Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-12 Thread Jeffrey Altman 

Gang.  It is a little uncool to be having a long lengthy discussion of
someone's supported code without involving them in the discussion.  As
it turns out all of the issues that have been addressed in this thread
related to C-Kermit had already been handled in the C-Kermit Daily
builds.

  http://www.kermit-project.org/ckdaily.html


  Also, markus@ created this temp patch:
  +@@ -102,6 +104,13 @@
  + !ERROR This module requires OpenSSL 0.9.5a or higher
  + #endif /* OPENSSL_VERSION_NUMBER */
  + #endif /* SSLDLL */
  ++
  ++#if OPENSSL_VERSION_NUMBER  0x00907000L
  ++#else
  ++  #ifndef NID_UniqueIdentifier
  ++  #define NID_uniqueIdentifier NID_x500UniqueIdentifier
  ++  #endif
  ++#endif
  +
  + static int auth_ssl_valid = 0;
  + static char *auth_ssl_name = 0;/* this holds the oneline name */
 
 That looks better, but not finally good enough. I think that the correct
 solution would be something like:
 * Replace all occurences of NID_UniqueIdentifier with 
   ID_X500UniqueIdentifier.
 * Then:
 #if OPENSSL_VERSION_NUMBER  0x00907000L
 #define NID_X500UniqueIdentifier NID_UniqueIdentifier
 #endif
 
 Of course, this will still break compatibility with application not
 especially prepared.
 
 Best regards,
 Lutz
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   [EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 



 Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
 The Kermit Project @ Columbia University  SSH, Secure Telnet, Secure FTP, HTTP
 http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and 
 [EMAIL PROTECTED]   OpenSSL.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-12 Thread Lutz Jaenicke 

On Wed, Jun 12, 2002 at 09:22:22AM -0400, Jeffrey Altman wrote:
 Gang.  It is a little uncool to be having a long lengthy discussion of
 someone's supported code without involving them in the discussion.  As
 it turns out all of the issues that have been addressed in this thread
 related to C-Kermit had already been handled in the C-Kermit Daily
 builds.
 
   http://www.kermit-project.org/ckdaily.html

Sorry for not including you into the discussion. I only cared about the
problem itself, which also pops up in mod_ssl, so I didn't even realize
that we were talking about your package.

Anyway:
NID_uniqueIdentifier _may_ be re-enabled at some point in the future
with its original meaning
# The following clashes with 2.5.4.45, so commented away
#pilotAttributeType 44  : uid   : uniqueIdentifier

I would therefore propose to not code dependant on
  #ifdef NID_uniqueIdentifier
but by OpenSSL version number.

This discussion started 1 week ago with corresponding problems reported
in the mod_ssl mailing lists. As nobody else spoke up in that regard,
it is my intention to leave everything as is, make sure that the item
is pointed out in CHANGES (maybe even NEWS) and declare the problem to
be resolved this way.
I have not yet decided about pilotAttributeType 44, but will probably leave
it disabled until the 0.9.8 release of OpenSSL, so that applications not
conforming to the new naming will not compile instead of silently using
a wrong interpretation.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-12 Thread Jeffrey Altman 

 Sorry for not including you into the discussion. I only cared about the
 problem itself, which also pops up in mod_ssl, so I didn't even realize
 that we were talking about your package.
 
 Anyway:
 NID_uniqueIdentifier _may_ be re-enabled at some point in the future
 with its original meaning
 # The following clashes with 2.5.4.45, so commented away
 #pilotAttributeType 44  : uid   : uniqueIdentifier

where original meaning == pilotAttributeType

That is fine.  

 I would therefore propose to not code dependant on
   #ifdef NID_uniqueIdentifier
 but by OpenSSL version number.

Right, I actually already changed this to be dependent not on the item
that is in conflict but based on the item we agree is stable.

 This discussion started 1 week ago with corresponding problems reported
 in the mod_ssl mailing lists. As nobody else spoke up in that regard,
 it is my intention to leave everything as is, make sure that the item
 is pointed out in CHANGES (maybe even NEWS) and declare the problem to
 be resolved this way.
 I have not yet decided about pilotAttributeType 44, but will probably leave
 it disabled until the 0.9.8 release of OpenSSL, so that applications not
 conforming to the new naming will not compile instead of silently using
 a wrong interpretation.

I completely agree with this approach.  It did not come up for me in
the last week because C-Kermit has consistently been kept in sync with
the 0.9.7 development builds.



 Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
 The Kermit Project @ Columbia University  SSH, Secure Telnet, Secure FTP, HTTP
 http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and 
 [EMAIL PROTECTED]   OpenSSL.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-06 Thread Mike Pechkin via RT 


On Wed, Jun 05, 2002 at 03:10:58PM +0200, Lutz Jaenicke via RT wrote:
 
 [[EMAIL PROTECTED] - Wed Jun  5 14:48:52 2002]:
 
  ck_ssl.c: In function k_tn_tls_negotiate':
  ck_ssl.c:3232: ID_uniqueIdentifier' undeclared (first use in this
  function)
  ck_ssl.c:3232: (Each undeclared identifier is reported only once
  ck_ssl.c:3232: for each function it appears in.)
  ck_ssl.c: In function k_ssl_incoming':
  ck_ssl.c:3529: ID_uniqueIdentifier' undeclared (first use in this
  function)
  *** Error code 1

Thank you for a reply.
 
 The problem is caused by inconsistent definitions for the OID values.
 According to RFC2256, the OID 2.5.4.45 is assigned to
 X500UniqueIdentifier. UniqueIdentifier was assigned to
 pilotAttributeType.44 in RFC1274.
 If you have a look into crypto/objects/objects.txt you will see, that
 this was (still is) commented out. The reason is that UniqueIdentifier
 was (incorrectly) used for 2.5.4.45...
 In OpenSSL 0.9.7 I renamed the entry for 2.5.4.45 to fully comply with
 RFC2256. Now UniqueIdentifier is missing, as I did not uncomment the
 entry for RFC1274 (otherwise maybe nobody would have noted and only
 later strange failures would have been reported).
I see.

Let's discuss how to fix it!?

For instance, mod_ssl 2.8.8-1.3.24 use workaround:
#ifndef NID_uniqueIdentifier
#define NID_uniqueIdentifier 102
#endif

##
##
##

Also, markus@ created this temp patch:
+@@ -102,6 +104,13 @@
+ !ERROR This module requires OpenSSL 0.9.5a or higher
+ #endif /* OPENSSL_VERSION_NUMBER */
+ #endif /* SSLDLL */
++
++#if OPENSSL_VERSION_NUMBER  0x00907000L
++#else
++  #ifndef NID_UniqueIdentifier
++  #define NID_uniqueIdentifier NID_x500UniqueIdentifier
++  #endif
++#endif
+
+ static int auth_ssl_valid = 0;
+ static char *auth_ssl_name = 0;/* this holds the oneline name */


Comments ?

--mpech
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-06 Thread Mike Pechkin 

On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote:

  For instance, mod_ssl 2.8.8-1.3.24 use workaround:
  #ifndef NID_uniqueIdentifier
  #define NID_uniqueIdentifier 102
  #endif
 
 I don't like this option. As it is now, the new (correct)
 NID_uniqueIdentifier is not yet enabled. Once it is, this mechanism will
 fail.
When it will be enable?

 #if OPENSSL_VERSION_NUMBER  0x00907000L
 #define NID_X500UniqueIdentifier NID_UniqueIdentifier
 #endif
Should  this be removed after #define above will be enable? 

--mpech
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-06 Thread Mike Pechkin via RT 


On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote:

  For instance, mod_ssl 2.8.8-1.3.24 use workaround:
  #ifndef NID_uniqueIdentifier
  #define NID_uniqueIdentifier 102
  #endif
 
 I don't like this option. As it is now, the new (correct)
 NID_uniqueIdentifier is not yet enabled. Once it is, this mechanism will
 fail.
When it will be enable?

 #if OPENSSL_VERSION_NUMBER  0x00907000L
 #define NID_X500UniqueIdentifier NID_UniqueIdentifier
 #endif
Should  this be removed after #define above will be enable? 

--mpech
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-06 Thread Lutz Jaenicke via RT 


On Thu, Jun 06, 2002 at 11:27:11AM +0300, Mike Pechkin wrote:
 On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote:
 
   For instance, mod_ssl 2.8.8-1.3.24 use workaround:
   #ifndef NID_uniqueIdentifier
   #define NID_uniqueIdentifier 102
   #endif
  
  I don't like this option. As it is now, the new (correct)
  NID_uniqueIdentifier is not yet enabled. Once it is, this mechanism will
  fail.
 When it will be enable?

I don't know. As long as it is not defined, applications using it in its
old form will break already during compilation. That's a good thing to make
sure it doesn't stay unnoted :-)

  #if OPENSSL_VERSION_NUMBER  0x00907000L
  #define NID_X500UniqueIdentifier NID_UniqueIdentifier
  #endif
 Should  this be removed after #define above will be enable? 

No. This section says: On older versions, NID_X500UniqueIdentifier is
not available, use its old form instead.

I would like to see more discussions about this issue. I have looked
around some more and still find referrals like
  http://www.alvestrand.no/objectid/2.5.4.45.html
with the UniqueIdentifier term instead of X500UniqueIdentifier.
I have set [EMAIL PROTECTED], who supplied this entry, and
[EMAIL PROTECTED], the maintainer of this very practical database,
on the CC list. Hopefully they don't feel bothered but help in discussing
this item...
( http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=82
  login is guest/guest )

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-06 Thread Mike Pechkin 

On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote:

  Also, markus@ created this temp patch:
  +@@ -102,6 +104,13 @@
  + !ERROR This module requires OpenSSL 0.9.5a or higher
  + #endif /* OPENSSL_VERSION_NUMBER */
  + #endif /* SSLDLL */
  ++
  ++#if OPENSSL_VERSION_NUMBER  0x00907000L
  ++#else
  ++  #ifndef NID_UniqueIdentifier
  ++  #define NID_uniqueIdentifier NID_x500UniqueIdentifier
  ++  #endif
  ++#endif
  +
  + static int auth_ssl_valid = 0;
  + static char *auth_ssl_name = 0;/* this holds the oneline name */
 
 That looks better, but not finally good enough. I think that the correct
 solution would be something like:
 * Replace all occurences of NID_UniqueIdentifier with 
   ID_X500UniqueIdentifier.
 * Then:
 #if OPENSSL_VERSION_NUMBER  0x00907000L
 #define NID_X500UniqueIdentifier NID_UniqueIdentifier
 #endif
I see. Lets' back to this patch.
Patch doesn't work. Now we have ssl = 0x00907000L

--mpech
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-06 Thread Mike Pechkin via RT 


On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote:

  Also, markus@ created this temp patch:
  +@@ -102,6 +104,13 @@
  + !ERROR This module requires OpenSSL 0.9.5a or higher
  + #endif /* OPENSSL_VERSION_NUMBER */
  + #endif /* SSLDLL */
  ++
  ++#if OPENSSL_VERSION_NUMBER  0x00907000L
  ++#else
  ++  #ifndef NID_UniqueIdentifier
  ++  #define NID_uniqueIdentifier NID_x500UniqueIdentifier
  ++  #endif
  ++#endif
  +
  + static int auth_ssl_valid = 0;
  + static char *auth_ssl_name = 0;/* this holds the oneline name */
 
 That looks better, but not finally good enough. I think that the correct
 solution would be something like:
 * Replace all occurences of NID_UniqueIdentifier with 
   ID_X500UniqueIdentifier.
 * Then:
 #if OPENSSL_VERSION_NUMBER  0x00907000L
 #define NID_X500UniqueIdentifier NID_UniqueIdentifier
 #endif
I see. Lets' back to this patch.
Patch doesn't work. Now we have ssl = 0x00907000L

--mpech
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-06 Thread Lutz Jaenicke via RT 


On Thu, Jun 06, 2002 at 12:39:50PM +0300, Mike Pechkin wrote:
 On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote:
 
   Also, markus@ created this temp patch:
   +@@ -102,6 +104,13 @@
   + !ERROR This module requires OpenSSL 0.9.5a or higher
   + #endif /* OPENSSL_VERSION_NUMBER */
   + #endif /* SSLDLL */
   ++
   ++#if OPENSSL_VERSION_NUMBER  0x00907000L
   ++#else
   ++  #ifndef NID_UniqueIdentifier
   ++  #define NID_uniqueIdentifier NID_x500UniqueIdentifier
   ++  #endif
   ++#endif
   +
   + static int auth_ssl_valid = 0;
   + static char *auth_ssl_name = 0;/* this holds the oneline name */
  
  That looks better, but not finally good enough. I think that the correct
  solution would be something like:
  * Replace all occurences of NID_UniqueIdentifier with 
ID_X500UniqueIdentifier.
^^^
You hopefully didn't take this directly and used the correct setting with the
leading 'N'...

  * Then:
  #if OPENSSL_VERSION_NUMBER  0x00907000L
  #define NID_X500UniqueIdentifier NID_UniqueIdentifier
  #endif
 I see. Lets' back to this patch.
 Patch doesn't work. Now we have ssl = 0x00907000L

Mine is at
#define OPENSSL_VERSION_NUMBER  0x00907001L

Best regards,
Lutz
PS. I didn't test the patch. I simply typed it into RT's communication window,
so maybe there is a typo inside...
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-05 Thread Mike Pechkin 

On Wed, Jun 05, 2002 at 03:10:58PM +0200, Lutz Jaenicke via RT wrote:
 
 [[EMAIL PROTECTED] - Wed Jun  5 14:48:52 2002]:
 
  ck_ssl.c: In function k_tn_tls_negotiate':
  ck_ssl.c:3232: ID_uniqueIdentifier' undeclared (first use in this
  function)
  ck_ssl.c:3232: (Each undeclared identifier is reported only once
  ck_ssl.c:3232: for each function it appears in.)
  ck_ssl.c: In function k_ssl_incoming':
  ck_ssl.c:3529: ID_uniqueIdentifier' undeclared (first use in this
  function)
  *** Error code 1

Thank you for a reply.
 
 The problem is caused by inconsistent definitions for the OID values.
 According to RFC2256, the OID 2.5.4.45 is assigned to
 X500UniqueIdentifier. UniqueIdentifier was assigned to
 pilotAttributeType.44 in RFC1274.
 If you have a look into crypto/objects/objects.txt you will see, that
 this was (still is) commented out. The reason is that UniqueIdentifier
 was (incorrectly) used for 2.5.4.45...
 In OpenSSL 0.9.7 I renamed the entry for 2.5.4.45 to fully comply with
 RFC2256. Now UniqueIdentifier is missing, as I did not uncomment the
 entry for RFC1274 (otherwise maybe nobody would have noted and only
 later strange failures would have been reported).
I see.

Let's discuss how to fix it!?

For instance, mod_ssl 2.8.8-1.3.24 use workaround:
#ifndef NID_uniqueIdentifier
#define NID_uniqueIdentifier 102
#endif

##
##
##

Also, markus@ created this temp patch:
+@@ -102,6 +104,13 @@
+ !ERROR This module requires OpenSSL 0.9.5a or higher
+ #endif /* OPENSSL_VERSION_NUMBER */
+ #endif /* SSLDLL */
++
++#if OPENSSL_VERSION_NUMBER  0x00907000L
++#else
++  #ifndef NID_UniqueIdentifier
++  #define NID_uniqueIdentifier NID_x500UniqueIdentifier
++  #endif
++#endif
+
+ static int auth_ssl_valid = 0;
+ static char *auth_ssl_name = 0;/* this holds the oneline name */


Comments ?

--mpech
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]