Re: SSL Library Error: error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure (Type=RSA SHA1 X931)
$ openssl genrsa 2048 key.pem $ openssl req -new -x509 -key key.pem -out cert.pem -sha256 On Tue, Aug 12, 2014 at 11:08 AM, Abdul Anshad ab...@visolve.com wrote: Could you please provide me the steps for creating a self signed certificate meeting the current FIPS standard ? Thank you for the response. Regards, Abdul On 12-Aug-14 3:02 AM, Kurt Cancemi wrote: Your using a SHA-1 signed certificate, the current FIPS standard mandates a SHA-256 (SHA-2) signed certificate with a bit size = 2048. --- Kurt Cancemi https://www.x64Architecture.com On Mon, Aug 11, 2014 at 5:24 AM, Abdul Anshad ab...@visolve.com wrote: Hello All, I have a set up which runs Apache http-2.4.10 and Openssl-1.0.1i, when I try to start the http server with FIPS mode i get the following error. [Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232: suEXEC mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec) [Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885: FIPS mode failed [Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library Error: error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure (Type=RSA SHA1 X931) [Mon Aug 11 14:39:24.428663 2014] [ssl:emerg] [pid 380] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed Could somebody help me out with this issue ? Thanks in advance. -- Regards, Abdul --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: SSL Library Error: error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure (Type=RSA SHA1 X931)
I have tried this, but i still get the same error. Following are the steps that i used before to generate the key and certificate : $openssl genrsa -out my_key.key 2048 $openssl pkcs8 -v1 PBE-SHA1-3DES -topk8 -in my_key.key -out localhost.key $openssl req -new -key localhost.key -out localhost.csr $openssl x509 -req -days 3650 -in localhost.csr -signkey localhost.key -out localhost.crt I have also tried your steps, but ended up in the same error. Regards, Abdul On 12-Aug-14 11:24 AM, Thulasi Goriparthi wrote: $ openssl genrsa 2048 key.pem $ openssl req -new -x509 -key key.pem -out cert.pem -sha256 On Tue, Aug 12, 2014 at 11:08 AM, Abdul Anshad ab...@visolve.com mailto:ab...@visolve.com wrote: Could you please provide me the steps for creating a self signed certificate meeting the current FIPS standard ? Thank you for the response. Regards, Abdul On 12-Aug-14 3:02 AM, Kurt Cancemi wrote: Your using a SHA-1 signed certificate, the current FIPS standard mandates a SHA-256 (SHA-2) signed certificate with a bit size = 2048. --- Kurt Cancemi https://www.x64Architecture.com On Mon, Aug 11, 2014 at 5:24 AM, Abdul Anshad ab...@visolve.com mailto:ab...@visolve.com wrote: Hello All, I have a set up which runs Apache http-2.4.10 and Openssl-1.0.1i, when I try to start the http server with FIPS mode i get the following error. [Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232: suEXEC mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec) [Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885: FIPS mode failed [Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library Error: error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure (Type=RSA SHA1 X931) [Mon Aug 11 14:39:24.428663 2014] [ssl:emerg] [pid 380] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed Could somebody help me out with this issue ? Thanks in advance. -- Regards, Abdul --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org mailto:openssl-dev@openssl.org Automated List Manager majord...@openssl.org mailto:majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org mailto:openssl-dev@openssl.org Automated List Manager majord...@openssl.org mailto:majord...@openssl.org --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org mailto:openssl-dev@openssl.org Automated List Manager majord...@openssl.org mailto:majord...@openssl.org --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
[PATCH 1/2] fix variable not initialized
Signed-off-by: Ruoyu lian...@ucweb.com
---
crypto/dso/dso_beos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/dso/dso_beos.c b/crypto/dso/dso_beos.c
index 553966e..b5e8084 100644
--- a/crypto/dso/dso_beos.c
+++ b/crypto/dso/dso_beos.c
@@ -112,7 +112,7 @@ DSO_METHOD *DSO_METHOD_beos(void)
static int beos_load(DSO *dso)
{
- image_id id;
+ image_id id = 0;
/* See applicable comments from dso_dl.c */
char *filename = DSO_convert_filename(dso, NULL);
--
1.8.3.2
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
[PATCH 2/2] fix resource leak
Signed-off-by: Ruoyu lian...@ucweb.com
---
fips/aes/fips_aesavs.c | 1 +
fips/des/fips_desmovs.c | 1 +
fips/sha/fips_standalone_sha1.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c
index fecaf99..d979548 100644
--- a/fips/aes/fips_aesavs.c
+++ b/fips/aes/fips_aesavs.c
@@ -918,6 +918,7 @@ int main(int argc, char **argv)
if (proc_file(rfn, rspfile))
{
printf( Processing failed for: %s \n, rfn);
+ fclose(fp);
return 1;
}
}
diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c
index 2bbeb53..82a0f0f 100644
--- a/fips/des/fips_desmovs.c
+++ b/fips/des/fips_desmovs.c
@@ -690,6 +690,7 @@ int main(int argc, char **argv)
if (tproc_file(rfn, rspfile))
{
printf( Processing failed for: %s \n, rfn);
+ fclose(fp);
return -1;
}
}
diff --git a/fips/sha/fips_standalone_sha1.c b/fips/sha/fips_standalone_sha1.c
index 80ccae4..d15dd6e 100644
--- a/fips/sha/fips_standalone_sha1.c
+++ b/fips/sha/fips_standalone_sha1.c
@@ -167,6 +167,7 @@ int main(int argc,char **argv)
for(i=0 ; i 20 ; ++i)
printf(%02x,md[i]);
printf(\n);
+ fclose(f);
}
#endif
return 0;
--
1.8.3.2
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
[openssl.org #2820] man pages case (in)sensitivity
Fixed on HEAD; will be part of post 1.0.2 release commit 9aaa7be8d4be38c0a13a64a0a8cf6c4774c45a0f Author: Nick Lewis nick.le...@usa.g4s.com Date: Mon Aug 11 22:56:46 2014 -0400 PR 2580: dgst missing current SHA algorithms Update the dgst.pod page to include SHA224...512 algorithms. Update apps/progs.pl to add them to the digest command table. Reviewed-by: Tim Hudson t...@cryptosoft.com -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3057] [PATCH] Fix POD errors with pod2man from Perl 5.18.
already been fixed by some masked podman :) -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3490] bug report: SRP still broken in 1.0.1 snapshot
On Tue, Aug 12, 2014 at 01:26:30AM +0200, John Foley via RT wrote: The commit into 1.0.1 didn't include the changes to s3_lib.c. SRP is still broken on this branch. Are there any plans to fix this? Can you confirm that that commit from master fixes things for you? On Aug 11, 2014, at 6:41 PM, Kurt Roeckx via RT r...@openssl.org wrote: On Mon, Aug 11, 2014 at 11:09:51PM +0200, John Foley via RT wrote: The fix discussed in this thread appears to be incomplete: http://marc.info/?l=openssl-usersm=140752401023837w=2 This fix works for SRP cipher suites that uses RSA for DSA, which includes 6 of the 9 supported SRP cipher suites. But the three SRP cipher suites that don't rely on a server-side certificate are still broken. This problem can be recreated using these commands: I believe this is already in master in commit 9e72d496d4f9880ec98f0ed9168246e35c1c3059 Kurt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3490] bug report: SRP still broken in 1.0.1 snapshot
The first chunk in the s3_lib.c patch doesn't apply. But the second
chunk does (shown below). When applying this to 1.0.1 stable, it
appears to resolve the problem.
@@ -4357,8 +4359,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
emask_k = cert-export_mask_k;
emask_a = cert-export_mask_a;
#ifndef OPENSSL_NO_SRP
- mask_k=cert-mask_k | s-srp_ctx.srp_Mask;
- emask_k=cert-export_mask_k | s-srp_ctx.srp_Mask;
+ if (s-srp_ctx.srp_Mask SSL_kSRP)
+ {
+ mask_k |= SSL_kSRP;
+ emask_k |= SSL_kSRP;
+ mask_a |= SSL_aSRP;
+ emask_a |= SSL_aSRP;
+ }
#endif
#ifdef KSSL_DEBUG
On 08/12/2014 01:43 PM, Kurt Roeckx via RT wrote:
On Tue, Aug 12, 2014 at 01:26:30AM +0200, John Foley via RT wrote:
The commit into 1.0.1 didn't include the changes to s3_lib.c. SRP is still
broken on this branch. Are there any plans to fix this?
Can you confirm that that commit from master fixes things for you?
On Aug 11, 2014, at 6:41 PM, Kurt Roeckx via RT r...@openssl.org wrote:
On Mon, Aug 11, 2014 at 11:09:51PM +0200, John Foley via RT wrote:
The fix discussed in this thread appears to be incomplete:
http://marc.info/?l=openssl-usersm=140752401023837w=2
This fix works for SRP cipher suites that uses RSA for DSA, which
includes 6 of the 9 supported SRP cipher suites. But the three SRP
cipher suites that don't rely on a server-side certificate are still
broken. This problem can be recreated using these commands:
I believe this is already in master in commit
9e72d496d4f9880ec98f0ed9168246e35c1c3059
Kurt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
Re: [openssl.org #3490] bug report: SRP still broken in 1.0.1 snapshot
On Tue, Aug 12, 2014 at 08:22:38PM +0200, John Foley via RT wrote:
The first chunk in the s3_lib.c patch doesn't apply. But the second
chunk does (shown below). When applying this to 1.0.1 stable, it
appears to resolve the problem.
@@ -4357,8 +4359,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
emask_k = cert-export_mask_k;
emask_a = cert-export_mask_a;
#ifndef OPENSSL_NO_SRP
- mask_k=cert-mask_k | s-srp_ctx.srp_Mask;
- emask_k=cert-export_mask_k | s-srp_ctx.srp_Mask;
+ if (s-srp_ctx.srp_Mask SSL_kSRP)
+ {
+ mask_k |= SSL_kSRP;
+ emask_k |= SSL_kSRP;
+ mask_a |= SSL_aSRP;
+ emask_a |= SSL_aSRP;
+ }
#endif
#ifdef KSSL_DEBUG
I assumed you were talking about the 1.0.1i release and not the
current git. When the mentioned commit got merged into the 1.0.1
branch the above part was somehow lost. It should get added to
the 1.0.1 branch soon.
Kurt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
[openssl.org #719] BUG: Incorrect child exit status handling in Configure 0.9.7c
Fix will be in post -1.0.2 release. Here's the commit; used die because that
also works for interrupt signals
commit cde8ad1a28cec6a950eb61d2aca616795619c8e6
Author: nnpos...@users.sourceforge.net nnpos...@users.sourceforge.net
Date: Mon Aug 11 23:36:27 2014 -0400
PR 719: Configure not exiting with child status
If subcommand fails, just die.
Reviewed-by: Kurt Roeckx k...@roeckx.be
diff --git a/Configure b/Configure
index 3ea6ca3..b0a36a4 100755
--- a/Configure
+++ b/Configure
@@ -2038,7 +2038,7 @@ EOF
$make_targets .= links if $symlink;
$make_targets .= depend if $depflags ne $default_depflags $make_depend;
$make_targets .= gentests if $symlink;
- (system $make_command.$make_targets) == 0 or exit $?
+ (system $make_command.$make_targets) == 0 or die make $make_targets failed
if $make_targets ne ;
if ( $fipscanisteronly )
{}
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
[openssl.org #706] PATCH suuport FreeBSD amd64
If still desired, please open a new ticket with an updated patch; the config script is now very different. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2106] s_client man page doesn't mention STARTTLS support for XMPP
Dunno who, dunno when, but someone did this fix already. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2580] RE: Missing MD commands in app/openssl help
This will be in a release after 1.0.2 commit 9aaa7be8d4be38c0a13a64a0a8cf6c4774c45a0f Author: Nick Lewis nick.le...@usa.g4s.com Date: Mon Aug 11 22:56:46 2014 -0400 PR 2580: dgst missing current SHA algorithms Update the dgst.pod page to include SHA224...512 algorithms. Update apps/progs.pl to add them to the digest command table. Reviewed-by: Tim Hudson t...@cryptosoft.com -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2729] Openssl exe is taking the CR as part of input (password) when we run the exe from a java/C++/command line and press enter key from command line
Seems like a Java issue. As a work-around, try using temp file for the password. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2472] req command silently ignores digest specifier when using EC signatures (0.9.8 only)
And, perhaps the least desireable fix: not going to fix 0.9.8 -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3310] Can't execute make command
File corruption seems the cause. Can't reproduce the situation. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1063] [Fwd: Bug#150259: openssl: should return error on invalid command]
Fixed in the rsalz-monolith branch, to be release after 1.0.2 release. You can see it here: https://github.com/akamai/openssl/tree/rsalz-monolith/apps -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3239] PATCH: formatting errors in NAME lines of two manual pages
Fixed as shown; to be released post-1.0.2 commit bebbb11d132cc149f7713d6693703f8bfae10072 Author: Ingo Schwarze schwa...@usta.de Date: Tue Aug 12 15:47:06 2014 -0400 RT3239: Extra comma in NAME lines of two manpages In two OpenSSL manual pages, in the NAME section, the last word of the name list is followed by a stray trailing comma. While this may seem minor, it is worth fixing because it may confuse some makewhatis(8) implementations. While here, also add the missing word size to the one line description in SSL_CTX_set_max_cert_list(3). Reviewed by: Dr Stephen Henson shen...@drh-consultancy.co.uk -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
If you use kerberos/ssl
Can you take a look at http://rt.openssl.org/Ticket/Display.html?id=549 And let us know what you think? -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
[openssl.org #936] Bug in smime-command mime format
This seems to be working as desired; the content is in the first part. If you want empty content, a detached signature, use the -content flag. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Forcing client to send Certificate record
Heya! I just discovered that there is no way to force OpenSSL SSL client to send Certificate rercord if server hasn't sent CertificateRequest. Would a patch that will this API hole be welcome? What API do you guys have in mind? Cheers, Fedor.
Re: Forcing client to send Certificate record
[ Redirecting to openssl-users ] On Wed, Aug 13, 2014 at 01:05:24AM +0400, Fedor Indutny wrote: I just discovered that there is no way to force OpenSSL SSL client to send Certificate record if server hasn't sent CertificateRequest. That would be a TLS protocol violation. Would a patch that will this API hole be welcome? What API do you guys have in mind? There is no need for an API for a non-interoperable feature that would violate the TLS protocol: https://tools.ietf.org/html/rfc5246#section-7.4.6 -- Viktor. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Forcing client to send Certificate record
Viktor, Despite being a protocol violation, it is accepted by the OpenSSL's server implementation. But I do see now that this is indeed covered by RFC 5246. Sorry, I have missed that line in the Client Certificate section. On Wed, Aug 13, 2014 at 1:48 AM, Salz, Rich rs...@akamai.com wrote: There is no need for an API for a non-interoperable feature that would violate the TLS protocol: https://tools.ietf.org/html/rfc5246#section-7.4.6 Perhaps more usefully, see http://datatracker.ietf.org/doc/draft-thomson-tls-care/ This will almost definitely be part of TLS 1.3. Note that it's version-neutral, so it will probably show up in other stacks as well. -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: If you use kerberos/ssl
On 8/12/2014 6:06 PM, Viktor Dukhovni wrote: On Tue, Aug 12, 2014 at 04:22:21PM -0400, Salz, Rich wrote: Can you take a look at http://rt.openssl.org/Ticket/Display.html?id=549 And let us know what you think? I contribute bits of code to MIT and Heimdal Kerberos and maintain a Kerberos infrastructure for a living. I would like to see OpenSSL remove all support for the obsolete Kerberos-V5 cipher-suites. The modern way to combine Kerberos with TLS is GSSAPI with channel binding. The old crufty Kerberos support should be deleted from master. No new features should be added to this code. Viktor, RFC 2712 is a Proposed Standard. I agree with you wholeheartedly that no one should ever use it again because of its dependence on DES and only DES. An Internet Draft should be submitted to the IETF TLS Working Group to change the status to Historic and reference RFC 6649 Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos as the justification. I also agree that OpenSSL should consider removing the functionality. That being said I know that there are entities that did rely upon it. OpenSSL does not build with this support by default and it would bad form to remove it from an existing release series. Removal on the current master branch should not be an issue. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Re: If you use kerberos/ssl
On Tue, Aug 12, 2014 at 11:17:36PM -0400, Jeffrey Altman wrote: The modern way to combine Kerberos with TLS is GSSAPI with channel binding. The old crufty Kerberos support should be deleted from master. No new features should be added to this code. RFC 2712 is a Proposed Standard. I agree with you wholeheartedly that no one should ever use it again because of its dependence on DES and only DES. An Internet Draft should be submitted to the IETF TLS Working Group to change the status to Historic and reference RFC 6649 Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos as the justification. I also agree that OpenSSL should consider removing the functionality. That being said I know that there are entities that did rely upon it. OpenSSL does not build with this support by default and it would bad form to remove it from an existing release series. Removal on the current master branch should not be an issue. That's what I am proposing. Leave it in place in 0.9.8 (almost EOL) and 1.0.x (stable releases), but remove from master (1.1.0-dev). As for writing drafts to deprecate these, I am to my ears in DANE and Opportunistic Security, so someone else will have to take that on. -- Viktor. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2514] Patch to tsget command in openssl-1.0.0d
Someone updated tsget to use the perl curl library, and the content-type is fetched via a curl method, so this is already done. thanks. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2876] SSL reports Too many open files
Old version, not enough information to reproduce. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2861] [patch] Improve ability to specity req subjectAltName from the command-line
Thanks but we're not going to do this; the ENV:: construct is documented and putting a bogus field by default doesn't seem like a good idea. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2684] [PATCH] pod2html build fix
Who is this frodo guy? :) Fixed in post-1.0.2 commit 690a2b1fa2c8a7dba0be84dfc052d86b864bedc3 Author: Matt Caswell fr...@baggins.org Date: Wed Aug 13 00:28:03 2014 -0400 RT1665: Fix podpath to get xref's right In Makefile, when build manpages, put the current directory at the start of the podpath so that cross-refs find the local directory first. Reviewed-by: Tim Hudson t...@cryptosoft.com -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
