Compilation problem/missing files:openssl.pod

2001-11-16 Thread Laurent Jouannic 


Hi to the ML

when I want to compile openssl-0.9.6b
 I have the following answer:
make[1]: Entering directory `/home/julien/source/openssl-0.9.6b/doc'
pod2man --center='OpenSSL Documentation' --release=OpenSSL 
--section=1
openssl.pod  openssl.1
Can't open openssl.pod for reading: No such file or directory
 at /usr/bin/pod2man line 48
make[1]: *** [openssl.1] Error 255
make[1]: Leaving directory `/home/julien/source/openssl-0.9.6b/doc'
make: *** [sub_all] Error 1

Anyone go an idea?

Thanks.

Laurent Jouannic

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compilation problem/missing files:openssl.pod

2001-11-16 Thread Lutz Jaenicke 

On Fri, Nov 16, 2001 at 09:05:52AM +, Laurent Jouannic wrote:
 
 Hi to the ML
 
 when I want to compile openssl-0.9.6b
  I have the following answer:
 make[1]: Entering directory `/home/julien/source/openssl-0.9.6b/doc'
 pod2man --center='OpenSSL Documentation' --release=OpenSSL 
 --section=1
 openssl.pod  openssl.1
 Can't open openssl.pod for reading: No such file or directory
  at /usr/bin/pod2man line 48
 make[1]: *** [openssl.1] Error 255
 make[1]: Leaving directory `/home/julien/source/openssl-0.9.6b/doc'
 make: *** [sub_all] Error 1
 
 Anyone go an idea?

No. the openssl.pod file is in openssl-0.9.6b/doc/apps. I am somewhat
irritated that make claims to be in openssl-0.9.6b/doc (please note the
missing apps in the location), and I am even more irritated that
/usr/bin/pod2man is being called. I am quite sure that the correct
call would be to $(PERL) ../../util/pod2man.pl. As far as I remember
the pod2man version shipped with openssl has been modified, so using
a system version of it may lead to unwanted results...

Are you sure you are building from an unmodified OpenSSL-0.9.6b source?

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compilation problem/missing files:openssl.pod

2001-11-16 Thread Laurent Jouannic 

Hi Lutz,

First, thanks 4 your answer.

Lutz Jaenicke wrote:

 On Fri, Nov 16, 2001 at 09:05:52AM +, Laurent Jouannic wrote:
 
  Hi to the ML
 
  when I want to compile openssl-0.9.6b
   I have the following answer:
  make[1]: Entering directory `/home/julien/source/openssl-0.9.6b/doc'
  pod2man --center='OpenSSL Documentation' --release=OpenSSL 
  --section=1
  openssl.pod  openssl.1
  Can't open openssl.pod for reading: No such file or directory
   at /usr/bin/pod2man line 48
  make[1]: *** [openssl.1] Error 255
  make[1]: Leaving directory `/home/julien/source/openssl-0.9.6b/doc'
  make: *** [sub_all] Error 1
 
  Anyone go an idea?

 No. the openssl.pod file is in openssl-0.9.6b/doc/apps. I am somewhat
 irritated that make claims to be in openssl-0.9.6b/doc (please note the
 missing apps in the location), and I am even more irritated that
 /usr/bin/pod2man is being called. I am quite sure that the correct
 call would be to $(PERL) ../../util/pod2man.pl. As far as I remember
 the pod2man version shipped with openssl has been modified, so using
 a system version of it may lead to unwanted results...

 Are you sure you are building from an unmodified OpenSSL-0.9.6b source?


Well, I had allready downloaded a version of opennsll-0.9.6b and it ran
great.
But I run under Debian and to build a apache-ssl with transparent proxy, I
have to get the source of the
Debian-package, to patch and compile it. But I had error during compilation
with undefined function.

So I decided to get the openssl source from debian, but unstable package (
dependance between the packages).

And  I downloaded it from the:
deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib
non-free

So here was, my situation.

Any ideas?

Thanks.

Laurent Jouannic.





 Best regards,
 Lutz


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compilation problem/missing files:openssl.pod

2001-11-16 Thread Lutz Jaenicke 

On Fri, Nov 16, 2001 at 11:30:17AM +, Laurent Jouannic wrote:
 Well, I had allready downloaded a version of opennsll-0.9.6b and it ran
 great.

That's fine, as far as I am concerned :-).

 But I run under Debian and to build a apache-ssl with transparent proxy, I
 have to get the source of the
 Debian-package, to patch and compile it. But I had error during compilation
 with undefined function.
 
 So I decided to get the openssl source from debian, but unstable package (
 dependance between the packages).
 
 And  I downloaded it from the:
 deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib
 non-free

We cannot take responsibility for people shipping modified versions of
OpenSSL. I don't know which modifications were made for what reason.
You should either ask your question on some debian mailing list or have to
wait until it is answered by a debian-maintainer (or user tracking down
the problem) reading this list.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: PEM_read_RSAPublicKey

2001-11-16 Thread Hylton Tregenza 



Sorry,I asked to early, There is 
nothing wrong with the code. The file is not a public key file (or the format 
isd wrong) How do I extract a public key file from a 
certificate?
Hylton

  -Original Message-From: Hylton Tregenza 
  Sent: 16 November 2001 12:24To: 
  [EMAIL PROTECTED]Subject: 
  PEM_read_RSAPublicKey
  Hi 
  I am trying to read a public key from a certificate 
  file in PEM format. My code looks as 
  follows. I constanty get null as a result 
  from the call to PEM_read_RSAPublicKey 
  #include openssl/ssl.h #include openssl/x509.h #include openssl/rsa.h #include openssl/pem.h #include openssl/err.h #include openssl/bio.h #include string.h 
  #include "main.h" 
  #define HOME  
  "/home/hetregenza/projects/ssl_cert/" //#define HOME "./" 
  #define CLIENTCERTF HOME 
  "clientcert.pem" #define 
  CLIENTKEYF HOME "clientkey.pem" #define SERVERCERTF HOME 
  "servercert.pem" #define 
  SERVERKEYF HOME "serverkey.pem" #define CASERVCERTF HOME 
  "cacert.pem" 
  int main(int argc, char ** argv) 
   
   {  void * pUser; 
   char 
  szUser[2000];  EVP_PKEY * pEVP_PKEY = 0; 
   EVP_PKEY ** ppEVP_PKEY = 0; 
   BIO_METHOD * pBIO_METHOD; 
   BIO * 
   pBIO = 0;  RSA *  pRSA = 0; 
   RSA 
  ** ppRSA = 0; 
   pBIO_METHOD = BIO_s_file(); 
   memset 
  (szUser, 0, sizeof(szUser)); 
   pBIO = 
  BIO_new_file(CLIENTCERTF, "r"); 
   pRSA = 
  PEM_read_bio_RSAPublicKey(pBIO, ppRSA, PasswdCallback, (void *)szUser); // get 
  null back here. 
   
  BIO_free(pBIO);  
   return 
  0;  } 
  The code does not even get to the call back 
  function. Any assistance appreciated 
  
  Hylton 


smime.p7s
Description: application/pkcs7-signature

Re: PEM_read_RSAPublicKey

2001-11-16 Thread Takaaki Ishii 

Hylton Tregenza wrote:
Sorry, I asked to early, There is nothing wrong with the code. The file
is not a public key file (or the format isd wrong) How do I extract a
public key file from a certificate?

by command line:
$ openssl x509 -in cert.pem -pubkey -noout

by writing some code:
How about to use  X509_get_pubkey function?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
from Fukuoka.Japan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Need clarification on SSL_CTX_sess*() routines

2001-11-16 Thread Lutz Jaenicke 

On Wed, Nov 14, 2001 at 02:35:36PM -0500, Louis LeBlanc wrote:
 Hey Lutz.  Thanks for your confirmation  to my last message.  Sorry to
 bother everyone  again, but I'm  still not  seeing what I  expect with
 this one call to see how many renegotiations I am getting.
 
  On Sun, Nov 11, 2001 at 11:22:07PM -0500, Louis LeBlanc wrote:
   . . .
   Here is what I'm calling:
   . . .
   SSL_CTX_sess_connect_renegotiate(ssl_ctx);
   
   . . .
   
   SSL_CTX_sess_connect_renegotiate() 
 returns the number of start renegotiations in client mode.
Total number of renegotiations as a client - wether active or not.
   . . .

  0 client renegotiatations requested.

This counter is only maintained on the client. It is incremented, whenever
the client starts a renegotiation. On a server this value is always 0.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153



msg21816/pgp0.pgp
Description: PGP signature

Instalation errors on Linux

2001-11-16 Thread Heinz Allerberger 

I'm not able to install openssl-0.9.6b on my linuxsystem.
Here is a short errordescription on it:

znn9156:~/openssl-0.9.6b # make
+ rm -f libcrypto.so.0
+ rm -f libcrypto.so
+ rm -f libcrypto.so.0.9.6
+ rm -f libssl.so.0
+ rm -f libssl.so
+ rm -f libssl.so.0.9.6
making all in crypto...
make[1]: Entering directory `/root/openssl-0.9.6b/crypto'
( echo #ifndef MK1MF_BUILD; \
echo   /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c
*/; \
echo   #define CFLAGS \gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
-DSHA1_ASM -DMD5_ASM -DRMD160_ASM\; \
echo   #define PLATFORM \linux-elf\; \
echo   #define DATE \`date`\; \
echo #endif ) buildinf.h
gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
-DSHA1_ASM -DMD5_ASM -DRMD160_ASM   -c -o cryptlib.o cryptlib.c
In file included from /usr/include/errno.h:36,
 from ../include/openssl/err.h:90,
 from cryptlib.h:70,
 from cryptlib.c:61:
/usr/include/bits/errno.h:25: linux/errno.h: No such file or directory
make[1]: *** [cryptlib.o] Error 1
make[1]: Leaving directory `/root/openssl-0.9.6b/crypto'
make: *** [sub_all] Error 1

Is there anybody who can help me?

Best regards
Heinz Allerberger

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Question of License

2001-11-16 Thread Ray Yang 



Hi,

Is it legal to use some parts of OpenSSL 
(such as RSA routines) not whole lib?

Thanks for any replies

-Ray Yang [EMAIL PROTECTED]

Re: Instalation errors on Linux

2001-11-16 Thread Harry Hoffman 

Hi Heinz,
   Look for errno.h on your system. If it is there then either make sure
that the #INCLUDEerrno.h is pointing to the right place and also make
sure that the INCLUDE path is include in the CFLAGS of the Makefile.

HTH,
Harry

On Fri, 16 Nov 2001, Heinz Allerberger wrote:

 I'm not able to install openssl-0.9.6b on my linuxsystem.
 Here is a short errordescription on it:

 znn9156:~/openssl-0.9.6b # make
 + rm -f libcrypto.so.0
 + rm -f libcrypto.so
 + rm -f libcrypto.so.0.9.6
 + rm -f libssl.so.0
 + rm -f libssl.so
 + rm -f libssl.so.0.9.6
 making all in crypto...
 make[1]: Entering directory `/root/openssl-0.9.6b/crypto'
 ( echo #ifndef MK1MF_BUILD; \
 echo   /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c
 */; \
 echo   #define CFLAGS \gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN
 -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM\; \
 echo   #define PLATFORM \linux-elf\; \
 echo   #define DATE \`date`\; \
 echo #endif ) buildinf.h
 gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN
 -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM   -c -o cryptlib.o cryptlib.c
 In file included from /usr/include/errno.h:36,
  from ../include/openssl/err.h:90,
  from cryptlib.h:70,
  from cryptlib.c:61:
 /usr/include/bits/errno.h:25: linux/errno.h: No such file or directory
 make[1]: *** [cryptlib.o] Error 1
 make[1]: Leaving directory `/root/openssl-0.9.6b/crypto'
 make: *** [sub_all] Error 1

 Is there anybody who can help me?

 Best regards
 Heinz Allerberger

 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

more inetd trouble

2001-11-16 Thread Matthew Fleming 

Matthew Fleming [EMAIL PROTECTED] writes:
 But what I have written is, not a standalone server program, but a
 daemon which is invoked by inetd. It seems to me that this should
work
 the same as the standalone, except that the tcp_listen() and accept()
 calls should be unnecessary; inetd should hand the daemon a socket
 descriptor which should be usable in the BIO_new_socket call; and
this
 socket descriptor should be accessible as fd 0, 1, or 2 (inetd makes
all
 3 descriptors available, but there is really only one socket, so each
of
 the descriptors should refer to the same thing).

I'm not sure that it's safe to write file descriptor 0.

Have you tried creating one bio for reading on stdin and one
for writing on stdout and passing them both to SSL?

-Ekr

By this I assume you mean something like the following:

int sock,s;
-  BIO *sbio_in, *sbio_out;
SSL_CTX *ctx;
SSL *ssl;
int r;

/* Build our SSL context*/
ctx=initialize_ctx(KEYFILE,PASSWORD);
load_dh_params(ctx,DHFILE);
generate_eph_rsa_key(ctx);

 
SSL_CTX_set_session_id_context(ctx,(void*)s_server_session_id_context,
  sizeof s_server_session_id_context);
/*
sock=tcp_listen();

while(1){
  if((s=accept(sock,0,0))0)
err_exit(Problem accepting);
 */ 
 -   sbio_in=BIO_new_socket(0,BIO_NOCLOSE);
 -   sbio_out=BIO_new_socket(1,BIO_NOCLOSE);
  ssl=SSL_new(ctx);
 -   SSL_set_bio(ssl,sbio_in,sbio_out);

  if((r=SSL_accept(ssl)=0))
berr_exit(SSL accept error);


This still does not work with inetd. 

Actually I don't see why you should have to use 2 sbio objects when the
program is invoked by inetd, but can get away with one when the server
is invoked from the command line; it seems to me that it should be the
same either way.

I'm strictly an amateur, but I would think that the difference between
starting the program from the command line and from inetd shouldn't have
to do so much with the socket descriptors, but with the things that
inetd does *before* invoking the daemon (eg, Chapter 12, UNIX Network
Programming, Stevens).

--
Matthew Fleming, MD 
Associate Professor 
Dept. of Dermatology
Medical College of Wisconsin

E-mail: [EMAIL PROTECTED]
S-mail:
Dept. of Dermatology
Medical College of Wisconsin
8701 Watertown Plank Rd.
Milwaukee, WI 53226
Phone:414.456.4072 
Fax:414.456.6518

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSL CA for Adobe Acrobat certificates.

2001-11-16 Thread Christopher Crowley 

I am the planning phase of PKI which must support Adobe Acrobat Digital
Signatures. Adobe offers an SDK that enables development of a hierachical
signing structure.  I have downloaded and installed Verisign's
implimentation of it.  I am looking for a pre-built opensource version of
the plug in. And will roll my own if necesary. If anyone has experience with
this, and has posted documentation, or is willing to share insight or notes,
please contact me.

Briefly, the project requirement summary is to provide certificates signed
by a CA to provide non-repudiation, and crls. CA and RA are planned to be
OpenCA.

Thanks in advance for advice and references, and for tolerating the slightly
off-topic query. In defense of its relevance, I am using OpenSSL as the CA.

Chris



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Problems compiling under aix

2001-11-16 Thread Carlos Bergero 

Hi people.
Got some troubles compiling openssl-0.9.6b under AIX OS version 4.2

all work fine  untill I run make install, the compiler replay with

Target all is up to date.
installing man1/CA.pl.1
Can't locate Getopt/Long.pm in @INC (@INC contains:
/extra/Programas/perl/lib/aix/5.00404 /extra/Programas/perl/lib
/extra/Programas/perl/lib/site_perl/aix /extra/Programas/perl/lib/site_perl
.) at ../../util/pod2man.pl line 308.
BEGIN failed--compilation aborted at ../../util/pod2man.pl line 308.
make: The error code from the last command is 2


Mote that I run perl from a particular directory but the progrma recognice
it. 
Any clue 


Thank's for the time.

Carlos Bergero.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Problems compiling under aix

2001-11-16 Thread Carlos Bergero 

Hi people.
Got some troubles compiling openssl-0.9.6b under AIX OS version 4.2

all work fine  untill I run make install, the compiler replay with

Target all is up to date.
installing man1/CA.pl.1
Can't locate Getopt/Long.pm in @INC (@INC contains:
/extra/Programas/perl/lib/aix/5.00404 /extra/Programas/perl/lib
/extra/Programas/perl/lib/site_perl/aix /extra/Programas/perl/lib/site_perl
.) at ../../util/pod2man.pl line 308.
BEGIN failed--compilation aborted at ../../util/pod2man.pl line 308.
make: The error code from the last command is 2


Mote that I run perl from a particular directory but the progrma recognice
it. 
Any clue 


Thank's for the time.

Carlos Bergero.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

further WinCE-OpenSSL difficulties

2001-11-16 Thread Matthew Fleming 

Netmeisters,

I am trying to use SSL to secure communications between a Pocket PC and
a Linux server. The former uses the SSL intrinsic to Windows CE, the
latter uses OpenSSL. I've posted about some problems I have had with
inetd, but it now appears that this problem may be secondary. If I make
the server program standalone, so it can be used without inetd, the SSL
handshake completes (the handshake doesn't get very far when inetd is
used). After the handshake, quite a bit of data gets transmitted.
However, the connection ultimately breaks. Here is what ssldump shows
(note that the clinical data in the following trace has been changed to
protect confidentiality):

1 235 2.9272 (0.)  SC  application_data
---
KY R/O BCC vs IDN 1959-02-09 Mark Received in formalin is a thin
piece of skin measuring 3 X 3 mm. 00311785 Damrod Pathologic Diagnosis:
Skin, right upper back, shave biopsy - Compound nevus 
 F SSG 2001-11-06 back, rt. upper01-8579 2001-11-02
---
1 236 2.9272 (0.)  SCShort record
1 237 2.9708 (0.0436)  SC bad MAC
Unknown SSL content type 227
1 238 2.9708 (0.)  SCShort record
Unknown SSL content type 2
1 239 2.9709 (0.)  SCShort record
Unknown SSL content type 169
1 240 2.9709 (0.)  SCShort record
Unknown SSL content type 172
1 241 2.9710 (0.0001)  SCShort record
Unknown SSL content type 14
1 242 2.9710 (0.)  SCShort record
Unknown SSL content type

Any suggestions as to what could be causing this problem would be very
much appreciated. It seems very odd that it is tooling right along and
then all of a sudden -?

Thanks in advance,
--
Matthew Fleming, MD 
Associate Professor 
Dept. of Dermatology
Medical College of Wisconsin

E-mail: [EMAIL PROTECTED]
S-mail:
Dept. of Dermatology
Medical College of Wisconsin
8701 Watertown Plank Rd.
Milwaukee, WI 53226
Phone:414.456.4072 
Fax:414.456.6518

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PEM_read_RSAPublicKey

2001-11-16 Thread Juan Segarra 

On Fri, 16 Nov 2001, Takaaki Ishii wrote:

 Hylton Tregenza wrote:
 Sorry, I asked to early, There is nothing wrong with the code. The file
 is not a public key file (or the format isd wrong) How do I extract a
 public key file from a certificate?

   How about to use  X509_get_pubkey function?


Perhaps demos/sign/sign.c will be useful...

Juan.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error

2001-11-16 Thread Glover Barker 


I hate to distract from the original issue, but what is ethereal?  Some
kind of dump or sniffer?  Where can it be found?


   
   
Rod Gilchrist  
   
[EMAIL PROTECTED]To: [EMAIL PROTECTED]  
   
Sent by:cc:
   
owner-openssl-users@o   Subject: Re: openssl error 
   
penssl.org 
   
   
   
   
   
11/15/2001 02:36 PM
   
Please respond to  
   
openssl-users  
   
   
   
   
   






MacDonald, Allan R [AMSTA-AR-FSF-A] wrote:

 I am using openssl with Oracle Webtogo and the Apache 1.3.12 server. When
I
 implemented SSL on the server I thought all was well until we had to turn
 off port 80. Then my webtogo app stopped working and gave me the error
 listed below. Any help with this would be very helpful. Thanks.

 [14/Nov/2001 11:57:12 00621] [error] SSL handshake failed: HTTP spoken on
 HTTPS port; trying to send HTML error page (OpenSSL library error
follows)
 [14/Nov/2001 11:57:12 00621] [error] OpenSSL: error:1407609C:SSL
 routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to
HTTPS
 port!?]

Forgive the obvious answer...

Your apache is listening on port 443 and your app is configured to
only send SSL (HTTPS) on that port?

Download ethereal and have a look at what's happening on the wire.
Its a good investment of a half hour.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl compile won't make .so

2001-11-16 Thread Keary Suska 

1. There is a specific reason that I am using rev a instead of rev b, and I
didn't think it relevant to the problem. For the heck of it, I d/l and
compiled rev b, with the exact same result.
2. I always do. That way I can archive it with the tarball for later
inspection in case I need information on configuration and installation. For
your information, the line is thus:
./Configure shared linux-ppc
3. You are not addressing my question. I have good reason to believe that
openssl *won't* create shared objects on my system, for whatever reason.
There is no indication in the configure or make output that indicates that
it tries and fails, or addresses it at all, so I am relying on the Configure
code itself. This is my assumption, rather erroneous or not, and hence my
question is not why is make failing but how can I get openssl to create
shared objects even though it won't according to its configure script. I
was hoping someone out there with superior programming experience could tell
me how to hack the makefile to get shared objects created.

I imagine it takes a bit more than just specifying -ldl and -fPIC to gcc, so
I hoped someone could shed light on this.

There doesn't appear to be anything untoward happening, it is simply openssl
does not even attempt to create a shared object. I would expect that if it
tried to make an .so and failed, the make would fail, but the make always
succeed except that I only get static (.a) objects.

Relevant lines from Configure output:

Configuring for linux-ppc
IsWindows=0
CC=gcc
CFLAG =-DTHREADS -D_REENTRANT -DB_ENDIAN -DTERMIO -O3
-fomit-frame-pointer -Wall
EX_LIBS   =
BN_ASM=bn_asm.o
DES_ENC   =des_enc.o fcrypt_b.o
BF_ENC=bf_enc.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4_enc.o
RC5_ENC   =rc5_enc.o
MD5_OBJ_ASM   =
SHA1_OBJ_ASM  =
RMD160_OBJ_ASM=
PROCESSOR =
RANLIB=/usr/bin/ranlib
PERL  =/usr/local/bin/perl
THIRTY_TWO_BIT mode
BN_LLONG mode
RC4_CHUNK is undefined

As you can see, the required parameters -ldl and -fPIC for gcc to create .so
are missing. They are also not present in the make output. And since these
options above are exactly what the Configure script appears to set for my
system in its code, I concluded that openssl won't create .so for my system.

If you would like to look at my config ands make output in detail, I will
gladly send it, though I don't think you will find anything untoward in it
either. I may not be an expert *nix programmer, but I am no dummy, and I
have been doing this for a while.

Keary Suska
Esoteritech, Inc.
Leveraging Open Source for a better Internet

 From: J. Johnson [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 15 Nov 2001 22:57:23 -0800 (PST)
 To: OpenSSL [EMAIL PROTECTED]
 Subject: Re: openssl compile won't make .so
 
 On Thu, 15 Nov 2001, Keary Suska wrote:
 
 I need to have openssl 0.9.6a create dynamically shared libcrypto  libssl,
 but it won't for my system (linux-ppc). Just about every other software I
 have compiled can create .so on my system without complaining, but why can't
 openssl? I tried to modify the Configure script, which hasn't worked, but
 I'm shooting in the dark since I don't know how the pieces are finally put
 together in the makefile.
 
 There have been RPMs for my system which install .so, so it has to be
 possible. Does anyone know how to force openssl to build shared objects (gcc
 2.9.5, elf support available)?
 
 Keary Suska
 Esoteritech, Inc.
 Leveraging Open Source for a better Internet
 
 1- Start over again with a clean install, this time of openssl-0.9.6b.
 2- Put your configure command in a file, so that it's documented (and
 thoroughly examined before running).
 3- Capture all of your output to a file, so you can you meticuously
 examine it for errors and oddities afterwards, and so you'll have
 something to show us, so that _we_ don't have to shoot in the dark.
 
 === JJ =
 
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

ÉϹØϵͨƽ̨£¬½»ÊÂÒµÅóÓÑ£¬ÖÐÐĶ¯´ó½±

2001-11-16 Thread UP30 
Title: ÉϹØϵͨ£¬½±ÉÌÎñͨ£¡






  




 
  
  


  

  

  


  

  
 
  
  
  

 
   
ÉϹØϵͨ£¬½±ÉÌÎñͨ
  
   

  

  
   
¹ØϵͨÈí¼þÊÇÈýÊ®¶øÁ¢Íøwww.up30.com¹ØϵÁªÃËÊý¾Ý¿âµÄ·ÃÎÊƽ̨£¬ÕâÊÇÒ»¸ö¾ßÓÐÐÅÓÃÌصãµÄÍøÂç½»Íùƽ̨£¬ËùÓÐÓû§ÒÔ¸öÈËÕæʵÉí·Ý¼ÓÈë¡£ÈýÊ®¶øÁ¢ÍøϵĹØϵÁªÃËÊÇһȺҵÄÚÈËʿΪÁË·½±ãÉÌÎñÁªÏµ£¬½»»»ÐÅÏ¢¶ø½¨Á¢µÄÒ»¸ö¹ØϵÁªÃË£¬¸÷¸öÐÐÒµ¡¢µØÇø¾ùÓпÊÍû²»¶ÏÍØÕ¹¸öÈ˹ØϵµÄ¾«Ó¢¼ÓÈë¡£ÒªÔÚ¹Øϵͨ½¨Á¢¸öÈ˸ü¹ã·ºµÄÈ˼ʹØϵ£¬ÄãËùÒª×öµÄ¾ÍÊÇÒÔÕæʵµÄÉí·ÝºÍÆäËûÓû§Ö÷¶¯È¥½»»»ÐÅÏ¢¡£ 
  ¿ªÍعØϵ£¬ÈýÊ®¶øÁ¢ÊÇÎÒÃǵĿںţ¡

  

  

 
µÇ½ÈýÊ®¶øÁ¢ÍøÕ¾www.up30.com£¬×¢²á³ÉΪ¹Øϵͨƽ̨Óû§£¬ÖÚ¶à¾ßÓÐÕæʵÉí·ÝºÍÐÅÓü¶±ðµÄÒµ½ç¾«Ó¢µÈ×ÅÄã¡£ÉϹØϵͨ£¬¿ªÍعØϵ£¬ÈýÊ®¶øÁ¢¡£
»î¶¯Ï¸Ôò£º
£¨»î¶¯Ê±¼ä£º2001Äê11ÔÂ1ÈÕµ½2001Äê11ÔÂ30ÈÕ£©
¡ô ÏÖÔڵǽÈýÊ®¶øÁ¢ÍøÕ¾×¢²á¸öÈËÕæʵ×ÊÁϳÉΪ¹ØϵͨÓû§£»£¨Ê¹ÓÃÃûƬ½»»»¹¦ÄܾͿÉÒԺܿ콨Á¢ÆðÄãµÄ¹ØϵȦ£©£»
¡ô 
ÔÚ11ÔÂ30ÈÕÇ°ÔÚÈýÊ®¶øÁ¢ÍøÕ¾Ê×Ò³ÉϽøÐÐÍƼö3λ¹ØϵͨÉÏÄãÈÏΪ×îÓмÛÖµµÄÅóÓÑ£»£¨´ó¼ÒҪעÒâµ½ÍøÕ¾Éϲ鿴һÏÂÍƼöÅÅÃû£©
¡ô 
µÃµ½ÍƼö×î¶àµÄ1λÓû§½«»ñµÃ×îÓмÛÖµ»ï°é½±£¬½±£º¼ÛÖµ4680ÔªµÄÉÌÎñͨ±¼Ñï2186£»
¡ô¸ù¾ÝÓû§µÄÆÀÓÎÒÃÇÔÚ»ñµÃÍƼöµÄÇ°10ÃûÓû§ÖÐÑ¡³ö×îÕæʵÓû§½±1ÃûºÍ×îÈÈÇéÓû§½±¸÷1Ãû£¬½±£º¼ÛÖµ1380ÔªµÄÉÌÎñͨÏȽÝMBA8823£»
¡ô 
Ç°30ÃûÓû§³ÉΪ¹ØϵͨµÄVIPÓû§£¬ÔÚÈýÊ®¶øÁ¢ÍøÕ¾ÉϽøÐиöÐÔÍƼö½éÉÜ£¬²¢ÏíÓÐÒÔºóµÄ¶àÖÖÌØÊâ·þÎñ¡£
¡ô 
ÿλÓû§ÔÚʹÓùØϵͨµÄÇ°3´Î¿ÉÒÔÓлú»á½éÉÜÄãµÄ10λÀÏÓÑ¡£ÔÚÈκÎÒ»´Î¹ØϵͨµÄ»î¶¯ÖÐÖ»ÒªÄãÖн±£¬ËûÃǾͻáÁ¬´øÖн±¡£±¾´Î»î¶¯×îÓмÛÖµÓû§µÄ10λºÃÓÑ¿ÉÔÚJAZZÄÐÊ¿ÏãË®¡¢¾­µäÈ«¸ÖÔ˶¯±í¡¢SANFOÖпÕËÄ¿×ÃÞÂÃÐÐ˯´ü¡¢È«Ì׶¡¶¡ÀúÏÕ¼ÇÖÐÑ¡Ôñ1·ÝÀñÆ·¡£

 
¡¡

1. ½«¶Ô»ñ½±Õß½øÐÐ×ÊÁÏÓèÒԺ˶ԣ¬Èç¹û³öÏÖÐé¼ÙÇé¿ö£¬È¡Ïû²Î¼Ó»î¶¯×ʸñ¡£
2. ÉîÛÚ°®¶ûÆÕÐÅÏ¢¿Æ¼¼ÓÐÏÞ¹«Ë¾ÓµÓжԻµÄ×îÖÕ½âÊÍȨ¡£
  

 
  
  
  

 
  

  

  


  

  


  
www.up30.com
  Copyright 2001 
  UP30com All rights reserved. 
  





__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

program flow of a SSL webclient

2001-11-16 Thread Julio Kriger 

Hi,
Is there any documentation about the program flow of a SSL webclient?
Thanks in advance,

Julio


Visite http://www.bancorio.com.ar y tenga el Banco al alcance de su mano.


NOTA DE CONFIDENCIALIDAD / CONFIDENTIALITY NOTE
Este mensaje (y sus anexos) es confidencial y puede contener informacion
(i) de propiedad exclusiva de Banco Rio de la Plata S.A. sus afiliadas o
subsidiarias; o (ii) amparada por el secreto profesional. Si usted ha
recibido este fax o e-mail por error, por favor comuniquelo
inmediatamente via fax o e-mail y tenga la amabilidad de destruirlo; no
debera copiar el mensaje ni divulgar su contenido a ninguna persona.
Muchas gracias.

This message (including attachments) is confidential. It may also
contain information that (i) is exclusively property of Banco Rio de la
Plata S.A. or its affiliates or subsidiaries; or (ii) is privileged or
otherwise legally exempt from disclosure. If you have received it by
mistake please let us know by fax or e-mail immediately and destroy or
delete it from your files or system; you should also not copy the
message nor disclose its contents to anyone. Thank you.
**
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

laser supplies

2001-11-16 Thread toner 




 VORTEX SUPPLIES 

YOUR LASER PRINTER TONER CARTRIDGE,
COPIER AND FAX CARTRIDGE CONNECTION

SAVE UP TO 30% FROM RETAIL

ORDER BY PHONE:1-888-288-9043
ORDER BY FAX: 1-888-977-1577
E-MAIL REMOVAL LINE: 1-888-248-4930


UNIVERSITY AND/OR SCHOOL PURCHASE ORDERS WELCOME. (NO CREDIT APPROVAL REQUIRED)
ALL OTHER PURCHASE ORDER REQUESTS REQUIRE CREDIT APPROVAL.
PAY BY CHECK (C.O.D), CREDIT CARD OR PURCHASE ORDER (NET 30 DAYS).

IF YOUR ORDER IS BY CREDIT CARD PLEASE LEAVE YOUR CREDIT CARD # PLUS EXPIRATION DATE. 
IF YOUR ORDER IS BY PURCHASE ORDER LEAVE YOUR SHIPPING/BILLING ADDRESSES AND YOUR P.O. 
NUMBER


NOTE: WE DO NOT CARRY 

1) XEROX, BROTHER, PANASONIC, FUJITSU PRODUCTS
2) HP DESKJETJET/INK JET OR BUBBLE JET CARTRIDGES 
3) CANON BUBBLE JET CARTRIDGES 
4) ANY OFFBRANDS BESIDES THE ONES LISTED BELOW.

OUR NEW , LASER PRINTER TONER CARTRIDGE, PRICES ARE  AS FOLLOWS: 
(PLEASE ORDER BY PAGE NUMBER AND/OR ITEM NUMBER)

HEWLETT PACKARD: (ON PAGE 2)

ITEM #1  LASERJET SERIES  4L,4P (74A)$44
ITEM #2  LASERJET SERIES  1100 (92A)-$44
ITEM #3  LASERJET SERIES  2 (95A)$39
ITEM #4  LASERJET SERIES  2P (75A)---$54 
ITEM #5  LASERJET SERIES  5P,6P,5MP, 6MP (3903A)--  -$44
ITEM #6  LASERJET SERIES  5SI, 8000 (09A)$95
ITEM #7  LASERJET SERIES  2100, 2200 (96A)---$74
ITEM #8  LASERJET SERIES  8100 (82X)-$115
ITEM #9  LASERJET SERIES  5L/6L (3906A)--$39
ITEM #10 LASERJET SERIES  4V-$95
ITEM #11 LASERJET SERIES 4000 (27X)--$79
ITEM #12 LASERJET SERIES 3SI/4SI (91A)---$54
ITEM #13 LASERJET SERIES 4, 4M, 5,5M-$49
ITEM #13A LASERJET SERIES 5000 (29X)-$125
ITEM #13B LASERJET SERIES 1200---$59
ITEM #13C LASERJET SERIES 4100---$99
ITEM #18   LASERJET SERIES 3100--$39
ITEM #19 LASERJET SERIES 4500 BLACK--$79
ITEM #20 LASERJET SERIES 4500 COLORS $125

HEWLETT PACKARD FAX (ON PAGE 2)

ITEM #14 LASERFAX 500, 700 (FX1)--$49
ITEM #15  LASERFAX 5000,7000 (FX2)$64
ITEM #16  LASERFAX (FX3)--$59
ITEM #17  LASERFAX (FX4)--$54


LEXMARK/IBM (ON PAGE 3)

OPTRA 4019, 4029 HIGH YIELD---$89
OPTRA R, 4039, 4049 HIGH YIELD---$105
OPTRA E310.312 HIGH YIELD$79

OPTRA E---$59
OPTRA N--$115
OPTRA S--$165
OPTRA T--$195
OPTRA E310/312---$79


EPSON (ON PAGE 4)

ACTION LASER 7000,7500,8000,9000--$105
ACTION LASER 1000,1500$105


CANON PRINTERS (ON PAGE 5)

PLEASE CALL FOR MODELS AND UPDATED PRICES
FOR CANON PRINTER CARTRIDGES

PANASONIC (0N PAGE 7)

NEC SERIES 2 MODELS 90 AND 95--$105

APPLE (0N PAGE 8)

LASER WRITER PRO 600 or 16/600--$49 
LASER WRITER SELECT 300,320,360-$74
LASER WRITER 300 AND 320$54
LASER WRITER NT, 2NT$54
LASER WRITER 12/640-$79

CANON FAX (ON PAGE 9)

LASERCLASS 4000 (FX3)---$59
LASERCLASS 5000,6000,7000 (FX2)-$54
LASERFAX 5000,7000 (FX2)$54
LASERFAX 8500,9000 (FX4)$54

CANON COPIERS (PAGE 10)

PC 3, 6RE, 7 AND 11 (A30)-$69
PC 300,320,700,720,760,900,910,920(E-40)--$89


90 DAY UNLIMITED WARRANTY INCLUDED ON ALL PRODUCTS.

ALL TRADEMARKS AND BRAND NAMES LISTED ABOVE ARE PROPERTY OF THE 
RESPECTIVE HOLDERS AND USED FOR DESCRIPTIVE PURPOSES ONLY.







__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl error

2001-11-16 Thread Rod Gilchrist 



Glover Barker wrote:

 I hate to distract from the original issue, but what is ethereal?  Some
 kind of dump or sniffer?  Where can it be found?


It comes up at the top of the google hit list on the name.

www.ethereal.com.

Yes, its great. 10 minute install, hit capture-start and
select an interface. Runs on most platforms.

Read the documentation about the reset button. Its
confusing at first as to what its doing, and you need
to know.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

FW: Generating an OpenSSL Key on Win2000

2001-11-16 Thread abg 

Hello,

I have just installed stunnel (stunnel-3.21c.exe) on my windows 2000
machine, and everything seems to be working well. The only problem I've run
into is generating a new .pem file. Since I am using the libssl32 and
libeay32 DLLs, I am unable to run commands like openssl req -new -x509
-days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem,
as suggested on stunnel.org.

How do I generate a key without the full openssl install?

Thank You,

Aaron Gillette
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl compile won't make .so

2001-11-16 Thread Richard Levitte - VMS Whacker 

From: Keary Suska [EMAIL PROTECTED]

hierophant 1. There is a specific reason that I am using rev a
hierophant instead of rev b, and I didn't think it relevant to the
hierophant problem. For the heck of it, I d/l and compiled rev b,
hierophant with the exact same result.

You're right, that doesn't make a difference.

hierophant 3. You are not addressing my question. I have good reason
hierophant to believe that openssl *won't* create shared objects on
hierophant my system, for whatever reason.

You're righ, and the reason is that when 0.9.6 was released, we didn't
know exactly how linux-ppc should be configured, so the configuration
data for it in Confiure was kept minimal.

I applied a change to the 0.9.6 branch a few days ago that should make
you happier.  Please try the latest 0.9.6 snapshot:

ftp://ftp.openssl.org/openssl-0.9.6-stable-SNAP-2005.tar.gz

or later...  Those snapshots show what's to become 0.9.6c.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]