From: Xavier M. <xav...@li...> - 2001-06-29 09:16:58
|
Massimiliano Pala wrote: > > Xavier Maysonnave wrote: > > > > Hello All, > > Hi, > > > I try to evaluate OpenCA but I have several problems. > > I have read some posts and I need to ask some questions. > > Let us know... :-D > > [openssl version] > > But this is a problem as I run apache 1.3.20 who need > > mod_ssl-2.8.4-1.3.20, this configuration can't run with the openssl > > available on the openca ftp site. > > You could simply do the following: > > o download the 0.9.6a.tar.gz from openssl > o compile and install it > o compile the mod_ssl and apache > o download the SNAP version of OpenSSL > o compile and install it It is exactly my configuration and In that configuration apache work very well. Apache doesn't want to run If I use the openssl version available on the openca ftp site under the tools directory. Here is the my current libcrypto files. -rw-r--r-- 1 root root 1583298 Jun 28 17:12 /usr/lib/libcrypto.a lrwxrwxrwx 1 root root 14 Jun 28 17:12 /usr/lib/libcrypto.so -> libcrypto.so.0 lrwxrwxrwx 1 root root 18 Jun 28 17:12 /usr/lib/libcrypto.so.0 -> libcrypto.so.0.9.7 -rw-r--r-- 1 root root 900968 Jun 27 11:42 /usr/lib/libcrypto.so.0.9.6 -r-xr-xr-x 1 root root 1087160 Jun 28 17:12 /usr/lib/libcrypto.so.0.9.7 > > This should be fine for you. Let me know. Check after all this that the > openssl command is the SNAP one, try: > > $ openssl > OpenSSL> version > > the result should not be 0.9.6a. it is correct OpenSSL 0.9.7-dev 24 Sep 2000 notice the strange date. -rw-r--r-- 1 root root 2429021 Jun 28 13:52 openssl-SNAP-20010627.tar.gz I have this openssl snapshot. > > > if I use the 0.9.6a : > > > > - I can initialize the database. > > - I can generate a secret key > > - I can't generate a request, the nasty -subj argument > > This command is needed to support correctly pkcs#10 malformed requests > and ie reqs too. > > > - I can initialize the database. > > - I can't generate a secret key. the env:password is not propagated. with the above configuration the env:password is not propagated. here is the source of openssl who is not correct: This program come from the openssl snapshot described above. It comes from apps.c under the apps directory of openssl. below the cb_data test, this program takes the password correctly. As this password can come from stdin, a file or an environment variable. The password is never propagated. After that the ui is called everytime. I have tried to patch the code. like buf = password and res = strlen(buf); but the program crash later. so I am a bit sticked. ********** ********** int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) { UI *ui = NULL; int res = 0; const char *prompt_info = NULL; const char *password = NULL; PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp; if (cb_data) { if (cb_data->password) password = cb_data->password; if (cb_data->prompt_info) prompt_info = cb_data->prompt_info; } ui = UI_new_method(ui_method); if (ui) { int ok = 0; char *buff = NULL; int ui_flags = 0; char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", cb_data->prompt_info); ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); if (ok >= 0) ok = UI_add_input_string(ui,prompt,ui_flags,buf, PW_MIN_LENGTH,BUFSIZ-1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); ok = UI_add_verify_string(ui,prompt,ui_flags,buff, PW_MIN_LENGTH,BUFSIZ-1, buf); } if (ok >= 0) do { ok = UI_process(ui); } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); if (buff) { memset(buff,0,(unsigned int)bufsiz); OPENSSL_free(buff); } if (ok >= 0) res = strlen(buf); if (ok == -1) { BIO_printf(bio_err, "User interface error\n"); ERR_print_errors(bio_err); memset(buf,0,(unsigned int)bufsiz); res = 0; } if (ok == -2) { BIO_printf(bio_err,"aborted!\n"); memset(buf,0,(unsigned int)bufsiz); res = 0; } UI_free(ui); OPENSSL_free(prompt); } return res; } ********** ********** > > are you sure this is the problem ??? I'll check it, anyway on most installation > this gives no problem -- can you post more info on OS/Software and version > used ??? > > -- SuSE 7.1 based linux box. Kernel upgraded to 2.4.4 glibc 2.2-9 (SuSE RPM version). I hope it is clear enough to understand the problem I have. > > C'you, > > Massimiliano Pala > > --o------------------------------------------------------------------------- > Massimiliano Pala [OpenCA Project Manager] ma...@op... > ma...@ha... > http://www.openca.org Tel.: +39 (0)59 270 094 > http://openca.sourceforge.net Mobile: +39 (0)347 7222 365 |