Massimiliano Pala wrote:
>
> Xavier Maysonnave wrote:
> >
> > Hello All,
>
> Hi,
>
> > I try to evaluate OpenCA but I have several problems.
> > I have read some posts and I need to ask some questions.
>
> Let us know... :-D
>
> [openssl version]
> > But this is a problem as I run apache 1.3.20 who need
> > mod_ssl-2.8.4-1.3.20, this configuration can't run with the openssl
> > available on the openca ftp site.
>
> You could simply do the following:
>
> o download the 0.9.6a.tar.gz from openssl
> o compile and install it
> o compile the mod_ssl and apache
> o download the SNAP version of OpenSSL
> o compile and install it
It is exactly my configuration and In that configuration apache work
very well.
Apache doesn't want to run If I use the openssl version available on the
openca ftp site under the tools directory. Here is the my current
libcrypto files.
-rw-r--r-- 1 root root 1583298 Jun 28 17:12
/usr/lib/libcrypto.a
lrwxrwxrwx 1 root root 14 Jun 28 17:12
/usr/lib/libcrypto.so -> libcrypto.so.0
lrwxrwxrwx 1 root root 18 Jun 28 17:12
/usr/lib/libcrypto.so.0 -> libcrypto.so.0.9.7
-rw-r--r-- 1 root root 900968 Jun 27 11:42
/usr/lib/libcrypto.so.0.9.6
-r-xr-xr-x 1 root root 1087160 Jun 28 17:12
/usr/lib/libcrypto.so.0.9.7
>
> This should be fine for you. Let me know. Check after all this that the
> openssl command is the SNAP one, try:
>
> $ openssl
> OpenSSL> version
>
> the result should not be 0.9.6a.
it is correct
OpenSSL 0.9.7-dev 24 Sep 2000
notice the strange date.
-rw-r--r-- 1 root root 2429021 Jun 28 13:52
openssl-SNAP-20010627.tar.gz
I have this openssl snapshot.
>
> > if I use the 0.9.6a :
> >
> > - I can initialize the database.
> > - I can generate a secret key
> > - I can't generate a request, the nasty -subj argument
>
> This command is needed to support correctly pkcs#10 malformed requests
> and ie reqs too.
>
> > - I can initialize the database.
> > - I can't generate a secret key. the env:password is not propagated.
with the above configuration the env:password is not propagated. here is
the source of openssl who is not correct:
This program come from the openssl snapshot described above.
It comes from apps.c under the apps directory of openssl.
below the cb_data test, this program takes the password correctly.
As this password can come from stdin, a file or an environment variable.
The password is never propagated.
After that the ui is called everytime.
I have tried to patch the code.
like
buf = password and res = strlen(buf);
but the program crash later.
so I am a bit sticked.
**********
**********
int password_callback(char *buf, int bufsiz, int verify,
PW_CB_DATA *cb_tmp)
{
UI *ui = NULL;
int res = 0;
const char *prompt_info = NULL;
const char *password = NULL;
PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
if (cb_data)
{
if (cb_data->password)
password = cb_data->password;
if (cb_data->prompt_info)
prompt_info = cb_data->prompt_info;
}
ui = UI_new_method(ui_method);
if (ui) {
int ok = 0;
char *buff = NULL;
int ui_flags = 0;
char *prompt = NULL;
prompt = UI_construct_prompt(ui, "pass phrase",
cb_data->prompt_info);
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
PW_MIN_LENGTH,BUFSIZ-1);
if (ok >= 0 && verify)
{
buff = (char *)OPENSSL_malloc(bufsiz);
ok =
UI_add_verify_string(ui,prompt,ui_flags,buff,
PW_MIN_LENGTH,BUFSIZ-1, buf);
}
if (ok >= 0)
do
{
ok = UI_process(ui);
}
while (ok < 0 && UI_ctrl(ui,
UI_CTRL_IS_REDOABLE, 0, 0, 0));
if (buff)
{
memset(buff,0,(unsigned int)bufsiz);
OPENSSL_free(buff);
}
if (ok >= 0)
res = strlen(buf);
if (ok == -1)
{
BIO_printf(bio_err, "User interface error\n");
ERR_print_errors(bio_err);
memset(buf,0,(unsigned int)bufsiz);
res = 0;
}
if (ok == -2)
{
BIO_printf(bio_err,"aborted!\n");
memset(buf,0,(unsigned int)bufsiz);
res = 0;
}
UI_free(ui);
OPENSSL_free(prompt);
}
return res;
}
**********
**********
>
> are you sure this is the problem ??? I'll check it, anyway on most installation
> this gives no problem -- can you post more info on OS/Software and version
> used ???
>
> --
SuSE 7.1 based linux box. Kernel upgraded to 2.4.4
glibc 2.2-9 (SuSE RPM version).
I hope it is clear enough to understand the problem I have.
>
> C'you,
>
> Massimiliano Pala
>
> --o-------------------------------------------------------------------------
> Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> http://www.openca.org Tel.: +39 (0)59 270 094
> http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
S/MIME Cryptographic Signature
