[Net-ssleay-devel] Re: Net::SSLeay & CRL's

Mike McCauley mikem at open.com.au
Wed Jan 11 21:26:54 UTC 2006 

On Thursday 12 January 2006 01:21, Eric Nichols wrote:
> Hi Mike,
> Sorry for the delay I've been sick.  I cleared out all the old dll's and
> installed both the ppm and openssl.  Rebooted.  Still get the crash..
>
> I'm trying this against an Active Directory LDAP server port 636.  I am
> using Active State's perl 5.8.6
>
> Attached is the code I used.

You are still using the broken version of your ssleay.pl code. It has a bug in 
it which causes the crash. I sent you a fixed version as attachment in my 
last reply, and here it is again. Please use it, not your old version of 
ssleay.pl

Please make sure you include the public mailing list as CC in our 
correspondence, then others can benefit as well.

Cheers.

>
> My ultimate goal is to get this to work with Net::LDAPS which in turn uses
> IO::Socket::SSL..
> Many thanks for the assistance
> Eric
>
> On Thu, January 5, 2006 6:17 pm, Mike McCauley wrote:
> > Hello Eric,
> >
> > You and others may like to know that there is a precompiled version of
> > net_ssleay for Windows ActivePerl 5.6 and 5.8 PPM, built for shininglight
> > openssl 0.9.7i on our web site.
> >
> > See our FAQ item http://www.open.com.au/radiator/faq.html#141
> >
> > Cheers.
> >
> > On Friday 06 January 2006 08:53, Eric Nichols wrote:
> >> Many,Many,Many,Many,Many....
> >> Thanks
> >> I'll grab the binary and give it a run!
> >> Thanks
> >> Eric
> >>
> >> On Thu, January 5, 2006 5:50 pm, Mike McCauley wrote:
> >> > Hello Eric,
> >> >
> >> > On Friday 06 January 2006 02:05, Eric Nichols wrote:
> >> >> Hi Mike,
> >> >> Attached is the code I was playing with.  If you can make it work
> >> >> then I know it's my openssl binaries.  What version of perl are you
> >> >> running?
> >> >
> >> > There was an error in your code in the way it called
> >> > CTX_get_cert_store and X509_STORE_set_flags. You should have used:
> >> >
> >> > &Net::SSLeay::X509_STORE_set_flags(&Net::SSLeay::CTX_get_cert_store($c
> >> >tx) ,&Net::SSLeay::X509_V_FLAG_CRL_CHECK);
> >> >
> >> > I have attached a working version of your code. Works fine here on
> >> > Linux, openssl 0.9.8a and Windows with openssl 0.9.7i.
> >> >
> >> > [mikem at zulu tmp]$ perl ssleay.pl www.open.com.au 443 test
> >> > Cipher `EDH-RSA-DES-CBC3-SHA'
> >> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> >> > <HTML><HEAD>
> >> > <TITLE>501 Method Not Implemented</TITLE>
> >> > </HEAD><BODY>
> >> > <H1>Method Not Implemented</H1>
> >> > test to /index.html not supported.<P>
> >> > Invalid method in request test<P>
> >> > <HR>
> >> > <ADDRESS>Apache/1.3.27 Server at www.open.com.au Port 443</ADDRESS>
> >> > </BODY></HTML>
> >> >
> >> > Cheers.
> >> >
> >> >> Thanks
> >> >> E.
> >> >>
> >> >> On Tue, January 3, 2006 7:51 pm, Mike McCauley wrote:
> >> >> > Hello Eric,
> >> >> >
> >> >> > Perhaps if you will post the code that is not working correctly, I
> >> >> > will be able to reproduce the problem.
> >> >> >
> >> >> > BTW, we use OpenSSL 0.9.7i on Windows here (binaries from
> >> >> > shininglighthttp://www.shininglightpro.com/products/Win32OpenSSL.ht
> >> >> >ml) . Our code works fine with CRLs here.
> >> >> >
> >> >> > I have a vague recollection that there were problems with CRLs in
> >> >> > some earlier versions of 0.9.7, so you may want to try a more
> >> >> > recent openssl with your net_ssleay.
> >> >> >
> >> >> > Cheers.
> >> >> >
> >> >> > On Wednesday 04 January 2006 00:09, Eric Nichols wrote:
> >> >> >> Good morning and happy new year!
> >> >> >> I realise with the holidays everything slows down.  My new years
> >> >> >> resolution is to get CRL's working.  Any thoughts?
> >> >> >>
> >> >> >> On Wed, December 21, 2005 8:54 am, Eric Nichols wrote:
> >> >> >> > Ok I'll try my best to get you what you need. Attached is the
> >> >> >> > code I am using. I set the Trace to 2 and ran it.  No output
> >> >> >> > except the windows popup saying that perl crashed.  I do not
> >> >> >> > know how to perform a back trace on perl. Believe me I'd rather
> >> >> >> > be doing this in Linux but I'm forced to use Windows.
> >> >> >> >
> >> >> >> > I would be more than happy to setup a test envrionment to let
> >> >> >> > developers VNC in and try some things.
> >> >> >> >
> >> >> >> > Many thanks for all the help and assistance.
> >> >> >> > Eric
> >> >> >> >
> >> >> >> > On Tue, December 20, 2005 11:48 pm, Florian Ragwitz wrote:
> >> >> >> >> I'm taking this discussion to our development mailinglist.
> >> >> >> >> Please continue there.
> >> >> >> >>
> >> >> >> >> On Wed, Dec 21, 2005 at 03:40:27AM +0000, Eric Nichols wrote:
> >> >> >> >>> I need a bit of education here.  I am using Windows Active
> >> >> >> >>> State Perl 5.8.6 with Net::SSLeay 1.26 & OpenSSL 0.9.7b.
> >> >> >> >>
> >> >> >> >> I don't own a windows box, so I fear I can't help you much. But
> >> >> >> >> I'll give a try.
> >> >> >> >>
> >> >> >> >>> I used your example code to connect to a server.
> >> >> >> >>
> >> >> >> >> Which example code? Please send it to us.
> >> >> >> >>
> >> >> >> >>> When I inserted the code to do the CRL check, perl crashed.
> >> >> >> >>
> >> >> >> >> We'd also like to see this code. Maybe you simply didn't use
> >> >> >> >> Net::SSLeay the right way and that crash is avoidable.
> >> >> >> >>
> >> >> >> >> But beside that a perl crash is a bug and should be fixed.
> >> >> >> >>
> >> >> >> >>> Does this functionality work or is there a patch available to
> >> >> >> >>> fix this?
> >> >> >> >>
> >> >> >> >> I don't even know what the problem is so I can't tell you how
> >> >> >> >> to fix it.
> >> >> >> >>
> >> >> >> >>> I'm not sure what other info I can offer to help, the crash
> >> >> >> >>> doesn't give me much to go on.  Thanks Eric
> >> >> >> >>
> >> >> >> >> Please send me some more debugging information. For example the
> >> >> >> >> trace output of Net::SSLeay and a backtrace of the crashed perl
> >> >> >> >> interpreter.
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> Regards,
> >> >> >> >> Flo
> >> >> >> >>
> >> >> >> >> --
> >> >> >> >> BOFH excuse #144:
> >> >> >> >> Too few computrons available.
> >> >> >> >
> >> >> >> > _______________________________________________
> >> >> >> > Net-ssleay-devel mailing list
> >> >> >> > Net-ssleay-devel at lists.alioth.debian.org
> >> >> >> > http://lists.alioth.debian.org/mailman/listinfo/net-ssleay-devel
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> Net-ssleay-devel mailing list
> >> >> >> Net-ssleay-devel at lists.alioth.debian.org
> >> >> >> http://lists.alioth.debian.org/mailman/listinfo/net-ssleay-devel
> >> >> >
> >> >> > --
> >> >> > Mike McCauley                               mikem at open.com.au
> >> >> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,
> >> >> > WWW 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> >> >> > http://www.open.com.au Phone +61 7 5598-7474                      
> >> >> > Fax +61 7 5598-7070
> >> >> >
> >> >> > Radiator: the most portable, flexible and configurable RADIUS
> >> >> > server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
> >> >> > Emerald, Platypus, Freeside, TACACS+, PAM, external, Active
> >> >> > Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS,
> >> >> > NetWare etc.
> >> >
> >> > --
> >> > Mike McCauley                               mikem at open.com.au
> >> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,
> >> > WWW 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> >> > http://www.open.com.au Phone +61 7 5598-7474                       Fax
> >> > +61 7 5598-7070
> >> >
> >> > Radiator: the most portable, flexible and configurable RADIUS server
> >> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> >> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> >> > TLS, TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
> >
> > --
> > Mike McCauley                               mikem at open.com.au
> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia  
> > http://www.open.com.au Phone +61 7 5598-7474                       Fax  
> > +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssleay.pl
Type: application/x-perl
Size: 1767 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/net-ssleay-devel/attachments/20060112/7246796a/ssleay.bin

More information about the Net-ssleay-devel mailing list