[openssl.org #287] [PATCH] no-engine (openssl-0.9.7-stable-SNAP-20020915)
__ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Apache 2.0.40 and OpenSSL 0.9.7 beta - No Joy
Yep you're rigth! In fact there is a conflict beetween DES crypt and the one from unistd.h. To solve this problem you can disable OLD DES support using flag OPENSSL_DISABLE_OLD_DES_SUPPORT. (That was my problem with openssl-0.9.7, and apache 1.3.x) For example before config you can type: [root]:# export CFLAGS=-DOPENSSL_DISABLE_OLD_DES_SUPPORT Hope this will help. Fred -Original Message- From: David Tonhofer, m-plify S.A. [mailto:[EMAIL PROTECTED]] Sent: Mon 09/16/2002 6:15 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: Subject:Apache 2.0.40 and OpenSSL 0.9.7 beta - No Joy Anyone else encountered this problem? When compiling Apache 2.0.40 with OpenSSL 0.9.7 beta (...under Red Hat 7.3 ...with gcc version 2.96 2731 (Red Hat Linux 7.3 2.96-110), but apparently also with gcc 3.2) one encounters a compilation error (has also been described in a posting to mailing.unix.modssl-users by [EMAIL PROTECTED] on Sat, 14 Sep 2002 17:38:00 +): When compiling mod_ssl.c: In file included from mod_ssl.h:140, from mod_ssl.c:60: /usr/include/unistd.h:946: parse error before `(' /usr/include/unistd.h:946: parse error before `__const' Looks like the declaration of 'crypt' at that place causes some problem. Compilation WORKS if one uses OpenSSL 0.9.6g (so I downgraded...) Also tested with Apache 2.0.39, same error Best regards, -- David Tonhofer m-plify.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] winmail.dat
The problem of CLOSE_WAIT
My Dear: I have wrote a sslServer and sslClient class. In the server's main program, create a listenning socket, whenan acceptsocket is setup, then fork a process, then new a sslServer objectand pass the socket fd to thesslServer object, then process client's requestand answer, before the child exit, delete sslServer object. On the client side, first setup a socket connectionwith the server, then fork a child, in the child process,new asslClient object withparent's socket fd, then do request and recieve msg.Before the child exit, delete sslClient object. But a problem come on: After few days, on the server side, there are many ssl socket connection did not exit clean, they are mostly in close_wait state and few in established state. Then, when a client attempt to connect to the server with sslClient object, they failed, and the sslServer failed at SSL_accept with no error msg. After I restart the server program, everything is ok. How I can solve this headache problem! Attachmentis mysslServer, sslClientand sslBase class, Is something wrong with them? By the way, It is not mewho wrote the server and client programs, I just wrotesslServer, sslClient, sslBase and a program to produce cert and privite key file for the server and client. But I have wrote some simple test program to test my ssl classes, there is no such error phenomenon I discribed up. So headache, Anyone can help me? Thx very much! zhou guanghua __Guanghua ZhouNoICQ#:163768997 Current ICQ status: (Home Tel#: No(Work Tel#: No7Fax#: No+ More ways to contact me __ online?icq=163768997=21 Description: Binary data sslClass.zip Description: Binary data
Re: The problem of CLOSE_WAIT
On Tue, 17 Sep 2002 17:07:06 +0800, Öܹ⻪ wrote: After few days, on the server side, there are many ssl socket connection did not exit clean, they are mostly in close_wait state and few in established state. Do you understand what the CLOSE_WAIT state means and how sockets get in that state? DS __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: The problem of CLOSE_WAIT
I think CLOSE_WAIT state means it is still waitting for the other side's FD_CLOSE notification, (perhaps shutdown function of ssl or socket will send this notification), but the other side had already exit and successfully closed the connection, (perhaps it exited with exceptions or it is killed by others). so the server stay in CLOSE_WAIT state always. But the child process forked by the server has already exit. - Original Message - From: David Schwartz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 5:31 PM Subject: Re: The problem of CLOSE_WAIT On Tue, 17 Sep 2002 17:07:06 +0800, Öܹ⻪ wrote: After few days, on the server side, there are many ssl socket connection did not exit clean, they are mostly in close_wait state and few in established state. Do you understand what the CLOSE_WAIT state means and how sockets get in that state? DS __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: The problem of CLOSE_WAIT
This page (http://mictlan.sfsu.edu/~dachen/documents/Overview.htm) has a good description of the states. CLOSE_WAIT means that the peer shutdown the connection and the application still has it open. - Original Message - From: 周光华 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 8:26 PM Subject: Re: The problem of CLOSE_WAIT I think CLOSE_WAIT state means it is still waitting for the other side's FD_CLOSE notification, (perhaps shutdown function of ssl or socket will send this notification), but the other side had already exit and successfully closed the connection, (perhaps it exited with exceptions or it is killed by others). so the server stay in CLOSE_WAIT state always. But the child process forked by the server has already exit. - Original Message - From: David Schwartz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 5:31 PM Subject: Re: The problem of CLOSE_WAIT On Tue, 17 Sep 2002 17:07:06 +0800, Öܹ⻪ wrote: After few days, on the server side, there are many ssl socket connection did not exit clean, they are mostly in close_wait state and few in established state. Do you understand what the CLOSE_WAIT state means and how sockets get in that state? DS __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: The problem of CLOSE_WAIT
On Tue, 17 Sep 2002 18:26:05 +0800, 周光华 wrote: I think CLOSE_WAIT state means it is still waitting for the other side's FD_CLOSE notification, (perhaps shutdown function of ssl or socket will send this notification), but the other side had already exit and successfully closed the connection, (perhaps it exited with exceptions or it is killed by others). so the server stay in CLOSE_WAIT state always. But the child process forked by the server has already exit. Nope. This is the TIME_WAIT state, which is another animal entirely. See http://tit.irk.ru/tcp_stevens/tcp_conn.htm and RFC1793. The problem is that you did not close the file descriptor after it was cloned by fork. DS __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: The problem of CLOSE_WAIT
Your application received a FIN before it issued a CLOSE. Maybe your appl should respond with a CLOSE on the socket (if it is detecting the FIN at all) ? This might be nothing for CLOSE_WAIT is a normal state or it might be that your application is not CLOSING the sockets when the other side is initiating the shutdown (which puts them in CLOSE_WAIT). -Original Message- From: David Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 5:32 AM To: [EMAIL PROTECTED] Subject: Re: The problem of CLOSE_WAIT On Tue, 17 Sep 2002 17:07:06 +0800, Öܹ⻪ wrote: After few days, on the server side, there are many ssl socket connection did not exit clean, they are mostly in close_wait state and few in established state. Do you understand what the CLOSE_WAIT state means and how sockets get in that state? DS __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Windows Installer MSI creation code, take two
ftp://ftp.runestig.com/pub/openssl-win32/openssl-0.9.6g-pod2html-20020912.patch http://www.runestig.com/pub/openssl-win32/openssl-0.9.6g-pod2html-20020912.patch This one adds a 'html' target to the makefiles (for Windows), that creates .html documentation files from the .pod files, using perl utility 'pod2html'. After playing around with, and understanding a little bit more, 'pod2html', here is a much better patch: ftp://ftp.runestig.com/pub/openssl-win32/openssl-0.9.6g-pod2html-20020917.patch http://www.runestig.com/pub/openssl-win32/openssl-0.9.6g-pod2html-20020917.patch Cheers, - Peter -- Peter 'Luna' Runestig (fd. Altberg), Sweden [EMAIL PROTECTED] PGP Key ID: 0xD07BBE13 Fingerprint: 7B5C 1F48 2997 C061 DE4B 42EA CB99 A35C D07B BE13 AOL Instant Messenger Screenname: PRunestig __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #287] [PATCH] no-engine (openssl-0.9.7-stable-SNAP-20020915)
The patch that I submitted is incomplete. I thought that it was working because I forgot that the tests need to be invoked manually. Looks like a little more work to do. Steven - Original Message - From: Steven Reddie via RT [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 5:02 PM Subject: [openssl.org #287] [PATCH] no-engine (openssl-0.9.7-stable-SNAP-20020915) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PKCS#7 enveloped objects and ciphers
Hello, OpenSSL developers. I ran across an interesting thing while working with openssl-0.9.7beta2, and am wondering if it's a bug, or is intentional. I have signed some data, creating a PKCS7 signed object. I've then encrypted that signed object, creating an enveloped object. At each step in this process, I'm displaying the various attributes and structs members (in a way that unhealthily violates the opacity of objects, I admit). The interesting case is this: I write the enveloped object out via PEM_write_bio_PKCS7(), and then read it back in using PEM_read_bio_PKCS(). The enveloped object read back in seems to be same as that written out -- except that p7-d.enveloped-enc_data-cipher is NULL, where it was not NULL when being written out. I looked into the PKCS7_dataDecode() routine, to see how it decrypted an eveloped object's encrypted contents without using that cipher. It apparently does so by using p7-d.enveloped-enc_data-algorithm to get the matching(?) cipher by name. Is this use (and lack of) of that enc_data-cipher member intentional? Or perhaps this is a case specific to working with enveloped objects? Or, most likely, I am missing something. =) Cheers, TJ Absence is to love what wind is to fire: it extinguishes the small, it enkindles the great. -Comte de Bussy-Rabutin __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS#7 enveloped objects and ciphers
On Tue, Sep 17, 2002, TJ Saunders wrote: Hello, OpenSSL developers. I ran across an interesting thing while working with openssl-0.9.7beta2, and am wondering if it's a bug, or is intentional. I have signed some data, creating a PKCS7 signed object. I've then encrypted that signed object, creating an enveloped object. At each step in this process, I'm displaying the various attributes and structs members (in a way that unhealthily violates the opacity of objects, I admit). The interesting case is this: I write the enveloped object out via PEM_write_bio_PKCS7(), and then read it back in using PEM_read_bio_PKCS(). The enveloped object read back in seems to be same as that written out -- except that p7-d.enveloped-enc_data-cipher is NULL, where it was not NULL when being written out. I looked into the PKCS7_dataDecode() routine, to see how it decrypted an eveloped object's encrypted contents without using that cipher. It apparently does so by using p7-d.enveloped-enc_data-algorithm to get the matching(?) cipher by name. Is this use (and lack of) of that enc_data-cipher member intentional? Or perhaps this is a case specific to working with enveloped objects? Or, most likely, I am missing something. =) The field isn't one of OpenSSLs ASN1 types so it isn't written out or read in when the structure is encode/decoded. Its just used as a temporary location to store a cipher during processing by the S/MIME routines. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]