Search Results

Search found 890 results on 36 pages for 'openssl'.

Page 2/36 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Making OpenSSL work on PHP Windows 2008 server with FastCGI

    - by KacieHouser
    I have been researching all day. Here is what I have done: In C:/PHP/php.ini and C:/PHP/php-cgi-fcgi.ini I have made the extension_dir = "C:/PHP/ext" I uncommented extension=php_openssl.dll I went to http://windows.php.net/download/ and got the thread safe version with the PHP 5.4 (5.4.8) version of DLL's In C:/PHP/ext I replaced the php_openssl.dll with the one I downloaded In System32 and SysWOW64 I added the following DLL's ssleay.dll libeay.dll I restarted the IIS server in the Server Manager under Web Server and stopped and started the World Wide Web Publishing Service That didn't work, so I tried same thing with the unthreaded versions. I still get: Fatal error: Call to undefined function ftp_ssl_connect() in C:\inetpub\wwwroot\REMOVED_dev\save_data.php on line 5 Here are related things from phpinfo(): System Windows NT DEV-WEB1 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586 Compiler MSVC9 (Visual C++ 2008) Architecture x86 Configure Command cscript /nologo configure.js "--enable-snapshot-build" "--enable-debug-pack" "--disable-zts" "--disable-isapi" "--disable-nsapi" "--without-mssql" "--without-pdo-mssql" "--without-pi3web" "--with-pdo-oci=C:\php-sdk\oracle\instantclient10\sdk,shared" "--with-oci8=C:\php-sdk\oracle\instantclient10\sdk,shared" "--with-oci8-11g=C:\php-sdk\oracle\instantclient11\sdk,shared" "--with-enchant=shared" "--enable-object-out-dir=../obj/" "--enable-com-dotnet" "--with-mcrypt=static" "--disable-static-analyze" "--with-pgo" Server API CGI/FastCGI Configuration File (php.ini) Path C:\Windows Loaded Configuration File C:\PHP\php-cgi-fcgi.ini Scan this dir for additional .ini files (none) Additional .ini files parsed (none) Registered PHP Streams php, file, glob, data, http, ftp, zip, compress.zlib, compress.bzip2, https, ftps, sqlsrv, phar Registered Stream Socket Transports tcp, udp, ssl, sslv3, sslv2, tls FTP support enabled Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, pop3, pop3s, rtsp, scp, sftp, smtp, smtps, telnet, tftp openssl OpenSSL support enabled OpenSSL Library Version OpenSSL 0.9.8t 18 Jan 2012 OpenSSL Header Version OpenSSL 0.9.8x 10 May 2012 What am I missing here?

    Read the article

  • I recompiled dozens of times, why is my OpenSSL Library and Header still not the same?

    - by Doug
    openssl OpenSSL support enabled OpenSSL Library Version OpenSSL 0.9.8o 01 Jun 2010 OpenSSL Header Version OpenSSL 1.0.1 14 Mar 2012 From PHP (5.4.4) info, this is the problem I have. I am dry out of ideas, and I cannot understand why it ins't working. This was my configure: ./configure '--with-apxs2=/etc/apache24/bin/apxs' '--with-mysql' '--prefix=/etc/apache24/php' '--with-config-file-path=/etc/apache24/php' '--enable-force-cgi-redirect' '--disable-cgi' '--with-zlib' '--with-gettext' '--with-curl' '--with-mcrypt' '--with-gd' '--with-pdo' '--with-pdo-mysql' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-libdir=lib32' '--with-openssl=shared,/usr' '--with-mysqli'

    Read the article

  • Connecting to Exchange Server 2003 over POP using openssl s_client

    - by Andreas Jansson
    Hi, I'm trying to fetch emails programmatically from Exchange 2003 over POP. As a proof of concept I'm trying to connect using openssl s_client. I've started the POP service on my Exchange server. Trying to connect using openssl s_client -connect MYEXCHANGESERVER:995 returns 20303:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: Trying openssl s_client -connect MYEXCHANGESERVER:995 -starttls pop3 returns CONNECTED(00000003) write:errno=32 Forgive a newb - I'm basically shooting wildly in the dark with no idea on what I'm supposed to be doing. In the past I've read my GMail over openssl s_client, and setting up those certificates was easy and well documented. I would imagine I need to set up some sort of certificate here as well, and I've looked a bit at using a .pfx file. But like I said, I'm completely lost here. Thankful for any advice, Andreas

    Read the article

  • PHP - Centos OpenSSL error

    - by mabbs
    i'm currently having a problem with OpenSSL on my Centos 6.5 Server. it ran perfectly fine until sunday. and i checked the error_log and i saw this error in the log PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/openssl.so' - /usr/lib64/php/modules/openssl.so: cannot open shared object file: No such file or directory in Unknown on line 0 i tried phpinfo(); and i found that openssl is enabled i tried php -m it returned [PHP Modules] bz2 calendar Core ctype curl date dom ereg exif fileinfo filter ftp gd gettext gmp hash iconv interbase json libxml mbstring mcrypt memcache mysql mysqli openssl pcntl pcre PDO PDO_Firebird pdo_mysql pdo_sqlite Phar pspell readline Reflection session shmop SimpleXML snmp sockets SPL sqlite3 standard tokenizer wddx xml xmlreader xmlrpc xmlwriter xsl zip zlib UPDATE this is what i got from rpm -qa | grep php just like what Mike Suggested php-php-gettext-1.0.11-3.el6.noarch php-mcrypt-5.3.3-3.el6.x86_64 php-interbase-5.3.3-3.el6.x86_64 php-pdo-5.3.3-27.el6_5.1.x86_64 php-5.3.3-27.el6_5.1.x86_64 php-mysql-5.3.3-27.el6_5.1.x86_64 php-snmp-5.3.3-27.el6_5.1.x86_64 php-gd-5.3.3-27.el6_5.1.x86_64 php-xml-5.3.3-27.el6_5.1.x86_64 php-pear-1.9.4-4.el6.noarch php-pecl-memcache-3.0.5-4.el6.x86_64 phpMyAdmin-3.5.8.2-1.el6.noarch php-common-5.3.3-27.el6_5.1.x86_64 php-cli-5.3.3-27.el6_5.1.x86_64 php-devel-5.3.3-27.el6_5.1.x86_64 php-mbstring-5.3.3-27.el6_5.1.x86_64 php-xmlrpc-5.3.3-27.el6_5.1.x86_64 php-pspell-5.3.3-27.el6_5.1.x86_64

    Read the article

  • Can't get Apache 2.2.21 to compile with OpenSSL support

    - by angstwad
    Alright -- having a bad couple days here compiling Apache 2.2.21 on CentOS 5.7 with the following configure commands: ./configure --enable-ssl=shared --with-ssl=/usr/local/openssl I've compiled from source OpenSSL 1.0.0e from source: ./config --prefix=/usr/local --openssldir=/usr/local/openssl shared zlib-dynamic I attempt to start Apache and it returns: httpd: Syntax error on line 54 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: undefined symbol: SSL_get_servername If I look at how the libraries are linked, this is what I get: [root@web1 modules]# ldd mod_ssl.so libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaaace4000) libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaaaf30000) libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaab281000) libz.so.1 => /lib64/libz.so.1 (0x00002aaaab486000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00002aaaab69a000) libc.so.6 => /lib64/libc.so.6 (0x00002aaaab8b5000) libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002aaaabc0e000) libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaabe3c000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaac0d1000) libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaac2d4000) /lib64/ld-linux-x86-64.so.2 (0x0000555555554000) libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002aaaac4f9000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaac702000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaac904000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaacb19000) libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaacd32000) Basically, I've tired compiling from source OpenSSL (both 0.9.8r and 1e), having yum reinstall from the repos, done a make clean and remade both OpenSSL and Apache numerous times -- but I can't get it to compile into the apache base or dynamically as a shared object file. What am I doing wrong here? Update 1: After doing a make clean and make distclean, I've reconfigured with the same parameters as above without any effect. The config.log is at Pastebin. Update 2: Modifying the LD_LIBRARY_PATH had no effect on the lib-deps of mod_ssl.so. UPDATE 3: I've compiled and recompiled many times, and verified with ldconfig that the OpenSSL libs dir is in my path, and included in ld.so.conf. Still cannot get httpd/mod_ssl to load the library at runtime.

    Read the article

  • Can't open an SSH session because of OpenSSL version mismatch [on hold]

    - by user3287849
    I just ran apt-get upgrade, and according to /var/log/apt/history.log, openssl has been updated to version 1.0.1e-2+rvt+deb7u7. Now I have one SSH session still open, but I can't open another one. I restarted SSH, which returned OpenSSL version mismatch. Built against 1000105f, you have 10001080. I tried apt-get remove openssl && apt-get install openssl with no luck. I'm running debian on a raspberry pi. Edit: moved to SuperUser

    Read the article

  • Generate a use a Openssl certificate in Tomcat

    - by Safari
    I need to enable SSL on my Tomcat and Apache so I need to generate the (self-signed) certificate using Openssl tool end, about Tomcat, I need to import the certificate using keytool. I know that is necessary to convert (openssl) certificate to Tomcat compatible format. So I need to Use OpenSSL to convert the certificate into an PKCS12 keystore an I need to Import this keystore using keytool and export as Tomcat compatible keystore. But I not understood how can I convert a my certificate (generated with Openssl) into a requested Tomcat format? is possible to explain me all the steps to reach my goal? thanks

    Read the article

  • OpenSSL.NET can't export private key with null Cipher

    - by Nick
    I've recently discovered OpenSSL.NET and it's a pretty sweet little wrapper. I'm trying to execute the following code: public static void DoSomething(byte[] buf) { OpenSSL.Core.BIO input = new OpenSSL.Core.BIO(buf); OpenSSL.X509.X509Certificate b = OpenSSL.X509.X509Certificate.FromPKCS12(input, "passphrase"); OpenSSL.Core.BIO outs = OpenSSL.Core.BIO.MemoryBuffer(false); b.PrivateKey.WritePrivateKey(outs, OpenSSL.Crypto.Cipher.Null, "passphrase"); outs.SetClose(OpenSSL.Core.BIO.CloseOption.Close); Console.WriteLine(outs.ReadString()); } Problem comes at the "b.PrivateKey.WritePrivateKey(.." line. I want to write the private key out without any encryption. According to spec, if I use a Null cipher type this should do the trick, but it never works, regardless of the cert I use in buf. Here's the exception: error:0D0A706C:asn1 encoding routines:PKCS5_pbe2_set:cipher has no object identifier error:2307D00D:PKCS12 routines:PKCS8_encrypt:ASN1 lib I know this part works fine because if I specify any other cipher type, it exports the private key without fail. Anyone have any suggestions?

    Read the article

  • How to tell if SPARC T4 crypto is being used?

    - by danx
    A question that often comes up when running applications on SPARC T4 systems is "How can I tell if hardware crypto accleration is being used?" To review, the SPARC T4 processor includes a crypto unit that supports several crypto instructions. For hardware crypto these include 11 AES instructions, 4 xmul* instructions (for AES GCM carryless multiply), mont for Montgomery multiply (optimizes RSA and DSA), and 5 des_* instructions (for DES3). For hardware hash algorithm optimization, the T4 has the md5, sha1, sha256, and sha512 instructions (the last two are used for SHA-224 an SHA-384). First off, it's easy to tell if the processor T4 crypto instructions—use the isainfo -v command and look for "sparcv9" and "aes" (and other hash and crypto algorithms) in the output: $ isainfo -v 64-bit sparcv9 applications crc32c cbcond pause mont mpmul sha512 sha256 sha1 md5 camellia kasumi des aes ima hpc vis3 fmaf asi_blk_init vis2 vis popc These instructions are not-privileged, so are available for direct use in user-level applications and libraries (such as OpenSSL). Here is the "openssl speed -evp" command shown with the built-in t4 engine and with the pkcs11 engine. Both run the T4 AES instructions, but the t4 engine is faster than the pkcs11 engine because it has less overhead (especially for smaller packet sizes): t-4 $ /usr/bin/openssl version OpenSSL 1.0.0j 10 May 2012 t-4 $ /usr/bin/openssl engine (t4) SPARC T4 engine support (dynamic) Dynamic engine loading support (pkcs11) PKCS #11 engine support t-4 $ /usr/bin/openssl speed -evp aes-128-cbc # t4 engine used by default . . . The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 487777.10k 816822.21k 986012.59k 1017029.97k 1053543.08k t-4 $ /usr/bin/openssl speed -engine pkcs11 -evp aes-128-cbc engine "pkcs11" set. . . . The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 31703.58k 116636.39k 350672.81k 696170.50k 993599.49k Note: The "-evp" flag indicates use the OpenSSL "EnVeloPe" API, which gives more accurate results. That's because it tells OpenSSL to use the same API that external programs use when calling OpenSSL libcrypto functions, evp(3openssl). DTrace Shows if T4 Crypto Functions Are Used OK, good enough, the isainfo(1) command shows the instructions are present, but how does one know if they are being used? Chi-Chang Lin, who works on Oracle Solaris performance, wrote a Dtrace script to show if T4 instructions are being executed. To show the T4 instructions are being used, run the following Dtrace script. Look for functions named "t4" and "yf" in the output. The OpenSSL T4 engine uses functions named "t4" and the PKCS#11 engine uses functions named "yf". To demonstrate, I'll first run "openssl speed" with the built-in t4 engine then with the pkcs11 engine. The performance numbers are not valid due to dtrace probes slowing things down. t-4 # dtrace -Z -n ' pid$target::*yf*:entry,pid$target::*t4_*:entry{ @[probemod, probefunc] = count();}' \ -c "/usr/bin/openssl speed -evp aes-128-cbc" dtrace: description 'pid$target::*yf*:entry' matched 101 probes . . . dtrace: pid 2029 has exited libcrypto.so.1.0.0 ENGINE_load_t4 1 libcrypto.so.1.0.0 t4_DH 1 libcrypto.so.1.0.0 t4_DSA 1 libcrypto.so.1.0.0 t4_RSA 1 libcrypto.so.1.0.0 t4_destroy 1 libcrypto.so.1.0.0 t4_free_aes_ctr_NIDs 1 libcrypto.so.1.0.0 t4_init 1 libcrypto.so.1.0.0 t4_add_NID 3 libcrypto.so.1.0.0 t4_aes_expand128 5 libcrypto.so.1.0.0 t4_cipher_init_aes 5 libcrypto.so.1.0.0 t4_get_all_ciphers 6 libcrypto.so.1.0.0 t4_get_all_digests 59 libcrypto.so.1.0.0 t4_digest_final_sha1 65 libcrypto.so.1.0.0 t4_digest_init_sha1 65 libcrypto.so.1.0.0 t4_sha1_multiblock 126 libcrypto.so.1.0.0 t4_digest_update_sha1 261 libcrypto.so.1.0.0 t4_aes128_cbc_encrypt 1432979 libcrypto.so.1.0.0 t4_aes128_load_keys_for_encrypt 1432979 libcrypto.so.1.0.0 t4_cipher_do_aes_128_cbc 1432979 t-4 # dtrace -Z -n 'pid$target::*yf*:entry{ @[probemod, probefunc] = count();}   pid$target::*yf*:entry,pid$target::*t4_*:entry{ @[probemod, probefunc] = count();}' \ -c "/usr/bin/openssl speed -engine pkcs11 -evp aes-128-cbc" dtrace: description 'pid$target::*yf*:entry' matched 101 probes engine "pkcs11" set. . . . dtrace: pid 2033 has exited libcrypto.so.1.0.0 ENGINE_load_t4 1 libcrypto.so.1.0.0 t4_DH 1 libcrypto.so.1.0.0 t4_DSA 1 libcrypto.so.1.0.0 t4_RSA 1 libcrypto.so.1.0.0 t4_destroy 1 libcrypto.so.1.0.0 t4_free_aes_ctr_NIDs 1 libcrypto.so.1.0.0 t4_get_all_ciphers 1 libcrypto.so.1.0.0 t4_get_all_digests 1 libsoftcrypto.so.1 rijndael_key_setup_enc_yf 1 libsoftcrypto.so.1 yf_aes_expand128 1 libcrypto.so.1.0.0 t4_add_NID 3 libsoftcrypto.so.1 yf_aes128_cbc_encrypt 1542330 libsoftcrypto.so.1 yf_aes128_load_keys_for_encrypt 1542330 So, as shown above the OpenSSL built-in t4 engine executes t4_* functions (which are hand-coded assembly executing the T4 AES instructions) and the OpenSSL pkcs11 engine executes *yf* functions. Programmatic Use of OpenSSL T4 engine The OpenSSL t4 engine is used automatically with the /usr/bin/openssl command line. Chi-Chang Lin also points out that if you're calling the OpenSSL API (libcrypto.so) from a program, you must call ENGINE_load_built_engines(), otherwise the built-in t4 engine will not be loaded. You do not call ENGINE_set_default(). That's because "openssl speed -evp" test calls ENGINE_load_built_engines() even though the "-engine" option wasn't specified. OpenSSL T4 engine Availability The OpenSSL t4 engine is available with Solaris 11 and 11.1. For Solaris 10 08/11 (U10), you need to use the OpenSSL pkcs311 engine. The OpenSSL t4 engine is distributed only with the version of OpenSSL distributed with Solaris (and not third-party or self-compiled versions of OpenSSL). The OpenSSL engine implements the AES cipher for Solaris 11, released 11/2011. For Solaris 11.1, released 11/2012, the OpenSSL engine adds optimization for the MD5, SHA-1, and SHA-2 hash algorithms, and DES-3. Although the T4 processor has Camillia and Kasumi block cipher instructions, these are not implemented in the OpenSSL T4 engine. The following charts may help view availability of optimizations. The first chart shows what's available with Solaris CLIs and APIs, the second chart shows what's available in Solaris OpenSSL. Native Solaris Optimization for SPARC T4 This table is shows Solaris native CLI and API support. As such, they are all available with the OpenSSL pkcs11 engine. CLIs: "openssl -engine pkcs11", encrypt(1), decrypt(1), mac(1), digest(1), MD5sum(1), SHA1sum(1), SHA224sum(1), SHA256sum(1), SHA384sum(1), SHA512sum(1) APIs: PKCS#11 library libpkcs11(3LIB) (incluDES Openssl pkcs11 engine), libMD(3LIB), and Solaris kernel modules AlgorithmSolaris 1008/11 (U10)Solaris 11Solaris 11.1 AES-ECB, AES-CBC, AES-CTR, AES-CBC AES-CFB128 XXX DES3-ECB, DES3-CBC, DES2-ECB, DES2-CBC, DES-ECB, DES-CBC XXX bignum Montgomery multiply (RSA, DSA) XXX MD5, SHA-1, SHA-256, SHA-384, SHA-512 XXX SHA-224 X ARCFOUR (RC4) X Solaris OpenSSL T4 Engine Optimization This table is for the Solaris OpenSSL built-in t4 engine. Algorithms listed above are also available through the OpenSSL pkcs11 engine. CLI: openssl(1openssl) APIs: openssl(5), engine(3openssl), evp(3openssl), libcrypto crypto(3openssl) AlgorithmSolaris 11Solaris 11SRU2Solaris 11.1 AES-ECB, AES-CBC, AES-CTR, AES-CBC AES-CFB128 XXX DES3-ECB, DES3-CBC, DES-ECB, DES-CBC X bignum Montgomery multiply (RSA, DSA) X MD5, SHA-1, SHA-256, SHA-384, SHA-512 XX SHA-224 X Source Code Availability Solaris Most of the T4 assembly code that called the new T4 crypto instructions was written by Ferenc Rákóczi of the Solaris Security group, with assistance from others. You can download the Solaris source for this and other parts of Solaris as a few zip files at the Oracle Download website. The relevant source files are generally under directories usr/src/common/crypto/{aes,arcfour,des,md5,modes,sha1,sha2}}/sun4v/. and usr/src/common/bignum/sun4v/. Solaris 11 binary is available from the Oracle Solaris 11 download website. OpenSSL t4 engine The source for the OpenSSL t4 engine, which is based on the Solaris source above, is viewable through the OpenGrok source code browser in directory src/components/openssl/openssl-1.0.0/engines/t4 . You can download the source from the same website or through Mercurial source code management, hg(1). Conclusion Oracle Solaris with SPARC T4 provides a rich set of accelerated cryptographic and hash algorithms. Using the latest update, Solaris 11.1, provides the best set of optimized algorithms, but alternatives are often available, sometimes slightly slower, for releases back to Solaris 10 08/11 (U10). Reference See also these earlier blogs. SPARC T4 OpenSSL Engine by myself, Dan Anderson (2011), discusses the Openssl T4 engine and reviews the SPARC T4 processor for the Solaris 11 release. Exciting Crypto Advances with the T4 processor and Oracle Solaris 11 by Valerie Fenwick (2011) discusses crypto algorithms that were optimized for the T4 processor with the Solaris 11 FCS (11/11) and Solaris 10 08/11 (U10) release. T4 Crypto Cheat Sheet by Stefan Hinker (2012) discusses how to make T4 crypto optimization available to various consumers (such as SSH, Java, OpenSSL, Apache, etc.) High Performance Security For Oracle Database and Fusion Middleware Applications using SPARC T4 (PDF, 2012) discusses SPARC T4 and its usage to optimize application security. Configuring Oracle iPlanet WebServer / Oracle Traffic Director to use crypto accelerators on T4-1 servers by Meena Vyas (2012)

    Read the article

  • Does the openssl command line do key strengthening?

    - by chotchki
    If I run the openssl command line in hmac mode (as below), is the key used for the hmac used directly or is it hashed before using it as the key? echo "foo" | openssl dgst -sha256 -binary -hmac "test" | openssl base64 Similarly, when encrypting a file with openssl (as below)is the pass phrase hashed with the salt? (If so how is it done? A pointer to the right source file would be even better.) openssl enc -salt

    Read the article

  • OpenSSL support for Ruby: "Cipher is not a module (TypeError)"

    - by smotchkkiss
    The Problem Our systems admin needed to upgrade the packages on our CentOS 5.4 dev server to match the packages on our production server. The upgrade affected ruby and/or openssl. We run a Ruby on Rails issue tracking system called Redmine that is deployed with Passenger on Apache. Everything worked before the server update, but when trying to access the ticket system now, I get the following error: Error message: Cipher is not a module Exception class: TypeError Application root: /home/dev/rails/redmine-0.8.7 I've been trying so hard to fix this problem but I can't seem to beat it. I have tried following this guide: http://iamclovin.posterous.com/how-to-solve-the-cipher-is-not-a-module-error When I try require 'openssl' in IRB, I do see a true return value. However, I'm still seeing the Cipher.rb is not a module TypeError when accessing the ticket system. Possibly (probably) related: I've tried updating Passenger, but when I try passenger-install-apache2-module I see: Checking for required software... * GNU C++ compiler... found at /usr/bin/g++ * Ruby development headers... found * OpenSSL support for Ruby... /usr/lib/ruby/1.8/openssl/cipher.rb:22: Cipher is not a module (TypeError) Any help?

    Read the article

  • openSSL tutorial not fully working - Can sign but cannot restore original file

    - by djechelon
    I'm writing, and testing, a little tutorial for my groupmates involved in an openSSL homework. We have a bunch of PDF files, I'm the CA and each one should send me a signed PDF for me to be verified. I've told them to do the following (and tried to do it by myself) Request and obtain a certificate (I'll skip this part) Create a MIME message with the PDF file in it makemime -c "text/pdf" -a "Content-Disposition: attachment; filename=”Elaborato.pdf" Elaborato.pdf > Elaborato.pdf.msg Sign with openSSL openssl smime -sign -in Elaborato.pdf.msg -out Elaborato.pdf.p7m -certfile ca.pem -certfile nomegruppo.crt -inkey nomegruppo.key -signer nomegruppo.crt Verify with openssl smime -verify -in Elaborato.pdf.p7m -out Elaborato-verified.msg -CAfile ca.pem -signer nomegruppo.crt Extract attachment with munpack Elaborato-verified.msg View with Acrobat Reader The problem is that even if I get a file that (from its binary content) resembles a PDF file my current Ubuntu PDF viewer doesn't read it. The XXXElaborato.pdf extracted by munpack is a little bit smaller than the original. What's the problem with this procedure? In theory, they should send me the signed S/MIME message and I should be able to read the PDF within it. Why can't I restore the original content of the PDF file?

    Read the article

  • Reconfiguring PHP with OpenSSL Extension on CentOS

    - by Evan
    Hi Guys - Long time browser, first time poster! I have a CentOS Dedicated server running just fine. I'm trying to reconfigure PHP to include the OpenSSL extensions so I can use some of the Youtube API's. I installed OpenSSL with yum, so it's in place on the server. I'm just now having trouble getting PHP to use it as an extension. I got the latest PHP tarball, untarred, set my configure string (./configure) using the proper parameter for openssl (--with-openssl=/usr) and it checked out just fine. I ran Make, then Make Install. I am getting hung up here. After it makes the PEAR config file it seems to quit. I guess I'm not sure, but it seems like there is a LOT more that should be happening. Here is a screenshot: http://www.evanfell.com/screencaps/6iamks.png Restarting apache shows no change to the PHP running on the server. Is there are PEAR issue killing the Install process? Or is there an other issue? Thanks In Advance. Happy to clarify and provide more info.

    Read the article

  • SSL connection hangs as client hello (curl, openssl client, apt-get, wget, everything)

    - by Niklas B
    Hi, I've run into a problem on my Debian VPS (a xen domU) regarding SSL. Namely almost all SSL connections hangs at client hello. For example: # curl -vI https://graph.facebook.com About to connect() to graph.facebook.com port 443 (#0) Trying 66.220.146.48... connected Connected to graph.facebook.com (66.220.146.48) port 443 (#0) successfully set certificate verify locations: CAfile: none CApath: /etc/ssl/certs SSLv3, TLS handshake, Client hello (1): It's the same when using the openssl client. However, some of the SSL traffic works (for example https://www.nordea.se). Server #uname -a Linux server.com 2.6.26-1-xen-amd64 #1 SMP Fri Mar 13 21:39:38 UTC 2009 x86_64 GNU/Linux It does however work on my Dom 0 (the main xen host). Apt-get I can't even run apt-get update with the debian security sources (hangs on reading headers) Open SSL At the begining I thought I had an old openssl client (0.9.8o-4) since I appeared to have a newer on the Dom 0 (0.9.8g-15+lenny8) but doing a manuanl update on the openssl deb didn't help. Open SSL Client This is the full output of when the openssl client hangs: http://pastebin.com/PAjwMap9 Closing thoughts I've Googled the crap out of this, and I'm not getting any further. I've seen problems with curl, apt-get etc. but they are all specific relating to the very application - not general for the system. Any thoughts?

    Read the article

  • OpenSSL force client to use specific protocol

    - by Ex Umbris
    When subversion attempts to connect to an https URL, the underlying protocol library (openssl) attempts to start the secure protocol negotiation at the most basic level, plain SSL. Unfortunately, I have to connect to a server that requires SSL3 or TLS1, and refuses to respond to SSL or SSL2. I’ve done some troubleshooting using s_client and confirmed that if I let s_client start with the default protocol the server never responds to the CLIENT HELLO: $ openssl s_client -connect server.domain.com:443 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 320 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Watching this in Wireshark I see: Client Server -------syn----------> <------ack----------- ---CLIENT HELLO-----> <------ack----------- [60 second pause] <------rst----------- If I tell s_client to use ssl2 the server immediately closes the connection. Only ssl3 and tls1 work. Is there any way to configure openssl to skip SSL and SSL2, and start the negotiation with TLS or SSL3? I've found the OpenSSL config file, but that seems to control only certificate generation.

    Read the article

  • Generate a certificate with Openssl and import the same certificate using keytool

    - by Safari
    I have a question about the SSL during the use of CAS in LIferay. I have generate the certificate using Openssl (I flollowed this tutorial) on my CAS Server and now I would to import the certificate using keytool on the Liferay machine. To import the certificate with keytool I use this command: keytool -import -alias tomcatLiferay -file /myopensslcertificate.crt But when I import the .crt certificate file and I check the CAS connection I get the message: SSL Error. IF I try to generate the certificate using keytool (keytool -genkey...) on the CAS server end I import this certificate using keytool -import .... I can connect to the CAS server and I not see any errors... I think that I use a wrong way to generate the certificate with openssl or a wrong way to import the certificate (generated with openssl) with keytool.

    Read the article

  • Upgrading OpenSSL in CentOS 5.3

    - by Lin
    I want to use one IP to host many domains with individual SSL certificates (requires SNI). In CentOS 5.3, the latest version of OpenSSL I can find an RPM for is 0.9.8e, which does not support SNI. I want to upgrade to 0.9.8k but I can't find an RPM. I could compile from source, but if I try to remove the existing OpenSSL package through yum, it wants me to remove all packages that depend on OpenSSL (100+ packages). EDIT: I ended up installing 0.9.8k without overwriting the previous version. Now I both avoid breaking dependencies and can use SNI. Was this the best action?

    Read the article

  • I keep getting OpenSSL Header Version not found error when compiling OpenSSH Debian Squeeze

    - by Romoku
    I built Openssl1.0.0d ./config shared no-threads zlib It installed fine to the default /usr/local/ssl I went and downloaded OpenSSH 5.8p2 and ran ./configure but now it keeps giving me a Openssl version header not found error even when I set --with-ssl-dir= I've tried it with arguments /usr/local/ssl/include /usr/local/ssl/include/openssl /usr/include /usr/local/ssl/lib I looked in config.log and found error: openssl/opensslv.h: no such file or directory which makes little sense since I pointed openssh to where it is store. /etc/ld.so.conf include /usr/local/ssl/lib I'm at a loss at this point. Answer (maybe): Because I am an idiot. include /usr/local/ssl/lib is incorrect. /usr/local/ssl/lib is correct. It needs to be before the first include.

    Read the article

  • Enabling openssl With PHP/nginx

    - by reefine
    I'm getting the following error when trying to connect to SMTP + SSL through PHP using nginx + PHP 5, Could not connect to smtp host 'ssl://smtp.gmail.com' (5) (Unable to find the socket transport "ssl" - did you forget to enable it when you configured PHP?) In phpinfo I see: OpenSSL support disabled (install ext/openssl) This leads me to believe I've installed OpenSSL incorrectly. I've read a bunch of places where I should uncomment the following line: extension = php_openssl.dll This line does not exist so I added it to the end of my php.ini to no avail. The php_openssl.dll file does not exist anywhere on my server.

    Read the article

  • Tutorial on Using OpenSSL with pthreads

    - by Sadeq Dousti
    OpenSSL documents state that it can safely be used in multi-threaded applications provided that at least two callback functions are set, locking_function and threadid_func.... I've written programs which use OpenSSL API. Moreover, I know how to use pthreads. However, the OpenSSL documents are written in the form of a manual, and I can't see a step-by-step guide on what I have to do when using OpenSSL in a multi-threaded app. Is there a tutorial on using OpenSSL with pthreads? (I searched the web, but no satisfactory result appeared.) PS: I'm working in Debian Lenny & Ubuntu Lucid/Maverick. PS2: OpenSSL includes a sample, but it's far too complicated to start with.

    Read the article

  • OpenSSL not listed under PHP modules but shows up in the configure command

    - by Lauren
    PHP 5.2.12 OS X 10.5.8 If I compile PHP from source with the following configure command ./configure --disable-all --with-openssl=shared,/opt/local it succeeds. However, after a make and make install, php -m does not list the openssl module. Based on what I've read, I think it may be due to multiple installs of the openssl library. Installing the latest version of openssl from source and trying to specify the path in the configure command, --with-openssl=/usr/local, always results in the following error: Undefined symbols: "_EVP_CIPHER_CTX_block_size", referenced from: _zif_openssl_seal in openssl.o ld: symbol(s) not found collect2: ld returned 1 exit status make: *** [sapi/cgi/php-cgi] Error 1 I've tried a few different variations on the path with no luck. Based on http://blog.yimingliu.com/2009/02/24/missing-library-symbols-while-compiling-php-528/, I've also tried editing the Makefile so that MH_BUNDLE_FLAGS comes later in the compilation line. After spending a good portion of the day on this issue, I'm at a loss. Any suggestions?

    Read the article

  • what does "openssl FIPS mode(0) unavailable" mean?

    - by fisherman
    I compiled and installed strongswan ipsec vpn successfully, as demonstrated by the fact that the service starts successfully: as3:~# ipsec restart Stopping strongSwan IPsec... Starting strongSwan 5.0.4 IPsec [starter]... as3:~# When I run command ipsec pki --gen --outform pem > caKey.pem I see the error: as3:~# ipsec pki --gen --outform pem > caKey.pem openssl FIPS mode(0) unavailable as3:~# What does "openssl FIPS mode(0) unavailable" mean? How to fix it?

    Read the article

  • Sign an OpenSSL .CSR with Microsoft Certificate Authority

    - by kce
    I'm in the process of building a Debian FreeRadius server that does 802.1x authentication for domain members. I would like to sign my radius server's SSL certificate (used for EAP-TLS) and leverage the domain's existing PKI. The radius server is joined to domain via Samba and has a machine account as displayed in Active Directory Users and Computers. The domain controller I'm trying to sign my radius server's key against does not have IIS installed so I can't use the preferred Certsrv webpage to generate the certificate. The MMC tools won't work as it can't access the certificate stores on the radius server because they don't exist. This leaves the certreq.exe utility. I'm generating my .CSR with the following command: openssl req -nodes -newkey rsa:1024 -keyout server.key -out server.csr The resulting .CSR: ******@mis-ke-lnx:~/G$ openssl req -text -noout -in mis-radius-lnx.csr Certificate Request: Data: Version: 0 (0x0) Subject: C=US, ST=Alaska, L=CITY, O=ORG, OU=DEPT, CN=ME/emailAddress=MYEMAIL Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:a8:b3:0d:4b:3f:fa:a4:5f:78:0c:24:24:23:ac: cf:c5:28:af:af:a2:9b:07:23:67:4c:77:b5:e8:8a: 08:2e:c5:a3:37:e1:05:53:41:f3:4b:e1:56:44:d2: 27:c6:90:df:ae:3b:79:e4:20:c2:e4:d1:3e:22:df: 03:60:08:b7:f0:6b:39:4d:b4:5e:15:f7:1d:90:e8: 46:10:28:38:6a:62:c2:39:80:5a:92:73:37:85:37: d3:3e:57:55:b8:93:a3:43:ac:2b:de:0f:f8:ab:44: 13:8e:48:29:d7:8d:ce:e2:1d:2a:b7:2b:9d:88:ea: 79:64:3f:9a:7b:90:13:87:63 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha1WithRSAEncryption 35:57:3a:ec:82:fc:0a:8b:90:9a:11:6b:56:e7:a8:e4:91:df: 73:1a:59:d6:5f:90:07:83:46:aa:55:54:1c:f9:28:3e:a6:42: 48:0d:6b:da:58:e4:f5:7f:81:ee:e2:66:71:78:85:bd:7f:6d: 02:b6:9c:32:ad:fa:1f:53:0a:b4:38:25:65:c2:e4:37:00:16: 53:d2:da:f2:ad:cb:92:2b:58:15:f4:ea:02:1c:a3:1c:1f:59: 4b:0f:6c:53:70:ef:47:60:b6:87:c7:2c:39:85:d8:54:84:a1: b4:67:f0:d3:32:f4:8e:b3:76:04:a8:65:48:58:ad:3a:d2:c9: 3d:63 I'm trying to submit my certificate using the following certreq.exe command: certreq -submit -attrib "CertificateTemplate:Machine" server.csr I receive the following error upon doing so: RequestId: 601 Certificate not issued (Denied) Denied by Policy Module The DNS name is unavailable and cannot be added to the Subject Alternate name. 0x8009480f (-2146875377) Certificate Request Processor: The DNS name is unavailable and cannot be added to the Subject Alternate name. 0x8009480f (-2146875377) Denied by Policy Module My certificate authority has the following certificate templates available. If I try to submit by certreq.exe using "CertificiateTemplate:Computer" instead of "CertificateTemplate:Machine" I get an error reporting that "the requested certificate template is not supported by this CA." My google-foo has failed me so far on trying to understand this error... I feel like this should be a relatively simple task as X.509 is X.509 and OpenSSL generates the .CSRs in the required PKCS10 format. I can't be only one out there trying to sign a OpenSSL generated key on a Linux box with a Windows Certificate Authority, so how do I do this (perferably using the off-line certreq.exe tool)?

    Read the article

  • generate sha256 with openssl and C++

    - by Stanislav Palatnik
    Hello, I'm looking to create a hash with sha256 using openssl and C++. I know there's a similar post about this here: http://stackoverflow.com/questions/918676/generate-sha-hash-in-openssl, but I'm looking to specifically create sha256. UPDATE: Seems to be a problem witht he include paths. It can't find any openssl functions even though I included #include "openssl/sha.h" and I included the paths in my build -I/opt/ssl/include/ -L/opt/ssl/lib/ -lcrypto

    Read the article

  • Is there a current OpenSSL book?

    - by Martin
    Does anyone know of a more recent OpenSSL book than "Network Security with OpenSSL: Cryptography for Secure Communications" (http://www.opensslbook.com/)? It is from 2002 and does not cover OpenSSL version 0.97+. Best would be a book for OpenSSL 1.0.0 but I guess that one is too recent.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >