[Net-ssleay-devel] Re: Net::SSLeay & CRL's

Eric Nichols eric at dirwiz.com
Wed Jan 11 21:57:07 UTC 2006 

You are absolutely right.  I got it all confused.  I'll retry your code and
see how things go.
Thanks
Mike.

On Wed, January 11, 2006 4:26 pm, Mike McCauley wrote:
> On Thursday 12 January 2006 01:21, Eric Nichols wrote:
>> Hi Mike,
>> Sorry for the delay I've been sick.  I cleared out all the old dll's and
>> installed both the ppm and openssl.  Rebooted.  Still get the crash..
>>
>> I'm trying this against an Active Directory LDAP server port 636.  I am
>> using Active State's perl 5.8.6
>>
>> Attached is the code I used.
>
> You are still using the broken version of your ssleay.pl code. It has a bug in
> it which causes the crash. I sent you a fixed version as attachment in my
> last reply, and here it is again. Please use it, not your old version of
> ssleay.pl
>
> Please make sure you include the public mailing list as CC in our
> correspondence, then others can benefit as well.
>
> Cheers.
>
>>
>> My ultimate goal is to get this to work with Net::LDAPS which in turn uses
>> IO::Socket::SSL..
>> Many thanks for the assistance
>> Eric
>>
>> On Thu, January 5, 2006 6:17 pm, Mike McCauley wrote:
>> > Hello Eric,
>> >
>> > You and others may like to know that there is a precompiled version of
>> > net_ssleay for Windows ActivePerl 5.6 and 5.8 PPM, built for shininglight
>> > openssl 0.9.7i on our web site.
>> >
>> > See our FAQ item http://www.open.com.au/radiator/faq.html#141
>> >
>> > Cheers.
>> >
>> > On Friday 06 January 2006 08:53, Eric Nichols wrote:
>> >> Many,Many,Many,Many,Many....
>> >> Thanks
>> >> I'll grab the binary and give it a run!
>> >> Thanks
>> >> Eric
>> >>
>> >> On Thu, January 5, 2006 5:50 pm, Mike McCauley wrote:
>> >> > Hello Eric,
>> >> >
>> >> > On Friday 06 January 2006 02:05, Eric Nichols wrote:
>> >> >> Hi Mike,
>> >> >> Attached is the code I was playing with.  If you can make it work
>> >> >> then I know it's my openssl binaries.  What version of perl are you
>> >> >> running?
>> >> >
>> >> > There was an error in your code in the way it called
>> >> > CTX_get_cert_store and X509_STORE_set_flags. You should have used:
>> >> >
>> >> > &Net::SSLeay::X509_STORE_set_flags(&Net::SSLeay::CTX_get_cert_store($c
>> >> >tx) ,&Net::SSLeay::X509_V_FLAG_CRL_CHECK);
>> >> >
>> >> > I have attached a working version of your code. Works fine here on
>> >> > Linux, openssl 0.9.8a and Windows with openssl 0.9.7i.
>> >> >
>> >> > [mikem at zulu tmp]$ perl ssleay.pl www.open.com.au 443 test
>> >> > Cipher `EDH-RSA-DES-CBC3-SHA'
>> >> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>> >> > <HTML><HEAD>
>> >> > <TITLE>501 Method Not Implemented</TITLE>
>> >> > </HEAD><BODY>
>> >> > <H1>Method Not Implemented</H1>
>> >> > test to /index.html not supported.<P>
>> >> > Invalid method in request test<P>
>> >> > <HR>
>> >> > <ADDRESS>Apache/1.3.27 Server at www.open.com.au Port 443</ADDRESS>
>> >> > </BODY></HTML>
>> >> >
>> >> > Cheers.
>> >> >
>> >> >> Thanks
>> >> >> E.
>> >> >>
>> >> >> On Tue, January 3, 2006 7:51 pm, Mike McCauley wrote:
>> >> >> > Hello Eric,
>> >> >> >
>> >> >> > Perhaps if you will post the code that is not working correctly, I
>> >> >> > will be able to reproduce the problem.
>> >> >> >
>> >> >> > BTW, we use OpenSSL 0.9.7i on Windows here (binaries from
>> >> >> > shininglighthttp://www.shininglightpro.com/products/Win32OpenSSL.ht
>> >> >> >ml) . Our code works fine with CRLs here.
>> >> >> >
>> >> >> > I have a vague recollection that there were problems with CRLs in
>> >> >> > some earlier versions of 0.9.7, so you may want to try a more
>> >> >> > recent openssl with your net_ssleay.
>> >> >> >
>> >> >> > Cheers.
>> >> >> >
>> >> >> > On Wednesday 04 January 2006 00:09, Eric Nichols wrote:
>> >> >> >> Good morning and happy new year!
>> >> >> >> I realise with the holidays everything slows down.  My new years
>> >> >> >> resolution is to get CRL's working.  Any thoughts?
>> >> >> >>
>> >> >> >> On Wed, December 21, 2005 8:54 am, Eric Nichols wrote:
>> >> >> >> > Ok I'll try my best to get you what you need. Attached is the
>> >> >> >> > code I am using. I set the Trace to 2 and ran it.  No output
>> >> >> >> > except the windows popup saying that perl crashed.  I do not
>> >> >> >> > know how to perform a back trace on perl. Believe me I'd rather
>> >> >> >> > be doing this in Linux but I'm forced to use Windows.
>> >> >> >> >
>> >> >> >> > I would be more than happy to setup a test envrionment to let
>> >> >> >> > developers VNC in and try some things.
>> >> >> >> >
>> >> >> >> > Many thanks for all the help and assistance.
>> >> >> >> > Eric
>> >> >> >> >
>> >> >> >> > On Tue, December 20, 2005 11:48 pm, Florian Ragwitz wrote:
>> >> >> >> >> I'm taking this discussion to our development mailinglist.
>> >> >> >> >> Please continue there.
>> >> >> >> >>
>> >> >> >> >> On Wed, Dec 21, 2005 at 03:40:27AM +0000, Eric Nichols wrote:
>> >> >> >> >>> I need a bit of education here.  I am using Windows Active
>> >> >> >> >>> State Perl 5.8.6 with Net::SSLeay 1.26 & OpenSSL 0.9.7b.
>> >> >> >> >>
>> >> >> >> >> I don't own a windows box, so I fear I can't help you much. But
>> >> >> >> >> I'll give a try.
>> >> >> >> >>
>> >> >> >> >>> I used your example code to connect to a server.
>> >> >> >> >>
>> >> >> >> >> Which example code? Please send it to us.
>> >> >> >> >>
>> >> >> >> >>> When I inserted the code to do the CRL check, perl crashed.
>> >> >> >> >>
>> >> >> >> >> We'd also like to see this code. Maybe you simply didn't use
>> >> >> >> >> Net::SSLeay the right way and that crash is avoidable.
>> >> >> >> >>
>> >> >> >> >> But beside that a perl crash is a bug and should be fixed.
>> >> >> >> >>
>> >> >> >> >>> Does this functionality work or is there a patch available to
>> >> >> >> >>> fix this?
>> >> >> >> >>
>> >> >> >> >> I don't even know what the problem is so I can't tell you how
>> >> >> >> >> to fix it.
>> >> >> >> >>
>> >> >> >> >>> I'm not sure what other info I can offer to help, the crash
>> >> >> >> >>> doesn't give me much to go on.  Thanks Eric
>> >> >> >> >>
>> >> >> >> >> Please send me some more debugging information. For example the
>> >> >> >> >> trace output of Net::SSLeay and a backtrace of the crashed perl
>> >> >> >> >> interpreter.
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> Regards,
>> >> >> >> >> Flo
>> >> >> >> >>
>> >> >> >> >> --
>> >> >> >> >> BOFH excuse #144:
>> >> >> >> >> Too few computrons available.
>> >> >> >> >
>> >> >> >> > _______________________________________________
>> >> >> >> > Net-ssleay-devel mailing list
>> >> >> >> > Net-ssleay-devel at lists.alioth.debian.org
>> >> >> >> > http://lists.alioth.debian.org/mailman/listinfo/net-ssleay-devel
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> Net-ssleay-devel mailing list
>> >> >> >> Net-ssleay-devel at lists.alioth.debian.org
>> >> >> >> http://lists.alioth.debian.org/mailman/listinfo/net-ssleay-devel
>> >> >> >
>> >> >> > --
>> >> >> > Mike McCauley                               mikem at open.com.au
>> >> >> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,
>> >> >> > WWW 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>> >> >> > http://www.open.com.au Phone +61 7 5598-7474
>> >> >> > Fax +61 7 5598-7070
>> >> >> >
>> >> >> > Radiator: the most portable, flexible and configurable RADIUS
>> >> >> > server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
>> >> >> > Emerald, Platypus, Freeside, TACACS+, PAM, external, Active
>> >> >> > Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS,
>> >> >> > NetWare etc.
>> >> >
>> >> > --
>> >> > Mike McCauley                               mikem at open.com.au
>> >> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,
>> >> > WWW 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>> >> > http://www.open.com.au Phone +61 7 5598-7474                       Fax
>> >> > +61 7 5598-7070
>> >> >
>> >> > Radiator: the most portable, flexible and configurable RADIUS server
>> >> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> >> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
>> >> > TLS, TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
>> >
>> > --
>> > Mike McCauley                               mikem at open.com.au
>> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
>> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>> > http://www.open.com.au Phone +61 7 5598-7474                       Fax
>> > +61 7 5598-7070
>> >
>> > Radiator: the most portable, flexible and configurable RADIUS server
>> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> > TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
>
> --
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
> Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
>

More information about the Net-ssleay-devel mailing list