Re: probleme with SSL connection with certificat ... pls help
Thanks for the patch; I've now applied it to the CVS sources.
RE: probleme with SSL connection with certificat ... pls help
Please, Don't send again such an heavy program to all people; more than 15 minutes to download it! I really want to unsubscribe but I don't remember which address I used to register. It was like *@delcampe.com (I am owner of this domain) Please advise. I delete message for months now... Very borying Thx, Seb Delcampe -Message d'origine- De : lemble gregory [mailto:[EMAIL PROTECTED]] Envoyé : vendredi 28 septembre 2001 9:22 À : [EMAIL PROTECTED] Objet : Fw: probleme with SSL connection with certificat ... pls help - Original Message - From: lemble gregory [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 28, 2001 9:21 AM Subject: Re: probleme with SSL connection with certificat ... pls help Very Very greats and Thanks for you ... i have resolve my problem very Thanks Greg PS: i send with my mail , a version compiled of Wget 1.7 with SSL and correction of the Bug for the certificat... for HP/UX 11.0 PA RISC 2.0 ( 64 bits ). Again very Thanks - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, September 25, 2001 9:35 AM Subject: Re: probleme with SSL connection with certificat ... pls help On Tue, 25 Sep 2001, lemble gregory wrote: i send you the NEW verbose debug from my config... i hope this can help you i remenber the probleme, i can connect on my WEB with WGET , because i have a probleme with a CERTIFICAT... OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded This particular error is due to bad (non-existant) random seeding of OpenSSL. There have been patches posted before, two of them can be found here: http://www.mail-archive.com/wget@sunsite.dk/msg01396.html http://www.mail-archive.com/wget@sunsite.dk/msg01151.html -- Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77 ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
Re: probleme with SSL connection with certificat ... pls help
i send you my source files Greg - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 28, 2001 9:24 AM Subject: Re: probleme with SSL connection with certificat ... pls help On Fri, 28 Sep 2001, lemble gregory wrote: PS: i send with my mail , a version compiled of Wget 1.7 with SSL and correction of the Bug for the certificat... for HP/UX 11.0 PA RISC 2.0 ( 64 bits ). Hehe, well, I had my problem on a Solaris machine so your binary won't help me at all. Could you instead post a patch to the wget list that shows what changes you had to do to get it to work? -- Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77 ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
Re: probleme with SSL connection with certificat ... pls help
On Fri, 28 Sep 2001, lemble gregory wrote:
oups i forget the files ... lol
This is the fix that Lemble Gregory did to make SSL working on his machine.
It should apply just as good on the current CVS wget too. This is required on
all machines without a working /dev/urandom as OpenSSL will otherwise refuse
to connect.
Now, why do people use patches? 2054 bytes vs 659562...
--
Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77
ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
--- /home/dast/src/wget-1.7/src/gen_sslfunc.c Sun May 27 21:34:59 2001
+++ ./gen_sslfunc.c Tue Sep 25 15:53:04 2001
@@ -31,6 +31,7 @@
#include openssl/ssl.h
#include openssl/err.h
#include openssl/pem.h
+#include openssl/rand.h
#include wget.h
#include connect.h
@@ -41,6 +42,44 @@
static int verify_callback PARAMS ((int, X509_STORE_CTX *));
+void SSLInitPRNG()
+{
+#if SSLEAY_VERSION_NUMBER = 0x00905100
+if (RAND_status() == 0) {
+char rand_file[256];
+time_t t;
+pid_t pid;
+long l,seed;
+
+t = time(NULL);
+pid = getpid();
+RAND_file_name(rand_file, 256);
+if(rand_file != NULL) {
+/* Seed as much as 1024 bytes from RAND_file_name */
+RAND_load_file(rand_file, 1024);
+}
+/* Seed in time (mod_ssl does this) */
+RAND_seed((unsigned char *)t, sizeof(time_t));
+/* Seed in pid (mod_ssl does this) */
+RAND_seed((unsigned char *)pid, sizeof(pid_t));
+/* Initialize system's random number generator */
+RAND_bytes((unsigned char *)seed, sizeof(long));
+srand48(seed);
+while (RAND_status() == 0) {
+ /* Repeatedly seed the PRNG using the system's random number generator until
+it has been seeded with enough data */
+l = lrand48();
+RAND_seed((unsigned char *)l, sizeof(long));
+}
+if (rand_file != NULL) {
+/* Write a rand_file */
+RAND_write_file(rand_file);
+}
+}
+#endif /* SSLEAY_VERSION_NUMBER = 0x00905100 */
+return;
+}
+
+
/* Creates a SSL Context and sets some defaults for it */
uerr_t
init_ssl (SSL_CTX **ctx)
@@ -66,6 +105,7 @@
SSL_FILETYPE_PEM) = 0)
return SSLERRCERTKEY;
}
+ SSLInitPRNG();
return 0; /* Succeded */
}
@@ -82,6 +122,9 @@
SSL_connect (*con);
if ((*con)-state != SSL_ST_OK)
return 1;
+ /*while((SSLerror=ERR_get_error())!=0)
+printf(%s\n, ERR_error_string(SSLerror,NULL));*/
+
return 0;
}
Re: probleme with SSL connection with certificat ... pls help
hello
i send you the NEW verbose debug from my config... i hope this can help you
i remenber the probleme, i can connect on my WEB with WGET , because i have
a probleme with a CERTIFICAT...
Thanks for you Help.
--
eux180{root}# ./wget -v -d My_SSL_URL
DEBUG output created by Wget 1.7 on hpux11.00.
parseurl (My_SSL_URL) - host My_SSL_URL - opath - dir - file -
ndir
newpath: /
--09:24:27-- http://My_SSL_URL/
= `index.html'
Connecting to My_SSL_URL:80... Caching My_SSL_URL - 10.250.2.67
Created fd 3.
connected!
---request begin---
GET / HTTP/1.0
User-Agent: Wget/1.7
Host: My_SSL_URL
Accept: */*
Connection: Keep-Alive
---request end---
HTTP request sent, awaiting response... HTTP/1.1 302 Found
Date: Tue, 25 Sep 2001 07:24:27 GMT
Server: Oracle HTTP Server Powered by Apache/1.3.12 (Unix) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.24
Location: https://My_SSL_URL/index.html
Connection: close
Content-Type: text/html; charset=iso-8859-1
Location: https://My_SSL_URL/index.html [following]
Closing fd 3
parseurl (https://My_SSL_URL/index.html;) - host My_SSL_URL - opath
index.html - dir - file index.html - ndir
newpath: /index.html
--09:24:27-- https://My_SSL_URL/index.html
= `index.html'
Connecting to My_SSL_URL:443... Found My_SSL_URL in host_name_address_map:
10.250.2.67
Created fd 3.
connected!
Unable to establish SSL connection.
OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded
OpenSSL: error:05067003:Diffie-Hellman routines:DH_generate_key:BN lib
OpenSSL: error:14098005:SSL routines:SSL3_SEND_CLIENT_KEY_EXCHANGE:bad asn1
object header
Closing fd 3
Unable to establish SSL connection.
-
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, September 24, 2001 5:56 PM
Subject: Re: probleme with SSL connection with certificat ... pls help
I will have a look at gen_sslfunc.c why theres so few debug output.
Well, I found a faliure on my part, the fix is trivial:
Index: src/http.c
===
RCS file: /pack/anoncvs/wget/src/http.c,v
retrieving revision 1.62
diff -u -r1.62 http.c
--- src/http.c 2001/06/14 20:55:02 1.62
+++ src/http.c 2001/09/24 15:53:35
@@ -661,6 +661,7 @@
{
logputs (LOG_VERBOSE, \n);
logprintf (LOG_NOTQUIET, _(Unable to establish SSL
connection.\n));
+ ssl_printerrors();
CLOSE (sock);
return CONSSLERR;
}
Wget should now print more usefull debug output.
I will also post this to wget-patches.
Re: probleme with SSL connection with certificat ... pls help
On Tue, 25 Sep 2001, lemble gregory wrote: i send you the NEW verbose debug from my config... i hope this can help you i remenber the probleme, i can connect on my WEB with WGET , because i have a probleme with a CERTIFICAT... OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded This particular error is due to bad (non-existant) random seeding of OpenSSL. There have been patches posted before, two of them can be found here: http://www.mail-archive.com/wget@sunsite.dk/msg01396.html http://www.mail-archive.com/wget@sunsite.dk/msg01151.html -- Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77 ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
Re: probleme with SSL connection with certificat ... pls help
i send you de debug message from wget 1.7 with SSL options compilation. DEBUG output created by Wget 1.7 on hpux11.00. parseurl (http://myurl;) - host myurl - opath - dir - file - ndir newpath: / --10:03:43-- http://myurl = `index.html' Connecting to myurl:80... Caching myurl - 10.250.2.67 Created fd 3. connected! ---request begin--- GET / HTTP/1.0 User-Agent: Wget/1.7 Host: myurl Accept: */* Connection: Keep-Alive ---request end--- HTTP request sent, awaiting response... HTTP/1.1 302 Found Date: Mon, 24 Sep 2001 08:03:43 GMT Server: Oracle HTTP Server Powered by Apache/1.3.12 (Unix) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.24 Location: http://myurl/index.html Connection: close Content-Type: text/html; charset=iso-8859-1 Location: http://myurl/index.html [following] Closing fd 3 parseurl (http://myurl/index.html) - host myurl - opath index.html - ir - file index.html - ndir newpath: /index.html --10:03:43-- http://myurl/index.html = `index.html' Connecting to myurl:443... Found myurl in host_name_address_map: 10.250.2.67 Created fd 3. connected! Unable to establish SSL connection. Closing fd 3 Unable to establish SSL connection. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:47 PM Subject: Re: probleme with SSL connection with certificat ... pls help Hi! Could you post the debug output (-d)? Christian
Re: probleme with SSL connection with certificat ... pls help
in the index.html , you have a redirection URL to a SSL connection. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 24, 2001 4:41 PM Subject: Re: probleme with SSL connection with certificat ... pls help lemble gregory schrieb: Wget want to connect to port 443 , because its the default port of HTTPS connection if you want take a look here http://www.networkice.com/advice/Exploits/Ports/ I DO know that... (I partly coded the ssl patch), I just don't understand why wget would like to connect to a ssl port in that case: --10:03:43-- http://myurl/index.html = `index.html' it says it wants to connect to an http adress. I will have a look at gen_sslfunc.c why theres so few debug output. Regards Christian
probleme with SSL connection with certificat ... pls help
i have un SSL url with a certificat SSL. i use wget 1.7 with SSL option compilation. when i test my url i have this result: root:# wget https://my_ssl_http_url --15:44:48-- https://my_ssl_http_url = `index.html'Connecting to my_ssl_http_url:443... connected! Unable to establish SSL connection. Unable to establish SSL connection. please someone can give me a solution ? Greg
