RE: Compiler Recomendations Solaris 8

[Boyle Owen]

I don't understand - the packge is a binary so you don't need to
compile. It's like RPM on linux.

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 16:58
To: '[EMAIL PROTECTED]'
Subject: RE: Compiler Recomendations Solaris 8


thats what I have done, but what version og GCC is recommended.


-Original Message-
From: Boyle Owen [mailto:Owen.Boyle;swx.com]
Sent: Thursday, October 31, 2002 2:59 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8


You might like to download the package from www.sunfreeware.com - then
just use pkgadd and don't bother compiling...

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 15:29
To: '[EMAIL PROTECTED]'
Subject: Compiler Recomendations Solaris 8


hi,

can someone recomend a working compiler build for solaris 8 to build
openssl
9.6g

I am getting a seg fault on make test, when this happened on redhat I
was
told it was probably the compiler.

thanks,

Matt.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PRNG not seeded ERROR!!!!

[Erwann ABALEA]

On Thu, 31 Oct 2002, Manoj Kithany wrote:

 I installing OPENSSL and when running I get following ERROR - wonder
 why:
 --
 # ./openssl req -new -nodes -keyout private.key -out public.csr
 Using configuration from /usr/local/ssl/openssl.cnf
 unable to load 'random state'
 This means that the random number generator has not been seeded with
 much random data.
 Generating a 1024 bit RSA private key
 22664:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
 seeded:md_rand.c:501:You need to read the OpenSSL FAQ,
 http://www.openssl.org/support/faq.html
 22664:error:04069003:rsa routines:RSA_generate_key:BN
 lib:rsa_gen.c:182:
 #
 --

 I am using IBM AIX System.

 Any information on above...?

Yes, just point your browser to the link given in the error messages:
  http://www.openssl.org/support/faq.html

-- 
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Un forum peut répondre à plusieurs besoins à la fois
Ici, le groupe des débutants dépasse en nombre le groupe des utilisateur
middle-class ce qui provoque inévitablement des tensions.
-+- EF - Guide du Neuneu d'Usenet - La lutte des middle classes -+-

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Compiler Recomendations Solaris 8 (and RedHat 8 too!)

[DARCY,MATTHEW (HP-UnitedKingdom,ex2)]

I compiled openssl 9-6g on redhat 7.3 with gcc 2.96 and was told to use 3 or
2.95 (still failing)
I am using 2.95 on Solaris and it is failing with the same error as redhat
so I am lost as to what is a recomended GCC



-Original Message-
From: [EMAIL PROTECTED] [mailto:John.Airey;rnib.org.uk]
Sent: Thursday, October 31, 2002 4:08 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8 (and RedHat 8 too!)


The last post to this list about compiling on RedHat 8 seems strangely
relevant too. RedHat 8 comes with gcc 3 only, whereas previous versions came
with 2.9x and a choice of using gcc 3.

Perhaps it is the case that openssl doesn't compile on gcc 3, and if so,
does anyone know how to fix it?

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] 

Theories of evolution are like buses - there'll be another one along in a
minute



 -Original Message-
 From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) 
 [mailto:matthew.darcy;hp.com]
 Sent: 31 October 2002 15:58
 To: '[EMAIL PROTECTED]'
 Subject: RE: Compiler Recomendations Solaris 8
 
 
 thats what I have done, but what version og GCC is recommended.
 
 
 -Original Message-
 From: Boyle Owen [mailto:Owen.Boyle;swx.com]
 Sent: Thursday, October 31, 2002 2:59 PM
 To: [EMAIL PROTECTED]
 Subject: RE: Compiler Recomendations Solaris 8
 
 
 You might like to download the package from www.sunfreeware.com - then
 just use pkgadd and don't bother compiling...
 
 -Original Message-
 From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) 
[mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 15:29
To: '[EMAIL PROTECTED]'
Subject: Compiler Recomendations Solaris 8


hi,

can someone recomend a working compiler build for solaris 8 to build
openssl
9.6g

I am getting a seg fault on make test, when this happened on redhat I
was
told it was probably the compiler.

thanks,

Matt.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL 

RE: Compiler Recomendations Solaris 8

[DARCY,MATTHEW (HP-UnitedKingdom,ex2)]

I have installed gcc 2.95 package from sun freeware. I am trying to compile
openssl-9.6g it is failing. Could some one recomend a compiler version /
package to compile openssl-9.6g


-Original Message-
From: Boyle Owen [mailto:Owen.Boyle;swx.com]
Sent: Thursday, October 31, 2002 4:14 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8


I don't understand - the packge is a binary so you don't need to
compile. It's like RPM on linux.

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 16:58
To: '[EMAIL PROTECTED]'
Subject: RE: Compiler Recomendations Solaris 8


thats what I have done, but what version og GCC is recommended.


-Original Message-
From: Boyle Owen [mailto:Owen.Boyle;swx.com]
Sent: Thursday, October 31, 2002 2:59 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8


You might like to download the package from www.sunfreeware.com - then
just use pkgadd and don't bother compiling...

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 15:29
To: '[EMAIL PROTECTED]'
Subject: Compiler Recomendations Solaris 8


hi,

can someone recomend a working compiler build for solaris 8 to build
openssl
9.6g

I am getting a seg fault on make test, when this happened on redhat I
was
told it was probably the compiler.

thanks,

Matt.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Rolling a Windows Secure Webserver...

[Tim Regovich]

This question is asked a lot.
With asynchornous sockets, you need to check the err
using SSL_get_error.  If the error IS
SSSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE then you
need to call SSL_accept again.
I would reccommend adding the FD back into your select
queue based on the read/write status, and call the
accept function again based on the socket
availability, since you are using asynch sockets.

Oh wait.  Asynch sockets on windoze?  I forgot the
semantics on that platform.  You already have a
registered window handler or something that can handle
the callback.  Just maintain the current state of the
connection within the ssl context and act accordingly
and you probably don't need to mess with the select.

Tim

--- Thomas J. Hruska
[EMAIL PROTECTED] wrote:
 At 01:41 PM 10/31/2002 +0800, Pj writeth:
 Hello OpenSSL experts, 
   
 I have written a working web server in C (non
 blocking asynchronous), and
 wish to incorporate OpenSSL into it.
 I have used the example
 openssl-0.9.6g\demos\ssl\serv.cpp to help with the
 process...
   
 My server compiles, links and runs ok (so far so
 good), but returns an
 error (err = -1) from the line below and bombs out
 when I connect via a web
 browser (https://127.0.0.1:6010/x.htm) (Im using
 port 6010 for my tests) 
   
 err = SSL_accept (ssl); (complete function below)
   
 does any one know what this might be?
 The socket passed into SSL is a valid socket just
 accepted by the accept
 code...
   
 could my certificates be no good?
 
 The first question that runs through my mind is: 
 Why write your own web
 server when so many other web servers are likely to
 be more powerful,
 stable, and versatile than yours?  It is a good
 exercise of one's
 programming skills, but considering that more
 powerful tools already exist,
 I just felt the urge to ask about your motivation
 for development of yet
 another web server.
 
 To answer your question:  SSL_accept() can fail
 when using non-blocking
 sockets.  I don't remember the exact error message
 associated with the fail
 state, but basically you have to repeat the call to
 SSL_accept() with the
 same parameters until it succeeds.  During this
 time, the client selects a
 certificate to send back (or not) and other
 handshaking sorts of things
 take place.  Since this process can take a while,
 SSL_accept(), when using
 non-blocking sockets, returns so that it does not
 consume any extra time
 while waiting for data.
 
 Hope this helps!
 
 
   Thomas J. Hruska --
 [EMAIL PROTECTED]
 Shining Light Productions -- Meeting the needs of
 fellow programmers
   http://www.shininglightpro.com/

__
 OpenSSL Project
 http://www.openssl.org
 User Support Mailing List   
 [EMAIL PROTECTED]
 Automated List Manager  
[EMAIL PROTECTED]


__
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Compiler Recomendations Solaris 8

[Boyle Owen]

Sorry - I meant to get the package for openssl! (not for gcc...)

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 17:20
To: '[EMAIL PROTECTED]'
Subject: RE: Compiler Recomendations Solaris 8


I have installed gcc 2.95 package from sun freeware. I am trying to
compile
openssl-9.6g it is failing. Could some one recomend a compiler version /
package to compile openssl-9.6g


-Original Message-
From: Boyle Owen [mailto:Owen.Boyle;swx.com]
Sent: Thursday, October 31, 2002 4:14 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8


I don't understand - the packge is a binary so you don't need to
compile. It's like RPM on linux.

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 16:58
To: '[EMAIL PROTECTED]'
Subject: RE: Compiler Recomendations Solaris 8


thats what I have done, but what version og GCC is recommended.


-Original Message-
From: Boyle Owen [mailto:Owen.Boyle;swx.com]
Sent: Thursday, October 31, 2002 2:59 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8


You might like to download the package from www.sunfreeware.com - then
just use pkgadd and don't bother compiling...

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 15:29
To: '[EMAIL PROTECTED]'
Subject: Compiler Recomendations Solaris 8


hi,

can someone recomend a working compiler build for solaris 8 to build
openssl
9.6g

I am getting a seg fault on make test, when this happened on redhat I
was
told it was probably the compiler.

thanks,

Matt.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived 

Re: PRNG not seeded ERROR!!!!

[Manoj Kithany]

Hi Mr. Erwann:

THANKS for your reply. 
I checked the url before I posted my query to this List. I am bit
confused - should I need to install EGD or PRNG? I checked my IBM
Server and could'nt find /dev/random?

Can you/anyone please help?

THANKS!

Manoj G. Kithany

 [EMAIL PROTECTED] 10/31/02 09:31AM 
On Thu, 31 Oct 2002, Manoj Kithany wrote:

 I installing OPENSSL and when running I get following ERROR - wonder
 why:

--
 # ./openssl req -new -nodes -keyout private.key -out public.csr
 Using configuration from /usr/local/ssl/openssl.cnf
 unable to load 'random state'
 This means that the random number generator has not been seeded with
 much random data.
 Generating a 1024 bit RSA private key
 22664:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG
not
 seeded:md_rand.c:501:You need to read the OpenSSL FAQ,
 http://www.openssl.org/support/faq.html 
 22664:error:04069003:rsa routines:RSA_generate_key:BN
 lib:rsa_gen.c:182:
 #

--

 I am using IBM AIX System.

 Any information on above...?

Yes, just point your browser to the link given in the error messages:
  http://www.openssl.org/support/faq.html 

-- 
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Un forum peut rTpondre a plusieurs besoins a la fois
Ici, le groupe des dTbutants dTpasse en nombre le groupe des
utilisateur
middle-class ce qui provoque inTvitablement des tensions.
-+- EF - Guide du Neuneu d'Usenet - La lutte des middle classes -+-

__
OpenSSL Project http://www.openssl.org

User Support Mailing List[EMAIL PROTECTED]

Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Compiler Recomendations Solaris 8

[DARCY,MATTHEW (HP-UnitedKingdom,ex2)]

the package I got from openssl did not include shared librarys - hence why I
am keen to compile it myself.

good suggestion though



-Original Message-
From: Boyle Owen [mailto:Owen.Boyle;swx.com]
Sent: Thursday, October 31, 2002 4:54 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8


Sorry - I meant to get the package for openssl! (not for gcc...)

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 17:20
To: '[EMAIL PROTECTED]'
Subject: RE: Compiler Recomendations Solaris 8


I have installed gcc 2.95 package from sun freeware. I am trying to
compile
openssl-9.6g it is failing. Could some one recomend a compiler version /
package to compile openssl-9.6g


-Original Message-
From: Boyle Owen [mailto:Owen.Boyle;swx.com]
Sent: Thursday, October 31, 2002 4:14 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8


I don't understand - the packge is a binary so you don't need to
compile. It's like RPM on linux.

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 16:58
To: '[EMAIL PROTECTED]'
Subject: RE: Compiler Recomendations Solaris 8


thats what I have done, but what version og GCC is recommended.


-Original Message-
From: Boyle Owen [mailto:Owen.Boyle;swx.com]
Sent: Thursday, October 31, 2002 2:59 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8


You might like to download the package from www.sunfreeware.com - then
just use pkgadd and don't bother compiling...

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 15:29
To: '[EMAIL PROTECTED]'
Subject: Compiler Recomendations Solaris 8


hi,

can someone recomend a working compiler build for solaris 8 to build
openssl
9.6g

I am getting a seg fault on make test, when this happened on redhat I
was
told it was probably the compiler.

thanks,

Matt.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project 

RE: Building 0.9.6g --RH8.0

[John . Airey]

Attached is the openssl.spec file for Red Hat 8.0, which is what Red Hat
uses to build their openssl package, presumably with gcc 3.2.

If you can make some sense of it, you'll probably find out how to get
openssl to compile. Ignore the configure options no-idea, no-mdc2 and
no-rc5. These are only there because of US patent restrictions.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] 

Theories of evolution are like buses - there'll be another one along in a
minute


 -Original Message-
 From: Inman, David [mailto:David.Inman;siemens.com]
 Sent: 31 October 2002 14:37
 To: ([EMAIL PROTECTED])
 Subject: Building 0.9.6g --RH8.0
 
 
 I am trying to build openssl-0.9.6g on a RedHat 8.0 system.  
 When I run make
 test everything pass but when I run a make install it does 
 not install the
 binaries into /usr/local/openssl (where I told it with 
 config).  I have done
 this several times on RH7.3 without a problem so I was 
 wondering if others
 have had this problem and what the solution might be.
 
 Thanks,
 
 David Inman
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
  




openssl.spec
Description: Binary data

Re: PRNG not seeded ERROR!!!!

[Erwann ABALEA]

On Thu, 31 Oct 2002, Manoj Kithany wrote:

 THANKS for your reply.
 I checked the url before I posted my query to this List. I am bit

Sorry if I offended you. You didn't specify in your first post that you
checked the URL, and since this question is in the FAQ, that means it is
asked a *lot* of times. :)

 confused - should I need to install EGD or PRNG? I checked my IBM
 Server and could'nt find /dev/random?

No, you don't have a /dev/random device entry.

I don't use AIX (only Linux or Solaris), so I can only speculate.
Why don't you install prngd and either do:
 - set the random pool to the default (something like /var/run/egd-pool),
   but you'll have to specify the option -rand /var/run/egd-pool or an
   equivalent to every program using the OpenSSL library
 - set the random pool to /dev/random, so everyone will be able to use
   this random pool
 - set the random pool to ~/.rnd, but it will be easily usable only to
   one particular user, while the others will have to use the -rand ...
   equivalent
 - set the random pool to the default, and set the RANDFILE environment
   variable so that it points to the good pool

One of these things should work...

-- 
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
The secret of success is knowing who to blame for your failures.
  Demotivators, 2001 calendar


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PRNG not seeded ERROR!!!!

[Manoj Kithany]

Thanks Erwann:

I checked my System and have installed PRNG. I checked it by using:
—
# ps -ef | grep prng
root 47354  6518   0 14:13:01  -  0:03 /opt/freeware/sbin/prngd
-f /dev/egd-pool -m 666
#
—

But still when I run OPENSSL.command it gives me same error PRNG
not seeded - wonder why!

THANKS!




 Erwann ABALEA [EMAIL PROTECTED] 10/31/02 11:03AM 
On Thu, 31 Oct 2002, Manoj Kithany wrote:

 THANKS for your reply.
 I checked the url before I posted my query to this List. I am bit

Sorry if I offended you. You didn't specify in your first post that
you
checked the URL, and since this question is in the FAQ, that means it
is
asked a *lot* of times. :)

 confused - should I need to install EGD or PRNG? I checked my
IBM
 Server and could'nt find /dev/random?

No, you don't have a /dev/random device entry.

I don't use AIX (only Linux or Solaris), so I can only speculate.
Why don't you install prngd and either do:
 - set the random pool to the default (something like
/var/run/egd-pool),
   but you'll have to specify the option -rand /var/run/egd-pool or
an
   equivalent to every program using the OpenSSL library
 - set the random pool to /dev/random, so everyone will be able to
use
   this random pool
 - set the random pool to ~/.rnd, but it will be easily usable only
to
   one particular user, while the others will have to use the -rand
...
   equivalent
 - set the random pool to the default, and set the RANDFILE
environment
   variable so that it points to the good pool

One of these things should work...

-- 
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
The secret of success is knowing who to blame for your failures.
  Demotivators, 2001 calendar


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Invalid command SSLEngine ?

[Eric Tan]

Hi,

  Why it show invalid command SSLEngine, when
running ./apachectl startssl?

  How to make it work?

  Thank you very much!

Best Regards,
  Eric Tan

_
1874(³¯«³¨³)¡A¦A¨£ÅSµ·º¿²ú(¦óÃý¸Ö)¡A·à¤l¤s¤U(ù¤å)...
Over 800 latest ringtones, only on Yahoo!
http://ringtone.yahoo.com.hk
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

SSL_read() hang after read http 100 continue headers

[Lin Ma]

Hi,My program is using 
OpenSSL function SSL_read() to read http content.It works fine for most of 
the headers, but after it receives HTTP/1.1100 Continue header (the first block of headers), it will hang 
there. It shouldcontinue to read the 
headers (which is HTTP/1.1 200 OK...). 
The following is the headerdumping and the code I used. The http equivalent 
code works fine.After the first block of 
headers, it should continually read the 2nd block of 
headers.

Is it 
because after the first block of header (see the following), the 
terminators0d 0a 0d 0a confused SSL_read? or the terminators are the 
same as SSL block terminator? How can I get around it?

This is the first 
block of headers
HTTP/1.1 100 
Continue
Server: 
Microsoft-IIS/5.0Date:Wed, 30 Oct 2002 
06:34:56 GMT

Can 
you help me?Thank 
you.while (Retries = 4 ){	len = 
strlen(buf); printf("before 
SSL_read(), buf len=%d\n", 
len);	r=SSL_read(Connect-ssl,buf,100);	err = 
SSL_get_error(Connect-ssl, r);printf("r=%d, err=%d\n", r, 
err);if (err == SSL_ERROR_NONE)	 bytes = 
r;	if (err != SSL_ERROR_NONE  err != SSL_ERROR_WANT_READ 
 err ==SSL_ERROR_ZERO_RETURN)	{		printf(" 
SSL_ERROR_ZERO_RETURN\n");break;	}if (err != 
SSL_ERROR_NONE  err != SSL_ERROR_WANT_READ  err 
==SSL_ERROR_SYSCALL)	{		printf(" 
SSL_ERROR_SYSCALL\n");break;	}	if (err != SSL_ERROR_NONE 
 err != SSL_ERROR_WANT_READ  err !=SSL_ERROR_SYSCALL 
 err != SSL_ERROR_ZERO_RETURN)	{		printf("Reading header, SSL 
read problem\n");break;	}	if (bytes  0  
Control-AGW==1) {		printf("read returned -1 (Error %d), returning 
...\n", errno);break;	}	else if (bytes == 0) 
	{		Retries++;	}	else if (bytes  0)	{		buf[bytes] = 
'\0';		printf("read %d bytes, buf={%s}\n", bytes, buf);	}			} 
0x | 48 54 54 50 2f 31 2e 31 20 31 30 30 20 43 6f 6e 
|HTTP/1.1 100 Con0x0010 | 74 69 6e 75 65 0d 0a 53 65 72 76 65 72 3a 20 
4d |tinue..Server: M0x0020 | 69 63 72 6f 73 6f 66 74 2d 49 49 53 2f 35 
2e 30 |icrosoft-IIS/5.00x0030 | 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 
33 30 20 | ..Date:Wed, 300x0040 | 4f 63 74 20 32 30 30 32 20 30 36 3a 33 
34 3a 35 | Oct 2002 06:34:50x0050 
| 36 20 47 4d 54 0d 0a 0d 
0a 
| 6 GMT0x | 48 54 54 
50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d |HTTP/1.1 200 OK.0x0010 | 0a 53 
65 72 76 65 72 3a 20 4d 69 63 72 6f 73 6f |.Server: Microso0x0020 | 66 
74 2d 49 49 53 2f 35 2e 30 0d 0a 44 61 74 65 |ft-IIS/5.0..Date0x0030 | 
3a 20 57 65 64 2c 20 33 30 20 4f 63 74 20 32 30 | : Wed,30 Oct 200x0040 
| 30 32 20 30 36 3a 33 35 3a 30 37 20 47 4d 54 0d | 02 06:35:07 GMT.0x0050 | 0a 43 6f 6e 74 65 
6e 74 2d 4c 65 6e 67 74 68 3a |.Content-Length:0x0060 | 20 31 38 36 33 
0d 0a 43 6f 6e 74 65 6e 74 2d 54 |1863..Content-T0x0070 | 79 70 65 3a 20 
74 65 78 74 2f 68 74 6d 6c 0d 0a | ype:text/html..0x0080 | 45 78 70 69 
72 65 73 3a 20 57 65 64 2c 20 33 30 |Expires: Wed, 300x0090 | 20 4f 63 
74 20 32 30 30 32 20 30 36 3a 33 35 3a | Oct 2002 06:35:0x00a0 | 30 37 20 47 4d 54 
0d 0a 43 61 63 68 65 2d 63 6f | 07 
GMT..Cache-co0x00b0 | 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 
0d 0a | ntrol: 
private..

MD5_Init

[Naviathan]

Having problems with MD5_Init when attempting to use common messenger 
programs (i.e.- ymessenger).  error - relocation error: 
/opt/ymessenger/bin/ymessenger.bin undefined symbol: MD5_Init - Using 
latest version 0.9.6g.  Attempted using config --prefix=/usr and 
/usr/local.  Neither have fixed issue.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

to secure a directory

[Karim]

Hello 
!Here is my problem : I wrote 2 codes : a server under linux and client 
forlinux (and windows). The server sends datas to a client (which is on an 
othercomputer denoted by C) and the connection is secured using 
openssl. Theclient stores those datas in a directory of C but I would like 
that nobodycould access to this directory but the administrator of C (the 
root) can:( . So I thought that I could crypt the files which are in this 
directoryusing functions of openssl. But the datas which are in the 
directory have tobe used by a code which is in this directory and I want the 
datas stillremain crypted.So is it possible to do all that 
?Thanks a lot for your help 
!Karim

RE: PRNG not seeded ERROR!!!!

[David Shapiro]

Install prngd.  It's better.  You can get egd package with egc to seed
prngd, but you don't need it.  You can just cat a bunch of files into the
prngd seed file.

David

-Original Message-
From: Manoj Kithany [mailto:MKITHANY;utah.gov]
Sent: Thursday, October 31, 2002 11:56 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: PRNG not seeded ERROR


Hi Mr. Erwann:

THANKS for your reply. 
I checked the url before I posted my query to this List. I am bit
confused - should I need to install EGD or PRNG? I checked my IBM
Server and could'nt find /dev/random?

Can you/anyone please help?

THANKS!

Manoj G. Kithany

 [EMAIL PROTECTED] 10/31/02 09:31AM 
On Thu, 31 Oct 2002, Manoj Kithany wrote:

 I installing OPENSSL and when running I get following ERROR - wonder
 why:

--
 # ./openssl req -new -nodes -keyout private.key -out public.csr
 Using configuration from /usr/local/ssl/openssl.cnf
 unable to load 'random state'
 This means that the random number generator has not been seeded with
 much random data.
 Generating a 1024 bit RSA private key
 22664:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG
not
 seeded:md_rand.c:501:You need to read the OpenSSL FAQ,
 http://www.openssl.org/support/faq.html 
 22664:error:04069003:rsa routines:RSA_generate_key:BN
 lib:rsa_gen.c:182:
 #

--

 I am using IBM AIX System.

 Any information on above...?

Yes, just point your browser to the link given in the error messages:
  http://www.openssl.org/support/faq.html 

-- 
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Un forum peut rTpondre a plusieurs besoins a la fois
Ici, le groupe des dTbutants dTpasse en nombre le groupe des
utilisateur
middle-class ce qui provoque inTvitablement des tensions.
-+- EF - Guide du Neuneu d'Usenet - La lutte des middle classes -+-

__
OpenSSL Project http://www.openssl.org

User Support Mailing List[EMAIL PROTECTED]

Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: SSL_set_fd() harmful when using nonblocking sockets?

[Dan Kegel]

I believe I have seen the OS return 0 on a 2nd read even when not at EOF.
I'll try to come up with a test case to demonstrate it.
(See http://groups.google.com/groups?selm=3DB8738F.2000409%40kegel.com
for a related thread.)
- Dan


Noel Burton-Krahn [EMAIL PROTECTED] wrote:

Uh... Dan, read() always returns 0 on EOF, so SSL_read() will always return
0 too (also setting SSL_ERROR_ZERO_RETURN). That's true for the first read
on EOF and all reads afterwards.  Do you think that read() will return 0 if
it's not EOF?  If read() would block, it returns -1 and sets errno=EAGAIN.
read()==0 alwats means EOF.

- Original Message -
From: Dan Kegel [EMAIL PROTECTED] 

With Unix nonblocking sockets, the only way to detect that the
connection has shut down is to check for a zero return from read
after poll or select says the socket is ready for reading.
(Read will cheerfully return zero at any time if you call it
again after a fully successful read(), so only the first read()
after poll() should be checked.  If you don't believe me, try it.)

Given that, let's look at how OpenSSL detects EOF:

int SSL_get_error(SSL *s,int i)
{
...
 if (i == 0) {
 if (s-version == SSL2_VERSION) {
 /* assume it is the socket being closed */
 return(SSL_ERROR_ZERO_RETURN);
 } else {
 if ((s-shutdown  SSL_RECEIVED_SHUTDOWN) 
 (s-s3-warn_alert == SSL_AD_CLOSE_NOTIFY))
 return(SSL_ERROR_ZERO_RETURN);
  }
  }
  return(SSL_ERROR_SYSCALL);
}

Hrmf.  Looks like SSL_get_error will return SSL_ERROR_ZERO_RETURN
or SSL_ERROR_SYSCALL on any zero read.  When using SSLV3 or TLS,
OpenSSL seems to have a case where it won't tell you about
zero returns from read(), which is confusing.
And since the user has no idea when OpenSSL is calling read(),
and there's no way to tell OpenSSL what poll() said,
*there is no way to properly detect EOF with nonblocking
sockets in OpenSSL when using SSL_set_fd() / bss_sock.c *.

I'm starting to think that you *must* do the read() yourself
into a buffer, and use a memory BIO of some sort.  Otherwise
you have too little control over hard EOF detection.

Somebody tell me how I'm wrong, please... I almost certainly haven't
looked into this enough to know what I'm talking about.

Thanks,
Dan



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Compiler Recomendations Solaris 8

[David Shapiro]

I haven't seen a recommendation.  I have gotten it to work with gcc 3.2 fine
on solaris 8...

David

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Thursday, October 31, 2002 10:58 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Compiler Recomendations Solaris 8


thats what I have done, but what version og GCC is recommended.


-Original Message-
From: Boyle Owen [mailto:Owen.Boyle;swx.com]
Sent: Thursday, October 31, 2002 2:59 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8


You might like to download the package from www.sunfreeware.com - then
just use pkgadd and don't bother compiling...

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 15:29
To: '[EMAIL PROTECTED]'
Subject: Compiler Recomendations Solaris 8


hi,

can someone recomend a working compiler build for solaris 8 to build
openssl
9.6g

I am getting a seg fault on make test, when this happened on redhat I
was
told it was probably the compiler.

thanks,

Matt.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Compiler Recomendations Solaris 8 (and RedHat 8 too!)

[David Shapiro]

What is the error?

-Original Message-
From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy;hp.com]
Sent: Thursday, October 31, 2002 11:18 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Compiler Recomendations Solaris 8 (and RedHat 8 too!)


I compiled openssl 9-6g on redhat 7.3 with gcc 2.96 and was told to use 3 or
2.95 (still failing)
I am using 2.95 on Solaris and it is failing with the same error as redhat
so I am lost as to what is a recomended GCC



-Original Message-
From: [EMAIL PROTECTED] [mailto:John.Airey;rnib.org.uk]
Sent: Thursday, October 31, 2002 4:08 PM
To: [EMAIL PROTECTED]
Subject: RE: Compiler Recomendations Solaris 8 (and RedHat 8 too!)


The last post to this list about compiling on RedHat 8 seems strangely
relevant too. RedHat 8 comes with gcc 3 only, whereas previous versions came
with 2.9x and a choice of using gcc 3.

Perhaps it is the case that openssl doesn't compile on gcc 3, and if so,
does anyone know how to fix it?

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] 

Theories of evolution are like buses - there'll be another one along in a
minute



 -Original Message-
 From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) 
 [mailto:matthew.darcy;hp.com]
 Sent: 31 October 2002 15:58
 To: '[EMAIL PROTECTED]'
 Subject: RE: Compiler Recomendations Solaris 8
 
 
 thats what I have done, but what version og GCC is recommended.
 
 
 -Original Message-
 From: Boyle Owen [mailto:Owen.Boyle;swx.com]
 Sent: Thursday, October 31, 2002 2:59 PM
 To: [EMAIL PROTECTED]
 Subject: RE: Compiler Recomendations Solaris 8
 
 
 You might like to download the package from www.sunfreeware.com - then
 just use pkgadd and don't bother compiling...
 
 -Original Message-
 From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) 
[mailto:matthew.darcy;hp.com]
Sent: Donnerstag, 31. Oktober 2002 15:29
To: '[EMAIL PROTECTED]'
Subject: Compiler Recomendations Solaris 8


hi,

can someone recomend a working compiler build for solaris 8 to build
openssl
9.6g

I am getting a seg fault on make test, when this happened on redhat I
was
told it was probably the compiler.

thanks,

Matt.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
__
OpenSSL Project  

RE: Invalid command SSLEngine ?

[Himanshu Soni]

You can start be making sure that mod_ssl is either linked statically or
(Bloaded dynamically via a LoadModule call in your conf/httpd.conf file.
(B
(B
(B-Original Message-
(BFrom: [EMAIL PROTECTED]
(B[mailto:[EMAIL PROTECTED]] On Behalf Of Eric Tan
(BSent: Wednesday, October 30, 2002 5:15 PM
(BTo: [EMAIL PROTECTED]
(BSubject: Invalid command "SSLEngine" ?
(B
(BHi,
(B
(B  Why it show invalid command "SSLEngine", when
(Brunning "./apachectl startssl"?
(B
(B  How to make it work?
(B
(B  Thank you very much!
(B
(BBest Regards,
(B  Eric Tan
(B
(B_
(B1874($BDDTu?W(B)$B!$:F8+O*e/`uh=(B($B2?1$;m(B)$B!$;b;R;32<(B($BMeJ8(B)...
(BOver 800 latest ringtones, only on Yahoo!
(Bhttp://ringtone.yahoo.com.hk
(B__
(BOpenSSL Project http://www.openssl.org
(BUser Support Mailing List[EMAIL PROTECTED]
(BAutomated List Manager   [EMAIL PROTECTED]
(B
(B__
(BOpenSSL Project http://www.openssl.org
(BUser Support Mailing List[EMAIL PROTECTED]
(BAutomated List Manager   [EMAIL PROTECTED]

to secure a directory

[Karim]

Hello 
!Here is my problem : I wrote 2 codes : a server under linux and client 
forlinux (and windows). The server sends datas to a client (which is on an 
othercomputer denoted by C) and the connection is secured using 
openssl. Theclient stores those datas in a directory of C but I would like 
that nobodycould access to this directory but the administrator of C (the 
root) can:( . So I thought that I could crypt the files which are in this 
directoryusing functions of openssl. But the datas which are in the 
directory have tobe used by a code which is in this directory and I want the 
datas stillremain crypted.So is it possible to do all that 
?Thanks a lot for your help 
!Karim

to secure a directory

[Karim]

Hello 
!Here is my problem : I wrote 2 codes : a server under linux and client 
forlinux (and windows). The server sends datas to a client (which is on an 
othercomputer denoted by C) and the connection is secured using 
openssl. Theclient stores those datas in a directory of C but I would like 
that nobodycould access to this directory but the administrator of C (the 
root) can:( . So I thought that I could crypt the files which are in this 
directoryusing functions of openssl. But the datas which are in the 
directory have tobe used by a code which is in this directory and I want the 
datas stillremain crypted.So is it possible to do all that 
?Thanks a lot for your help 
!Karim

Building openssl on Win2K

[openssl . 1 . nburkitt]

Okay, I give up.I followed the 
build instructions in INSTALL.W32 for VC++ only to find an unparseable makefile 
(ntdll.mak) with carriage returns embedded in the names of two macros (e.g. 
SSL^MOBJ=$(OBJ_D)\ssl.obj ...).When I fixed that, I discovered that the 
makefile was attempting to copy files from the $(SRC_D) (".") directory that actually lived in 
its many subdirectories. Rather than perform the major surgery required to 
fix that gaff, I decided to fall back, regroup and try plan B, building under 
Cygwin.That got me as far as the first call to gcc:gcc -I. -I../include 
-DTHREADS -DDSO_WIN32 -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 
-Wall -c -o cryptlib.o cryptlib.ccryptlib.c:105: #error 
"Inconsistency between crypto.h and cryptlib.c"cryptlib.c checks for#if 
CRYPTO_NUM_LOCKS != 29# error "Inconsistency between crypto.h and 
cryptlib.c"#endifOf course, crypto.h says#define 
CRYPTO_NUM_LOCKS 29but that doesn't seem to impress cryptlib.c.At 
this point I started to get suspicious...So my question is - is there anyone 
who has successfully built openssl-0.9.6g on any Win32 platform? If so, 
can I please hear from you as to how you managed the 
feat?Thanks,

-Nick

OpenSSL and Onboard Private Key Processing

[Melbourne Barton]

Hello:
Just wondering if anyone has attempted to use OpenSSL
in an environment where the private key generated by a
CA/RA is only available on a smart key token, and cannot be
extracted. That is all of the private key processing must be
done on board the token's processor, and so the key is not
available in the in a file as OpenSSL normally requires.
I am most interested in a solution that uses the Datakey Smart Key
token.

Thanks a lot!
Melbourne

\

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Building openssl on Win2K

[Gait Boxman]

I did it, and without any problem worth 
mentioning.
Your troubles might be with two things, 
though.
One might be the perl configure .. that is needed 
to set up the makefile, there is mention of a specific perl distro req'd, I just 
ran it with the one I had, and it worked fine (could be the required one, but I 
really can't remember which one I installed).
Second is that you might have forgotten to run 
vcvars32 before the nmake.
BTW, I built it with VC6 under Win2KPro. There is 
also an IDE for VC6, runs just as fine, and as a bonus, compiles all the openssl 
tools separately as well.

- Original Message - 

  From: 
  [EMAIL PROTECTED] 
  
  To: [EMAIL PROTECTED] 
  Sent: Thursday, October 31, 2002 8:09 
  PM
  Subject: Building openssl on Win2K
  
  Okay, I give up.I followed the 
  build instructions in INSTALL.W32 for VC++ only to find an unparseable 
  makefile (ntdll.mak) with carriage returns embedded in the names of two macros 
  (e.g. SSL^MOBJ=$(OBJ_D)\ssl.obj ...).When I fixed that, I discovered that 
  the makefile was attempting to copy files from the $(SRC_D) (".") directory that actually lived in 
  its many subdirectories. Rather than perform the major surgery required 
  to fix that gaff, I decided to fall back, regroup and try plan B, building 
  under Cygwin.That got me as far as the first call to gcc:gcc -I. 
  -I../include -DTHREADS -DDSO_WIN32 -DTERMIOS -DL_ENDIAN 
  -fomit-frame-pointer -O2 -m486 -Wall -c -o cryptlib.o 
  cryptlib.ccryptlib.c:105: #error "Inconsistency between crypto.h and 
  cryptlib.c"cryptlib.c checks for#if CRYPTO_NUM_LOCKS != 29# error 
  "Inconsistency between crypto.h and cryptlib.c"#endifOf course, 
  crypto.h says#define CRYPTO_NUM_LOCKS 29but that doesn't seem to 
  impress cryptlib.c.At this point I started to get suspicious...So my 
  question is - is there anyone who has successfully built openssl-0.9.6g on any 
  Win32 platform? If so, can I please hear from you as to how you managed 
  the feat?Thanks,
  
  -Nick

Re: SSL_read() hang after read http 100 continue headers

[Gait Boxman]

Looks like your code is impatient. 
When you get continue, 4 retries won't be enough to 
get the next response.
Basically, if you get an SSL_ERROR_WANT_READ, you 
just need to keep continuing to retry the SSL_read, if you expect more data that 
is. So, if you expect a server response, keep trying till you get some (you may 
want to hack in a timeout there), then process the response. If it's a continue, 
discard it and just start again reading till you get some...

  - Original Message - 
  From: 
  Lin Ma 
  To: '[EMAIL PROTECTED]' 
  
  Cc: Lin Ma 
  Sent: Wednesday, October 30, 2002 11:17 
  PM
  Subject: SSL_read() hang after read http 
  100 continue headers
  
  Hi,My program is using 
  OpenSSL function SSL_read() to read http content.It works fine for most of 
  the headers, but after it receives HTTP/1.1100 Continue header (the first block of headers), it will hang 
  there. It shouldcontinue to read 
  the headers (which is HTTP/1.1 200 OK...). The following is the headerdumping 
  and the code I used. The http equivalent code works fine.After the first block of headers, it should 
  continually read the 2nd block of headers.
  
  Is it 
  because after the first block of header (see the following), the 
  terminators0d 0a 0d 0a confused SSL_read? or the terminators are 
  the same as SSL block terminator? How can I get around it?
  
  This is the first 
  block of headers
  HTTP/1.1 
  100 Continue
  Server: 
  Microsoft-IIS/5.0Date:Wed, 30 Oct 
  2002 06:34:56 
  GMT
  
  Can 
  you help me?Thank 
  you.while (Retries = 4 ){len = 
  strlen(buf); printf("before 
  SSL_read(), buf len=%d\n", 
  len);r=SSL_read(Connect-ssl,buf,100);err = 
  SSL_get_error(Connect-ssl, r);printf("r=%d, err=%d\n", r, 
  err);if (err == SSL_ERROR_NONE) bytes = 
  r;if (err != SSL_ERROR_NONE  err != SSL_ERROR_WANT_READ 
   err ==SSL_ERROR_ZERO_RETURN){printf(" 
  SSL_ERROR_ZERO_RETURN\n");break;}if (err != SSL_ERROR_NONE 
   err != SSL_ERROR_WANT_READ  err 
  ==SSL_ERROR_SYSCALL){printf(" 
  SSL_ERROR_SYSCALL\n");break;}if (err != SSL_ERROR_NONE 
   err != SSL_ERROR_WANT_READ  err !=SSL_ERROR_SYSCALL 
   err != SSL_ERROR_ZERO_RETURN){printf("Reading header, SSL 
  read problem\n");break;}if (bytes  0  
  Control-AGW==1) {printf("read returned -1 (Error %d), returning 
  ...\n", errno);break;}else if (bytes == 0) 
  {Retries++;}else if (bytes  0){buf[bytes] = 
  '\0';printf("read %d bytes, buf={%s}\n", bytes, buf);}} 
  0x | 48 54 54 50 2f 31 2e 31 20 31 30 30 20 43 6f 6e 
  |HTTP/1.1 100 Con0x0010 | 74 69 6e 75 65 0d 0a 53 65 72 76 65 72 3a 20 
  4d |tinue..Server: M0x0020 | 69 63 72 6f 73 6f 66 74 2d 49 49 53 2f 35 
  2e 30 |icrosoft-IIS/5.00x0030 | 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 
  33 30 20 | ..Date:Wed, 300x0040 | 4f 63 74 20 32 30 30 32 20 30 36 3a 
  33 34 3a 35 | Oct 2002 
  06:34:50x0050 | 36 20 47 4d 54 0d 0a 0d 
  0a 
  | 6 GMT0x | 48 54 54 
  50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d |HTTP/1.1 200 OK.0x0010 | 0a 53 
  65 72 76 65 72 3a 20 4d 69 63 72 6f 73 6f |.Server: Microso0x0020 | 66 
  74 2d 49 49 53 2f 35 2e 30 0d 0a 44 61 74 65 |ft-IIS/5.0..Date0x0030 | 
  3a 20 57 65 64 2c 20 33 30 20 4f 63 74 20 32 30 | : Wed,30 Oct 
  200x0040 | 30 32 20 30 36 3a 33 35 3a 30 37 20 47 4d 54 0d | 02 06:35:07 GMT.0x0050 | 0a 43 6f 6e 74 
  65 6e 74 2d 4c 65 6e 67 74 68 3a |.Content-Length:0x0060 | 20 31 38 36 
  33 0d 0a 43 6f 6e 74 65 6e 74 2d 54 |1863..Content-T0x0070 | 79 70 65 
  3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a | ype:text/html..0x0080 | 45 78 
  70 69 72 65 73 3a 20 57 65 64 2c 20 33 30 |Expires: Wed, 300x0090 | 20 
  4f 63 74 20 32 30 30 32 20 30 36 3a 33 35 3a | Oct 2002 06:35:0x00a0 | 30 37 20 47 4d 54 
  0d 0a 43 61 63 68 65 2d 63 6f | 07 
  GMT..Cache-co0x00b0 | 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 
  0d 0a | ntrol: 
private..

Re: Building openssl on Win2K

[Noel Burton-Krahn]

Right, I remember I had a ton of problems building 
openssl under cygwin. No problems at all with ActiveState perl in an NT 
DOS prompt.

--Noel


  - Original Message - 
  From: 
  Gait Boxman 
  
  To: [EMAIL PROTECTED] 
  Sent: Thursday, October 31, 2002 12:45 
  PM
  Subject: Re: Building openssl on 
  Win2K
  
  I did it, and without any problem worth 
  mentioning.
  Your troubles might be with two things, 
  though.
  One might be the perl configure .. that is needed 
  to set up the makefile, there is mention of a specific perl distro req'd, I 
  just ran it with the one I had, and it worked fine (could be the required one, 
  but I really can't remember which one I installed).
  Second is that you might have forgotten to run 
  vcvars32 before the nmake.
  BTW, I built it with VC6 under Win2KPro. There is 
  also an IDE for VC6, runs just as fine, and as a bonus, compiles all the 
  openssl tools separately as well.
  
  - Original Message - 
  
From: 
[EMAIL PROTECTED] 

To: [EMAIL PROTECTED] 
Sent: Thursday, October 31, 2002 8:09 
PM
Subject: Building openssl on 
Win2K

Okay, I give up.I followed 
the build instructions in INSTALL.W32 for VC++ only to find an unparseable 
makefile (ntdll.mak) with carriage returns embedded in the names of two 
macros (e.g. SSL^MOBJ=$(OBJ_D)\ssl.obj ...).When I fixed that, I 
discovered that the makefile was attempting to copy files from the $(SRC_D) (".") directory that actually lived 
in its many subdirectories. Rather than perform the major surgery 
required to fix that gaff, I decided to fall back, regroup and try plan B, 
building under Cygwin.That got me as far as the first call to 
gcc:gcc -I. -I../include -DTHREADS -DDSO_WIN32 -DTERMIOS 
-DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall -c -o cryptlib.o 
cryptlib.ccryptlib.c:105: #error "Inconsistency between crypto.h and 
cryptlib.c"cryptlib.c checks for#if CRYPTO_NUM_LOCKS != 29# 
error "Inconsistency between crypto.h and cryptlib.c"#endifOf 
course, crypto.h says#define CRYPTO_NUM_LOCKS 29but that 
doesn't seem to impress cryptlib.c.At this point I started to get 
suspicious...So my question is - is there anyone who has successfully 
built openssl-0.9.6g on any Win32 platform? If so, can I please hear 
from you as to how you managed the feat?Thanks,

-Nick

HP and OpenSSL

[Ryan Frantz]

Has anyone successfully installed OpenSSL on an 
HP-UX box?See the error below:


ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o 
cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o/usr/lib/dld.sl: Can't 
find path for shared library: libfl.sl/usr/lib/dld.sl: No such file or 
directory*** Termination signal 134

Stop.*** Error exit code 1
I have an HP-UX 11 (11.11) system with gcc 3.2 
installed (HP's port). I have looked high and low for the file 'libfl.sl' 
and found no mention of it. I even tried looking for an HP port of OpenSSL 
but only found a cut down version of it for their hp3000 series web 
servers.

Any information you may have would be greatly 
appreciated.

Ryan

RSA Secure Server CA cert expire

[xiangdong xu]

Hi there,
I compiled libwww with Openssl. When I test the client
program, wwwssl, against my secure server, I have CA
certificate expired error. Actually the CA for the
server cert is not expired. I found later that OpenSSL
try to replace the server CA cert with the
corresponding one in its own store and it appears that
the one in its own store expired. 
Can anyone confirm this behavior? How to correct the
expired cert in the cert store?

BTW, wwwssl does not load CA from any file.

Thank you very much,

-Sean

__
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: HP and OpenSSL

[Hendrick Chan]

There is an hp-ux depot here : http://hpux.cs.utah.edu/hppd/hpux/Languages/openssl-0.9.6d/


Ryan Frantz wrote:

Has
anyone successfully installed OpenSSL on an HP-UX box? See the error
below:ar r ../libcrypto.a
cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
uid.o
/usr/lib/dld.sl: Can't find path for
shared library: libfl.sl
/usr/lib/dld.sl: No such file or directory
*** Termination signal 134Stop.
*** Error exit code 1I
have an HP-UX 11 (11.11) system with gcc 3.2 installed (HP's port).
I have looked high and low for the file 'libfl.sl' and found no mention
of it. I even tried looking for an HP port of OpenSSL but only found
a cut down version of it for their hp3000 series web servers.Any
information you may have would be greatly appreciated.Ryan



begin:  vcard
fn: Hendrick Chan
n:  Chan;Hendrick
org:Maxim Integrated Products
email;internet: [EMAIL PROTECTED]
x-mozilla-cpt:  ;0
x-mozilla-html: TRUE
version:2.1
end:vcard

Re: anybody using EGADS?

[Xperex Tim]

The OpenSSL PRNG feels that it is fully seeded with 160 bits, i.e. 20 bytes of 
entropy.  In
rand_lcl.h the symbol ENTROPY_NEEDED is defined to 20.  In 0.9.6g at least.

Tim

--- Edward Chan [EMAIL PROTECTED] wrote:
 Hi Stephen,
 
 Thanks for the reply.  You're absolutely right.  It
 does appear that I am not blocked indefinitely...it
 certainly does take a while to gather entropy.  I was
 using nBytes = 1024.  Then I tried 512.  Still very
 long time.
 
 Any suggestions on what a number should be for
 acceptable randomness?
 
 Does anybody have any alternative suggestions?  Does
 anybody know how Apache seeds the OpenSSL PRNG on
 Windows?  I think Apache uses OpenSSL don't they?
 
 Thanks,
 Ed
 
 --- Stephen G. Schoggen [EMAIL PROTECTED]
 wrote:
  Ed,
  
  I tried EGADS on Windows (PIII 866) and found that
  it's time to 
  'gather entropy' was noticeable beyond nBytes=4.  So
  if you use a 
  relatively large nBytes, then it would appear to
  block.
  
  Steve
  
  
  Hi there,
  
  Is anybody using EGADS on Windows?  I'm having a
  problem using it.  I've downloaded the source and
  built everything.  The egads service is running. 
  I've
  written a program that links with egads.dll.  I
  have a
  function that tries to see the OpenSSL PRNG :
  
  bool seedPRNG(int nBytes)
  {
 prngctx_t ctx;
 int nError;
  
 egads_init(ctx, 0, 0, nError);
 if (nError != 0)
 {
 DEBUG_TRACE1(_T(egads_init() failed : %d (Is
  egads
  service running???)), nError);
 return false;
 }
  
 char* pBuf = new char[nBytes + 1];
 egads_entropy(ctx, pBuf, nBytes, nError);
 bool bOK = (0 == nError);
 if (bOK)
 {
 RAND_seed(pBuf, nBytes);
 }
 delete [] pBuf;
  
 egads_destroy(ctx);
 return bOK;
  }
  
  However, I seem to be blocking inside (presumably
  as
  egads gathers entropy), but it seems like I never
  unblock.  Can anybody tell me what I'm doing wrong?
  
  Thanks,
  Ed
  
  __
  Do you Yahoo!?
  Y! Web Hosting - Let the expert host your web site
  http://webhosting.yahoo.com/
 
 __
  OpenSSL Project
  http://www.openssl.org
  User Support Mailing List   
  [EMAIL PROTECTED]
  Automated List Manager  
  [EMAIL PROTECTED]
  
 
 __
  OpenSSL Project
  http://www.openssl.org
  User Support Mailing List   
  [EMAIL PROTECTED]
  Automated List Manager  
 [EMAIL PROTECTED]
 
 
 __
 Do you Yahoo!?
 Y! Web Hosting - Let the expert host your web site
 http://webhosting.yahoo.com/
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]


__
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: to secure a directory

[Adriano Devillaine]

The data you're talking is some configuration file or something?

The application that use this data ... can decrypt the data?, or could
you add this functionality to those applications... i think your using
symmetric cryptography... that's easy... you have to use the EVP
librery...

if not... your loss... that's the meaning of security... 
confidentiality and message integrity (and authentication sometimes...)

Regards AD

El jue, 31-10-2002 a las 15:40, Karim escribió:
 Hello !
 
 Here is my problem : I wrote 2 codes : a server under linux and client for
 linux (and windows). The server sends datas to a client (which is on an other
 computer denoted  by C) and the connection is secured using openssl. The
 client stores those datas in a directory of C but I would like that nobody
 could access to this directory but the administrator of C (the root) can
 :( . So I thought that I could crypt the files which are in this directory
 using functions of openssl. But the datas which are in the directory have to
 be used by a code which is in this directory and I want the datas still
 remain crypted.
 So is it possible to do all that ?
 
 Thanks a lot for your help !
 
 Karim
 


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Building openssl on Win2K

[Tim Regovich]

check the version of perl you are using.
I had the exact same problem and upgrading my perl
version fixed all of the issues.
I am sorry, but I do not have version numbers handy.

Regards,

Tim
--- Noel Burton-Krahn [EMAIL PROTECTED] wrote:
 Right, I remember I had a ton of problems building
 openssl under cygwin.  No problems at all with
 ActiveState perl in an NT DOS prompt.
 
 --Noel
 
   - Original Message - 
   From: Gait Boxman 
   To: [EMAIL PROTECTED] 
   Sent: Thursday, October 31, 2002 12:45 PM
   Subject: Re: Building openssl on Win2K
 
 
   I did it, and without any problem worth
 mentioning.
   Your troubles might be with two things, though.
   One might be the perl configure .. that is needed
 to set up the makefile, there is mention of a
 specific perl distro req'd, I just ran it with the
 one I had, and it worked fine (could be the required
 one, but I really can't remember which one I
 installed).
   Second is that you might have forgotten to run
 vcvars32 before the nmake.
   BTW, I built it with VC6 under Win2KPro. There is
 also an IDE for VC6, runs just as fine, and as a
 bonus, compiles all the openssl tools separately as
 well.
 
   - Original Message - 
 From: [EMAIL PROTECTED] 
 To: [EMAIL PROTECTED] 
 Sent: Thursday, October 31, 2002 8:09 PM
 Subject: Building openssl on Win2K
 
 
 Okay, I give up.
 I followed the build instructions in INSTALL.W32
 for VC++ only to find an unparseable makefile
 (ntdll.mak) with carriage returns embedded in the
 names of two macros (e.g. SSL^MOBJ=$(OBJ_D)\ssl.obj
 ...).
 When I fixed that, I discovered that the
 makefile was attempting to copy files from the
 $(SRC_D)  (.) directory that actually lived in its
 many subdirectories.  Rather than perform the major
 surgery required to fix that gaff, I decided to fall
 back, regroup and try plan B, building under Cygwin.
 That got me as far as the first call to gcc:
 gcc -I. -I../include -DTHREADS  -DDSO_WIN32
 -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486
 -Wall   -c -o cryptlib.o cryptlib.c
 cryptlib.c:105: #error Inconsistency between
 crypto.h and cryptlib.c
 cryptlib.c checks for
 #if CRYPTO_NUM_LOCKS != 29
 # error Inconsistency between crypto.h and
 cryptlib.c
 #endif
 Of course, crypto.h says
 #define CRYPTO_NUM_LOCKS  29
 but that doesn't seem to impress cryptlib.c.
 At this point I started to get suspicious...
 So my question is - is there anyone who has
 successfully built openssl-0.9.6g on any Win32
 platform?  If so, can I please hear from you as to
 how you managed the feat?
 Thanks,
 
 -Nick
 


__
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: using an on-disk session caching framework

[Bear Giles]

Edward Chan wrote:

The default behavior of server-side session caching is
to cache session in memory.  This is probably not
gonna work very well if there are a lot of connections
to the server

It says to open file named according to session id. 
However, session_id contains non-ascii chars, chars
that are illegal in a filename.  So how can I name my
file according to the session_id?

If you have enough sessions that you need to cache them on disk, you 
probably don't want to write them one-to-a-file either.  Don't be so 
literal about the open file comment.

Instead, open a single database instance (e.g., a Berkeley DB in hash 
  mode, since you don't care about ordering) and use the session ID as 
your key ID.  The non-ASCII characters aren't an issue since you specify 
a pointer and length, not a null-terminated string, as your key.

In practice, I believe apache's mod_ssl uses sdb instead of traditional 
db files for some reason, and you should definitely investigate why. 
But definitely go with a single, very efficient container object instead 
of using the filesystem as one.  Even if you're guaranteed to be running 
on a new FS that uses btrees for the directory info, it's still much 
faster to do a hash lookup than a btree search, O(1) vs O(lg N).

Bear

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Windows: Code Signing Certificate

[Mark Olbert]

Title: Message



Can anyone direct me 
to documentation (or a howto) on using openssl to create a digital certificate 
that can be used to sign macros in an Excel worksheet?

I've successfully 
created and installed a root certificate authority for myself under Windows, but 
when I try to sign code with it, Windows complains that it doesn't have enough 
information to verify the certificate. Which is odd, since installing the 
certificate went smoothly. But that's Windows for you :)

- Mark [EMAIL PROTECTED] 

RE: Building openssl on Win2K

[openssl . 1 . nburkitt]

Thanks to all who replied with suggestions. It turned out to be something
completely different.
I had used PKZIP to unzip and untar the distribution tarball and -
surprise! - rather than creating links (Windows shortcuts) where
appropriate, it creates 0-byte files! That meant that all of the header
files in ./openssl/include were empty - not much surprise that it caused
compilation problems. Even though config attempts to reestablish the links
(shortcuts), the attempts fail because the targets already exist (sort of).
I nuked all the 0-byte files I could find and re-ran config, after which
make ran without a hitch.

-Nick

 -Original Message-
 From: Tim Regovich - [EMAIL PROTECTED]
 [mailto:+openssl+nburkitt+222c6d3499.tregovich#yahoo.com;spamgourmet.com
 ]
 Sent: Thursday, October 31, 2002 2:26 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Building openssl on Win2K (openssl: addressed to trusted
 sender for this address)


 check the version of perl you are using.
 I had the exact same problem and upgrading my perl
 version fixed all of the issues.
 I am sorry, but I do not have version numbers handy.

 Regards,

 Tim
 --- Noel Burton-Krahn [EMAIL PROTECTED] wrote:
  Right, I remember I had a ton of problems building
  openssl under cygwin.  No problems at all with
  ActiveState perl in an NT DOS prompt.
 
  --Noel
 
- Original Message -
From: Gait Boxman
To: [EMAIL PROTECTED]
Sent: Thursday, October 31, 2002 12:45 PM
Subject: Re: Building openssl on Win2K
 
 
I did it, and without any problem worth
  mentioning.
Your troubles might be with two things, though.
One might be the perl configure .. that is needed
  to set up the makefile, there is mention of a
  specific perl distro req'd, I just ran it with the
  one I had, and it worked fine (could be the required
  one, but I really can't remember which one I
  installed).
Second is that you might have forgotten to run
  vcvars32 before the nmake.
BTW, I built it with VC6 under Win2KPro. There is
  also an IDE for VC6, runs just as fine, and as a
  bonus, compiles all the openssl tools separately as
  well.
 
- Original Message -
  From: [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Thursday, October 31, 2002 8:09 PM
  Subject: Building openssl on Win2K
 
 
  Okay, I give up.
  I followed the build instructions in INSTALL.W32
  for VC++ only to find an unparseable makefile
  (ntdll.mak) with carriage returns embedded in the
  names of two macros (e.g. SSL^MOBJ=$(OBJ_D)\ssl.obj
  ...).
  When I fixed that, I discovered that the
  makefile was attempting to copy files from the
  $(SRC_D)  (.) directory that actually lived in its
  many subdirectories.  Rather than perform the major
  surgery required to fix that gaff, I decided to fall
  back, regroup and try plan B, building under Cygwin.
  That got me as far as the first call to gcc:
  gcc -I. -I../include -DTHREADS  -DDSO_WIN32
  -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486
  -Wall   -c -o cryptlib.o cryptlib.c
  cryptlib.c:105: #error Inconsistency between
  crypto.h and cryptlib.c
  cryptlib.c checks for
  #if CRYPTO_NUM_LOCKS != 29
  # error Inconsistency between crypto.h and
  cryptlib.c
  #endif
  Of course, crypto.h says
  #define CRYPTO_NUM_LOCKS  29
  but that doesn't seem to impress cryptlib.c.
  At this point I started to get suspicious...
  So my question is - is there anyone who has
  successfully built openssl-0.9.6g on any Win32
  platform?  If so, can I please hear from you as to
  how you managed the feat?
  Thanks,
 
  -Nick
 


 __
 Do you Yahoo!?
 HotJobs - Search new jobs daily now
 http://hotjobs.yahoo.com/
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PRNG not seeded ERROR!!!!

[Suram Chandra Sekhar]

Hi,
I would like to ask one more question in connection to this one.  
How would you gather randomness or entryopy on a system that doesn't have
any /dev/egd-pool or /dev/urandom or /dev/random.

What cn be good sources of randomness and how do I know how much randomness is 
required?

Regards
Suram

 
 Thanks Erwann:
 
 I checked my System and have installed PRNG. I checked it by using:
 
—
 # ps -ef | grep prng
 root 47354  6518   0 14:13:01  -  0:03 /opt/freeware/sbin/prngd
 -f /dev/egd-pool -m 666
 #
 
—
 
 But still when I run OPENSSL.command it gives me same error PRNG
 not seeded - wonder why!
 
 THANKS!
 
 
 
 
  Erwann ABALEA [EMAIL PROTECTED] 10/31/02 11:03AM 
 On Thu, 31 Oct 2002, Manoj Kithany wrote:
 
  THANKS for your reply.
  I checked the url before I posted my query to this List. I am bit
 
 Sorry if I offended you. You didn't specify in your first post that
 you
 checked the URL, and since this question is in the FAQ, that means it
 is
 asked a *lot* of times. :)
 
  confused - should I need to install EGD or PRNG? I checked my
 IBM
  Server and could'nt find /dev/random?
 
 No, you don't have a /dev/random device entry.
 
 I don't use AIX (only Linux or Solaris), so I can only speculate.
 Why don't you install prngd and either do:
  - set the random pool to the default (something like
 /var/run/egd-pool),
but you'll have to specify the option -rand /var/run/egd-pool or
 an
equivalent to every program using the OpenSSL library
  - set the random pool to /dev/random, so everyone will be able to
 use
this random pool
  - set the random pool to ~/.rnd, but it will be easily usable only
 to
one particular user, while the others will have to use the -rand
 ...
equivalent
  - set the random pool to the default, and set the RANDFILE
 environment
variable so that it points to the good pool
 
 One of these things should work...
 
 -- 
 Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
 -
 The secret of success is knowing who to blame for your failures.
   Demotivators, 2001 calendar
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Windows: Code Signing Certificate

[Franck Martin]

Title: Message



www.tldp.org SSL-Certificates 
HOWTO

feel 
free to send an update based on your experience...

-Original Message-From: Mark 
Olbert [mailto:[EMAIL PROTECTED]]Sent: Friday, 1 November 2002 4:53 
To: [EMAIL PROTECTED]Subject: Windows: Code 
Signing Certificate

  Can anyone direct 
  me to documentation (or a howto) on using openssl to create a digital 
  certificate that can be used to sign macros in an Excel 
  worksheet?
  
  I've successfully 
  created and installed a root certificate authority for myself under Windows, 
  but when I try to sign code with it, Windows complains that it doesn't have 
  enough information to verify the certificate. Which is odd, since installing 
  the certificate went smoothly. But that's Windows for you 
  :)
  
  - Mark [EMAIL PROTECTED] 
  

RE: Windows: Code Signing Certificate

[Mark Olbert]

Title: Message



Thanx, 
Franck, I'll post an update after my head clears; I find using openssl very 
confusing, not to mention stressful (although that may be due to the fact that 
I've never gotten CA.pl to work properly; I always have to go back and read the 
CA.pl source to figure out what the SSL HowTo documentation 
means).

- 
Mark

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On 
  Behalf Of Franck MartinSent: Thursday, October 31, 2002 9:06 
  PMTo: '[EMAIL PROTECTED]'Subject: RE: Windows: 
  Code Signing Certificate
  www.tldp.org SSL-Certificates 
  HOWTO
  
  feel 
  free to send an update based on your experience...
  
  -Original Message-From: Mark 
  Olbert [mailto:[EMAIL PROTECTED]]Sent: Friday, 1 November 2002 4:53 
  To: [EMAIL PROTECTED]Subject: Windows: Code 
  Signing Certificate
  
Can anyone 
direct me to documentation (or a howto) on using openssl to create a digital 
certificate that can be used to sign macros in an Excel 
worksheet?

I've 
successfully created and installed a root certificate authority for myself 
under Windows, but when I try to sign code with it, Windows complains that 
it doesn't have enough information to verify the certificate. Which is odd, 
since installing the certificate went smoothly. But that's Windows for you 
:)

- Mark [EMAIL PROTECTED] 

Re: using an on-disk session caching framework

[Geoff Thorpe]

On Thursday 31 Oct 2002 8:56 pm, Bear Giles wrote:
 Edward Chan wrote:
  The default behavior of server-side session caching is
  to cache session in memory.  This is probably not
  gonna work very well if there are a lot of connections
  to the server
 
  It says to open file named according to session id.
  However, session_id contains non-ascii chars, chars
  that are illegal in a filename.  So how can I name my
  file according to the session_id?

 If you have enough sessions that you need to cache them on disk, you
 probably don't want to write them one-to-a-file either.  Don't be so
 literal about the open file comment.

 Instead, open a single database instance (e.g., a Berkeley DB in hash
mode, since you don't care about ordering) and use the session ID as
 your key ID.  The non-ASCII characters aren't an issue since you
 specify a pointer and length, not a null-terminated string, as your
 key.

 In practice, I believe apache's mod_ssl uses sdb instead of traditional
 db files for some reason, and you should definitely investigate why.
 But definitely go with a single, very efficient container object
 instead of using the filesystem as one.  Even if you're guaranteed to
 be running on a new FS that uses btrees for the directory info, it's
 still much faster to do a hash lookup than a btree search, O(1) vs O(lg
 N).

I'd actually contradict you here, one of the main problems with the
performance of the disk-based ((s)dbm) cache implementation is precisely
the fact that it uses a hash-table! It's often misunderstood as being
slower but more stable because it's a file. In reality it's not
disk-access that's going to *really* slow things down (the db file
usually ends up cached in the kernel anyway), and neither is it more
stable because of disk-access - for precisely the same reason! :- The
actual performance problem is how to algorithmically expire old sessions
flush the database of old data so it doesn't grow without limit - in the
case of mod_ssl's dbm-based cache design, these two problems are
actually the same problem. The hash-database means the only way to
remove expired sessions is to iterate across the entire database! This
is the same problem as one of mod_ssl's other cache modes, 'shmht' -
though shmht is implemented using shared-memory instead of dbm. The
result is that genuine expiry operations are only done every once in a
while; you lose storage (and memory-caching) efficiency, and you
periodically do a very high overhead O(n) search where n is the number
of cached sessions.

So, if you save each session to a different file I guess it would be
possible to use the path to make the expiry logic easier. Eg. each
minute in the future has its own theoretical directory (it is only
created if its ever needed). When saving a session, you could put it in
the directory corresponding to the minute it will be expired. The
current directory you look at (the current minute) will contain a
mixture of sessions that are just about to expire or have just expired -
but any directories representing minutes in the past contain only old
sessions (you can delete/unlink them whenever you like) and all
directories representing minutes in the future contain healthy unexpired
sessions. This makes 'expiry' and 'flush' operations O(1), which is hard
to beat. Inserts are O(1) too. And if you name the session files
according to the sessions' ID, 'lookup' operations (and non-expiry
'delete's) become O(n), where n is the length of the session timeout in
minutes (so it's a constant anyway) rather than 'n' growing the number
of sessions in the cache. Of course, if you don't want to thrash the
disk to hell with this example technique (because this wouldn't benefit
from kernel-caching like a single dbm file would), I'd suggest doing it
inside a loopback file-system so it's all virtualised in memory anyway.

Or you could push session caching out of the server and on to the
network;
   http://www.distcache.org/

Cheers,
Geoff

-- 
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: using an on-disk session caching framework

[Bear Giles]

Geoff Thorpe wrote:
 The hash-database means the only way to

remove expired sessions is to iterate across the entire database!


Or you maintain an auxillary database that maps the expiry time to a 
list of session IDs.  This could be a btree (perhaps with a bucket of 
session IDs, to avoid dulicate keys) or a priority queue, or a number of 
other things.

Since this is a much smaller structure, it could be maintained in 
memory.  If you restart the system you'll have to rebuild the auxillary 
database, but it should only take O(N lg N) time.

I agree that you could also use directories.  My concern is just that 
I've seen applications crawl because of the time required to scan a 
directory when there's more than a few hundred entries in it.  If you 
use directories to keep the entry count down, you can minimize this problem.

Bear

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]