http://www.nnseek.com/e/mailing.openssl.users/ Posts for mailing.openssl.users Thu, 04 Sep 2008 23:18:08 PDT http://www.nnseek.com/ http://www.nnseek.com/img/64.png 64 64 NNSeek http://www.nnseek.com/e/mailing.openssl.users/technomarine_technosquare_chronograph_ladies_watch_160240555t.html http://www.nnseek.com/e/mailing.openssl.users/technomarine_technosquare_chronograph_ladies_watch_160240555t.html Discount Watches

TechnoMarine TechnoSquare Chronograph Ladies Watch Site:
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7419.html

Thank you for choosing http://www.pxhelp.com/

Quality Technomarine Watches: http://technomarine-watches.pxhelp.com/


TechnoMarine TechnoSquare Chronograph Ladies Watch AdditionalInfo :

Watches Brand : Technomarine Watches ( http://technomarine-watches.pxhelp.com/
)
Gender : Ladies
Model : technomarine-technosquare-tsc99-1073
Also Called :
Case Material : Stainless steel
Movement : Quartz
Crystal : Scratch Resistant Sapphire
Dial Color : White
Clasp : Blue leather
Bezel : Stainless steel
Case Thickness : 32mm
Water Resistant : 100m/330ft

OUT OF STOCKTechnoMarine TechnoSquare Chronograph Ladies Watch This
TechnoMarine TechnoSquare Chronograph Ladies Watch watch case is made
out of Stainless steel. The White dial is covered in Sapphire. The
case diameter is 32 mm. This TechnoMarine TechnoSquare Chronograph
Ladies Watch is water resistant up to 100 m / 330 ft. TechnoMarine
TechnoSquare Chronograph Ladies Watch TechnoMarine TechnoSquare
Chronograph Ladies Watch Brand TechnomarineSeries Technomarine
TechnosquareGender LadiesCase Material Stainless steelCase Diameter
32mmDial Color WhiteBezel Stainless steelMovement QuartzClasp
TangBracelet Blue leatherWater Resistant 100m/330ftCrystal Scratch
Resistant SapphireWarranty 2 Year Pxhelp.com WarrantyTechnoMarine
TechnoSquare Chronograph Ladies Watch is brand new, join thousands of
satisfied customers and buy your TechnoMarine TechnoSquare Chronograph
Ladies Watch with total satisfaction . A Pxhelp.com 30 Day Money Back
Guarantee is included with every TechnoMarine TechnoSquare Chronograph
Ladies Watch for secure, risk-free online shopping. Pxhelp.com does
not charge sales tax for the TechnoMarine TechnoSquare Chronograph
Ladies Watch, unless shipped within New York State. Pxhelp.com is
rated 5 stars on the Yahoo! network.

Other Technomarine Watches You Might Like

TechnoMarine XS Magnum Leather Chronograph Men's Watch XSCM21
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7455.html
TechnoMarine TechnoSquare Chronograph Ladies Watch TSC99-1008
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7420.html
TechnoMarine Diamond Ladies Watch DXSL09
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7472.html
TechnoMarine Butterfly Ladies Watch LRBK04
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7308.html
Technomarine TMY Brown Chronograph Unisex Watch TMY26
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7446.html
Technomarine TMY Red Chronograph Unisex Watch TMY07
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7445.html
TechnoMarine TechnoSquare Chronograph Ladies Watch TSC99-1016
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7396.html
TechnoMarine TechnoSquare Chronograph Ladies Watch TSC99-1016
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7396.html
Technomarine Apnea X Black Unisex Watch TMAX02
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7297.html
Technomarine KRA Unisex Watch KRA05
http://technomarine-watches.pxhelp.com/Technomarine-wristwatch-7329.html

Posted In: mailing.openssl.users

no comments

Reply

]]> Thu, 04 Sep 2008 23:18:08 PDT http://www.nnseek.com/e/mailing.openssl.users/error_when_creating_certificate_in_hpux_160080299t.html http://www.nnseek.com/e/mailing.openssl.users/error_when_creating_certificate_in_hpux_160080299t.html I appreciate the clarification on HPUX 11.11 RNG. When I scanned HPUX documentation for RNG info a couple of months back, it was not totally clear to me what my OpenSSL-enabled app should do when installed on a 11.11 site host. One take was to, upon installation on 11.11, ask installer if they were ok with having the app start RNG if needed, then figuring out if it was needed.

-----Original Message-----
From: owner-openssl-users@openssl.org
[mailto:owner-openssl-users@openssl.org]On Behalf Of Huey, Mike
Sent: Wednesday, September 03, 2008 3:58 PM
To: openssl-users@openssl.org
Subject: RE: Error when creating certificate in HPUX


If you are on 11.11 you need to see if you have random number generator installed. You can get the rand gen product for 11.11 from:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRN...

If you do not want to install a random number generator, then check to see if prngd is running. If prngd is not running you can start it by

:/sbin/init.d/prngd.rc start

It would be useful to know what version of HP-UX and OpenSSL you are using.

You can get the latest openssl for HP-UX at:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPE...

-Mike

-----Original Message-----
From: owner-openssl-users@openssl.org [mailto:owner-openssl-users@openssl.org] On Behalf Of Tan, Liao
Sent: Wednesday, September 03, 2008 5:52 AM
To: openssl-users@openssl.org
Subject: Error when creating certificate in HPUX

Folks,
Im trying to find solution for this issue. When running the command below

openssl genrsa -des3 -out mydomain.com.key 1024

to create the key pair certificate, it gives me the error:

=====================
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
26995:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:503:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
26995:error:04081003:rsa routines:RSA_BUILTIN_KEYGEN:BN lib:rsa_gen.c:183:
=====================

Please, any idea on wot´s going on? This is a production machine, Im in touch with the SA, I wont be able to perform tests, reallocate files, etc.

Please your prompt attention.
Thank you
Ingrid


______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

Posted In: mailing.openssl.users

no comments

Reply

]]> Thu, 04 Sep 2008 13:28:23 PDT http://www.nnseek.com/e/mailing.openssl.users/need_to_upgrade_openssl_on_my_solaris10_server_160249259t.html http://www.nnseek.com/e/mailing.openssl.users/need_to_upgrade_openssl_on_my_solaris10_server_160249259t.html Hello,

We have security holes that need to be fixed on our Solaris 10 server.
I have applied the Solaris 10 "Recommended and Security" patch bundle
that was updated on 09/02/08. One of the security holes is will
openssl. How do I upgrade it? Currently we are running: OpenSSL
0.9.7d 17 Mar 2004 (+ security patches to 2006-09-29). I would like to
go to the lastest which I believe is: OpenSSL 0.9.8h. How do I get
the PKG for the latest version. I found a tar file located at
http://www.openssl.org/source/ , but don't know how I can apply it to my
system.

Thanks,
Randy Grode
Cargill, Inc







Need to upgrade openssl on my Solaris10 server




Hello,


We have security holes that need to be fixed on our Solaris 10 server.  I have applied the Solaris 10  "Recommended and Security" patch bundle that was updated on 09/02/08.   One of the security holes is will openssl.   How do I upgrade it?   Currently we are running: OpenSSL 0.9.7d 17 Mar 2004 (+ security patches to 2006-09-29).  I would like to go to the lastest which I believe is: OpenSSL 0.9.8h.   ; How do I get the PKG for the latest version.   I  found a tar file located at http://www.openssl.org/source/ , but don't know how I can apply it to my system.

Thanks,
Randy Grode

Cargill, Inc

Posted In: mailing.openssl.users

no comments

Reply

]]> Thu, 04 Sep 2008 12:07:56 PDT http://www.nnseek.com/e/mailing.openssl.users/solaris_x86_32_bit_openssl_installation_issue_160065963t.html http://www.nnseek.com/e/mailing.openssl.users/solaris_x86_32_bit_openssl_installation_issue_160065963t.html I am attempting to install OpenSSL 0.9.8h on a Solaris x86 32 bit virtual
machine.

I am able to ./config, make and make install but make test fails.

Here is the error I am receiving:

# make test
testing...
making all in apps...
../util/shlib_wrap.sh ./destest
*** Signal 11 - core dumped
make: Fatal error: Command failed for target `test_des'
Current working directory /opt/src/openssl-0.9.8h/test
*** Error code 1
The following command caused the error:
(cd test && echo "testing..." && \
TOP= && unset TOP ${LIB+LIB} ${LIBS+LIBS} ${INCLUDE+INCLUDE}
${INCLUDES+INCLUDES} ${DIR+DIR} ${DIRS+DIRS} ${SRC+SRC}
${LIBSRC+LIBSRC} ${LIBOBJ+LIBOBJ} ${ALL+ALL} ${EXHEADER+EXHEADER}
${HEADER+HEADER} ${GENERAL+GENERAL} ${CFLAGS+CFLAGS}
${ASFLAGS+ASFLAGS} ${AFLAGS+AFLAGS} ${LDCMD+LDCMD}
${LDFLAGS+LDFLAGS} ${SHAREDCMD+SHAREDCMD}
${SHAREDFLAGS+SHAREDFLAGS} ${SHARED_LIB+SHARED_LIB}
${LIBEXTRAS+LIBEXTRAS} && make -e PLATFORM='solaris-x86-gcc' PROCESSOR=''
CC='gcc' CFLAG='-fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -march=pentium -Wall
-DL_ENDIAN -DOPENSSL_NO_INLINE_ASM -DOPENSSL_BN_ASM_PART_WORDS -DSHA1_ASM
-DMD5_ASM -DRMD160_ASM -DAES_ASM' AS='gcc' ASFLAG='-fPIC
-DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3
-fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM
-DOPENSSL_BN_ASM_PART_WORDS -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c'
AR='ar r' PERL='/usr/bin/perl' RANLIB='/usr/ccs/bin/ranlib'
SDIRS='objects md2 md4 md5 sha hmac ripemd des aes rc2 rc4 idea bf cast
bn ec rsa dsa ecdsa dh ecdh dso engine buffer bio stack lhash rand err evp
asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 store
pqueue' LIBRPATH='/usr/local/ssl/lib' INSTALL_PREFIX=''
INSTALLTOP='/usr/local/ssl' OPENSSLDIR='/usr/local/ssl'
MAKEDEPEND='$${TOP}/util/domd $${TOP} -MD gcc'
DEPFLAG='-DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CMS
-DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779
-DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT' MAKEDEPPROG='gcc'
SHARED_LDFLAGS='-shared' KRB5_INCLUDES='' LIBKRB5=''
EXE_EXT='' SHARED_LIBS='libcrypto.so.0.9.8 libssl.so.0.9.8'
SHLIB_EXT='.so.0.9.8' SHLIB_TARGET='solaris-shared' PEX_LIBS=''
EX_LIBS='-lsocket -lnsl -ldl' CPUID_OBJ='x86cpuid-elf.o'
BN_ASM='bn86-elf.o co86-elf.o' DES_ENC='dx86-elf.o yx86-elf.o'
AES_ASM_OBJ='ax86-elf.o' BF_ENC='bx86-elf.o'
CAST_ENC='c_enc.o' RC4_ENC='rx86-elf.o rc4_skey.o' RC5_ENC='r586-elf.o'
SHA1_ASM_OBJ='sx86-elf.o' MD5_ASM_OBJ='mx86-elf.o'
RMD160_ASM_OBJ='rm86-elf.o' THIS=${THIS:-tests}
MAKEFILE=Makefile MAKEOVERRIDES= TOP=.. TESTS='alltests'
OPENSSL_DEBUG_MEMORY=on tests );
make: Fatal error: Command failed for target `tests'

Does anyone have any ideas how to resolve this?

Thanks,
Matthew
--------------------------------------------------------
Matthew Maddox
IT Systems Developer and Coordinator
Webster University
470 East Lockwood Avenue
Saint Louis, MO 63119
314-246-8282 ofc
314-963-6134 fax
maddox@webster.edu













I am attempting to
install OpenSSL 0.9.8h on a Solaris x86 32 bit virtual
machine.
 
I am able to
./config, make and make install but make test fails.
 
Here is the error I
am receiving:
 
# make
testtesting...making all in apps...../util/shlib_wrap.sh
./destest*** Signal 11 - core dumpedmake: Fatal error: Command failed
for target `test_des'Current working directory
/opt/src/openssl-0.9.8h/test*** Error code 1The following command caused
the error:(cd test && echo "testing..." && \TOP=
&& unset TOP ${LIB+LIB}
${LIBS+LIBS}        ${INCLUDE+INCLUDE}
${INCLUDES+INCLUDES}         ${DIR+DIR}
${DIRS+DIRS}
${SRC+SRC}             
${LIBSRC+LIBSRC} ${LIBOBJ+LIBOBJ} ${ALL+ALL}   
${EXHEADER+EXHEADER}
${HEADER+HEADER}          
${GENERAL+GENERAL}
${CFLAGS+CFLAGS}            
${ASFLAGS+ASFLAGS}
${AFLAGS+AFLAGS}            
${LDCMD+LDCMD}
${LDFLAGS+LDFLAGS}              
${SHAREDCMD+SHAREDCMD}
${SHAREDFLAGS+SHAREDFLAGS}      
${SHARED_LIB+SHARED_LIB} ${LIBEXTRAS+LIBEXTRAS} && make -e
PLATFORM='solaris-x86-gcc' PROCESSOR=''  CC='gcc' CFLAG='-fPIC
-DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3
-fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM
-DOPENSSL_BN_ASM_PART_WORDS -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-DAES_ASM'                    
AS='gcc' ASFLAG='-fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN
-DOPENSSL_NO_INLINE_ASM -DOPENSSL_BN_ASM_PART_WORDS -DSHA1_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM
-c'                    
AR='ar  r' PERL='/usr/bin/perl'
RANLIB='/usr/ccs/bin/ranlib'    SDIRS='objects  md2 md4 md5
sha hmac ripemd  des aes rc2 rc4 idea bf cast  bn ec rsa dsa ecdsa dh
ecdh dso engine  buffer bio stack lhash rand err  evp asn1 pem x509
x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5  store pqueue'
LIBRPATH='/usr/local/ssl/lib'   
INSTALL_PREFIX=''              
INSTALLTOP='/usr/local/ssl'
OPENSSLDIR='/usr/local/ssl'        
MAKEDEPEND='$${TOP}/util/domd $${TOP} -MD gcc' 
DEPFLAG='-DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CMS
-DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779
-DOPENSSL_NO_SEED
-DOPENSSL_NO_TLSEXT'        
MAKEDEPPROG='gcc'                      
SHARED_LDFLAGS='-shared'               
KRB5_INCLUDES='' LIBKRB5=''     EXE_EXT=''
SHARED_LIBS='libcrypto.so.0.9.8 libssl.so.0.9.8'    ;
SHLIB_EXT='.so.0.9.8' SHLIB_TARGET='solaris-shared'    
PEX_LIBS='' EX_LIBS='-lsocket -lnsl -ldl'      
CPUID_OBJ='x86cpuid-elf.o'                     
BN_ASM='bn86-elf.o co86-elf.o' DES_ENC='dx86-elf.o
yx86-elf.o'         
AES_ASM_OBJ='ax86-elf.o'                       
BF_ENC='bx86-elf.o' CAST_ENC='c_enc.o'  RC4_ENC='rx86-elf.o rc4_skey.o'
RC5_ENC='r586-elf.o'   
SHA1_ASM_OBJ='sx86-elf.o'                      
MD5_ASM_OBJ='mx86-elf.o'                       
RMD160_ASM_OBJ='rm86-elf.o'            
THIS=${THIS:-tests} MAKEFILE=Makefile MAKEOVERRIDES= TOP=.. TESTS='alltests'
OPENSSL_DEBUG_MEMORY=on tests );make: Fatal error: Command failed for target
`tests'
Does anyone have any
ideas how to resolve this?
 
Thanks,
Matthew
--------------------------------------------------------
Matthew Maddox
IT Systems Developer and
Coordinator
Webster University
470 East Lockwood Avenue
Saint Louis, MO 63119
314-246-8282 ofc
314-963-6134 fax
maddox@webster.edu
 
 
 
 
 
 

Posted In: mailing.openssl.users

1 Comment

Reply

]]> Thu, 04 Sep 2008 10:59:42 PDT http://www.nnseek.com/e/mailing.openssl.users/problems_making_certificate_request_160051115t.html http://www.nnseek.com/e/mailing.openssl.users/problems_making_certificate_request_160051115t.html I've been trying to secure site with open ssl and have made a number of attempts and have gotten many errors. Any help with the following error would be very helpful. Thanks in advance:

I get the following error upon issuing the following command:

C:\Program Files\Apache Software Foundation\Apache2.2\bin>openssl req -config openssl.cnf -new -out my-server.csrLoading 'screen' into random state - doneGenerating a 1024 bit RSA private key...++++++.....++++++writing new private key to 'privkey.pem'Enter PEM pass phrase:Verifying - Enter PEM pass phrase:-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.
.
.
A challenge password []:hutchError adding attribute5144:error:0D0BA041:asn1 encoding routines:ASN1_STRING_set:malloc failure:.\crypto\asn1\asn1_lib.c:381:5144:error:0B08A041:x509 certificate routines:X509_ATTRIBUTE_set1_data:malloc failure:.\crypto\x509\x509_att.c:317:

I'm trying to create an SSL certificate for an svn repository. Thanks for any help.

_________________________________________________________________
Want to do more with Windows Live? Learn “10 hidden secrets” from Jamie.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008




.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}


I've been trying to secure site with open ssl and have made a number of attempts and have gotten many errors. Any help with the following error would be very helpful. Thanks in advance:
 
I get the following error upon issuing the following command:
 
C:\Program Files\Apache Software Foundation\Apache2.2\bin>openssl req -config openssl.cnf -new -out my-server.csrLoading 'screen' into random state - doneGenerating a 1024 bit RSA private key...++++++.....++++++writing new private key to 'privkey.pem'Enter PEM pass phrase:Verifying - Enter PEM pass phrase:-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.
.
.
A challenge password []:hutchError adding attribute5144:error:0D0BA041:asn1 encoding routines:ASN1_STRING_set:malloc failure:.\crypto\asn1\asn1_lib.c:381:5144:error:0B08A041:x509 certificate routines:X509_ATTRIBUTE_set1_data:malloc failure:.\crypto\x509\x509_att.c:317:
 
I'm trying to create an SSL certificate for an svn repository. Thanks for any help. 
 Want to do more with Windows Live? Learn “10 hidden secrets” from Jamie. Learn Now

Posted In: mailing.openssl.users

no comments

Reply

]]> Thu, 04 Sep 2008 09:27:12 PDT http://www.nnseek.com/e/mailing.openssl.users/creating_private_key_160051627t.html http://www.nnseek.com/e/mailing.openssl.users/creating_private_key_160051627t.html Hi all,
I want generate a private key and certificate using openssl commands
Earlier I was generating both these files using
openssl req -config /usr/local/ssl/openssl.cnf -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365
That time I was getting the error "asn1 encoding routines:ASN1_get_object:header too long:asn_lib.c"
Then I started creating private key using the command
openssl genrsa > cakey.pem
and I was using certificate file from the above command.

Now I get the errors
14478:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:399:
14478:error:2107207F:PKCS7 routines:PKCS7_decrypt:private key does not match certificate:pk7_smime.c:465:

Both these errors indicate mismatch between private key and the certificate file
Please suggest me any method to generate both these files such that I get the error free response.

Thanks in advance to all of you
Please help me
Regards,
Abhishek

________________________________________
Public email at Nabble.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

Posted In: mailing.openssl.users

1 Comment

Reply

]]> Thu, 04 Sep 2008 07:39:48 PDT http://www.nnseek.com/e/mailing.openssl.users/perform_a_key_exchange_key_negotiation_using_asymmetric_160000683t.html http://www.nnseek.com/e/mailing.openssl.users/perform_a_key_exchange_key_negotiation_using_asymmetric_160000683t.html Hello,

could anybody explain me how to modify this programm, to use only keys instead of certificates ?

Thanks to all.

-------------------------------------------------------------------------------------------------------------------------------------------------

/* serv.cpp - Minimal ssleay server for Unix
30.9.1996, Sampo Kellomaki */


/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
Simplified to be even more minimal
12/98 - 4/99 Wade Scholine mail.cybg.com> */

#include
#include
#include
#include
#include
#include
#include
#include
#include
#include

#include /* SSLeay stuff */
#include
#include
#include
#include
#include


/* define HOME to be dir for key and cert files... */
#define HOME "./"
/* Make these what you want for cert & key files */
#define CERTF HOME "foo-cert.pem"
#define KEYF HOME "foo-cert.pem"


#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }

void main ()
{
int err;
int listen_sd;
int sd;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
size_t client_len;
SSL_CTX* ctx;
SSL* ssl;
X509* client_cert;
char* str;
char buf [4096];
SSL_METHOD *meth;

/* SSL preliminaries. We keep the certificate and key with the context. */

SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();
ctx = SSL_CTX_new (meth);
if (!ctx) {
ERR_print_errors_fp(stderr);
exit(2);
}

if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(3);
}
if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(4);
}

if (!SSL_CTX_check_private_key(ctx)) {
fprintf(stderr,"Private key does not match the certificate public key\n");
exit(5);
}

/* ----------------------------------------------- */
/* Prepare TCP socket for receiving connections */

listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket");

memset (&sa_serv, '\0', sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (1111); /* Server Port number */

err = bind(listen_sd, (struct sockaddr*) &sa_serv,
sizeof (sa_serv)); CHK_ERR(err, "bind");

/* Receive a TCP connection. */

err = listen (listen_sd, 5); CHK_ERR(err, "listen");

client_len = sizeof(sa_cli);
sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
CHK_ERR(sd, "accept");
close (listen_sd);

printf ("Connection from %%lx, port %%x\n",
sa_cli.sin_addr.s_addr, sa_cli.sin_port);

/* ----------------------------------------------- */
/* TCP connection is ready. Do server side SSL. */

ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl); CHK_SSL(err);

/* Get the cipher - opt */

printf ("SSL connection using %%s\n", SSL_get_cipher (ssl));

/* Get client's certificate (note: beware of dynamic allocation) - opt */

client_cert = SSL_get_peer_certificate (ssl);
if (client_cert != NULL) {
printf ("Client certificate:\n");

str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t subject: %%s\n", str);
OPENSSL_free (str);

str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t issuer: %%s\n", str);
OPENSSL_free (str);

/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */

X509_free (client_cert);
} else
printf ("Client does not have certificate.\n");

/* DATA EXCHANGE - Receive message and send reply. */

err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
printf ("Got %%d chars:'%%s'\n", err, buf);

err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err);

/* Clean up. */

close (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - serv.cpp */






Hello,
 
could anybody explain me how to modify this programm, to use only keys instead of certificates ?
 
Thanks to all.
 
-------------------------------------------------------------------------------------------------------------------------------------------------
 
/* serv.cpp  -  Minimal ssleay server for Unix   30.9.1996, Sampo Kellomaki */
 
/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b  ; Simplified to be even more minimal   12/98 - 4/99 Wade Scholine */
 
#include #include #include #include #include #include #include #include #include #include
 
#include        /* SSLeay stuff */#include #include #include #include #include
 
/* define HOME to be dir for key and cert files... */#define HOME "./"/* Make these what you want for cert & key files */#define CERTF  HOME "foo-cert.pem"#define KEYF  HOME  "foo-cert.pem"
 
#define CHK_NULL(x) if ((x)==NULL) exit (1)#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
 
void main (){  int err;  int listen_sd;  int sd;  struct sockaddr_in sa_serv;  struct sockaddr_in sa_cli;  size_t client_len;  SSL_CTX* ctx;  SSL*     ssl;  X509*    client_cert;  char*    str;  char     buf [4096];  SSL_METHOD *meth;    /* SSL preliminaries. We keep the certificate and key with the context. */
 
  SSL_load_error_strings();  SSLeay_add_ssl_algorithms();  meth = SSLv23_server_method();  ctx = SSL_CTX_new (meth);  if (!ctx) {    ERR_print_errors_fp(stderr);    exit(2);  }    if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM)

Posted In: mailing.openssl.users

1 Comment

Reply

]]> Thu, 04 Sep 2008 03:29:01 PDT http://www.nnseek.com/e/mailing.openssl.users/rsa_padding_check_pkcs1_type_1_160006315t.html http://www.nnseek.com/e/mailing.openssl.users/rsa_padding_check_pkcs1_type_1_160006315t.html Hi all,

I am very new to openssl.
I am trying to create a certificate using scep. I am using opnessl-0.9.8h for thsi implementation
I am using a private key generated using openssl genrsa > cakey.pem command.
for creating certificate I am using the following command.
openssl req -config /usr/local/ssl/openssl.cnf -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365

I am getting the following error on the scep server side
24818:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
24818:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:699:
24818:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature failure:pk7_doit.c:981:


also if use the cakey.pem genrates using
openssl req -config /usr/local/ssl/openssl.cnf -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365
command I get following error
8848:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150
So I have to use the private key generated using openssl genrsa > cakey.pem method.
Please help me, how to resolve this error

Thanks in advance.
Regards,
Abhishek

________________________________________
Public email at Nabble.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

Posted In: mailing.openssl.users

no comments

Reply

]]> Thu, 04 Sep 2008 02:56:42 PDT http://www.nnseek.com/e/mailing.openssl.users/rsa_routines_rsa_padding_check_pkcs1_type_1_block_type_159994539t.html http://www.nnseek.com/e/mailing.openssl.users/rsa_routines_rsa_padding_check_pkcs1_type_1_block_type_159994539t.html Hi all,
I am working with openssl-0.9.8h to generate SCEP certificates. I am getting
the following errors while the SCEP server is trying to verify the
signatures:

24293:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type
is not 01:rsa_pk1.c:100:
24293:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.c:699:
24293:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature
failure:pk7_doit.c:981:

I have generated my private key through openssl genrsa >cakey.pem and
certificate using openssl req -config /usr/local/ssl/openssl.cnf -new -x509
-keyout private/cakey.pem -out cacert.pem -days 365.
Can anybody tell me how can I add padding to my certificate signing request.

Please help me.

Thanks in advance.
Regards,
Abhishek
--
View this message in context: http://www.nabble.com/rsa-routines%%3ARSA_padding_check_PKCS1_type_1%%3Ablock-type...
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

Posted In: mailing.openssl.users

2 Comments

Reply

]]> Thu, 04 Sep 2008 02:20:54 PDT http://www.nnseek.com/e/mailing.openssl.users/how_to_query_out_crl_by_using_dirname_in_crl_distribution_159983019t.html http://www.nnseek.com/e/mailing.openssl.users/how_to_query_out_crl_by_using_dirname_in_crl_distribution_159983019t.html Dear all:

I have a CA certificate. Its distributionPoint field contains a
directoryName(DirName). It's a DN in LDAP. So, if I get ldap server ip and
reserve whatever configured in DirName, can I do ldapsearch? If not, how can
I query out crl by using this DirName. And again, it points to an entry in
LDAP.

Many many thanks for any kind help.

Best Regards
Jean
--
View this message in context: http://www.nabble.com/how-to-query-out-crl-by-using-DirName-in-crl-distribution-field...
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

Posted In: mailing.openssl.users

no comments

Reply

]]> Wed, 03 Sep 2008 22:43:33 PDT