[openssl.org #641] Problem with include file !!!
Hallo, I have trouble with the header files in openssl distribution and I would like to ask you for hints. I am compiling smime-0.7 util of Sampo and the compiling said errors with a non-existed member named req_kludge in X509_REQ_INFO structure in include/openssl/x509.h file. This happened with the openssl-0.9.7b distribution. If I do compile on other PC with openssl-0.9.6b-18 (RedHat 7.3), every things are ok. I compared the two header file (x509.h) of these distribtions and see that in the 0.9.6b-18, the structure X509_REQ_INFO has member int req_kludge but the version 0.9.7b hasn't. I don't know why they are diffirent and what req_kludge is for? And if I build other applications, what should I do to make these applications can be cross compile with diffirent openssl library? Hope to receive your hints as soon as possible. Thanks in advanced. Best regard, --- Trinh Anh Tuan - CMO-CFTI/NACENTECH Ministry of Science Technologies Off. Tel.: (84-4) 8541197 - Off. Fax: (84-4) 8548187 CellPhone: (84) 913-323266 --- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MS CAPI OpenSSL Engine?
In summary the MS CAPI engine provides: - Support for RSA signing and verification operations that will work w/ non-exportable MS CAPI private keys, should work with any CAPI-compliant HW token (testing it w/ Rainbow iKey's this week) - Full access to any MS CAPI keystore, implemented a certificate lookup library that implements the X509_LOOKUP_METHOD interface (thus when verifying the certificate chain the MS CAPI Root and CA keystores can be used) - Engine interface to MS CAPI random number generator - SSL interface to allow visual selection of client certificate during negotiation phase (IE/Mozilla style, using an SSL (undocumented?) hook) --- Frédéric_Giudicelli [EMAIL PROTECTED] wrote: I already did this announce, but nobody seemed to care at the time :) I developed some BIO support for the MS SSPI, allowing to initiate from openssl some SSL connection using a MS PCERT_CONTEXT, I would gladely provide it to the OpenSSL project. Does your engine provide access to the certificate, or just the RSA bi-key ? Frédéric Giudicelli http://www.newpki.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MS CAPI OpenSSL Engine?
Ok. Didn't you have to many problems with the PADDING ? If I recall well CAPI doesn't suppport all the PADDINGS used by opnessl. Frédéric Giudicelli http://www.newpki.org - Original Message - From: Bryce Howard [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 9:20 AM Subject: Re: MS CAPI OpenSSL Engine? In summary the MS CAPI engine provides: - Support for RSA signing and verification operations that will work w/ non-exportable MS CAPI private keys, should work with any CAPI-compliant HW token (testing it w/ Rainbow iKey's this week) - Full access to any MS CAPI keystore, implemented a certificate lookup library that implements the X509_LOOKUP_METHOD interface (thus when verifying the certificate chain the MS CAPI Root and CA keystores can be used) - Engine interface to MS CAPI random number generator - SSL interface to allow visual selection of client certificate during negotiation phase (IE/Mozilla style, using an SSL (undocumented?) hook) --- Frédéric_Giudicelli [EMAIL PROTECTED] wrote: I already did this announce, but nobody seemed to care at the time :) I developed some BIO support for the MS SSPI, allowing to initiate from openssl some SSL connection using a MS PCERT_CONTEXT, I would gladely provide it to the OpenSSL project. Does your engine provide access to the certificate, or just the RSA bi-key ? Frédéric Giudicelli http://www.newpki.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: possible problems with RAND_seed()
On Mon, Jun 09, 2003 at 04:41:01PM -0400, [EMAIL PROTECTED] wrote: I had a 32-bit application that was working fine, but when i compiled it as 64-bit, it started to fail. I was getting this error: PRNG not seeded. I read the documents and FAQ, and it states that the library needs to be seed with at least 128 bits (16 bytes?). I was seeding it with a 22 byte string. Like i said, this was fine in 32-bit mode, but not in 64-bit mode. I started using the RAND_status() function to check this out. I ended up just seeding it with twice the amount (32 bytes of data) and that was enough for the library. I didn't bother trying to find any bounds for it. Anyway, i thought you people might like to konw about this. Maybe the document doesn't properly reflect the implementation. Can you give more information about versions, platform etc? (As of 0.9.7, 32byte are required because AES with 256bit=32byte is integrated) Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: AES counter mode
I agree with you about the way to build the initial ctr value from the nonce value. My question is different : whithin the encryption of a whole plaintext message (so a big block to be divided into 128 bit length blocks) , why to increment ctr by 2^64 instead of 1 from block to block ? My understanding of the operation is : - increment nonce by one from messages to messages (so this is a 2^64 step if considering ctr) - but for each message: - build initial ctr from the nonce value - increment ctr by 1 from block to block Thierry boivin At 07:23 06/06/03 -0700, you wrote: Thierry Boivin wrote: Hello, I am trying to play with AES crypto in counter mode. Using the crypto library against reference vectors found in IPSec RFC fails until the incrementation function (AES_ctr128_inc()) is modified in order to get a +1 step instead of a +2^64 step. Where does the actual increment by 2^64 come from ? Read the documents on AES counter mode. The counter is a 64-bit counter but the blocksize is 128, and the convention is that the counter is a Big Endian number with only the MSW used. [from Lipmaa, Rogaway Wagner] In the recommended usage scenario, the party encrypting maintains an integer counter, nonce, initially 0, and produces the string ctr as the 128-bit string which encodes the number nonce * 2^64. Don't ask me *why* it's that way -- the choice of a mere 64 bits is clearly done in order to avoid a well-known attack against stream ciphers, since one can begin to distinguish a stream from random after 2^90 or so samples. Maybe the Big Endian choice is a subtle protest against Wintel? -- Well, Brahma said, even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred. - The Mahabharata __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MS CAPI OpenSSL Engine?
For one I know CAPI doesn't support OAEP yet (not part of the TLS spec, right?) but yes I was confused by the padding they used. Eventually I realized that the padding the MS CAPI uses is dependent upon the context of the RSA operation, signing or key-exchange. When encrypting w/ the public key PKCS #1 type 2 is used, when encrypting w/ the private key PKCS #1 type 1 is used (for some this is overtly obvious). I ultimately got around my own confusion by implementing the new sign/verify hooks of the OpenSSL engine interface, directly interfacing to the analogous calls of MS CAPI. As a bit of trivia the MS CAPI has reserved an OAEP flag but of course it is documented that it's perfectly useless (thanks for nothing MS). --- Frédéric_Giudicelli [EMAIL PROTECTED] wrote: Ok. Didn't you have to many problems with the PADDING ? If I recall well CAPI doesn't suppport all the PADDINGS used by opnessl. Frédéric Giudicelli http://www.newpki.org - Original Message - From: Bryce Howard [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 9:20 AM Subject: Re: MS CAPI OpenSSL Engine? In summary the MS CAPI engine provides: - Support for RSA signing and verification operations that will work w/ non-exportable MS CAPI private keys, should work with any CAPI-compliant HW token (testing it w/ Rainbow iKey's this week) - Full access to any MS CAPI keystore, implemented a certificate lookup library that implements the X509_LOOKUP_METHOD interface (thus when verifying the certificate chain the MS CAPI Root and CA keystores can be used) - Engine interface to MS CAPI random number generator - SSL interface to allow visual selection of client certificate during negotiation phase (IE/Mozilla style, using an SSL (undocumented?) hook) --- Frédéric_Giudicelli [EMAIL PROTECTED] wrote: I already did this announce, but nobody seemed to care at the time :) I developed some BIO support for the MS SSPI, allowing to initiate from openssl some SSL connection using a MS PCERT_CONTEXT, I would gladely provide it to the OpenSSL project. Does your engine provide access to the certificate, or just the RSA bi-key ? Frédéric Giudicelli http://www.newpki.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MS CAPI OpenSSL Engine?
Bryce Why not make the MS CAPI engine available for download. We are interested and I suspect quite a few others would have an interest also. I suspect a lot of people are interested but don't want to admit they use Microsoft. You know, only the big boys use OpenSSL on UNIX. However, the truth is, over 80% of all OpenSSL usage is on Microsoft Windows! Ken In summary the MS CAPI engine provides: - Support for RSA signing and verification operations that will work w/ non-exportable MS CAPI private keys, should work with any CAPI-compliant HW token (testing it w/ Rainbow iKey's this week) - Full access to any MS CAPI keystore, implemented a certificate lookup library that implements the X509_LOOKUP_METHOD interface (thus when verifying the certificate chain the MS CAPI Root and CA keystores can be used) - Engine interface to MS CAPI random number generator - SSL interface to allow visual selection of client certificate during negotiation phase (IE/Mozilla style, using an SSL (undocumented?) hook) --- Frédéric_Giudicelli [EMAIL PROTECTED] wrote: I already did this announce, but nobody seemed to care at the time :) I developed some BIO support for the MS SSPI, allowing to initiate from openssl some SSL connection using a MS PCERT_CONTEXT, I would gladely provide it to the OpenSSL project. Does your engine provide access to the certificate, or just the RSA bi-key ? Frédéric Giudicelli http://www.newpki.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-398-0221 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: changes in HASH_UPDATE()
Satoshi Inoue wrote: Hi all, Hi Satoshi, I've been looking into the recent (well, what's recent you might say but never mind ;) changes made in CVS repository, and found this: - http://cvs.openssl.org/chngview?cn=9280 What will be an impact of not applying this fix (other than uninitialized memory read, of course :) ? The only reason for this patch is (as far as I remember) to avoid annoying Purify warnings (btw: this part could be included in '#ifdef PURIFY' statement). Is there any possibility of this to actually happen It can happen, but it doesn't really matter (because the uninitialized memory will be overwritten immediately after that anyway (but Purify is not clever enough to see that)). Regards, Nils __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: possible problems with RAND_seed()
Title: RE: possible problems with RAND_seed() Sorry, i forgot that part. I am running 0.9.7b on Solaris 7 64-bit. And that makes sense about AES requiring 32 bytes. My 32-bit version was an older version, 0.9.6e i think. So it would still only use the128 bits. Thanks for clearing that up. -Original Message- From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 10, 2003 4:04 AM To: [EMAIL PROTECTED] Subject: Re: possible problems with RAND_seed() On Mon, Jun 09, 2003 at 04:41:01PM -0400, [EMAIL PROTECTED] wrote: I had a 32-bit application that was working fine, but when i compiled it as 64-bit, it started to fail. I was getting this error: PRNG not seeded. I read the documents and FAQ, and it states that the library needs to be seed with at least 128 bits (16 bytes?). I was seeding it with a 22 byte string. Like i said, this was fine in 32-bit mode, but not in 64-bit mode. I started using the RAND_status() function to check this out. I ended up just seeding it with twice the amount (32 bytes of data) and that was enough for the library. I didn't bother trying to find any bounds for it. Anyway, i thought you people might like to konw about this. Maybe the document doesn't properly reflect the implementation. Can you give more information about versions, platform etc? (As of 0.9.7, 32byte are required because AES with 256bit=32byte is integrated) Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
disconnect
Hi, Why SSL connection is not broken even if I call SSL_free and SSL_CTX_free ? Lukasz Wójcicki e-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: AES counter mode
Thierry Boivin wrote: I agree with you about the way to build the initial ctr value from the nonce value. My question is different : whithin the encryption of a whole plaintext message (so a big block to be divided into 128 bit length blocks) , why to increment ctr by 2^64 instead of 1 from block to block ? My understanding of the operation is : - increment nonce by one from messages to messages (so this is a 2^64 step if considering ctr) - but for each message: - build initial ctr from the nonce value - increment ctr by 1 from block to block C'est votre compréhension et non votre accord que nous attendons! Incrementing by 2^64 is incrementing the most significant 64-bit word by 1. -- Well, Brahma said, even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred. - The Mahabharata __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Submitting a Patch
I have a patch ready to be submitted which will add NetWare support to OpenSSL 0.9.7. I have tested it with the latest snapshots and everything is looking good. I would like the patch to go into the 0.9.8 branch as well as the 0.9.7 branch, but when I downloaded the latest snapshot (6-10) for 0.9.8 it doesn't compile for Windows (before applying my patch). How should I go about creating a patch file for 0.9.8? Are the snapshots normally stable? or do I just work with what is there even if it doesn't compile? or do I not need to worry about 0.9.8 yet? BTW, the code won't compile because it does not find the include file openssl/store.h which is referenced by engine.h Verdon Walker (801) 861-2633 [EMAIL PROTECTED] Novell, Inc., the leading provider of information solutions http://www.novell.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MS CAPI OpenSSL Engine?
Yes I for one am interested. - Joel Daniels - Original Message - From: Kenneth R. Robinette [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 6:41 AM Subject: Re: MS CAPI OpenSSL Engine? Bryce Why not make the MS CAPI engine available for download. We are interested and I suspect quite a few others would have an interest also. I suspect a lot of people are interested but don't want to admit they use Microsoft. You know, only the big boys use OpenSSL on UNIX. However, the truth is, over 80% of all OpenSSL usage is on Microsoft Windows! Ken In summary the MS CAPI engine provides: - Support for RSA signing and verification operations that will work w/ non-exportable MS CAPI private keys, should work with any CAPI-compliant HW token (testing it w/ Rainbow iKey's this week) - Full access to any MS CAPI keystore, implemented a certificate lookup library that implements the X509_LOOKUP_METHOD interface (thus when verifying the certificate chain the MS CAPI Root and CA keystores can be used) - Engine interface to MS CAPI random number generator - SSL interface to allow visual selection of client certificate during negotiation phase (IE/Mozilla style, using an SSL (undocumented?) hook) --- Frédéric_Giudicelli [EMAIL PROTECTED] wrote: I already did this announce, but nobody seemed to care at the time :) I developed some BIO support for the MS SSPI, allowing to initiate from openssl some SSL connection using a MS PCERT_CONTEXT, I would gladely provide it to the OpenSSL project. Does your engine provide access to the certificate, or just the RSA bi-key ? Frédéric Giudicelli http://www.newpki.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-398-0221 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MS CAPI OpenSSL Engine?
I was afraid I was duplicating something else out there, seems that this is not so. I will clean up the code a bit this week and submit it with the method that Geoff suggested. --- Kenneth R. Robinette [EMAIL PROTECTED] wrote: Bryce Why not make the MS CAPI engine available for download. We are interested and I suspect quite a few others would have an interest also. I suspect a lot of people are interested but don't want to admit they use Microsoft. You know, only the big boys use OpenSSL on UNIX. However, the truth is, over 80% of all OpenSSL usage is on Microsoft Windows! Ken __ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-398-0221 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MS CAPI OpenSSL Engine?
On Tue, Jun 10, 2003, Bryce Howard wrote: I was afraid I was duplicating something else out there, seems that this is not so. I will clean up the code a bit this week and submit it with the method that Geoff suggested. I have also written a CAPI ENGINE but it had to do various evil things to support the necessary functionality (such as writing ctrl data to stdout) so I didn't want to release it lest such foul hacks should define a 'standard'. One problem was finding a generic way to return values from ctrls in an ENGINE without implementation specific ctrls. I wouldn't recommend use of X509_LOOKUP, it is fatally broken and due to be replaced in 0.9.8 and later. This could be a good test for the new store functionality. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Submitting a Patch
In message [EMAIL PROTECTED] on Tue, 10 Jun 2003 11:17:02 -0600, Verdon Walker [EMAIL PROTECTED] said: VWalker I have a patch ready to be submitted which will add NetWare support to VWalker OpenSSL 0.9.7. I have tested it with the latest snapshots and everything VWalker is looking good. I would like the patch to go into the 0.9.8 branch as VWalker well as the 0.9.7 branch, but when I downloaded the latest snapshot VWalker (6-10) for 0.9.8 it doesn't compile for Windows (before applying my VWalker patch). How should I go about creating a patch file for 0.9.8? Are the VWalker snapshots normally stable? or do I just work with what is there even if VWalker it doesn't compile? or do I not need to worry about 0.9.8 yet? Let us at least look at the patch. If the 0.9.7 patch is big or affects binary compatibility with earlier 0.9.7 versions, the chance that it will be committed is rather slim. VWalker BTW, the code won't compile because it does not find the include file VWalker openssl/store.h which is referenced by engine.h Ah, yes, that's my project for tursday, to figure out why store.h isn't copied along with all other public header files... -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #641] AutoReply: Problem with include file !!!
--- Trinh Anh Tuan - CMO-CFTI/NACENTECH Ministry of Science Technologies Off. Tel.: (84-4) 8541197 - Off. Fax: (84-4) 8548187 CellPhone: (84) 913-323266 --- - Original Message - From: OpenSSL-Bugs [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 2:04 PM Subject: [openssl.org #641] AutoReply: Problem with include file !!! Greetings, This message has been automatically generated in response to the creation of a trouble ticket regarding: Problem with include file !!!, a summary of which appears below. There is no need to reply to this message right now. Your ticket has been assigned an ID of [openssl.org #641]. Please include the string: [openssl.org #641] in the subject line of all future correspondence about this issue. To do so, you may reply to this message. Thank you, - Hallo, I have trouble with the header files in openssl distribution and I would like to ask you for hints. I am compiling smime-0.7 util of Sampo and the compiling said errors with a non-existed member named req_kludge in X509_REQ_INFO structure in include/openssl/x509.h file. This happened with the openssl-0.9.7b distribution. If I do compile on other PC with openssl-0.9.6b-18 (RedHat 7.3), every things are ok. I compared the two header file (x509.h) of these distribtions and see that in the 0.9.6b-18, the structure X509_REQ_INFO has member int req_kludge but the version 0.9.7b hasn't. I don't know why they are diffirent and what req_kludge is for? And if I build other applications, what should I do to make these applications can be cross compile with diffirent openssl library? Hope to receive your hints as soon as possible. Thanks in advanced. Best regard, -- - Trinh Anh Tuan - CMO-CFTI/NACENTECH Ministry of Science Technologies Off. Tel.: (84-4) 8541197 - Off. Fax: (84-4) 8548187 CellPhone: (84) 913-323266 -- - __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Submitting a Patch
In message [EMAIL PROTECTED] on Tue, 10 Jun 2003 23:20:30 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said: levitte In message [EMAIL PROTECTED] on Tue, 10 Jun 2003 11:17:02 -0600, Verdon Walker [EMAIL PROTECTED] said: levitte VWalker BTW, the code won't compile because it does not find the include file levitte VWalker openssl/store.h which is referenced by engine.h levitte levitte Ah, yes, that's my project for tursday, to figure out why store.h levitte isn't copied along with all other public header files... With a hint from Stephen, I found what was missing. You can actually correct it yourself (the same way I did) by applying the following patch: Index: util/mkfiles.pl === RCS file: /e/openssl/cvs/openssl/util/mkfiles.pl,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- util/mkfiles.pl 15 Aug 2002 14:17:19 - 1.14 +++ util/mkfiles.pl 11 Jun 2003 04:46:08 - 1.15 @@ -53,6 +53,7 @@ crypto/ocsp, crypto/ui, crypto/krb5, +crypto/store, ssl, apps, test, This will be available in tomorrows snapshot. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]