openssL error:
hi i am getting the following error when i run the command: gcc -o client client.o -lcrypto -lssl In function 'main': undefined reference to 'init_OpenSSL' undefined reference to 'handle_error' --- what shud i do? please help! -- View this message in context: http://www.nabble.com/openssL-error%3A-tp15949473p15949473.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Help in ssl
Hi, I have hosting account with Powweb (call4save.com) and need to install my own ssl certificate. I have already signed certificate (CSR) from godaddy . May you please help. Tell me the price you'll take to configure my own ssl for me. Regards Terry Richardson
regarding ciphersuites
when I used the s_client command C:\OpenSSL\binopenssl s_client -connect localhost:443 Loading 'screen' into random state - done CONNECTED(02D0) depth=0 /CN=localhost verify error:num=18:self signed certificate verify return:1 depth=0 /CN=localhost verify return:1 --- Certificate chain 0 s:/CN=localhost i:/CN=localhost --- Server certificate -BEGIN CERTIFICATE- MIIBnzCCAQgCCQDKA7/Wm9ikUDANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwHhcNMDcwOTI3MTM0OTA0WhcNMTAwNjIzMTM0OTA0WjAUMRIwEAYD VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANygoxq7 uVMQUYvj6SwqlN4Mnd1co6jyCjSqXiLByEy7NjFL5RZAMnsI8qjy0Uc5ALEzTuG9 jwmpgD8pJoQ20gDtLSXsA1+Cg+9tY22OHM0blF+FqL/ki2PbTrmveeuX6xAq6uF9 mb50RxzdB/pzb5Y2Wib7AE1EV3NfwE5/kdF1AgMBAAEwDQYJKoZIhvcNAQEFBQAD gYEArIto9PhgnoDUs+BnG6UNqGbQeT0/XREqZHd7ut9sI8G4b7oSl3Kka4SRMq9B 2bI5QlVbPEQWr75T3jHm8SWYt76LNicW+Lc6IxL8XKMxNWwKYIrih/zAQFSxiNzg UhOECxmSTUT8pjGBYrpajniOmUuqqyYpp6GTVUUBnq8tRDU= -END CERTIFICATE- subject=/CN=localhost issuer=/CN=localhost --- No client certificate CA names sent --- SSL handshake has read 983 bytes and written 322 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: 5A1DEBBE6ADAB8224A3AFD439E9B4245E863D05A77271E5C80F97C82245AA9C3 Session-ID-ctx: Master-Key: 3571447AAC61AAC181EADB884F463C71926B158BA3465464FD42C32C53DBB8A6 5504C011C917DC2D409E7ACE467FE322 Key-Arg : None Start Time: 1205149468 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- cipher obtained is DHE-RSA-AES256-SHA. similarly when I created key using DSS cipher obtained is DHE-DSS-AES256-SHA. so how to obtain other ciphers such as ADH-DES-CBC-SHA EDH-DSS-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA mutual auth RSA-DES-CBC-SHA RSA-DES-CBC-SHA mutual auth thank u __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssL error:
Arp22 wrote: hi i am getting the following error when i run the command: gcc -o client client.o -lcrypto -lssl In function 'main': undefined reference to 'init_OpenSSL' undefined reference to 'handle_error' --- what shud i do? please help! I hope the fact that these are not Openssl functions should clear things up for you. So, basically find the code for those two missing functions and add it to your build. (Or you could remove references to the two functions; your action should depend on your code) -jb -- I used to think I was indecisive, but now I'm not so sure. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Doubt about the PKCS5_PBKDF2_HMAC_SHA1() function
Hello everybody, I have a doubt about the PKCS5_PBKDF2_HMAC_SHA1() function. I have to realize a master key derivation on the client and server, using a password to obtain the session encrypt key. I use the PKCS5_PBKDF2_HMAC_SHA1() function to reach this purpose. If i use the same input, should i receive the same result on both sides? What can i use as alternative to this function? Thanks for your help! _ Scarica GRATIS le tue emoticon preferite! http://intrattenimento.it.msn.com/emoticon/__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Help in ssl
On Sun, Mar 09, 2008 at 10:57:01PM -0400, Terry Richardson wrote: I have hosting account with Powweb (call4save.com) and need to install my own ssl certificate. I have already signed certificate (CSR) from godaddy . May you please help. Tell me the price you'll take to configure my own ssl for me. You were directed here in error. This is not the right place to ask. Good luck. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Doubt about the PKCS5_PBKDF2_HMAC_SHA1() function
Hello, I have a doubt about the PKCS5_PBKDF2_HMAC_SHA1() function. I have to realize a master key derivation on the client and server, using a password to obtain the session encrypt key. I use the PKCS5_PBKDF2_HMAC_SHA1() function to reach this purpose. If i use the same input, should i receive the same result on both sides? Yes. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Clarification questions on OpenSSL thread-safe support
After studying the OpenSSL threads(3) man page: http://openssl.org/docs/crypto/threads.html and the FAQ: http://openssl.org/support/faq.html#PROG1 I'm still a bit confused about what's needed when using OpenSSL in a threaded environment. Most of the confusion results from the statements in the FAQ, and perhaps these questions can result in a clarification of this section: Is OpenSSL thread-safe? Yes (with limitations: an SSL connection may not concurrently be used by multiple threads). On Windows and many Unix systems, OpenSSL automatically uses the multi-threaded versions of the standard libraries. If your platform is not one of these, consult the INSTALL file. Multi-threaded applications must provide two callback functions to OpenSSL by calling CRYPTO_set_locking_callback() and CRYPTO_set_id_callback(). (For OpenSSL 0.9.9 or later, the new function CRYPTO_set_idptr_callback() may be used in place of CRYPTO_set_id_callback().) This is described in the threads(3) manpage. My questions: 1. What I understand from this is that OpenSSL can be thread safe. In order for it to be safely used in multi-threaded applications, it needs: A. to be built with multi-threaded versions of the standard libraries, B. to have the application provide the two callback functions, and C. the application must avoid using the same SSL connection by two different threads. All of the above are necessary. In other words, it isn't sufficient that OpenSSL was built with the multi-threaded versions of the standard libraries. The application must also set up the callbacks. (True or False, please?) 2. Related to question 1, the thread-safe requirements (A and B above) are needed even if the different threads are not sharing an SSL connection. (My understanding is that connections can't ever be shared, and that the library still needs A and B in order to be thread-safe.) (True or false?) 3. Instead of B (implementing the two callback functions), is it sufficient for the application to provide it's own locking around all SSL library calls? In other words, if the application guarantees that only one thread will be in the library at a time, is that sufficient? 4. I'm guessing from the semantics of CRYPTO_set_locking_callback() and CRYPTO_set_id_callback(), that they are not to be called more than once from an application. It seems like they have to be called only at the beginning of the program, and not ever again. (True or False?) Is there a way to know if they have already been called later on? 5. There are some other dynlock functions described in the threads(3) man page. The wording on that page implies that they are only needed for performance, or maybe in a future version. In my current application, they don't seem to be called. Is it necessary to implement these? Will they only be for performance? If I don't implement them, will my application break in some future version of OpenSSL, or will it just run slower? (The confusion results because the current man page has wording: Multi-threaded applications might crash at random if it is not set, but also says dynamic locks are currently not used internally by OpenSSL, but may do so in the future and some parts of OpenSSL need it for better performance.) What's the real situation here? 6. Question 4 applies to the dynlock setup functions as well. Same answer about calling them multiple times? Any user-callable API to know whether they've already been called? 7. Not specifically concerning threads, but is it safe to call SSL_library_init() more than once? (Does the library protect against that, returning immediately if the initialization is already done? Many libraries do this.) How about SSL_load_error_strings()? ERR_load_BIO_strings()? Thanks for any help on these questions. Bryan Sutula __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
MOdifying Makefile for windows build...
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bryan Sutula Sent: Monday, March 10, 2008 7:23 PM To: openssl-users@openssl.org Subject: Clarification questions on OpenSSL thread-safe support After studying the OpenSSL threads(3) man page: http://openssl.org/docs/crypto/threads.html and the FAQ: http://openssl.org/support/faq.html#PROG1 I'm still a bit confused about what's needed when using OpenSSL in a threaded environment. Most of the confusion results from the statements in the FAQ, and perhaps these questions can result in a clarification of this section: Is OpenSSL thread-safe? Yes (with limitations: an SSL connection may not concurrently be used by multiple threads). On Windows and many Unix systems, OpenSSL automatically uses the multi-threaded versions of the standard libraries. If your platform is not one of these, consult the INSTALL file. Multi-threaded applications must provide two callback functions to OpenSSL by calling CRYPTO_set_locking_callback() and CRYPTO_set_id_callback(). (For OpenSSL 0.9.9 or later, the new function CRYPTO_set_idptr_callback() may be used in place of CRYPTO_set_id_callback().) This is described in the threads(3) manpage. My questions: 1. What I understand from this is that OpenSSL can be thread safe. In order for it to be safely used in multi-threaded applications, it needs: A. to be built with multi-threaded versions of the standard libraries, B. to have the application provide the two callback functions, and C. the application must avoid using the same SSL connection by two different threads. All of the above are necessary. In other words, it isn't sufficient that OpenSSL was built with the multi-threaded versions of the standard libraries. The application must also set up the callbacks. (True or False, please?) 2. Related to question 1, the thread-safe requirements (A and B above) are needed even if the different threads are not sharing an SSL connection. (My understanding is that connections can't ever be shared, and that the library still needs A and B in order to be thread-safe.) (True or false?) 3. Instead of B (implementing the two callback functions), is it sufficient for the application to provide it's own locking around all SSL library calls? In other words, if the application guarantees that only one thread will be in the library at a time, is that sufficient? 4. I'm guessing from the semantics of CRYPTO_set_locking_callback() and CRYPTO_set_id_callback(), that they are not to be called more than once from an application. It seems like they have to be called only at the beginning of the program, and not ever again. (True or False?) Is there a way to know if they have already been called later on? 5. There are some other dynlock functions described in the threads(3) man page. The wording on that page implies that they are only needed for performance, or maybe in a future version. In my current application, they don't seem to be called. Is it necessary to implement these? Will they only be for performance? If I don't implement them, will my application break in some future version of OpenSSL, or will it just run slower? (The confusion results because the current man page has wording: Multi-threaded applications might crash at random if it is not set, but also says dynamic locks are currently not used internally by OpenSSL, but may do so in the future and some parts of OpenSSL need it for better performance.) What's the real situation here? 6. Question 4 applies to the dynlock setup functions as well. Same answer about calling them multiple times? Any user-callable API to know whether they've already been called? 7. Not specifically concerning threads, but is it safe to call SSL_library_init() more than once? (Does the library protect against that, returning immediately if the initialization is already done? Many libraries do this.) How about SSL_load_error_strings()? ERR_load_BIO_strings()? Thanks for any help on these questions. Bryan Sutula __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Hi, I'm working on a porting OpenSSL to a new RTOS. My development environment and compiler run on Windows not Linux. I'd like to modify the Makefile to compile the sources under Windows. Can anyone suggest what may be
Modifying Makefile for windows build...
Sorry for the previous post, long day. I'm working on a porting OpenSSL to a new RTOS. My development environment and compiler run on Windows not Linux. I'd like to modify the Makefile to compile the sources under Windows. Can anyone suggest what may be involved to get a compilation working under Windows? Should I be using cygwin? Or other alternatives? I'm reading the GNU Make manual 3.81, but am having issues with successfully invoking a compilation. Thanks, Frank - - - - - Appended by Scientific Atlanta, a Cisco company - - - - - This e-mail and any attachments may contain information which is confidential, proprietary, privileged or otherwise protected by law. The information is solely intended for the named addressee (or a person responsible for delivering it to the addressee). If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete it from your computer. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: cipher algorithms
I can partially answer question #1. Yes, the client send the list of ciphers it supports to the server. The server will then pick the 'strongest' cipher from the list for negotiating the session. The priority is based on strength, best I can tell and differ between server implementations. For instance IIS and Apache will negotiate slightly different as far as what each considers 'stronger'. If your definition of random is each web server platform being a bit different in negotiation, then yes it is random ;) (sarcasm) Hope that helps, Brian Trzupek On Mar 4, 2008, at 5:28 AM, Baur, Mateus (Brazil RD-CL) wrote: Hi All, I have some doubts regarding OpenSSL cipher algorithms and I was wondering if someone could help me with that. 1) If my understanding is correct, the client sends the list of supported cipher algorithms and the server will choose one algorithm of such list in order to establish the secure channel. Is there some priority for the algorithms? For instances, will it favor AES in lieu DES whenever supported by the client? Or is the algorithm chosen randomly? 2) How is the symmetric key negotiated in OpenSSL? Does it use Diffie-Hellman or RSA? Or does it vary depending on client request? If the second, what is used if client supports both? Thanks in advance, Mateus