Which openssl.cnf?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Which openssl.cnf?

Eric Raunig
Background:
I have the problem in which there are multiple versions of openssl.cnf on my Linux (Ubuntu 11.04) installation.

I had some problems with the default openssl-0.9.8. So I installed OpenSSL (1.0.0d 8 Feb 2011).

I also have Zend Server CE (+zend framework +mysql etc)  installed which is intended for the local intranet.

The problem is that when attempting to load a secure page: there is no handshake (Firefox: ssl_error_rx_record_too_long)

With regards to openssl:

Is there a command that will show which openssl.cnf that it is reading from?




which_openssl.png (76K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Which openssl.cnf?

Coda Highland
strace will show all of the syscalls executed by the application,
including opening files.

/s/ Adam

On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig <[hidden email]> wrote:

> Background:
> I have the problem in which there are multiple versions of openssl.cnf on my
> Linux (Ubuntu 11.04) installation.
>
> I had some problems with the default openssl-0.9.8. So I installed OpenSSL
> (1.0.0d 8 Feb 2011).
>
> I also have Zend Server CE (+zend framework +mysql etc)  installed which is
> intended for the local intranet.
>
> The problem is that when attempting to load a secure page: there is no
> handshake (Firefox: ssl_error_rx_record_too_long)
>
> With regards to openssl:
>
> Is there a command that will show which openssl.cnf that it is reading from?
>
>
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Which openssl.cnf?

Eric Raunig
I don't know this syntax ie:
# openssl strace
openssl:Error: 'strace' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms              
crl               crl2pkcs7         dgst              dh               
dhparam           dsa               dsaparam          ec               
ecparam           enc               engine            errstr           
gendh             gendsa            genpkey           genrsa           
nseq              ocsp              passwd            pkcs12           
pkcs7             pkcs8             pkey              pkeyparam        
pkeyutl           prime             rand              req              
rsa               rsautl            s_client          s_server         
s_time            sess_id           smime             speed            
spkac             ts                verify            version          
x509             

Message Digest commands (see the `dgst' command for more details)
md4               md5               mdc2              rmd160           
sha               sha1             

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb      
aes-256-cbc       aes-256-ecb       base64            bf               
bf-cbc            bf-cfb            bf-ecb            bf-ofb           
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb 
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc         
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb        
des               des-cbc           des-cfb           des-ecb          
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb      
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb     
des-ofb           des3              desx              idea             
idea-cbc          idea-cfb          idea-ecb          idea-ofb         
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc          
rc2-cfb           rc2-ecb           rc2-ofb           rc4              
rc4-40            seed              seed-cbc          seed-cfb         
seed-ecb          seed-ofb  


On Fri, Aug 12, 2011 at 12:25 PM, Coda Highland <[hidden email]> wrote:
strace will show all of the syscalls executed by the application,
including opening files.

/s/ Adam

On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig <[hidden email]> wrote:
> Background:
> I have the problem in which there are multiple versions of openssl.cnf on my
> Linux (Ubuntu 11.04) installation.
>
> I had some problems with the default openssl-0.9.8. So I installed OpenSSL
> (1.0.0d 8 Feb 2011).
>
> I also have Zend Server CE (+zend framework +mysql etc)  installed which is
> intended for the local intranet.
>
> The problem is that when attempting to load a secure page: there is no
> handshake (Firefox: ssl_error_rx_record_too_long)
>
> With regards to openssl:
>
> Is there a command that will show which openssl.cnf that it is reading from?
>
>
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Which openssl.cnf?

Michael S. Zick-4
On Fri August 12 2011, Eric Raunig wrote:
> I don't know this syntax ie:
> # openssl strace
> openssl:Error: 'strace' is an invalid command.
>
Try these instead:
man strace
strace --help
strace openssl ...whatever...

Mike

> Standard commands
> asn1parse         ca                ciphers           cms
> crl               crl2pkcs7         dgst              dh
> dhparam           dsa               dsaparam          ec
> ecparam           enc               engine            errstr
> gendh             gendsa            genpkey           genrsa
> nseq              ocsp              passwd            pkcs12
> pkcs7             pkcs8             pkey              pkeyparam
> pkeyutl           prime             rand              req
> rsa               rsautl            s_client          s_server
> s_time            sess_id           smime             speed
> spkac             ts                verify            version
> x509
>
> Message Digest commands (see the `dgst' command for more details)
> md4               md5               mdc2              rmd160
> sha               sha1
>
> Cipher commands (see the `enc' command for more details)
> aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb
> aes-256-cbc       aes-256-ecb       base64            bf
> bf-cbc            bf-cfb            bf-ecb            bf-ofb
> camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb
> camellia-256-cbc  camellia-256-ecb  cast              cast-cbc
> cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb
> des               des-cbc           des-cfb           des-ecb
> des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb
> des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb
> des-ofb           des3              desx              idea
> idea-cbc          idea-cfb          idea-ecb          idea-ofb
> rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc
> rc2-cfb           rc2-ecb           rc2-ofb           rc4
> rc4-40            seed              seed-cbc          seed-cfb
> seed-ecb          seed-ofb
>
>
> On Fri, Aug 12, 2011 at 12:25 PM, Coda Highland <[hidden email]> wrote:
>
> > strace will show all of the syscalls executed by the application,
> > including opening files.
> >
> > /s/ Adam
> >
> > On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig <[hidden email]> wrote:
> > > Background:
> > > I have the problem in which there are multiple versions of openssl.cnf on
> > my
> > > Linux (Ubuntu 11.04) installation.
> > >
> > > I had some problems with the default openssl-0.9.8. So I installed
> > OpenSSL
> > > (1.0.0d 8 Feb 2011).
> > >
> > > I also have Zend Server CE (+zend framework +mysql etc)  installed which
> > is
> > > intended for the local intranet.
> > >
> > > The problem is that when attempting to load a secure page: there is no
> > > handshake (Firefox: ssl_error_rx_record_too_long)
> > >
> > > With regards to openssl:
> > >
> > > Is there a command that will show which openssl.cnf that it is reading
> > from?
> > >
> > >
> > >
> > >
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [hidden email]
> > Automated List Manager                           [hidden email]
> >
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Which openssl.cnf?

Gayathri Sundar-3
In reply to this post by Eric Raunig
strace is a unix command wherein u need to attach the process which is linking with ur openssl library. It would tell the path from which all the libraries are loaded (for that process) along with a ton of other info. You would need to search the output of strace manually to figure out ur library path.



On Fri, Aug 12, 2011 at 1:46 PM, Eric Raunig <[hidden email]> wrote:
I don't know this syntax ie:
# openssl strace
openssl:Error: 'strace' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms              
crl               crl2pkcs7         dgst              dh               
dhparam           dsa               dsaparam          ec               
ecparam           enc               engine            errstr           
gendh             gendsa            genpkey           genrsa           
nseq              ocsp              passwd            pkcs12           
pkcs7             pkcs8             pkey              pkeyparam        
pkeyutl           prime             rand              req              
rsa               rsautl            s_client          s_server         
s_time            sess_id           smime             speed            
spkac             ts                verify            version          
x509             

Message Digest commands (see the `dgst' command for more details)
md4               md5               mdc2              rmd160           
sha               sha1             

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb      
aes-256-cbc       aes-256-ecb       base64            bf               
bf-cbc            bf-cfb            bf-ecb            bf-ofb           
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb 
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc         
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb        
des               des-cbc           des-cfb           des-ecb          
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb      
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb     
des-ofb           des3              desx              idea             
idea-cbc          idea-cfb          idea-ecb          idea-ofb         
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc          
rc2-cfb           rc2-ecb           rc2-ofb           rc4              
rc4-40            seed              seed-cbc          seed-cfb         
seed-ecb          seed-ofb  


On Fri, Aug 12, 2011 at 12:25 PM, Coda Highland <[hidden email]> wrote:
strace will show all of the syscalls executed by the application,
including opening files.

/s/ Adam

On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig <[hidden email]> wrote:
> Background:
> I have the problem in which there are multiple versions of openssl.cnf on my
> Linux (Ubuntu 11.04) installation.
>
> I had some problems with the default openssl-0.9.8. So I installed OpenSSL
> (1.0.0d 8 Feb 2011).
>
> I also have Zend Server CE (+zend framework +mysql etc)  installed which is
> intended for the local intranet.
>
> The problem is that when attempting to load a secure page: there is no
> handshake (Firefox: ssl_error_rx_record_too_long)
>
> With regards to openssl:
>
> Is there a command that will show which openssl.cnf that it is reading from?
>
>
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Which openssl.cnf?

Eric Raunig
Thanks,

For context:

something like
#strace -o strace_openssl_output.txt openssl version
followed by:
emacs strace_openssl_output.txt&



On Fri, Aug 12, 2011 at 2:57 PM, Gayathri Sundar <[hidden email]> wrote:
strace is a unix command wherein u need to attach the process which is linking with ur openssl library. It would tell the path from which all the libraries are loaded (for that process) along with a ton of other info. You would need to search the output of strace manually to figure out ur library path.




On Fri, Aug 12, 2011 at 1:46 PM, Eric Raunig <[hidden email]> wrote:
I don't know this syntax ie:
# openssl strace
openssl:Error: 'strace' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms              
crl               crl2pkcs7         dgst              dh               
dhparam           dsa               dsaparam          ec               
ecparam           enc               engine            errstr           
gendh             gendsa            genpkey           genrsa           
nseq              ocsp              passwd            pkcs12           
pkcs7             pkcs8             pkey              pkeyparam        
pkeyutl           prime             rand              req              
rsa               rsautl            s_client          s_server         
s_time            sess_id           smime             speed            
spkac             ts                verify            version          
x509             

Message Digest commands (see the `dgst' command for more details)
md4               md5               mdc2              rmd160           
sha               sha1             

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb      
aes-256-cbc       aes-256-ecb       base64            bf               
bf-cbc            bf-cfb            bf-ecb            bf-ofb           
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb 
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc         
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb        
des               des-cbc           des-cfb           des-ecb          
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb      
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb     
des-ofb           des3              desx              idea             
idea-cbc          idea-cfb          idea-ecb          idea-ofb         
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc          
rc2-cfb           rc2-ecb           rc2-ofb           rc4              
rc4-40            seed              seed-cbc          seed-cfb         
seed-ecb          seed-ofb  


On Fri, Aug 12, 2011 at 12:25 PM, Coda Highland <[hidden email]> wrote:
strace will show all of the syscalls executed by the application,
including opening files.

/s/ Adam

On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig <[hidden email]> wrote:
> Background:
> I have the problem in which there are multiple versions of openssl.cnf on my
> Linux (Ubuntu 11.04) installation.
>
> I had some problems with the default openssl-0.9.8. So I installed OpenSSL
> (1.0.0d 8 Feb 2011).
>
> I also have Zend Server CE (+zend framework +mysql etc)  installed which is
> intended for the local intranet.
>
> The problem is that when attempting to load a secure page: there is no
> handshake (Firefox: ssl_error_rx_record_too_long)
>
> With regards to openssl:
>
> Is there a command that will show which openssl.cnf that it is reading from?
>
>
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]