A problem using a COM dll built with libeay32.dll
Hi, everyone: I have a problem. The situation is like this-- I built a project with VC, and the project is a ATL COM project. I built it with libeay32.lib which I added in the project settings-link , and the code generation I chose Multithreaded DLL. The COM dll was sucessfully built. When I use the dll in a VB project or asp, it is normal and have no problem. Now I put the dll in a directory of a web server using Windows2000 and added it to the Component Services. The web server got the data which was encrypted and posted by other clients , then web server's asp program created an object of the COM dll and decrypted the data and returned some messages to clients. When I check the Event Viewer's Application Log of the web server, I find there are some com error produced by the COM application.The errors are like this-- The system has called a custom component and that component has failed and generated an exception. This indicates a problem with the custom component. Notify the developer of this component that a failure has occurred and provide them with the information below. Component Prog ID: Server Application ID: {4FC68A3D-A240-4133-834A-2CF075B0C543} Server Application Name: GnetDll The serious nature of this error has caused the process to terminate. Exception: C005 Address: 0x010A110D Call Stack: LIBEAY32!RSA_private_decrypt+0xD We are sure the error was produced by the COM application because there are no other program using the libeay32.dll except this. I put libeay32.dll in the system32 for that I used static linking libeay32.lib within my project. Could anyone know why this happend and how could I solve this problem? Thanks all. lvjing __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How do I correctly handle SSL_shutdown?
Hi, If I understand it correctly the close_notify alert is only there to prevent a truncation attack. If your higher level protocol can check that all expected data is present then it is OK just to close the socket. To be safe it would be better to call SSL_shutdown() in the client when it is complete. In the server you can call SSL_get_shutdown() when you expect the client may disconnect. In the server it should be fine to call SSL_shutdown() anyway. I don't think the SSL specification defines whether the server must send a close_notify. I hope this helps, Mark. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: rsa certificate and private key question
Hi, by using the following openssl cli, i generate a rsa private key key and a self signed certificate file. $ openssl genrsa -out key.pem 1024 $ openssl req -new -key key.pem -out request.pem $ openssl x509 -req -days 30 -in request.pem -signkey key.pem -out certificate.pem when i try to load the key file and certificate file to my ssl context, both SSL_CTX_use_certificate_file(ctx,keyfile,SSL_FILETYPE_PEM) and SSL_CTX_use_PrivateKey_file(ctx,keyfile,SSL_FILETYPE_PEM) returns 1. I'm not an expert but I think you need to use certificate.pem in your call to SSL_CTX_use_certificate_file() however, when i use SSL_CTX_check_private_key(ctx) to check if the key matchs the certificate, this function returns 0. Check the error queue. This should contain the reason for the error. Best Regards, Mark Williams Tech OP ltd __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: A problem using a COM dll built with libeay32.dll
If it works with VB, and if you have the private key stored in usual Windows certificate store perhaps your COM has problems to access the private key to decipher data, because a service has no GUI to access the private key password. Also, it could be any other kind of error that happens when your COM has been called a lot of times, and does not happen when you use it only a few times. Try to print in the log the parameters you are passing to RSA_private_decrypt each time. - Original Message - From:[EMAIL PROTECTED] To: openssl-dev@openssl.org; openssl-users@openssl.org Sent: Wednesday, December 21, 2005 12:08 PM Subject: A problem using a COM dll built with libeay32.dll Hi, everyone: I have a problem. The situation is like this-- I built a project with VC, and the project is a ATL COM project. I built it with libeay32.lib which I added in the project settings-link , and the code generation I chose Multithreaded DLL. The COM dll was sucessfully built. When I use the dll in a VB project or asp, it is normal and have no problem. Now I put the dll in a directory of a web server using Windows2000 and added it to the Component Services. The web server got the data which was encrypted and posted by other clients , then web server's asp program created an object of the COM dll and decrypted the data and returned some messages to clients. When I check the Event Viewer's Application Log of the web server, I find there are some com error produced by the COM application.The errors are like this-- The system has called a custom component and that component has failed and generated an exception. This indicates a problem with the custom component. Notify the developer of this component that a failure has occurred and provide them with the information below. Component Prog ID: Server Application ID: {4FC68A3D-A240-4133-834A-2CF075B0C543} Server Application Name: GnetDll The serious nature of this error has caused the process to terminate. Exception: C005 Address: 0x010A110D Call Stack: LIBEAY32!RSA_private_decrypt+0xD We are sure the error was produced by the COM application because there are no other program using the libeay32.dll except this. I put libeay32.dll in the system32 for that I used static linking libeay32.lib within my project. Could anyone know why this happend and how could I solve this problem? Thanks all. lvjing __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
X509_free() ?
Hi All, 1. Can anybody give a hint where exactly X509_free() is defined ? 2. I m doubting on some memory leak in OpenSLL on our port version, any pointer how to debug that ? Thanks Regards, RSJ
Re: X509_free() ?
On Wed, Dec 21, 2005, Rajeshwar Singh Jenwar wrote: 1. Can anybody give a hint where exactly X509_free() is defined ? It is defined with the macro IMPLEMENT_ASN1_FUNCTIONS(X509) but that is only a wrapper round ASN1_item_free(). That probaly wont help... 2. I m doubting on some memory leak in OpenSLL on our port version, any pointer how to debug that ? Check the FAQ to see if you have freed up the static tables first. Personally I enable OpenSSLs in built leak detection (see manual pages) and use a debugger to trace the exact location of the leak. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
use public/shared key encryption api
I want to write a simple socket code that only use OpenSSL's public and secret (AES) encryption/decryption API just for data payload without going through the full SSL tcp connection setup handshake. How do I do this? Is there any example or sources that show how this is done? any information will be greatly appreciated! Sent from the OpenSSL - User forum at Nabble.com: use public/shared key encryption api
RE: use public/shared key encryption api
I want to write a simple socket code that only use OpenSSL's public and secret (AES) encryption/decryption API just for data payload without going through the full SSL tcp connection setup handshake. How do I do this? Is there any example or sources that show how this is done? any information will be greatly appreciated! Is there something they do that you don't need? Otherwise, you'll have to reinvent the entire setup process, which seems like a huge waste of time and effort for no gain and at huge risk. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
otherName not supported?
(sorry if this is a dup, I never saw my previous email come through) I was hoping to use otherName to store some information in my certificates... but it seems it's not all that supported: [EMAIL PROTECTED] tmp]$ openssl x509 -in test.crt -noout -text ... X509v3 Subject Alternative Name: othername:unsupported ... Is this a known bug, or am I missing something? -- Phil Dibowitz P: 310-360-2330 C: 213-923-5115 Unix Admin, Ticketmaster.com signature.asc Description: OpenPGP digital signature
Re: otherName not supported?
On Wed, Dec 21, 2005, Phil Dibowitz wrote: (sorry if this is a dup, I never saw my previous email come through) I was hoping to use otherName to store some information in my certificates... but it seems it's not all that supported: [EMAIL PROTECTED] tmp]$ openssl x509 -in test.crt -noout -text ... X509v3 Subject Alternative Name: othername:unsupported ... Is this a known bug, or am I missing something? Currently the otherName component isn't displayed with the X509 print routines. You can however include arbitrary otherName data by specifying the appropriate ASN1 syntax in the config file. You'll need OpenSSL 0.9.8 to do that. This is documented in the x509v3_config manual page. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: A problem using a COM dll built with libeay32.dll
I think it is not my COM has problems to access to the private key because it works normally in most time of the day. I will use your method to print the log to check if there were some problems in parameters. 2005/12/21, Pablo J Royo [EMAIL PROTECTED]: If it works with VB, and if you have the private key stored in usual Windows certificate store perhaps your COM has problems to access the private key to decipher data, because a service has no GUI to access the private key password. Also, it could be any other kind of error that happens when your COM has been called a lot of times, and does not happen when you use it only a few times. Try to print in the log the parameters you are passing to RSA_private_decrypt each time. - Original Message - From:[EMAIL PROTECTED] To: openssl-dev@openssl.org; openssl-users@openssl.org Sent: Wednesday, December 21, 2005 12:08 PM Subject: A problem using a COM dll built with libeay32.dll Hi, everyone: I have a problem. The situation is like this-- I built a project with VC, and the project is a ATL COM project. I built it with libeay32.lib which I added in the project settings-link , and the code generation I chose Multithreaded DLL. The COM dll was sucessfully built. When I use the dll in a VB project or asp, it is normal and have no problem. Now I put the dll in a directory of a web server using Windows2000 and added it to the Component Services. The web server got the data which was encrypted and posted by other clients , then web server's asp program created an object of the COM dll and decrypted the data and returned some messages to clients. When I check the Event Viewer's Application Log of the web server, I find there are some com error produced by the COM application.The errors are like this-- The system has called a custom component and that component has failed and generated an exception. This indicates a problem with the custom component. Notify the developer of this component that a failure has occurred and provide them with the information below. Component Prog ID: Server Application ID: {4FC68A3D-A240-4133-834A-2CF075B0C543} Server Application Name: GnetDll The serious nature of this error has caused the process to terminate. Exception: C005 Address: 0x010A110D Call Stack: LIBEAY32!RSA_private_decrypt+0xD We are sure the error was produced by the COM application because there are no other program using the libeay32.dll except this. I put libeay32.dll in the system32 for that I used static linking libeay32.lib within my project. Could anyone know why this happend and how could I solve this problem? Thanks all. lvjing __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How do I correctly handle SSL_shutdown?
AFAIK, if a close notify is not sent, the the ssl connection termination is considered premature and the session cannot be reused. The specification does not define it as a MUST, rather it is defined as a SHOULD. If session reuse is not a necessary criteria (if your willing to compromise performance) then server need not send the close notify. Thanks --Gayathri Hi, If I understand it correctly the close_notify alert is only there to prevent a truncation attack. If your higher level protocol can check that all expected data is present then it is OK just to close the socket. To be safe it would be better to call SSL_shutdown() in the client when it is complete. In the server you can call SSL_get_shutdown() when you expect the client may disconnect. In the server it should be fine to call SSL_shutdown() anyway. I don't think the SSL specification defines whether the server must send a close_notify. I hope this helps, Mark. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]