The handling of the thisupd and nextupd pointers in make_ocsp_response()
is incorrect. The pointers should be the first parameter of
x509_gmtime_adj(), rather than the return value.
I've attached a patch that fixes this.
-John
Hi
Our's is a Proxy Server SSL enabled multithreaded application.
We are running on solaris operating system.
we are using OpenSSL library [ openssl-0.9.6 ]
we have serverCA and root CA certificate at the Proxy server application.
our application dumps in ssl_connect during certificate chain
[[EMAIL PROTECTED] - Thu Jan 30 09:08:11 2003]:
The handling of the thisupd and nextupd pointers in
make_ocsp_response()
is incorrect. The pointers should be the first parameter of
x509_gmtime_adj(), rather than the return value.
Why do you think it's incorrect? Have you checked what
Thanks for the report and the patch. I applied it almost verbatim.
This ticket is now resolved.
[[EMAIL PROTECTED] - Sat Jan 25 18:18:47 2003]:
Hi,
I found a memory leak in openssl (version 0.9.6h). I've reproduced it
with demos/bio/saccept.c.
openssl-0.9.6h/demos/bio$ valgrind
Thanks for the report, I just committed a fix, which will be present in 0.9.7a.
This ticket is now resolved.
--
Richard Levitte
__
OpenSSL Project http://www.openssl.org
Development Mailing List
[levitte - Thu Jan 30 11:21:30 2003]:
[[EMAIL PROTECTED] - Thu Jan 30 09:08:11 2003]:
The handling of the thisupd and nextupd pointers in
make_ocsp_response()
is incorrect. The pointers should be the first parameter of
x509_gmtime_adj(), rather than the return value.
Why do you
[[EMAIL PROTECTED] - Thu Jan 30 09:28:31 2003]:
Hi
Our's is a Proxy Server SSL enabled multithreaded application.
We are running on solaris operating system.
we are using OpenSSL library [ openssl-0.9.6 ]
we have serverCA and root CA certificate at the Proxy server
application.
OK, I looked at the no-engine patch again, and really saw no harm in it, so it's
committed, and will be part of all release from 0.9.7a and on (as well as the current
0.9.7 and main snapshots).
This ticket is now resolved.
--
Richard Levitte
No further reaction, so I'm making this ticket stalled.
[levitte - Fri Dec 13 16:47:19 2002]:
No further reactions, so I'm moving this to 0.9.7a.
[[EMAIL PROTECTED] - Wed Dec 4 16:14:25 2002]:
I asked Eric Rescorla, and he agreed the section of the TLS RFC was
definitely unclear, but
Why does this matter?
[[EMAIL PROTECTED] - Mon Jan 27 19:20:17 2003]:
I've checked over the snapshot that was current on or about 14-Jan-
2003.
It builds OK.
In the original 0.9.7.tar.gz there were symbolic links already present
in include/openssl, and they are not removed by make clean.
It's not supposed to. It's only under unusual circumstances that this needs updating,
and it should be done in the original source directory anyway.
[[EMAIL PROTECTED] - Mon Jan 27 19:48:27 2003]:
In the original 0.9.7 release there also seems to be some
configuration
remnants left in the
Hmm, mind if I skip the freebsd-shared: part? It doesn't seem to be used anywhere
anyway...
[[EMAIL PROTECTED] - Sun Jan 12 23:00:37 2003]:
Hi,
In order to support compilation on FreeBSD I have to suggest some
patches.
Please revise and send me comment.
regesssion test
[[EMAIL PROTECTED] - Tue Jan 28 11:07:34 2003]:
And (while i'm at it) another thing to mention:
While we're mentioning stuff, I'd like to mention that we can handle bug reports much
better if there's only *one* bug per report. Please keep that in mind in the future.
I'm using openssl with
* Richard Levitte via RT ([EMAIL PROTECTED]) wrote:
OK, I looked at the no-engine patch again, and really saw no harm in it, so it's
committed, and will be part of all release from 0.9.7a and on (as well as the current
0.9.7 and main snapshots).
This ticket is now resolved.
Erm, I think
I suspect it doesn't really matter if the links are made only for files that are not
already links.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
In message [EMAIL PROTECTED] on Thu, 30 Jan 2003 13:33:59 -0500,
Geoff Thorpe [EMAIL PROTECTED] said:
geoff Erm, I think there's a fundemantal problem with this. I understand the
geoff desire to build a version of openssl such that it doesn't include the
geoff engine footprint, nor its execution
The best you can do at present is to either use the
DER option in 0.9.7
if you know the encoding or the new mini-ASN1
compiler of 0.9.8. Neither
of which is particularly easy to do.
What do you mean the DER option in 0.9.7? Do I modify
the IP address to DER and put it in the config file?
I'm using openssl with stunnel.
When i'm running stunnel as a service, RAND_poll in
rand_win.c can't
work, as
it needs features not available under the SYSTEM account without a
user logged in
(i.e. the UI features) so it dropped all the stuff except for the
CryptAcquireContext
I'm using openssl with stunnel.
When i'm running stunnel as a service, RAND_poll in
rand_win.c can't
work, as
it needs features not available under the SYSTEM account without a
user logged in
(i.e. the UI features) so it dropped all the stuff except for the
CryptAcquireContext
[[EMAIL PROTECTED] - Thu Jan 30 20:06:27 2003]:
The best you can do at present is to either use the
DER option in 0.9.7
if you know the encoding or the new mini-ASN1
compiler of 0.9.8. Neither
of which is particularly easy to do.
What do you mean the DER option in 0.9.7? Do I
[[EMAIL PROTECTED] - Fri Nov 1 16:57:20 2002]:
Notes on documentation files:
- The FAQ (Why does the OpenSSL compilation fail on
Win32 with VC++?)refers to using VCVARS32.BAT. That
is the correct name for VC++6. For VS.NET (think of it
as 'VC++7'), the name is VSVARS32.BAT instead.
-
Any more thoughts on this issue?
--
Richard Levitte
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
On Thu, Jan 30, 2003 at 10:09:22PM +0100, Richard Levitte via RT wrote:
Any more thoughts on this issue?
The problem is not yet solved. Using the global error stack as error indicator
instead of correctly passing state back via return values is a design flaw.
It happend to make problems in
OK...
[jaenicke - Thu Jan 30 22:21:50 2003]:
On Thu, Jan 30, 2003 at 10:09:22PM +0100, Richard Levitte via RT
wrote:
Any more thoughts on this issue?
The problem is not yet solved. Using the global error stack as error
indicator
instead of correctly passing state back via return
Hello Richard,
Richard Levitte via RT wrote:
It's unfortunate that cryptoki.h is GPLd, or I would put it in our
contribution area.
GPL is not compatible with the OpenSSL license. Is it possible to
get a
different cryptoki.h?
I got the original cryptoki.h which is not GPLd from RSA and
__
[EMAIL PROTECTED]
Bull TrustWay RD, France
http://www.servers.bull.com/trustway
__
OpenSSL Project http://www.openssl.org
Development Mailing List
I applied your changes, to be committed as soon as my tests get through. Please try
the next snapshot and send in a new bug report if it still doesn't work properly.
This ticket is now resolved.
[[EMAIL PROTECTED] - Tue Nov 26 09:37:12 2002]:
Below msg is a re-send to the correct address
Since the 0.9.6 branch is now dead, I suggest this ticket gets killed.
[steve - Sat Jan 11 02:13:30 2003]:
[[EMAIL PROTECTED] - Fri Jan 10 15:10:09 2003]:
Ugh, can't quote the original message...
This refers to OpenSSL 0.9.6X which does indeed only show the DN of
the
CSR (or pseudo
Will anything happen with this?
[[EMAIL PROTECTED] - Sat Jan 18 11:02:31 2003]:
I already answered this once, but it didn't come through for some
reason...
+ sx6, cc:-g -DTERMIOS::(unknown):::SIXTY_FOUR_BIT DES_INT:::,
No optimization? Not even lousy -O?
-g overrides any
Hmm, BIO_socket_ioctl() should really take a void* instead of an unsigned long *.
Then, BIO_socket_nbio() should send a pointer to an int instead of a pointe to a long.
The latter can be done anyway and pushed through useing a cast (ugly), or we could
change that last argument type to
Stephen Henson via RT wrote:
However a bug was introduced into 0.9.7 ASN1_TIME_to_generalizedtime()
which causes problems in this conversion. This change would work around
the problem without addressing the underlying cause.
Since the ASN1_TIME_to_generalizedtime() bug has now been fixed in
Stephen Henson via RT wrote:
However a bug was introduced into 0.9.7 ASN1_TIME_to_generalizedtime()
which causes problems in this conversion. This change would work around
the problem without addressing the underlying cause.
Since the ASN1_TIME_to_generalizedtime() bug has now been fixed
[steve - Thu Jan 30 20:44:34 2003]:
[[EMAIL PROTECTED] - Thu Jan 30 20:06:27 2003]:
What do you mean the DER option in 0.9.7? Do I modify
the IP address to DER and put it in the config file?
subjectAltName=IP:DER:DER encoding of IPv6 address
Is there some examples of doing
[steve - Thu Jan 30 20:44:34 2003]:
However no version of OpenSSL will currently display that correctly.
This isn't very friendly and proper IPv6 support will be added at some
stage.
Do you have any ideia when?
__
OpenSSL
In message [EMAIL PROTECTED] on Fri, 31 Jan 2003 04:59:36
+0100 (MET), via RT [EMAIL PROTECTED] said:
rt
rt [steve - Thu Jan 30 20:44:34 2003]:
rt
rt However no version of OpenSSL will currently display that correctly.
rt
rt This isn't very friendly and proper IPv6 support will be added
In message [EMAIL PROTECTED] on Fri, 31 Jan 2003 04:59:36
+0100 (MET), via RT [EMAIL PROTECTED] said:
rt
rt [steve - Thu Jan 30 20:44:34 2003]:
rt
rt However no version of OpenSSL will currently display that correctly.
rt
rt This isn't very friendly and proper IPv6 support will be added
for num 15 .. always get the same result.. and it's larger than
expected...
We are using small primes to verify the correctness of our system.
thanks,
Cameron
#include openssl/bn.h
#include stdio.h
/*
* @author Cameron Gregory, http://www.bloke.com/
*/
char *me=NULL;
int debug=0;
int
37 matches
Mail list logo
