date:20160915

Re: [openssl-users] Customize Windows library names

2016-09-15 Thread Thomas J. Hruska


On 9/15/2016 8:17 AM, Kim Gräsman wrote:

Hi Thomas,

On Thu, Sep 15, 2016 at 4:26 PM, Thomas J. Hruska
 wrote:


The precompiled binary installer variants do this already.  If you are using
default builds, then that's possibly an option.


We prefer to build from source to allow static and dynamic code
analysis, for example.

But do you have a link to these precompiled binary installers? Do you
know how they accomplish plain names?

Thanks,
- Kim


https://slproweb.com/products/Win32OpenSSL.html

As to how:  A batch file with a set of 'copy' commands ;)

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CVE-2016-2180

2016-09-15 Thread sivagopiraju

-   int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
-BIO_write(bio, obj_txt, len);
-BIO_write(bio, "\n", 1);
+OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+BIO_printf(bio, "%s\n", obj_txt);

Here, used BIO_printf instead of BIO_write, is it solve the issue?

Can you please elaborate it, did't understand the solution.



--
View this message in context: 
http://openssl.6102.n7.nabble.com/CVE-2016-2180-tp67815p68384.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Customize Windows library names

2016-09-15 Thread Richard Levitte

In message <1446abd3-1599-24fe-1340-fc7f3da5e...@wisemo.com> on Fri, 16 Sep 
2016 00:12:30 +0200, Jakob Bohm  said:

jb-openssl> On 16/09/2016 00:08, Richard Levitte wrote:
jb-openssl> > In message
jb-openssl> > 

jb-openssl> > on Thu, 15 Sep 2016 12:17:12 +0200, Kim Gräsman
jb-openssl> >  said:
jb-openssl> >
jb-openssl> > kim.grasman> I'm looking at integrating OpenSSL 1.1 in our tree, 
and I
jb-openssl> > noticed the
jb-openssl> > kim.grasman> Windows build system now produces decorated lib 
names.
jb-openssl> >
jb-openssl> > For DLLs, yes.
jb-openssl> >
jb-openssl> > kim.grasman> The general pattern seems to be
jb-openssl> > lib_[-].lib where
jb-openssl> > kim.grasman>  is only appended for 64-bit builds.
jb-openssl> >
jb-openssl> > Are you sure?  Looking at my builds, I find libcrypto-1_1.dll and
jb-openssl> > libssl-1_1.dll with the import libraries libcrypto.lib and
jb-openssl> > libssl.lib.
jb-openssl> On 64 bit too? (see OP).

Yup.  The decoration is only supposed to happen on the DLL names.
That's exactly what the following lines in the top build.info does:

 SHARED_NAME[libcrypto]=libcrypto-{- 
$config{shlib_major}."_".$config{shlib_minor} -}{- $target{multilib} -}
 SHARED_NAME[libssl]=libssl-{- $config{shlib_major}."_".$config{shlib_minor} 
-}{- $target{multilib} -}

For the import libs, the static names (the 'index' of SHARED_NAME) are
used.

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Customize Windows library names

2016-09-15 Thread Jakob Bohm


On 16/09/2016 00:08, Richard Levitte wrote:

In message  on 
Thu, 15 Sep 2016 12:17:12 +0200, Kim Gräsman  said:

kim.grasman> I'm looking at integrating OpenSSL 1.1 in our tree, and I noticed 
the
kim.grasman> Windows build system now produces decorated lib names.

For DLLs, yes.

kim.grasman> The general pattern seems to be lib_[-].lib where
kim.grasman>  is only appended for 64-bit builds.

Are you sure?  Looking at my builds, I find libcrypto-1_1.dll and
libssl-1_1.dll with the import libraries libcrypto.lib and
libssl.lib.

On 64 bit too? (see OP).



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Customize Windows library names

2016-09-15 Thread Richard Levitte

In message  
on Thu, 15 Sep 2016 12:17:12 +0200, Kim Gräsman  said:

kim.grasman> I'm looking at integrating OpenSSL 1.1 in our tree, and I noticed 
the
kim.grasman> Windows build system now produces decorated lib names.

For DLLs, yes.

kim.grasman> The general pattern seems to be lib_[-].lib where
kim.grasman>  is only appended for 64-bit builds.

Are you sure?  Looking at my builds, I find libcrypto-1_1.dll and
libssl-1_1.dll with the import libraries libcrypto.lib and
libssl.lib.

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CVE-2016-2180

2016-09-15 Thread Matt Caswell



On 15/09/16 11:44, sivagopiraju wrote:
> I can't upgrade at this stage for my product, So can you give me the fix if
> you have.

The fix for the 1.0.1 version is here:

https://github.com/openssl/openssl/commit/6adf409c7432b90c06d9890787fe56c48f2a16e7

As Rich said 1.0.0 is not supported so the fix has not been backported
to that version.

Matt

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Openssl-1.0.1e RSA 8k is getting fail for client authentication while doing Normal Handshake

2016-09-15 Thread Gupta, Saurabh

Commands Used:
x86_server:
openssl s_server -cert sercert8192.pem -key serverkey8192 -Verify CAcert.pem

x86_client:
openssl s_client -cert clientcert8192.pem -key clientkey8192 -connect 
: -cipher AES128-SHA -

Error log:
x86( Server):
verify error:unable to verify the first certificate

x86 (Client):
 140631662409384:error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert 
illegal parameter:s3_pkt.c:1256:SSL alert number 47
140631662409384:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake 
failure:s3_pkt.c:596:


Do we need to enable any flag to access 8k support?
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Seeking consultant

2016-09-15 Thread Chad Phillips

Wondering if anyone can recommend a consultant.

I'm having a very specific problem with a lower-level WebRTC  library that
I'm unable to fix myself. I have plenty of debugging information, and am
pretty sure it's due to an improperly handled DTLS handshake failure.

Ideally, it would be someone who can do a one-off contract, and have the
work complete within a week.

Chad
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SSL_read, SSL_write error handling

2016-09-15 Thread Viktor Dukhovni

On Thu, Sep 15, 2016 at 07:18:52AM +0200, Alex Hultman wrote:

> io_callback(events) {
> if (messages_to_send && (events & OS_WRITABLE)) {
> SSL_write(.);
> if (error) {
> if (error_is_want_read) {
> system_poll &= OS_READABLE;
> } else if (error_is_want_write) {
> system_poll &= OS_WRITABLE;
> }

For what it's worth, you probably meant "|=" not "&=".

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Customize Windows library names

2016-09-15 Thread Kim Gräsman

Hi Thomas,

On Thu, Sep 15, 2016 at 4:26 PM, Thomas J. Hruska
 wrote:
>
> The precompiled binary installer variants do this already.  If you are using
> default builds, then that's possibly an option.

We prefer to build from source to allow static and dynamic code
analysis, for example.

But do you have a link to these precompiled binary installers? Do you
know how they accomplish plain names?

Thanks,
- Kim
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Customize Windows library names

2016-09-15 Thread Thomas J. Hruska


On 9/15/2016 3:17 AM, Kim Gräsman wrote:

Hi all,

I'm looking at integrating OpenSSL 1.1 in our tree, and I noticed the
Windows build system now produces decorated lib names.

The general pattern seems to be lib_[-].lib where
 is only appended for 64-bit builds.

We'd prefer a naked lib name, at least for import libs (the DLL names
are not important to us, as long as the import lib binds to the right
name).

Is there a supported way of dumbing down the names of libcrypto and
libssl? I can resort to a private patch, but it'd be nice if Configure
could be convinced to keep it simple out of the box.

Thanks,
- Kim


The precompiled binary installer variants do this already.  If you are 
using default builds, then that's possibly an option.


--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CVE-2016-2180

2016-09-15 Thread sivagopiraju

I can't upgrade at this stage for my product, So can you give me the fix if
you have.




--
View this message in context: 
http://openssl.6102.n7.nabble.com/CVE-2016-2180-tp67815p68371.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl crl fails to parse a CRL file, which seems correct

2016-09-15 Thread Erwann Abalea

That’s a bug in the Issuer name length check.
Use the 1.1.0 version.

Cordialement,
Erwann Abalea

> Le 14 sept. 2016 à 14:31, Wouter Verhelst  a écrit 
> :
> 
> Hi,
> 
> (this is a resend because my MUA crashed while I tried to send this mail 
> earlier. If you get it twice, my apologies)
> 
> When I try to parse some of the CRLs at , I 
> sometimes get this error:
> 
> wouter@gangtai:~$ openssl version
> OpenSSL 1.0.2h  3 May 2016
> wouter@gangtai:~$ openssl crl -in eidc201203.crl -inform der -noout -text
> unable to load CRL
> 140694432685592:error:0D09E09B:asn1 encoding routines:X509_NAME_EX_D2I:too 
> long:x_name.c:203:
> 140694432685592:error:0D08303A:asn1 encoding 
> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 
> error:tasn_dec.c:697:Field=issuer, Type=X509_CRL_INFO
> 140694432685592:error:0D08303A:asn1 encoding 
> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=crl, 
> Type=X509_CRL
> 
> This isn't the case for all of the CRLs, just for some of them; e.g., 
> everything works fine for eidc201503.crl
> 
> However, if I try the same on another machine nearby, which has a much older 
> version of OpenSSL, then things seem to work fine:
> 
> eidmac:~ buildslave$ openssl version
> OpenSSL 0.9.8zh 14 Jan 2016
> eidmac:~ buildslave$ openssl crl -in eidc201203.crl -inform der -noout -text 
> | head
> Certificate Revocation List (CRL):
> Version 2 (0x1)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: /C=BE/CN=Citizen CA/serialNumber=201203
> Last Update: Sep 14 10:22:50 2016 GMT
> Next Update: Sep 21 10:22:50 2016 GMT
> CRL extensions:
> X509v3 Authority Key Identifier:
> keyid:7A:5F:3A:FF:2D:46:91:90:53:3F:BB:91:2D:29:82:ED:BB:78:6A:E0
> 
> This machine is a mac running OSX 10.11, the OpenSSL is the default as 
> shipped with that OS; the other is my personal laptop, which runs Debian 
> unstable (and the openssl is again the default). I've reproduced the same 
> issue on Debian stable, haven't tried much else yet.
> 
> I've been trying to figure out why my OpenSSL fails to parse the CRL, whereas 
> others do not,. Any hints would be greatly appreciated.
> 
> Thanks,
> 
> -- 
> Wouter Verhelst
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Customize Windows library names

2016-09-15 Thread Kim Gräsman

Hi all,

I'm looking at integrating OpenSSL 1.1 in our tree, and I noticed the
Windows build system now produces decorated lib names.

The general pattern seems to be lib_[-].lib where
 is only appended for 64-bit builds.

We'd prefer a naked lib name, at least for import libs (the DLL names
are not important to us, as long as the import lib binds to the right
name).

Is there a supported way of dumbing down the names of libcrypto and
libssl? I can resort to a private patch, but it'd be nice if Configure
could be convinced to keep it simple out of the box.

Thanks,
- Kim
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Customize Windows library names

Re: [openssl-users] CVE-2016-2180

Re: [openssl-users] Customize Windows library names

Re: [openssl-users] Customize Windows library names

Re: [openssl-users] Customize Windows library names

Re: [openssl-users] CVE-2016-2180

[openssl-users] Openssl-1.0.1e RSA 8k is getting fail for client authentication while doing Normal Handshake

[openssl-users] Seeking consultant

Re: [openssl-users] SSL_read, SSL_write error handling

Re: [openssl-users] Customize Windows library names

Re: [openssl-users] Customize Windows library names

Re: [openssl-users] CVE-2016-2180

Re: [openssl-users] openssl crl fails to parse a CRL file, which seems correct

[openssl-users] Customize Windows library names

14 matches

Site Navigation

Mail list logo

Footer information