.
6. This is somewhat of a Heisenbug as turning on debug prints,
such as SSL_CTX_set_info_callback() that would allow me to
see if it is in accept processing, makes the bug go away.
The openssl was configured and compiled as follows:
"sampo-debug-linux-pentium", "
them, it should consider it to be invalid.
Perhaps the s_client code is not a good example of the validity checking
that should be done to the certificates? I think the code was written
to print the error but continue anyway. This is not how it should be
in real life: you should abort the connection
One more significant peculiarity of my situation I forgot to mention:
7. I am using ClientTLS authentication (using self signed cert)
Cheers,
--Sampo
sa...@zxid.org said:
> With OpenSSL-1.0.1c downloaded from openssl.org and compiled from source
> on x86 Linux 2.6 (LinuxMint 12) using gcc
so this is not a factor there).
Thus the 1.0.1c .so files should have different version number. If they
do not, then that is a bug.
Cheers,
--Sampo
"Thakur, Praveen Kumar" said:
> I don't see any issue if .so files extension is 1.0.0. However, I wanted to
> confirm that
.c:170
(gdb)
The core dump does not happen if I statically link against 1.0.1c
libraries.
The usage is multithreaded server with ClientTLS connection. Nonblocking
io with epoll loop and delayed accept.
The bug reproduces about 25% of the time. It requires at least 3 threads
and two TLS clients
upgraded makes
it possible for newer programs to dynalically link against 1.0.0
libraries and then you get a core.
Only safe solution is to statically link.
Cheers,
--Sampo
>
> Erik Tkal
> Juniper OAC/UAC/Pulse Development
>
>
>
f course it is possible that a new handshake happens
in midconnection. I wonder if there is any way to prevent that.
I'll try adding light debug prints and more locks to see if
your theory is right (problem with debug prints is the
heisenbug effect).
Cheers,
--Sampo
> cjs
> --
> Curt
]
if (!SSL_set_fd(bu->ssl, (int)bu->fd)) {
Is this something to worry about?
The platform is mingw-w64.
Cheers,
--Sampo
__
OpenSSL Project http://www.openssl.org
User Support Mailin
rn 0;
}
p = unbase64_raw(p, e, buf, zx_std_index_64);
if (!d2i_PrivateKey(typ, &pk, (const unsigned char**)&buf, p-buf) || !pk) {
zx_report_openssl_err("extract_private_key");
ERR("DER decoding of private key failed.\n%d", 0
t we have a beer one of these days
and talk it over?
Ben wrote:
> Yeah, you are wrong - anyone can provide the interface, it doesn't have
> to be us.
It does not have to be you, but if production quality module set was
developed, it
I just upgraded Net::SSLeay.pm to understand OpenSSL version numbers.
Some small bugfixes were included as well.
Download from CPAN, e.g:
ftp.funet.fi:/pub/languages/perl/CPAN/authors/id/SAMPO/Net_SSLeay.pm-1.03.tar.gz
or from my site
http://www.neuronio.pt/SSLeay.pm.html
Ed Peschko <[EMAIL PROTECTED]> writes:
> PS: has anyone successfully used openSSL on solaris? With SSLeay, I was getting
> core dumps consistently. Also, is there a FAQ on Net::SSLeay.pm?
Not to my knowledge. What question do you propo
any way to obtain random numbers in
your platform? If there is, you could open perl pipe (or just use
backticks) to such program and read randomness from it. You have to modify
the rource to do this, but its not hard.
--Sampo
_
",
);
Note the libraries as per Eric's instructions. Then just build as usual.
All works like a charm - or at least `make test' passes OK.
As it was so easy to get it working, I'll include RSAref support out
of box in the next release.
--Sampo
P.S. The platform used to m
angent, current version (1.03) is known not to compile
with OpenSSL-0.9.2b (on any platform). Part of the problem seems to be
in the ssl.h file distributed with OpenSSL-0.9.2 ... I'm working on
this, expect to hear more tonight.
--Sampo
__
t;\n";
($page, $response, %reply_headers)
= post_https($site, $port, $url, $headers, $form);
print $page, "\n";
print "Response:\n$response\n";
#EOF
The make_headers() will work around this in version 1.06. For the time being
here's a patched version of make_
losing const. The
warning is not dangerous, I just need to figure out how to get XS
compiler to pass const qualifier correctly.
In short term, you should look in your compiler's documentation to find
the flag that allows you
Lars Eggert <[EMAIL PROTECTED]> writes:
> -BEGIN PGP SIGNED MESSAGE-
>
> sampo> I just wrapped a new release. This is quite rough and badly tested
> sampo> release so if you are in production environment and happy with 1.03,
> sampo> don't up
obably even better is
>
> system "$^X examples/makecert.pl examples $ssleay_path $silent";
True.
Now, could you provide me a snippet showing how I can discover in Perl
that I am running on Windows platform. That way Makefile.PL will be
able to automatically adap
hen', 'nothing'=>'');
You basically got the right idea on make_headers().
>
> ($page, $response, %reply_headers)
>= post_https($server, $port, $uri,
> make_headers(
> 'User-Agent' => $user_agent
o with SSL23 vs SSL3. Recently in a similar case
it was enough to add
$Net::SSLeay::ssl_version = 3;
just after `use Net::SSLeay;'
I believe this is general problem with OpenSSL. Has anyone tried this
with s_client? The problem never manifests if you force either SSL2 or
SSL3, but does happe
", \
443, "/cgi/bbc/request.dll?FRONTPAGE")'
Get Net::SSLeay from CPAN or
http://www.bacus.pt/Net_SSLeay/index.html
--Sampo
> If I can do it there, I should be able to do it at datek.com as well.
>
> Any ideas? Please at least cc: a copy of yo
nutzer=$ARGV[0]&passwort=$ARGV[1]&B1=+Anmelden+")'
[EMAIL PROTECTED] [EMAIL PROTECTED]
> I'm glad that i found your module with which i can retrieve web page as i
> used to do it with netcat and normal web pages (http protocol).
> I'm not fa
I tested Net::SSLeay-1.05 with OpenSSL-0.9.4. Works fine. You can
safely ignore the warning about too new OpenSSL
Test was performed on
Net::SSLeay-1.05
OpenSSL-0.9.4
perl5.005_02
i686
Linux-2.0.35
egcs-1.1.1 rel
glibc-2.0.6
--Sampo
nly covers producing signatures, you
should be able to infer quite a lot about what all this signature
stuff is all about and hence develop the verification part based on
OpenSSL.
Check
http://www.bacus.pt/Net_SSLeay/smime.html
--Sampo
__
=?UTF-8?B?UmnEjWFyZGFzIMSMZXBhcw==?= <[EMAIL PROTECTED]> writes:
> --ibTvN161/egqYuK8
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
>
> On Tue Sep 21 13:38:24 1999 +
>(Antradienis, 1999 m. rugs=C4=97jo 21 d. 1
ot;$user:$pass"))
);
print "Result was `$result'\n";
foreach $h (sort keys %headers) {
print "Header `$h'\tvalue `$headers{$h}'\n";
}
print $page;
--Sampo
>
> My platform is solaris.
>
> Thanks,
> Craig
__
ybody knows the switch to use in the perl module Net::SSLeay that
> uses OpenSSL that would it force it to use SSLv3?
use Net::SSLeay;
$Net::SSLeay::ssl_version = 3;
RTFM. Or look at the top of SSLeay.pm.
--Sampo
___
'$Net::SSLeay::ssl_version=3; print
Dumper Net::SSLeay::get_https("sw40.pacbell.com", 443, "/")'
This works to the extent that the server sends a forbidden response,
so perhaps its once again the OpenSSL SSL version detection heuristic
being incompat
SMIME TOOL VERSION 0.7
==
17.11.1999, Sampo Kellomaki <[EMAIL PROTECTED]>
Available from
http://www.bacus.pt/Net_SSLeay/smime.html
or as part of (future) OpenSSL-0.9.5 (see www.openssl.org)
Smime tool is a set of utilities for doing smime signatures as w
30 matches
Mail list logo
