Comments (10)
Not sure if it's related, but using an elliptic curve server certificate also gives me the "no shared cipher" error. Only RSA certificates work. I can generate the elliptic curve certificate, but can't use it.
from amissl.
I couldn't really tell what you were ultimately trying to accomplish, from your comments, but somebody pointed me to your thread on os4coding.net. So, you're using AmiSSL in your ZitaFTP server software. Did you ever get this working? I'm thinking you perhaps missed a call to set up the ciphers (IIRC, it needs to be done differently for TLSv1.3). And I'm not so sure the OpenSSL s_server command is a good test.
from amissl.
Yes, I'm using AmiSSL in ZitaFTP Server. No, I didn't get it working. Instead I downgraded to TLS 1.2.
The same code works with Cygwin on Windows, so it's not a coding error on my part. Likewise, the s_server test works just fine with Cygwin.
from amissl.
Ok. Could you let me know the commands that you are using to create test.key and test.crt? I'll then rerun your test here with AmiSSL 4.3 and my current dev build which uses OpenSSL 1.1.1d (4.3 uses 1.1.1a). Could be something that was fixed In OpenSSL - if not, I'll find out what's going wrong.
I only had a quick look, but would I be right in saying that the current ZitaFTP on os4depot is statically linked against OpenSSL 1.1.1c?
from amissl.
Sure, the following generates a key using an elliptic curve cipher:
openssl ecparam -name secp521r1 -genkey -param_enc named_curve -out key.pem
openssl req -new -x509 -key key.pem -out cert.pem -days 730 -subj "/CN=localhost"
NOTE: You may need to add -config to the last line, with an AmiSSL config file because the default installation doesn't come with a config file.
I only had a quick look, but would I be right in saying that the current ZitaFTP on os4depot is statically linked against OpenSSL 1.1.1c?
Yes and no. The actual FTP server uses AmiSSL, but the licensing code relies on libcurl and therefore statically links in OpenSSL (it's a third-party lib that I adapted).
I'm hoping to build an OpenSSL => AmiSSL stub lib at some point so that I can remove the redundant OpenSSL. I haven't figured out how to generate that yet...
from amissl.
Ok - quick update. I am seeing the problem here too - works ok on Windows, but not in AmiSSL - both are using OpenSSL 1.1.1d, and same cert/key/config files. I've traced the problem and am working on a solution.
from amissl.
@ksdhans Took a while to pinpoint the cause, but ultimately it has led to the discovery a baserel related bug in GCC 4.0.4 on OS4. Fortunately, it can be easily worked around, but I've got to check if it gets triggered anywhere else in the OpenSSL code. FYI, your test case works on OS3.
Also, it is bugging me that trying to Ctrl-C s_server triggers a busy loop somewhere, so hope to fix that too. Do you know if there is some other way to tell s_server to exit?
from amissl.
Good to hear that you've found the root cause.
I don't know any other method than Ctrl+C to exist s_server.
from amissl.
I'm hoping to build an OpenSSL => AmiSSL stub lib at some point so that I can remove the redundant OpenSSL. I haven't figured out how to generate that yet...
@ksdhans Is that related to #31? I'd like to move discussion on this to that ticket if it is, as I'm going to close this one soon.
from amissl.
@ksdhans Is that related to #31? I'd like to move discussion on this to that ticket if it is, as I'm going to close this one soon.
True, they are related, but still slightly different. The solution I'm suggesting there wouldn't help in this case because inline stubs are only of use at compile time. An already compiled library such as libcurl would need stubs in another static library.
Let's move the discussion to that ticket.
from amissl.
Related Issues (20)
- Cannot compile SDL example
- 64bit arguments passing with 68k .library ABI HOT 2
- openssl/asn1.h header redefinitions in Storm C 4 HOT 5
- Update installer to allow installation even while AmiSSL is in use HOT 8
- Optional installation of include? HOT 3
- vbcc proto/inline issues HOT 7
- Random generator init is very slow HOT 11
- OpenSSL speed output order issue when redirected HOT 15
- 68000 version missing HOT 7
- OpenSSL 3.0 / AmiSSL v5 HOT 8
- const const in header files HOT 2
- interfaces/amissl.h:4320:73: error: duplicate βconstβ HOT 1
- libamisslstubs.a missing a few stubs HOT 15
- AmiSSL version defines mismatches HOT 5
- Split Installer
- AMISSL_INLINE_H doesn't fully work with the 5.x SDK's HOT 12
- Big SSL/TLS connect performance regression in AmiSSL 5.x HOT 25
- FTPS stops working with ZitaFTP Server from version 5.4 HOT 13
- Example https Crashes on Vanilla AmigaOS v3.2 Installation on WinUAE HOT 3
- PatchWork Reports InitSemaphore "Structure Is Not Cleared" HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from amissl.