak? Joe Lars Uhlmann wrote: Please reference http://www.openssl.org/support/faq.html#PROG13 -- I think I've detected a memory leak, is this a bug? Thanks! It doesn't matter if I call those cleaning functions, the leaks are still there. /* --- cut here --- */ #include openssl/ssl.h #include openssl/bio.h #include openssl/err.h #include openssl/engine.h #include openssl/conf.h int main(int argc, char *argv[]) { SSL_library_init(); //ERR_remove_state(0); //ERR_free_strings(); ENGINE_cleanup(); CONF_modules_unload(1); return 1; } /* --- cut here --- */ valgrind: still reachable: 1,336 bytes in 81 blocks. What now? My problem is, I dont't know _where to read_ about doing it right. The large output about blocks allocated from openssl makes it hard to find my own leaks. That's quite confusing. These functions I'm now using. Can someone please look at it and tell me a little bit more where I should pay attention about freeing things? ,- | SSL_library_init(); | | SSL_CTX* pCtx = SSL_CTX_new(SSLv3_client_method()) | | SSL_CTX_use_certificate_chain_file(pCtx, client.crt) | SSL_CTX_use_PrivateKey_file(pCtx, client.key, SSL_FILETYPE_PEM) | SSL_CTX_check_private_key(pCtx) | SSL_CTX_load_verify_locations(pCtx, ca.crt, NULL)) | | BIO* pBio = BIO_new_buffer_ssl_connect(pCtx) | | BIO_get_ssl(pBio, pSsl); | SSL_set_mode(pSsl, SSL_MODE_AUTO_RETRY); | | BIO_set_conn_hostname(pBio, HOSTNAME); | BIO_set_conn_port(pBio, HTTPS_PORT); | BIO_do_connect(pBio) | | SSL_CTX_set_verify(pCtx, VERIFY_SWITCHES, NULL); | SSL_CTX_set_verify_depth(pCtx, 1); | | SSL_get_verify_result(pSsl) | | BIO_write(pBio, REQUEST, sizeof(REQUEST)); | BIO_flush(pBio) | BIO_gets(pBio, buffer, buffer_size); | | SSL_CTX_free(pCtx); | BIO_free_all(pBio); `- thanks in advance Lars __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: A problem with the use of CRLs. I'm still able to access a site although the certificate is revoked.
Hello Goetz, again thanks for your quick answer. I think I found a solution with the help of the Apache-HTTP-Server forum. Everyone who is interested in it, take a look at http://www.nabble.com/Problem-with-revoked-certificates.-tf3169656.html In the end I think, that it was no OpenSSL problem. But it is good to know that there is a place where I can ask my OpenSSL questions ;) best regards domi -- View this message in context: http://www.nabble.com/A-problem-with-the-use-of-CRLs.-I%27m-still-able-to-access-a-site-although-the-certificate-is-revoked.-tf3169634.html#a8808160 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Problem with linking library
Minh Do you link to -lpthread, -lssl, and -lcrypto ?? TD -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tuan Minh Nguyen Sent: Saturday, February 03, 2007 17:10 To: openssl-users@openssl.org Subject: Problem with linking library Hi all, which options should I use to compile when I see this error? : client.c:(.text+0xcb): undefined reference to `init_OpenSSL' client.c:(.text+0xfc): undefined reference to `handle_error' client.c:(.text+0x13f): undefined reference to `handle_error' common.c:(.text+0x51): undefined reference to `THREAD_setup' I try to run example EX5-1,-2-3-4 in the book O'Reilly - Network Security with OpenSSL. thank in advance, Minh. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Newca error, -create_serial
Let me preface first by saying I did see some previous users had this problem also. I've even gone so far as to completely wipe the system and start fresh only to have the same issue. Running a FreeBSD 6.2 server with OpenSSL 0.9.8d. After I do the installation, I execute the CA.pl -newca option. After I enter the information, it gives me the unknown option -create_serial error. I'm using the root account on this machine to keep it simple, which defaults to csh. By default the openssl installation has placed it in the /usr/local/ssl directory, so I added /usr/local/ssl/misc to the PATH in .cshrc and still receive the same error. Any suggestions? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newca error, -create_serial
On Mon, Feb 05, 2007, Aaron Barnes wrote: Let me preface first by saying I did see some previous users had this problem also. I've even gone so far as to completely wipe the system and start fresh only to have the same issue. Running a FreeBSD 6.2 server with OpenSSL 0.9.8d. After I do the installation, I execute the CA.pl -newca option. After I enter the information, it gives me the unknown option -create_serial error. I'm using the root account on this machine to keep it simple, which defaults to csh. By default the openssl installation has placed it in the /usr/local/ssl directory, so I added /usr/local/ssl/misc to the PATH in .cshrc and still receive the same error. Any suggestions? I'd say that the version of CA.pl you are using is newer than the version of OpenSSL it calls. The -create_serial option was first added to OpenSSL 0.9.8 so if OpenSSL 0.9.7 or earlier precedes it on your PATH that will cause that error. Do a: openssl version and fix the PATH so you get 0.9.8d. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Problem with linking library
Hi Dinh Thao, thank you very much for your reply. I have no more problem with linking. but now I have problem when I compile file client.c and common.c: [EMAIL PROTECTED]:~/SSL-connection$ gcc client.c -o client -Wall -lcrypto -lssl -lpthread /tmp/ccUugnSm.o: In function `main': client.c:(.text+0xcb): undefined reference to `init_OpenSSL' client.c:(.text+0xfc): undefined reference to `handle_error' client.c:(.text+0x13f): undefined reference to `handle_error' collect2: ld returned 1 exit status Can you tell me where is problem? Thanks, Minh. Here ist relevant code: common.h #include openssl/bio.h #include openssl/err.h #include openssl/rand.h #include openssl/ssl.h #include openssl/x509v3.h #ifndef WIN32 #include pthread.h #define THREAD_CC #define THREAD_TYPEpthread_t #define THREAD_CREATE(tid, entry, arg) pthread_create((tid), NULL, \ (entry), (arg)) #else #include windows.h #define THREAD_CC __cdecl #define THREAD_TYPEDWORD #define THREAD_CREATE(tid, entry, arg) do { _beginthread((entry), 0, (arg));\ (tid) = GetCurrentThreadId(); \ } while (0) #endif #define PORT6001 #define SERVER splat.zork.org #define CLIENT shell.zork.org #define int_error(msg) handle_error(__FILE__, __LINE__, msg) void handle_error(const char *file, int lineno, const char *msg); void init_OpenSSL(void); common.c== #include common.h void handle_error(const char *file, int lineno, const char *msg) { fprintf(stderr, ** %s:%i %s\n, file, lineno, msg); ERR_print_errors_fp(stderr); exit(-1); } void init_OpenSSL(void) { if (!SSL_library_init()) { fprintf(stderr, ** OpenSSL initialization failed!\n); exit(-1); } SSL_load_error_strings(); } client.c #include common.h void do_client_loop(BIO *conn) { int err, nwritten; char buf[80]; for (;;) { if (!fgets(buf, sizeof(buf), stdin)) break; for (nwritten = 0; nwritten sizeof(buf); nwritten += err) { err = BIO_write(conn, buf + nwritten, strlen(buf) - nwritten); if (err = 0) return; } } } int main(int argc, char *argv[]) { BIO *conn; init_OpenSSL(); conn = BIO_new_connect(SERVER : PORT); if (!conn) int_error(Error creating connection BIO); if (BIO_do_connect(conn) = 0) int_error(Error connecting to remote machine); fprintf(stderr, Connection opened\n); do_client_loop(conn); fprintf(stderr, Connection closed\n); BIO_free(conn); return 0; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
EVP_EncryptUpdate and in-buffer encryption
Is it ok to pass the same input buffer for the output buffer when using EVP_EncryptUpdate with RC4?