OpenSSL + Netscape
I signed a server-certificate with openssl and imported it into my webserver (IIS5). Now I can connect with the Internet Explorer without any problems, but I can`t connect with Netscape. If I try to connect with Netscape, there is an error message in the browser: The security libary has experienced an error. You will probably unable to connect to this site securely. Whats wrong with my certificate? Thanx for help!!! Carsten Schwant BASF Aktiengesellschaft GPB/AK - N964 Carsten Schwant Tel.: +49 621 60- 58650 Diplomand bei BASF IT-Services ES-SE Rathausplatz 17 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
installation problem
Hi, Openssl Team, I would like to inform you about the installation problem of opensll-engine-0.9.6c on Windows 98/2000, using Microsof Visual C++, which is as follows: When i carry out what is instructed in INSTALL.WIN32 file step by step, the command nmake -f ms\ntdll.mak, results with an error: ...\VC98\INCLUDE\unistd.h(23) : fatal error C1083: Cannot open include file: '../Lang.h': No such file or directory NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. altough the files unistd.h and Lang.h exist in a subfolder of perl program. I should emphasize that the error appears, altough vcvars32.bat is executed in the same command window. However, when i install open-engine-0.9.6b program on the same platforms and performing the same instructions, no error i have encountered. Can you please explain why this error appears when installing open-engine-0.9.6c; but disappears when installing open-engine-0.96.b Best Regards, Selçuk Kavut (T.A.) Selçuk Kavut Middle East Technical University +90 312 3469106 Ankara-TURKEY __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OffTopic: Base64 over HTTPS
Hi: I am having trouble sending Base64 data over HTTPS POST. Does anybody have any sample code that can encode the Base64 to remove the reserved characters so that HTTP POST is possible cheers Mohan Atreya _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: I need basic assistance!
Unzip the package, then follow the instructions in the INSTALL.W32 file (I assume you're on win-32 platform). Once you've build everything, it should then be a matter of using the openssl.exe commandline utility: openssl pkcs12 -in input-file -inform DER -out output-file -outform PEM Hope this helps. Jerry [EMAIL PROTECTED] -Original Message- From: Ann Eklund [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 5:08 PM To: [EMAIL PROTECTED] Subject: I need basic assistance! I've never used OpenSSL before--all I want to do is convert a PKCS#12 certificate to a PEM or CRT certificate. I downloaded openssl-engine-0.9.6c.tar.gz and tried to extract it, but WinZip doesn't do it--it wants to use WinZipClassic, which I must be doing something wrong--I'm not able to get anywhere that looks like an executable program. Can someone walk me through this? Please/thanks. Ann __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OffTopic: Base64 over HTTPS
hope this helps. i don't remember where i found it... any way, here you are. #include stdio.h #include base64.h unsigned char alphabet[64] = ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/; int base64_decode(unsigned char *outbuf, unsigned char *inbuf, int size) { static unsigned char inalphabet[256], decoder[256]; int j, i, bits, c, char_count, errors = 0; for (i = (sizeof alphabet) - 1; i = 0 ; i--) { inalphabet[alphabet[i]] = 1; decoder[alphabet[i]] = i; } char_count = 0; bits = 0; i = 0; j = 0; while (isize) { c = inbuf[i++]; if (c == '=') break; if (c 255 || ! inalphabet[c]) continue; bits += decoder[c]; char_count++; if (char_count == 4) { outbuf[j++] = bits 16; outbuf[j++] = (bits 8) 0xff; outbuf[j++] = bits 0xff; bits = 0; char_count = 0; } else { bits = 6; } } if (c == EOF) { if (char_count) errors++; } else { /* c == '=' */ switch (char_count) { case 1: errors++; break; case 2: outbuf[j++] = bits 10; break; case 3: outbuf[j++] = bits 16; outbuf[j++] = (bits 8) 0xff; break; } } return (errors ? 0 : j); } int base64_encode(unsigned char *outbuf, unsigned char *inbuf, int size) { int i, j, cols, bits, c, char_count; char_count = 0; bits = 0; cols = 0; i = 0; j = 0; while (isize) { c = inbuf[i++]; bits += c; char_count++; if (char_count == 3) { outbuf[j++] = alphabet[bits 18]; outbuf[j++] = alphabet[(bits 12) 0x3f]; outbuf[j++] = alphabet[(bits 6) 0x3f]; outbuf[j++] = alphabet[bits 0x3f]; cols += 4; if (cols == 72) { outbuf[j++] = '\n'; cols = 0; } bits = 0; char_count = 0; } else { bits = 8; } } if (char_count != 0) { bits = 16 - (8 * char_count); outbuf[j++] = alphabet[bits 18]; outbuf[j++] = alphabet[(bits 12) 0x3f]; if (char_count == 1) { outbuf[j++] = '='; outbuf[j++] = '='; } else { outbuf[j++] = alphabet[(bits 6) 0x3f]; outbuf[j++] = '='; } if (cols 0) outbuf[j++] = '\n'; } return j; }
Re: OffTopic: Base64 over HTTPS
i forgot to say that i use the code i send you in https posts. aleix __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Simple Question
Hi I am trying to do something extremely simple, and not succeeding! I want to encrypt and sign some data, and send it to a person whose public key I have. I want to be able to do this with a password for a private key that is supplied via a webpage form (to sign the data). I'm going in total circles with rsautl, smime etc. Have I created the keys incorrectly? Why do I sometimes get the error about self-signed certificates when using smime? How to I supply a password argument to rsautl? Does anyone have a link to a simple howto? Regards Jason __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OffTopic: Base64 over HTTPS
on 1/30/02 7:03 AM, [EMAIL PROTECTED] purportedly said: I am having trouble sending Base64 data over HTTPS POST. Does anybody have any sample code that can encode the Base64 to remove the reserved characters so that HTTP POST is possible What's the problem you are having? As far as I know, there are no restrictions on the data portion of a post request. Since SSL is basically a tunneling protocol, it does not impact the content of HTTP messages. Keary Suska Esoteritech, Inc. Leveraging Open Source for a better Internet __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OffTopic: Base64 over HTTPS
There shouldn't be any problems sending Base64 data over HTTP. HTTP doesn't care what the content-body data looks like (with the exception of the optional length header for the Chunked transfer-encoding). Is the problem that you're sending Base64 data as part of an HTML document over HTTP? Michael Wojcik402 438-7842 Software Systems DeveloperMicro Focus From: Mohan Atreya [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 8:03 AM I am having trouble sending Base64 data over HTTPS POST. Does anybody have any sample code that can encode the Base64 to remove the reserved characters so that HTTP POST is possible cheers Mohan Atreya __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Win 2000 Services and SSL
Hi there, I have a small problem with designing services which use openssl. When I design server and client programs as exe files and install them on Win2000, the system operates as it is expected. Then I have put both programs to operate as Win2000 services. What has happened is that when I put local host in the client as localhost or 127.0.0.1 the system will not simply work at all. When I put its real IP address or DNS name such as mytestingcomputer, the client is able to locate sever (operates as Windows2000 service). Then I have stripped the programs of ssl, and redesign it with tcp, the system operates OK. After that, I have debuged my program and locate BIO_set_conn_hostname. The input value to this instruction was ok. Then I have redesigned the program and used different openssl instructions based on socket implementation, where I have been able to follow the local address of the host implementation. The problem is that inside openssl the localhost and 127.0.0.1 are not simply recognised at all, and they are interpreted as unknown address. I have experimented with Service and its property (logon) under setting, but it still failed to resolve the local host address. I believe that there is some interaction between Win2000 service and openssl implementation, but I do not know where to look inside the code to find bug. I appreciate any help or suggestion. Thanks in advance. Alex Cosic __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Win 2000 Services and SSL
I'm not sure what your problem is but when I use OpenSSL in my service I have mo problem connecting to it: [C:/kermit/] C-Kermitiks localhost DNS Lookup... Trying 127.0.0.1... (OK) SSL_DEBUG_FLAG on ?Unable to load verify-file: C:/Documents and Settings/All Users/Application Dat a/kermit 95/ca_certs.pem ?Unable to load verify-file: C:/Documents and Settings/jaltman/Application Data/ kermit 95/ca_certs.pem ?Unable to load crl-file: C:/kermit/crls ?Unable to load crl-file: C:/Documents and Settings/All Users/Application Data/k ermit 95/crls ?Unable to load crl-file: C:/Documents and Settings/jaltman/Application Data/ker mit 95/crls SSL/TLS init done! [TLS - handshake starting] SSL_handshake:UNKWN before/connect initialization SSL_connect:UNKWN before/connect initialization SSL_connect:3WCH_A SSLv3 write client hello A SSL_connect:3RSH_A SSLv3 read server hello A SSL_connect:3RSKEA SSLv3 read server key exchange A SSL_connect:3RSD_A SSLv3 read server done A SSL_connect:3WCKEA SSLv3 write client key exchange A SSL_connect:3WCCSA SSLv3 write change cipher spec A SSL_connect:3WFINA SSLv3 write finished A SSL_connect:3FLUSH SSLv3 flush data SSL_connect:3RFINA SSLv3 read finished A SSL_handshake:SSLOK SSL negotiation finished successfully Warning: Server didn't provide a certificate, continue? (Y/N) y TLS client finished: CB 02 3C 42 B7 C0 5D 0C 5B D2 D4 5F TLS server finished: 6E 20 06 00 AC E6 3B 35 15 60 7E 07 [TLS - OK] [TLS - ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 Compression: zlib compression Hi there, I have a small problem with designing services which use openssl. When I design server and client programs as exe files and install them on Win2000, the system operates as it is expected. Then I have put both programs to operate as Win2000 services. What has happened is that when I put local host in the client as localhost or 127.0.0.1 the system will not simply work at all. When I put its real IP address or DNS name such as mytestingcomputer, the client is able to locate sever (operates as Windows2000 service). Then I have stripped the programs of ssl, and redesign it with tcp, the system operates OK. After that, I have debuged my program and locate BIO_set_conn_hostname. The input value to this instruction was ok. Then I have redesigned the program and used different openssl instructions based on socket implementation, where I have been able to follow the local address of the host implementation. The problem is that inside openssl the localhost and 127.0.0.1 are not simply recognised at all, and they are interpreted as unknown address. I have experimented with Service and its property (logon) under setting, but it still failed to resolve the local host address. I believe that there is some interaction between Win2000 service and openssl implementation, but I do not know where to look inside the code to find bug. I appreciate any help or suggestion. Thanks in advance. Alex Cosic __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Doubt regarding PKCS#1 padding
Hi, Iam having a problem with PKCS#1 padding. I have implemented the SCEP protocol and trying to test with a free OpenSource SCEP implementation from www.othello.org. In that Iam getting the following error rsa_routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100 rsa_routines: RSA_EAY_PUBLIC_DECRYPT: padding check failed:rsa_eay.c:430. The strange thing is that, this problem is not comming all the time. We generate a request and sign it with the private key. The server is trying to verify the signature. In that process it is failing. What could be the reason for the above failure? Any help is highly appreciated. Regards Suram
Advice/ideas
I would like to use SSL as a method of client/server communication in the following scenario: Client (program) must authenticate with the server using a secret certificate (can't have other programs connect with it), it can then download media which should be encrypted on disk (to provide peace of mind to the media suppliers ). Ideally the media should be (have the option to be ) readable if the client isn't connected to the server, even though this would present a security risk, so each media item would have a certificate/key which would be encrypted, presumably with the client certificate, . Summary: server needs to verify that the connecting *program* is valid (an obfuscated build key perhaps?) Items downloaded need to be stored encrypted so that only the client program can decrypt them. Any comments / advice? Clarification required? Thanks for your time and help, Jurgen __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]