The config script needs to use gcc -dumpversion
instead of gcc --version to determine the gcc version.
gcc-3.1 outputs a bunch of text with --version, but
just the number with -dumpversion, which also works for
gcc-2.95.
Sorry if this is old news, which it may be.
-Allen Hopkins
UCBerkeley
[[EMAIL PROTECTED] - Thu Jun 13 08:34:54 2002]:
The config script needs to use gcc -dumpversion
instead of gcc --version to determine the gcc version.
gcc-3.1 outputs a bunch of text with --version, but
just the number with -dumpversion, which also works for
gcc-2.95.
Sounds like a
Hello,
I'm trying to use the AES algorithm of 0.9.7beta in my own program.
For setting the key schedule there are 2 apis:
AES_set_encrypt_key()
and
AES_set_decrypt_key()
Initially I used both of the fxns and set the same userkey to 2 different
schedules, one for encrypting and the other for
[jaenicke - Wed Jun 12 22:19:22 2002]:
The manual page about
SSL_CTX_set_client_cert_cb was simply wrong.
What in hell did I smoke when
writing it? Or was it simply too late
at night??
Anyway, I have just checked in
a new version:
If a certificate was already set, the client_cert_cb
[guest - Thu Jun 13 10:52:54 2002]:
if this callback is
called only once, how can we assure TLS compliance ? I thought that it
should be possible
to react to a servers request by dynamically choosing from the list of
acceptable CA's
it attaches ?
The certificate (and private key)
Hi,
I'm doing some experiment on openssl-0.9.7-stable-SNAP-20020421.
I replaced the AES code (the original AES code) with
Brian Gladman's AES code (with some modification).
(http://fp.gladman.plus.com/cryptography_technology/rijndael/)
Then, I measure my new implementation's speed using
[[EMAIL PROTECTED] - Fri Jun 7 14:22:15 2002]:
even though Netscape still works, this should be considered a bug
since
IE is now broken when in the past it worked fine
It is a bug in IE, not in OpenSSL. Note that the problem is avoided
when using RC4 ciphersuites, and these are typically
On Sat, Jun 01, 2002 at 01:18:35PM +0100, Ben Laurie wrote:
Also, the thread id may be used elsewhere - is there any point if its
actually the PID?
Applications that are actually multi-threaded should (and indeed, on
most platforms, must) use CRYPTO_set_id_callback() so that OpenSSL can
use
-BEGIN PGP SIGNED MESSAGE-
Thanks for the insights. I'm looking forward to the next versions... :-)
Best regards,
Erik
- -Original Message-
From: Lutz Jaenicke via RT [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 11:03 AM
To: Sohns Erik
Cc: [EMAIL PROTECTED]
Lutz,
I will create a patch against openssl-0.9.7-STABLE-snap-020612 with the gcc
change
and the __LP__ check for 64bit HPUX. If I get time I may look at dynamic
linking.
Cheers,
Ross
-
Ross Alexander
[[EMAIL PROTECTED] - Thu Jun 6 18:39:34 2002]:
[...]
It appears the openssl guys goofed in 0.97beta. The prototype for the
d2i_RSAPrivateKey function in 0.9.6c, which I use, is like this:
d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
ie., without a const on
[levitte - Wed Jun 5 15:31:44 2002]:
A little more analysis seems to indicate that X509_EXTENSION isn't
properly coded, since freeing it requires a dive into the
OCTET_STRING (or whatever that translates to) and free whatever
that's pointing to.
The code in question is
[jaenicke - Mon Jun 10 17:42:40 2002]:
I have made some further modifications: I did not like the direct use
of
2 23 42 for SET (even though correct of course) but wanted to build
the
tree from the root.
While doing this I noted, that the CCITT has long since been renamed
to ITU-T.
I
If you run 's_client' with the '-debug' option, you will see that
this server (ebmx.extra.daimlerchrysler.com:443) sends a cleartext
string starting with 'HTTP/' when it is supposed to send SSL 3.0
encrypted data. This is where the 'wrong version number' error
message comes from -- 0x54 0x54
If you run 's_client' with the '-debug' option, you will see that
this server (ebmx.extra.daimlerchrysler.com:443) sends a cleartext
string starting with 'HTTP/' when it is supposed to send SSL 3.0
encrypted data. This is where the 'wrong version number' error
message comes from -- 0x54 0x54
Lutz,
Here is the patch for config. I'm not sure if the 32bit/64bit gcc test is
really in the right place, but its not too bad.
(See attached file: config.diff)
Cheers,
Ross
-
Ross Alexander
Satria Bakti (13297096) wrote:
Hi,
I'm doing some experiment on openssl-0.9.7-stable-SNAP-20020421.
I replaced the AES code (the original AES code) with
Brian Gladman's AES code (with some modification).
(http://fp.gladman.plus.com/cryptography_technology/rijndael/)
Then, I measure my
[[EMAIL PROTECTED] - Mon Jun 10 12:25:27 2002]:
It seems that in the latest snapshots in crypto/x509v3/ext_dat.h,
the table standard_exts ist not sorted correctly.
crl_hold should be after sinfo.
v3_crl_hold :
#define NID_hold_instruction_code 430
v3_sinfo :
[[EMAIL PROTECTED] - Thu Jun 6 08:59:53 2002]:
The doc says :
Create an OCSP request and write it to a file:
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout
req.der
In my test, I try to do exactly that with :
openssl ocsp -issuer ocsp_ca.pem -cert
Ok, I have checked in your changes with some minor adjustments.
Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
Bodo Moeller wrote:
On Sat, Jun 01, 2002 at 01:18:35PM +0100, Ben Laurie wrote:
Also, the thread id may be used elsewhere - is there any point if its
actually the PID?
Applications that are actually multi-threaded should (and indeed, on
most platforms, must) use
In message [EMAIL PROTECTED] on Sun, 9 Jun
2002 18:51:25 -0700 (PDT), Doug Kaufman [EMAIL PROTECTED] said:
dkaufman On 6 June 2002, Richard Levitte wrote:
dkaufman [...]
dkaufman @@ -1226,6 +1230,50 @@
dkaufmanclose(IN);
dkaufmanclose(OUT);
dkaufman
dkaufman +my $dir;
dkaufman
In message [EMAIL PROTECTED] on Thu, 13 Jun 2002
21:08:37 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said:
levitte dkaufman The one problem I still see is with point.sh. It works for
levitte dkaufman DJGPP, but won't work for other systems without symbolic
levitte dkaufman
In message [EMAIL PROTECTED] on Thu, 13 Jun 2002
21:08:37 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said:
Apropos point.sh, does the ln command exist at all in the DJGPP
environment? And if it exists, would it be possible to test that it
works properly with the -s switch,
I finally committed most of your changes. Please download the next
snapshot of 0.9.7 and check that it works as intended.
I'm keeping this ticket open until you have confirmed that it works
(perhaps after further changes).
--
Richard Levitte
[EMAIL PROTECTED]
I went for a different solution. Since the problem was the sed that
takes away all the crap before the version number, I changed it to
have the dash be part of the character set to remove instead of
having it as a mandatory character after said set. That should
resolve this ticket. Reopen
I've just added the changes you suggested, and made a tentative
addition in 0.9.7 as well, where I mimic the way Cygwin is configured.
Please download the next snapshot of both 0.9.6 and 0.9.7 and test
them.
--
Richard Levitte
[EMAIL PROTECTED]
Greetings,
I'm not being successful in compiling openssl-0.9.6d on solaris 9 with
gcc 3.1.
I have gcc3.1 for solaris 8 installed in /usr/local and gcc3.1 natively
compiled for solaris 9 in /usr/local/gcc-3.1. here's my env:
when I try to compile using gcc for solaris 9:
On Thu, 13 Jun 2002, Richard Levitte via RT wrote:
I finally committed most of your changes. Please download the next
snapshot of 0.9.7 and check that it works as intended.
I'm keeping this ticket open until you have confirmed that it works
(perhaps after further changes).
Thanks. I'll
Thus spake Ben Laurie:
Satria Bakti (13297096) wrote:
Hi,
I'm doing some experiment on openssl-0.9.7-stable-SNAP-20020421.
I replaced the AES code (the original AES code) with
Brian Gladman's AES code (with some modification).
On Thu, 13 Jun 2002, Richard Levitte - VMS Whacker wrote:
Apropos point.sh, does the ln command exist at all in the DJGPP
environment? And if it exists, would it be possible to test that it
works properly with the -s switch, say in terms of exit codes?
Something like this could be possible
This problem described here:
http://marc.theaimsgroup.com/?l=openssl-devm=99720385817987w=2
Still exists in 0.9.6d release..when can this be expected to be fixed?
--Jani
__
OpenSSL Project
On Thu, 13 Jun 2002, Doug Kaufman wrote:
On Thu, 13 Jun 2002, Richard Levitte - VMS Whacker wrote:
[snip]
Is it '-fR' that you're refering to? I agree... Would it be possible
to reimplement the recursive part in terms of sh (removes the need for
-R), and then use rm to remove each
33 matches
Mail list logo