Message hash algorithm 'RSA-SHA256' not found (OpenSSL)
3,082 views
Skip to first unread message
Barry Scott
Apr 17, 2010, 2:29:12 PM4/17/10
to tunnelbli...@googlegroups.com
I'm trying to get an OpenVPN configuration that works from my Fedora 8 system
running on Mac OS X 10.6.3. I see an error about sha256.
2010-04-17 19:25:10 *Tunnelblick: OS X 10.6.3; Tunnelblick 3.0 (build 1437); OpenVPN 2.1.1
2010-04-17 19:25:21 *Tunnelblick: Attempting connection with openvpn.conf; Set nameserver = 1; monitoring connection
2010-04-17 19:25:21 *Tunnelblick: /Applications/OtherApps/Tunnelblick.app/Contents/Resources/openvpnstart start openvpn.conf 1337 1 0 0 0
2010-04-17 19:25:21 *Tunnelblick: /Applications/OtherApps/Tunnelblick.app/Contents/Resources/openvpn --management-query-passwords --cd /Users/barry/Library/Application Support/Tunnelblick/Configurations --daemon --management-hold --management 127.0.0.1 1337 --config /Users/barry/Library/Application Support/Tunnelblick/Configurations/openvpn.conf --script-security 2 --up "/Applications/OtherApps/Tunnelblick.app/Contents/Resources/client.up.osx.sh" --down "/Applications/OtherApps/Tunnelblick.app/Contents/Resources/client.down.osx.sh" --up-restart
2010-04-17 19:25:21 SUCCESS: pid=55129
2010-04-17 19:25:21 SUCCESS: real-time state notification set to ON
2010-04-17 19:25:21 SUCCESS: real-time log notification set to ON
2010-04-17 19:25:21 OpenVPN 2.1.1 i386-apple-darwin10.2.0 [SSL] [LZO2] [PKCS11] built on Feb 24 2010
2010-04-17 19:25:21 END
2010-04-17 19:25:21 SUCCESS: hold release succeeded
2010-04-17 19:25:21 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
2010-04-17 19:25:21 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2010-04-17 19:25:21 but not yet verified
2010-04-17 19:25:21 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2010-04-17 19:25:21 WARNING: file '/Users/barry/vpn-client/tls/key.pem' is group or others accessible
2010-04-17 19:25:21 Message hash algorithm 'RSA-SHA256' not found (OpenSSL)
The system openssl dgst -h reports it has sha256. Why is Tunnelblick's openvpn not finding it?
What can I do to fix this problem?
Barry
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.
running on Mac OS X 10.6.3. I see an error about sha256.
2010-04-17 19:25:10 *Tunnelblick: OS X 10.6.3; Tunnelblick 3.0 (build 1437); OpenVPN 2.1.1
2010-04-17 19:25:21 *Tunnelblick: Attempting connection with openvpn.conf; Set nameserver = 1; monitoring connection
2010-04-17 19:25:21 *Tunnelblick: /Applications/OtherApps/Tunnelblick.app/Contents/Resources/openvpnstart start openvpn.conf 1337 1 0 0 0
2010-04-17 19:25:21 *Tunnelblick: /Applications/OtherApps/Tunnelblick.app/Contents/Resources/openvpn --management-query-passwords --cd /Users/barry/Library/Application Support/Tunnelblick/Configurations --daemon --management-hold --management 127.0.0.1 1337 --config /Users/barry/Library/Application Support/Tunnelblick/Configurations/openvpn.conf --script-security 2 --up "/Applications/OtherApps/Tunnelblick.app/Contents/Resources/client.up.osx.sh" --down "/Applications/OtherApps/Tunnelblick.app/Contents/Resources/client.down.osx.sh" --up-restart
2010-04-17 19:25:21 SUCCESS: pid=55129
2010-04-17 19:25:21 SUCCESS: real-time state notification set to ON
2010-04-17 19:25:21 SUCCESS: real-time log notification set to ON
2010-04-17 19:25:21 OpenVPN 2.1.1 i386-apple-darwin10.2.0 [SSL] [LZO2] [PKCS11] built on Feb 24 2010
2010-04-17 19:25:21 END
2010-04-17 19:25:21 SUCCESS: hold release succeeded
2010-04-17 19:25:21 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
2010-04-17 19:25:21 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2010-04-17 19:25:21 but not yet verified
2010-04-17 19:25:21 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2010-04-17 19:25:21 WARNING: file '/Users/barry/vpn-client/tls/key.pem' is group or others accessible
2010-04-17 19:25:21 Message hash algorithm 'RSA-SHA256' not found (OpenSSL)
The system openssl dgst -h reports it has sha256. Why is Tunnelblick's openvpn not finding it?
What can I do to fix this problem?
Barry
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.
jkbull...gmail.com
Apr 18, 2010, 9:30:48 AM4/18/10
to tunnelblick-discuss
This is caused by the same problem as Issue 82:
http://code.google.com/p/tunnelblick/issues/detail?id=82
so take a look at that thread.
Note: I've changed the status of that issue from "WontFix" to
"Accepted".
http://code.google.com/p/tunnelblick/issues/detail?id=82
so take a look at that thread.
Note: I've changed the status of that issue from "WontFix" to
"Accepted".
Barry Scott
Apr 24, 2010, 5:34:13 AM4/24/10
to tunnelbli...@googlegroups.com
On 18 Apr 2010, at 14:30, jkbull...gmail.com wrote:
> This is caused by the same problem as Issue 82:
> http://code.google.com/p/tunnelblick/issues/detail?id=82
> so take a look at that thread.
>
> Note: I've changed the status of that issue from "WontFix" to
> "Accepted".
But that does not work.
Doing the obvious replacement of the SDK to the 10.6 SDK and 10.4's to 10.6's did not
get me a clean build. I'm not getting openvpn built.
Can you point me at where the configure lines for the thirdparty code can be found
in the xcode build?
I grep'ed all the sources and cannot find a configure line.
I have looked around in xocde and cannot find where you tell xcode to build openvpn
and its dependancies.
Knowing what your configure lines are I can fixup for 10.6 and do the configure make dance.
Barry
jkbull...gmail.com
Apr 24, 2010, 8:09:27 AM4/24/10
to tunnelblick-discuss
That's the beauty of Open Source!
You should leave the SDK setting for the project at 10.4. This has to
do with the SDK setting for building OpenVPN, not for building
Tunnelblick itself (they are separate).
You'll find the settings for building OpenVPN in /third_party/
Makefile. It is in the sixth line:
SDKROOT=/Developer/SDKs/MacOSX10.4u.sdk
which can be changed to
SDKROOT=/Developer/SDKs/MacOSX10.6.sdk
When you do this, you also need to delete the /third_party/built file.
(It indicates we don't need to build the third-party software, so
deleting it needs to be done before the Xcode "Build" command will
build OpenVPN).
FYI, the code for building OpenVPN is in the Xcode scripts that are
"build phases" for the Tunnelblick target. The scripts also (for
releases) create the .dmg image.
I've updated Issue 82 with an additional way for us to deal with the
problem. I think it is the best way to do it, so we'll probably go
with that.
You should leave the SDK setting for the project at 10.4. This has to
do with the SDK setting for building OpenVPN, not for building
Tunnelblick itself (they are separate).
You'll find the settings for building OpenVPN in /third_party/
Makefile. It is in the sixth line:
SDKROOT=/Developer/SDKs/MacOSX10.4u.sdk
which can be changed to
SDKROOT=/Developer/SDKs/MacOSX10.6.sdk
When you do this, you also need to delete the /third_party/built file.
(It indicates we don't need to build the third-party software, so
deleting it needs to be done before the Xcode "Build" command will
build OpenVPN).
FYI, the code for building OpenVPN is in the Xcode scripts that are
"build phases" for the Tunnelblick target. The scripts also (for
releases) create the .dmg image.
I've updated Issue 82 with an additional way for us to deal with the
problem. I think it is the best way to do it, so we'll probably go
with that.
Barry Scott
May 1, 2010, 6:20:40 AM5/1/10
to tunnelbli...@googlegroups.com
Indeed.
>
> You should leave the SDK setting for the project at 10.4. This has to
> do with the SDK setting for building OpenVPN, not for building
> Tunnelblick itself (they are separate).
>
> You'll find the settings for building OpenVPN in /third_party/
> Makefile. It is in the sixth line:
>
> SDKROOT=/Developer/SDKs/MacOSX10.4u.sdk
>
> which can be changed to
>
> SDKROOT=/Developer/SDKs/MacOSX10.6.sdk
>
> When you do this, you also need to delete the /third_party/built file.
> (It indicates we don't need to build the third-party software, so
> deleting it needs to be done before the Xcode "Build" command will
> build OpenVPN).
Thanks I did this and it all works now.
>
> FYI, the code for building OpenVPN is in the Xcode scripts that are
> "build phases" for the Tunnelblick target. The scripts also (for
> releases) create the .dmg image.
I must say that coming to XCode with very little experience of its UI it
took a lot of research to finally figure out that Cmd-I on the "Run Script"
allowed me to see the scripts. (I do all my development with make etc)
>
> I've updated Issue 82 with an additional way for us to deal with the
> problem. I think it is the best way to do it, so we'll probably go
> with that.
O.K.
Barry
>
> You should leave the SDK setting for the project at 10.4. This has to
> do with the SDK setting for building OpenVPN, not for building
> Tunnelblick itself (they are separate).
>
> You'll find the settings for building OpenVPN in /third_party/
> Makefile. It is in the sixth line:
>
> SDKROOT=/Developer/SDKs/MacOSX10.4u.sdk
>
> which can be changed to
>
> SDKROOT=/Developer/SDKs/MacOSX10.6.sdk
>
> When you do this, you also need to delete the /third_party/built file.
> (It indicates we don't need to build the third-party software, so
> deleting it needs to be done before the Xcode "Build" command will
> build OpenVPN).
>
> FYI, the code for building OpenVPN is in the Xcode scripts that are
> "build phases" for the Tunnelblick target. The scripts also (for
> releases) create the .dmg image.
took a lot of research to finally figure out that Cmd-I on the "Run Script"
allowed me to see the scripts. (I do all my development with make etc)
>
> I've updated Issue 82 with an additional way for us to deal with the
> problem. I think it is the best way to do it, so we'll probably go
> with that.
Barry
jkbull...gmail.com
May 1, 2010, 6:32:27 AM5/1/10
to tunnelblick-discuss
On May 1, 6:20 am, Barry Scott <ba...@barrys-emacs.org> wrote:
<snip>
> > FYI, the code for building OpenVPN is in the Xcode scripts that are
> > "build phases" for the Tunnelblick target. The scripts also (for
> > releases) create the .dmg image.
>
> I must say that coming to XCode with very little experience of its UI it
> took a lot of research to finally figure out that Cmd-I on the "Run Script"
> allowed me to see the scripts. (I do all my development with make etc)
Yes, dealing with Xcode can be frustrating. Once you go beyond the
obvious way to do simple things, it gets tricky. I didn't, for
example, know that Cmd-I on a "Run Script" build phase would let you
edit a script. It took me a while to discover that a double-click on
"Run Script" would let you edit it. It would be nice if the context
menu had an "Edit Script" item!
Thanks for your comments. I'm glad you had success with this.
<snip>
> > FYI, the code for building OpenVPN is in the Xcode scripts that are
> > "build phases" for the Tunnelblick target. The scripts also (for
> > releases) create the .dmg image.
>
> I must say that coming to XCode with very little experience of its UI it
> took a lot of research to finally figure out that Cmd-I on the "Run Script"
> allowed me to see the scripts. (I do all my development with make etc)
obvious way to do simple things, it gets tricky. I didn't, for
example, know that Cmd-I on a "Run Script" build phase would let you
edit a script. It took me a while to discover that a double-click on
"Run Script" would let you edit it. It would be nice if the context
menu had an "Edit Script" item!
Thanks for your comments. I'm glad you had success with this.
Reply all
Reply to author
Forward
0 new messages