If you're on Win32, just type up the query, copy it, then in the console window's system menu (alt+spacebar), select 'Edit', and then 'Paste'.
The two programs run in different processes, and don't particularly care about sessions. (They're not bound to Windows conventions like Windows-specific software usually is.) Just two separate cmd.exe prompts would be enough. (The reason I say 'write up a valid answer to the query' is so that you can paste it into an s_server that you connect your application to, to ensure that it isn't going to get garbage back.) -Kyle H On 2/8/06, Lee Colclough <[EMAIL PROTECTED]> wrote: > Fantastic response, just what I needed, thanks Kyle. > > Now, I have done as you suggested: > > The s_server tests showed a perfect XML message in the s_server window, > so that seems fine. > > The s_client test I assumed I had to run in a separate session whiles > the s_server command was still running - output looked like this: [snipped for brevity] > Which seems fine - from then on, whatever I typed in the client window > appeared in the server window, so this is ok too by the sound of it. > > One thing you did mention - ' manually generate some valid queries and > valid > answers to those queries' - did you mean manually code some soap > messages and pass them to s_client, to see what the server returns? No > problem doing this, but how do I get them into s_client? > > Thanks again, you've been a lifesaver. > > Lee. > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton > Sent: 08 February 2006 14:28 > To: openssl-users@openssl.org > Subject: Re: Decryption question > > In order for a certificate to have any meaning, it must include a > public key (of whatever type), and the private key should be kept > private for that side. > > Thus, you've created three keypairs: one for the CA, one for the > server, one for the client. > > The CA's certificate is self-signed, and you've given that certificate > to both the server and the client. > > The server's certificate is signed by the CA, and you've given it to the > server. > > The client's certificate is signed by the CA, and you've given it to the > client. > > Okay. Now, I understand what you're trying to do -- you're trying to > use SOAP in place of DCOM [which, btw, I applaud :)]. There's a whole > bunch of things that can go wrong on either side -- this is where the > openssl command-line program comes in handy. > > What you want to do is manually generate some valid queries and valid > answers to those queries, because what you're going to do is fake the > server, and then fake the client. To fake the server, get the server > cert and key out and put it into a new directory, name it server.pem, > copy the CA cert to the new directory, name it CA.pem, and then type > the following: 'openssl s_server -accept (portnum) -crlf -cert > server.pem -CAfile CA.pem' (obviously, you want to replace portnum > with the actual port you're trying to use -- MAKE SURE THAT NOTHING > ELSE IS LISTENING ON IT, OR YOU WILL GET AN ERROR). > > Then, use the client to connect to it, and send a request. If it > comes through properly (i.e., you can read it), the client is > respecting the certificate that the server is sending. Hit ctrl-c to > stop the server, and then do the same line, except append '-Verify > CA.pem' to the end of it, and then perform the test again. If it > comes through, then it's not an SSL problem on the client or server > end, and you will have to look at gSOAP for the answer. > > To test what the server is sending back to the client, you use almost > the same command, except it's: 'openssl s_client -connect > hostname:port -verify CA.pem -cert client.pem -crlf -CAfile CA.pem' > > If you send a valid request via that mechanism, and it's logged as a > valid request on the server side, then your problem is in your > application (or, more specifically, its SOAP client library). > > I hope this helps you troubleshoot it. :) > > <snip> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
