RE: sending binary data using openSSL
int result = fread(wbuf, fsize, 1, fp); void *buffer; buffer = (char *)malloc (length); long err = SSL_write(ssl,buffer, strlen((char *)buffer)); err = SSL_get_error(ssl,err); You lost track of what you were doing. You put the number of bytes to send in 'result', but then you called 'strlen' to determine how many bytes to send. Since 'buffer' does not contain a C-style string, the result of passing it to 'strlen' is definitely not going to make any sense. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl 0.9.8e build fails on HP Itanium
Can I get some more help on this please? Could someone tell me if I am doing something wrong while building openssl? Is this a known issue with openssl + HP itanium 64 bit build ? Thanks, ~ Urjit - Original Message - From: Grzegorz Rusin [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Monday, September 10, 2007 2:37 PM Subject: Re: Openssl 0.9.8e build fails on HP Itanium On 9/10/07, Urjit Gokhale [EMAIL PROTECTED] wrote: ld: Duplicate symbol __divxf3 in files /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] and /usr/local/lib/gcc/ia64-hp-hpux11.23/3.4.3/hpux64/libgcc.a[__divxf3.oS] It looks like one object file is being passed two times to the linker. -- Pozdrawiam. Grzegorz Rusin, skype: mr.pks __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BIO_set_nbio_accept functionality
Dr. Stephen Henson wrote: On Fri, Sep 07, 2007, Jim Marshall wrote: Thanks for the feedback, unfortunately I don't fully follow you. In my code I have a 'opensocket' function in which I do this: ret = BIO_new_accept(hostString); if (ret != NULL) { BIO_set_nbio_accept(ret, 1); BIO_set_bind_mode(ret, BIO_BIND_REUSEADDR); /* bind listen */ if (BIO_do_accept(ret) 0) ... Then i have a function called 'startListening which I do the following: acceptRet = BIO_do_accept(sock); if (acceptRet 0) { BIO* client = NULL; SSL* ssl = NULL; client = BIO_pop(sock); // also tried BIO_set_nbio_accept on the line below BIO_set_nbio(client, 1); BIO_set_nbio_accept(client, 1); ssl = SSL_new(gCtx); if (ssl != NULL) { SSL_set_bio(ssl, client, client); SSL_set_accept_state(ssl); ... Am I placing the call in the wrong place? Add a call BIO_set_nbio(ret, 1) after the call to BIO_set_nbio_accept() in the opensocket function. You shouldn't need the other BIO_set_nbio() calls then. Thank you, this worked great! I appreciate your help. -Jim Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BIO_set_nbio_accept functionality
Jim Fox wrote: So beyond the BIO_do_accept, I used the openssl client program to connect to my server. I was expecting the above to make all the sockets non-blocking, but when I called SSL_read in my code it seems to block for data. I tried using the BIO_set_nbio an BIO_set_nbio_accept calls but no joy. Basically i am trying to make all the socket calls non-blocking, what am I missing? As far as I know you have to separately do the non-blocking setup for both the listen socket and the accept socket. What works for me is this: (continuing from your previous example) .. previous listening code .. (with the BIO_set_nbio_accept) acceptRet = BIO_do_accept(sock); if (acceptRet 0) { BIO* client = NULL; SSL* ssl = NULL; client = BIO_pop(sock); ssl = SSL_new(gCtx); then something like: SSL_set_bio(ssl, client, client); SSL_set_accept_state(ssl); int sl = 1; BIO_socket_ioctl(SSL_get_fd(ssl),FIONBIO,sl); I suppose it's a full circle return to the everybody uses BIO_socket_ioctl, but it does work. Thanks for taking the time to answer my question Jim, I appreciate it! -Jim Jim __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL won't compile on debian etch amd64
spider:~# gcc -v Using built-in specs. Target: i486-linux-gnu Configured with: ../src/configure -v --enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --program-suffix=-4.1 --enable-__cxa_atexit --enable-clocale=gnu --enable-libstdcxx-debug --enable-mpfr --with-tune=i686 --enable-checking=release i486-linux-gnu Thread model: posix gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21) spider:~# ld -v GNU ld version 2.17 Debian GNU/Linux spider:/opt/openssl-0.9.8e-etch/apps# gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT \ -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall \ -DMD32_REG_T=int -DMD5_ASM -c -S -o s_server.s s_server.c gives no message at all, so it seems to work spider:/opt/openssl-0.9.8e-etch/apps# gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT \ -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall \ -DMD32_REG_T=int -DMD5_ASM -c -o s_server.o s_server.s s_server.s: Assembler messages: s_server.s:437: Error: Incorrect register `%rax' used with `l' suffix s_server.s:445: Error: Incorrect register `%rbx' used with `l' suffix s_server.s:465: Error: Incorrect register `%rdx' used with `l' suffix s_server.s:466: Error: Incorrect register `%rbx' used with `l' suffix spider:/opt/openssl-0.9.8e-etch/apps# as you can see this gives the errors i had what do you want me to make available online ? the log ? Florian Darryl Miles wrote: Please take a look at this thread for assistance. http://www.mail-archive.com/[EMAIL PROTECTED]/msg22972.html In your case manually run these 3 commands: cd apps gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT \ -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall \ -DMD32_REG_T=int -DMD5_ASM -c -S -o s_server.s s_server.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT \ -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall \ -DMD32_REG_T=int -DMD5_ASM -c -o s_server.o s_server.s All I did was take your gcc command line and change -o s_server.o for -S -o s_server.s this causes the compiler to emit the assembler code in the file s_server.s, in there at line 437 is the error. If you make that available somewhere online (rather than post it to the list) I can confirm the problem is a broken compiler or not. Please confirm your binutils and gcc version. gcc -v, ld -v Darryl Florian Schnabel wrote: still noone has any ideas why it wont compile ? i'm rather lost without openssl and i can't just reinstall the box without a lot of extra work __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Certificate request message sent by s_server
Greetings All, For the s_server command, when -Verify option is used, the s_server gives the following certificate request message: 0d390503040102400031002f This said, the certificate types supported are 0x03, 0x04, 0x01, 0x02, 0x40. Per RFC 2246 section 7.4.4, 0x03 denotes rsa_fixed_dh, 0x04 denotes dss_fixed_dh, 0x01 denotes rsa_sign, and 0x02 denotes dss_sign. Questions... 1) What does certificate type 0x40 denote? 2) As far as I know, OpenSSL does not support certificates with fixed DH public parameters. Why are 0x03 and 0x04 in the list (and more preferable than 0x01 and 0x02..)? Does this imply that though OpenSSL is not able to generate certificates with fixed DH parameters, s_server is able to verify certificates with fixed DH parameters? Many thanks.. -Xiaoyu Ruan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL Library Error: 336187530 error :1409D08A
The suspicious libraries were /usr/sfw/lib/libcrypto.so.0.9.7 and /usr/sfw/lib/libssl.so.0.9.7, both in the SUN Solaris 10 distribution. Building openssl_0.9.7m from source using /opt/SUNWspro/bin/cc and swapping in the new libraries cleared the problem. Thanks, Joe Joseph Burch wrote: Folks - My apologies if this topic has already been addressed - SunOS 5.10 Generic_125100-10 sun4u sparc SUNW,Sun-Fire-V440 (SUN distributed pkgs) Server: Apache/2.0.55, Interface: mod_ssl/2.0.55, Library: OpenSSL/0.9.7d Following an error-free startup of Apache, I try to establish an https connection, encounter this (in part), and the connection drops: [Fri Sep 07 16:54:46 2007] [debug] ssl_engine_kernel.c(1813): OpenSSL: Exit: error in SSLv3 read certificate verify A [Fri Sep 07 16:54:46 2007] [info] SSL library error 1 in handshake (server naos.lib.virginia.edu:443, client 128.143.12.29) [Fri Sep 07 16:54:46 2007] [info] SSL Library Error: 336187530 error:1409D08A:SSL routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable Can someone help? Regards, Joseph Burch ITC-Unix University of Virginia __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL Library Error: 336187530 error :1409D08A
On Tue, Sep 11, 2007 at 11:45:41AM -0400, Joseph Burch wrote: The suspicious libraries were /usr/sfw/lib/libcrypto.so.0.9.7 and /usr/sfw/lib/libssl.so.0.9.7, both in the SUN Solaris 10 distribution. Building openssl_0.9.7m from source using /opt/SUNWspro/bin/cc and swapping in the new libraries cleared the problem. Folks - My apologies if this topic has already been addressed - SunOS 5.10 Generic_125100-10 sun4u sparc SUNW,Sun-Fire-V440 (SUN distributed pkgs) Server: Apache/2.0.55, Interface: mod_ssl/2.0.55, Library: OpenSSL/0.9.7d Following an error-free startup of Apache, I try to establish an https connection, encounter this (in part), and the connection drops: [Fri Sep 07 16:54:46 2007] [debug] ssl_engine_kernel.c(1813): OpenSSL: Exit: error in SSLv3 read certificate verify A [Fri Sep 07 16:54:46 2007] [info] SSL library error 1 in handshake (server naos.lib.virginia.edu:443, client 128.143.12.29) [Fri Sep 07 16:54:46 2007] [info] SSL Library Error: 336187530 error:1409D08A:SSL routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable Sun only provides AES-128, and not AES-256. The OpenSSL 0.9.7 library (with cipherlists other than DEFAULT which Sun explicitly modified to drop the AES-256 ciphers) was not until 0.9.7m able to notice that part of the AES ciphers was missing. From the change log: *) Since AES128 and AES256 share a single mask bit in the logic of ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a kludge to work properly if AES128 is available and AES256 isn't. [Victor Duchovni] When using the Sun libraries you must construct your cipherlist by subtracting from DEFAULT. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SSL Library Error
I apologize in advance if this is not the correct forum for this question. I haven't had much luck in the apache forums. I have an apache 2.0.55 installation that I'm attempting to recompile on an HP-UX 11 system. It has mod_ssl 2.0.66 and I have OpenSSL 0.9.8d installed in /opt/openssl098d. The system itself apparently has an older version of OpenSSL (0.9.7e) installed in /usr/local. We have apache running on this system just fine, but I have to recompile in order to add LDAP support. If I take a fresh tarball of apache-2.0.55 and do a configure, make, make install, everything completes without error. Doing an LDD of the httpd binary shows it linked to the OpenSSL 0.9.8d libraries in /opt/openssl098d/lib. The server starts up without issue, but when I connect (with apache in debug mode), I get this: [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 established (server ourserver.name.scrubbed:8040, client client IP scrubbed) [Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of entropy [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512): OpenSSL: read 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo llows) [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459): +--- --+ [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | : 80 67 01 03 01 00 4e 00-00 00 10 .gN | [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1490): +--- --+ [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake (server ourserver.name.scrubbed:8040, client client IP scrubbed) [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!? [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 closed with abortive shutdown(server ourserver.name.scrubbed:8040, client IP scrubbed) That's if mod_ssl is compiled as a shared module. If I compile it into the httpd binary statically, then each request results in a child process spawning and sitting in the Waiting mode. The pile up and pile up until they eventually drive the server load up to really high levels. One oddity I notice is that even though I set every environment variable I know of (SHLIB_PATH, LD_LIBRARY_PATH, CPPFLAGS, LDFLAGS) to point to /opt/openssl098d/lib, the apache server-status lists OpenSSL 0.9.7e (the local system install). The other thing is that a few months ago, I was working on the same issue and manage to compile a version of apache in a parallel directory using the same configure commands (I believe) as now, and that install works perfectly!! I'm thinking it's something strange with my current build environment but am uncertain where else to look. Where could apache be picking up that other SSL library?
Re: SSL Library Error
On Tue, Sep 11, 2007 at 01:43:50PM -0400, Aaron Smith wrote: I apologize in advance if this is not the correct forum for this question. I haven't had much luck in the apache forums. I have an apache 2.0.55 installation that I'm attempting to recompile on an HP-UX 11 system. It has mod_ssl 2.0.66 and I have OpenSSL 0.9.8d installed in /opt/openssl098d. The system itself apparently has an older version of OpenSSL (0.9.7e) installed in /usr/local. We have apache running on this system just fine, but I have to recompile in order to add LDAP support. If I take a fresh tarball of apache-2.0.55 and do a configure, make, make install, everything completes without error. Doing an LDD of the httpd binary shows it linked to the OpenSSL 0.9.8d libraries in /opt/openssl098d/lib. The server starts up without issue, but when I connect (with apache in debug mode), I get this: Perhaps you are using headers from one version of OpenSSL and linking with libraries from another. Make sure compile-time and run-time versions match. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
C++ compatability
I am trying to call the HMAC function (openssl 0.9.8e) within my C++ code. When I include openssl/hmac.h I get compilation errors on the asn1.h file at lines 905, 915, 920, 933, 938, and 985 all saying invalid conversion from 'void (*)() to 'void*'. This makes sense because the libraries are compiled with gcc but I am compiling my software with g++ and in C++ this type of casting is not allowed. So my question is how do you use openssl in C++ when the include files use C specific syntax such as this? Thank you in advance for the help. Justin * This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail. *** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: C++ compatability
I have the following code but I still get the compile errors described below. There are no other openssl includes or function calls other than what is shown below. extern C { #include openssl/hmac.h } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saju Paul Sent: Tuesday, September 11, 2007 2:37 PM To: openssl-users@openssl.org Subject: RE: C++ compatability extern C { // defn... } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin - ACD Sent: Tuesday, September 11, 2007 2:20 PM To: openssl-users@openssl.org Subject: C++ compatability I am trying to call the HMAC function (openssl 0.9.8e) within my C++ code. When I include openssl/hmac.h I get compilation errors on the asn1.h file at lines 905, 915, 920, 933, 938, and 985 all saying invalid conversion from 'void (*)() to 'void*'. This makes sense because the libraries are compiled with gcc but I am compiling my software with g++ and in C++ this type of casting is not allowed. So my question is how do you use openssl in C++ when the include files use C specific syntax such as this? Thank you in advance for the help. Justin * This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail. *** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] * This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail. *** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: C++ compatability
is the compile error on the header file (asn1.h) or at the call ? copy and paste the error include any necessary code. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin - ACD Sent: Tuesday, September 11, 2007 2:55 PM To: openssl-users@openssl.org Subject: RE: C++ compatability I have the following code but I still get the compile errors described below. There are no other openssl includes or function calls other than what is shown below. extern C { #include openssl/hmac.h } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saju Paul Sent: Tuesday, September 11, 2007 2:37 PM To: openssl-users@openssl.org Subject: RE: C++ compatability extern C { // defn... } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin - ACD Sent: Tuesday, September 11, 2007 2:20 PM To: openssl-users@openssl.org Subject: C++ compatability I am trying to call the HMAC function (openssl 0.9.8e) within my C++ code. When I include openssl/hmac.h I get compilation errors on the asn1.h file at lines 905, 915, 920, 933, 938, and 985 all saying invalid conversion from 'void (*)() to 'void*'. This makes sense because the libraries are compiled with gcc but I am compiling my software with g++ and in C++ this type of casting is not allowed. So my question is how do you use openssl in C++ when the include files use C specific syntax such as this? Thank you in advance for the help. Justin * This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail. *** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] * This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail. *** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSL Library Error
Looking at the output of LDD closer, it looks like the httpd binary is linked to both libraries. BUT, I don't think this is the cause of the problem as the httpd binary that DOES work is ALSO linked this way -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni Sent: Tuesday, September 11, 2007 1:57 PM To: openssl-users@openssl.org Subject: Re: SSL Library Error On Tue, Sep 11, 2007 at 01:43:50PM -0400, Aaron Smith wrote: I apologize in advance if this is not the correct forum for this question. I haven't had much luck in the apache forums. I have an apache 2.0.55 installation that I'm attempting to recompile on an HP-UX 11 system. It has mod_ssl 2.0.66 and I have OpenSSL 0.9.8d installed in /opt/openssl098d. The system itself apparently has an older version of OpenSSL (0.9.7e) installed in /usr/local. We have apache running on this system just fine, but I have to recompile in order to add LDAP support. If I take a fresh tarball of apache-2.0.55 and do a configure, make, make install, everything completes without error. Doing an LDD of the httpd binary shows it linked to the OpenSSL 0.9.8d libraries in /opt/openssl098d/lib. The server starts up without issue, but when I connect (with apache in debug mode), I get this: Perhaps you are using headers from one version of OpenSSL and linking with libraries from another. Make sure compile-time and run-time versions match. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: C++ compatability
Saju Paul wrote: is the compile error on the header file (asn1.h) or at the call ? copy and paste the error include any necessary code. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin - ACD Sent: Tuesday, September 11, 2007 2:55 PM To: openssl-users@openssl.org Subject: RE: C++ compatability I have the following code but I still get the compile errors described below. There are no other openssl includes or function calls other than what is shown below. extern C { #include openssl/hmac.h } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saju Paul Sent: Tuesday, September 11, 2007 2:37 PM To: openssl-users@openssl.org Subject: RE: C++ compatability extern C { // defn... } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin - ACD Sent: Tuesday, September 11, 2007 2:20 PM To: openssl-users@openssl.org Subject: C++ compatability I am trying to call the HMAC function (openssl 0.9.8e) within my C++ code. When I include openssl/hmac.h I get compilation errors on the asn1.h file at lines 905, 915, 920, 933, 938, and 985 all saying invalid conversion from 'void (*)() to 'void*'. This makes sense because the libraries are compiled with gcc but I am compiling my software with g++ and in C++ this type of casting is not allowed. So my question is how do you use openssl in C++ when the include files use C specific syntax such as this? Thank you in advance for the help. Justin While I'm finding this discussion on misinformation entertaining, I realize Justin probably has a job to do. In general, all you ever need to include is: #include openssl/ssl.h #include openssl/err.h After your other #include files. Those will generally #include any other files you might need...including the HMAC routines. I've never had any issues with VC++ or gcc/g++ when doing that. -- Thomas Hruska Shining Light Productions Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. http://www.slproweb.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSL Library Error
for 32-bit objects set SHLIB_PATH and unset LD_LIBRARY_PATH for 64-bit objects set LD_LIBRARY_PATH and unset SHLIB_PATH might help.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Aaron Smith Sent: Tuesday, September 11, 2007 3:34 PM To: openssl-users@openssl.org Subject: RE: SSL Library Error Looking at the output of LDD closer, it looks like the httpd binary is linked to both libraries. BUT, I don't think this is the cause of the problem as the httpd binary that DOES work is ALSO linked this way -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni Sent: Tuesday, September 11, 2007 1:57 PM To: openssl-users@openssl.org Subject: Re: SSL Library Error On Tue, Sep 11, 2007 at 01:43:50PM -0400, Aaron Smith wrote: I apologize in advance if this is not the correct forum for this question. I haven't had much luck in the apache forums. I have an apache 2.0.55 installation that I'm attempting to recompile on an HP-UX 11 system. It has mod_ssl 2.0.66 and I have OpenSSL 0.9.8d installed in /opt/openssl098d. The system itself apparently has an older version of OpenSSL (0.9.7e) installed in /usr/local. We have apache running on this system just fine, but I have to recompile in order to add LDAP support. If I take a fresh tarball of apache-2.0.55 and do a configure, make, make install, everything completes without error. Doing an LDD of the httpd binary shows it linked to the OpenSSL 0.9.8d libraries in /opt/openssl098d/lib. The server starts up without issue, but when I connect (with apache in debug mode), I get this: Perhaps you are using headers from one version of OpenSSL and linking with libraries from another. Make sure compile-time and run-time versions match. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL Library Error
Hello, I apologize in advance if this is not the correct forum for this question. I haven’t had much luck in the apache forums. I have an apache 2.0.55 installation that I’m attempting to recompile on an HP-UX 11 system. It has mod_ssl 2.0.66 and I have OpenSSL 0.9.8d installed in /opt/openssl098d. The system itself apparently has an older version of OpenSSL (0.9.7e) installed in /usr/local. We have apache running on this system just fine, but I have to recompile in order to add LDAP support. If I take a fresh tarball of apache-2.0.55 and do a configure, make, make install, everything completes without error. Doing an LDD of the httpd binary shows it linked to the OpenSSL 0.9.8d libraries in /opt/openssl098d/lib. The server starts up without issue, but when I connect (with apache in debug mode), I get this: [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 established (server ourserver.name.scrubbed:8040, client client IP scrubbed) [Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of entropy [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512): OpenSSL: read 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo llows) [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459): +--- --+ [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | : 80 67 01 03 01 00 4e 00-00 00 10 .gN This looks like SSL2 client hello with TLS1 proposition. [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake (server ourserver.name.scrubbed:8040, client client IP scrubbed) [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!? Maybe you have only SSL3 enabled on server, in this case OpenSSL refuses SSL2 client hello (GNUTLS accepts). Check connection over SSL with commads: $ openssl s_client -connect ip:port -ssl2 $ openssl s_client -connect ip:port -ssl3 $ openssl s_client -connect ip:port -tls1 is any of this command working ? Maybe you should modify Apache SSLProtocol directive. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL Library Error
On Tue, Sep 11, 2007 at 03:34:13PM -0400, Aaron Smith wrote: Looking at the output of LDD closer, it looks like the httpd binary is linked to both libraries. BUT, I don't think this is the cause of the problem as the httpd binary that DOES work is ALSO linked this way Being linked to both libraries is a problem, but even more so if the first library that is loaded does not match the compile-time headers. First escape DLL-hell, then debug other issues. If your LDAP library depends on OpenSSL 0.9.7, you need to link Apache also with 0.9.7. Mixing 0.9.7 and 0.9.8 in the same binary leads to unspecified behaviour. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSL Library Error
I'll see if I can figure out what's causing apache to link to 0.9.7. As far as I know, I've got all my environment variables set to look at the 0.9.8 libraries. It seems odd that the original compile would work though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni Sent: Tuesday, September 11, 2007 4:12 PM To: openssl-users@openssl.org Subject: Re: SSL Library Error On Tue, Sep 11, 2007 at 03:34:13PM -0400, Aaron Smith wrote: Looking at the output of LDD closer, it looks like the httpd binary is linked to both libraries. BUT, I don't think this is the cause of the problem as the httpd binary that DOES work is ALSO linked this way Being linked to both libraries is a problem, but even more so if the first library that is loaded does not match the compile-time headers. First escape DLL-hell, then debug other issues. If your LDAP library depends on OpenSSL 0.9.7, you need to link Apache also with 0.9.7. Mixing 0.9.7 and 0.9.8 in the same binary leads to unspecified behaviour. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: C++ compatability
It is very clear that you Thomas have never ever used the hmac routines !! So how you entertain yourself is irrelevant to the problem being discussed. thank you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas J. Hruska Sent: Tuesday, September 11, 2007 3:38 PM To: openssl-users@openssl.org Subject: Re: C++ compatability Saju Paul wrote: is the compile error on the header file (asn1.h) or at the call ? copy and paste the error include any necessary code. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin - ACD Sent: Tuesday, September 11, 2007 2:55 PM To: openssl-users@openssl.org Subject: RE: C++ compatability I have the following code but I still get the compile errors described below. There are no other openssl includes or function calls other than what is shown below. extern C { #include openssl/hmac.h } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saju Paul Sent: Tuesday, September 11, 2007 2:37 PM To: openssl-users@openssl.org Subject: RE: C++ compatability extern C { // defn... } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin - ACD Sent: Tuesday, September 11, 2007 2:20 PM To: openssl-users@openssl.org Subject: C++ compatability I am trying to call the HMAC function (openssl 0.9.8e) within my C++ code. When I include openssl/hmac.h I get compilation errors on the asn1.h file at lines 905, 915, 920, 933, 938, and 985 all saying invalid conversion from 'void (*)() to 'void*'. This makes sense because the libraries are compiled with gcc but I am compiling my software with g++ and in C++ this type of casting is not allowed. So my question is how do you use openssl in C++ when the include files use C specific syntax such as this? Thank you in advance for the help. Justin While I'm finding this discussion on misinformation entertaining, I realize Justin probably has a job to do. In general, all you ever need to include is: #include openssl/ssl.h #include openssl/err.h After your other #include files. Those will generally #include any other files you might need...including the HMAC routines. I've never had any issues with VC++ or gcc/g++ when doing that. -- Thomas Hruska Shining Light Productions Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. http://www.slproweb.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL Library Error
On Tue, Sep 11, 2007 at 04:15:47PM -0400, Aaron Smith wrote: I'll see if I can figure out what's causing apache to link to 0.9.7. As far as I know, I've got all my environment variables set to look at the 0.9.8 libraries. It seems odd that the original compile would work though. On any complex system that mixes multiple TLS talking components (LDAP, Apache itself, nss modules that use LDAP, ...) it is important to standardize on a single system-wide version of the OpenSSL library (not just OpenSSL, similar concerns apply to Berkeley DB and other core components). When faced with such a system (one that is partly built from source, and partly via vendor binary packages), you must resist the urge to use the latest-greatest version of a library that is also included at a different release level in the base system. If the default OpenSSL for the vendor system is 0.9.7, stick with that, but use the latest patch level. If you want 0.9.8, upgrade to a system release that uses 0.9.8 throughout. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL won't compile on debian etch amd64
Florian Schnabel wrote: spider:/opt/openssl-0.9.8e-etch/apps# gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT \ -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall \ -DMD32_REG_T=int -DMD5_ASM -c -o s_server.o s_server.s s_server.s: Assembler messages: s_server.s:437: Error: Incorrect register `%rax' used with `l' suffix s_server.s:445: Error: Incorrect register `%rbx' used with `l' suffix s_server.s:465: Error: Incorrect register `%rdx' used with `l' suffix s_server.s:466: Error: Incorrect register `%rbx' used with `l' suffix spider:/opt/openssl-0.9.8e-etch/apps# as you can see this gives the errors i had what do you want me to make available online ? the log ? The s_server.s file that was created, the one now reporting the errors. Darryl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: C++ compatability
Saju Paul wrote: It is very clear that you Thomas have never ever used the hmac routines !! Oops. And you're right. I've never used them. Just looked them up (lazy me). Definitely requires the openssl/hmac.h file (but it never hurts to include the others - particularly the err.h file). However, I did bother to Google for similar problems with g++: http://www.cygwin.com/ml/cygwin/2003-10/msg00793.html OP: Check for a '-xc' flag (e.g. environment variables, command-line). Causes the __cplusplus #define to not exist. Kind of important. Although I'm not sure how the you compile C++ code in the first place without it. You can make sure that the #define exists by doing: #ifndef __cplusplus #error Yikes! No C++ support! #endif Somewhere at the top of the code. -- Thomas Hruska Shining Light Productions Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. http://www.slproweb.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: C++ compatability
* Phillips, Justin - ACD wrote on Tue, Sep 11, 2007 at 14:20 -0400: I am trying to call the HMAC function (openssl 0.9.8e) within my C++ code. When I include openssl/hmac.h I get compilation errors on the asn1.h file at lines 905, 915, 920, 933, 938, and 985 all saying invalid conversion from 'void (*)() to 'void*'. This makes sense because the libraries are compiled with gcc but I am compiling my software with g++ and in C++ this type of casting is not allowed. So my question is how do you use openssl in C++ when the include files use C specific syntax such as this? Thank you in advance for the help. Hi, surely you also already had this idea, but just in case: we use wrappers often (in other projects, no openssl related) by having a C module with a C/C++ interoperable header calling the func one-to-one in its .c implementation. Maybe you'll use another MAC later or so, in this case this could even help :-) However, in most cases brutal unchecked `c style casts' help, because things like (const void*)myFunc are also possible in C++, just as in C; I'm not sure if reinterpret_castconst void*(myFunc) would work here. However, if .h does not even compile, this won't help at all, but of course instead you could include a fixed prototype which invites maintenance problems that can be excitingly expensive to detect and fix (if the prototypes change). If asn1.h is automatically generated by some asn1c or alike prototypes may be difficult to fix... oki, Steffen About Ingenico Throughout the world businesses rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico products leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them. www.ingenico.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. About Ingenico Throughout the world businesses rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico products leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them. www.ingenico.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: C++ compatability
Saju Paul [EMAIL PROTECTED] writes: It is very clear that you Thomas have never ever used the hmac routines !! So how you entertain yourself is irrelevant to the problem being discussed. thank you. You'll need to give more information. For me, the following C++ program compiles, links (needs to link against -lcrypto -lssl), and runs (printing the unexciting md_len = 20). This is using gcc (4.1) on GNU/Linux, x86, with OpenSSL 0.9.8e. #include openssl/ssl.h #include openssl/hmac.h #include strings.h #include iostream int main(int, char *[]) { SSL_library_init(); OpenSSL_add_all_algorithms(); const char key[] = hello; const char data[] = some data to hash; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int md_len; HMAC(EVP_sha1(), key, strlen(key), reinterpret_castconst unsigned char*(data), strlen(data), md, md_len); std::cout md_len = md_len std::endl; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]