cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: using curl with SSL on an iServer Virtual Server

From: Michael Reynolds <michael_at_spinweb.net>
Date: Mon, 25 Sep 2000 11:57:23 -0500 (EST)

On Mon, 25 Sep 2000, Daniel Stenberg wrote:

> On Sun, 24 Sep 2000, Michael Reynolds wrote:
>
> > I get this message:
> >
> > haydn% curl https://ssl.spinweb.net
> > ** RSAPublicDecrypt: Unable to find an RSAREF shared library
> > (librsaref.so).
> > ** Install the /usr/ports/security/rsaref port or package and run this
> > ** program again. See the OpenSSL chapter in the FreeBSD Handbook, located
> > at
> > ** http://www.freebsd.org/handbook/openssl.html, for more information.
> > curl: (35) SSL: error:1408D076:SSL routines:SSL3_GET_KEY_EXCHANGE:bad rsa
> > decrypt
>
> I think this error message is quite informative: "Install the
> /usr/ports/security/rsaref port or package and run this program again."
>
> So this is an OpenSSL issue: "See the OpenSSL chapter in the FreeBSD
> Handbook, located at http://www.freebsd.org/handbook/openssl.html, for more
> information."
>
> What else do you need to know?

Ok, I'll assume this is a "RTFM" type mailing list so let me try to
explain step-by-step what I did here as to eliminate any confusion or
assumptions.

After I saw:

"/usr/ports/security/rsaref port or package and run this program again."

I then read this:

"See the OpenSSL chapter in the FreeBSD Handbook, located at
http://www.freebsd.org/handbook/openssl.html, for
more information."

So I went here:

        http://www.freebsd.org/handbook/openssl.html

Not a whole lot. It said this:

-------------------------------------------------------------------
8.8. OpenSSL

As of FreeBSD 4.0, the OpenSSL toolkit is a part of the base
system. OpenSSL provides a general-purpose cryptography library, as well
as the Secure Sockets Layer
v2/v3 (SSLv2/SSLv3) and Transport Layer Security v1 (TLSv1) network
security protocols.

However, one of the algorithms (specifically IDEA) included in OpenSSL is
protected by patents in the USA and elsewhere, and is not available for
unrestricted use.
IDEA is included in the OpenSSL sources in FreeBSD, but it is not built by
default. If you wish to use it, and you comply with the license terms,
enable the
MAKE_IDEA switch in /etc/make.conf and rebuild your sources using 'make
world'.

Today, the RSA algorithm is free for use in USA and other countries. In
the past it was protected by a patent.

8.8.1. Source Code Installations

OpenSSL is part of the src-crypto and src-secure cvsup collections. See
the Obtaining FreeBSD section for more information about obtaining and
updating
FreeBSD source code.
---------------------------------------------------------------------

My problems at this point are:

1) as I have already mentioned, I am on a Virtual Server from iServer and
therefore do not have root access to system-level files.

2) this URL: http://www.freebsd.org/handbook/openssl.html did not help me
(perhaps I'm blind?)

3) I searched for rsaref and found it but it contained instructions which
I found cryptic. I tried compiling it and did not know what to do with it
after that.

Thanks,
        ---Mike

-- 
Michael Reynolds
SpinWeb Net Designs, Inc.
http://www.spinweb.net
Voice: 765.284.0910
Fax: 603.843.1376
PGP key: http://michael.spinweb.net/pgp/public.pgp
Received on 2000-09-25