Re: Need help on OpenSSL windows build errors
On 17/10/2022 13:10, Ashok Kumar Sarode via openssl-users wrote: NOTE: I have re-named file openssl\*configuration.h.in* to openssl\*configuration.h* Likewise i re-named err.h, ssl.h, opensslv.h, crypto.h Don't do that. That is almost certainly the cause of these errors. The ".h.in" files are *not* header files ready for use. They are templates from which we generate the real header files. You need to build OpenSSL first before you can use the headers. Refer to the INSTALL.md file for instructions. Alternatively you can just download a pre built version from a third party distributor. See: https://wiki.openssl.org/index.php/Binaries Matt
Need help on OpenSSL windows build errors
Hello OpenSSL users, I need help on following errors which I am getting from myWindows machine building on Visual Studio 2019, Version 16.11.17. Build started...1>-- Build started: Project: executeHelloWorld, Configuration: Debug Win32 --1>VerifyJWTSignUsingRSA.cpp1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(28,1): error C2447: '{': missing function header (old-style formal list?)1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(29,5): error C2018: unknown character '0x40'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(30,16): error C2018: unknown character '0x40'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(36,14): error C2018: unknown character '0x40'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(40,9): error C2018: unknown character '0x40'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(41,16): error C2018: unknown character '0x40'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(51,1): error C2447: '{': missing function header (old-style formal list?)1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(57,1): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(57,4): error C2065: '$config': undeclared identifier1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(57,12): error C2065: 'bn_ll': undeclared identifier1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(57,47): error C2059: syntax error: '}'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(57,47): error C2143: syntax error: missing ';' before '}'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(59,1): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(59,4): error C2065: '$config': undeclared identifier1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(59,12): error C2065: 'b64l': undeclared identifier1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(59,46): error C2059: syntax error: '}'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(59,46): error C2143: syntax error: missing ';' before '}'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(60,1): error C2143: syntax error: missing ';' before '{'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(60,1): error C2447: '{': missing function header (old-style formal list?)1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(61,1): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(61,4): error C2065: '$config': undeclared identifier1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(61,12): error C2065: 'b32': undeclared identifier1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(61,46): error C2059: syntax error: '}'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(61,46): error C2143: syntax error: missing ';' before '}'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(67,1): error C2143: syntax error: missing ';' before '}'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\configuration.h(67,1): error C2059: syntax error: '}'1>C:\Users\myDir\WindowsUtils\executeHelloWorld\openssl-master\include\openssl\macros.h(138,6): fatal error C1017: invalid integer constant expression1>Done building project "executeHelloWorld.vcxproj" -- FAILED.== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped == NOTE: I have re-named file openssl\configuration.h.in to openssl\configuration.hLikewise i re-named err.h, ssl.h, opensslv.h, crypto.h I downloaded OpenSLL source from GitHub - openssl/openssl: TLS/SSL and crypto library Regards, S.Ashok Kumar
Re: OpenSSL 3.0 password prompt errors
Tested on a separate machine (Ubuntu Jammy Jellyfish) that comes with OpenSSL 3.x installed and things worked as expected. Probably something was screwed with my own build or the machine that has several OpenSSL versions. Thanks for the help, and sorry for the inconvenience. Cheers, Jose On Tue, 30 Nov 2021 at 15:09, Matt Caswell wrote: > > > On 30/11/2021 13:16, pepone.onrez wrote: > > Getting some problems with OpenSSL 3.0, I have passwordError function, > > to check if the last error was due to an invalid password and allow the > > user to retry. > > > > > > bool > > passwordError() > > { > > unsigned long error = ERR_peek_error(); > > unsigned long lib = ERR_GET_LIB(error); > > unsigned long reason = ERR_GET_REASON(error); > > cerr << "error: " << error << endl; > > cerr << "lib: " << lib << endl; > > cerr << "reason: " << reason << endl; > > ERR_print_errors_fp(stdout); > > return (reason == PEM_R_BAD_BASE64_DECODE || > > reason == PEM_R_BAD_DECRYPT || > > reason == PEM_R_BAD_PASSWORD_READ || > > reason == PEM_R_PROBLEMS_GETTING_PASSWORD || > > reason == PKCS12_R_MAC_VERIFY_FAILURE); > > } > > > > When I test with an invalid password I get > > > > error: 587686001 > > lib: 70 > > reason: 483441 > > error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure > > That is really screwy output. Something is getting corrupted somewhere. > "70" is not a valid error library and a reason code of 483441 is clearly > wrong (reason codes are typically fairly small). Error 587686001 does > correspond to the hex value 23076071 - but this is not an error value I > would expect to see OpenSSL emitting. > > Could there be memory corruption occurring?? Perhaps run this through > valgrind or similar and see if there are any hints. > > Matt > > > > > > > > > the description seems to match PKCS12_R_MAC_VERIFY_FAILURE but the > > reason value doesn't > > > > include/openssl/pkcs12err.h > > 39:# define PKCS12_R_MAC_VERIFY_FAILURE 113 > > > > Any ideas what I might be doing wrong here? this worked fine with 1.1.1 > > before > > > > Cheers, > > Jose >
Re: OpenSSL 3.0 password prompt errors
On 30/11/2021 13:16, pepone.onrez wrote: Getting some problems with OpenSSL 3.0, I have passwordError function, to check if the last error was due to an invalid password and allow the user to retry. bool passwordError() { unsigned long error = ERR_peek_error(); unsigned long lib = ERR_GET_LIB(error); unsigned long reason = ERR_GET_REASON(error); cerr << "error: " << error << endl; cerr << "lib: " << lib << endl; cerr << "reason: " << reason << endl; ERR_print_errors_fp(stdout); return (reason == PEM_R_BAD_BASE64_DECODE || reason == PEM_R_BAD_DECRYPT || reason == PEM_R_BAD_PASSWORD_READ || reason == PEM_R_PROBLEMS_GETTING_PASSWORD || reason == PKCS12_R_MAC_VERIFY_FAILURE); } When I test with an invalid password I get error: 587686001 lib: 70 reason: 483441 error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure That is really screwy output. Something is getting corrupted somewhere. "70" is not a valid error library and a reason code of 483441 is clearly wrong (reason codes are typically fairly small). Error 587686001 does correspond to the hex value 23076071 - but this is not an error value I would expect to see OpenSSL emitting. Could there be memory corruption occurring?? Perhaps run this through valgrind or similar and see if there are any hints. Matt the description seems to match PKCS12_R_MAC_VERIFY_FAILURE but the reason value doesn't include/openssl/pkcs12err.h 39:# define PKCS12_R_MAC_VERIFY_FAILURE 113 Any ideas what I might be doing wrong here? this worked fine with 1.1.1 before Cheers, Jose
OpenSSL 3.0 password prompt errors
Getting some problems with OpenSSL 3.0, I have passwordError function, to check if the last error was due to an invalid password and allow the user to retry. bool passwordError() { unsigned long error = ERR_peek_error(); unsigned long lib = ERR_GET_LIB(error); unsigned long reason = ERR_GET_REASON(error); cerr << "error: " << error << endl; cerr << "lib: " << lib << endl; cerr << "reason: " << reason << endl; ERR_print_errors_fp(stdout); return (reason == PEM_R_BAD_BASE64_DECODE || reason == PEM_R_BAD_DECRYPT || reason == PEM_R_BAD_PASSWORD_READ || reason == PEM_R_PROBLEMS_GETTING_PASSWORD || reason == PKCS12_R_MAC_VERIFY_FAILURE); } When I test with an invalid password I get error: 587686001 lib: 70 reason: 483441 error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure the description seems to match PKCS12_R_MAC_VERIFY_FAILURE but the reason value doesn't include/openssl/pkcs12err.h 39:# define PKCS12_R_MAC_VERIFY_FAILURE 113 Any ideas what I might be doing wrong here? this worked fine with 1.1.1 before Cheers, Jose
Re: Establishing connection errors
To clarify, I will probably just use the API you suggested to make it more simple. Was distracted by my obvious oversight. From: openssl-users on behalf of Jason Schultz Sent: Friday, November 5, 2021 1:59 PM To: Tomas Mraz ; openssl-users@openssl.org Subject: Re: Establishing connection errors Sorry, accidentally skipped that part, which was sort of important. I think I can use the same fix because the part I skipped is the problem: X509 *cert; cert = PEM_read_X509(fp, NULL, 0, NULL); status = X509_STORE_add_cert(trusted_store,cert); So, I need to this sequence: X509 *empty_X509; empty_X509 = X509_new_ex(non_fips_libctx, NULL); mycert = PEM_read_X509(fp, _X509, 0, NULL); To set things up correct, with the appropriate library context. My apologies, thanks for pointing out my small brain. This could lead to some tricky changes as currently I set up the trust store before I know if the user wants FIPS or not. I may just set up two stores, or I need to change the order of how I do things. Thanks, Jason From: Tomas Mraz Sent: Friday, November 5, 2021 1:52 PM To: Jason Schultz ; openssl-users@openssl.org Subject: Re: Establishing connection errors On Fri, 2021-11-05 at 13:48 +, Jason Schultz wrote: > For setting up the trusted store, when the application starts, it > calls: > > ssl_trusted_certs = X509_STORE_new() > > ...and then reads all of the certificates in /etc/ssl/certs/ calling > X509_STORE_add_cert(trusted_store,cert); > > ..for each one. How do you read the certs? They need to be loaded with the appropriate libctx. Or you can use for example X509_STORE_load_file_ex() function to load a file directly with an libctx. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
Re: Establishing connection errors
Sorry, accidentally skipped that part, which was sort of important. I think I can use the same fix because the part I skipped is the problem: X509 *cert; cert = PEM_read_X509(fp, NULL, 0, NULL); status = X509_STORE_add_cert(trusted_store,cert); So, I need to this sequence: X509 *empty_X509; empty_X509 = X509_new_ex(non_fips_libctx, NULL); mycert = PEM_read_X509(fp, _X509, 0, NULL); To set things up correct, with the appropriate library context. My apologies, thanks for pointing out my small brain. This could lead to some tricky changes as currently I set up the trust store before I know if the user wants FIPS or not. I may just set up two stores, or I need to change the order of how I do things. Thanks, Jason From: Tomas Mraz Sent: Friday, November 5, 2021 1:52 PM To: Jason Schultz ; openssl-users@openssl.org Subject: Re: Establishing connection errors On Fri, 2021-11-05 at 13:48 +, Jason Schultz wrote: > For setting up the trusted store, when the application starts, it > calls: > > ssl_trusted_certs = X509_STORE_new() > > ...and then reads all of the certificates in /etc/ssl/certs/ calling > X509_STORE_add_cert(trusted_store,cert); > > ..for each one. How do you read the certs? They need to be loaded with the appropriate libctx. Or you can use for example X509_STORE_load_file_ex() function to load a file directly with an libctx. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
Re: Establishing connection errors
On Fri, 2021-11-05 at 13:48 +, Jason Schultz wrote: > For setting up the trusted store, when the application starts, it > calls: > > ssl_trusted_certs = X509_STORE_new() > > ...and then reads all of the certificates in /etc/ssl/certs/ calling > X509_STORE_add_cert(trusted_store,cert); > > ..for each one. How do you read the certs? They need to be loaded with the appropriate libctx. Or you can use for example X509_STORE_load_file_ex() function to load a file directly with an libctx. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
Re: Establishing connection errors
Setup of the non_fips_libctx (after help from this list a week or two ago): non_fips_libctx = OSSL_LIB_CTX_new(); defp = OSSL_PROVIDER_load(non_fips_libctx, "default"); I also call OSSL_PROVIDER_available(non_fips_libctx, "default") ...to verify this worked. I only load the default provider in the non-FIPS non-default library context. In case you need this info, for the fips library context, I call: OSSL_LIB_CTX_load_config(fips_libctx, "/usr/local/ssl/openssl-fips.cnf") With the following relevant info in openssl-fips-cnf: .include /usr/local/ssl/fipsmodule.cnf [openssl_init] providers = provider_sect # List of providers to load [provider_sect] default = default_sect # The fips section name should match the section name inside the # included fipsmodule.cnf. fips = fips_sect base = base_sect # If no providers are activated explicitly, the default one is activated implicitly. # See man 7 OSSL_PROVIDER-default for more details. # # If you add a section explicitly activating any other provider(s), you most # probably need to explicitly activate the default provider, otherwise it # becomes unavailable in openssl. As a consequence applications depending on # OpenSSL may not work correctly which could lead to significant system # problems including inability to remotely access the system. [default_sect] # activate = 1 [base_sect] activate = 1 And in fipsmodule.cnf: [fips_sect] activate = 1 conditional-errors = 1 security-checks = 1 module-mac = E4:0D:C8:C3:1E:DB:2B:30:E6:F2:49:7B:F5:BD:10:5C:9A:2B:CC:C1:33:49:31:B5:C5:AF:50:AB:82:1E:AE:C9 Also verifying this worked with the following: OSSL_PROVIDER_available(fips_libctx, "base") OSSL_PROVIDER_available(fips_libctx, "fips") For setting up the trusted store, when the application starts, it calls: ssl_trusted_certs = X509_STORE_new() ...and then reads all of the certificates in /etc/ssl/certs/ calling X509_STORE_add_cert(trusted_store,cert); ..for each one. Then, I make the following calls to set up intermediate certs in the trust store to be treated as trust-anchors: param = X509_VERIFY_PARAM_new(); X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN); X509_STORE_set1_param(ssl_trusted_certs, param); X509_VERIFY_PARAM_free(param); Then I set the store for verifying peer certs to this "global" store I created above: status = SSL_CTX_set1_verify_cert_store(ctx,ssl_trusted_certs); For the sake of completeness, I also call: status = SSL_CTX_set1_chain_cert_store(ctx, ssl_trusted_certs); ...to ensure OpenSSL has access to the entire store for forming a certificate chain to present to the peer in a handshake. My application can act as a client and/or a server, and in this case, it's acting as both the client and the server, with the same SSL_CTX. Also, this code has always worked with OpenSSL 1.1.1, which is why I was suspicious of either my library context/provider setup, or 3.0. Let me know if you need more info. Thanks, Jason From: Tomas Mraz Sent: Friday, November 5, 2021 1:19 PM To: Jason Schultz ; openssl-users@openssl.org Subject: Re: Establishing connection errors On Fri, 2021-11-05 at 13:04 +, Jason Schultz wrote: > I know I've been raising a lot of issues this week, because of > varying reasons, but I've hit another one that seems like either an > OpenSSL problem, or something new/different I need to do with OpenSSL > 3.0 in connection establishment. > > To recap, I'm using two non-default library contexts, one for FIPS, > one for non-FIPS. There is an open issue in github regarding the call > to SSL_CTX_build_cert_chain(), but since the purpose of that call is > to have the server not include the root certificate when sending the > chain, I have left that out of my code for now, in order to continue > testing. It shouldn't affect what I'm trying to do. > > As far as connection set up, based on whether or not the user wants > FIPS (not using FIPS for this test), I call: > > ctx = SSL_CTX_new_ex(non_fips_libctx, NULL, TLS_method()); > > ...to set up my SSL_CTX. My understanding is that all SSL objects, > etc., created based on that SSL_CTX will use the appropriate library > context/providers. So beyond the providers and library context setup > and using SSL_CTX_new_ex(), I haven't changed any code to establish > TLS connections. I've tried to establish connections using both RSA > and ECDSA certificates/keys, self-signed, or a server cert that's > part of a chain. I'm just establishing a connection to myself, not > between two systems, just to try to get something working. I'll post > all of the handshake messages at the end of this message, but here > are the error messages I get when the client side receives the server > certificate (in this case it's a self signed RSA cer
Re: Establishing connection errors
On Fri, 2021-11-05 at 13:04 +, Jason Schultz wrote: > I know I've been raising a lot of issues this week, because of > varying reasons, but I've hit another one that seems like either an > OpenSSL problem, or something new/different I need to do with OpenSSL > 3.0 in connection establishment. > > To recap, I'm using two non-default library contexts, one for FIPS, > one for non-FIPS. There is an open issue in github regarding the call > to SSL_CTX_build_cert_chain(), but since the purpose of that call is > to have the server not include the root certificate when sending the > chain, I have left that out of my code for now, in order to continue > testing. It shouldn't affect what I'm trying to do. > > As far as connection set up, based on whether or not the user wants > FIPS (not using FIPS for this test), I call: > > ctx = SSL_CTX_new_ex(non_fips_libctx, NULL, TLS_method()); > > ...to set up my SSL_CTX. My understanding is that all SSL objects, > etc., created based on that SSL_CTX will use the appropriate library > context/providers. So beyond the providers and library context setup > and using SSL_CTX_new_ex(), I haven't changed any code to establish > TLS connections. I've tried to establish connections using both RSA > and ECDSA certificates/keys, self-signed, or a server cert that's > part of a chain. I'm just establishing a connection to myself, not > between two systems, just to try to get something working. I'll post > all of the handshake messages at the end of this message, but here > are the error messages I get when the client side receives the server > certificate (in this case it's a self signed RSA certificate): How do you set up the non_fips_libctx and how do you set up any certificate trust store within the SSL_CTX? -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
Establishing connection errors
I know I've been raising a lot of issues this week, because of varying reasons, but I've hit another one that seems like either an OpenSSL problem, or something new/different I need to do with OpenSSL 3.0 in connection establishment. To recap, I'm using two non-default library contexts, one for FIPS, one for non-FIPS. There is an open issue in github regarding the call to SSL_CTX_build_cert_chain(), but since the purpose of that call is to have the server not include the root certificate when sending the chain, I have left that out of my code for now, in order to continue testing. It shouldn't affect what I'm trying to do. As far as connection set up, based on whether or not the user wants FIPS (not using FIPS for this test), I call: ctx = SSL_CTX_new_ex(non_fips_libctx, NULL, TLS_method()); ...to set up my SSL_CTX. My understanding is that all SSL objects, etc., created based on that SSL_CTX will use the appropriate library context/providers. So beyond the providers and library context setup and using SSL_CTX_new_ex(), I haven't changed any code to establish TLS connections. I've tried to establish connections using both RSA and ECDSA certificates/keys, self-signed, or a server cert that's part of a chain. I'm just establishing a connection to myself, not between two systems, just to try to get something working. I'll post all of the handshake messages at the end of this message, but here are the error messages I get when the client side receives the server certificate (in this case it's a self signed RSA certificate): 211105074132.795:info_cb:SSL_connect error in SSLv3/TLS read server certificate 211105074132.795:SSL_process_hs: SSL_ERROR_SSL on SSL_do_handshake Socket: 20 SSL flag: 2 HS role: 0 211105074132.795:SSL_process_hs: SSL_ERROR_SSL ERR_get_error error string: error:0308010C:digital envelope routines::unsupported 211105074132.795:SSL_process_hs: SSL_ERROR_SSL ERR_get_error error string: error:0372:digital envelope routines::decode error 211105074132.795:SSL_process_hs: SSL_ERROR_SSL ERR_get_error error string: error:0372:digital envelope routines::decode error 211105074132.795:SSL_process_hs: SSL_ERROR_SSL ERR_get_error error string: error:0372:digital envelope routines::decode error 211105074132.795:SSL_process_hs: SSL_ERROR_SSL ERR_get_error error string: error:0372:digital envelope routines::decode error 211105074132.795:SSL_process_hs: SSL_ERROR_SSL ERR_get_error error string: error:0580006C:x509 certificate routines::unable to get certs public key Some of those errors are pretty generic, but when searching the 3.0 source for the "unable to get certs public key" error, some familiar functions pop up, for example, here: int X509_self_signed(X509 *cert, int verify_signature) { EVP_PKEY *pkey; if ((pkey = X509_get0_pubkey(cert)) == NULL) { /* handles cert == NULL */ ERR_raise(ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); return -1; } if (!ossl_x509v3_cache_extensions(cert)) return -1; if ((cert->ex_flags & EXFLAG_SS) == 0) return 0; if (!verify_signature) return 1; return X509_verify(cert, pkey); } and here: /* Copy any missing public key parameters up the chain towards pkey */ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) { EVP_PKEY *ktmp = NULL, *ktmp2; int i, j; if (pkey != NULL && !EVP_PKEY_missing_parameters(pkey)) return 1; for (i = 0; i < sk_X509_num(chain); i++) { ktmp = X509_get0_pubkey(sk_X509_value(chain, i)); if (ktmp == NULL) { ERR_raise(ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); return 0; } if (!EVP_PKEY_missing_parameters(ktmp)) break; ktmp = NULL; } >From issue #16966, we know the X509_get_pubkey() call can have issues with >library contexts. I don't know the internals of OpenSSL enough to know if this >is a similar issue. I can open an Issue in github if Matt, Tomas, or others think it's appropriate. Thanks, Jason PS: Here is the full handshake capture (there are a few logs from my application mixed in): 211105074132.786:info_cb:0x89c330 SSL_accept:before SSL initialization 211105074132.786:SSLEvent(4): Matching session table found for port/addr 2110/10.61.152.77 211105074132.786:info_cb:SSL_accept error in before SSL initialization 211105074132.786:SSL_process_hs: SSL_ERROR_WANT_READ on SSL_do_handshake Socket: 21 SSL flag: 1 HS role: 1 Socket should be put back on read list to be polled again 211105074132.786:AllocateTcpRecvBuffers(4):call InsertWaitObject() for socket 20 returned: 0 211105074132.786:info_cb:0x8ae0b0 SSL_connect:before SSL initialization 211105074132.787:msg_cb:0x8ae0b0 >>> TLS 1.0 [length 0005] 211105074132.787:16 03 01 00 d8 211105074132.787:msg_cb:0x8ae0b0 >>> TLS 1.3 Handshake [length 00d8], Clie
RE: problems with too many ssl_read and ssl_write errors
Please reply to the list rather than to me directly. > From: Kamala Ayyar > Sent: Thursday, 26 August, 2021 08:57 > We call the WSAGetLastError immediately after SSL_ERROR_SYSCALL and we get > the > WSAETIMEDOUT OK. This wasn't entirely clear to me from your previous message. So you are getting a network-stack timeout on a sockets operation; this isn't a TLS protocol issue or anything else at a level above the network stack. > We also call the ERR_print_errors(bio); but it displays a blank line. We call > ERR_clear_error() before the SSL_read as mentioned in the manual. I'm not sure why that might be happening. It may be that OpenSSL doesn't log any error messages in this case; I'd have to look at the OpenSSL source code to figure that out. > The ERR_print_errors() does not print anything- Is the error getting cleared > because we called the WSAGetLastError() ? That shouldn't affect the OpenSSL error list. > Is there an order in which the Windows WSAGetLastError() should be called > before > SSL_get_error()? I don't believe so. They should be independent. The OpenSSL error list is maintained by OpenSSL; WSAGetLastError retrieves the Winsock error code. The two don't share data. > We will try changing some of the timeouts on either side and try. Make sure that's stack timeouts you're changing: calls to setsockopt, or Registry settings if you're not overriding them on your sockets. Application-level timeouts aren't the issue here. You may need to involve a network administrator to look at network interface statistics, check wire traces to see if receive windows are closed, and look for interference from middleboxes such as routers and firewall appliances or from application firewalls, IDSes, and so on. These sorts of issues are not uncommon when there are load balancers, traffic-inspecting firewalls, or the like interfering with network traffic. -- Michael Wojcik
RE: problems with too many ssl_read and ssl_write errors
> From: Kamala Ayyar > Sent: Monday, 23 August, 2021 09:22 > We get the SSL_ERROR_SYSCALL from SSL_Read and SSL_Write quite often. You'll get SSL_ERROR_SYSCALL any time OpenSSL makes a system call (including, on Windows, a Winsock call) and gets an error. > It seems the handshake is done correctly and over a period of time (few hours > to 2-3 days random) the SSL_Read /SSL_Write fails. We do not get the > WSAEWOULDBLOCK error code What is the underlying error, then? Are you logging the result of WSAGetLastError immediately after you get SSL_ERROR_SYSCALL? What about the SSL error stack (with ERR_print_errors_fp or similar)? > nor the OpenSSL's version of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE > error. SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE are not related to WSAEWOULDBLOCK, so I'm not sure why you're mentioning them here. > We get WSAETIMEDOUT on Receive more often and a few times on the Send. That's typically the case; generally speaking, a timeout is more likely when receiving (where you are at the mercy of the peer sending data) than when sending (where you simply need the peer to open the receive window and then ACK the sent data, both of which are often possible even if the application is not behaving, depending on the amount of data and other variables). > We are not using SO_KEEPALIVE but using application specific heartbeat TO to > keep the socket alive. That could certainly cause send or receive timeouts on the socket if the peer becomes unresponsive. The same is true of any application-data transmission, of course. > Based on blogs and googling we have seen that OpenSSL quite often issues a > SSL_ERROR_SYSCALL when a Timeout is encountered Yes, that's what it should do, if "when a timeout is encountered" means "a socket-API function returns an error due to a timeout". SSL_ERROR_SYSCALL means exactly that: a system call returned an error. I suspect one of the following: - A client application is hanging (or blocking for some other reason), and consequently: - Not sending data, so the server's not receiving data until it times out, or - Not receiving data that the server is sending; that will cause its receive window to fill, and eventually the server's send will time out. - Network issues are transiently preventing data and/or ACK reception by one side or the other. That will also eventually lead to timeouts. -- Michael Wojcik
Re: problems with too many ssl_read and ssl_write errors
For the below symptoms, I would recommend a watching the application port with WireShark. This should show any the TLS protocol deviations and any problems in handling and establishing the TCP connections. On 2021-08-19 00:38, David Bowers via openssl-users wrote: * We have a server that has around 2025 clients connected at any instant. * Our application creates a Server /Listener socket that then is converted into a Secure socket using OpenSSL library. This is compiled and built in a Windows x64 environment. We also built the OpenSSL for the Windows. The Listener socket is created with a default backlog of 500. The Accept socket is non-blocking socket and waits for connections * Every Client makes a regular blocking connection to the Server. The Server accepts the connection after which the Client socket is converted to a secure socket using the OpenSSL Library. * The connections are coming at a rate of about 10 connections /second ? Not sure about this number. * We are able to connect to all the clients in a few minutes and it stays like that for some time. There constant exchange of messages between Server(COS) and clients without issues. * The application logic is to keep trying to connect every timeout. * After maybe a few hours/days we see the clients dropping connections. The logs indicate the SSL_Read or SSL_Write on the Server fails for a client with SSL_Error number 5 (SSL_ERROR_SYSCALL) and the equivalent Windows error of WSATimeOut. We then observe the WSAECONNRESET as the Client closed connection. We see this behavior for multiple sites. * The number of Clients disconnected starts increasing and we see the logs in the Client where the server refuses any more connections form Clients (10061- WSAECONNREFUSED) There is nothing to indicate this state in the server logs. Our theory is the backlog is filled and Server refusing further connections. * We are trying to find why we get the SSL_Read/SSL_Write Error as it a Blocking socket. We cannot use to a non-blocking socket due to platform and application limitation Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
Re: problems with too many ssl_read and ssl_write errors
socket due to platform and > application > > limitation > > You said you're specifically getting SSL_ERROR_SYSCALL from SSL_read and > SSL_write. That has nothing to do with whether the socket is in blocking > mode -- system calls on blocking sockets can certainly return errors. I > don't understand this question. > > There are any number of reasons why the server's ability to handle this > load might be compromised. Network congestion, bufferbloat, load on the CPU > or NIC (particularly if TCP offload is enabled to the NIC), contention for > DMA, other application I/O, Years ago, I had one customer who had > similar problems which turned out to be due to intermittent failures in a > bad DRAM module in the server. Distributed computing is inherently fragile. > > But in my experience, this sort of problem is most often due to one or > more of: > > - Application-logic errors or design issues. Are you multiplexing all > these blocking sockets, or running a thread per conversation, or something > else? > > - Middlebox problems. Routers, load balancers, firewall appliances, and so > forth frequently cause issues. > > - Application firewalls and other "anti-malware" software (much of which > is rubbish) running on the server. > > WSAETIMEDOUT on a send operation, assuming OpenSSL didn't need to do a > receive under the covers for TLS-protocol reasons, could mean that a client > app isn't doing its receives and consequently its receive window has > filled; or it could mean that something is interfering with the delivery of > network traffic in one direction or the other. > > WSAETIMEDOUT on a receive, though, again assuming OpenSSL didn't need to > send under the covers, implies that something set a receive timeout on the > socket, or that a keepalive wasn't responded to in the required time. Are > you setting a receive timeout (typically with SO_RCVTIMEO)? Are you setting > SO_KEEPALIVE? What about SO_KEEPALIVE_VALS? If you're not setting > SO_KEEPALIVE_VALS, what are KeepAliveTime and KeepAliveInterval set to in > the Registry? (See the MSDN docs for SO_KEEPALIVE.) > > Has the system administrator analyzed the Windows event logs and the > network statistics? Has anyone looked at network traces when the problem is > occurring? > > -- > Michael Wojcik >
RE: problems with too many ssl_read and ssl_write errors
> From: openssl-users On Behalf Of David > Bowers via openssl-users > Sent: Wednesday, 18 August, 2021 16:38 I don't think this is OpenSSL-related, but at this point it's not clear what the issue is. > . After maybe a few hours/days we see the clients dropping connections. The > logs > indicate the SSL_Read or SSL_Write on the Server fails for a client with > SSL_Error > number 5 (SSL_ERROR_SYSCALL) and the equivalent Windows error of WSATimeOut. > We > then observe the WSAECONNRESET as the Client closed connection. We see this > behavior for multiple sites. I assume this is a Server-edition version of Windows and you're not trying to support that kind of connection load on a desktop edition. What's set in the Registry under HKLM\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters? In particular I'd be suspicious of SynAttackProtect and NetworkThrottlingIndex (which shouldn't be set on Server, but you never know). Many online references will suggest altering settings that affect the ephemeral-port space, such as TcpTimedWaitDelay, but those are irrelevant on the server side (since the connection tuples will use the server port, not an ephemeral port, for the server side). Many of the settings under the TCPIP/Performance key are undocumented. This page describes a number of them: https://forums.alliedmods.net/showpost.php?s=5fedba9ea66557ccea3bfee9e192aaf4=1744400=1 It also discusses a number of netsh commands for TCP/IP tuning. > . The number of Clients disconnected starts increasing and we see the logs in > the > Client where the server refuses any more connections form Clients (10061- > WSAECONNREFUSED) There is nothing to indicate this state in the server logs. > Our > theory is the backlog is filled and Server refusing further connections. That's possible. Windows, unlike BSD-based stacks, sends an RST when the listen queue is full. (BSD-based stacks simply discard the inbound SYN, which is a better choice for a number of reasons. Windows did this wrong and stubbornly refuses to change.) You say you're specifying a backlog of 500 in the call to listen(). Microsoft recommends just passing SOMAXCONN and letting the provider set a "suitable" value. Worth trying. But this appears to be a secondary issue. The primary one seems to be that for whatever reason you get an increasing number of conversation failures, and then the client's aggressive retry behavior means you get a cascade of connection flooding until the listen queues are full. The clients ought to be changed to use random backoff or another strategy that avoids flooding the server, but at this point that seems to be addressing a symptom rather than the underlying problem. > . We are trying to find why we get the SSL_Read/SSL_Write Error as it a > Blocking > socket. We cannot use to a non-blocking socket due to platform and application > limitation You said you're specifically getting SSL_ERROR_SYSCALL from SSL_read and SSL_write. That has nothing to do with whether the socket is in blocking mode -- system calls on blocking sockets can certainly return errors. I don't understand this question. There are any number of reasons why the server's ability to handle this load might be compromised. Network congestion, bufferbloat, load on the CPU or NIC (particularly if TCP offload is enabled to the NIC), contention for DMA, other application I/O, Years ago, I had one customer who had similar problems which turned out to be due to intermittent failures in a bad DRAM module in the server. Distributed computing is inherently fragile. But in my experience, this sort of problem is most often due to one or more of: - Application-logic errors or design issues. Are you multiplexing all these blocking sockets, or running a thread per conversation, or something else? - Middlebox problems. Routers, load balancers, firewall appliances, and so forth frequently cause issues. - Application firewalls and other "anti-malware" software (much of which is rubbish) running on the server. WSAETIMEDOUT on a send operation, assuming OpenSSL didn't need to do a receive under the covers for TLS-protocol reasons, could mean that a client app isn't doing its receives and consequently its receive window has filled; or it could mean that something is interfering with the delivery of network traffic in one direction or the other. WSAETIMEDOUT on a receive, though, again assuming OpenSSL didn't need to send under the covers, implies that something set a receive timeout on the socket, or that a keepalive wasn't responded to in the required time. Are you setting a receive timeout (typically with SO_RCVTIMEO)? Are you setting SO_KEEPALIVE? What about SO_KEEPALIVE_VALS? If you're not setting SO_KEEPALIVE_VALS, what are KeepAliveTime and KeepAliveInterval set to in the Registry? (See the MSDN docs for SO_KEEPALIVE.) Has the sy
problems with too many ssl_read and ssl_write errors
* We have a server that has around 2025 clients connected at any instant. * Our application creates a Server /Listener socket that then is converted into a Secure socket using OpenSSL library. This is compiled and built in a Windows x64 environment. We also built the OpenSSL for the Windows. The Listener socket is created with a default backlog of 500. The Accept socket is non-blocking socket and waits for connections * Every Client makes a regular blocking connection to the Server. The Server accepts the connection after which the Client socket is converted to a secure socket using the OpenSSL Library. * The connections are coming at a rate of about 10 connections /second ? Not sure about this number. * We are able to connect to all the clients in a few minutes and it stays like that for some time. There constant exchange of messages between Server(COS) and clients without issues. * The application logic is to keep trying to connect every timeout. * After maybe a few hours/days we see the clients dropping connections. The logs indicate the SSL_Read or SSL_Write on the Server fails for a client with SSL_Error number 5 (SSL_ERROR_SYSCALL) and the equivalent Windows error of WSATimeOut. We then observe the WSAECONNRESET as the Client closed connection. We see this behavior for multiple sites. * The number of Clients disconnected starts increasing and we see the logs in the Client where the server refuses any more connections form Clients (10061- WSAECONNREFUSED) There is nothing to indicate this state in the server logs. Our theory is the backlog is filled and Server refusing further connections. * We are trying to find why we get the SSL_Read/SSL_Write Error as it a Blocking socket. We cannot use to a non-blocking socket due to platform and application limitation
Handling BIO errors
I'm writing a daemon that talks to a server using HTTP/2 over TLS 1.2+ and leveraging OpenSSL 1.1.1h to provide the TLS support. At the moment I think that I have the whole TLS part figured, and I could probably have the project running by now if I used SSL_set_fd to assign a connected socket to the underlying BIO of an SSL object, but I want to simplify the code as much as possible by using the highest level interfaces at my disposal, which in the case of OpenSSL means using BIO objects. Unfortunately I'm having a problem which is that I can't figure out how to convert error codes returned by ERR_get_error and split by ERR_GET_LIB, ERR_GET_FUNC, and ERR_GET_REASON into constants that I can use in a switch statement to react to BIO errors. This is not a problem for SSL filter BIOs since those have their own error reporting functions, but is a problem for Internet socket source BIOs since BIO_do_connect in particular can fail due to a system call error, a DNS error,, or even an error generated by lower level OpenSSL functions and other BIOs in the chain, and I cannot find any manual pages documenting these error constants, if they even exist. Here's a small working example that illustrates the problem that I'm having: #include #include #include int main(void) { ERR_load_ERR_strings(); BIO *bio = BIO_new_connect("wwx.google.com:80"); printf("Connected: %ld\n", BIO_do_connect(bio)); ERR_print_errors_fp(stderr); return 0; } Running this code, which has a misspelled hostname on purpose so that it can fail, results in the following printed out to the console: Connected: -1 4667342272:error:2008F002:BIO routines:BIO_lookup_ex:system lib:crypto/bio/b_addr.c:726:nodename nor servname provided, or not known What could I do in that code to use a switch statement on the kind of information printed by ERR_print_errors_fp? I know that, in this example, the error is from getaddrinfo, since I recognize the error message, but assuming that I want to handle that specific error, what can I match the library, function, and reason error codes against? Thanks in advance!
Re: Fencepost errors in certificate and OCSP validity
On Wed, Oct 28, 2020 at 04:32:56PM +0100, Jakob Bohm via openssl-users wrote: > Recently, the EJBCA developers publicly warned (via the Mozilla root store > policy mailing list) other CA vendors that they had incorrectly implemented > the handling of the "notAfter" X509 field, resulting in certificates that > lasted 1 second longer than intended. I think that's patently ridiculous. I'm inclined to dismiss any bug reports along these lines with prejudice. -- Viktor.
Fencepost errors in certificate and OCSP validity
Recently, the EJBCA developers publicly warned (via the Mozilla root store policy mailing list) other CA vendors that they had incorrectly implemented the handling of the "notAfter" X509 field, resulting in certificates that lasted 1 second longer than intended. Prompted by this warning, I checked what the OpenSSL code does, and it seems to be a bit more buggy: x509_vfy.c seems to be a bit ambivalent if certificate validity should be inclusive or exclusive of the time values in the certificate. apps.c seems to convert the validity duration in days as if the notAfter field is exclusive, but the notBefore field is inclusive. PKIX (RFC5280) says that both timestamps are inclusive, X.509 (10/2012) says nothing about this aspect of the interpretation of the validity structure. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
Workaround for incorrect SSL_write() errors in OpenSSL 1.1.1.
Hi, from nginx-dev list. SSL: workaround for incorrect SSL_write() errors in OpenSSL 1.1.1. OpenSSL 1.1.1 fails to return SSL_ERROR_SYSCALL if an error happens during SSL_write() after close_notify alert from the peer, and returns SSL_ERROR_ZERO_RETURN instead. Broken by this commit, which removes the "i == 0" check around the SSL_RECEIVED_SHUTDOWN one: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=8051ab2 In particular, if a client closed the connection without reading the response but with properly sent close_notify alert, this resulted in unexpected "SSL_write() failed while ..." critical log message instead of correct "SSL_write() failed (32: Broken pipe)" at the info level. Since SSL_ERROR_ZERO_RETURN cannot be legitimately returned after SSL_write(), the fix is to convert all SSL_ERROR_ZERO_RETURN errors after SSL_write() to SSL_ERROR_SYSCALL. diffstat: src/event/ngx_event_openssl.c | 12 1 files changed, 12 insertions(+), 0 deletions(-) diffs (22 lines): diff -r 3781de64e747 -r 61011bfcdb49 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Wed Sep 09 19:26:27 2020 +0300 +++ b/src/event/ngx_event_openssl.c Wed Sep 16 18:26:22 2020 +0300 @@ -2573,6 +2573,18 @@ ngx_ssl_write(ngx_connection_t *c, u_cha sslerr = SSL_get_error(c->ssl->connection, n); +if (sslerr == SSL_ERROR_ZERO_RETURN) { + +/* + * OpenSSL 1.1.1 fails to return SSL_ERROR_SYSCALL if an error + * happens during SSL_write() after close_notify alert from the + * peer, and returns SSL_ERROR_ZERO_RETURN instead, + * https://git.openssl.org/?p=openssl.git;a=commitdiff;h=8051ab2 + */ + +sslerr = SSL_ERROR_SYSCALL; +} + regards, Ranier Vilela
Re: Intermittent ssl errors without OPENSSL_ia32cap
On 13/05/2020 02:14, abel alejandro wrote: > At the end I was able to get rid of the warnings and download without > data corruption by using OPENSSL_ia32cap="~0x202". Could > this be a bug somewhere in openssl or my hardware is just bad? It could be a bug. I suggest you raise a github issue about it. Please include details about the version of OpenSSL being used. Matt
Intermittent ssl errors without OPENSSL_ia32cap
Hello all, I have a AMD 3600x + X470D4U system where I observed intermittent ssl problems including data corruption of files when downloading thru https. For example: root@oasis:~# curl -o o https://www.google.com % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (35) error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac root@oasis:~# This was originally on unraid linux distribution but I also tried Slax live with the same results. At the end I was able to get rid of the warnings and download without data corruption by using OPENSSL_ia32cap="~0x202". Could this be a bug somewhere in openssl or my hardware is just bad? Thanks!
Re: AW: openssl-1.1.1g cygwin make errors
ucontext.h existed in 2017 in Cygwin, and still exists. Maybe you have a very old Cygwin (you can update with setup.exe).
AW: openssl-1.1.1g cygwin make errors
Hello, You could try with ./config no-async Kind Regards, Georg Von: openssl-users Im Auftrag von Anand Sridharan Gesendet: 06 May 2020 03:20 An: openssl-users@openssl.org Betreff: openssl-1.1.1g cygwin make errors Hi Open SSL users , Please let us know if someone has observed below errors while compiling on source with cygwin. Please do indicate any workaround available , I observed similar errors with different version as well such as openssl 1.1.1a. from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:28:24: ucontext.h: No such file or directory In file included from crypto/async/arch/../async_local.h:30, from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:32: error: parse error before "ucontext_t" crypto/async/arch/../arch/async_posix.h:32: warning: no semicolon at end of struct or union crypto/async/arch/../arch/async_posix.h:35: error: parse error before '}' token crypto/async/arch/../arch/async_posix.h:35: warning: type defaults to `int' in declaration of `async_fibre' crypto/async/arch/../arch/async_posix.h:35: warning: data definition has no type or storage class crypto/async/arch/../arch/async_posix.h:37: error: parse error before '*' token crypto/async/arch/../arch/async_posix.h: In function `async_fibre_swapcontext': crypto/async/arch/../arch/async_posix.h:39: error: `o' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:39: error: (Each undeclared identifier is reported only once crypto/async/arch/../arch/async_posix.h:39: error: for each function it appears in.) crypto/async/arch/../arch/async_posix.h:41: error: `r' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:42: error: `n' undeclared (first use in this function) -- thanks, Anand.S
openssl-1.1.1g cygwin make errors
Hi Open SSL users , Please let us know if someone has observed below errors while compiling on source with cygwin. Please do indicate any workaround available , I observed similar errors with different version as well such as openssl 1.1.1a. from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:28:24: ucontext.h: No such file or directory In file included from crypto/async/arch/../async_local.h:30, from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:32: error: parse error before "ucontext_t" crypto/async/arch/../arch/async_posix.h:32: warning: no semicolon at end of struct or union crypto/async/arch/../arch/async_posix.h:35: error: parse error before '}' token crypto/async/arch/../arch/async_posix.h:35: warning: type defaults to `int' in declaration of `async_fibre' crypto/async/arch/../arch/async_posix.h:35: warning: data definition has no type or storage class crypto/async/arch/../arch/async_posix.h:37: error: parse error before '*' token crypto/async/arch/../arch/async_posix.h: In function `async_fibre_swapcontext': crypto/async/arch/../arch/async_posix.h:39: error: `o' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:39: error: (Each undeclared identifier is reported only once crypto/async/arch/../arch/async_posix.h:39: error: for each function it appears in.) crypto/async/arch/../arch/async_posix.h:41: error: `r' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:42: error: `n' undeclared (first use in this function) -- thanks, Anand.S
Updated openssl 1.1.1f installation problem: Parse errors: No plan found in TAP output
Is there anyone meets the same Failure like me? Pls help me. The installation steps list below. [birdnofoots@trojan openssl-1.1.1f]$ cat /proc/version Linux version 4.14.129-bbrplus (root@vultr.guest <mailto:root@vultr.guest>) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)) #1 SMP Tue Jun 25 12:23:41 UTC 2019 [birdnofoots@trojan openssl-1.1.1f]$ openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 [birdnofoots@trojan openssl-1.1.1f]$ perl --version This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi (with 39 registered patches, see perl -V for more detail) Copyright 1987-2012, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/ <http://www.perl.org/>, the Perl Home Page. [birdnofoots@trojan openssl-1.1.1f]$ ls ACKNOWLEDGEMENTS AUTHORS config Configurations crypto engines FAQ INSTALL ms NOTES.DJGPP NOTES.VMS README ssl util apps build.info <http://build.info/> config.com <http://config.com/> Configure demos e_os.hfuzz LICENSE NEWS NOTES.PERL NOTES.WIN README.ENGINE test VMS appveyor.yml CHANGES configdata.pm <http://configdata.pm/> CONTRIBUTINGdoc external include Makefile NOTES.ANDROID NOTES.UNIX os-dep README.FIPStools [birdnofoots@trojan openssl-1.1.1f]$ sudo ./config Operating system: x86_64-whatever-linux2 Configuring OpenSSL version 1.1.1f (0x1010106fL) for linux-x86_64 Using os-specific seed configuration Creating configdata.pm <http://configdata.pm/> Creating Makefile ** ****** *** OpenSSL has been successfully configured *** ****** *** If you encounter a problem while building, please open an*** *** issue on GitHub <https://github.com/openssl/openssl/issues <https://github.com/openssl/openssl/issues>> *** *** and include the output from the following command: *** ****** *** perl configdata.pm <http://configdata.pm/> --dump *** ****** *** (If you are new to OpenSSL, you might want to consult the*** *** 'Troubleshooting' section in the INSTALL file first) *** ****** ** [birdnofoots@trojan openssl-1.1.1f]$ sudo make test /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl <http://dofile.pl/>" \ "-oMakefile" include/crypto/bn_conf.h.in <http://bn_conf.h.in/> > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl <http://dofile.pl/>" \ "-oMakefile" include/crypto/dso_conf.h.in <http://dso_conf.h.in/> > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl <http://dofile.pl/>" \ "-oMakefile" include/openssl/opensslconf.h.in <http://opensslconf.h.in/> > include/openssl/opensslconf.h make depend && make _tests make[1]: Entering directory `/home/birdnofoots/openssl-1.1.1f' make[1]: Leaving directory `/home/birdnofoots/openssl-1.1.1f' make[1]: Entering directory `/home/birdnofoots/openssl-1.1.1f' /usr/bin/perl apps/progs.pl <http://progs.pl/> apps/openssl > apps/progs.h …. …. ./test/recipes/90-test_sysdefault.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_threads.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_time_offset.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_tls13ccs.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_tls13encryption.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_tls13secrets.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_v3na
Updated openssl 1.1.1f installation problem: Parse errors: No plan found in TAP output
Is there anyone meets the same Failure like me? Pls help me. The installation steps list below. [birdnofoots@trojan openssl-1.1.1f]$ cat /proc/version Linux version 4.14.129-bbrplus (root@vultr.guest <mailto:root@vultr.guest>) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)) #1 SMP Tue Jun 25 12:23:41 UTC 2019 [birdnofoots@trojan openssl-1.1.1f]$ openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 [birdnofoots@trojan openssl-1.1.1f]$ perl --version This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi (with 39 registered patches, see perl -V for more detail) Copyright 1987-2012, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/ <http://www.perl.org/>, the Perl Home Page. [birdnofoots@trojan openssl-1.1.1f]$ ls ACKNOWLEDGEMENTS AUTHORS config Configurations crypto engines FAQ INSTALL ms NOTES.DJGPP NOTES.VMS README ssl util apps build.info <http://build.info/> config.com <http://config.com/> Configure demos e_os.hfuzz LICENSE NEWS NOTES.PERL NOTES.WIN README.ENGINE test VMS appveyor.yml CHANGES configdata.pm <http://configdata.pm/> CONTRIBUTINGdoc external include Makefile NOTES.ANDROID NOTES.UNIX os-dep README.FIPStools [birdnofoots@trojan openssl-1.1.1f]$ sudo ./config Operating system: x86_64-whatever-linux2 Configuring OpenSSL version 1.1.1f (0x1010106fL) for linux-x86_64 Using os-specific seed configuration Creating configdata.pm <http://configdata.pm/> Creating Makefile ** ****** *** OpenSSL has been successfully configured *** ****** *** If you encounter a problem while building, please open an*** *** issue on GitHub <https://github.com/openssl/openssl/issues <https://github.com/openssl/openssl/issues>> *** *** and include the output from the following command: *** ****** *** perl configdata.pm <http://configdata.pm/> --dump *** ****** *** (If you are new to OpenSSL, you might want to consult the*** *** 'Troubleshooting' section in the INSTALL file first) *** ****** ** [birdnofoots@trojan openssl-1.1.1f]$ sudo make test /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl <http://dofile.pl/>" \ "-oMakefile" include/crypto/bn_conf.h.in <http://bn_conf.h.in/> > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl <http://dofile.pl/>" \ "-oMakefile" include/crypto/dso_conf.h.in <http://dso_conf.h.in/> > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl <http://dofile.pl/>" \ "-oMakefile" include/openssl/opensslconf.h.in <http://opensslconf.h.in/> > include/openssl/opensslconf.h make depend && make _tests make[1]: Entering directory `/home/birdnofoots/openssl-1.1.1f' make[1]: Leaving directory `/home/birdnofoots/openssl-1.1.1f' make[1]: Entering directory `/home/birdnofoots/openssl-1.1.1f' /usr/bin/perl apps/progs.pl <http://progs.pl/> apps/openssl > apps/progs.h …. …. ./test/recipes/90-test_sysdefault.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_threads.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_time_offset.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_tls13ccs.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_tls13encryption.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_tls13secrets.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output ../test/recipes/90-test_v3na
RE: Getting compilation errors after upgrade to openssl 1.1.1d, errors pointing to openssl header files
> From: Venkata Ramaraju Vana [mailto:venkataramaraju.v...@broadcom.com] > Sent: Thursday, February 06, 2020 03:01 > Error 209 error C2143: syntax error : missing ';' before '{' > > Error in "opensslconf.h" points to 'extern "C"' statement the following code: > #ifdef __cplusplus > extern "C" { > #endif That error suggests you're compiling a C source file that includes with __cplusplus defined. (Don't do that. __cplusplus should only be defined by the compiler itself, and only when compiling C++ source files.) Or you're using an extremely old C++ compiler. Or there's something really wrong with your compiler. Whatever this is, I can't see how it's an OpenSSL problem. -- Michael Wojcik Distinguished Engineer, Micro Focus
Re: Getting compilation errors after upgrade to openssl 1.1.1d, errors pointing to openssl header files
Thanks for the suggestion Michael. We have removed all duplicates of "opensslconf.h" from our code stack. With those changes, we see all errors related to "DEPRECATEDIN_1_1_0" are gone. Now, we are not seeing any errors pointing to "bio.h". However, we have some other errors, where it points to "x509.h and x509_vfy.h". Following are a few of the errors, I am seeing: Error 209 error C2143: syntax error : missing ';' before '{' x\thirdparty\openssl\include\openssl\opensslconf.h 16 1 mycrypto Error 210 error C2447: '{' : missing function header (old-style formal list?) xx\thirdparty\openssl\include\openssl\opensslconf.h 16 1 mycrypto Error 179 error C2079: 'LPCSTR' uses undefined struct 'stack_st_' xx\thirdparty\openssl\include\openssl\x509.h 77 1 mycrypto Error 184 error C4430: missing type specifier - int assumed. Note: C++ does not support default-int xx\thirdparty\openssl\include\openssl\x509.h 77 1 mycrypto Error 186 error C2370: 'LPCSTR' : redefinition; different storage class xx\thirdparty\openssl\include\openssl\x509.h 77 1 mycrypto Error 188 error C2365: 'sk_' : redefinition; previous definition was 'function' xx\thirdparty\openssl\include\openssl\x509.h 77 1 mycrypto Error 200 error C2065: 'X509_EXTENSION' : undeclared identifier xx\thirdparty\openssl\include\openssl\x509.h 85 1 mycrypto Error 213 error C4430: missing type specifier - int assumed. Note: C++ does not support default-int xx\thirdparty\openssl\include\openssl\x509_vfy.h 77 1 mycrypto Error 245 error C2061: syntax error : identifier 'X509_STORE_CTX_lookup_certs_fn' xx\thirdparty\openssl\include\openssl\x509_vfy.h 315 1 mycrypto Error 252 error C2373: 'X509_STORE_CTX_lookup_crls_fn' : redefinition; different type modifiers xx\thirdparty\openssl\include\openssl\x509_vfy.h 321 1 mycrypto Error 274 error C2377: 'ASN1_INTEGER' : redefinition; typedef cannot be overloaded with any other symbol xx\thirdparty\openssl\include\openssl\x509_vfy.h 386 1 mycrypto Error in "opensslconf.h" points to 'extern "C"' statement the following code: #ifdef __cplusplus extern "C" { #endif Can you please suggest us to remove these errors. Appreciate your help on this. Regards, Ramaraju On Thu, Feb 6, 2020 at 12:27 AM Michael Wojcik < michael.woj...@microfocus.com> wrote: > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Venkata Ramaraju Vana via openssl-users > > Sent: Wednesday, February 05, 2020 00:40 > > > Error 300 error C3646: 'DEPRECATEDIN_1_1_0' : unknown override specifier > xx\thirdparty\openssl\include\openssl\bio.h 689 1 x > > You seem to be failing to include the opensslconf.h that was created as > part of the build process (before including bio.h, etc). opensslconf.h is > included by many of the OpenSSL headers, but not bio.h. > > So either you need an explicit #include before > including any other OpenSSL headers; or you have one, but you're picking up > the wrong opensslconf.h. (The latter is an easy mistake to make, as not > everyone realizes opensslconf.h is a generated file and applications must > include the one corresponding to the precise build they're using.) > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > > >
RE: Getting compilation errors after upgrade to openssl 1.1.1d, errors pointing to openssl header files
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Venkata Ramaraju Vana via openssl-users > Sent: Wednesday, February 05, 2020 00:40 > Error 300 error C3646: 'DEPRECATEDIN_1_1_0' : unknown override specifier > xx\thirdparty\openssl\include\openssl\bio.h 689 1 x You seem to be failing to include the opensslconf.h that was created as part of the build process (before including bio.h, etc). opensslconf.h is included by many of the OpenSSL headers, but not bio.h. So either you need an explicit #include before including any other OpenSSL headers; or you have one, but you're picking up the wrong opensslconf.h. (The latter is an easy mistake to make, as not everyone realizes opensslconf.h is a generated file and applications must include the one corresponding to the precise build they're using.) -- Michael Wojcik Distinguished Engineer, Micro Focus
Re: Getting compilation errors after upgrade to openssl 1.1.1d, errors pointing to openssl header files
Hi All, We have recently upgraded openssl from 1.0.1h to 1.1.1d. We have compiled OpenSSL using "no-asm no-shared no-deprecated" as input to configure. When compiling our application (in Visual Studio 2013) by including these headers and libraries, we are seeing many errors which are pointing to header files of OpenSSL. Below are few errors: Error 300 error C3646: 'DEPRECATEDIN_1_1_0' : unknown override specifier xx\thirdparty\openssl\include\openssl\bio.h 689 1 x Error 301 error C2091: function returns function x\thirdparty\openssl\include\openssl\bio.h 689 1 x Error 304 error C4430: missing type specifier - int assumed. Note: C++ does not support default-int \thirdparty\openssl\include\openssl\bio.h 691 1 Error 41 error C2370: 'LPCSTR' : redefinition; different storage class x\thirdparty\openssl\include\openssl\x509.h 77 1 myCrypto Error 68 error C4430: missing type specifier - int assumed. Note: C++ does not support default-int \thirdparty\openssl\include\openssl\x509_vfy.h 77 1 myCrypto Error 283 error C2270: 'DEPRECATEDIN_1_1_0' : modifiers not allowed on nonmember functions x\thirdparty\openssl\include\openssl\asn1.h 555 1 xx Error 284 error C4430: missing type specifier - int assumed. Note: C++ does not support default-int \thirdparty\openssl\include\openssl\asn1.h 555 1 x Error 514 error C2370: 'LPCSTR' : redefinition; different storage class xx\thirdparty\openssl\include\openssl\x509.h 77 1 x Error 516 error C2365: 'sk_' : redefinition; previous definition was 'function' x\thirdparty\openssl\include\openssl\x509.h 77 1 xxx We are getting hundreds of such error pointing to these header files. Can you please help me get rid of these errors? Please let me know if I have define any flags in Visual Studio. Compilation of our application is successful in Linux, with the same process. Build in Windows is the main issue. Regards, Ramaraju
Re: Outbound FTP java errors
I think it has nothing to do with OpenSSL. On Fri, Nov 15, 2019 at 3:00 AM Krista Brackin via openssl-users < openssl-users@openssl.org> wrote: > I am a novice...so any help please > > Below is the stack trace on the outbound file but I cannot make any > setting change workthoughts on what could be blocked me from > transferring the file? log attached. > > thank you! > Krista > -- SY, Dmitry Belyavsky
Outbound FTP java errors
I am a novice...so any help please Below is the stack trace on the outbound file but I cannot make any setting change workthoughts on what could be blocked me from transferring the file? log attached. thank you!Krista FTP was not successful com.tms.common.lib.FTPClient.FTPException: Connection timed out: connect at com.tms.common.lib.FTPClient.FTPClient.putBinaryText(FTPClient.java:1042) at com.tms.common.lib.FTPClient.FTPClient.putText(FTPClient.java:746) at com.tms.common.truckingclient.edi.EdiFtpOutThread.transmitMessage(EdiFtpOutThread.java:340) at com.tms.common.truckingclient.edi.EdiCommPoolable.process(EdiCommPoolable.java:132) at com.tms.common.truckingclient.edi.EdiCommPoolable.run(EdiCommPoolable.java:267) at java.lang.Thread.run(Thread.java:745) Date:11/14/2019 05:24PM Status: Comm Queued (Successful) Date:11/14/2019 05:24PM Status: Archived (Successful) Date:11/14/2019 05:24PM Status: Ready Queued (Successful) Outbound message mapped TN[Thread-10]<2019-11-13 08:58:08.812> <1> - TN[Monitor]<2019-11-13 08:58:08.854> <6> Successfully sent EDI Monitor Ping Message to queueâ TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]<2019-11-13 08:58:08.901> <6> PingMessage successfully updated edi_monitor$last_alive_jmsâ TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]<2019-11-13 08:58:37.109> <3> Starting read for temp file edi/out\inprocess\S1113.1573657113197562446â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]<2019-11-13 08:58:37.109> <3> Using path C:/TMSclient/1820_Dev/lme\edi/out\inprocess\S1113.1573657113197562446â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]<2019-11-13 08:58:37.109> <4> Filesize is 3857â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]<2019-11-13 08:58:37.296> <4> queueMessage read from C:/TMSclient/1820_Dev/lme\edi/out\inprocess\S1113.1573657113197562446: timestamp=1573657113494967214â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]direction=Oâ TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]transactionType=Sâ TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]isaSenderId=TEST123â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]id=zz1dpikbvv20af8GOTS02â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]ediCommId=36â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]gsSenderId=TEST123â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]transmitMethod=Râ TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]isaReceiverId=XXTESTâ TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]messageId=zz1dpikbvv10af8GOTS02â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]version=004010â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]gsReceiverId=XXTESTâ TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]templateId=79â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]numberOfRetries=0â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]companyId=TMSâ TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]filename=S1113.1573657113197562446â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]orderIdList=â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]ISA*00* *00* *02*TEST123 *ZZ*XXTEST *191113*0858*U*00400*00041*0*T*:~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]GS*QM*TEST123*XXTEST*20191113*0858*41*X*004010~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]ST*214*0001~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]B10*2246529*653302768*TEST123~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]L11*EATN*OQ~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]L11*DRYVAN*OQ~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]L11*SOLO*OQ~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]L11*653302768*OQ~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]L11*03567*OQ~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]L11*PO111201915451AM*OQ~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]L11*PO111201915451AMRL111201915451*OQ~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]L11*RL111201915451AM*OQ~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]L11*PO111201915451AMRL1112*OQ~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]L11*SI*OQ~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]N1*SF*Eaton Indianapolis*ZZ*SOLO~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]N3*7365 Winton Drive~â TN[Thread-3 (group:HornetQ-client-global-threads-1497014423)]N4*INDIANAPOLIS*IN*46268*USA~â TN[Thread-3
RE: OpenSSL compilation errors in Windows
Hi Matt, Thanks for your help. I am able to proceed now. Thanks and regards, Nagalakshmi -Original Message- From: Matt Caswell Sent: Wednesday, October 30, 2019 7:55 PM To: Nagalakshmi V J ; openssl-users@openssl.org Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** On 29/10/2019 11:55, Nagalakshmi V J wrote: > Hi Matt, > > Thank you so much for your response. Those mentioned APIs resolved my > errors. > > For the below code, > > return SSL_get_session(pConnection) != NULL && > pConnection->session->session_id_length != 0; > > Any reference for accessing session_id_length? > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_d > ocs_man1.1.0_man3_SSL-5FCTX-5Fset-5Fgenerate-5Fsession-5Fid.html=DwI > D-g=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEG > OnpA=mgmrDa8wrs1zaAUL-PLOcRGKsCoFwXg9ZmrJMt56Yso=GW6E7NE-6ODy28APY > gBz7MYCKAuXh9wULiPQjZ-AMR0= You should use SSL_SESSION_get_id() to get hold of the length: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_SSL-5FSESSION-5Fget-5Fid.html=DwID-g=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=mgmrDa8wrs1zaAUL-PLOcRGKsCoFwXg9ZmrJMt56Yso=rGqb0VAIAgD_dzrh6Cpv2AyI6wzAaog-HYn_OY_0mMU= Matt > > Not sure if I can use the above link. > > > /Thanks & Regards,/ > /Nagalakshmi V J/ > -- > -- > *From:* Matt Caswell > *Sent:* 29 October 2019 10:47 > *To:* Nagalakshmi V J ; > openssl-users@openssl.org > *Subject:* Re: OpenSSL compilation errors in Windows > > ** This mail has been sent from an external source ** > > > On 29/10/2019 10:34, Nagalakshmi V J wrote: >> >> tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), >> >> pGenerator->master_secret,sizeof(pGenerator->master_secret), >> >> km,tmp,num); > > It seems your code is replicating parts of libssl - which seems like a > strange (and possibly dangerous) thing to do! > >> Struct ssl_ctx_st { >> >> ... >> >> constEVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ >> >> constEVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ >> >> ... >> >> } > > You really don't need to access these things. They're just cached > references to the value returned by EVP_get_digestbyname("ssl3-md5") > and EVP_get_digestbyname("ssl3-sha1"). So you can call those functions > directly anyway. > > Matt > > = > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > = = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
Re: OpenSSL compilation errors in Windows
On 29/10/2019 11:55, Nagalakshmi V J wrote: > Hi Matt, > > Thank you so much for your response. Those mentioned APIs resolved my > errors. > > For the below code, > > return SSL_get_session(pConnection) != NULL && > pConnection->session->session_id_length != 0; > > Any reference for accessing session_id_length? > https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_generate_session_id.html You should use SSL_SESSION_get_id() to get hold of the length: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_id.html Matt > > Not sure if I can use the above link. > > > /Thanks & Regards,/ > /Nagalakshmi V J/ > > *From:* Matt Caswell > *Sent:* 29 October 2019 10:47 > *To:* Nagalakshmi V J ; > openssl-users@openssl.org > *Subject:* Re: OpenSSL compilation errors in Windows > > ** This mail has been sent from an external source ** > > > On 29/10/2019 10:34, Nagalakshmi V J wrote: >> >> tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), >> >> pGenerator->master_secret,sizeof(pGenerator->master_secret), >> >> km,tmp,num); > > It seems your code is replicating parts of libssl - which seems like a > strange (and possibly dangerous) thing to do! > >> Struct ssl_ctx_st { >> >> … >> >> constEVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ >> >> constEVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ >> >> … >> >> } > > You really don't need to access these things. They're just cached > references to the value returned by EVP_get_digestbyname("ssl3-md5") and > EVP_get_digestbyname("ssl3-sha1"). So you can call those functions > directly anyway. > > Matt > > = > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > =
RE: OpenSSL compilation errors in Windows
Hi Matt, Any inputs on the below query? Thanks and regards, Nagalakshmi From: Nagalakshmi V J Sent: Tuesday, October 29, 2019 5:25 PM To: Matt Caswell ; Nagalakshmi V J ; openssl-users@openssl.org Subject: Re: OpenSSL compilation errors in Windows Hi Matt, Thank you so much for your response. Those mentioned APIs resolved my errors. For the below code, return SSL_get_session(pConnection) != NULL && pConnection->session->session_id_length != 0; Any reference for accessing session_id_length? https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_generate_session_id.html Not sure if I can use the above link. Thanks & Regards, Nagalakshmi V J From: Matt Caswell mailto:m...@openssl.org>> Sent: 29 October 2019 10:47 To: Nagalakshmi V J mailto:nagalakshm...@altran.com>>; openssl-users@openssl.org<mailto:openssl-users@openssl.org> mailto:openssl-users@openssl.org>> Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** On 29/10/2019 10:34, Nagalakshmi V J wrote: > > tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), > > pGenerator->master_secret,sizeof(pGenerator->master_secret), > > km,tmp,num); It seems your code is replicating parts of libssl - which seems like a strange (and possibly dangerous) thing to do! > Struct ssl_ctx_st { > > ... > > constEVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ > > constEVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ > > ... > > } You really don't need to access these things. They're just cached references to the value returned by EVP_get_digestbyname("ssl3-md5") and EVP_get_digestbyname("ssl3-sha1"). So you can call those functions directly anyway. Matt = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
Re: OpenSSL compilation errors in Windows
Hi Matt, Thank you so much for your response. Those mentioned APIs resolved my errors. For the below code, return SSL_get_session(pConnection) != NULL && pConnection->session->session_id_length != 0; Any reference for accessing session_id_length? https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_generate_session_id.html Not sure if I can use the above link. Thanks & Regards, Nagalakshmi V J From: Matt Caswell Sent: 29 October 2019 10:47 To: Nagalakshmi V J ; openssl-users@openssl.org Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** On 29/10/2019 10:34, Nagalakshmi V J wrote: > > tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), > > pGenerator->master_secret,sizeof(pGenerator->master_secret), > > km,tmp,num); It seems your code is replicating parts of libssl - which seems like a strange (and possibly dangerous) thing to do! > Struct ssl_ctx_st { > > … > > constEVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ > > constEVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ > > … > > } You really don't need to access these things. They're just cached references to the value returned by EVP_get_digestbyname("ssl3-md5") and EVP_get_digestbyname("ssl3-sha1"). So you can call those functions directly anyway. Matt = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
Re: OpenSSL compilation errors in Windows
On 29/10/2019 10:34, Nagalakshmi V J wrote: > > tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), > > pGenerator->master_secret,sizeof(pGenerator->master_secret), > > km,tmp,num); It seems your code is replicating parts of libssl - which seems like a strange (and possibly dangerous) thing to do! > Struct ssl_ctx_st { > > … > > constEVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ > > constEVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ > > … > > } You really don't need to access these things. They're just cached references to the value returned by EVP_get_digestbyname("ssl3-md5") and EVP_get_digestbyname("ssl3-sha1"). So you can call those functions directly anyway. Matt
Re: OpenSSL compilation errors in Windows
Hi All, Appreciate the response for the below query. Anyone faced the same issue? Thanks & Regards, Nagalakshmi V J From: Nagalakshmi V J Sent: 24 October 2019 03:29 To: Nagalakshmi V J ; Matt Caswell ; openssl-users@openssl.org Subject: Re: OpenSSL compilation errors in Windows Hi Matt, Kindly provide your inputs for the below mail. Thanks & Regards, Nagalakshmi V J From: Nagalakshmi V J Sent: 22 October 2019 10:41:40 To: Matt Caswell ; openssl-users@openssl.org Cc: Nagalakshmi V J Subject: RE: OpenSSL compilation errors in Windows Hi Matt, Could you please help to get any clue on the ACCESSOR APIs of the following. I tried searching APIs. Not getting exact matches. Referred the below links. https://www.openssl.org/docs/man1.1.1/man3/SSL_set_info_callback.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_SSL-5Fset-5Finfo-5Fcallback.html=DwMFAg=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=Njt4ya1WwfEyFfb0YIugFx24W8dsynF6tpT1_Km5mtI=-MNUo0TNpVbEaR7EYseQvOuqyaOVxpmsTxKxZnpJv7o=> https://www.openssl.org/docs/man1.1.1/man3/EVP_md5.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_EVP-5Fmd5.html=DwMFAg=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=Njt4ya1WwfEyFfb0YIugFx24W8dsynF6tpT1_Km5mtI=mzU5jKWESsCh8cwObLKcthJRhdqflLMfP41CLfzqhWs=> Getting similar error for the below code. tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), pGenerator->master_secret,sizeof(pGenerator->master_secret), km,tmp,num); Struct ssl_ctx_st { … const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ … } struct evp_md_st { int type; int pkey_type; int md_size; unsigned long flags; int (*init) (EVP_MD_CTX *ctx); int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); int (*final) (EVP_MD_CTX *ctx, unsigned char *md); int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); int (*cleanup) (EVP_MD_CTX *ctx); int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ /* control function */ int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); } /* EVP_MD */ ; Thanks and regards, Nagalakshmi From: Nagalakshmi V J Sent: Tuesday, October 22, 2019 9:39 AM To: Matt Caswell ; Nagalakshmi V J ; openssl-users@openssl.org Subject: Re: OpenSSL compilation errors in Windows Hi Matt, Yes. Exactly we followed the same and able to resolve errors. Thank you so much for the support and guidance. I'll get back if any further errors. Thanks & Regards, Nagalakshmi V J From: Matt Caswell mailto:m...@openssl.org>> Sent: 21 October 2019 21:26:32 To: Nagalakshmi V J mailto:nagalakshm...@altran.com>>; openssl-users@openssl.org<mailto:openssl-users@openssl.org> mailto:openssl-users@openssl.org>> Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** On 20/10/2019 08:43, Nagalakshmi V J wrote: > Hi Matt, > > This link is having few APIS. But for getting master_key_length, I don't > find any API. Not sure if we need to use getMasterKey API for that. You can use SSL_SESSION_get_master_key() for this. Note this comment in the RETURN VALUES section: "For the other functions, if outlen is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to outlen. If outlen is 0 then these functions return the maximum number of bytes they would copy -- that is, the length of the underlying field." So to discover the master_key_length call the function with outlen to zero. You can then allocate an appropriate sized buffer and call the function again in order to get the actual master key. Matt > > I will try to use these APIs and get back. > > Thanks & Regards, > Nagalakshmi V J > > *From:* Matt Caswell mailto:m...@openssl.org>> > *Sent:* 18 October 2019 14:48:33 > *To:* Nagalakshmi V J > mailto:nagalakshm...@altran.com>>; > openssl-users@openssl.org<mailto:openssl-users@openssl.org> > mailto:openssl-users@openssl.org>> > *Subject:* Re: OpenSSL compilation errors in Windows > > ** This mail has been sent from an external source ** > > > On 18/10/2019 11:49, Nagalakshmi V J wrote: >> Now the issue is SSL_session structure is also having accessor APIs >> which I am not aware of. So I need to get the APIs for accessing the >> master_key_length,etc.. given in the above code. Those are not listed >> in the openss
Re: OpenSSL compilation errors in Windows
Hi Matt, Kindly provide your inputs for the below mail. Thanks & Regards, Nagalakshmi V J From: Nagalakshmi V J Sent: 22 October 2019 10:41:40 To: Matt Caswell ; openssl-users@openssl.org Cc: Nagalakshmi V J Subject: RE: OpenSSL compilation errors in Windows Hi Matt, Could you please help to get any clue on the ACCESSOR APIs of the following. I tried searching APIs. Not getting exact matches. Referred the below links. https://www.openssl.org/docs/man1.1.1/man3/SSL_set_info_callback.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_SSL-5Fset-5Finfo-5Fcallback.html=DwMFAg=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=Njt4ya1WwfEyFfb0YIugFx24W8dsynF6tpT1_Km5mtI=-MNUo0TNpVbEaR7EYseQvOuqyaOVxpmsTxKxZnpJv7o=> https://www.openssl.org/docs/man1.1.1/man3/EVP_md5.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_EVP-5Fmd5.html=DwMFAg=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=Njt4ya1WwfEyFfb0YIugFx24W8dsynF6tpT1_Km5mtI=mzU5jKWESsCh8cwObLKcthJRhdqflLMfP41CLfzqhWs=> Getting similar error for the below code. tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), pGenerator->master_secret,sizeof(pGenerator->master_secret), km,tmp,num); Struct ssl_ctx_st { … const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ … } struct evp_md_st { int type; int pkey_type; int md_size; unsigned long flags; int (*init) (EVP_MD_CTX *ctx); int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); int (*final) (EVP_MD_CTX *ctx, unsigned char *md); int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); int (*cleanup) (EVP_MD_CTX *ctx); int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ /* control function */ int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); } /* EVP_MD */ ; Thanks and regards, Nagalakshmi From: Nagalakshmi V J Sent: Tuesday, October 22, 2019 9:39 AM To: Matt Caswell ; Nagalakshmi V J ; openssl-users@openssl.org Subject: Re: OpenSSL compilation errors in Windows Hi Matt, Yes. Exactly we followed the same and able to resolve errors. Thank you so much for the support and guidance. I'll get back if any further errors. Thanks & Regards, Nagalakshmi V J From: Matt Caswell mailto:m...@openssl.org>> Sent: 21 October 2019 21:26:32 To: Nagalakshmi V J mailto:nagalakshm...@altran.com>>; openssl-users@openssl.org<mailto:openssl-users@openssl.org> mailto:openssl-users@openssl.org>> Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** On 20/10/2019 08:43, Nagalakshmi V J wrote: > Hi Matt, > > This link is having few APIS. But for getting master_key_length, I don't > find any API. Not sure if we need to use getMasterKey API for that. You can use SSL_SESSION_get_master_key() for this. Note this comment in the RETURN VALUES section: "For the other functions, if outlen is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to outlen. If outlen is 0 then these functions return the maximum number of bytes they would copy -- that is, the length of the underlying field." So to discover the master_key_length call the function with outlen to zero. You can then allocate an appropriate sized buffer and call the function again in order to get the actual master key. Matt > > I will try to use these APIs and get back. > > Thanks & Regards, > Nagalakshmi V J > > *From:* Matt Caswell mailto:m...@openssl.org>> > *Sent:* 18 October 2019 14:48:33 > *To:* Nagalakshmi V J > mailto:nagalakshm...@altran.com>>; > openssl-users@openssl.org<mailto:openssl-users@openssl.org> > mailto:openssl-users@openssl.org>> > *Subject:* Re: OpenSSL compilation errors in Windows > > ** This mail has been sent from an external source ** > > > On 18/10/2019 11:49, Nagalakshmi V J wrote: >> Now the issue is SSL_session structure is also having accessor APIs >> which I am not aware of. So I need to get the APIs for accessing the >> master_key_length,etc.. given in the above code. Those are not listed >> in the openssl link referred. > > On this page look a the various functions beginning with "SSL_SESSION_" > in the name: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_=DwICaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=MZhYFrTAuuHOqAirPiGbT1
RE: OpenSSL compilation errors in Windows
Hi Matt, Could you please help to get any clue on the ACCESSOR APIs of the following. I tried searching APIs. Not getting exact matches. Referred the below links. https://www.openssl.org/docs/man1.1.1/man3/SSL_set_info_callback.html https://www.openssl.org/docs/man1.1.1/man3/EVP_md5.html Getting similar error for the below code. tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), pGenerator->master_secret,sizeof(pGenerator->master_secret), km,tmp,num); Struct ssl_ctx_st { ... const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ ... } struct evp_md_st { int type; int pkey_type; int md_size; unsigned long flags; int (*init) (EVP_MD_CTX *ctx); int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); int (*final) (EVP_MD_CTX *ctx, unsigned char *md); int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); int (*cleanup) (EVP_MD_CTX *ctx); int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ /* control function */ int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); } /* EVP_MD */ ; Thanks and regards, Nagalakshmi From: Nagalakshmi V J Sent: Tuesday, October 22, 2019 9:39 AM To: Matt Caswell ; Nagalakshmi V J ; openssl-users@openssl.org Subject: Re: OpenSSL compilation errors in Windows Hi Matt, Yes. Exactly we followed the same and able to resolve errors. Thank you so much for the support and guidance. I'll get back if any further errors. Thanks & Regards, Nagalakshmi V J From: Matt Caswell mailto:m...@openssl.org>> Sent: 21 October 2019 21:26:32 To: Nagalakshmi V J mailto:nagalakshm...@altran.com>>; openssl-users@openssl.org<mailto:openssl-users@openssl.org> mailto:openssl-users@openssl.org>> Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** On 20/10/2019 08:43, Nagalakshmi V J wrote: > Hi Matt, > > This link is having few APIS. But for getting master_key_length, I don't > find any API. Not sure if we need to use getMasterKey API for that. You can use SSL_SESSION_get_master_key() for this. Note this comment in the RETURN VALUES section: "For the other functions, if outlen is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to outlen. If outlen is 0 then these functions return the maximum number of bytes they would copy -- that is, the length of the underlying field." So to discover the master_key_length call the function with outlen to zero. You can then allocate an appropriate sized buffer and call the function again in order to get the actual master key. Matt > > I will try to use these APIs and get back. > > Thanks & Regards, > Nagalakshmi V J > > *From:* Matt Caswell mailto:m...@openssl.org>> > *Sent:* 18 October 2019 14:48:33 > *To:* Nagalakshmi V J > mailto:nagalakshm...@altran.com>>; > openssl-users@openssl.org<mailto:openssl-users@openssl.org> > mailto:openssl-users@openssl.org>> > *Subject:* Re: OpenSSL compilation errors in Windows > > ** This mail has been sent from an external source ** > > > On 18/10/2019 11:49, Nagalakshmi V J wrote: >> Now the issue is SSL_session structure is also having accessor APIs >> which I am not aware of. So I need to get the APIs for accessing the >> master_key_length,etc.. given in the above code. Those are not listed >> in the openssl link referred. > > On this page look a the various functions beginning with "SSL_SESSION_" > in the name: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_=DwICaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=MZhYFrTAuuHOqAirPiGbT1CY6HDdH2U_CWYq12626Ts=gE0JHTVoToRHQRu5h2amvKa5WzyXsortlw0IoQd3VG4= > > From the code sample you gave you are probably mostly interested in the > functions on this page: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_SSL-5FSESSION-5Fget-5Fmaster-5Fkey.html=DwICaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=MZhYFrTAuuHOqAirPiGbT1CY6HDdH2U_CWYq12626Ts=XTuEzS7qyBvIHc_qWJYoh3JVC4zPCzvUzNPStW_SvLI= > > Matt > > = > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > = = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regardin
Re: OpenSSL compilation errors in Windows
Hi Matt, Yes. Exactly we followed the same and able to resolve errors. Thank you so much for the support and guidance. I'll get back if any further errors. Thanks & Regards, Nagalakshmi V J From: Matt Caswell Sent: 21 October 2019 21:26:32 To: Nagalakshmi V J ; openssl-users@openssl.org Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** On 20/10/2019 08:43, Nagalakshmi V J wrote: > Hi Matt, > > This link is having few APIS. But for getting master_key_length, I don't > find any API. Not sure if we need to use getMasterKey API for that. You can use SSL_SESSION_get_master_key() for this. Note this comment in the RETURN VALUES section: "For the other functions, if outlen is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to outlen. If outlen is 0 then these functions return the maximum number of bytes they would copy -- that is, the length of the underlying field." So to discover the master_key_length call the function with outlen to zero. You can then allocate an appropriate sized buffer and call the function again in order to get the actual master key. Matt > > I will try to use these APIs and get back. > > Thanks & Regards, > Nagalakshmi V J > > *From:* Matt Caswell > *Sent:* 18 October 2019 14:48:33 > *To:* Nagalakshmi V J ; > openssl-users@openssl.org > *Subject:* Re: OpenSSL compilation errors in Windows > > ** This mail has been sent from an external source ** > > > On 18/10/2019 11:49, Nagalakshmi V J wrote: >> Now the issue is SSL_session structure is also having accessor APIs >> which I am not aware of. So I need to get the APIs for accessing the >> master_key_length,etc.. given in the above code. Those are not listed >> in the openssl link referred. > > On this page look a the various functions beginning with "SSL_SESSION_" > in the name: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_=DwICaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=MZhYFrTAuuHOqAirPiGbT1CY6HDdH2U_CWYq12626Ts=gE0JHTVoToRHQRu5h2amvKa5WzyXsortlw0IoQd3VG4= > > From the code sample you gave you are probably mostly interested in the > functions on this page: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_SSL-5FSESSION-5Fget-5Fmaster-5Fkey.html=DwICaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=MZhYFrTAuuHOqAirPiGbT1CY6HDdH2U_CWYq12626Ts=XTuEzS7qyBvIHc_qWJYoh3JVC4zPCzvUzNPStW_SvLI= > > Matt > > = > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > = = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
Re: OpenSSL compilation errors in Windows
On 20/10/2019 08:43, Nagalakshmi V J wrote: > Hi Matt, > > This link is having few APIS. But for getting master_key_length, I don't > find any API. Not sure if we need to use getMasterKey API for that. You can use SSL_SESSION_get_master_key() for this. Note this comment in the RETURN VALUES section: "For the other functions, if outlen is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to outlen. If outlen is 0 then these functions return the maximum number of bytes they would copy -- that is, the length of the underlying field." So to discover the master_key_length call the function with outlen to zero. You can then allocate an appropriate sized buffer and call the function again in order to get the actual master key. Matt > > I will try to use these APIs and get back. > > Thanks & Regards, > Nagalakshmi V J > > *From:* Matt Caswell > *Sent:* 18 October 2019 14:48:33 > *To:* Nagalakshmi V J ; > openssl-users@openssl.org > *Subject:* Re: OpenSSL compilation errors in Windows > > ** This mail has been sent from an external source ** > > > On 18/10/2019 11:49, Nagalakshmi V J wrote: >> Now the issue is SSL_session structure is also having accessor APIs >> which I am not aware of. So I need to get the APIs for accessing the >> master_key_length,etc.. given in the above code. Those are not listed >> in the openssl link referred. > > On this page look a the various functions beginning with "SSL_SESSION_" > in the name: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_=DwICaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=MZhYFrTAuuHOqAirPiGbT1CY6HDdH2U_CWYq12626Ts=gE0JHTVoToRHQRu5h2amvKa5WzyXsortlw0IoQd3VG4= > > From the code sample you gave you are probably mostly interested in the > functions on this page: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_SSL-5FSESSION-5Fget-5Fmaster-5Fkey.html=DwICaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=MZhYFrTAuuHOqAirPiGbT1CY6HDdH2U_CWYq12626Ts=XTuEzS7qyBvIHc_qWJYoh3JVC4zPCzvUzNPStW_SvLI= > > Matt > > = > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > =
Re: OpenSSL compilation errors in Windows
Hi Matt, This link is having few APIS. But for getting master_key_length, I don't find any API. Not sure if we need to use getMasterKey API for that. I will try to use these APIs and get back. Thanks & Regards, Nagalakshmi V J From: Matt Caswell Sent: 18 October 2019 14:48:33 To: Nagalakshmi V J ; openssl-users@openssl.org Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** On 18/10/2019 11:49, Nagalakshmi V J wrote: > Now the issue is SSL_session structure is also having accessor APIs > which I am not aware of. So I need to get the APIs for accessing the > master_key_length,etc.. given in the above code. Those are not listed > in the openssl link referred. On this page look a the various functions beginning with "SSL_SESSION_" in the name: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_=DwICaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=MZhYFrTAuuHOqAirPiGbT1CY6HDdH2U_CWYq12626Ts=gE0JHTVoToRHQRu5h2amvKa5WzyXsortlw0IoQd3VG4= >From the code sample you gave you are probably mostly interested in the functions on this page: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.1.1_man3_SSL-5FSESSION-5Fget-5Fmaster-5Fkey.html=DwICaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=MZhYFrTAuuHOqAirPiGbT1CY6HDdH2U_CWYq12626Ts=XTuEzS7qyBvIHc_qWJYoh3JVC4zPCzvUzNPStW_SvLI= Matt = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
Re: OpenSSL compilation errors in Windows
On 18/10/2019 11:49, Nagalakshmi V J wrote: > Now the issue is SSL_session structure is also having accessor APIs > which I am not aware of. So I need to get the APIs for accessing the > master_key_length,etc.. given in the above code. Those are not listed > in the openssl link referred. On this page look a the various functions beginning with "SSL_SESSION_" in the name: https://www.openssl.org/docs/man1.1.1/man3/ >From the code sample you gave you are probably mostly interested in the functions on this page: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_master_key.html Matt
RE: OpenSSL compilation errors in Windows
Hi Matt, Sorry I missed your reply as all the conversations are jumbled in that mail. Please find the sample code snippet. This is a small part. Like the below sample, we are using SSL and SSL_SESSION structures in many places. struct PRF_GENERATOR { unsigned char master_secret[48]; unsigned char server_random[32]; unsigned char client_random[32]; }; int functionA(SSL* s, PRF_GENERATOR* pGenerator) { if( s->session->master_key_length != sizeof(pGenerator->master_secret) ) return -1; memcpy(pGenerator->master_secret, s->session->master_key, sizeof(pGenerator->master_secret)); memcpy(pGenerator->server_random, s->s3->server_random, sizeof(pGenerator->server_random)); memcpy(pGenerator->client_random, s->s3->client_random, sizeof(pGenerator->client_random)); return 0; } In the above function, they are accessing the session from SSL structure as s->session (using openssl 1.0.2j). We cannot access like this 1.1.1c. So we need to use the accessor API which is SSL_get_session(s). Referred this link (https://www.openssl.org/docs/man1.1.0/man7/ssl.html) Now the issue is SSL_session structure is also having accessor APIs which I am not aware of. So I need to get the APIs for accessing the master_key_length,etc.. given in the above code. Those are not listed in the openssl link referred. It would be helpful if I can get to know about the accessor APIs. If you know any documentation link which talks about accessor APIs or any files where all these details are there, you can refer me that. Kindly let me know if you have any queries with respect to this sample code. Thanks and regards, Nagalakshmi -Original Message- From: openssl-users On Behalf Of Matt Caswell Sent: Thursday, October 3, 2019 6:51 PM To: openssl-users@openssl.org Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** On 03/10/2019 11:10, Nagalakshmi V J wrote: > Hi Matthias, > > > > Please find my response for your queries below. > > > > It would be more helpful if you would tell us *why* you are including > ssl_locl.h and what you are trying to achieve. Then we might be able > to tell you how you could achieve your goal using the officially supported > API. > > [Nagalakshmi]: > > In our product code, we are using the structures 'ssl_st' and > 'ssl_session_st' > which were defined in ssl.h file in Openssl 1.0.2.j version. > > Since the structure definitions are made opaque in openssl 1.1.1c, we > used ssl_locl.h where the structure definitions are available. > > > > Please note that many of the OpenSSL structures were made opaque in > version 1.1.0. This means that there are only forward declarations of > the structures in the public headers and the compiler does not get to see > the structure members. > Instead of directly accessing the members, it is now necessary to use > accessor functions (a.k.a. getters and setters). > > [Nagalakshmi]: > > Regarding usage of accessor functions, I got the following APIs. > > SSL_get_session(s) > > SSL_SESSION_get_master_key(). > > > > If we use those APIs, I am again getting errors like the below. > > /.\odlibPrf_OSSL.h(164) : error C2027: use of undefined type > 'ssl_session_st'/ > > /..\..\OpenSSL\openssl-1.1.1c\include\openssl/ssl.h(213) : see > declaration of 'ssl_session_st'/ > > /.\odlibPrf_OSSL.h(164) : error C2227: left of '->SSL_SESSION_get_master_key' > must point to class/struct/union/ This at least looks like a syntax error. > > /.\odlibPrf_OSSL.h(167) : error C2027: use of undefined type 'ssl_st'/ > > /..\..\OpenSSL\openssl-1.1.1c\include\openssl/ossl_typ.h(147) : see > declaration of 'ssl_st'/ > > /.\odlibPrf_OSSL.h(167) : error C2227: left of '->session' must point > to class/struct/union/ > > /.\odlibPrf_OSSL.h(167) : error C2227: left of '->master_key' must > point to class/struct/union/ These suggest you're still trying to direct access structure members. > > /.\odlibPrf_OSSL.h(168) : error C2027: use of undefined type 'ssl_st'/ Please show us the source code for the lines these error message correspond to. Matt > > > > Can you help me to get the corresponding accessor functions for these 2 > structures. > > > > Thanks and regards, > > Nagalakshmi > > > > -Original Message- > From: Nagalakshmi V J > Sent: Tuesday, October 1, 2019 6:33 PM > To: Dr. Matthias St. Pierre ; > Nagalakshmi V J > Cc: openssl-users@openssl.org; Umamaheswari Nagarajan > > Subject: RE: OpenSSL compilation errors in Windows > > > > Thank you Matthias for the explanation. I am going through my code to > understand why ssl_locl.h is inc
Re: OpenSSL compilation errors in Windows
On 03/10/2019 11:10, Nagalakshmi V J wrote: > Hi Matthias, > > > > Please find my response for your queries below. > > > > It would be more helpful if you would tell us *why* you are including > ssl_locl.h > and what you are trying to achieve. Then we might be able to tell you how you > could achieve your goal using the officially supported API. > > [Nagalakshmi]: > > In our product code, we are using the structures 'ssl_st' and > 'ssl_session_st' > which were defined in ssl.h file in Openssl 1.0.2.j version. > > Since the structure definitions are made opaque in openssl 1.1.1c, we used > ssl_locl.h where the structure definitions are available. > > > > Please note that many of the OpenSSL structures were made opaque in version > 1.1.0. This means that there are only forward declarations of the structures > in > the public headers and the compiler does not get to see the structure > members. > Instead of directly accessing the members, it is now necessary to use accessor > functions (a.k.a. getters and setters). > > [Nagalakshmi]: > > Regarding usage of accessor functions, I got the following APIs. > > SSL_get_session(s) > > SSL_SESSION_get_master_key(). > > > > If we use those APIs, I am again getting errors like the below. > > /.\odlibPrf_OSSL.h(164) : error C2027: use of undefined type 'ssl_session_st'/ > > / ..\..\OpenSSL\openssl-1.1.1c\include\openssl/ssl.h(213) : see > declaration of 'ssl_session_st'/ > > /.\odlibPrf_OSSL.h(164) : error C2227: left of '->SSL_SESSION_get_master_key' > must point to class/struct/union/ This at least looks like a syntax error. > > /.\odlibPrf_OSSL.h(167) : error C2027: use of undefined type 'ssl_st'/ > > / ..\..\OpenSSL\openssl-1.1.1c\include\openssl/ossl_typ.h(147) : see > declaration of 'ssl_st'/ > > /.\odlibPrf_OSSL.h(167) : error C2227: left of '->session' must point to > class/struct/union/ > > /.\odlibPrf_OSSL.h(167) : error C2227: left of '->master_key' must point to > class/struct/union/ These suggest you're still trying to direct access structure members. > > /.\odlibPrf_OSSL.h(168) : error C2027: use of undefined type 'ssl_st'/ Please show us the source code for the lines these error message correspond to. Matt > > > > Can you help me to get the corresponding accessor functions for these 2 > structures. > > > > Thanks and regards, > > Nagalakshmi > > > > -Original Message- > From: Nagalakshmi V J > Sent: Tuesday, October 1, 2019 6:33 PM > To: Dr. Matthias St. Pierre ; Nagalakshmi V J > > Cc: openssl-users@openssl.org; Umamaheswari Nagarajan > > Subject: RE: OpenSSL compilation errors in Windows > > > > Thank you Matthias for the explanation. I am going through my code to > understand > why ssl_locl.h is included. I will check and get back on this ASAP. Also if > there is other way to achieve that I will use the same. > > > > Thanks and regards, > > Nagalakshmi > > > > -Original Message- > > From: Dr. Matthias St. Pierre <mailto:matthias.st.pie...@ncp-e.com>> > > Sent: Tuesday, October 1, 2019 4:43 PM > > To: Nagalakshmi V J <mailto:nagalakshm...@altran.com>> > > Cc: openssl-users@openssl.org <mailto:openssl-users@openssl.org>; Umamaheswari > Nagarajan <mailto:umamaheswari.nagara...@altran.com>> > > Subject: AW: OpenSSL compilation errors in Windows > > > > ** This mail has been sent from an external source ** > > > > > >> We are using OpenSSL APIs in our product code. We are not making any changes > in OpenSSL. > >> Our product code is a C++ code and it makes use of openSSL APIs for some > functionality. > > > > Local headers (like "ssl_locl.h" and "packet_locl.h") are *NOT* part of the > official OpenSSL API. > > Please don't expect any support w.r.t. compilation or compatibility problems > if > you do include them in your application, even more if it's compiled using a > C++ > compiler. > > > > It would be more helpful if you would tell us *why* you are including > ssl_locl.h > and what you are trying to achieve. Then we might be able to tell you how you > could achieve your goal using the officially supported API. > > > > Please note that many of the OpenSSL structures were made opaque in version > 1.1.0. This means that there are only forward declarations of the structures > in > the public headers and the compiler does not get to see the structure > members. > Instead o
RE: OpenSSL compilation errors in Windows
Hi Matthias, Please find my response for your queries below. It would be more helpful if you would tell us *why* you are including ssl_locl.h and what you are trying to achieve. Then we might be able to tell you how you could achieve your goal using the officially supported API. [Nagalakshmi]: In our product code, we are using the structures 'ssl_st' and 'ssl_session_st' which were defined in ssl.h file in Openssl 1.0.2.j version. Since the structure definitions are made opaque in openssl 1.1.1c, we used ssl_locl.h where the structure definitions are available. Please note that many of the OpenSSL structures were made opaque in version 1.1.0. This means that there are only forward declarations of the structures in the public headers and the compiler does not get to see the structure members. Instead of directly accessing the members, it is now necessary to use accessor functions (a.k.a. getters and setters). [Nagalakshmi]: Regarding usage of accessor functions, I got the following APIs. SSL_get_session(s) SSL_SESSION_get_master_key(). If we use those APIs, I am again getting errors like the below. .\odlibPrf_OSSL.h(164) : error C2027: use of undefined type 'ssl_session_st' ..\..\OpenSSL\openssl-1.1.1c\include\openssl/ssl.h(213) : see declaration of 'ssl_session_st' .\odlibPrf_OSSL.h(164) : error C2227: left of '->SSL_SESSION_get_master_key' must point to class/struct/union .\odlibPrf_OSSL.h(167) : error C2027: use of undefined type 'ssl_st' ..\..\OpenSSL\openssl-1.1.1c\include\openssl/ossl_typ.h(147) : see declaration of 'ssl_st' .\odlibPrf_OSSL.h(167) : error C2227: left of '->session' must point to class/struct/union .\odlibPrf_OSSL.h(167) : error C2227: left of '->master_key' must point to class/struct/union .\odlibPrf_OSSL.h(168) : error C2027: use of undefined type 'ssl_st' Can you help me to get the corresponding accessor functions for these 2 structures. Thanks and regards, Nagalakshmi -Original Message- From: Nagalakshmi V J Sent: Tuesday, October 1, 2019 6:33 PM To: Dr. Matthias St. Pierre ; Nagalakshmi V J Cc: openssl-users@openssl.org; Umamaheswari Nagarajan Subject: RE: OpenSSL compilation errors in Windows Thank you Matthias for the explanation. I am going through my code to understand why ssl_locl.h is included. I will check and get back on this ASAP. Also if there is other way to achieve that I will use the same. Thanks and regards, Nagalakshmi -Original Message- From: Dr. Matthias St. Pierre mailto:matthias.st.pie...@ncp-e.com>> Sent: Tuesday, October 1, 2019 4:43 PM To: Nagalakshmi V J mailto:nagalakshm...@altran.com>> Cc: openssl-users@openssl.org<mailto:openssl-users@openssl.org>; Umamaheswari Nagarajan mailto:umamaheswari.nagara...@altran.com>> Subject: AW: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** > We are using OpenSSL APIs in our product code. We are not making any changes > in OpenSSL. > Our product code is a C++ code and it makes use of openSSL APIs for some > functionality. Local headers (like "ssl_locl.h" and "packet_locl.h") are *NOT* part of the official OpenSSL API. Please don't expect any support w.r.t. compilation or compatibility problems if you do include them in your application, even more if it's compiled using a C++ compiler. It would be more helpful if you would tell us *why* you are including ssl_locl.h and what you are trying to achieve. Then we might be able to tell you how you could achieve your goal using the officially supported API. Please note that many of the OpenSSL structures were made opaque in version 1.1.0. This means that there are only forward declarations of the structures in the public headers and the compiler does not get to see the structure members. Instead of directly accessing the members, it is now necessary to use accessor functions (a.k.a. getters and setters). If this is the reason why you are including private OpenSSL headers then you should adopt you application to use the new accessors instead, instead of forcing the impossible to circumvent the new policy. For more information, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.openssl.org_index.php_OpenSSL-5F1.1.0-5FChanges=DwIGaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=wpEV8Q2RDZjERhtJGZl9HajV9jd2dJFF10J30_YrPQo=sX1YilJaXloAQDzrjD3Lz-I6DOej3QduhsAanXOYxVM= Matthias Dr. Matthias St. Pierre Senior Software Engineer matthias.st.pie...@ncp-e.com<mailto:matthias.st.pie...@ncp-e.com> Phone: +49 911 9968-0 www.ncp-e.com<http://www.ncp-e.com> Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 • Nuremberg North American HQ: NCP engineering Inc. • 678 Georgia Ave. • Sunnyvale, CA 94085 East Coast Office: NCP engineering Inc. • 601 Cleveland S
RE: OpenSSL compilation errors in Windows
Hi Salz, I am working on that only. I will try to not use those internal files as per the suggestions. Thanks and regards, Nagalakshmi From: Salz, Rich Sent: Tuesday, October 1, 2019 6:30 PM To: Nagalakshmi V J ; Sergio NNX ; Dr. Matthias St. Pierre ; Michael Mueller Cc: openssl-users@openssl.org; Umamaheswari Nagarajan Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** Several people have told you the following: That is an *internal* openssl header file; do not use it. Remove the include statement from your code. Your code is wrong. That file is a C file, not compatible with C++ Why do you not listen? = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
RE: OpenSSL compilation errors in Windows
Thank you Matthias for the explanation. I am going through my code to understand why ssl_locl.h is included. I will check and get back on this ASAP. Also if there is other way to achieve that I will use the same. Thanks and regards, Nagalakshmi -Original Message- From: Dr. Matthias St. Pierre Sent: Tuesday, October 1, 2019 4:43 PM To: Nagalakshmi V J Cc: openssl-users@openssl.org; Umamaheswari Nagarajan Subject: AW: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** > We are using OpenSSL APIs in our product code. We are not making any changes > in OpenSSL. > Our product code is a C++ code and it makes use of openSSL APIs for some > functionality. Local headers (like "ssl_locl.h" and "packet_locl.h") are *NOT* part of the official OpenSSL API. Please don't expect any support w.r.t. compilation or compatibility problems if you do include them in your application, even more if it's compiled using a C++ compiler. It would be more helpful if you would tell us *why* you are including ssl_locl.h and what you are trying to achieve. Then we might be able to tell you how you could achieve your goal using the officially supported API. Please note that many of the OpenSSL structures were made opaque in version 1.1.0. This means that there are only forward declarations of the structures in the public headers and the compiler does not get to see the structure members. Instead of directly accessing the members, it is now necessary to use accessor functions (a.k.a. getters and setters). If this is the reason why you are including private OpenSSL headers then you should adopt you application to use the new accessors instead, instead of forcing the impossible to circumvent the new policy. For more information, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.openssl.org_index.php_OpenSSL-5F1.1.0-5FChanges=DwIGaQ=cxWN2QSDopt5SklNfbjIjg=zbjUR56YPF3jaTRTjX4KZlHM9-LmYAuR5atSqEGOnpA=wpEV8Q2RDZjERhtJGZl9HajV9jd2dJFF10J30_YrPQo=sX1YilJaXloAQDzrjD3Lz-I6DOej3QduhsAanXOYxVM= Matthias Dr. Matthias St. Pierre Senior Software Engineer matthias.st.pie...@ncp-e.com Phone: +49 911 9968-0 www.ncp-e.com Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 • Nuremberg North American HQ: NCP engineering Inc. • 678 Georgia Ave. • Sunnyvale, CA 94085 East Coast Office: NCP engineering Inc. • 601 Cleveland Str., Suite 501-25 • Clearwater, FL 33755 Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich Registry Court: Lower District Court of Nuremberg Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE 133557619 This e-mail message including any attachments is for the sole use of the intended recipient(s) and may contain privileged or confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply e-mail and delete the original message and destroy all copies thereof. = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
Re: OpenSSL compilation errors in Windows
Several people have told you the following: That is an *internal* openssl header file; do not use it. Remove the include statement from your code. Your code is wrong. That file is a C file, not compatible with C++ Why do you not listen?
AW: OpenSSL compilation errors in Windows
> We are using OpenSSL APIs in our product code. We are not making any changes > in OpenSSL. > Our product code is a C++ code and it makes use of openSSL APIs for some > functionality. Local headers (like "ssl_locl.h" and "packet_locl.h") are *NOT* part of the official OpenSSL API. Please don't expect any support w.r.t. compilation or compatibility problems if you do include them in your application, even more if it's compiled using a C++ compiler. It would be more helpful if you would tell us *why* you are including ssl_locl.h and what you are trying to achieve. Then we might be able to tell you how you could achieve your goal using the officially supported API. Please note that many of the OpenSSL structures were made opaque in version 1.1.0. This means that there are only forward declarations of the structures in the public headers and the compiler does not get to see the structure members. Instead of directly accessing the members, it is now necessary to use accessor functions (a.k.a. getters and setters). If this is the reason why you are including private OpenSSL headers then you should adopt you application to use the new accessors instead, instead of forcing the impossible to circumvent the new policy. For more information, see https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes Matthias
RE: OpenSSL compilation errors in Windows
Hi Sergio, We are using OpenSSL APIs in our product code. We are not making any changes in OpenSSL. Our product code is a C++ code and it makes use of openSSL APIs for some functionality. This compilation error we are getting in Linux and windows platforms. But in Linux, we have a '-fpermissive' flag which is suppressing those errors as warnings and so compilation is getting successful. The issue here is in Windows , we are not able to find alternative flag for -'fpermissive' in Visual studio and due to that compilation is unsuccessful. It would be helpful if anyone suggests some option to get the compilation successful. Thanks and regards, Nagalakshmi From: Sergio NNX Sent: Monday, September 30, 2019 9:06 PM To: Dr. Matthias St. Pierre ; Nagalakshmi V J ; Michael Mueller Cc: openssl-users@openssl.org; Umamaheswari Nagarajan Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** Ciao. I haven't had a chance to compile the exact OpenSSL version using g++ compiler as stated by the user/poster. If this user is using a modified or altered version of OpenSSL provided source code, is there support available? Don't get me wrong, I don't mind helping out but . I'll try to compile OpenSSL source code this evening and I'll post my findings here. Regards. Sergio. From: openssl-users mailto:openssl-users-boun...@openssl.org>> on behalf of Dr. Matthias St. Pierre mailto:matthias.st.pie...@ncp-e.com>> Sent: Tuesday, 1 October 2019 12:28 AM To: Nagalakshmi V J mailto:nagalakshm...@altran.com>>; Michael Mueller mailto:abaci@gmail.com>> Cc: openssl-users@openssl.org<mailto:openssl-users@openssl.org> mailto:openssl-users@openssl.org>>; Umamaheswari Nagarajan mailto:umamaheswari.nagara...@altran.com>> Subject: AW: OpenSSL compilation errors in Windows > OpenSSL code is compiling without any issues. When it is used from our > product code and while compiling using C++ compiler, the issue is seen. As I wrote previously, the error you posted was caused by the fact that you are compiling Ansi C (a.k.a ISO/IEC 9899:1990, a.k.a C90) source code using a C++ compiler. While C permits a cast from 'void *' to 'anytype *', C++ doesn't allow it without an explicit cast. Only the *public* OpenSSL headers are guaranteed to be includable by a C++ compiler (they contain the necessary ` extern "C" ` blocks, etc.), not the internal headers. Including *internal* headers is neither supported nor possible with a C++ compiler. And as Matt Caswell already told you, there are no compatibility guarantees for those headers. Matthias = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
Re: OpenSSL compilation errors in Windows
Ciao. I haven't had a chance to compile the exact OpenSSL version using g++ compiler as stated by the user/poster. If this user is using a modified or altered version of OpenSSL provided source code, is there support available? Don't get me wrong, I don't mind helping out but . I'll try to compile OpenSSL source code this evening and I'll post my findings here. Regards. Sergio. From: openssl-users on behalf of Dr. Matthias St. Pierre Sent: Tuesday, 1 October 2019 12:28 AM To: Nagalakshmi V J ; Michael Mueller Cc: openssl-users@openssl.org ; Umamaheswari Nagarajan Subject: AW: OpenSSL compilation errors in Windows > OpenSSL code is compiling without any issues. When it is used from our > product code and while compiling using C++ compiler, the issue is seen. As I wrote previously, the error you posted was caused by the fact that you are compiling Ansi C (a.k.a ISO/IEC 9899:1990, a.k.a C90) source code using a C++ compiler. While C permits a cast from ‘void *’ to ‘anytype *’, C++ doesn’t allow it without an explicit cast. Only the *public* OpenSSL headers are guaranteed to be includable by a C++ compiler (they contain the necessary ` extern “C” ` blocks, etc.), not the internal headers. Including *internal* headers is neither supported nor possible with a C++ compiler. And as Matt Caswell already told you, there are no compatibility guarantees for those headers. Matthias
AW: OpenSSL compilation errors in Windows
> OpenSSL code is compiling without any issues. When it is used from our > product code and while compiling using C++ compiler, the issue is seen. As I wrote previously, the error you posted was caused by the fact that you are compiling Ansi C (a.k.a ISO/IEC 9899:1990, a.k.a C90) source code using a C++ compiler. While C permits a cast from ‘void *’ to ‘anytype *’, C++ doesn’t allow it without an explicit cast. Only the *public* OpenSSL headers are guaranteed to be includable by a C++ compiler (they contain the necessary ` extern “C” ` blocks, etc.), not the internal headers. Including *internal* headers is neither supported nor possible with a C++ compiler. And as Matt Caswell already told you, there are no compatibility guarantees for those headers. Matthias
RE: OpenSSL compilation errors in Windows
Hi Michael, OpenSSL code is compiling without any issues. When it is used from our product code and while compiling using C++ compiler, the issue is seen. We also don’t use the ‘warning as errors’ and warning level 3 we are using currently. Thanks and regards, Nagalakshmi From: Michael Mueller Sent: Monday, September 30, 2019 4:05 PM To: Nagalakshmi V J Cc: openssl-users@openssl.org; Umamaheswari Nagarajan Subject: Re: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** We compile using Visual Studio. We don't use 'warnings as errors' and selected a warning level that minimized warnings. The 'make test' runs cleanly. On Mon, Sep 30, 2019, 3:16 AM Nagalakshmi V J mailto:nagalakshm...@altran.com>> wrote: Hi, I am using openssl 1.1.c from our product code. While compiling the code, I am getting the errors which can be suppressed as warnings using -fpermissive flag in Linux (gcc/g++). In windows, I am getting the same compilation errors in visual studio (2005). Would like to know the alternative of -fpermissive flag that can be used in visual studio to suppress the errors. I tried adding the flags such as '/fpermissive' , '/Ze' in module properties->C/C++->command Line->Additional options. But it did not resolve the problem. Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to pointer to non-'void' requires an explicit cast Since it is giving error in Openssl code, we cannot make any code changes there. Has anyone faced this kind of issue? Please let me know how to resolve this issue. Thanks and regards, Nagalakshmi = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. = = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
Re: OpenSSL compilation errors in Windows
On 30/09/2019 11:56, Nagalakshmi V J wrote: > In our code, We included “ssl_locl.h” which in turn includes packet_locl.h. > Any > way to avoid this kind of error? Don't include "ssl_locl.h"!!! This is an internal header file and relying on it is likely to cause problems for you. There are no stability guarantees if you use internal stuff. For example commit b5acbf9148 just renamed that file to ssl_local.h. That change will be in OpenSSL 1.1.1e - so your code will break at that point if you upgrade. Anything in your code that relies on that internal data will need to be rewritten to use the public APIs instead. Matt > > > > Thanks and regards, > > Nagalakshmi > > > > -Original Message- > From: Dr. Matthias St. Pierre > Sent: Monday, September 30, 2019 2:10 PM > To: Nagalakshmi V J ; openssl-users@openssl.org > Cc: Umamaheswari Nagarajan > Subject: AW: OpenSSL compilation errors in Windows > > > > ** This mail has been sent from an external source ** > > > > > >> Getting the errors like below. ssl/packet_locl.h(429) : error C2440: > >> '=' : cannot convert from 'void *' to 'unsigned char 'Conversion from > >> 'void' to pointer to non-'void' requires an explicit cast > > > > Is it possible that your error message was copied incorrectly? Line 429 is an > assignment from 'void *' to 'unsigned char*', not to 'unsigned char'. > > > > Such an assignment is allowed in C (and the type is implicitly converted), but > not in C++. Is it possible, that you are including this header in a module > compiled with a C++ compiler? Note that this is an internal header file and > not > meant to be included by third party software. > > > > HTH, > > Matthias > > > > > > > > > > > > > > Dr. Matthias St. Pierre > > Senior Software Engineer > > matthias.st.pie...@ncp-e.com <mailto:matthias.st.pie...@ncp-e.com> > > Phone: +49 911 9968-0 > > www.ncp-e.com <http://www.ncp-e.com> > > > > Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 • > Nuremberg North American HQ: NCP engineering Inc. • 678 Georgia Ave. • > Sunnyvale, CA 94085 East Coast Office: NCP engineering Inc. • 601 Cleveland > Str., Suite 501-25 • Clearwater, FL 33755 > > > > Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich > Registry Court: Lower District Court of Nuremberg Commercial register No.: HRB > 7786 Nuremberg, VAT identification No.: DE 133557619 > > > > This e-mail message including any attachments is for the sole use of the > intended recipient(s) and may contain privileged or confidential information. > Any unauthorized review, use, disclosure or distribution is prohibited. If you > are not the intended recipient, please immediately contact the sender by reply > e-mail and delete the original message and destroy all copies thereof. > > Von: openssl-users <mailto:openssl-users-boun...@openssl.org>> Im Auftrag von Nagalakshmi V J > > Gesendet: Montag, 30. September 2019 08:44 > > An: openssl-users@openssl.org <mailto:openssl-users@openssl.org> > > Cc: Umamaheswari Nagarajan <mailto:umamaheswari.nagara...@altran.com>> > > Betreff: OpenSSL compilation errors in Windows > > > > Hi, > > I am using openssl 1.1.c from our product code. While compiling the code, I am > getting the errors which can be suppressed as warnings using -fpermissive flag > in Linux (gcc/g++). In windows, I am getting the same compilation errors in > visual studio (2005). Would like to know the alternative of -fpermissive flag > that can be used in visual studio to suppress the errors. > > I tried adding the flags such as '/fpermissive' , '/Ze' in module > properties->C/C++->command Line->Additional options. But it did not resolve > the > problem. > > Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : > cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to > pointer to non-'void' requires an explicit cast > > > > Since it is giving error in Openssl code, we cannot make any code changes > there. > Has anyone faced this kind of issue? > > Please let me know how to resolve this issue. > > > > > > > > Thanks and regards, > > Nagalakshmi > > > > = > > Please refer to https://northamerica.altran.com/email-disclaimer > > for important disclosures regarding this electronic communication. > > = > > = > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > =
RE: OpenSSL compilation errors in Windows
Hi Matthias, Yes that's right. The error message is ..\..\OpenSSL\openssl-1.1.1c\crypto\../ssl/packet_locl.h(429) : error C2440: '=' : cannot convert from 'void *' to 'unsigned char *' Conversion from 'void*' to pointer to non-'void' requires an explicit cast Sorry, it was missed by mistake. So how can we avoid this? In our code, We included “ssl_locl.h” which in turn includes packet_locl.h. Any way to avoid this kind of error? Thanks and regards, Nagalakshmi -Original Message- From: Dr. Matthias St. Pierre Sent: Monday, September 30, 2019 2:10 PM To: Nagalakshmi V J ; openssl-users@openssl.org Cc: Umamaheswari Nagarajan Subject: AW: OpenSSL compilation errors in Windows ** This mail has been sent from an external source ** > Getting the errors like below. ssl/packet_locl.h(429) : error C2440: > '=' : cannot convert from 'void *' to 'unsigned char 'Conversion from > 'void' to pointer to non-'void' requires an explicit cast Is it possible that your error message was copied incorrectly? Line 429 is an assignment from 'void *' to 'unsigned char*', not to 'unsigned char'. Such an assignment is allowed in C (and the type is implicitly converted), but not in C++. Is it possible, that you are including this header in a module compiled with a C++ compiler? Note that this is an internal header file and not meant to be included by third party software. HTH, Matthias Dr. Matthias St. Pierre Senior Software Engineer matthias.st.pie...@ncp-e.com<mailto:matthias.st.pie...@ncp-e.com> Phone: +49 911 9968-0 www.ncp-e.com<http://www.ncp-e.com> Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 • Nuremberg North American HQ: NCP engineering Inc. • 678 Georgia Ave. • Sunnyvale, CA 94085 East Coast Office: NCP engineering Inc. • 601 Cleveland Str., Suite 501-25 • Clearwater, FL 33755 Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich Registry Court: Lower District Court of Nuremberg Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE 133557619 This e-mail message including any attachments is for the sole use of the intended recipient(s) and may contain privileged or confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply e-mail and delete the original message and destroy all copies thereof. Von: openssl-users mailto:openssl-users-boun...@openssl.org>> Im Auftrag von Nagalakshmi V J Gesendet: Montag, 30. September 2019 08:44 An: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Cc: Umamaheswari Nagarajan mailto:umamaheswari.nagara...@altran.com>> Betreff: OpenSSL compilation errors in Windows Hi, I am using openssl 1.1.c from our product code. While compiling the code, I am getting the errors which can be suppressed as warnings using -fpermissive flag in Linux (gcc/g++). In windows, I am getting the same compilation errors in visual studio (2005). Would like to know the alternative of -fpermissive flag that can be used in visual studio to suppress the errors. I tried adding the flags such as '/fpermissive' , '/Ze' in module properties->C/C++->command Line->Additional options. But it did not resolve the problem. Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to pointer to non-'void' requires an explicit cast Since it is giving error in Openssl code, we cannot make any code changes there. Has anyone faced this kind of issue? Please let me know how to resolve this issue. Thanks and regards, Nagalakshmi = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. = = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
Re: OpenSSL compilation errors in Windows
We compile using Visual Studio. We don't use 'warnings as errors' and selected a warning level that minimized warnings. The 'make test' runs cleanly. On Mon, Sep 30, 2019, 3:16 AM Nagalakshmi V J wrote: > Hi, > > I am using openssl 1.1.c from our product code. While compiling the code, > I am getting the errors which can be suppressed as warnings using > -fpermissive flag in Linux (gcc/g++). In windows, I am getting the same > compilation errors in visual studio (2005). Would like to know the > alternative of -fpermissive flag that can be used in visual studio to > suppress the errors. > > I tried adding the flags such as '/fpermissive' , '/Ze' in module > properties->C/C++->command Line->Additional options. But it did not resolve > the problem. > > *Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' > : cannot convert from 'void *' to 'unsigned char **'Conversion from 'void**' > to pointer to non-'void' requires an explicit cast* > > > > Since it is giving error in Openssl code, we cannot make any code changes > there. Has anyone faced this kind of issue? > > Please let me know how to resolve this issue. > > > > > > > > *Thanks and regards,* > > *Nagalakshmi* > > > = > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > = >
AW: OpenSSL compilation errors in Windows
> Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : > cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to > pointer to non-'void' requires an explicit cast Is it possible that your error message was copied incorrectly? Line 429 is an assignment from 'void *' to 'unsigned char*', not to 'unsigned char'. Such an assignment is allowed in C (and the type is implicitly converted), but not in C++. Is it possible, that you are including this header in a module compiled with a C++ compiler? Note that this is an internal header file and not meant to be included by third party software. HTH, Matthias Von: openssl-users Im Auftrag von Nagalakshmi V J Gesendet: Montag, 30. September 2019 08:44 An: openssl-users@openssl.org Cc: Umamaheswari Nagarajan Betreff: OpenSSL compilation errors in Windows Hi, I am using openssl 1.1.c from our product code. While compiling the code, I am getting the errors which can be suppressed as warnings using -fpermissive flag in Linux (gcc/g++). In windows, I am getting the same compilation errors in visual studio (2005). Would like to know the alternative of -fpermissive flag that can be used in visual studio to suppress the errors. I tried adding the flags such as '/fpermissive' , '/Ze' in module properties->C/C++->command Line->Additional options. But it did not resolve the problem. Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to pointer to non-'void' requires an explicit cast Since it is giving error in Openssl code, we cannot make any code changes there. Has anyone faced this kind of issue? Please let me know how to resolve this issue. Thanks and regards, Nagalakshmi = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
OpenSSL compilation errors in Windows
Hi, I am using openssl 1.1.c from our product code. While compiling the code, I am getting the errors which can be suppressed as warnings using -fpermissive flag in Linux (gcc/g++). In windows, I am getting the same compilation errors in visual studio (2005). Would like to know the alternative of -fpermissive flag that can be used in visual studio to suppress the errors. I tried adding the flags such as '/fpermissive' , '/Ze' in module properties->C/C++->command Line->Additional options. But it did not resolve the problem. Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to pointer to non-'void' requires an explicit cast Since it is giving error in Openssl code, we cannot make any code changes there. Has anyone faced this kind of issue? Please let me know how to resolve this issue. Thanks and regards, Nagalakshmi = Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =
Re: Linker errors when trying to build OpenSSL with MD2 and RC5 support
Did you read my previous response, where I listed the relevant Configure options? Be sure to expand included text, if you're using one of those braindead MUAs which hide it.
Re: Linker errors when trying to build OpenSSL with MD2 and RC5 support
Are there additional commands I have to pass to the Configure module if I want to build completely static libs? If so, what are they?
RE: Linker errors when trying to build OpenSSL with MD2 and RC5 support
Again, please don't send questions about OpenSSL directly to me. I am not a member of the OpenSSL Project. > From: Osman Zakir [mailto:osmanzaki...@hotmail.com] > Sent: Saturday, September 14, 2019 10:54 > I'm not trying to build a DLL, though. I want to build a static .lib library > (are there > additional commands I need to give to make it build static libs?). Yes, and they're documented in the Configure options just like everything else. You need to configure with "no-shared" to disable the building of shared libraries. You may want no-dynamic-engine to have engines linked statically rather than loaded at runtime, no-zlib-dynamic for the same reason, and no-dso to disable loading of objects at runtime (though I'm not sure this has any effect on Windows builds). I don't think no-pic has any effect on Windows. I can't guess what options you actually might want because you STILL haven't told us what you're trying to do, and why. -- Michael Wojcik Distinguished Engineer, Micro Focus
RE: Linker errors when trying to build OpenSSL with MD2 and RC5 support
> From: Osman Zakir [mailto:osmanzaki...@hotmail.com] > Sent: Friday, September 13, 2019 18:06 > I won't build with either one enabled if that's better, but I'd still like to > know how > to fix those linker errors. Someone should probably look into that, but I don't have time to; and if no one else from the community picks it up, you'll probably have to wait until someone from the OpenSSL team has a chance to get to it. Does the DLL you built have the missing symbols? (Try "dumpbin /exports libssl-1_1-x64.dll | findstr EVP_md2" in the apps directory.) If so, the link is picking up the wrong import library. If not, something didn't get rebuilt correctly. > I do also want to ask what AFALG is and if I should enable it or not (and > what happens > if I do). I answered this in one of my other replies, sent Thursday 12 September. The afalg engine is only applicable to Linux. -- Michael Wojcik Distinguished Engineer, Micro Focus
Re: Linker errors when trying to build OpenSSL with MD2 and RC5 support
I'll just put both email addresses in for "To" then. I won't build with either one enabled if that's better, but I'd still like to know how to fix those linker errors. I do also want to ask what AFALG is and if I should enable it or not (and what happens if I do).
RE: Linker errors when trying to build OpenSSL with MD2 and RC5 support
> From: Osman Zakir [mailto:osmanzaki...@hotmail.com] > Sent: Friday, September 13, 2019 13:26 > I had a successful build before I configured it again to try to get MD2 and > RC5, so I > didn't see a reason to clean the build. Reconfiguring changes the makefiles. You should always clean after a reconfigure. That's true for the vast majority of software projects that use a makefile-creating build process. > But I also want to know after that whether or not it's possible to enable all > of the > algorithms supported by OpenSSL version 1.1.1d. If it's not possible to enable an algorithm, it isn't actually "supported", is it? If Configure claims a particular algorithm can be enabled, then if it's not actually possible to build with it enabled and use it, I'd say that's a bug somewhere. I haven't tried to build with all possible Configure options enabled, though. -- Michael Wojcik Distinguished Engineer, Micro Focus
Re: Linker errors when trying to build OpenSSL with MD2 and RC5 support
I had a successful build before I configured it again to try to get MD2 and RC5, so I didn't see a reason to clean the build. I did clean it now after the failure happened. I'll try to fix these errors for now, so please help me with that. But I also want to know after that whether or not it's possible to enable all of the algorithms supported by OpenSSL version 1.1.1d.
RE: Linker errors when trying to build OpenSSL with MD2 and RC5 support
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Osman Zakir > Sent: Friday, September 13, 2019 11:30 > I had linker errors when trying to build OpenSSL with MD2 and RC5 support. Did you clean after configuring? > I'm also tempted to try getting the latest bleeding edge version from GitHub. > I > wonder if I should try that. If you're bored with your current set of problems and want a different set, sure. If you're hoping to make progress, I wouldn't recommend it. -- Michael Wojcik Distinguished Engineer, Micro Focus
Linker errors when trying to build OpenSSL with MD2 and RC5 support
I had linker errors when trying to build OpenSSL with MD2 and RC5 support. I ran this command: " perl Configure VC-WIN64A --with-zlib-lib=C:/zlib/lib/zlibstatic --with-zlib-include=C:/zlib/include enable-md2 enable-rc5 --release " and had the messages I've put in this Gist in the output: https://gist.github.com/DragonOsman/e81ff5590561d999dce5b2f7ddb9d3bd . I had some warnings and one error from the Linker when trying to build the Win32::Console Perl module, but I still got the module itself. Could that be a reason for my problem? And also, how can I enable all of the cryptography algorithms without getting errors (is this possible?)? I'm also tempted to try getting the latest bleeding edge version from GitHub. I wonder if I should try that.
Re: Errors building 1.1.1 on RHEL 7
> On Jul 18, 2019, at 3:13 PM, Mark Richter wrote: > > 2. Not at all clear on what the "_OPT" part means - do I need to change my > source code to use this for accessors or ??? Just try it and see. The "_OPT" in the symbol version is internally generated from "-opt" in the shlib_variant SONAME. To support multiple shlib_variants now or in the future, add the major.minor (ABI version) to the variant tag: shlib_variant => "-opt1.1" shlib_variant => "-opt1.2" shlib_variant => "-somevendor-3.0" ... The non-alnum characters in the shlib_variant map to "_" in the symbol version, and the letters are mapped to upper case (IIRC). -- Viktor.
Re: Errors building 1.1.1 on RHEL 7
> On Jul 18, 2019, at 2:57 PM, Mark Richter wrote: > > Also, once I figure out the build issues, how can I statically link the ssl > libraries into my app? (That way we don't require our customers to build and > install OpenSSL 1.1.1 pon their RHEL 7 hosts.) Are there any gotchas to > doing this? E.g., our app also uses the curl library, which I believe uses > the default openssl on the host. Static linking has much worse library version conflicts than dynamic linking if you're delivering a library, or if your application will run on systems where the C-library (perhaps through nsswitch modules) also loads the default OpenSSL. You lose the isolation made possible by symbol versioning with dynamic libraries. If you want to ship code to users to deploy on their own systems you should generally use whichever OpenSSL is in the base platform. To deliver a custom OpenSSL, for your application only, you'll need to build a shlib_variant shared library and perhaps make its location flexible using $ORIGIN in the dependent's run path. -- Viktor.
RE: Errors building 1.1.1 on RHEL 7
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Mark Richter > Sent: Thursday, July 18, 2019 12:57 > > Is Linux considered to be the same as (or similar enough to) Unix w.r.t. the > building instructions? I'm reading the INSTALL file and it doesn't mention > Linux (nor are there templates for, etc.). Yes. Note there are a couple of references to Linux in NOTES.UNIX (and in NOTES.PERL). There are Linux-relevant stanzas in config, and so on. We build on a number of Linux platforms and distributions, including some obscure ones, generally without issues. > Also, once I figure out the build issues, how can I statically link the ssl > libraries into my app? You can Configure it for static linkage before building it, but per NOTES.UNIX you should get a set of static (archive) libraries as well as the dynamic ones even if you don't. I recommend building OpenSSL as loadable - e.g. as PIC (position-independent code) on ELF platforms such as Linux - even if you intend to link it statically. Then you have the option of statically linking it into a shared object. That's what we do: build OpenSSL as loadable, and link it statically into our own wrapper library, which is a shared object (or DLL on Windows). > Are there any gotchas to > doing this? E.g., our app also uses the curl library, which I believe uses > the default openssl on the host. As Viktor explained in some recent messages to the list, you may need to build OpenSSL with munged symbol names, to ensure each OpenSSL library resolves symbols to itself. However, if you're linking it statically that probably won't be an issue. Aside from that it shouldn't be a problem, as long as you don't try to share OpenSSL objects between the OpenSSL binaries. -- Michael Wojcik Distinguished Engineer, Micro Focus
RE: Errors building 1.1.1 on RHEL 7
> -Original Message- > From: openssl-users On Behalf Of Viktor > Dukhovni > Sent: Wednesday, July 17, 2019 12:42 PM > To: openssl-users@openssl.org > Subject: Re: Errors building 1.1.1 on RHEL 7 >: > 4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1" > or similar for the custom target platorm. Make sure that the > SONAME and symbol versions contain the "-opt" or "_OPT" tweak. In reading the various README and INSTALL files, I'm not entirely clear on what this means. I'm guessing: 1. During the build, the makefile ld flags have to include the variant -opt to get the right libraries to link. 2. Not at all clear on what the "_OPT" part means - do I need to change my source code to use this for accessors or ??? Thanks. The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error, please notify the sender immediately and delete the message. Unless you are an addressee (or authorized to receive for an addressee), you may not use, copy or disclose to anyone this message or any information contained in this message. The unauthorized use, disclosure, copying or alteration of this message is strictly prohibited.
RE: Errors building 1.1.1 on RHEL 7
-Original Message- [edited] From: openssl-users On Behalf Of Viktor Dukhovni Sent: Wednesday, July 17, 2019 6:17 PM To: openssl-users@openssl.org Subject: Re: Errors building 1.1.1 on RHEL 7 >>> 2. Configure your OpenSSL build to use the corresponding "rpath": >>> -Wl,-rpath,/opt/openssl/1.1/lib >>> > > Again, how do I specify that? > >Command-line argument to "Configure" or custom platform template. Is Linux considered to be the same as (or similar enough to) Unix w.r.t. the building instructions? I'm reading the INSTALL file and it doesn't mention Linux (nor are there templates for, etc.). Also, once I figure out the build issues, how can I statically link the ssl libraries into my app? (That way we don't require our customers to build and install OpenSSL 1.1.1 pon their RHEL 7 hosts.) Are there any gotchas to doing this? E.g., our app also uses the curl library, which I believe uses the default openssl on the host. Thanks. Mark The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error, please notify the sender immediately and delete the message. Unless you are an addressee (or authorized to receive for an addressee), you may not use, copy or disclose to anyone this message or any information contained in this message. The unauthorized use, disclosure, copying or alteration of this message is strictly prohibited.
Re: Errors building 1.1.1 on RHEL 7
Probably, disregard: the problem seems to be related to the incomplete support for ISO C11 in GCC on CentOS (and I'm willing to bet - on RHEL). Changing the standard to "-std=gnu99" lead to a successful build with all the tests passing. On 7/18/19, 12:28 PM, "openssl-users on behalf of Blumenthal, Uri - 0553 - MITLL" wrote: I'm getting a somewhat different error trying to build OpenSSL_1_1_1-stable on CentOS 7 (similar to RHEL 7). Configuration: ./config --prefix=$HOME/openssl-1.1 --debug --openssldir=$HOME/openssl-1.1/etc --with-rand-seed=rdcpu enable-aria enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-zlib-dynamic shared threads enable-rfc3779 enable-ssl-trace Followed by make depend && make clean && make -j 2 all && make test && make install I'm appending the output of "perl configdata.pm -d" at the end. Here's the problem: . . . . . gcc -I. -Icrypto/include -Iinclude -fPIC -pthread -m64 -Wa,--noexecstack -std=gnu11 -O3 -march=native -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/home/ur20980/openssl-1.1/etc\"" -DENGINESDIR="\"/home/ur20980/openssl-1.1/lib/engines-1.1\"" -DZLIB -DZLIB_SHARED -MMD -MF crypto/asn1/a_strex.d.tmp -MT crypto/asn1/a_strex.o -c -o crypto/asn1/a_strex.o crypto/asn1/a_strex.c In file included from crypto/include/internal/evp_int.h:11:0, from crypto/asn1/a_sign.c:22: include/internal/refcount.h:21:25: fatal error: stdatomic.h: No such file or directory # include ^ compilation terminated. make[1]: *** [crypto/asn1/a_sign.o] Error 1 make[1]: *** Waiting for unfinished jobs This is the compiler used: $ gcc -v Using built-in specs. COLLECT_GCC=/usr/bin/gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/4.8.5/lto-wrapper Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-linker-hash-style=gnu --enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto --enable-plugin --enable-initfini-array --disable-libgcj --with-isl=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/isl-install --with-cloog=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/cloog-install --enable-gnu-indirect-function --with-tune=generic --with-arch_32=x86-64 --build=x86_64-redhat-linux Thread model: posix gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) $ External flags: $ env | grep FLAGS CXXFLAGS=-std=gnu++11 -O3 -march=native CFLAGS=-std=gnu11 -O3 -march=native $ Finally, output of "perl configdata.pm -d": Command line (with current working directory = .): /usr/bin/perl ./Configure linux-x86_64 --prefix=/home/ur20980/openssl-1.1 --debug --openssldir=/home/ur20980/openssl-1.1/etc --with-rand-seed=rdcpu enable-aria enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-zlib-dynamic shared threads enable-rfc3779 enable-ssl-trace Perl information: /usr/bin/perl 5.16.3 for x86_64-linux-thread-multi Enabled features: aria asm async autoalginit autoerrinit autoload-config bf blake2 buildtest-c\+\+ camellia capieng cast chacha cmac cms comp ct deprecated des dgram dh dsa dtls dynamic-engine ec ec2m ecdh ecdsa ec_nistp_64_gcc_128 engine err filenames gost hw(-.+)? idea makedepend md2 md4 mdc2 multiblock nextprotoneg pinshared ocb ocsp pic poly1305 posix-io psk rc2 rc4 rc5 rdrand rfc3779 rmd160 scrypt seed shared siphash sm2 sm3 sm4 sock srp srtp sse2 ssl ssl-trace static-engine stdio tests threads tls ts ui-console whirlpool weak-ssl-ciphers zlib
Re: Errors building 1.1.1 on RHEL 7
I'm getting a somewhat different error trying to build OpenSSL_1_1_1-stable on CentOS 7 (similar to RHEL 7). Configuration: ./config --prefix=$HOME/openssl-1.1 --debug --openssldir=$HOME/openssl-1.1/etc --with-rand-seed=rdcpu enable-aria enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-zlib-dynamic shared threads enable-rfc3779 enable-ssl-trace Followed by make depend && make clean && make -j 2 all && make test && make install I'm appending the output of "perl configdata.pm -d" at the end. Here's the problem: . . . . . gcc -I. -Icrypto/include -Iinclude -fPIC -pthread -m64 -Wa,--noexecstack -std=gnu11 -O3 -march=native -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/home/ur20980/openssl-1.1/etc\"" -DENGINESDIR="\"/home/ur20980/openssl-1.1/lib/engines-1.1\"" -DZLIB -DZLIB_SHARED -MMD -MF crypto/asn1/a_strex.d.tmp -MT crypto/asn1/a_strex.o -c -o crypto/asn1/a_strex.o crypto/asn1/a_strex.c In file included from crypto/include/internal/evp_int.h:11:0, from crypto/asn1/a_sign.c:22: include/internal/refcount.h:21:25: fatal error: stdatomic.h: No such file or directory # include ^ compilation terminated. make[1]: *** [crypto/asn1/a_sign.o] Error 1 make[1]: *** Waiting for unfinished jobs This is the compiler used: $ gcc -v Using built-in specs. COLLECT_GCC=/usr/bin/gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/4.8.5/lto-wrapper Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-linker-hash-style=gnu --enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto --enable-plugin --enable-initfini-array --disable-libgcj --with-isl=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/isl-install --with-cloog=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/cloog-install --enable-gnu-indirect-function --with-tune=generic --with-arch_32=x86-64 --build=x86_64-redhat-linux Thread model: posix gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) $ External flags: $ env | grep FLAGS CXXFLAGS=-std=gnu++11 -O3 -march=native CFLAGS=-std=gnu11 -O3 -march=native $ Finally, output of "perl configdata.pm -d": Command line (with current working directory = .): /usr/bin/perl ./Configure linux-x86_64 --prefix=/home/ur20980/openssl-1.1 --debug --openssldir=/home/ur20980/openssl-1.1/etc --with-rand-seed=rdcpu enable-aria enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-zlib-dynamic shared threads enable-rfc3779 enable-ssl-trace Perl information: /usr/bin/perl 5.16.3 for x86_64-linux-thread-multi Enabled features: aria asm async autoalginit autoerrinit autoload-config bf blake2 buildtest-c\+\+ camellia capieng cast chacha cmac cms comp ct deprecated des dgram dh dsa dtls dynamic-engine ec ec2m ecdh ecdsa ec_nistp_64_gcc_128 engine err filenames gost hw(-.+)? idea makedepend md2 md4 mdc2 multiblock nextprotoneg pinshared ocb ocsp pic poly1305 posix-io psk rc2 rc4 rc5 rdrand rfc3779 rmd160 scrypt seed shared siphash sm2 sm3 sm4 sock srp srtp sse2 ssl ssl-trace static-engine stdio tests threads tls ts ui-console whirlpool weak-ssl-ciphers zlib zlib-dynamic tls1 tls1-method tls1_1 tls1_1-method tls1_2 tls1_2-method tls1_3 dtls1 dtls1-method dtls1_2 dtls1_2-method Disabled features: afalgeng[too-old-kernel] asan[default]OPENSSL_NO_ASAN crypto-mdebug [default]OPENSSL_NO_CRYPTO_MDEBUG crypto-mdebug-backtrace [default]OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE devcryptoeng[default]OPENSSL_NO_DEVCRYPTOENG egd [default]OPENSSL_NO_EGD external-tests [default]OPENSSL_NO_EXTERNAL_TESTS fuzz-libfuzzer [default]OPENSSL_NO_FUZZ_LIBFUZZER fuzz-afl[default]OPENSSL_NO_FUZZ_AFL heartbeats [default]OPENSSL_NO_HEARTBEATS msan
Re: Errors building 1.1.1 on RHEL 7
On Thu, Jul 18, 2019 at 12:54:51AM +, Mark Richter wrote: > I'm still really new at this - a few questions: Understood. > 1. Choose some location that is not on the default library search path > to install the 1.1.1 custom libraries. I use /opt/openssl/1.1/lib > > > How do I specify that? A config parameter (and which one)? --prefix=/opt/openssl/1.1 > 2. Configure your OpenSSL build to use the corresponding "rpath": > -Wl,-rpath,/opt/openssl/1.1/lib > > > Again, how do I specify that? Command-line argument to "Configure" or custom platform template. > 3. Add a custom target platform to the "targets" array in > Configurations/.conf. This can inherit from > the configuration you're using now, but add a setting > for "shlib_variant" as described in Configurations/README > > ... > inherit_from => "", > shlib_variant => "-opt", > ... > > I can find that... You'll to read the existing files in the "Configurations" directory, and cargo-cult a new target definition that meets your needs and also adds "shlib_variant". > 4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1" > or similar for the custom target platorm. Make sure that the > SONAME and symbol versions contain the "-opt" or "_OPT" tweak. > > > Not familiar with that tweak. Setting "shlib_variant" correctly is all it takes. The results can be verified via "readelf -d". I've not had the opportunity to write up the process in more step-by-step detail, perhaps if you get this working, you can write it as a contribution to the Wiki, or blog it, ... -- Viktor.
RE: Errors building 1.1.1 on RHEL 7
I'm still really new at this - a few questions: -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: Wednesday, July 17, 2019 12:42 PM To: openssl-users@openssl.org Subject: Re: Errors building 1.1.1 on RHEL 7 On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default search path), and especially when you're linking with other libraries that in turn were linked against the OpenSSL version in /usr/lib, using OpenSSL 1.1.1 in your application requires care... Specifically: 1. Choose some location that is not on the default library search path to install the 1.1.1 custom libraries. I use /opt/openssl/1.1/lib > How do I specify that? A config parameter (and which one)? 2. Configure your OpenSSL build to use the corresponding "rpath": -Wl,-rpath,/opt/openssl/1.1/lib > Again, how do I specify that? 3. Add a custom target platform to the "targets" array in Configurations/.conf. This can inherit from the configuration you're using now, but add a setting for "shlib_variant" as described in Configurations/README ... inherit_from => "", shlib_variant => "-opt", ... > I can find that... 4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1" or similar for the custom target platorm. Make sure that the SONAME and symbol versions contain the "-opt" or "_OPT" tweak. > Not familiar with that tweak. 5. Link your application against this library: -I/opt/openssl/1.1/include -L/opt/openssl/1.1/lib -Wl,-rpath,/opt/openssl/1.1/lib > Can do. 6. Check with "readelf -d" that the application records the expected SONAME for the OpenSSL library (libcrypto and/or libssl) dependencies. > Can do. You can now have your code using OpenSSL 1.1.1 and other libraries you use, using whichever OpenSSL they were compiled with. However, you cannot pass OpenSSL objects you create into such libraries, their use of OpenSSL must be self-contained. -- Viktor. The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error, please notify the sender immediately and delete the message. Unless you are an addressee (or authorized to receive for an addressee), you may not use, copy or disclose to anyone this message or any information contained in this message. The unauthorized use, disclosure, copying or alteration of this message is strictly prohibited.
Re: Errors building 1.1.1 on RHEL 7
> On Jul 17, 2019, at 3:41 PM, Viktor Dukhovni > wrote: > > On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default > search path), and especially when you're linking with other libraries that > in turn were linked against the OpenSSL version in /usr/lib, using OpenSSL > 1.1.1 in your application requires care... By the way, today I'm uneventfully running an SSH server and client that are linked against OpenSSL 1.0.2 for crypto in OpenSSH, but also Heimdal Kerberos for GSSAPI, which in turn is linked against OpenSSL 1.1.1 for its crypto. The two libraries coëxist (ships in the night) in the same process with no conflict. They are built with version-specific "shlib_variant" values, so that the symbol versions and SONAMEs are distinct. It all works. Perhaps there should be a blog-post or other document somewhere that explains this with a more detailed walk-through of the required steps. Anyone care to contribute? -- Viktor.
Re: Errors building 1.1.1 on RHEL 7
On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default search path), and especially when you're linking with other libraries that in turn were linked against the OpenSSL version in /usr/lib, using OpenSSL 1.1.1 in your application requires care... > On Jul 17, 2019, at 2:22 PM, Mark Richter wrote: > > However, although I modified our make file to use > '-I/usr/local/openssl/include' and '-L/usr/local/openssl/lib', I now see this > warning: > > cc -DLOG_LEVEL=LOG_INFO -Wall -Werror -D__ci_driver__ -D__ci_ul_driver__ > -D_GNU_SOURCE -DWITH_MCDI_V2 -DWITH_TLS12=0 > -DSOLAR_SECURE_VERSION="1.0.3.1020 (3bf2875895d5+ Wed Jul 17 11:14:55 PDT > 2019)" -Isrc/include -I/usr/local/openssl/include -Isrc/tools/mc-comms > -Isrc/tools/mc-comms/include -Isrc/emulators/mbedtls/include > -I/usr/include/json-c -g3 -fno-omit-frame-pointer build/src/tools/sfslc.o > -o build/bin/sfslc -Lbuild/lib -L/usr/local/openssl/lib -lsfsl_api -lsf_core > -lcm -lss -lcrypto -lpci -lcurl -lpthread -lrt -lssl -luuid -ljson-c > /usr/bin/ld: warning: libssl.so.10, needed by /usr/lib64/libssh2.so.1, may > conflict with libssl.so.1.1 > /usr/bin/ld: warning: libcrypto.so.10, needed by /usr/lib64/libssh2.so.1, may > conflict with libcrypto.so.1.1 Specifically: 1. Choose some location that is not on the default library search path to install the 1.1.1 custom libraries. I use /opt/openssl/1.1/lib 2. Configure your OpenSSL build to use the corresponding "rpath": -Wl,-rpath,/opt/openssl/1.1/lib 3. Add a custom target platform to the "targets" array in Configurations/.conf. This can inherit from the configuration you're using now, but add a setting for "shlib_variant" as described in Configurations/README ... inherit_from => "", shlib_variant => "-opt", ... 4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1" or similar for the custom target platorm. Make sure that the SONAME and symbol versions contain the "-opt" or "_OPT" tweak. 5. Link your application against this library: -I/opt/openssl/1.1/include -L/opt/openssl/1.1/lib -Wl,-rpath,/opt/openssl/1.1/lib 6. Check with "readelf -d" that the application records the expected SONAME for the OpenSSL library (libcrypto and/or libssl) dependencies. You can now have your code using OpenSSL 1.1.1 and other libraries you use, using whichever OpenSSL they were compiled with. However, you cannot pass OpenSSL objects you create into such libraries, their use of OpenSSL must be self-contained. -- Viktor.
RE: Errors building 1.1.1 on RHEL 7
It works better with 1.1.1c. Thank you. -Original Message- From: Matt Caswell Sent: Wednesday, July 17, 2019 1:16 AM To: Mark Richter ; openssl-users@openssl.org Subject: Re: Errors building 1.1.1 on RHEL 7 On 16/07/2019 23:27, Mark Richter wrote: > Result: PASS Well that's quite odd because this test was failing for you before. I assume that after you had done the "make clean" that "make test" is still failing? Is it failing with the same set of tests that were failing before or different ones? Matt > make[1]: Leaving directory `/tmp/openssl-1.1.1' > [root@sfsdr220d openssl-1.1.1]# perl -v > > This is perl 5, version 16, subversion 3 (v5.16.3) built for > x86_64-linux-thread-multi (with 33 registered patches, see perl -V for > more detail) > > Copyright 1987-2012, Larry Wall > > Perl may be copied only under the terms of either the Artistic License > or the GNU General Public License, which may be found in the Perl 5 source > kit. > > Complete documentation for Perl, including FAQ lists, should be found > on this system using "man perl" or "perldoc perl". If you have access > to the Internet, point your browser at http://www.perl.org/, the Perl Home > Page. > > > Mark Richter | Senior Staff Engineer > SolarFlare Communications, Inc. | www.Solarflare.com > 9444 Waples Street, #170, San Diego, CA 92121 > Mobile: +1 949-632-8403 > > > > From: openssl-users on behalf of > Matt Caswell > Sent: Tuesday, July 16, 2019 3:20 PM > To: openssl-users@openssl.org > Subject: Re: Errors building 1.1.1 on RHEL 7 > > On 16/07/2019 22:23, Mark Richter wrote: >> After I built version 1.1.1 on RHEL 7, I got these errors at the end of the >> 'make test.' What do they mean? >> >> >> Test Summary Report >> --- >> ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 >> Failed: 3) >> Failed tests: 4-6 >> Non-zero exit status: 3 > > Looks like something fundamentally wrong to get this many errors > (guess: perl version is too low?) > > Please run: > > make TESTS=test_dsa V=1 test > > Also lets see the output from: > > perl -v > > Matt > > >> ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 >> Failed: 3) >> Failed tests: 3-5 >> Non-zero exit status: 3 >> ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 >> Failed: 4) >> Failed tests: 2-5 >> Non-zero exit status: 4 >> ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 >> Failed: 30) >> Failed tests: 2-31 >> Non-zero exit status: 30 >> ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 >> Failed: 1) >> Failed test: 2 >> Non-zero exit status: 1 >> ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 >> Failed: 3) >> Failed tests: 4-6 >> Non-zero exit status: 3 >> ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 >> Failed: 2) >> Failed tests: 1, 5 >> Non-zero exit status: 2 >> ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 >> Failed: 1) >> Failed test: 2 >> Non-zero exit status: 1 >> Parse errors: Bad plan. You planned 172 tests but ran 87. >> ../test/recipes/20-test_enc_more.t (Wstat: 256 Tests: 137 >> Failed: 1) >> Failed test: 2 >> Non-zero exit status: 1 >> ../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 >> Failed: 3) >> Failed tests: 2, 6-7 >> Non-zero exit status: 3 >> ../test/recipes/25-test_pkcs7.t (Wstat: 512 Tests: 3 >> Failed: 2) >> Failed tests: 2-3 >> Non-zero exit status: 2 >> ../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 >> Failed: 4) >> Failed tests: 2, 7-9 >> Non-zero exit status: 4 >> ../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 >> Failed: 1) >> Failed test: 2 >> Non-zero exit status: 1 >> ../test/recipes/25-test_x509.t (Wstat: 1792 Tests: 9 >> Failed: 7) >> Failed tests: 2-8 >> Non-zero exit status: 7 >> ../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 >> Failed: 0) >> Non-zero exit status: 255 >> Parse errors: Bad plan. You planned 4 tests but ran 0. >> ../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 >> Failed: 0) >> Non-zero exit status: 255 >> Parse errors
RE: Errors building 1.1.1 on RHEL 7
Hi Jan, Thanks for that. I got 1.1.1c and it built properly. I configured it to use /usr/local/openssl for the target per the instructions on https://blacksaildivision.com/how-to-install-openssl-on-centos, and everything seemed to go well. I get this: 11:02 [mrichter@sfsdr220d:~] $ openssl version OpenSSL 1.1.1c 28 May 2019 After I log out and back in. However, although I modified our make file to use '-I/usr/local/openssl/include' and '-L/usr/local/openssl/lib', I now see this warning: cc -DLOG_LEVEL=LOG_INFO -Wall -Werror -D__ci_driver__ -D__ci_ul_driver__ -D_GNU_SOURCE -DWITH_MCDI_V2 -DWITH_TLS12=0 -DSOLAR_SECURE_VERSION="1.0.3.1020 (3bf2875895d5+ Wed Jul 17 11:14:55 PDT 2019)" -Isrc/include -I/usr/local/openssl/include -Isrc/tools/mc-comms -Isrc/tools/mc-comms/include -Isrc/emulators/mbedtls/include -I/usr/include/json-c -g3 -fno-omit-frame-pointer build/src/tools/sfslc.o -o build/bin/sfslc -Lbuild/lib -L/usr/local/openssl/lib -lsfsl_api -lsf_core -lcm -lss -lcrypto -lpci -lcurl -lpthread -lrt -lssl -luuid -ljson-c /usr/bin/ld: warning: libssl.so.10, needed by /usr/lib64/libssh2.so.1, may conflict with libssl.so.1.1 /usr/bin/ld: warning: libcrypto.so.10, needed by /usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1 I tried googling this and get lots of suggestion for similar errors with libcurl, but not this one. What am I missing? -Original Message- From: Jan Just Keijser Sent: Wednesday, July 17, 2019 2:53 AM To: Mark Richter ; Matt Caswell ; openssl-users@openssl.org Subject: Re: Errors building 1.1.1 on RHEL 7 FWIW: I just downloaded openssl 1.1.1c, untarred it on my CentOS 7 box, then ran ./config make make test The tests passed with the following output (the "ok" tests stripped out): ... ../test/recipes/05-test_md2.t .. skipped: md2 is not supported by this OpenSSL build ... ../test/recipes/05-test_rc5.t .. skipped: rc5 is not supported by this OpenSSL build ... ../test/recipes/30-test_afalg.t skipped: test_afalg not supported for this build ... ../test/recipes/90-test_gost.t . skipped: No test GOST engine found ... ../test/recipes/90-test_overhead.t . skipped: Only supported in no-shared builds ... ../test/recipes/95-test_external_boringssl.t ... skipped: No external tests in this configuration ../test/recipes/95-test_external_krb5.t skipped: No external tests in this configuration ../test/recipes/95-test_external_pyca.t skipped: No external tests in this configuration ... All tests successful. Files=155, Tests=1452, 66 wallclock secs ( 1.44 usr 0.11 sys + 62.90 cusr 13.51 csys = 77.96 CPU) Result: PASS make[1]: Leaving directory `/home/janjust/src/openssl-1.1.1c' Share and enjoy, JJK On 17/07/19 00:27, Mark Richter wrote: > I removed the directory, re-untarred the source, ran 'make clean', then > 'make', then 'make TESTS=test_dsa V=1 test': > > [root@sfsdr220d openssl-1.1.1]# make TESTS=test_dsa V=1 test make > depend && make _tests > make[1]: Entering directory `/tmp/openssl-1.1.1' > make[1]: Leaving directory `/tmp/openssl-1.1.1' > make[1]: Entering directory `/tmp/openssl-1.1.1' > ( cd test; \ >mkdir -p test-runs; \ >SRCTOP=../. \ >BLDTOP=../. \ >RESULT_D=test-runs \ >PERL="/usr/bin/perl" \ >EXE_EXT= \ >OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \ >OPENSSL_DEBUG_MEMORY=on \ > /usr/bin/perl .././test/run_tests.pl test_dsa ) > /tmp/openssl-1.1.1/test ../test/recipes/15-test_dsa.t .. > 1..6 > ok 1 - require '../../test/recipes/tconversion.pl'; > # Subtest: ../../test/dsatest > 1..1 > ok 1 - dsa_test > ../../util/shlib_wrap.sh ../../test/dsatest => 0 ok 2 - running > dsatest > # Subtest: ../../test/dsa_no_digest_size_test > 1..3 > ok 1 - dsa_exact_size_test > ok 2 - dsa_small_digest_test > ok 3 - dsa_large_digest_test > ../../util/shlib_wrap.sh ../../test/dsa_no_digest_size_test => 0 ok 3 > - running dsa_no_digest_size_test > 1..10 > ok 1 - initializing > read DSA key > writing DSA key > ../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-fff.p -inform p -out > dsa-f.d -outform d => 0 > ok 2 - p -> d > read DSA key > writing DSA key > ../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-fff.p -inform p -out > dsa-f.p -outform p => 0 > ok 3 - p -> p > read DSA key > writing DSA key > ../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-f.d -inform d -out > dsa-ff.dd -outform d => 0 > ok 4 - d -> d > read DSA key > writing DSA key > ../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-f.p -inform p -out > dsa-ff.pd -outform d => 0 &g
Re: Errors building 1.1.1 on RHEL 7
k 3 - p -> p read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-fff.p -inform p -out msb-f.msblob -outform msblob => 0 ok 4 - p -> msblob read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.d -inform d -out msb-ff.dd -outform d => 0 ok 5 - d -> d read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.p -inform p -out msb-ff.pd -outform d => 0 ok 6 - p -> d read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.msblob -inform msblob -out msb-ff.msblobd -outform d => 0 ok 7 - msblob -> d read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.d -inform d -out msb-ff.dp -outform p => 0 ok 8 - d -> p read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.p -inform p -out msb-ff.pp -outform p => 0 ok 9 - p -> p read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.msblob -inform msblob -out msb-ff.msblobp -outform p => 0 ok 10 - msblob -> p read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.d -inform d -out msb-ff.dmsblob -outform msblob => 0 ok 11 - d -> msblob read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.p -inform p -out msb-ff.pmsblob -outform msblob => 0 ok 12 - p -> msblob read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.msblob -inform msblob -out msb-ff.msblobmsblob -outform msblob => 0 ok 13 - msblob -> msblob ok 14 - comparing orig to p ok 15 - comparing p to dp ok 16 - comparing p to pp ok 17 - comparing p to msblobp ok 18 - comparing msblob to dmsblob ok 19 - comparing msblob to pmsblob ok 20 - comparing msblob to msblobmsblob ok 6 - dsa conversions -- public key ok All tests successful. Files=1, Tests=6, 1 wallclock secs ( 0.02 usr 0.00 sys + 0.23 cusr 0.08 csys = 0.33 CPU) Result: PASS make[1]: Leaving directory `/tmp/openssl-1.1.1' [root@sfsdr220d openssl-1.1.1]# perl -v This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi (with 33 registered patches, see perl -V for more detail) Copyright 1987-2012, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page. Mark Richter | Senior Staff Engineer SolarFlare Communications, Inc. | www.Solarflare.com 9444 Waples Street, #170, San Diego, CA 92121 Mobile: +1 949-632-8403 From: openssl-users on behalf of Matt Caswell Sent: Tuesday, July 16, 2019 3:20 PM To: openssl-users@openssl.org Subject: Re: Errors building 1.1.1 on RHEL 7 On 16/07/2019 22:23, Mark Richter wrote: After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 'make test.' What do they mean? Test Summary Report --- ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: 3) Failed tests: 4-6 Non-zero exit status: 3 Looks like something fundamentally wrong to get this many errors (guess: perl version is too low?) Please run: make TESTS=test_dsa V=1 test Also lets see the output from: perl -v Matt ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 Failed: 3) Failed tests: 3-5 Non-zero exit status: 3 ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 Failed: 4) Failed tests: 2-5 Non-zero exit status: 4 ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 Failed: 30) Failed tests: 2-31 Non-zero exit status: 30 ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 Failed: 1) Failed test: 2 Non-zero exit status: 1 ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 Failed: 3) Failed tests: 4-6 Non-zero exit status: 3 ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 Failed: 2) Failed tests: 1, 5 Non-zero exit status: 2 ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 Failed: 1) Failed test: 2 Non-zero exit status: 1 Parse errors: Bad plan. You planned 172 tests but ran 87. ../test/recipes/20-test_enc_more.t (Wstat: 256 Tests: 137 Failed: 1) Failed test: 2 Non-zero exit status: 1 ../test/recipes/25-test_crl.t(Wstat: 768 Tests
Re: Errors building 1.1.1 on RHEL 7
On 16/07/2019 23:27, Mark Richter wrote: > Result: PASS Well that's quite odd because this test was failing for you before. I assume that after you had done the "make clean" that "make test" is still failing? Is it failing with the same set of tests that were failing before or different ones? Matt > make[1]: Leaving directory `/tmp/openssl-1.1.1' > [root@sfsdr220d openssl-1.1.1]# perl -v > > This is perl 5, version 16, subversion 3 (v5.16.3) built for > x86_64-linux-thread-multi > (with 33 registered patches, see perl -V for more detail) > > Copyright 1987-2012, Larry Wall > > Perl may be copied only under the terms of either the Artistic License or the > GNU General Public License, which may be found in the Perl 5 source kit. > > Complete documentation for Perl, including FAQ lists, should be found on > this system using "man perl" or "perldoc perl". If you have access to the > Internet, point your browser at http://www.perl.org/, the Perl Home Page. > > > Mark Richter | Senior Staff Engineer > SolarFlare Communications, Inc. | www.Solarflare.com > 9444 Waples Street, #170, San Diego, CA 92121 > Mobile: +1 949-632-8403 > > > > From: openssl-users on behalf of Matt > Caswell > Sent: Tuesday, July 16, 2019 3:20 PM > To: openssl-users@openssl.org > Subject: Re: Errors building 1.1.1 on RHEL 7 > > On 16/07/2019 22:23, Mark Richter wrote: >> After I built version 1.1.1 on RHEL 7, I got these errors at the end of the >> 'make test.' What do they mean? >> >> >> Test Summary Report >> --- >> ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 >> Failed: 3) >> Failed tests: 4-6 >> Non-zero exit status: 3 > > Looks like something fundamentally wrong to get this many errors (guess: perl > version is too low?) > > Please run: > > make TESTS=test_dsa V=1 test > > Also lets see the output from: > > perl -v > > Matt > > >> ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 >> Failed: 3) >> Failed tests: 3-5 >> Non-zero exit status: 3 >> ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 >> Failed: 4) >> Failed tests: 2-5 >> Non-zero exit status: 4 >> ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 >> Failed: 30) >> Failed tests: 2-31 >> Non-zero exit status: 30 >> ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 >> Failed: 1) >> Failed test: 2 >> Non-zero exit status: 1 >> ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 >> Failed: 3) >> Failed tests: 4-6 >> Non-zero exit status: 3 >> ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 >> Failed: 2) >> Failed tests: 1, 5 >> Non-zero exit status: 2 >> ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 >> Failed: 1) >> Failed test: 2 >> Non-zero exit status: 1 >> Parse errors: Bad plan. You planned 172 tests but ran 87. >> ../test/recipes/20-test_enc_more.t (Wstat: 256 Tests: 137 >> Failed: 1) >> Failed test: 2 >> Non-zero exit status: 1 >> ../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 >> Failed: 3) >> Failed tests: 2, 6-7 >> Non-zero exit status: 3 >> ../test/recipes/25-test_pkcs7.t (Wstat: 512 Tests: 3 >> Failed: 2) >> Failed tests: 2-3 >> Non-zero exit status: 2 >> ../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 >> Failed: 4) >> Failed tests: 2, 7-9 >> Non-zero exit status: 4 >> ../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 >> Failed: 1) >> Failed test: 2 >> Non-zero exit status: 1 >> ../test/recipes/25-test_x509.t (Wstat: 1792 Tests: 9 >> Failed: 7) >> Failed tests: 2-8 >> Non-zero exit status: 7 >> ../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 >> Failed: 0) >> Non-zero exit status: 255 >> Parse errors: Bad plan. You planned 4 tests but ran 0. >> ../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 >> Failed: 0) >> Non-zero exit status: 255 >> Parse errors: Bad plan. You planned 3 tests but ran 0. >> ../test/recipes/80-test_ca.t (Wstat: 256 Tests: 5 >> Failed: 1) >> Failed test: 1 >> Non-zero exit status: 1 >>
Re: Errors building 1.1.1 on RHEL 7
out -in msb-f.d -inform d -out msb-ff.dmsblob -outform msblob => 0 ok 11 - d -> msblob read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.p -inform p -out msb-ff.pmsblob -outform msblob => 0 ok 12 - p -> msblob read DSA key writing DSA key ../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.msblob -inform msblob -out msb-ff.msblobmsblob -outform msblob => 0 ok 13 - msblob -> msblob ok 14 - comparing orig to p ok 15 - comparing p to dp ok 16 - comparing p to pp ok 17 - comparing p to msblobp ok 18 - comparing msblob to dmsblob ok 19 - comparing msblob to pmsblob ok 20 - comparing msblob to msblobmsblob ok 6 - dsa conversions -- public key ok All tests successful. Files=1, Tests=6, 1 wallclock secs ( 0.02 usr 0.00 sys + 0.23 cusr 0.08 csys = 0.33 CPU) Result: PASS make[1]: Leaving directory `/tmp/openssl-1.1.1' [root@sfsdr220d openssl-1.1.1]# perl -v This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi (with 33 registered patches, see perl -V for more detail) Copyright 1987-2012, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page. Mark Richter | Senior Staff Engineer SolarFlare Communications, Inc. | www.Solarflare.com 9444 Waples Street, #170, San Diego, CA 92121 Mobile: +1 949-632-8403 From: openssl-users on behalf of Matt Caswell Sent: Tuesday, July 16, 2019 3:20 PM To: openssl-users@openssl.org Subject: Re: Errors building 1.1.1 on RHEL 7 On 16/07/2019 22:23, Mark Richter wrote: > After I built version 1.1.1 on RHEL 7, I got these errors at the end of the > 'make test.' What do they mean? > > > Test Summary Report > --- > ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: > 3) > Failed tests: 4-6 > Non-zero exit status: 3 Looks like something fundamentally wrong to get this many errors (guess: perl version is too low?) Please run: make TESTS=test_dsa V=1 test Also lets see the output from: perl -v Matt > ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 Failed: > 3) > Failed tests: 3-5 > Non-zero exit status: 3 > ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 > Failed: 4) > Failed tests: 2-5 > Non-zero exit status: 4 > ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 > Failed: 30) > Failed tests: 2-31 > Non-zero exit status: 30 > ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 Failed: > 1) > Failed test: 2 > Non-zero exit status: 1 > ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 Failed: > 3) > Failed tests: 4-6 > Non-zero exit status: 3 > ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 Failed: > 2) > Failed tests: 1, 5 > Non-zero exit status: 2 > ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 > Failed: 1) > Failed test: 2 > Non-zero exit status: 1 > Parse errors: Bad plan. You planned 172 tests but ran 87. > ../test/recipes/20-test_enc_more.t (Wstat: 256 Tests: 137 > Failed: 1) > Failed test: 2 > Non-zero exit status: 1 > ../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 Failed: > 3) > Failed tests: 2, 6-7 > Non-zero exit status: 3 > ../test/recipes/25-test_pkcs7.t (Wstat: 512 Tests: 3 Failed: > 2) > Failed tests: 2-3 > Non-zero exit status: 2 > ../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 > Failed: 4) > Failed tests: 2, 7-9 > Non-zero exit status: 4 > ../test/recipes/25-test_sid.t (Wstat: 256 Tests: 2 Failed: > 1) > Failed test: 2 > Non-zero exit status: 1 > ../test/recipes/25-test_x509.t (Wstat: 1792 Tests: 9 > Failed: 7) > Failed tests: 2-8 > Non-zero exit status: 7 > ../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 > Failed: 0) > Non-zero exit status: 255 > Parse errors: Bad plan. You planned 4 tests but ran 0. > ../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 > Failed: 0) > Non-zero exit status: 255 > Parse errors: Bad plan. You planned 3 tests but ran 0. > ../test/recipes/80-test_ca.t (Wstat: 256 Tests: 5 Failed: > 1) > Failed
Re: Errors building 1.1.1 on RHEL 7
On 16/07/2019 22:23, Mark Richter wrote: > After I built version 1.1.1 on RHEL 7, I got these errors at the end of the > 'make test.' What do they mean? > > > Test Summary Report > --- > ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: > 3) > Failed tests: 4-6 > Non-zero exit status: 3 Looks like something fundamentally wrong to get this many errors (guess: perl version is too low?) Please run: make TESTS=test_dsa V=1 test Also lets see the output from: perl -v Matt > ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 Failed: > 3) > Failed tests: 3-5 > Non-zero exit status: 3 > ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 > Failed: 4) > Failed tests: 2-5 > Non-zero exit status: 4 > ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 > Failed: 30) > Failed tests: 2-31 > Non-zero exit status: 30 > ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 Failed: > 1) > Failed test: 2 > Non-zero exit status: 1 > ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 Failed: > 3) > Failed tests: 4-6 > Non-zero exit status: 3 > ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 Failed: > 2) > Failed tests: 1, 5 > Non-zero exit status: 2 > ../test/recipes/20-test_enc.t (Wstat: 256 Tests: 87 > Failed: 1) > Failed test: 2 > Non-zero exit status: 1 > Parse errors: Bad plan. You planned 172 tests but ran 87. > ../test/recipes/20-test_enc_more.t (Wstat: 256 Tests: 137 > Failed: 1) > Failed test: 2 > Non-zero exit status: 1 > ../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 Failed: > 3) > Failed tests: 2, 6-7 > Non-zero exit status: 3 > ../test/recipes/25-test_pkcs7.t (Wstat: 512 Tests: 3 Failed: > 2) > Failed tests: 2-3 > Non-zero exit status: 2 > ../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 > Failed: 4) > Failed tests: 2, 7-9 > Non-zero exit status: 4 > ../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 Failed: > 1) > Failed test: 2 > Non-zero exit status: 1 > ../test/recipes/25-test_x509.t (Wstat: 1792 Tests: 9 > Failed: 7) > Failed tests: 2-8 > Non-zero exit status: 7 > ../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 > Failed: 0) > Non-zero exit status: 255 > Parse errors: Bad plan. You planned 4 tests but ran 0. > ../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 > Failed: 0) > Non-zero exit status: 255 > Parse errors: Bad plan. You planned 3 tests but ran 0. > ../test/recipes/80-test_ca.t (Wstat: 256 Tests: 5 Failed: > 1) > Failed test: 1 > Non-zero exit status: 1 > ../test/recipes/80-test_cms.t(Wstat: 1024 Tests: 4 > Failed: 4) > Failed tests: 1-4 > Non-zero exit status: 4 > ../test/recipes/80-test_ocsp.t (Wstat: 512 Tests: 11 > Failed: 2) > Failed tests: 1, 10 > Non-zero exit status: 2 > ../test/recipes/80-test_ssl_new.t(Wstat: 6912 Tests: 27 > Failed: 27) > Failed tests: 1-27 > Non-zero exit status: 27 > ../test/recipes/80-test_ssl_old.t(Wstat: 1536 Tests: 6 > Failed: 6) > Failed tests: 1-6 > Non-zero exit status: 6 > ../test/recipes/80-test_tsa.t (Wstat: 3328 Tests: 0 > Failed: 0) > Non-zero exit status: 13 > Parse errors: Bad plan. You planned 20 tests but ran 0. > ../test/recipes/90-test_store.t (Wstat: 3328 Tests: 0 > Failed: 0) > Non-zero exit status: 13 > Parse errors: Bad plan. You planned 209 tests but ran 0. > Files=152, Tests=850, 30 wallclock secs ( 0.38 usr 0.10 sys + 31.02 cusr > 4.55 csys = 36.05 CPU) > Result: FAIL > make[1]: *** [_tests] Error 1 > make[1]: Leaving directory `/home/mrichter/bin/openssl-1.1.1' > make: *** [tests] Error 2 > > ? > > > Mark Richter | Senior Staff Engineer > SolarFlare Communications, Inc. | > www.Solarflare.com<http://www.solarflare.com/> > 9444 Waples Street, #170, San Diego, CA 92121 > Mobile: +1 949-632-8403 > [Description: Description: cid:EC628FDE-ACA6-4F34-A8AE-E1F672D4E395] > The information contained in this message is confidential and is intended for > the addressee(s) only. If you have received this message in error, please > notify the sender immediately and delete the message. Unless you are an > addressee (or authorized to receive for an addressee), you may not use, copy > or disclose to anyone this message or any information contained in this > message. The unauthorized use, disclosure, copying or alteration of this > message is strictly prohibited. >
Re: Errors building 1.1.1 on RHEL 7
On Tue, Jul 16, 2019 at 09:23:32PM +, Mark Richter wrote: > After I built version 1.1.1 on RHEL 7, I got these errors at the end of the > 'make test.' What do they mean? The test scripts exited with non-zero exit codes. > Test Summary Report > --- > ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: > 3) > Failed tests: 4-6 > Non-zero exit status: 3 > ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 > Failed: 1) > Failed test: 2 > Non-zero exit status: 1 > Parse errors: Bad plan. You planned 172 tests but ran 87. Something looks wrong with your build. > Files=152, Tests=850, 30 wallclock secs ( 0.38 usr 0.10 sys + 31.02 cusr > 4.55 csys = 36.05 CPU) > Result: FAIL Insufficient detail, but make sure the directory is "clean" before you do the build. And post the build options in future problem reports. IIRC, you can use "make V=1 ..." to get more verbose test output. -- Viktor.
Errors building 1.1.1 on RHEL 7
After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 'make test.' What do they mean? Test Summary Report --- ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: 3) Failed tests: 4-6 Non-zero exit status: 3 ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 Failed: 3) Failed tests: 3-5 Non-zero exit status: 3 ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 Failed: 4) Failed tests: 2-5 Non-zero exit status: 4 ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 Failed: 30) Failed tests: 2-31 Non-zero exit status: 30 ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 Failed: 1) Failed test: 2 Non-zero exit status: 1 ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 Failed: 3) Failed tests: 4-6 Non-zero exit status: 3 ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 Failed: 2) Failed tests: 1, 5 Non-zero exit status: 2 ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 Failed: 1) Failed test: 2 Non-zero exit status: 1 Parse errors: Bad plan. You planned 172 tests but ran 87. ../test/recipes/20-test_enc_more.t (Wstat: 256 Tests: 137 Failed: 1) Failed test: 2 Non-zero exit status: 1 ../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 Failed: 3) Failed tests: 2, 6-7 Non-zero exit status: 3 ../test/recipes/25-test_pkcs7.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 ../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 Failed: 4) Failed tests: 2, 7-9 Non-zero exit status: 4 ../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 Failed: 1) Failed test: 2 Non-zero exit status: 1 ../test/recipes/25-test_x509.t (Wstat: 1792 Tests: 9 Failed: 7) Failed tests: 2-8 Non-zero exit status: 7 ../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 4 tests but ran 0. ../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 3 tests but ran 0. ../test/recipes/80-test_ca.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 1 Non-zero exit status: 1 ../test/recipes/80-test_cms.t(Wstat: 1024 Tests: 4 Failed: 4) Failed tests: 1-4 Non-zero exit status: 4 ../test/recipes/80-test_ocsp.t (Wstat: 512 Tests: 11 Failed: 2) Failed tests: 1, 10 Non-zero exit status: 2 ../test/recipes/80-test_ssl_new.t(Wstat: 6912 Tests: 27 Failed: 27) Failed tests: 1-27 Non-zero exit status: 27 ../test/recipes/80-test_ssl_old.t(Wstat: 1536 Tests: 6 Failed: 6) Failed tests: 1-6 Non-zero exit status: 6 ../test/recipes/80-test_tsa.t(Wstat: 3328 Tests: 0 Failed: 0) Non-zero exit status: 13 Parse errors: Bad plan. You planned 20 tests but ran 0. ../test/recipes/90-test_store.t (Wstat: 3328 Tests: 0 Failed: 0) Non-zero exit status: 13 Parse errors: Bad plan. You planned 209 tests but ran 0. Files=152, Tests=850, 30 wallclock secs ( 0.38 usr 0.10 sys + 31.02 cusr 4.55 csys = 36.05 CPU) Result: FAIL make[1]: *** [_tests] Error 1 make[1]: Leaving directory `/home/mrichter/bin/openssl-1.1.1' make: *** [tests] Error 2 ? Mark Richter | Senior Staff Engineer SolarFlare Communications, Inc. | www.Solarflare.com<http://www.solarflare.com/> 9444 Waples Street, #170, San Diego, CA 92121 Mobile: +1 949-632-8403 [Description: Description: cid:EC628FDE-ACA6-4F34-A8AE-E1F672D4E395] The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error, please notify the sender immediately and delete the message. Unless you are an addressee (or authorized to receive for an addressee), you may not use, copy or disclose to anyone this message or any information contained in this message. The unauthorized use, disclosure, copying or alteration of this message is strictly prohibited.
evp.t errors
Anyone getting this in the last 2 days? ../test/recipes/30-test_evp.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/10 subtests -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism All appears to change when we change. -Henri-Fr=C3=A9d=C3=A9ric Amiel
Re: openssl-1.1.1b: Compilation errors when use async and ct
On 19/06/2019 19:07, Samiya Khanum via openssl-users wrote: > Hi, > > While compiling async I see below errors with UCLIBC. > > /libcrypto.so: undefined reference to `getcontext' > libcrypto.so: undefined reference to `setcontext' > libcrypto.so: undefined reference to `makecontext'/ > > As UCLIBC doesn't have support to these APIs, i have added no-async in > configure. With no-async below errors are seen. > / > / > /libcrypto.so: undefined reference to `ERR_load_ASYNC_strings' > libcrypto.so: undefined reference to `async_init' > libcrypto.so: undefined reference to `async_delete_thread_state' > libcrypto.so: undefined reference to `async_deinit'/ no-async actually still compiles the high level async code, but you get the "null" implementation which doesn't do anything. The only thing I can suggest is to try "make clean" and start again. Matt > / > / > Do we need to have macro check" #ifndef OPENSSL_NO_ASYNC" before these api > calls? > > Similarly for CT, we are seeing below errors. With no-ct options, compilation > is OK. > > We would like to know what would be the impact if we disable async and ct > features. Could you please help us in understanding these features. > > In file included from ../../../../vendor/openssl/crypto/ct/ct_b64.c:17:0: > ../../../../vendor/openssl/crypto/ct/ct_locl.h:58:5: error: unknown type name > 'sct_version_t' > sct_version_t version; > ^ > ../../../../vendor/openssl/crypto/ct/ct_locl.h:78:5: error: unknown type name > 'ct_log_entry_type_t' > ct_log_entry_type_t entry_type; > ^ > ../../../../vendor/openssl/crypto/ct/ct_locl.h:80:5: error: unknown type name > 'sct_source_t' > sct_source_t source; > ^ > ../../../../vendor/openssl/crypto/ct/ct_locl.h:82:5: error: unknown type name > 'sct_validation_status_t' > sct_validation_status_t validation_status; > ^ > In file included from ../../../../vendor/openssl/crypto/ct/ct_b64.c:14:0: > ../../../../vendor/openssl/crypto/ct/ct_b64.c: In function 'ct_base64_decode': > ../../../../vendor/openssl/crypto/ct/ct_b64.c:38:15: error: > 'CT_F_CT_BASE64_DECODE' undeclared (first use in this function) > CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE); > ^ > ../../../../vendor/openssl/include/openssl/err.h:29:59: note: in definition of > macro 'ERR_PUT_error' > # define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) > ^ > ../../../../vendor/openssl/crypto/ct/ct_b64.c:38:9: note: in expansion of > macro > 'CTerr' > CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE); > ^ > ../../../../vendor/openssl/crypto/ct/ct_b64.c:38:15: note: each undeclared > identifier is reported only once for each function it appears in > CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE); > ^ > ../../../../vendor/openssl/include/openssl/err.h:29:59: note: in definition of > macro 'ERR_PUT_error' > # define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) > ^ > ../../../../vendor/openssl/crypto/ct/ct_b64.c:38:9: note: in expansion of > macro > 'CTerr' > CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE); > ^ > ../../../../vendor/openssl/crypto/ct/ct_b64.c:44:38: error: > 'CT_R_BASE64_DECODE_ERROR' undeclared (first use in this function) > CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR); > ^ > ../../../../vendor/openssl/include/openssl/err.h:29:61: note: in definition of > macro 'ERR_PUT_error' > # define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) > ^ > ../../../../vendor/openssl/crypto/ct/ct_b64.c:44:9: note: in expansion of > macro > 'CTerr' > CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR); > ^ > ../../../../vendor/openssl/crypto/ct/ct_b64.c: At top level: > ../../../../vendor/openssl/crypto/ct/ct_b64.c:64:26: error: unknown type name > 'ct_log_entry_type_t' > ct_log_entry_type_t entry_type, uint64_t timestamp, > ^ > In file included from ../../../../vendor/openssl/crypto/ct/ct_b64.c:14:0: > ../../../../vendor/openssl/crypto/ct/ct_b64.c: In function > 'CTLOG_new_from_base64': > ../../../../vendor/openssl/crypto/ct/ct_b64.c:143:15: error: > 'CT_F_CTLOG_NEW_FROM_BASE64' undeclared (first use in this function) > CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT); > ^ > ../../../../vendor/openssl/include/openssl/err.h:29
openssl-1.1.1b: Compilation errors when use async and ct
Hi, While compiling async I see below errors with UCLIBC. *libcrypto.so: undefined reference to `getcontext'libcrypto.so: undefined reference to `setcontext'libcrypto.so: undefined reference to `makecontext'* As UCLIBC doesn't have support to these APIs, i have added no-async in configure. With no-async below errors are seen. *libcrypto.so: undefined reference to `ERR_load_ASYNC_strings'libcrypto.so: undefined reference to `async_init'libcrypto.so: undefined reference to `async_delete_thread_state'libcrypto.so: undefined reference to `async_deinit'* Do we need to have macro check" #ifndef OPENSSL_NO_ASYNC" before these api calls? Similarly for CT, we are seeing below errors. With no-ct options, compilation is OK. We would like to know what would be the impact if we disable async and ct features. Could you please help us in understanding these features. In file included from ../../../../vendor/openssl/crypto/ct/ct_b64.c:17:0: ../../../../vendor/openssl/crypto/ct/ct_locl.h:58:5: error: unknown type name 'sct_version_t' sct_version_t version; ^ ../../../../vendor/openssl/crypto/ct/ct_locl.h:78:5: error: unknown type name 'ct_log_entry_type_t' ct_log_entry_type_t entry_type; ^ ../../../../vendor/openssl/crypto/ct/ct_locl.h:80:5: error: unknown type name 'sct_source_t' sct_source_t source; ^ ../../../../vendor/openssl/crypto/ct/ct_locl.h:82:5: error: unknown type name 'sct_validation_status_t' sct_validation_status_t validation_status; ^ In file included from ../../../../vendor/openssl/crypto/ct/ct_b64.c:14:0: ../../../../vendor/openssl/crypto/ct/ct_b64.c: In function 'ct_base64_decode': ../../../../vendor/openssl/crypto/ct/ct_b64.c:38:15: error: 'CT_F_CT_BASE64_DECODE' undeclared (first use in this function) CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE); ^ ../../../../vendor/openssl/include/openssl/err.h:29:59: note: in definition of macro 'ERR_PUT_error' # define ERR_PUT_error(a,b,c,d,e)ERR_put_error(a,b,c,d,e) ^ ../../../../vendor/openssl/crypto/ct/ct_b64.c:38:9: note: in expansion of macro 'CTerr' CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE); ^ ../../../../vendor/openssl/crypto/ct/ct_b64.c:38:15: note: each undeclared identifier is reported only once for each function it appears in CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE); ^ ../../../../vendor/openssl/include/openssl/err.h:29:59: note: in definition of macro 'ERR_PUT_error' # define ERR_PUT_error(a,b,c,d,e)ERR_put_error(a,b,c,d,e) ^ ../../../../vendor/openssl/crypto/ct/ct_b64.c:38:9: note: in expansion of macro 'CTerr' CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE); ^ ../../../../vendor/openssl/crypto/ct/ct_b64.c:44:38: error: 'CT_R_BASE64_DECODE_ERROR' undeclared (first use in this function) CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR); ^ ../../../../vendor/openssl/include/openssl/err.h:29:61: note: in definition of macro 'ERR_PUT_error' # define ERR_PUT_error(a,b,c,d,e)ERR_put_error(a,b,c,d,e) ^ ../../../../vendor/openssl/crypto/ct/ct_b64.c:44:9: note: in expansion of macro 'CTerr' CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR); ^ ../../../../vendor/openssl/crypto/ct/ct_b64.c: At top level: ../../../../vendor/openssl/crypto/ct/ct_b64.c:64:26: error: unknown type name 'ct_log_entry_type_t' ct_log_entry_type_t entry_type, uint64_t timestamp, ^ In file included from ../../../../vendor/openssl/crypto/ct/ct_b64.c:14:0: ../../../../vendor/openssl/crypto/ct/ct_b64.c: In function 'CTLOG_new_from_base64': ../../../../vendor/openssl/crypto/ct/ct_b64.c:143:15: error: 'CT_F_CTLOG_NEW_FROM_BASE64' undeclared (first use in this function) CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT); ^ ../../../../vendor/openssl/include/openssl/err.h:29:59: note: in definition of macro 'ERR_PUT_error' # define ERR_PUT_error(a,b,c,d,e)ERR_put_error(a,b,c,d,e) ^ ../../../../vendor/openssl/crypto/ct/ct_b64.c:143:9: note: in expansion of macro 'CTerr' CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT); ^ ../../../../vendor/openssl/crypto/ct/ct_b64.c:149:43: error: 'CT_R_LOG_CONF_INVALID_KEY' undeclared (first use in this function) CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY); ^ ../../../../vendor/openssl/include/openssl/err.h:29:61: note: in definition of macro 'ERR_PUT_error' # define ERR_PUT_error(a,b,c,d,e)ERR_put_error
Re: Compilation errors with 1.1.1b
On 01/03/2019 12.34, Sravani Maddukuri via openssl-users wrote: > Hi, > > Earlier our application used OpenSSL version 1.0.2n. Now we wanted to > upgrade to 1.1.1b. > After upgrade when i compile OpenSSL, i see the following errors: > > Tried to generate the Makefile with both the ways mentioned below.. > > But getting compilation errors as attached mainly at places > where DEPRECATEDIN_1_1_0 and DEPRECATEDIN_0_9_8 are used. Your system is missing 'struct hostent': error: 'struct hostent' declared inside parameter list [-Werror] The structure is provided by netdb.h. Does the error go away if you put "#include " before you include any OpenSSL headers? Christian
Compilation errors with 1.1.1b
Hi, Earlier our application used OpenSSL version 1.0.2n. Now we wanted to upgrade to 1.1.1b. After upgrade when i compile OpenSSL, i see the following errors: Tried to generate the Makefile with both the ways mentioned below.. But getting compilation errors as attached mainly at places where DEPRECATEDIN_1_1_0 and DEPRECATEDIN_0_9_8 are used. ./config >> ../build.log \ no-idea no-md2 no-md4 no-mdc2 no-rc2 no-rc5 \ -DOPENSSL_SYSNAME_LINUX -DOPENSSL_USE_IPV6 -DOPENSSL_IMPLEMENTS_strncasecmp \ -DOPENSSL_API_COMPAT=0x1010102fL \ -ffunction-sections -fdata-sections \ no-hw shared no-asm ./config >> ../build.log \ no-idea no-md2 no-md4 no-mdc2 no-rc2 no-rc5 \ -DOPENSSL_SYSNAME_LINUX -DOPENSSL_USE_IPV6 -DOPENSSL_IMPLEMENTS_strncasecmp \ disable-deprecated \ -ffunction-sections -fdata-sections \ no-hw shared no-asm Can you please suggest the possible solution to fix the errors? Regards, Sravani COMPILING[openssl] : vendor/openssl/crypto/cpt_err.c In file included from ../../../../vendor/openssl/include/openssl/err.h:21:0, from ../../../../vendor/openssl/crypto/cpt_err.c:11: ../../../../vendor/openssl/include/openssl/bio.h:689:27: error: 'struct hostent' declared inside parameter list [-Werror] DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) ^ ../../../../vendor/openssl/include/openssl/bio.h:689:27: error: its scope is only this definition or declaration, which is probably not what you want [-Werror] ../../../../vendor/openssl/include/openssl/bio.h:689:1: error: return type defaults to 'int' [-Werror=implicit-int] DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) ^ ../../../../vendor/openssl/include/openssl/bio.h: In function 'DEPRECATEDIN_1_1_0': ../../../../vendor/openssl/include/openssl/bio.h:690:1: error: expected declaration specifiers before 'DEPRECATEDIN_1_1_0' DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) ^ ../../../../vendor/openssl/include/openssl/bio.h:697:2: error: expected declaration specifiers before ';' token }; ^ ../../../../vendor/openssl/include/openssl/bio.h:698:1: error: empty declaration [-Werror] enum BIO_sock_info_type { ^ ../../../../vendor/openssl/include/openssl/bio.h:702:55: error: 'union BIO_sock_info_u' declared inside parameter list [-Werror] enum BIO_sock_info_type type, union BIO_sock_info_u *info); ^ In file included from ../../../../vendor/openssl/include/openssl/err.h:22:0, from ../../../../vendor/openssl/crypto/cpt_err.c:11: ../../../../vendor/openssl/include/openssl/lhash.h:24:30: error: storage class specified for parameter 'OPENSSL_LH_NODE' typedef struct lhash_node_st OPENSSL_LH_NODE; ^ ../../../../vendor/openssl/include/openssl/lhash.h:25:15: error: storage class specified for parameter 'OPENSSL_LH_COMPFUNC' typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); ^ ../../../../vendor/openssl/include/openssl/lhash.h:26:25: error: storage class specified for parameter 'OPENSSL_LH_HASHFUNC' typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); ^ ../../../../vendor/openssl/include/openssl/lhash.h:27:16: error: storage class specified for parameter 'OPENSSL_LH_DOALL_FUNC' typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); ^ ../../../../vendor/openssl/include/openssl/lhash.h:28:16: error: storage class specified for parameter 'OPENSSL_LH_DOALL_FUNCARG' typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); ^ ../../../../vendor/openssl/include/openssl/lhash.h:29:25: error: storage class specified for parameter 'OPENSSL_LHASH' typedef struct lhash_st OPENSSL_LHASH; ^ ../../../../vendor/openssl/include/openssl/lhash.h:72:22: error: expected declaration specifiers or '...' before 'OPENSSL_LHASH' int OPENSSL_LH_error(OPENSSL_LHASH *lh); ^ ../../../../vendor/openssl/include/openssl/lhash.h:73:1: error: expected declaration specifiers before 'OPENSSL_LHASH' OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); ^ ../../../../vendor/openssl/include/openssl/lhash.h:74:22: error: expected declaration specifiers or '...' before 'OPENSSL_LHASH' void OPENSSL_LH_free(OPENSSL_LHASH *lh); ^ ../../../../vendor/openssl/include/openssl/lhash.h:75:25: error: expected declaration specifiers or '...' before 'OPENSSL_LHASH' void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); ^ ../../../../vendor/openssl/include/openssl/lhash.h:76:25: error: expected declaration specifiers or '...' before 'OPENSSL_LHASH' void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, cons
Re: [openssl-users] compile hell : fatal: symbol referencing errors. OPENSSL_sk_pop_free etc etc etc
On 1/18/19 1:05 AM, Dennis Clarke wrote: So it seems to no longer matter if I try strict C99 or just cc with or without strict CFLAGS. I always arrive at the same place : Ignore this .. fixed .. done .. closed ... not even a correct issue. Thou shalt not pass C99 here. Thus sayeth the Salz and so let it be written ... Dennis -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] compile hell : fatal: symbol referencing errors. OPENSSL_sk_pop_free etc etc etc
So it seems to no longer matter if I try strict C99 or just cc with or without strict CFLAGS. I always arrive at the same place : ${LDCMD:-/opt/developerstudio12.6/bin/cc} -m64 -xarch=sparc -g -Xa -errfmt=error -erroff=%none -errshort=full -xstrconst -xildoff -xmemalign=8s -xnolibmil -xcode=pic32 -xregs=no%appl -xlibmieee -mc -ftrap=%none -xbuiltin=%none -xunroll=1 -Qy -xdebugformat=dwarf -xstrconst -Xa -m64 -xarch=sparc -g -Xa -errfmt=error -erroff=%none -errshort=full -xstrconst -xildoff -xmemalign=8s -xnolibmil -xcode=pic32 -xregs=no%appl -xlibmieee -mc -ftrap=%none -xbuiltin=%none -xunroll=1 -Qy -xdebugformat=dwarf -L. -mt \ -o test/rsa_complex test/rsa_complex.o \ -lsocket -lnsl -ldl -lrt -lpthread cc: Warning: multiple use of -Q option, previous one discarded. Undefined first referenced symbol in file OPENSSL_sk_pop_free test/rsa_complex.o OPENSSL_sk_dup test/rsa_complex.o OPENSSL_sk_pop test/rsa_complex.o OPENSSL_sk_num test/rsa_complex.o OPENSSL_sk_new test/rsa_complex.o OPENSSL_sk_set test/rsa_complex.o OPENSSL_sk_free test/rsa_complex.o OPENSSL_sk_find test/rsa_complex.o OPENSSL_sk_push test/rsa_complex.o OPENSSL_sk_sort test/rsa_complex.o OPENSSL_sk_zero test/rsa_complex.o OPENSSL_sk_is_sortedtest/rsa_complex.o OPENSSL_sk_shifttest/rsa_complex.o OPENSSL_sk_valuetest/rsa_complex.o OPENSSL_sk_delete_ptr test/rsa_complex.o OPENSSL_sk_unshift test/rsa_complex.o OPENSSL_sk_new_null test/rsa_complex.o OPENSSL_sk_set_cmp_func test/rsa_complex.o OPENSSL_sk_reserve test/rsa_complex.o OPENSSL_sk_new_reserve test/rsa_complex.o OPENSSL_sk_delete test/rsa_complex.o OPENSSL_sk_insert test/rsa_complex.o OPENSSL_sk_deep_copytest/rsa_complex.o OPENSSL_sk_find_ex test/rsa_complex.o ld: fatal: symbol referencing errors. No output written to test/rsa_complex gmake[1]: *** [Makefile:3561: test/rsa_complex] Error 2 gmake[1]: Leaving directory '/usr/local/build/openssl-1.1.1a_SunOS5.10_sparc64vii+.005' gmake: *** [Makefile:169: all] Error 2 corv $ Attempts to use C99 and strict CFLAGS simply falls into a hell with some oddball strcmpcase function issue regardless if I use strings.h or not so let's just stay here and try to figure out what do I need to do to get a debug non-stripped and not optimized build out of 1.1.1a? Certainly did not have these issues with 1.1.1 or any of the pre-release versions. Not that I recall. So .. any thoughts? Dennis -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] What to do with deprecation errors
The "which package depends on which openssl ver" issue's been around a long time. FWIW, in general, I *never* touch openssl libs/headers in the default distro path, /usr. Just leave that alone -- too many distro packages (still) make (invalid) assumptions about that being the only/preferred openssl version. Also, some-not-all distros include /usr/local/ libs & headers in search path; with a higher priority than /usr. Drop the 'wrong version' there, and you can cause yourself similar headaches. Instead, I build openssl versions into standalone-dirs. E.g., /usr/local/openssl102 /usr/local/openssl110 /usr/local/openssl111 and then build any apps I want/need to use a specific version with appropriate CFLAGS/CPPFLAGS/INCLUDE, as well as LIBS with rpath. Yes, it's a slog. But for my use, it's been the only way to manage the mess. With the release of openssl 111, I suspect/hope things will begin to stabilize in app-land; but, I'm not holding my breath. And, of course, different strokes ... -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] What to do with deprecation errors
If the compiler found opensslconf.h in /usr/include/x86_64-linux-gnu/openssl/, that usually means you have an distribution openssl package installed, one that other programs are relying on. Depending on the version of that package, you may have screwed things up or not. If you're lucky, things will go smoothly, but be warning that your "installation" probably will get overwritten next time you do an update that affects the openssl package. For custom installations, I'd suggest using the /usr/local tree. This is what the default OpenSSL configuration + make install does. Cheers, Richard In message <1540233767.4886.24.ca...@taygeta.com> on Mon, 22 Oct 2018 11:42:47 -0700, Skip Carter said: > Found the problem! > Thanks to Selva for pointing the way. > > The compiler was looking for opensslconf.h (and only this file, not any > other header files) at /usr/include/x86_64-linux- > gnu/openssl/opensslconf.h when I copied > /usr/include/openssl/opensslconf.h to that location, everything worked. > The -E flag gave it away (it was buried in the cpp output too, but > was easy to miss). > > > On Mon, 2018-10-22 at 14:00 -0400, Selva Nair wrote: > > On Mon, Oct 22, 2018 at 1:51 PM Skip Carter wrote: > > > > > > Yes the macro is there, its just not being expanded by the pre- > > > compiler. > > > > All these tests say the same thing that you are picking up a wrong > > (old) header. > > > > So do: > > > > gcc -E your-program.c | grep opensslconf.h > > > > Then check whether the one it picks up is the right one and has > > the macro defined. > > > > Selva > -- > Skip Carter > Taygeta Scientific Inc. > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] What to do with deprecation errors
Ah, I guess it wanted you to also compile OpenSSL for i386 and putting that (different!) opensslconf.h in the i386-specific directory. That also means you should have moved opensslconf.h to the subdir, not copied it. On 22/10/2018 20:42, Skip Carter wrote: Found the problem! Thanks to Selva for pointing the way. The compiler was looking for opensslconf.h (and only this file, not any other header files) at /usr/include/x86_64-linux- gnu/openssl/opensslconf.h when I copied /usr/include/openssl/opensslconf.h to that location, everything worked. The -E flag gave it away (it was buried in the cpp output too, but was easy to miss). On Mon, 2018-10-22 at 14:00 -0400, Selva Nair wrote: On Mon, Oct 22, 2018 at 1:51 PM Skip Carter wrote: Yes the macro is there, its just not being expanded by the pre- compiler. All these tests say the same thing that you are picking up a wrong (old) header. So do: gcc -E your-program.c | grep opensslconf.h Then check whether the one it picks up is the right one and has the macro defined. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users