Using OpenSSL to send S/MIME email
Hi, I have read bits pieces of what I need here, and am losing the run of myself a bit. I cannot find a complete list of what to do if I want to send S/MIME email using Outlook. I purchased a Personal Certificate from BT Trustwise a while back to test Digitally Signed messaging encryption with Outlook in my organisation. I am now looking to do the same on a grand scale. Firstly, is this possible with OpenSSL ?? Secondly, How do I do it, on a person to person basis ?? I have created a CA for myself using your help before, I have signed my own Server Certs got SSL running on webservers. Do I have to sign personal certificate requests for everyone who needs to use S/MIME in the same way I self-signed the Webserver certificate requests before ?? Thanks in advance, Steve. The information contained in this e-mail transmission is confidential and may be privileged. It is intended only for the addressee(s) stated above. If you are not an addressee, any use, dissemination, distribution, publication, or copying of the information contained in this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately notify our IT Department by telephone at 353-1-6769333 or e-mail [EMAIL PROTECTED] and delete the e-mail from your system. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL exception linking MSVCRT but not MSVCRTD
I'm having problems when running some OpenSSL commands from the command line. I performed the following steps as outlined in the Install.w32 file. - used ms\do_ms to create the mak files - compiled using ntdll.mak - Tested the following openssl commands. openssl req -x509 -newkey rsa:1024 -keyout server-key.pem -out server-req.pem openssl genrsa -out server-key.pem 1024 openssl req -new -key server-key.pem -out server-req.pem The first two commands seem to be working but then an exception occurs, The instruction at .. referenced memory at ... The memory could not be read. The third command works. When I modify the ntdll.mak to use '/MDd' (MSVCRTD.LIB debug lib) instead of '/MD' (MSVCRT.LIB), I do not see the errors. Any ideas? Thanks, Kim __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problem with installing Crypt::SSLeay
Hi All, When I tried to install Crypt::SSLeay on a Solaris 8 box, I got the following error at doing make test. PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.1/sun4-solaris -I/usr/local/lib/perl5/5.6.1 -e 'use Test::Harness qw(runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: libgcc_s.so.1: open failed: No such file or directory at /usr/local/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 206. at blib/lib/Crypt/SSLeay/CTX.pm line 2 Compilation failed in require at blib/lib/Crypt/SSLeay/CTX.pm line 2. Compilation failed in require at blib/lib/Crypt/SSLeay/MainContext.pm line 9. BEGIN failed--compilation aborted at blib/lib/Crypt/SSLeay/MainContext.pm line 9. Compilation failed in require at t/ssl_context.t line 3. BEGIN failed--compilation aborted at t/ssl_context.t line 3. t/ssl_context...dubious Test returned status 255 (wstat 65280, 0xff00) FAILED--1 test script could be run, alas--no output ever seen make: *** [test_dynamic] Error 2 I have installed openssl 0.9.6 and tried to install Crypt::SSLeay 0.31. Please help and thanks in advance. James Feng Systems Architect Covisint Tel: (248)827-6031 Cell: (248)219-2565 Fax: (248)827-1731 e-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL exception linking MSVCRT but not MSVCRTD
I am interested in providing a /dev/urandom for a Solaris 8 machine. EGD doesn't provide sufficient randomness for sendmail 8.11.6, according to the system logs. However, the SUNWski package doesn't install properly on Solaris 8 (Sparc). What other method do you suggest? Thank you in advance for the information. Chris __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Errors in compiling Net_SSLeay
On Tue, Oct 30, 2001 at 08:22:59PM -0500, DING,SCOTT (HP-PaloAlto,ex1) wrote: I tried to install Net_SSLeay as part of process to set perl-ldap up. When I compile the Net_SSLeay, I got the errors: ld: Invalid loader fixup in text space needed in output file for symbol $0058 in input file /usr/loca l/ssl/lib/libssl.a(ssl_lib.o) You must have either libssl (and libcrypto) as shared libraries or at least you need relocatable object files. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
/dev/random on Solaris 8 (Sparc)
I am interested in providing a /dev/urandom for a Solaris 8 machine. EGD doesn't provide sufficient randomness for sendmail 8.11.6, according to the system logs. However, the SUNWski package doesn't install properly on Solaris 8 (Sparc). What other method do you suggest? Thank you in advance for the information. Chris __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems with pop3s on Outlook Express
Hi there, On Wed, 31 Oct 2001, Tom Karches wrote: Corin Hartland-Swann wrote: I've replaced the 'localhost' certificates with mine, and it now works fine on Windows 2000, and almost works with MacOS. When you hit Send Receive Mail on MacOS it prompts you for a password. I found a reference to this at http://ist.uwaterloo.ca/security/IST-CA/ IE5/Mac problems: Internet Explorer v5 for the Mac/Apple has several notable bugs -- it does not import our certificate properly (for reasons which escape us it wants to save it with a password which means every time you use it you need to recall that password). You should use Netscape on the Mac/Apple platform if you access secure pages protected by our certificate. 16-Feb-2001. FWIW, I have been unable to get IE on the Mac or PC to accept certificates from a CA other than the ones that are part of the default set. Self-signed certificates cause IE on the Mac to generate an endless stream of errors. Do you know which version and build you were using? I finally gave up and purchased a certificate from Thawte and everything works perfectly now. It seems to work OK with mine (version 5.0, build 2022) except for the password bit. It's not too bad because you can set an empty password, and it seems to only prompt once per session (i.e. until you exit Outlook/Explorer and then go back in). But I would like to sort it out because it doesn't make any sense prompting for it when there's no password set. Thanks, Corin /+-\ | Corin Hartland-Swann |Tel: +44 (0) 20 7491 2000| | Commerce Internet Ltd |Fax: +44 (0) 20 7491 2010| | 22 Cavendish Buildings | Mobile: +44 (0) 79 5854 0027| | Gilbert Street | | | Mayfair|Web: http://www.commerce.uk.net/ | | London W1K 5HJ | E-Mail: [EMAIL PROTECTED]| \+-/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: /dev/random on Solaris 8 (Sparc)
On Wed, 31 Oct 2001, Christopher Crowley wrote: :Subject: /dev/random on Solaris 8 (Sparc) : :I am interested in providing a /dev/urandom for a Solaris 8 machine. EGD :doesn't provide sufficient randomness for sendmail 8.11.6, according to the :system logs. However, the SUNWski package doesn't install properly on :Solaris 8 (Sparc). What other method do you suggest? : :Thank you in advance for the information. : :Chris Chris, You might want to try the Andirand package available at: http://www.cosy.sbg.ac.at/~andi/ It provides both /dev/random and /dev/urandom for solaris. Thanks, Arin -- -- Arin Komins [EMAIL PROTECTED] Manager of Web Systems Architecture University of Chicago/NSIT tel: (773)834-4087 1155 E. 60th St. #302B Chicago, IL 60637fax: (773)702-0559 -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem with installing Crypt::SSLeay
It appears that the SSLeay loadable is not being created: 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' If this file isn't there, try just running 'make' and look again. You could also do a 'find' in the source tree to see if it is being created elsewhere, but it shouldn't. Perhaps the makfile isn't making before make test. Keary Suska Esoteritech, Inc. Leveraging Open Source for a better Internet From: Feng, James [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 31 Oct 2001 11:02:33 -0500 To: [EMAIL PROTECTED] Subject: Problem with installing Crypt::SSLeay Hi All, When I tried to install Crypt::SSLeay on a Solaris 8 box, I got the following error at doing make test. PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.1/sun4-solaris -I/usr/local/lib/perl5/5.6.1 -e 'use Test::Harness qw(runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: libgcc_s.so.1: open failed: No such file or directory at /usr/local/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 206. at blib/lib/Crypt/SSLeay/CTX.pm line 2 Compilation failed in require at blib/lib/Crypt/SSLeay/CTX.pm line 2. Compilation failed in require at blib/lib/Crypt/SSLeay/MainContext.pm line 9. BEGIN failed--compilation aborted at blib/lib/Crypt/SSLeay/MainContext.pm line 9. Compilation failed in require at t/ssl_context.t line 3. BEGIN failed--compilation aborted at t/ssl_context.t line 3. t/ssl_context...dubious Test returned status 255 (wstat 65280, 0xff00) FAILED--1 test script could be run, alas--no output ever seen make: *** [test_dynamic] Error 2 I have installed openssl 0.9.6 and tried to install Crypt::SSLeay 0.31. Please help and thanks in advance. James Feng Systems Architect Covisint Tel: (248)827-6031 Cell: (248)219-2565 Fax: (248)827-1731 e-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: /dev/random on Solaris 8 (Sparc)
I use prngd on Solaris 8. http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html It compiled fine with gcc and gnu make. It works like egd so you should be able to have it use /dev/random. I currently use /var/run/egd-pool and that works fine for my needs. From the prngd home page: Unlike EGD it does not generate a pool of random bits that can be called from other software. Rather more it feeds the bits gathered into the OpenSSL PRNG from which the random bits are obtained when requested. This way, PRNGD is never drained and can never block (unlike EGD), so it is also suitable to seed inetd-started programs. It also features a seed-save file, so that it is immediately usable after system start. Billy Shaw- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Arin Komins Sent: Wednesday, October 31, 2001 10:00 AM To: [EMAIL PROTECTED] Subject: Re: /dev/random on Solaris 8 (Sparc) On Wed, 31 Oct 2001, Christopher Crowley wrote: :Subject: /dev/random on Solaris 8 (Sparc) : :I am interested in providing a /dev/urandom for a Solaris 8 machine. EGD :doesn't provide sufficient randomness for sendmail 8.11.6, according to the :system logs. However, the SUNWski package doesn't install properly on :Solaris 8 (Sparc). What other method do you suggest? : :Thank you in advance for the information. : :Chris Chris, You might want to try the Andirand package available at: http://www.cosy.sbg.ac.at/~andi/ It provides both /dev/random and /dev/urandom for solaris. Thanks, Arin -- -- Arin Komins [EMAIL PROTECTED] Manager of Web Systems Architecture University of Chicago/NSIT tel: (773)834-4087 1155 E. 60th St. #302B Chicago, IL 60637fax: (773)702-0559 -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
WinCE SChannel - OpenSSL
Netmeisters,
I would appreciate your help with the following, although it is not
strictly (or not only) and OpenSSL problem.
I am trying to connect a Pocket PC to a Linux server. The Pocket PC uses
Schannel (which on the PPC apparently includes SSLv2 and SSLv3 but not
TLS) and the Linux server has OpenSSL. At this point I am just trying to
get small test programs to work. For the server, the test program is a
slightly modified version of the sserver program from Rescorla's book. I
have included most of the code from the client below, if it matters, but
basically all this does is make a socket, turn on SSL on the socket,
and tell the security functions to use SSLv3 protocols. The server
program also should be using SSLv3, because of a call to SSLv3_method().
Here is what ssldump reports:
New TCP connection #2: net-204-140.dhcp.mcw.edu(1499) -
dp1.derm.mcw.edu(9734) 2 1 0.1544 (0.1544) CS Handshake
ClientHello
Version 3.0
cipher suites
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
compression methods
NULL
2 2 0.1548 (0.0003) SC Alert
level fatal
value handshake_failure
20.1552 (0.0003) SC TCP FIN
20.1574 (0.0022) CS TCP FIN
and here is what I get from sserver:
SSL accept error
31654:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:772:
According to the table in the back of Rescorla's book, OpenSSL does
support these suites, but the names (as listed in his book anyway) are
different; they begin with TLS rather than SSL.
If I dont try to set the client for SSLv3 but just leave it at the
default something similar happens anyway.
Any suggestions would be much appreciated.
Matthew Fleming, MD
Associate Professor
Dept. of Dermatology
Medical College of Wisconsin
E-mail: [EMAIL PROTECTED]
S-mail:
Dept. of Dermatology
Medical College of Wisconsin
8701 Watertown Plank Rd.
Milwaukee, WI 53226
Phone:414.456.4072
Fax:414.456.6518
Windows CE code:
DWORD optval = SO_SEC_SSL;
err=setsockopt(s, SOL_SOCKET, SO_SECURE, (LPSTR)optval,
sizeof(optval));
if (err==SOCKET_ERROR) {
errmsg.Format(_T(Error in setsockopt for SO_SECURE
%d), WSAGetLastError());
MessageBox(errmsg);
}
DWORD dwBytes;
SSLPROTOCOL protocol;
protocol.dwProtocol=SSL_PROTOCOL_SSL3;
protocol.dwVersion=0;
protocol.dwFlags=0;
SSLPROTOCOLS protocols;
protocols.ProtocolList[0]=protocol;
protocols.dwCount=1;
err = WSAIoctl( s,
SO_SSL_SET_PROTOCOLS,
protocols,
sizeof(protocols),
NULL,
0,
dwBytes,
NULL,
NULL);
if (SOCKET_ERROR==err)
{
errmsg.Format(_T(Error in setting protocol %d),
WSAGetLastError());
MessageBox(errmsg);
}
//register certificate validation callback
SSLVALIDATECERTHOOK hfunc;
hfunc.HookFunc = certificate_validation_procedure;
hfunc.pvArg = NULL;
err = WSAIoctl( s,
SO_SSL_SET_VALIDATE_CERT_HOOK,
hfunc,
sizeof(hfunc),
NULL,
0,
dwBytes,
NULL,
NULL);
if (SOCKET_ERROR==err)
{
errmsg.Format(_T(Error in registering certificate
validation callback %d), WSAGetLastError());
MessageBox(errmsg);
}
// do name resolution
hostent *pHostent;
pHostent=gethostbyname(dp1.derm.mcw.edu);
memcpy(tcpaddr.sin_addr,pHostent-h_addr_list[0],sizeof(IN_ADDR));
//or not
//tcpaddr.sin_addr.s_addr=inet_addr(141.106.204.30);
int res=connect(s, (SOCKADDR *)tcpaddr, sizeof(tcpaddr));
if (res==SOCKET_ERROR) {
CString err;
err.Format(_T(Connection error %d\n),
WSAGetLastError());
MessageBox(err);
}
send(s, ch, 1, 0);
__
OpenSSL Project
Re: /dev/random on Solaris 8 (Sparc)
Christopher Crowley wrote: I am interested in providing a /dev/urandom for a Solaris 8 machine. EGD doesn't provide sufficient randomness for sendmail 8.11.6, according to the system logs. However, the SUNWski package doesn't install properly on Solaris 8 (Sparc). What other method do you suggest? Hmmm... SUNWski installs fine for me on Solaris 8. My Jumpstart setup installs Secure Shell, which needs /dev/random. It just works. I suppose I'll have to think of something else if Solaris 9 ever happens. For systems that don't have /dev/random, prngd seems to be the current recommended solution. Paul Allen -- Boeing Phantom Works \ Paul L. Allen, (425) 865-3297 Math Computing Technology \ [EMAIL PROTECTED] POB 3707 M/S 7L-40, Seattle, WA 98124-2207 \ Prototype Systems Group S/MIME Cryptographic Signature
Re: WinCE SChannel - OpenSSL
Matthew Fleming [EMAIL PROTECTED] writes: I would appreciate your help with the following, although it is not strictly (or not only) and OpenSSL problem. I am trying to connect a Pocket PC to a Linux server. The Pocket PC uses Schannel (which on the PPC apparently includes SSLv2 and SSLv3 but not TLS) and the Linux server has OpenSSL. At this point I am just trying to get small test programs to work. For the server, the test program is a slightly modified version of the sserver program from Rescorla's book. I have included most of the code from the client below, if it matters, but basically all this does is make a socket, turn on SSL on the socket, and tell the security functions to use SSLv3 protocols. The server program also should be using SSLv3, because of a call to SSLv3_method(). Here is what ssldump reports: New TCP connection #2: net-204-140.dhcp.mcw.edu(1499) - dp1.derm.mcw.edu(9734) 2 1 0.1544 (0.1544) CS Handshake ClientHello Version 3.0 cipher suites SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_EXPORT1024_WITH_RC4_56_SHA SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 compression methods NULL 2 2 0.1548 (0.0003) SC Alert level fatal value handshake_failure 20.1552 (0.0003) SC TCP FIN 20.1574 (0.0022) CS TCP FIN and here is what I get from sserver: SSL accept error 31654:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:772: According to the table in the back of Rescorla's book, OpenSSL does support these suites, but the names (as listed in his book anyway) are different; they begin with TLS rather than SSL. What keys are you using for the server? The keys that I ship with the code are DSA keys which would lead to exactly this error. The 'server.pem' from openssl-*/apps is an RSA key. Have you tried using that? -Ekr P.S. Thanks for buying the book :) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: porting openssl to linux kernel
The (un)encrypted data stream is already coming from the kernel ( socket read/write ) calls. So if everyting is in kernel space then you again save yourself from the overhead of context switch in reading/writing sockets ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rich Salz Sent: Wednesday, October 31, 2001 5:53 AM To: [EMAIL PROTECTED] Subject: Re: porting openssl to linux kernel The matter here is not to be more secure but definitely one can go faster. The guys who use hardware acceleration normally use device drivers which reside in kernel space. Now for every operation, the system has to take a context switch which could be expensive. But if openssl resides in kernel space then instead of calling a device driver it would be just another function call. Does it make sense now?? If you put the hardware crypto into the kernel, then you replace the crypto context switch -- which only transfers a small amount of data, typically an RSA-encrypted RC4 session key -- with a new context switch that transfers a LARGE amount of data, the (un)encrypted data stream. Performance would probably be MUCH WORSE. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
X509 Certificate Size
Hi, Is there any limit on X509 certificate size (like 2K or something) imposed by standard. Or certificates can be any size. thanks muni __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: porting openssl to linux kernel
I think Eric Rescorla responded to a similar question sometimes ago that RSA operation would be a limiting factor. But if you take that bottleneck away then I think putting SSL handshake and record porcessing layers in kernel space would be a next better thing to do because we can see many new hardware accelerators out there in the near future market which are 10-20 times better than what we have today. We can have certficate management in the user space for the sake of simplicity. Any comments ??? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Imran Badr Sent: Wednesday, October 31, 2001 12:15 PM To: [EMAIL PROTECTED] Subject: RE: porting openssl to linux kernel The (un)encrypted data stream is already coming from the kernel ( socket read/write ) calls. So if everyting is in kernel space then you again save yourself from the overhead of context switch in reading/writing sockets ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rich Salz Sent: Wednesday, October 31, 2001 5:53 AM To: [EMAIL PROTECTED] Subject: Re: porting openssl to linux kernel The matter here is not to be more secure but definitely one can go faster. The guys who use hardware acceleration normally use device drivers which reside in kernel space. Now for every operation, the system has to take a context switch which could be expensive. But if openssl resides in kernel space then instead of calling a device driver it would be just another function call. Does it make sense now?? If you put the hardware crypto into the kernel, then you replace the crypto context switch -- which only transfers a small amount of data, typically an RSA-encrypted RC4 session key -- with a new context switch that transfers a LARGE amount of data, the (un)encrypted data stream. Performance would probably be MUCH WORSE. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Problem with installing Crypt::SSLeay
Hi Keary, After I recompiled perl 5.6.1, I installed modules, URI, MIME-Base64, HTML-Parser, libnet and Digest-MD5, then I installed libwww-perl. When I tried to install SSLeay, at the point of 'make test' I still got the error I previously got but this time I did 'make install' any way. It looked like installed the module without complain. Unfortunately when I tried to use LWP call to a https site I got the following error. Any ideas? Thanks. Error:501 Can't locate object method new via package LWP::Protocol::https (perhaps you forgot to load LWP::Protocol::https?) -Original Message- From: Keary Suska [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 31, 2001 1:26 PM To: [EMAIL PROTECTED]; Feng, James Subject: Re: Problem with installing Crypt::SSLeay It appears that the SSLeay loadable is not being created: 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' If this file isn't there, try just running 'make' and look again. You could also do a 'find' in the source tree to see if it is being created elsewhere, but it shouldn't. Perhaps the makfile isn't making before make test. Keary Suska Esoteritech, Inc. Leveraging Open Source for a better Internet From: Feng, James [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 31 Oct 2001 11:02:33 -0500 To: [EMAIL PROTECTED] Subject: Problem with installing Crypt::SSLeay Hi All, When I tried to install Crypt::SSLeay on a Solaris 8 box, I got the following error at doing make test. PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.1/sun4-solaris -I/usr/local/lib/perl5/5.6.1 -e 'use Test::Harness qw(runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: libgcc_s.so.1: open failed: No such file or directory at /usr/local/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 206. at blib/lib/Crypt/SSLeay/CTX.pm line 2 Compilation failed in require at blib/lib/Crypt/SSLeay/CTX.pm line 2. Compilation failed in require at blib/lib/Crypt/SSLeay/MainContext.pm line 9. BEGIN failed--compilation aborted at blib/lib/Crypt/SSLeay/MainContext.pm line 9. Compilation failed in require at t/ssl_context.t line 3. BEGIN failed--compilation aborted at t/ssl_context.t line 3. t/ssl_context...dubious Test returned status 255 (wstat 65280, 0xff00) FAILED--1 test script could be run, alas--no output ever seen make: *** [test_dynamic] Error 2 I have installed openssl 0.9.6 and tried to install Crypt::SSLeay 0.31. Please help and thanks in advance. James Feng Systems Architect Covisint Tel: (248)827-6031 Cell: (248)219-2565 Fax: (248)827-1731 e-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: porting openssl to linux kernel
On Wed, Oct 31, 2001 at 12:35:25PM -0800, Imran Badr wrote: I think Eric Rescorla responded to a similar question sometimes ago that RSA operation would be a limiting factor. But if you take that bottleneck away then I think putting SSL handshake and record porcessing layers in kernel space would be a next better thing to do because we can see many new hardware accelerators out there in the near future market which are 10-20 times better than what we have today. We can have certficate management in the user space for the sake of simplicity. Any comments ??? Since most implementations don't use Accelerators for symetric operations, it might be interesting to start with a split implementation. Record layer symetric processing in the kernel, retaining the handshake and public key management in user space... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Imran Badr Sent: Wednesday, October 31, 2001 12:15 PM To: [EMAIL PROTECTED] Subject: RE: porting openssl to linux kernel The (un)encrypted data stream is already coming from the kernel ( socket read/write ) calls. So if everyting is in kernel space then you again save yourself from the overhead of context switch in reading/writing sockets ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rich Salz Sent: Wednesday, October 31, 2001 5:53 AM To: [EMAIL PROTECTED] Subject: Re: porting openssl to linux kernel The matter here is not to be more secure but definitely one can go faster. The guys who use hardware acceleration normally use device drivers which reside in kernel space. Now for every operation, the system has to take a context switch which could be expensive. But if openssl resides in kernel space then instead of calling a device driver it would be just another function call. Does it make sense now?? If you put the hardware crypto into the kernel, then you replace the crypto context switch -- which only transfers a small amount of data, typically an RSA-encrypted RC4 session key -- with a new context switch that transfers a LARGE amount of data, the (un)encrypted data stream. Performance would probably be MUCH WORSE. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Steven A. Bade UNIX Network Security Cryptographic Strategy and Development Architecture [EMAIL PROTECTED] T/L 678-4799 (512)-838-4799 -- To convert from Hogsheads to Cubic Feet - Multiply by 8.4219 Two-way communication is necessary to proactively facilitate acceptance and involvement and to get insights about the journey it takes to get where we want this mess is so big and so bad and so tall, we cannot clean it up, there is no way at all (Cat in the Hat) he Hat) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem with installing Crypt::SSLeay
Feng, James wrote: Hi Keary, After I recompiled perl 5.6.1, I installed modules, URI, MIME-Base64, HTML-Parser, libnet and Digest-MD5, then I installed libwww-perl. When I tried to install SSLeay, at the point of 'make test' I still got the error I previously got but this time I did 'make install' any way. It looked like installed the module without complain. Unfortunately when I tried to use LWP call to a https site I got the following error. Any ideas? Thanks. Error:501 Can't locate object method new via package LWP::Protocol::https (perhaps you forgot to load LWP::Protocol::https?) If you can't get past the make test cleanly, chances are slim for the module to work besides, and I would expect this kind of error in that case. The original error was: Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: libgcc_s.so.1: open failed: No such file or directory at Your libgcc_s.so.1 is not being found at runtime by your systems loader. Make sure that library can be found in your system's environment LD_LIBRARY_PATH... --Josh __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Problem with installing Crypt::SSLeay
Looks like your loader can't find libgcc_s.so.1 which is used by SSLeay.so, make a sym link to a lib path that it will look in (like /usr/local/lib). And then recompile Crypt::SSLeay Then make test should work. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Feng, James Sent: Thursday, 1 November 2001 7:49 To: Keary Suska Cc: [EMAIL PROTECTED] Subject: RE: Problem with installing Crypt::SSLeay Hi Keary, After I recompiled perl 5.6.1, I installed modules, URI, MIME-Base64, HTML-Parser, libnet and Digest-MD5, then I installed libwww-perl. When I tried to install SSLeay, at the point of 'make test' I still got the error I previously got but this time I did 'make install' any way. It looked like installed the module without complain. Unfortunately when I tried to use LWP call to a https site I got the following error. Any ideas? Thanks. Error:501 Can't locate object method new via package LWP::Protocol::https (perhaps you forgot to load LWP::Protocol::https?) -Original Message- From: Keary Suska [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 31, 2001 1:26 PM To: [EMAIL PROTECTED]; Feng, James Subject: Re: Problem with installing Crypt::SSLeay It appears that the SSLeay loadable is not being created: 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' If this file isn't there, try just running 'make' and look again. You could also do a 'find' in the source tree to see if it is being created elsewhere, but it shouldn't. Perhaps the makfile isn't making before make test. Keary Suska Esoteritech, Inc. Leveraging Open Source for a better Internet From: Feng, James [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 31 Oct 2001 11:02:33 -0500 To: [EMAIL PROTECTED] Subject: Problem with installing Crypt::SSLeay Hi All, When I tried to install Crypt::SSLeay on a Solaris 8 box, I got the following error at doing make test. PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.1/sun4-solaris -I/usr/local/lib/perl5/5.6.1 -e 'use Test::Harness qw(runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: libgcc_s.so.1: open failed: No such file or directory at /usr/local/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 206. at blib/lib/Crypt/SSLeay/CTX.pm line 2 Compilation failed in require at blib/lib/Crypt/SSLeay/CTX.pm line 2. Compilation failed in require at blib/lib/Crypt/SSLeay/MainContext.pm line 9. BEGIN failed--compilation aborted at blib/lib/Crypt/SSLeay/MainContext.pm line 9. Compilation failed in require at t/ssl_context.t line 3. BEGIN failed--compilation aborted at t/ssl_context.t line 3. t/ssl_context...dubious Test returned status 255 (wstat 65280, 0xff00) FAILED--1 test script could be run, alas--no output ever seen make: *** [test_dynamic] Error 2 I have installed openssl 0.9.6 and tried to install Crypt::SSLeay 0.31. Please help and thanks in advance. James Feng Systems Architect Covisint Tel: (248)827-6031 Cell: (248)219-2565 Fax: (248)827-1731 e-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
WinCE-OpenSSL problem
Netmeisters,
I would appreciate your help with the following, although it is not
strictly (or not only) and OpenSSL problem.
I am trying to connect a Pocket PC to a Linux server. The Pocket PC uses
Schannel (which on the PPC apparently includes SSLv2 and SSLv3 but not
TLS) and the Linux server has OpenSSL. At this point I am just trying to
get small test programs to work. For the server, the test program is a
slightly modified version of the sserver program from Rescorla's book. I
have included most of the code from the client below, if it matters, but
basically all this does is make a socket, turn on SSL on the socket,
and tell the security functions to use SSLv3 protocols. The server
program also should be using SSLv3, because of a call to SSLv3_method().
Here is what ssldump reports:
New TCP connection #2: net-204-140.dhcp.mcw.edu(1499) -
dp1.derm.mcw.edu(9734) 2 1 0.1544 (0.1544) CS Handshake
ClientHello
Version 3.0
cipher suites
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
compression methods
NULL
2 2 0.1548 (0.0003) SC Alert
level fatal
value handshake_failure
20.1552 (0.0003) SC TCP FIN
20.1574 (0.0022) CS TCP FIN
and here is what I get from sserver:
SSL accept error
31654:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:772:
According to the table in the back of Rescorla's book, OpenSSL does
support these suites, but the names (as listed in his book anyway) are
different; they begin with TLS rather than SSL.
If I dont try to set the client for SSLv3 but just leave it at the
default something similar happens anyway.
Any suggestions would be much appreciated.
Matthew Fleming, MD
Associate Professor
Dept. of Dermatology
Medical College of Wisconsin
E-mail: [EMAIL PROTECTED]
S-mail:
Dept. of Dermatology
Medical College of Wisconsin
8701 Watertown Plank Rd.
Milwaukee, WI 53226
Phone:414.456.4072
Fax:414.456.6518
Windows CE code:
DWORD optval = SO_SEC_SSL;
err=setsockopt(s, SOL_SOCKET, SO_SECURE, (LPSTR)optval,
sizeof(optval));
if (err==SOCKET_ERROR) {
errmsg.Format(_T(Error in setsockopt for SO_SECURE
%d), WSAGetLastError());
MessageBox(errmsg);
}
DWORD dwBytes;
SSLPROTOCOL protocol;
protocol.dwProtocol=SSL_PROTOCOL_SSL3;
protocol.dwVersion=0;
protocol.dwFlags=0;
SSLPROTOCOLS protocols;
protocols.ProtocolList[0]=protocol;
protocols.dwCount=1;
err = WSAIoctl( s,
SO_SSL_SET_PROTOCOLS,
protocols,
sizeof(protocols),
NULL,
0,
dwBytes,
NULL,
NULL);
if (SOCKET_ERROR==err)
{
errmsg.Format(_T(Error in setting protocol %d),
WSAGetLastError());
MessageBox(errmsg);
}
//register certificate validation callback
SSLVALIDATECERTHOOK hfunc;
hfunc.HookFunc = certificate_validation_procedure;
hfunc.pvArg = NULL;
err = WSAIoctl( s,
SO_SSL_SET_VALIDATE_CERT_HOOK,
hfunc,
sizeof(hfunc),
NULL,
0,
dwBytes,
NULL,
NULL);
if (SOCKET_ERROR==err)
{
errmsg.Format(_T(Error in registering certificate
validation callback %d), WSAGetLastError());
MessageBox(errmsg);
}
// do name resolution
hostent *pHostent;
pHostent=gethostbyname(dp1.derm.mcw.edu);
memcpy(tcpaddr.sin_addr,pHostent-h_addr_list[0],sizeof(IN_ADDR));
//or not
//tcpaddr.sin_addr.s_addr=inet_addr(141.106.204.30);
int res=connect(s, (SOCKADDR *)tcpaddr, sizeof(tcpaddr));
if (res==SOCKET_ERROR) {
CString err;
err.Format(_T(Connection error %d\n),
WSAGetLastError());
MessageBox(err);
}
send(s, ch, 1, 0);
__
OpenSSL Project
Re: Problem with installing Crypt::SSLeay
My bad, I was misreading the output. I think the other posters have it covered... Keary Suska Esoteritech, Inc. Leveraging Open Source for a better Internet From: Mark Strong [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 1 Nov 2001 08:44:19 +1100 To: [EMAIL PROTECTED] Subject: RE: Problem with installing Crypt::SSLeay Looks like your loader can't find libgcc_s.so.1 which is used by SSLeay.so, make a sym link to a lib path that it will look in (like /usr/local/lib). And then recompile Crypt::SSLeay Then make test should work. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Feng, James Sent: Thursday, 1 November 2001 7:49 To: Keary Suska Cc: [EMAIL PROTECTED] Subject: RE: Problem with installing Crypt::SSLeay Hi Keary, After I recompiled perl 5.6.1, I installed modules, URI, MIME-Base64, HTML-Parser, libnet and Digest-MD5, then I installed libwww-perl. When I tried to install SSLeay, at the point of 'make test' I still got the error I previously got but this time I did 'make install' any way. It looked like installed the module without complain. Unfortunately when I tried to use LWP call to a https site I got the following error. Any ideas? Thanks. Error:501 Can't locate object method new via package LWP::Protocol::https (perhaps you forgot to load LWP::Protocol::https?) -Original Message- From: Keary Suska [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 31, 2001 1:26 PM To: [EMAIL PROTECTED]; Feng, James Subject: Re: Problem with installing Crypt::SSLeay It appears that the SSLeay loadable is not being created: 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' If this file isn't there, try just running 'make' and look again. You could also do a 'find' in the source tree to see if it is being created elsewhere, but it shouldn't. Perhaps the makfile isn't making before make test. Keary Suska Esoteritech, Inc. Leveraging Open Source for a better Internet From: Feng, James [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 31 Oct 2001 11:02:33 -0500 To: [EMAIL PROTECTED] Subject: Problem with installing Crypt::SSLeay Hi All, When I tried to install Crypt::SSLeay on a Solaris 8 box, I got the following error at doing make test. PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.1/sun4-solaris -I/usr/local/lib/perl5/5.6.1 -e 'use Test::Harness qw(runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: ld.so.1: /usr/local/bin/perl: fatal: libgcc_s.so.1: open failed: No such file or directory at /usr/local/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 206. at blib/lib/Crypt/SSLeay/CTX.pm line 2 Compilation failed in require at blib/lib/Crypt/SSLeay/CTX.pm line 2. Compilation failed in require at blib/lib/Crypt/SSLeay/MainContext.pm line 9. BEGIN failed--compilation aborted at blib/lib/Crypt/SSLeay/MainContext.pm line 9. Compilation failed in require at t/ssl_context.t line 3. BEGIN failed--compilation aborted at t/ssl_context.t line 3. t/ssl_context...dubious Test returned status 255 (wstat 65280, 0xff00) FAILED--1 test script could be run, alas--no output ever seen make: *** [test_dynamic] Error 2 I have installed openssl 0.9.6 and tried to install Crypt::SSLeay 0.31. Please help and thanks in advance. James Feng Systems Architect Covisint Tel: (248)827-6031 Cell: (248)219-2565 Fax: (248)827-1731 e-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL Handshake
I am having problems with an SSL handshake between per5 on solaris8 and weblogic5.1 on solaris 7. i ran ssldump and this is what i got... 1 1 0.0500 (0.0500) CS Handshake ClientHello Version 3.0 cipher suites SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_IDEA_CBC_SHA SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 SSL_RSA_EXPORT_WITH_RC4_40_MD5 compression methods NULL 1 2 0.0507 (0.0007) SC Handshake ServerHello Version 3.0 session_id[32]= 3b df 2e 74 9e 6d 59 92 67 c1 4f a1 49 86 4c 6c d5 28 13 85 ca 77 67 11 45 ee c5 7f 53 95 12 5b cipherSuite SSL_RSA_WITH_DES_CBC_SHA compressionMethod NULL 1 3 0.0979 (0.0471) SC Handshake Certificate 1 4 0.0979 (0.) SC Handshake ServerHelloDone 1 5 0.1480 (0.0500) CS Handshake ClientKeyExchange 1 6 0.1480 (0.) CS ChangeCipherSpec 1 7 0.1480 (0.) CS Handshake 1 8 0.1724 (0.0244) SC Alert level fatal value bad_record_mac 10.1725 (0.) SC TCP FIN i am hoping someone can shed some light on the output of the ssldump and what some common causes of the bad_record_mac error are. thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: X509 Certificate Size
On Wed, 31 Oct 2001, Muni Tripathi wrote: Hi, Is there any limit on X509 certificate size (like 2K or something) imposed by standard. Or certificates can be any size. There's no theoritical limit. You can have practical limits though (for example, if the user decides to store the certificate in a 4k or 8k smartcard). -- Erwann ABALEA [EMAIL PROTECTED] RSA PGP Key ID: 0x2D0EABD5 - If at first you don't succeed; Blame everyone else __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: porting openssl to linux kernel
So far the complication has not proven to be worth it to anyone to implement. Go for it. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: X509 Certificate Size
There's no theoritical limit. You can have practical limits though (for example, if the user decides to store the certificate in a 4k or 8k smartcard). Somewhere Peter Gutman has a cert that includes a GIF of his cat. I think it's one of the DN components. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [Crypt::SSLeay] on solaris: broken pipe
Joshua Chamas wrote:
franck P. wrote:
Hi there,
running perl 5.004_04 on Solaris 2.6, SPARC, OpenSSL 0.9.6,
I have installed Crypt-SSLeay-0.29.
No compilation problem (excepted for an other module:
libwww-perl-5.5395).
After some test, everything goes fine. But, I have tried to connect
to a running machine which has NO Web server installed.
Then my test program, exit and print: Broken Pipe.
My test program looks like:
my $ua = new LWP::UserAgent;
my $req = new HTTP::Request('GET',https://$AUTHSERVER;);
my $res = $ua-request($req);
--- broken pipe here.
I finally got a chance to look at this some more. It seems
specific to OpenSSL 0.9.6a on one platform, where on 2 other
boxes, one running OpenSSL 0.9.4 and OpenSSL 0.9.5a this
problem doesn't occur.
I would recommend downgrading your openssl to not get this
broken pipe error. It may be that openssl 0.9.6b does
not have this problem, I have not tried it yet though.
--Josh
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
openssl for windows?
I'm poor at English. I'd like to know there is the openssl for windows. Thank you!!
RE: openssl for windows?
http://www.iconsinc.com/~agray/ossldev/ -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of park hkSent: Wednesday, October 31, 2001 5:51 PMTo: [EMAIL PROTECTED]Subject: openssl for windows? I'm poor at English. I'd like to know there is the openssl for windows. Thank you!!
Re: [Crypt::SSLeay] on solaris: broken pipe
After some test, everything goes fine. But, I have tried to connect
to a running machine which has NO Web server installed.
Then my test program, exit and print: Broken Pipe.
My test program looks like:
my $ua = new LWP::UserAgent;
my $req = new HTTP::Request('GET',https://$AUTHSERVER;);
my $res = $ua-request($req);
--- broken pipe here.
I finally got a chance to look at this some more. It seems
specific to OpenSSL 0.9.6a on one platform, where on 2 other
boxes, one running OpenSSL 0.9.4 and OpenSSL 0.9.5a this
problem doesn't occur.
Franck,
In Crypt::SSLeay v.35, I have code which traps $SIG{PIPE}
to work around this new behavior in openssl 0.9.6a
.35 is on its way to CPAN now, and should be available
in the next couple of days.
--Josh
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
How to use CA.sh to generate and sign certificate for weblogic CSR
Hi, I tryied to use CA.sh for several times to figure out how to get a certificate using an existent cert. requirement(CSR) generated by Weblogic domestic version(128-bit). But the attampt failed. At the beginning, I did like this: - # CA.sh -newca input weblogic's CSR - # CA.sh -sign failed Then,I realized a newreq.pem file including certificate has to be generated before signing. But I have no idea how to enable CA.sh -newreq to read certificate reqiurement from weblogic.pem. It always prompts me to input completely new certificate requirement information, and generates OpenSSL's own CSR and RSA key. Please advise the proper usage to get free certificate for weblogic domestic version. Thanks in advance, Steve _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
