Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
Gang. It is a little uncool to be having a long lengthy discussion of someone's supported code without involving them in the discussion. As it turns out all of the issues that have been addressed in this thread related to C-Kermit had already been handled in the C-Kermit Daily builds. http://www.kermit-project.org/ckdaily.html Also, markus@ created this temp patch: +@@ -102,6 +104,13 @@ + !ERROR This module requires OpenSSL 0.9.5a or higher + #endif /* OPENSSL_VERSION_NUMBER */ + #endif /* SSLDLL */ ++ ++#if OPENSSL_VERSION_NUMBER 0x00907000L ++#else ++ #ifndef NID_UniqueIdentifier ++ #define NID_uniqueIdentifier NID_x500UniqueIdentifier ++ #endif ++#endif + + static int auth_ssl_valid = 0; + static char *auth_ssl_name = 0;/* this holds the oneline name */ That looks better, but not finally good enough. I think that the correct solution would be something like: * Replace all occurences of NID_UniqueIdentifier with ID_X500UniqueIdentifier. * Then: #if OPENSSL_VERSION_NUMBER 0x00907000L #define NID_X500UniqueIdentifier NID_UniqueIdentifier #endif Of course, this will still break compatibility with application not especially prepared. Best regards, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
On Wed, Jun 12, 2002 at 09:22:22AM -0400, Jeffrey Altman wrote: Gang. It is a little uncool to be having a long lengthy discussion of someone's supported code without involving them in the discussion. As it turns out all of the issues that have been addressed in this thread related to C-Kermit had already been handled in the C-Kermit Daily builds. http://www.kermit-project.org/ckdaily.html Sorry for not including you into the discussion. I only cared about the problem itself, which also pops up in mod_ssl, so I didn't even realize that we were talking about your package. Anyway: NID_uniqueIdentifier _may_ be re-enabled at some point in the future with its original meaning # The following clashes with 2.5.4.45, so commented away #pilotAttributeType 44 : uid : uniqueIdentifier I would therefore propose to not code dependant on #ifdef NID_uniqueIdentifier but by OpenSSL version number. This discussion started 1 week ago with corresponding problems reported in the mod_ssl mailing lists. As nobody else spoke up in that regard, it is my intention to leave everything as is, make sure that the item is pointed out in CHANGES (maybe even NEWS) and declare the problem to be resolved this way. I have not yet decided about pilotAttributeType 44, but will probably leave it disabled until the 0.9.8 release of OpenSSL, so that applications not conforming to the new naming will not compile instead of silently using a wrong interpretation. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
Sorry for not including you into the discussion. I only cared about the problem itself, which also pops up in mod_ssl, so I didn't even realize that we were talking about your package. Anyway: NID_uniqueIdentifier _may_ be re-enabled at some point in the future with its original meaning # The following clashes with 2.5.4.45, so commented away #pilotAttributeType 44 : uid : uniqueIdentifier where original meaning == pilotAttributeType That is fine. I would therefore propose to not code dependant on #ifdef NID_uniqueIdentifier but by OpenSSL version number. Right, I actually already changed this to be dependent not on the item that is in conflict but based on the item we agree is stable. This discussion started 1 week ago with corresponding problems reported in the mod_ssl mailing lists. As nobody else spoke up in that regard, it is my intention to leave everything as is, make sure that the item is pointed out in CHANGES (maybe even NEWS) and declare the problem to be resolved this way. I have not yet decided about pilotAttributeType 44, but will probably leave it disabled until the 0.9.8 release of OpenSSL, so that applications not conforming to the new naming will not compile instead of silently using a wrong interpretation. I completely agree with this approach. It did not come up for me in the last week because C-Kermit has consistently been kept in sync with the 0.9.7 development builds. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
On Wed, Jun 05, 2002 at 03:10:58PM +0200, Lutz Jaenicke via RT wrote: [[EMAIL PROTECTED] - Wed Jun 5 14:48:52 2002]: ck_ssl.c: In function k_tn_tls_negotiate': ck_ssl.c:3232: ID_uniqueIdentifier' undeclared (first use in this function) ck_ssl.c:3232: (Each undeclared identifier is reported only once ck_ssl.c:3232: for each function it appears in.) ck_ssl.c: In function k_ssl_incoming': ck_ssl.c:3529: ID_uniqueIdentifier' undeclared (first use in this function) *** Error code 1 Thank you for a reply. The problem is caused by inconsistent definitions for the OID values. According to RFC2256, the OID 2.5.4.45 is assigned to X500UniqueIdentifier. UniqueIdentifier was assigned to pilotAttributeType.44 in RFC1274. If you have a look into crypto/objects/objects.txt you will see, that this was (still is) commented out. The reason is that UniqueIdentifier was (incorrectly) used for 2.5.4.45... In OpenSSL 0.9.7 I renamed the entry for 2.5.4.45 to fully comply with RFC2256. Now UniqueIdentifier is missing, as I did not uncomment the entry for RFC1274 (otherwise maybe nobody would have noted and only later strange failures would have been reported). I see. Let's discuss how to fix it!? For instance, mod_ssl 2.8.8-1.3.24 use workaround: #ifndef NID_uniqueIdentifier #define NID_uniqueIdentifier 102 #endif ## ## ## Also, markus@ created this temp patch: +@@ -102,6 +104,13 @@ + !ERROR This module requires OpenSSL 0.9.5a or higher + #endif /* OPENSSL_VERSION_NUMBER */ + #endif /* SSLDLL */ ++ ++#if OPENSSL_VERSION_NUMBER 0x00907000L ++#else ++ #ifndef NID_UniqueIdentifier ++ #define NID_uniqueIdentifier NID_x500UniqueIdentifier ++ #endif ++#endif + + static int auth_ssl_valid = 0; + static char *auth_ssl_name = 0;/* this holds the oneline name */ Comments ? --mpech __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote: For instance, mod_ssl 2.8.8-1.3.24 use workaround: #ifndef NID_uniqueIdentifier #define NID_uniqueIdentifier 102 #endif I don't like this option. As it is now, the new (correct) NID_uniqueIdentifier is not yet enabled. Once it is, this mechanism will fail. When it will be enable? #if OPENSSL_VERSION_NUMBER 0x00907000L #define NID_X500UniqueIdentifier NID_UniqueIdentifier #endif Should this be removed after #define above will be enable? --mpech __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote: For instance, mod_ssl 2.8.8-1.3.24 use workaround: #ifndef NID_uniqueIdentifier #define NID_uniqueIdentifier 102 #endif I don't like this option. As it is now, the new (correct) NID_uniqueIdentifier is not yet enabled. Once it is, this mechanism will fail. When it will be enable? #if OPENSSL_VERSION_NUMBER 0x00907000L #define NID_X500UniqueIdentifier NID_UniqueIdentifier #endif Should this be removed after #define above will be enable? --mpech __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
On Thu, Jun 06, 2002 at 11:27:11AM +0300, Mike Pechkin wrote: On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote: For instance, mod_ssl 2.8.8-1.3.24 use workaround: #ifndef NID_uniqueIdentifier #define NID_uniqueIdentifier 102 #endif I don't like this option. As it is now, the new (correct) NID_uniqueIdentifier is not yet enabled. Once it is, this mechanism will fail. When it will be enable? I don't know. As long as it is not defined, applications using it in its old form will break already during compilation. That's a good thing to make sure it doesn't stay unnoted :-) #if OPENSSL_VERSION_NUMBER 0x00907000L #define NID_X500UniqueIdentifier NID_UniqueIdentifier #endif Should this be removed after #define above will be enable? No. This section says: On older versions, NID_X500UniqueIdentifier is not available, use its old form instead. I would like to see more discussions about this issue. I have looked around some more and still find referrals like http://www.alvestrand.no/objectid/2.5.4.45.html with the UniqueIdentifier term instead of X500UniqueIdentifier. I have set [EMAIL PROTECTED], who supplied this entry, and [EMAIL PROTECTED], the maintainer of this very practical database, on the CC list. Hopefully they don't feel bothered but help in discussing this item... ( http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=82 login is guest/guest ) Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote: Also, markus@ created this temp patch: +@@ -102,6 +104,13 @@ + !ERROR This module requires OpenSSL 0.9.5a or higher + #endif /* OPENSSL_VERSION_NUMBER */ + #endif /* SSLDLL */ ++ ++#if OPENSSL_VERSION_NUMBER 0x00907000L ++#else ++ #ifndef NID_UniqueIdentifier ++ #define NID_uniqueIdentifier NID_x500UniqueIdentifier ++ #endif ++#endif + + static int auth_ssl_valid = 0; + static char *auth_ssl_name = 0;/* this holds the oneline name */ That looks better, but not finally good enough. I think that the correct solution would be something like: * Replace all occurences of NID_UniqueIdentifier with ID_X500UniqueIdentifier. * Then: #if OPENSSL_VERSION_NUMBER 0x00907000L #define NID_X500UniqueIdentifier NID_UniqueIdentifier #endif I see. Lets' back to this patch. Patch doesn't work. Now we have ssl = 0x00907000L --mpech __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote: Also, markus@ created this temp patch: +@@ -102,6 +104,13 @@ + !ERROR This module requires OpenSSL 0.9.5a or higher + #endif /* OPENSSL_VERSION_NUMBER */ + #endif /* SSLDLL */ ++ ++#if OPENSSL_VERSION_NUMBER 0x00907000L ++#else ++ #ifndef NID_UniqueIdentifier ++ #define NID_uniqueIdentifier NID_x500UniqueIdentifier ++ #endif ++#endif + + static int auth_ssl_valid = 0; + static char *auth_ssl_name = 0;/* this holds the oneline name */ That looks better, but not finally good enough. I think that the correct solution would be something like: * Replace all occurences of NID_UniqueIdentifier with ID_X500UniqueIdentifier. * Then: #if OPENSSL_VERSION_NUMBER 0x00907000L #define NID_X500UniqueIdentifier NID_UniqueIdentifier #endif I see. Lets' back to this patch. Patch doesn't work. Now we have ssl = 0x00907000L --mpech __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
On Thu, Jun 06, 2002 at 12:39:50PM +0300, Mike Pechkin wrote: On Thu, Jun 06, 2002 at 09:46:28AM +0200, Lutz Jaenicke via RT wrote: Also, markus@ created this temp patch: +@@ -102,6 +104,13 @@ + !ERROR This module requires OpenSSL 0.9.5a or higher + #endif /* OPENSSL_VERSION_NUMBER */ + #endif /* SSLDLL */ ++ ++#if OPENSSL_VERSION_NUMBER 0x00907000L ++#else ++ #ifndef NID_UniqueIdentifier ++ #define NID_uniqueIdentifier NID_x500UniqueIdentifier ++ #endif ++#endif + + static int auth_ssl_valid = 0; + static char *auth_ssl_name = 0;/* this holds the oneline name */ That looks better, but not finally good enough. I think that the correct solution would be something like: * Replace all occurences of NID_UniqueIdentifier with ID_X500UniqueIdentifier. ^^^ You hopefully didn't take this directly and used the correct setting with the leading 'N'... * Then: #if OPENSSL_VERSION_NUMBER 0x00907000L #define NID_X500UniqueIdentifier NID_UniqueIdentifier #endif I see. Lets' back to this patch. Patch doesn't work. Now we have ssl = 0x00907000L Mine is at #define OPENSSL_VERSION_NUMBER 0x00907001L Best regards, Lutz PS. I didn't test the patch. I simply typed it into RT's communication window, so maybe there is a typo inside... -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)
On Wed, Jun 05, 2002 at 03:10:58PM +0200, Lutz Jaenicke via RT wrote: [[EMAIL PROTECTED] - Wed Jun 5 14:48:52 2002]: ck_ssl.c: In function k_tn_tls_negotiate': ck_ssl.c:3232: ID_uniqueIdentifier' undeclared (first use in this function) ck_ssl.c:3232: (Each undeclared identifier is reported only once ck_ssl.c:3232: for each function it appears in.) ck_ssl.c: In function k_ssl_incoming': ck_ssl.c:3529: ID_uniqueIdentifier' undeclared (first use in this function) *** Error code 1 Thank you for a reply. The problem is caused by inconsistent definitions for the OID values. According to RFC2256, the OID 2.5.4.45 is assigned to X500UniqueIdentifier. UniqueIdentifier was assigned to pilotAttributeType.44 in RFC1274. If you have a look into crypto/objects/objects.txt you will see, that this was (still is) commented out. The reason is that UniqueIdentifier was (incorrectly) used for 2.5.4.45... In OpenSSL 0.9.7 I renamed the entry for 2.5.4.45 to fully comply with RFC2256. Now UniqueIdentifier is missing, as I did not uncomment the entry for RFC1274 (otherwise maybe nobody would have noted and only later strange failures would have been reported). I see. Let's discuss how to fix it!? For instance, mod_ssl 2.8.8-1.3.24 use workaround: #ifndef NID_uniqueIdentifier #define NID_uniqueIdentifier 102 #endif ## ## ## Also, markus@ created this temp patch: +@@ -102,6 +104,13 @@ + !ERROR This module requires OpenSSL 0.9.5a or higher + #endif /* OPENSSL_VERSION_NUMBER */ + #endif /* SSLDLL */ ++ ++#if OPENSSL_VERSION_NUMBER 0x00907000L ++#else ++ #ifndef NID_UniqueIdentifier ++ #define NID_uniqueIdentifier NID_x500UniqueIdentifier ++ #endif ++#endif + + static int auth_ssl_valid = 0; + static char *auth_ssl_name = 0;/* this holds the oneline name */ Comments ? --mpech __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]