100% CPU usage problem

2009-03-16 Thread Pinak Tripathy
Hi, My application uses EPOLL. I have integrated openSSL in my application. While running the application with 2000 client application takes 100% CPU usage. If change my application to use "select" it works fine. Please suggest regarding this. Thanks in advance for your help. B

Problem installing OpenSSLeay

2009-03-16 Thread Akshatha Kumar (RBEI/ECF2)
Hello, Could you please tell me if OpenSSl required to install Crypt::SSLeay module? Also how can I get a pre-compiled version of OpenSSl for perl 5.6.1? I am using Windows XP and don't have a C compiler installed. Thank you. Best Regards, Akshatha

Re: Error showed up in openssl-SNAP-20090315

2009-03-16 Thread Rob Austein
Looks like an incomplete conversion from assert() to OPENSSL_assert(). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List

error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table

2009-03-16 Thread Arnaud Launay
Hello there, Investigating a strange thing with postfix: Mar 16 10:37:40 host postfix/smtpd[27618]: warning: TLS library problem: 27618:error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table:x509_lu.c:348: I tried the following: openssl s_server -verify 5 -CA

Re: Error showed up in openssl-SNAP-20090315

2009-03-16 Thread Ger Hobbelt
Checked against this morning's CVS HEAD 0.9.9 and no problem at all. I also compared the changes to the distribution to the patch which I filed regarding assert vs OPENSSL_assert in v3_addr (PR: 1863) and it was applied correctly and completely. There is no need for in v3_addr.c. (Though I do see

CA cert in DER format usage

2009-03-16 Thread sudeepta
Hi, I am writing a server application which is supposed to use certificates/keys in DER format only. In my code, I am using the following functions for loading the server certificate and its private key respectively. SSL_CTX_use_certificate_file(pSSLCtx,"server.cer",SSL_FILETYPE_ASN1) and SSL_CT

Re: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table

2009-03-16 Thread Victor Duchovni
On Mon, Mar 16, 2009 at 11:30:41AM +0100, Arnaud Launay wrote: > Hello there, > > Investigating a strange thing with postfix: > > Mar 16 10:37:40 host postfix/smtpd[27618]: warning: TLS library problem: > 27618:error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert > already in hash

RE: 100% CPU usage problem

2009-03-16 Thread David Schwartz
> Hi, > > My application uses EPOLL. I have integrated openSSL in my > application. While running the application with 2000 client application > takes 100% CPU usage. If change my application to use "select" it works > fine. > > Please suggest regarding this. > > Thanks in advance for

Re: CA cert in DER format usage

2009-03-16 Thread Victor Duchovni
On Mon, Mar 16, 2009 at 06:00:13AM -0700, sudeepta wrote: > I am writing a server application which is supposed to use certificates/keys > in DER format only. Why? Any why not convert any provided DER to PEM and use that? > In my code, I am using the following functions for > loading the server

Re: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table

2009-03-16 Thread Arnaud Launay
Le Mon, Mar 16, 2009 at 09:37:44AM -0400, Victor Duchovni a écrit: > > Mar 16 10:37:40 host postfix/smtpd[27618]: warning: TLS library problem: > > 27618:error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert > > already in hash table:x509_lu.c:348: > Don't list any certificate twice i

Re: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table

2009-03-16 Thread Victor Duchovni
On Mon, Mar 16, 2009 at 04:08:04PM +0100, Arnaud Launay wrote: > > Make sure that you don't have duplicate certificate files in > > /etc/ssl/certs, that differ only in the file name, run > > c_rehash(1) to cleanup any stale symlinks. > > Already did. Seems either the gentoo certificate pack is wr

Re: TLS, BIOs, SSL_read/write

2009-03-16 Thread Victor Duchovni
On Sun, Mar 15, 2009 at 11:14:04PM -0500, Galina Goncharov wrote: > an other thought - I didn't notice your third SSL_set_bio(m_ssl, NULL, > bioMem); so my suggestion wasn't quite correct. and its always usfull to > get error by calling SSL_get_error() - it can point to right direction. > and bel

Re: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table

2009-03-16 Thread Arnaud Launay
Le Mon, Mar 16, 2009 at 11:20:26AM -0400, Victor Duchovni a ?crit: > Instead of "md5sum *", try the more robust: > for cert in *; do openssl x509 -in $cert -noout -sha1 -fingerprint; done | > sort | uniq -c | sort -nr | head -1 > to eliminate "cosmetic" cert file differences. We're getti

Re: CA cert in DER format usage

2009-03-16 Thread Kyle Hamilton
SSL_FILETYPE_ASN1 should handle DER format. SSL_FILETYPE_PEM should handle PEM format. If it does not, it's a bug. Which version of the OpenSSL library are you using? -Kyle H On Mon, Mar 16, 2009 at 6:00 AM, sudeepta wrote: > > Hi, > > I am writing a server application which is supposed to us

Re: CA cert in DER format usage

2009-03-16 Thread Kyle Hamilton
Actually, I'm perhaps a bit wrong. Open the file containing the DER representation of the certificate, read the file to its end, get the length that you read, close the file, and then SSL_CTX_use_certificate_ASN1(sslctx, len, derbuffer);. -Kyle H On Mon, Mar 16, 2009 at 12:46 PM, Kyle Hamilton

Re: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table

2009-03-16 Thread Victor Duchovni
On Mon, Mar 16, 2009 at 07:02:21PM +0100, Arnaud Launay wrote: > > Do any of the files contain multiple certs ? > > Holy shit... There are two certicates in cacert.org.crt... One > beginning at 2003, the other one at 2005. Cleaning the older make > the thing work, but probably breaks older certif

RE: TLS, BIOs, SSL_read/write

2009-03-16 Thread Nate Leon
That was the trick - I was trying to write to a : BIO* bioMem = BIO_new(BIO_f_buffer()); which doesn't really make sense. Indeed, this is working: BIO* bioMem = BIO_new(BIO_s_mem()); SSL_set_bio(m_ssl, NULL, bioMem); SSL_write(m_ssl, responseData, nRespDataSize); My SSL object (m_

Re: Problem installing OpenSSLeay

2009-03-16 Thread Kyle Hamilton
Yes, it is. You can go to http://www.openssl.org/related/binaries.html to get a link to a third-party contributed precompiled binary for Win32. (And: thank you, Shining Light Productions, for providing it!) -Kyle H On Mar 13, 2009, at 11:46 PM, Akshatha Kumar (RBEI/ECF2) wrote: Hello,

RE: PBE Key creation

2009-03-16 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of brechmos > Sent: Thursday, 12 March, 2009 17:55 > Yeah, I appreciate that. > > What I can't see in the docs is how the key and IV is defined from the > password and if I can do that without calling the openssl enc > call. If the > key and IV

RE: CA cert in DER format usage

2009-03-16 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of sudeepta > Sent: Monday, 16 March, 2009 08:00 > I am writing a server application which is supposed to use > certificates/keys > in DER format only. In my code, I am using the following functions for > loading the server certificate and its priv