Re: Application Development Makefile examples
Hello, I am new to Application development using OpenSSL. Currently I have installed 0.9.7b (the version I need to use) would like to write a small application using the OpenSSL function calls would like to know if I can find some example source code. Also would like to know if I can find some Makefile examples to include the libraries header files for my application to compile link. Appreciate any help. Regards, Ravi - Looking for earth-friendly autos? Browse Top Cars by Green Rating at Yahoo! Autos' Green Center.
Re: Application Development Makefile examples
I am new to Application development using OpenSSL. Currently I have installed 0.9.7b (the version I need to use) would like to write a small application using the OpenSSL function calls would like to know if I can find some example source code. Also would like to know if I can find some Makefile examples to include the libraries header files for my application to compile link. Appreciate any help. Buy the 'Network Security with OpenSSL' book from O'Reilly. It's a good starter. http://www.amazon.com/Network-Security-OpenSSL-John-Viega/dp/059600270X # ISBN-10: 059600270X # ISBN-13: 978-0596002701 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Application Development Makefile examples
Use -lssl to link the library in. Use ldd on your final binary to double check. Regarding details of OpenSSL calls, use google, manpages or buy the book suggested in the prev reply. On 2/21/07, Brad House [EMAIL PROTECTED] wrote: I am new to Application development using OpenSSL. Currently I have installed 0.9.7b (the version I need to use) would like to write a small application using the OpenSSL function calls would like to know if I can find some example source code. Also would like to know if I can find some Makefile examples to include the libraries header files for my application to compile link. Appreciate any help. Buy the 'Network Security with OpenSSL' book from O'Reilly. It's a good starter. http://www.amazon.com/Network-Security-OpenSSL-John-Viega/dp/059600270X # ISBN-10: 059600270X # ISBN-13: 978-0596002701 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1459] Bug in quoting string expressions
Patch applied. Thanks, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1277] add support for m68k linux
Applied to openssl-0.9.8 and openssl-dev trees. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1152] add support for Linux on SuperH
Applied to openssl-0.9.8 and openssl-dev. Thanks, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: STARTTLS patch for imap and ftp
Goetz Babin-Ebell wrote:
Lutz Jaenicke wrote:
Goetz Babin-Ebell wrote:
[...]
* in SMTP doing a STARTTLS without previous EHLO
will return a
503 STARTTLS command used when not advertised
* in IMAP doing a STARTLS requires a
. CAPABILITY
first.
In both cases the server response should be parsed for
the string STARTTLS...
This statement is technically correct. As the s_client tool is however
intended for testing purposes only (you remember that a capital
R at the beginning of the line will start a renegotiation instead
of being transferred to the server :-) adding the EHLO and .CAPABILITY
should be sufficient and the more complex parsing of the response
might be omitted...
Do you want something like the attached patch ?
(untested, I'm off to bed...)
Yes, something like this. I have applied your patch to 0.9.8 and -dev... and
was just going to write thank you when I discovered that it does not work.
As I just noted BIO_read() does not work line by line but on the message
coming in. This message is the complete multi-line response and it has
to be parsed in a different way as attached as a crude hack.
No: BIO_gets() does not work on here (not supported on connect BIO.
Yes: all other appearances of multi-line handling are broken as well.
The multi-line handling in the SMTP greeting would fail on the first
host with a multi-line greeting and the other protocol handlers are
as buggy. I have thus left your patch in and we have to decide how to
tackle the other occurances...
Best regards,
Lutz
Index: s_client.c
===
RCS file: /e/openssl/cvs/openssl/apps/s_client.c,v
retrieving revision 1.76.2.7
diff -u -r1.76.2.7 s_client.c
--- s_client.c 21 Feb 2007 18:20:33 - 1.76.2.7
+++ s_client.c 21 Feb 2007 18:53:00 -
@@ -735,7 +735,7 @@
/* This is an ugly hack that does a lot of assumptions */
if (starttls_proto == PROTO_SMTP)
{
- int foundit=0;
+ int foundit=0, response_done = 0;
/* wait for multi-line response to end from SMTP */
do
{
@@ -747,11 +747,15 @@
/* wait for multi-line response to end EHLO SMTP response */
do
{
+ int ll;
mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
if (strstr(mbuf,STARTTLS))
foundit=1;
+ for (ll = 0; !response_done ll mbuf_len - 4; ll++)
+if (mbuf[ll] == '\n' mbuf[ll + 3] != '-')
+ response_done = 1;
}
- while (mbuf_len3 mbuf[3]=='-');
+ while (mbuf_len3 mbuf[3]=='-' !response_done);
if (!foundit)
BIO_printf(bio_err,
didn't found starttls in server response,
Re: STARTTLS patch for imap and ftp
On Wed, Feb 21, 2007, Lutz Jaenicke wrote: Goetz Babin-Ebell wrote: Lutz Jaenicke wrote: Goetz Babin-Ebell wrote: [...] * in SMTP doing a STARTTLS without previous EHLO will return a 503 STARTTLS command used when not advertised * in IMAP doing a STARTLS requires a . CAPABILITY first. In both cases the server response should be parsed for the string STARTTLS... This statement is technically correct. As the s_client tool is however intended for testing purposes only (you remember that a capital R at the beginning of the line will start a renegotiation instead of being transferred to the server :-) adding the EHLO and .CAPABILITY should be sufficient and the more complex parsing of the response might be omitted... Do you want something like the attached patch ? (untested, I'm off to bed...) Yes, something like this. I have applied your patch to 0.9.8 and -dev... and was just going to write thank you when I discovered that it does not work. As I just noted BIO_read() does not work line by line but on the message coming in. This message is the complete multi-line response and it has to be parsed in a different way as attached as a crude hack. No: BIO_gets() does not work on here (not supported on connect BIO. Note that adding a buffering BIO to the chain is a simple way to fix this. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: STARTTLS patch for imap and ftp
Dr. Stephen Henson wrote:
On Wed, Feb 21, 2007, Lutz Jaenicke wrote:
Goetz Babin-Ebell wrote:
Lutz Jaenicke wrote:
Goetz Babin-Ebell wrote:
[...]
* in SMTP doing a STARTTLS without previous EHLO
will return a
503 STARTTLS command used when not advertised
* in IMAP doing a STARTLS requires a
. CAPABILITY
first.
In both cases the server response should be parsed for
the string STARTTLS...
This statement is technically correct. As the s_client tool is however
intended for testing purposes only (you remember that a capital
R at the beginning of the line will start a renegotiation instead
of being transferred to the server :-) adding the EHLO and .CAPABILITY
should be sufficient and the more complex parsing of the response
might be omitted...
Do you want something like the attached patch ?
(untested, I'm off to bed...)
Yes, something like this. I have applied your patch to 0.9.8 and -dev... and
was just going to write thank you when I discovered that it does not work.
As I just noted BIO_read() does not work line by line but on the message
coming in. This message is the complete multi-line response and it has
to be parsed in a different way as attached as a crude hack.
No: BIO_gets() does not work on here (not supported on connect BIO.
Note that adding a buffering BIO to the chain is a simple way to fix this.
Yes. I get your point :-)
Best regards,
Lutz
Index: apps/s_client.c
===
RCS file: /e/openssl/cvs/openssl/apps/s_client.c,v
retrieving revision 1.76.2.7
diff -u -r1.76.2.7 s_client.c
--- apps/s_client.c 21 Feb 2007 18:20:33 - 1.76.2.7
+++ apps/s_client.c 21 Feb 2007 19:55:21 -
@@ -736,22 +736,28 @@
if (starttls_proto == PROTO_SMTP)
{
int foundit=0;
+ BIO *fbio = BIO_new(BIO_f_buffer());
+ BIO_push(fbio, sbio);
/* wait for multi-line response to end from SMTP */
do
{
- mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+ mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
}
while (mbuf_len3 mbuf[3]=='-');
/* STARTTLS command requires EHLO... */
- BIO_printf(sbio,EHLO openssl.client.net\r\n);
+ BIO_printf(fbio,EHLO openssl.client.net\r\n);
+ BIO_flush(fbio);
/* wait for multi-line response to end EHLO SMTP response */
do
{
- mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
+ mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
if (strstr(mbuf,STARTTLS))
foundit=1;
}
while (mbuf_len3 mbuf[3]=='-');
+ BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
if (!foundit)
BIO_printf(bio_err,
didn't found starttls in server response,
