Extracting RecipientInfos/DER from S/MIME message

[Benjamin Amling]

Hello,

is it possible to extract the DER blob from the RecipientInfos-part of a
S/MIME message? I tried the following steps already but couldn't manage
to get what I want:

*
BIO *bin = BIO_new(BIO_s_mem());
BIO_write(bin, mimeMessage.c_str(), mimeMessage.size()); // no errors

CMS_ContentInfo *cms = SMIME_read_CMS(bin, NULL); // no errors

STACK_OF(CMS_RecipientInfo) * ris = CMS_get0_RecipientInfos(cms); // no
errors

CMS_RecipientInfo *ri;
for (int i = 0; i  sk_CMS_RecipientInfo_num(ris); ++i) {
  ri = sk_CMS_RecipientInfo_value(ris, i);
  // sk_CMS_RecipientInfo_num(ris) returns 1, so it shouldn't be empty
  // CMS_RecipientInfo_type(ri) returns 0
}
**

This is as far as I got. I have no idea on how to proceed and what I can
do with the CMS_RecipientInfos I managed to extract so far.

I'm still quite new to using the OpenSSL API in C/C++ so I'd appreciate
any kind of help. :-)


Thanks in advance!

Benjamin


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Extracting RecipientInfos/DER from S/MIME message

[Dr. Stephen Henson]

On Wed, Apr 14, 2010, Benjamin Amling wrote:

 Hello,
 
 is it possible to extract the DER blob from the RecipientInfos-part of a
 S/MIME message? I tried the following steps already but couldn't manage
 to get what I want:
 
 *
 BIO *bin = BIO_new(BIO_s_mem());
 BIO_write(bin, mimeMessage.c_str(), mimeMessage.size()); // no errors
 
 CMS_ContentInfo *cms = SMIME_read_CMS(bin, NULL); // no errors
 
 STACK_OF(CMS_RecipientInfo) * ris = CMS_get0_RecipientInfos(cms); // no
 errors
 
 CMS_RecipientInfo *ri;
 for (int i = 0; i  sk_CMS_RecipientInfo_num(ris); ++i) {
   ri = sk_CMS_RecipientInfo_value(ris, i);
   // sk_CMS_RecipientInfo_num(ris) returns 1, so it shouldn't be empty
   // CMS_RecipientInfo_type(ri) returns 0
 }
 **
 
 This is as far as I got. I have no idea on how to proceed and what I can
 do with the CMS_RecipientInfos I managed to extract so far.
 
 I'm still quite new to using the OpenSSL API in C/C++ so I'd appreciate
 any kind of help. :-)
 
 

The return value of CMS_RecipientInfo_type() is a constant indictaing tha type
and will almost always be CMS_RECIPINFO_TRANS (see cms.h). Once you have the
type you can use the appropriate function to retrieve its contents. For example
CMS_RecipientInfo_ktri_get0_signer_id().

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: problem verifying OCSP signature

[Dr. Stephen Henson]

On Tue, Apr 13, 2010, Chris Bare wrote:

  Additional candidate signer certificates  need to be included in the
  -verify_other option.
  
  If the OCSP signing certificate is self signed then it needs to be 
  explicitly
  trusted which is the -VAfile option if you use that it will also be searched
  as a signer.
 
 doesn't putting it in the CApath also mean it's explicitly trusted?
 
 I tracked down this code in crypto/ocsp/ocsp_vfy.c:
 static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509)
 *certs, X509_STORE *st, unsigned long flags)
   {
   X509 *signer;
   OCSP_RESPID *rid = bs-tbsResponseData-responderId;
   if ((signer = ocsp_find_signer_sk(certs, rid)))
   {
   *psigner = signer;
   return 2;
   }
   if(!(flags  OCSP_NOINTERN) 
   (signer = ocsp_find_signer_sk(bs-certs, rid)))
   {
   *psigner = signer;
   return 1;
   }
   /* Maybe lookup from store if by subject name */
 
   *psigner = NULL;
   return 0;
   }
 
 It looks like implementing the Maybe case would solve my problem. Would it
 be incorrect to look in the store also here? I'd be glad to work on a patch.
 

The store can only lookup by subject name, lookup by key identifier is not
supported: OCSP can use either.

It doesn't automatically trust certificates in the store because they have to be
authorised to sign OCSP responses. Certificates can be explicitly trusted
though by adding an appropriate trust value.

 I understand I can make the command line tool with with -verify_other, but in
 my code I have no handy way to do that. My users are going to dump all trusted
 certs, regardless of purpose, into the trusted store.

Well that's a bit of a problem because if you trust all those a self signed EE
certificate could be used to sign OCSP responses for anyone.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: openSSL and PKCS #12 certificates

[Rémi Després-Smyth]

Merci beaucoup, Mounir, 
but I got the same error.

Given the time constraints I have, I think my path moving forward is to try
another library or two to see if I can find one that uses openSSL properly.

Au plaisir,
Remi.


-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI
Sent: April 13, 2010 9:09 PM
To: openssl-users@openssl.org
Subject: Re: openSSL and PKCS #12 certificates

Hi Remi,

I don't know what the inputs of your python module are, but from the 
error message I guess that it's expecting the PEM file to contain also 
the certificate of the private key and the associated CA chain. For 
that, I advice you to replace the option -nocerts in your command line 
with -nodes. Thus:
- The output PEM file will contain the private key AND its certificate 
along with any associated CAs
- You will not be asked for a password a second time because the private 
key in the output PEM file will be unencrypted.

After that, you will have to open the output PEM file in a text editor 
in order to ensure that the certificate that comes just after the 
private key block is the one associated with the key and not a CA 
certificate ( a cut and past is almost necessary to put everything in 
the right order).

I hope that with all this steps, you will finally be able to perform 
your client authentication.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr



On 4/13/2010 6:45 PM, Rémi Després-Smyth wrote:
 Mounir,
 Thank you so much for your answer.

 I did extract the key into a pem file (using command:
c:\openssl\bin\openssl
 pkcs12 -in cert.pfx -nocerts -out cert_key.pem), and tried to connect
using
 the key file as output.  It got further along in the process - I was
 prompted to enter my PEM pass phrase - but a different error came up:

File C:\python26\lib\ssl.py, line 113, in __init__
  cert_reqs, ssl_version, ca_certs)
 ssl.SSLError: [Errno 336445449] _ssl.c:351: error:140DC009:SSL
 routines:SSL_CTX_use_certificate_chain_file:PEM lib

 Would you have any insight in regards to the problem here?


 I should also note that while I was creating the key file, I noticed that
I
 was prompted to Enter Import Password, but also to Enter PEM pass
 phrase.  Does this mean the private key found in the pfx file is actually
 in PEM format to begin with?  Does this change your advice at all?

 Regards,
 Remi.


 -Original Message-
 From: owner-openssl-us...@openssl.org
 [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI
 Sent: April 13, 2010 11:29 AM
 To: openssl-users@openssl.org
 Subject: Re: openSSL and PKCS #12 certificates

 Hi,

 OPENSSL supports PKCS#12 files. Look at the header pkcs12.h that
 contains functions for parsing and exporting private keys and
 certificates from a PKCS#12 file (like d2i_PKCS12 and PKCS12_parse).

 Concerning the error you are getting, it appears that the phython module
 you are using is calling SSL_CTX_use_PrivateKey_file by giving it the
 PKCS#12 file name. This is does not because SSL_CTX_use_PrivateKey_file
 only accepts two formats : SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
 In order to correct this, you have two solutions :
 - Either feed the python module with the private key in a PEM file.
 - Or modify the source code of this python module in order to use the
 PKCS#12 functions I mentioned above to extract the private key as an
 EVP_PKEY and then call SSL_use_PrivateKey instead of
 SSL_CTX_use_PrivateKey_file, along with SSL_use_certificate for setting
 the associated certificate.

 The first solution is the easiest because you can simply use the OPENSSL
 command line utility in order to extract the private key and its
 certificate from the PKCS#12 file as PEM files and then give them as
 input to your python module.

 I hope this will help.
 --
 Mounir IDRASSI
 IDRIX
 http://www.idrix.fr


 On 4/13/2010 2:55 PM, Rémi Després-Smyth wrote:

 Hello.

 I’ve been trying to setup client authentication using a PKCS #12
 certificate, and I’ve been having some trouble.  I’m trying to determine
 whether its because its something unsupported in openSSL, or if it’s a
 problem with the wrapper library I’m using (Python’s httplib).  I’d
 appreciate it if anyone might be able to provide some insight.



 I’m getting an error raised by the openSSL library when the wrapper class
  
 is

 trying to instantiate and wrap a socket, and from what I’ve been able to
 gather to-date, the error appears to be coming from openSSL:



 Ssl.SSLError: [Errno 336265225] _sll.c:337: error:140B0009:SSL
 routines:SSL_CTX_use_PrivateKey_file:PEM lib



 Is PKCS #12 supposed to be supported by openSSL?  I would guess yes; I
dug
 around in the source and found that “PEM lib” is the error text for
 ERR_R_PEM_LIB (defined in err_str.c), and I also noticed ERR_R_PKCS12_LIB
  
 in

 there.  This gives me the impression that openSSL is incorrectly trying
to
 load the PKCS #12 cert as a PEM 

Re: ERROR LINK2019

[Modem Man]

Hi, 芦翔

please check, if you are using the right include path fpr the right .h
files.
After calling this:

C:\From_Here\openssl.1.0.0\ perl Configure VC-WIN32 no-asm
--prefix=c:/to_here/ssl
C:\From_Here\openssl.1.0.0\ ms\do_ms

you DON'T should use:
-I C:\From_Here\openssl.1.0.0\include
(or Additional Include directories in VS GUI). It's because the .h
files there all consisting of incomplete files, just containing the line
Link: filename.h.
Instead, look into \ (root directory), there is some new directory tree
/usr/bin/to_here/ssl
(or similiar, I don't remember the exact location). So better use
-I /usr/bin/to_here/ssl
(or whatever exact to_here location is). Same for *.LIB (Additional
Linker Dependencies)

If this helps, please report. Otherwise also.

M.M.

 Dear all,
 I am trying to add the security flavor to an application. To achieve
 this objective, I wrote the codes to establish a security tunnel
 between the server and the client with VC2008. When I build the whole
 project, there are tens of similar errors. All of them are as follows:

 SSLServer.obj : error LNK2019: unresolved external symbol _BIO_free
 referenced in function int __cdecl
 SSL_CTX_use_PrivateKey_file_pass(struct ssl_ctx_st *,char *,char *)
 (?SSL_CTX_use_PrivateKey_file_pass@@YAHPAUssl_ctx_st@@p...@z
 mailto:?SSL_CTX_use_PrivateKey_file_pass@@YAHPAUssl_ctx_st@@p...@z)


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: ERROR LINK2019

[Modem Man]

Hi 芦翔,

I also used mixed C / C++ Project and did not used the probably well known

#ifdef __cplusplus
extern C {
#endif

#include openssl\.h

#ifdef __cplusplus
}
#endif


stuff. It worked for me without this. Used VS 2005, which surely has
same behaviour as VS 2008.

M.M.

 hi,
 Thank you for your notes. Yes, my code is composed of both C and C++
 code. For the openssl part, it is programed by C. And the other part
 is from C++. Should I only use extern for those C-realated
 #include, or all the C code should be embraced in the extern?
 Thank you so much.

 Best Regards,
 Xiang

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Costs (was: Extract DER of RecipientInfos from CMS)

[Michael Ströder]

Steve,

Dr. Stephen Henson wrote:
 On Wed, Mar 24, 2010, Michael Strder wrote:
 Is there an API function in OpenSSL which extracts only the DER blob of
 RecipientInfos from a CMS message (needed for encrypted S/MIME message). Or
 has that to be done low-level with ASN.1 parser?
 
 No you can't extract the received encoding. You can extract the structure
 using CMS_get0_ReceipientInfos() but you'd have to declare your own encoding
 function based on the RecipientInfo ASN1_ITEM.

How much would it cost if you implement that? I'm not the one to decide on
that but I want to propose that to my customer.

Ciao, Michael.

-- 
Michael Ströder Klauprechtstr. 11
Dipl.-Inform.   D-76137 Karlsruhe, Germany
Tel.: +49 721 8304316
E-Mail: mich...@stroeder.comhttp://www.stroeder.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

ASN1_UTCTIME Question

[Jerry Wang]

Hi,

I was just wondering what is the best way for converting type ASN1_UTCTIME*
to type char* or string in C++?

Thanks in advance,
Jerry

RE: ERROR LINK2019

[芦翔]

Dear Modem,

   Thank you for your instructions. I have overcomed the problem by putting 
extern in my code, and rebuild the openssl lib as your notes. I really 
appreciate the helps from you and Wiliam.

Now, I can build my application. However, after building the application, 
it pops a message box, which says that This application has failed to start 
because LIBEAY32.dll was not found. Re-installing the application may fix this 
problem. I don't know what happens. I am not sure if I need re-compile the 
openssl code for a dll file, in addition, how can I use the compiled dll file. 
Suggestions will be really appreciated. Thank you.

 

Best Regards,

Xiang
 
 Date: Wed, 14 Apr 2010 15:55:49 +0200
 From: modem-...@gmx.net
 To: openssl-users@openssl.org
 CC: wr...@rowe-clan.net
 Subject: Re: ERROR LINK2019
 
 Hi 芦翔,
 
 I also used mixed C / C++ Project and did not used the probably well known
 
 #ifdef __cplusplus
 extern C {
 #endif
 
 #include openssl\.h
 
 #ifdef __cplusplus
 }
 #endif
 
 
 stuff. It worked for me without this. Used VS 2005, which surely has
 same behaviour as VS 2008.
 
 M.M.
 
  hi,
  Thank you for your notes. Yes, my code is composed of both C and C++
  code. For the openssl part, it is programed by C. And the other part
  is from C++. Should I only use extern for those C-realated
  #include, or all the C code should be embraced in the extern?
  Thank you so much.
 
  Best Regards,
  Xiang
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List openssl-users@openssl.org
 Automated List Manager majord...@openssl.org
  
_
SkyDrive电子画册，带你领略精彩照片，分享“美”时“美”刻!
http://www.windowslive.cn/campaigns/e-magazine/ngmchina/?a=c

Re: ERROR LINK2019

[Modem Man]

Hi 芦翔,

the way Windows/C is using the SSL Lib here, is a so called Dynamic
Link Library via IMPLIB loading. This means, each DLL file has a
corresponding LIB file which is statically to be linked together with
your source code's OBJ files to become your EXE file. But this LIB is
only a so called stub, a library which does nothing else than being a
proxy/gateway between your code and the SSL's DLLs.

As you can imagine now, your EXE already has the LIBEAY.LIB linked.
Your EXE is starting and before calling WinMain() / main() / _tmain() it
initializes own startup code and LIB's startup code.
The latter now searches it's corresponding DLL file to make its job of
beeing the proxy.
And in your case, it reports not beeing able to locate this DLL.

Looks like your application just don't know where to locate the LIBEAY.DLL.
1st, you should know, where on your computer this particular file resides.
2nd, you should learn, how your platform is searching for DLLs.

Hint:
Search order within windows is:
1st) current directory (usually, where your .EXE resides)
2nd) each entry of %PATH% environment variable, from left to right.

Finally, you could also read SSL package's INSTALL.W32 and ms\*.bat
files to learn how to skip DLL usage and how to to link complete .LIB
(not the small IMPLIB). This would be a so called Static Library
without any DLL linkage.

And very finally, inc32 might be the better include directory than
include?
Read _complete_ INSTALL.W32, to learn if this is true for your
environment, or not.

Hoping you can also help me somewhen in future,
M.M.


 Dear Modem,
 Thank you for your instructions. I have overcomed the problem by
 putting extern in my code, and rebuild the openssl lib as your
 notes. I really appreciate the helps from you and Wiliam.
 Now, I can build my application. However, after building the
 application, it pops a message box, which says that This application
 has failed to start because LIBEAY32.dll was not found. Re-installing
 the application may fix this problem. I don't know what happens. I am
 not sure if I need re-compile the openssl code for a dll file, in
 addition, how can I use the compiled dll file. Suggestions will be
 really appreciated. Thank you.

 Best Regards,
 Xiang


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: ASN1_UTCTIME Question

[Patrick Patterson]

On 14/04/10 1:05 PM, Jerry Wang wrote:
 Hi,
 
 I was just wondering what is the best way for converting type
 ASN1_UTCTIME* to type char* or string in C++?
 
Probably the best way is to convert it to a time_t, and then use your
normal platform functions to convert that to a string. This has the
added advantage of being useful for comparisons and other things.

There are a few examples of converting an ASN1_TIME struct to a time_t
in the openssl sources, so you can use that.

Have fun!

Patrick.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: openSSL and PKCS #12 certificates

[Mounir IDRASSI]

Bon courage pour la suite!

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 4/14/2010 3:01 PM, Rémi Després-Smyth wrote:

Merci beaucoup, Mounir,
but I got the same error.

Given the time constraints I have, I think my path moving forward is to try
another library or two to see if I can find one that uses openSSL properly.

Au plaisir,
Remi.


-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI
Sent: April 13, 2010 9:09 PM
To: openssl-users@openssl.org
Subject: Re: openSSL and PKCS #12 certificates

Hi Remi,

I don't know what the inputs of your python module are, but from the
error message I guess that it's expecting the PEM file to contain also
the certificate of the private key and the associated CA chain. For
that, I advice you to replace the option -nocerts in your command line
with -nodes. Thus:
- The output PEM file will contain the private key AND its certificate
along with any associated CAs
- You will not be asked for a password a second time because the private
key in the output PEM file will be unencrypted.

After that, you will have to open the output PEM file in a text editor
in order to ensure that the certificate that comes just after the
private key block is the one associated with the key and not a CA
certificate ( a cut and past is almost necessary to put everything in
the right order).

I hope that with all this steps, you will finally be able to perform
your client authentication.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr



On 4/13/2010 6:45 PM, Rémi Després-Smyth wrote:
   

Mounir,
Thank you so much for your answer.

I did extract the key into a pem file (using command:
 

c:\openssl\bin\openssl
   

pkcs12 -in cert.pfx -nocerts -out cert_key.pem), and tried to connect
 

using
   

the key file as output.  It got further along in the process - I was
prompted to enter my PEM pass phrase - but a different error came up:

File C:\python26\lib\ssl.py, line 113, in __init__
  cert_reqs, ssl_version, ca_certs)
ssl.SSLError: [Errno 336445449] _ssl.c:351: error:140DC009:SSL
routines:SSL_CTX_use_certificate_chain_file:PEM lib

Would you have any insight in regards to the problem here?


I should also note that while I was creating the key file, I noticed that
 

I
   

was prompted to Enter Import Password, but also to Enter PEM pass
phrase.  Does this mean the private key found in the pfx file is actually
in PEM format to begin with?  Does this change your advice at all?

Regards,
Remi.


-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI
Sent: April 13, 2010 11:29 AM
To: openssl-users@openssl.org
Subject: Re: openSSL and PKCS #12 certificates

Hi,

OPENSSL supports PKCS#12 files. Look at the header pkcs12.h that
contains functions for parsing and exporting private keys and
certificates from a PKCS#12 file (like d2i_PKCS12 and PKCS12_parse).

Concerning the error you are getting, it appears that the phython module
you are using is calling SSL_CTX_use_PrivateKey_file by giving it the
PKCS#12 file name. This is does not because SSL_CTX_use_PrivateKey_file
only accepts two formats : SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
In order to correct this, you have two solutions :
- Either feed the python module with the private key in a PEM file.
- Or modify the source code of this python module in order to use the
PKCS#12 functions I mentioned above to extract the private key as an
EVP_PKEY and then call SSL_use_PrivateKey instead of
SSL_CTX_use_PrivateKey_file, along with SSL_use_certificate for setting
the associated certificate.

The first solution is the easiest because you can simply use the OPENSSL
command line utility in order to extract the private key and its
certificate from the PKCS#12 file as PEM files and then give them as
input to your python module.

I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


On 4/13/2010 2:55 PM, Rémi Després-Smyth wrote:

 

Hello.

I’ve been trying to setup client authentication using a PKCS #12
certificate, and I’ve been having some trouble.  I’m trying to determine
whether its because its something unsupported in openSSL, or if it’s a
problem with the wrapper library I’m using (Python’s httplib).  I’d
appreciate it if anyone might be able to provide some insight.



I’m getting an error raised by the openSSL library when the wrapper class

   

is

 

trying to instantiate and wrap a socket, and from what I’ve been able to
gather to-date, the error appears to be coming from openSSL:



Ssl.SSLError: [Errno 336265225] _sll.c:337: error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib



Is PKCS #12 supposed to be supported by openSSL?  I would guess yes; I
   

dug
   

around in the source and found that “PEM lib” is the error text for
ERR_R_PEM_LIB (defined in err_str.c), and I also noticed ERR_R_PKCS12_LIB

   

RE: ERROR LINK2019

[芦翔]

Dear Modem,

 

Thank you so much. Your instructions are so detailed and helpful for my code. 
As you said, I put the built dll files into the windows folders. Now, all the 
programs are running smoothly. I really appreciate your patient and kind help.

 

Best Regards,

Xiang
 
 Date: Wed, 14 Apr 2010 22:32:27 +0200
 From: modem-...@gmx.net
 To: openssl-users@openssl.org
 Subject: Re: ERROR LINK2019
 
 Hi 芦翔,
 
 the way Windows/C is using the SSL Lib here, is a so called Dynamic
 Link Library via IMPLIB loading. This means, each DLL file has a
 corresponding LIB file which is statically to be linked together with
 your source code's OBJ files to become your EXE file. But this LIB is
 only a so called stub, a library which does nothing else than being a
 proxy/gateway between your code and the SSL's DLLs.
 
 As you can imagine now, your EXE already has the LIBEAY.LIB linked.
 Your EXE is starting and before calling WinMain() / main() / _tmain() it
 initializes own startup code and LIB's startup code.
 The latter now searches it's corresponding DLL file to make its job of
 beeing the proxy.
 And in your case, it reports not beeing able to locate this DLL.
 
 Looks like your application just don't know where to locate the LIBEAY.DLL.
 1st, you should know, where on your computer this particular file resides.
 2nd, you should learn, how your platform is searching for DLLs.
 
 Hint:
 Search order within windows is:
 1st) current directory (usually, where your .EXE resides)
 2nd) each entry of %PATH% environment variable, from left to right.
 
 Finally, you could also read SSL package's INSTALL.W32 and ms\*.bat
 files to learn how to skip DLL usage and how to to link complete .LIB
 (not the small IMPLIB). This would be a so called Static Library
 without any DLL linkage.
 
 And very finally, inc32 might be the better include directory than
 include?
 Read _complete_ INSTALL.W32, to learn if this is true for your
 environment, or not.
 
 Hoping you can also help me somewhen in future,
 M.M.
 
 
  Dear Modem,
  Thank you for your instructions. I have overcomed the problem by
  putting extern in my code, and rebuild the openssl lib as your
  notes. I really appreciate the helps from you and Wiliam.
  Now, I can build my application. However, after building the
  application, it pops a message box, which says that This application
  has failed to start because LIBEAY32.dll was not found. Re-installing
  the application may fix this problem. I don't know what happens. I am
  not sure if I need re-compile the openssl code for a dll file, in
  addition, how can I use the compiled dll file. Suggestions will be
  really appreciated. Thank you.
 
  Best Regards,
  Xiang
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List openssl-users@openssl.org
 Automated List Manager majord...@openssl.org
  
_
SkyDrive电子画册，带你领略精彩照片，分享“美”时“美”刻!
http://www.windowslive.cn/campaigns/e-magazine/ngmchina/?a=c

Information wanted on OpenSSL cipher alias HIGH, MEDIUM and LOW.

[Bhat, Jayalakshmi Manjunath]

Hi All,

I wanted to know when we use ALL:!SSLv2:!EXPORT:!LOW:!MEDIUM:!DH to select
the ciphers how do OpenSSL understands what are ciphers are available under
LOW and MEDIUM. Ssleay.txt documents names LOW,MEDIUM and HIGH as aliases.
Please can someone provide me more information on this?

Thanks in advance
Jayalakshmi.


smime.p7s
Description: S/MIME cryptographic signature