Problems compiling a little and simple probe
hello, I'm intested to learn to use openSSL library can make my applications. I start with a little and simple probe, but I couldn't compile it. My probe has three four files: - Common_sslLib.h: #ifndef __COMMON_SSLLIB__ #define __COMMON_SSLLIB__ #include #include #include #include #include #include #define SERVHOST "localhost" #define SERVPORT "26711" void openSSLInit(); void handleError( void *, char *); #endif - common_sslLib.c #include "common_sslLib.h" //initialize openssl library void openSSLInit() { SSL_library_init(); SSL_load_error_strings(); //load human-readable iformation about error codes. //action_to_seed_PRNG(); } //manager erros function void handleError( void *obj, char *msg ) { if( obj == NULL ) { printf( "¡ ERROR: %s !\n", msg ); exit(-1); } } - client.c //proper libraries declaration #include "common_sslLib.h" int main( int argc, char **argv ) { //variables declaration BIO *bioSocket; //end declaration variables openSSLInit(); //establish connection bioSocket = BIO_new_connect( SERVHOST ":" SERVPORT ); handleError( bioSocket, "BIO_new_connect failed" ); if( BIO_do_connect( bioSocket ) <= 0 ) { printf(" ¡ERROR: BIO_do_connect failed, unreachable host ! " ); exit(-1); } while( 1 ); return 0; } - server.c //proper libraries declaration #include "common_sslLib.h" int main( int argc, char **argv ) { //variables declaration BIO *sockAccept; //end variables openSSLInit(); //create server socket (BIO is a class that contain a socket) sockAccept = SSL_new_accept( SERVPORT ); handleError( sockAccept, "SSL_new_accept failed, server socket was not created" ); //bind the server socket if( SSL_do_accept( sockAccept ) <= 0 ) handleError( NULL, "SSL_do_accept failed, the address could not bind to socket" ); //put the socket to accept the petitions if( SSL_do_accept( sockAccept ) <= 0 ) handleError( NULL, "SSL_do_accept failed. Error accepting connection" ); } My problem is, when I compile the common_sslLib and client, I don't have any problem but when I compile the server I have some problems of the openssl server that it uses. I compile then through of this way: $export OPENSSL_LIB_DIR=/usr/include/openssl/ $gcc -I$OPENSSL_LIB_DIR -c common_sslLib.c $gcc -I$OPENSSL_LIB_DIR -lssl -o client client.c common_sslLib.o $ gcc -I$OPENSSL_LIB_DIR -lssl -o server server.c common_sslLib.o /tmp/cc7Ff8Ri.o(.text+0x1e): En la función `main': : referencia a `SSL_new_accept' sin definir /tmp/cc7Ff8Ri.o(.text+0x42): En la función `main': : referencia a `SSL_do_accept' sin definir /tmp/cc7Ff8Ri.o(.text+0x66): En la función `main': : referencia a `SSL_do_accept' sin definir collect2: ld devolvió el estado de salida 1 $ In the folder /usr/include/openssl there are these files: aes.h conf.h err.h obj_mac.h rc4.htls1.h asn1.h crypto.h evp.h ocsp.h ripemd.h tmdiff.h asn1_mac.h des.h hmac.h opensslconf.h rsa.htxt_db.h asn1t.h des_old.h krb5_asn.h opensslv.h safestack.h ui_compat.h bio.h dh.h kssl.h ossl_typ.h sha.hui.h blowfish.h dsa.h lhash.h pem2.h ssl23.h x509.h bn.hdso.h md2.h pem.h ssl2.h x509v3.h buffer.hebcdic.h md4.h pkcs12.h ssl3.h x509_vfy.h cast.h ec.h md5.h pkcs7.hssl.h comp.h engine.h mdc2.h rand.h stack.h conf_api.h e_os2.hobjects.h rc2.h symhacks.h Thanks. Este mensaje ha sido analizado y protegido por la tecnologia antivirus www.trendmicro.es __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL WANT READ ERROR
Madhuri Rambhatla wrote: I am a brand new user of OpenSSL. I have installed version 0.9.7d on my Win 2000 Server. My compiler is Visual Studio .NET for C++. When I try to perform a SSL_write(.) I get an error SSL_WANT_READ_ERROR. Please tell me how to rectify this. See for example http://www.openssl.org/docs/ssl/SSL_write.html# Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: newbie Q.
Thanks It's openssl x509 -in clinetapp.pem -outform DER -out clientall.crt Quoting Joe smith <[EMAIL PROTECTED]>: > I think this is it: > > openssl x509 -in clientapp.pem -out clientapp.crt > > But please confirm. > > Joe > > > > > Ian Miller <[EMAIL PROTECTED]> wrote: > How do I convert my sitecert.pem to a sitecert.crt > what are the comands for it. > Thanks in advanced. > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > > - > Do you Yahoo!? > Yahoo! Mail Address AutoComplete - You start. We finish. -- Ian Miller Sr. Systems Engineer University of Chicago [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL WANT READ ERROR
Hi, I am a brand new user of OpenSSL. I have installed version 0.9.7d on my Win 2000 Server. My compiler is Visual Studio .NET for C++. When I try to perform a SSL_write(…) I get an error SSL_WANT_READ_ERROR. Please tell me how to rectify this. Thanks. Madhuri Rambhatla Lead Systems Programmer Venue 1 Inc 954 797 9883
Re: TLS wrong version number problem, the correct lib for openssl ?
It's solved (finally...) Apparently to test openssl s_server / s_client connection, I have to specify option -ssl3 in both the server and the client, otherwise (if it's only specified at the server site), it will throw you wrong version number error. The TLS issue with PAM_LDAP + OPENLDAP is solved as well, I need to apply /dev/random patch for solaris 8...I guess that's why it failed to connect using SSLv3. Thanks for your help, Richard. I installed ssldump in solaris, it really helps me in figuring things out ! cheers, lara --- Richard Koenning <[EMAIL PROTECTED]> wrote: > Lara Adianto wrote: > > > > What's the correct libraries for openssl ? > > Is this okay: > > [EMAIL PROTECTED] local]# ldd /usr/bin/openssl > > libdl.so.2 => /lib/libdl.so.2 (0x4001b000) > > libc.so.6 => /lib/i686/libc.so.6 > (0x4001f000) > > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 > > (0x4000) > > > > no libcrypto and libssl ? > > The ldd ouput on an linux box here with an old linux > version looks > alike. I tried to build openssl on this machine with > shared libraries, > but this wasn't successful. On a box with a newer > linux version ldd > shows libcrypto and libssl and there are shared libs > libssl.so.0 and > libcrypto.so.0. > So your ldd output seems to be ok for openssl build > with static libs. > Ciao, > Richard > -- > Dr. Richard W. Könning > Fujitsu Siemens Computers GmbH > __ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager > [EMAIL PROTECTED] > = La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Web browser certificate
Hi All, 1.)How can I make the request of an Internet Explorer web browser security certificate more "user proof". I am using Apache 1.3.27 with modssl and openssl compiled? My webserver is running on RedHat ES 3, but all my clients are MS workstations? My objective is that a user must be able to request a certificate via the webbrowser. I am not a php or equivalent programmer, so I need a "ready made" or example of such a solution. 2.)What is the preferred way to convert a signed certificate to MS IE format? Regards Enrique The information transmitted hereby is confidential and may be legally privileged. If not the intended recipient, you may not read, use or disseminate that information. Although our communications are believed to be free of any virus or defect , it is the responsibility of the recipient to ensure that they are virus free and no responsibility is accepted for any loss or damage arising from receipt or use thereof. The KWV Group, its subsidiaries or associates do not accept liability for any personal views expressed in this message. KWV does not enter into contracts via e-mail, and personnel are not authorized to do so. KWV contracts must take form of paper-based versions signed in person. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Freeing the x509 struct.
[EMAIL PROTECTED] wrote: Do we need to free the X509 structure returned by d2i_X509() and PEM_read_X509() functions after using it? yes Nils __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]