i hate ssl.

req
s_client
s_server
x509
verify

x509 -in <file> -out<file>

x509 -req -signkey <request-file> -days <N>

openssl dsaparam 1024 -out <dsafile>
openssl req -newkey dsa:<dsafile> -out <certfile> -keyout <keyfile> -nodes -x509 -days <N>

openssl verify -CAfile <certfile> -purpose sslserver <certfile>
openssl x509 -in <cert> -outform der -out <cert.der>

openssl s_server -accept 5555 -key <keyfile> -cert <certfile>
openssl s_client -connect kitten:5555 -CAfile <certfile> 


s_cert_file
s_key_file

app_RAND_load_file(NULL, bio_err, 0);
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(meth);
set_cert_stuff(ctx,s_cert_file,s_key_file)
        SSL_CTX_use_certificate_file(ctx,cert_file,SSL_FILETYPE_PEM)
                ssl_set_cert(ssl->cert,x);
        SSL_CTX_use_PrivateKey_file(ctx,key_file,SSL_FILETYPE_PEM)
        	ret=ssl_set_pkey(ssl->cert,pkey);
        SSL_CTX_check_private_key(ctx)
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, sizeof s_server_session_id_context);
do_server(context);

SSL_set_accept_state(con)

int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
	SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
		sizeof s_server_session_id_context);
static int s_server_session_id_context = 1; /* anything will do */



***** BAD *****
poll([{fd=3, events=POLLIN, revents=POLLIN}, {fd=4, events=POLLIN}], 2, -1) = 1
accept(3, {sin_family=AF_INET, sin_port=htons(2734), sin_addr=inet_addr("216.240.39.52")}}, [16]) = 6
brk(0x8070000)                          = 0x8070000
brk(0x8079000)                          = 0x8079000
socket(PF_UNIX, SOCK_STREAM, 0)         = 7
connect(7, {sin_family=AF_UNIX, path="                                                                                       /var/run/.nscd_socket"}, 110) = -1 ECONNREFUSED (Connection refused)
close(7)                                = 0
open("/etc/nsswitch.conf", O_RDONLY)    = 7
fstat64(0x7, 0xbffff6c0)                = -1 ENOSYS (Function not implemented)
fstat(7, {st_mode=S_IFREG|0644, st_size=1744, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
read(7, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1744
read(7, "", 4096)                       = 0
close(7)                                = 0
munmap(0x40015000, 4096)                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 7
fstat(7, {st_mode=S_IFREG|0644, st_size=23649, ...}) = 0
old_mmap(NULL, 23649, PROT_READ, MAP_PRIVATE, 7, 0) = 0x40015000
close(7)                                = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 7
fstat(7, {st_mode=S_IFREG|0755, st_size=246652, ...}) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p \0\000"..., 4096) = 4096
old_mmap(NULL, 36384, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x40254000
mprotect(0x4025c000, 3616, PROT_NONE)   = 0
old_mmap(0x4025c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x7000) = 0x4025c000
close(7)                                = 0
munmap(0x40015000, 23649)               = 0
gettimeofday({974448636, 599520}, NULL) = 0
getpid()                                = 9259
open("/etc/resolv.conf", O_RDONLY)      = 7
fstat(7, {st_mode=S_IFREG|0644, st_size=116, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
read(7, "domain lag.net\nnameserver 216.24"..., 4096) = 116
read(7, "", 4096)                       = 0
close(7)                                = 0
munmap(0x40015000, 4096)                = 0
open("/etc/host.conf", O_RDONLY)        = 7
fstat(7, {st_mode=S_IFREG|0644, st_size=26, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
read(7, "order hosts,bind\nmulti on\n", 4096) = 26
read(7, "", 4096)                       = 0
close(7)                                = 0
munmap(0x40015000, 4096)                = 0
open("/etc/hosts", O_RDONLY)            = 7
fcntl(7, F_GETFD)                       = 0
fcntl(7, F_SETFD, FD_CLOEXEC)           = 0
fstat(7, {st_mode=S_IFREG|0644, st_size=360, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
read(7, "127.0.0.1\t\tlocalhost localhost.l"..., 4096) = 360
close(7)                                = 0
munmap(0x40015000, 4096)                = 0
write(2, "New connection!\n", 16New connection!
)       = 16
time(NULL)                              = 974448636
open("/etc/localtime", O_RDONLY)        = 7
read(7, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\3\0\0\0\3\0"..., 44) = 44
read(7, "\236\246H\240\237\273\25\220\240\206*\240\241\232\367\220"..., 920) = 920
fstat(7, {st_mode=S_IFREG|0644, st_size=1000, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
read(7, "\377\377\235\220\1\0\377\377\217\200\0\4\377\377\235\220"..., 4096) = 36
close(7)                                = 0
munmap(0x40015000, 4096)                = 0
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]: :::"..., 5417 Nov 2000 00:10:36 [9259]: ::: socket debug dump :::) = 54
write(2, "\n", 1
)                       = 1
time(NULL)                              = 974448636
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]:    "..., 7917 Nov 2000 00:10:36 [9259]:    6  --  (read:    0) (writ:    0)       00000000) = 79
write(2, "\n", 1
)                       = 1
time(NULL)                              = 974448636
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]:    "..., 6117 Nov 2000 00:10:36 [9259]:         attached CA (length 883)) = 61
write(2, "\n", 1
)                       = 1
time(NULL)                              = 974448636
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]:    "..., 7017 Nov 2000 00:10:36 [9259]:         private key: /u/robey/openssl/key) = 70
write(2, "\n", 1
)                       = 1
time(NULL)                              = 974448636
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]:    "..., 7917 Nov 2000 00:10:36 [9259]:    3 lstn (read:    0) (writ:    0)  A    00000000) = 79
write(2, "\n", 1
)                       = 1
time(NULL)                              = 974448636
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]:    "..., 6117 Nov 2000 00:10:36 [9259]:         attached CA (length 883)) = 61
write(2, "\n", 1
)                       = 1
time(NULL)                              = 974448636
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]:    "..., 7017 Nov 2000 00:10:36 [9259]:         private key: /u/robey/openssl/key) = 70
write(2, "\n", 1
)                       = 1
time(NULL)                              = 974448636
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]: :::"..., 6117 Nov 2000 00:10:36 [9259]: ::: end of socket debug dump :::) = 61
write(2, "\n", 1
)                       = 1
fcntl(6, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(6, F_SETFL, O_RDWR)               = 0
open("/usr/share/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
getpid()                                = 9259
getpid()                                = 9259
getpid()                                = 9259
getpid()                                = 9259
getpid()                                = 9259
getpid()                                = 9259
getpid()                                = 9259
time(NULL)                              = 974448636
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]: loa"..., 5117 Nov 2000 00:10:36 [9259]: loading CA from buffer) = 51
write(2, "\n", 1
)                       = 1
getpid()                                = 9259
time(NULL)                              = 974448636
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]: loa"..., 5317 Nov 2000 00:10:36 [9259]: loading cert from buffer) = 53
write(2, "\n", 1
)                       = 1
getpid()                                = 9259
brk(0x807a000)                          = 0x807a000
open("/u/robey/openssl/key", O_RDONLY)  = 7
fstat(7, {st_mode=S_IFREG|0644, st_size=672, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
read(7, "-----BEGIN DSA PRIVATE KEY-----\n"..., 4096) = 672
getpid()                                = 9259
close(7)                                = 0
munmap(0x40015000, 4096)                = 0
time([974448636])                       = 974448636
getpid()                                = 9259
brk(0x807b000)                          = 0x807b000
time(NULL)                              = 974448636
getpid()                                = 9259
brk(0x8081000)                          = 0x8081000
brk(0x8086000)                          = 0x8086000
brk(0x808b000)                          = 0x808b000
read(6, "\26\3\0\0S\1\0\0O\3\0", 11)    = 11
time(NULL)                              = 974448636
getpid()                                = 9259
read(6, ":\24\347\374n\320\326o}\362t\2\337\356\200\321\252\231"..., 77) = 77
time(NULL)                              = 974448636
getpid()                                = 9259
getpid()                                = 9259
write(6, "\25\3\0\0\2\2(", 7)           = 7
getpid()                                = 9259
time(NULL)                              = 974448636
getpid()                                = 9259
write(2, "17 Nov 2000 00:10:36 [9259]: err"..., 11617 Nov 2000 00:10:36 [9259]: error: SSL_accept: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher: ) = 116
write(2, "\n", 1
)                       = 1
write(2, "*** Unable to negotiate SSL.\n", 29*** Unable to negotiate SSL.
) = 29
_exit(5)                                = ?
robey@kitten:~/say2/lib$ 


stat("/home-cat/robey/.rnd", 0xbfffedcc) = -1 ENOENT (No such file or directory)getpid()                                = 9266
getuid()                                = 31
time(NULL)                              = 974448730
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\304!+\fz\262C\210\202\367\335\10\223\332\225\'", 16) = 16
close(3)                                = 0
brk(0x814c000)                          = 0x814c000
getpid()                                = 9266
getpid()                                = 9266
getpid()                                = 9266
getpid()                                = 9266
getpid()                                = 9266
getpid()                                = 9266
open("/home-cat/robey/openssl/cert", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1253, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
read(3, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1253
brk(0x814d000)                          = 0x814d000
read(3, "", 4096)                       = 0
getpid()                                = 9266
getpid()                                = 9266
getpid()                                = 9266
close(3)                                = 0
munmap(0x40015000, 4096)                = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 4), ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
write(1, "Using default temp DH parameters"..., 33Using default temp DH parameters
) = 33
time([974448730])                       = 974448730
getpid()                                = 9266
open("/home-cat/robey/openssl/cert", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1253, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1253
brk(0x814e000)                          = 0x814e000
close(3)                                = 0
munmap(0x40016000, 4096)                = 0
open("/home-cat/robey/openssl/key", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=672, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "-----BEGIN DSA PRIVATE KEY-----\n"..., 4096) = 672
getpid()                                = 9266
close(3)                                = 0
munmap(0x40016000, 4096)                = 0
write(1, "ACCEPT\n", 7ACCEPT
)                 = 7
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(3, {sin_family=AF_INET, sin_port=htons(6666), sin_addr=inet_addr("0.0.0.0")}}, 16) = 0
listen(3, 128)                          = 0
accept(3, 

