rn 0;
}
p = unbase64_raw(p, e, buf, zx_std_index_64);
if (!d2i_PrivateKey(typ, &pk, (const unsigned char**)&buf, p-buf) || !pk) {
zx_report_openssl_err("extract_private_key");
ERR("DER decoding of private key failed.\n%d", 0
]
if (!SSL_set_fd(bu->ssl, (int)bu->fd)) {
Is this something to worry about?
The platform is mingw-w64.
Cheers,
--Sampo
__
OpenSSL Project http://www.openssl.org
User Support Mailin
f course it is possible that a new handshake happens
in midconnection. I wonder if there is any way to prevent that.
I'll try adding light debug prints and more locks to see if
your theory is right (problem with debug prints is the
heisenbug effect).
Cheers,
--Sampo
> cjs
> --
> Curt
upgraded makes
it possible for newer programs to dynalically link against 1.0.0
libraries and then you get a core.
Only safe solution is to statically link.
Cheers,
--Sampo
>
> Erik Tkal
> Juniper OAC/UAC/Pulse Development
>
>
>
.c:170
(gdb)
The core dump does not happen if I statically link against 1.0.1c
libraries.
The usage is multithreaded server with ClientTLS connection. Nonblocking
io with epoll loop and delayed accept.
The bug reproduces about 25% of the time. It requires at least 3 threads
and two TLS clients
so this is not a factor there).
Thus the 1.0.1c .so files should have different version number. If they
do not, then that is a bug.
Cheers,
--Sampo
"Thakur, Praveen Kumar" said:
> I don't see any issue if .so files extension is 1.0.0. However, I wanted to
> confirm that
One more significant peculiarity of my situation I forgot to mention:
7. I am using ClientTLS authentication (using self signed cert)
Cheers,
--Sampo
sa...@zxid.org said:
> With OpenSSL-1.0.1c downloaded from openssl.org and compiled from source
> on x86 Linux 2.6 (LinuxMint 12) using gcc
them, it should consider it to be invalid.
Perhaps the s_client code is not a good example of the validity checking
that should be done to the certificates? I think the code was written
to print the error but continue anyway. This is not how it should be
in real life: you should abort the connection
.
6. This is somewhat of a Heisenbug as turning on debug prints,
such as SSL_CTX_set_info_callback() that would allow me to
see if it is in accept processing, makes the bug go away.
The openssl was configured and compiled as follows:
"sampo-debug-linux-pentium", "
t we have a beer one of these days
and talk it over?
Ben wrote:
> Yeah, you are wrong - anyone can provide the interface, it doesn't have
> to be us.
It does not have to be you, but if production quality module set was
developed, it
SMIME TOOL VERSION 0.7
==
17.11.1999, Sampo Kellomaki <[EMAIL PROTECTED]>
Available from
http://www.bacus.pt/Net_SSLeay/smime.html
or as part of (future) OpenSSL-0.9.5 (see www.openssl.org)
Smime tool is a set of utilities for doing smime signatures as w
'$Net::SSLeay::ssl_version=3; print
Dumper Net::SSLeay::get_https("sw40.pacbell.com", 443, "/")'
This works to the extent that the server sends a forbidden response,
so perhaps its once again the OpenSSL SSL version detection heuristic
being incompat
ybody knows the switch to use in the perl module Net::SSLeay that
> uses OpenSSL that would it force it to use SSLv3?
use Net::SSLeay;
$Net::SSLeay::ssl_version = 3;
RTFM. Or look at the top of SSLeay.pm.
--Sampo
___
ot;$user:$pass"))
);
print "Result was `$result'\n";
foreach $h (sort keys %headers) {
print "Header `$h'\tvalue `$headers{$h}'\n";
}
print $page;
--Sampo
>
> My platform is solaris.
>
> Thanks,
> Craig
__
=?UTF-8?B?UmnEjWFyZGFzIMSMZXBhcw==?= <[EMAIL PROTECTED]> writes:
> --ibTvN161/egqYuK8
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
>
> On Tue Sep 21 13:38:24 1999 +
>(Antradienis, 1999 m. rugs=C4=97jo 21 d. 1
nly covers producing signatures, you
should be able to infer quite a lot about what all this signature
stuff is all about and hence develop the verification part based on
OpenSSL.
Check
http://www.bacus.pt/Net_SSLeay/smime.html
--Sampo
__
I tested Net::SSLeay-1.05 with OpenSSL-0.9.4. Works fine. You can
safely ignore the warning about too new OpenSSL
Test was performed on
Net::SSLeay-1.05
OpenSSL-0.9.4
perl5.005_02
i686
Linux-2.0.35
egcs-1.1.1 rel
glibc-2.0.6
--Sampo
nutzer=$ARGV[0]&passwort=$ARGV[1]&B1=+Anmelden+")'
[EMAIL PROTECTED] [EMAIL PROTECTED]
> I'm glad that i found your module with which i can retrieve web page as i
> used to do it with netcat and normal web pages (http protocol).
> I'm not fa
", \
443, "/cgi/bbc/request.dll?FRONTPAGE")'
Get Net::SSLeay from CPAN or
http://www.bacus.pt/Net_SSLeay/index.html
--Sampo
> If I can do it there, I should be able to do it at datek.com as well.
>
> Any ideas? Please at least cc: a copy of yo
o with SSL23 vs SSL3. Recently in a similar case
it was enough to add
$Net::SSLeay::ssl_version = 3;
just after `use Net::SSLeay;'
I believe this is general problem with OpenSSL. Has anyone tried this
with s_client? The problem never manifests if you force either SSL2 or
SSL3, but does happe
hen', 'nothing'=>'');
You basically got the right idea on make_headers().
>
> ($page, $response, %reply_headers)
>= post_https($server, $port, $uri,
> make_headers(
> 'User-Agent' => $user_agent
obably even better is
>
> system "$^X examples/makecert.pl examples $ssleay_path $silent";
True.
Now, could you provide me a snippet showing how I can discover in Perl
that I am running on Windows platform. That way Makefile.PL will be
able to automatically adap
Lars Eggert <[EMAIL PROTECTED]> writes:
> -BEGIN PGP SIGNED MESSAGE-
>
> sampo> I just wrapped a new release. This is quite rough and badly tested
> sampo> release so if you are in production environment and happy with 1.03,
> sampo> don't up
losing const. The
warning is not dangerous, I just need to figure out how to get XS
compiler to pass const qualifier correctly.
In short term, you should look in your compiler's documentation to find
the flag that allows you
t;\n";
($page, $response, %reply_headers)
= post_https($site, $port, $url, $headers, $form);
print $page, "\n";
print "Response:\n$response\n";
#EOF
The make_headers() will work around this in version 1.06. For the time being
here's a patched version of make_
angent, current version (1.03) is known not to compile
with OpenSSL-0.9.2b (on any platform). Part of the problem seems to be
in the ssl.h file distributed with OpenSSL-0.9.2 ... I'm working on
this, expect to hear more tonight.
--Sampo
__
",
);
Note the libraries as per Eric's instructions. Then just build as usual.
All works like a charm - or at least `make test' passes OK.
As it was so easy to get it working, I'll include RSAref support out
of box in the next release.
--Sampo
P.S. The platform used to m
any way to obtain random numbers in
your platform? If there is, you could open perl pipe (or just use
backticks) to such program and read randomness from it. You have to modify
the rource to do this, but its not hard.
--Sampo
_
Ed Peschko <[EMAIL PROTECTED]> writes:
> PS: has anyone successfully used openSSL on solaris? With SSLeay, I was getting
> core dumps consistently. Also, is there a FAQ on Net::SSLeay.pm?
Not to my knowledge. What question do you propo
I just upgraded Net::SSLeay.pm to understand OpenSSL version numbers.
Some small bugfixes were included as well.
Download from CPAN, e.g:
ftp.funet.fi:/pub/languages/perl/CPAN/authors/id/SAMPO/Net_SSLeay.pm-1.03.tar.gz
or from my site
http://www.neuronio.pt/SSLeay.pm.html
30 matches
Mail list logo
