No it is exc-c14n ( http://www.w3.org/TR/xml-exc-c14n/ ) not c14n
http://www.w3.org/TR/xml-exc-c14n/
AndrewHartley wrote:
Yes I did c14n the entire XML. I'll give the XSLSec library a go, thanks.
Richard Salz wrote:
It would help a great deal if you posted a sample signature. Did you
been made in determine what is wrong.
Anyway, I think you will find the current trunk snapshot to be a
better reference.
Just wanted to stop using MS compiler... :)
Best Regards,
Alon Bar-Lev.
On 6/26/07, Roumen Petrov via RT [EMAIL PROTECTED] wrote:
I would like to propose following patch
/29/07, Roumen Petrov via RT [EMAIL PROTECTED] wrote:
Please find attached file openssl-mscrypto-20070625.tar.gz with
openssl engine that can use keys from windows key-store. The engine can
work with external keys too.
Source is for openssl version 0.9.8 and mingw build require openssl
source
Alon Bar-Lev wrote:
SNIP
There is also an issue of resources prompt (passphrase, token) and a
small issue of object serialization in engine interface.
If I remember well, smart card proprietary software will ask for
password when is necessary.
This should be part of engine API as well... So
Chris,
the one-makefile build in 0.9.8 is broken.
If you like to go in this direction you should find target files: in
crypto/x509/Makefile and to replace Makefile.ssl with Makefile. Next add
new options(as example Mingw32-unix) in util/mk1mf.pl:
=
--- util/mk1mf.pl.ORIG
[EMAIL PROTECTED] wrote:
I have applied both the patch from Roumen Petrov and the Fixup from Alon
Bar-Lev.
I don't have a mingw environment to actually verify the correct
operation. Please check out the next snapshot and verify that everything
is working now as expected.
Best regards,
Lutz
Victor Wagner via RT wrote:
Found in current CVS HEAD (05/13/2008 16:00)
Shared build of OpenSSL for Windows platform involves executing of
file util/mkdef.pl to creates .def file for each shared library.
This file specifies what symbols are exported from the library.
Script mkdef.pl expects
Victor B. Wagner wrote:
On 2008.05.13 at 22:10:12 +0300, Roumen Petrov wrote:
[SNIP]
But util/mkdef.pl parse OPTIONS in top Makefile.
Therefore, it does it incorrectly.
I've encountered real errors doing build
with
./Configure mingw shared zlib --cross-compile-prefix=i586-mingw32msvc
[EMAIL PROTECTED] wrote:
-
typedef struct ocsp_response_st OCSP_RESPONSE;
within openssl/ossl_typ.h collides with
#define OCSP_RESPONSE ((LPCSTR) 67)
within WinCrypt.h, a windows header file (Microsoft Windows SDK 6.0A).
There are work-arounds, but the compiler errors led to a few
Hi Stefan,
[EMAIL PROTECTED] via RT wrote:
Hi,
I just tried to compile OpenSSL-0.9.8h with mingw-w64 (see
http://sourceforge.net/projects/mingw-w64/) and needed a couple
of changes to the source code (see attached patch).
Some notes:
- I added a mingw64 line to Configure and
Ger Hobbelt wrote:
On Tue, Jun 3, 2008 at 12:32 PM, [EMAIL PROTECTED] via RT
[EMAIL PROTECTED] wrote:
- windows.h apparently includes wincrypt.h (no idea whether that's
specific to that compiler, but it seems so ...), so I needed to
#undefine a couple of names messed up by wincrypt.h
[EMAIL PROTECTED] wrote:
Hi,
5. Added -DWIN32_LEAN_AND_MEAN and drop the conflict undef of x509.h
While I don't mind having to compile the library itself with special
flags, the above implies that every _user_ of OpenSSL who includes
x509.h has to either use -DWIN32_LEAN_AND_MEAN
Alon Bar-Lev via RT wrote:
[SNIP]
For some strange reason perl reports that symlinks are available
under msys, while it cannot create symbolic link when the to
is not reachable from cwd.
May be I can access a msys environment next week :( .
It is save to assume that msys don't support
Alon Bar-Lev via RT wrote:
On 10/31/08, Andy Polyakov via RT [EMAIL PROTECTED] wrote:
Could you please test the other suggested bn_lcl.h modification? While
you're on it...
[SNIP]
Attached is a new patch.
Thanks!
Alon.
Why mingw64 ... -D_WIN32_WINNT=0x333 ?
This has to defined by
Alon Bar-Lev wrote:
Roumen?
mingw64 is merged now...
Please confirm this so we have mingw working again.
This is also affect the mingw64.
[SNIP]
Cross-compilation is fine only with additional changes in rand_egd.c
addressed in issue 1777.
Access to MSYS environment is still problematic.
Duplicate, see lists for solutions.
Roumen
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Some notes about patch:
- INSTALL.WCE
perl by MSYS what is this ?
If this is perl build from mingw32 project ? I can't found perl issue
in mingw32 bug tracker. Since the issue is not confirmed you can't write
that a package don't work.
- apps/ocsp.c
why extra include of winsock2.h? this
Alon Bar-Lev wrote:
Any luck?
On 11/6/08, Roumen Petrov [EMAIL PROTECTED] wrote:
Alon Bar-Lev wrote:
Roumen?
mingw64 is merged now...
Please confirm this so we have mingw working again.
This is also affect the mingw64.
[SNIP]
Cross-compilation is fine only with additional changes
Christopher Williams via RT wrote:
If I attempt to create a certificate with an expiry time after 2049 (so
that openssl will use a GeneralizedTime rather than a UTCTime for the
notAfter field), openssl actually generates a date in the past.
[SNIP]
Did HEAD work for you ?
Philip Prindeville via RT wrote:
The target:
[SNIP]
Also, in a cross-compiling environment, CC tends to default to the
target machine.
If you're building intermediate binaries to be run as part of the build
itself, these need to be indicated separately.
A common practice is:
Maarten Litmaath wrote:
Hi Stephen,
I can't see how anything could cause an issue with 85 CAs. The attached
descriptions imply it might be a mod_ssl issue (not reproducible with
s_server).
There is a bit more information now in our ticket:
https://savannah.cern.ch/bugs/?48458
Romain
David McCullough via RT wrote:
Jivin Stephen Henson via RT lays it down ...
This isn't really the way the config script was intended to be used. It
is supposed to auto detect the machine type and call Configure with the
appropriate target. If you want to cross compile you should call
Configure
Mark via RT wrote:
Hi there,
there are 2 points:
1 you have possibly heard already, as I discovered it from
https://www.wagner.pp.ru/~vitus/articles/openssl-mingw.html
is that to cross-compile for Mingw you need to comment the invocation of
is_msys() in Configure as it won't return the correct
Thor Lancelot Simon wrote:
Can I assume that any data returned when I access the DN of a peer's
certificate using OpenSSL are ASCII or UTF8?
No, see Howards posts.
If not, how do I tell
the difference?
I think I understand that DNs not encoded as UTF8String should not
have high-bit
Peter Quiring wrote:
Hi all,
I'm not sure if anyone else has done this before but I'm trying to get
openssl to compile using mingw 64bit.
I do a normal configure for mingw 32bit:
./configure zlib no-asm no-shared threads mingw
Hmm ... grep -i mingw Configure:
# MinGW
mingw, gcc:-mno-cygwin
The recent Configure may ignore cross-compile-prefix option. Its seems
to me env. var CROSS_COMPILE override it.
Roumen
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Roumen Petrov wrote:
The recent Configure may ignore cross-compile-prefix option. Its seems
to me env. var CROSS_COMPILE override it.
And BUILDENV form Makefile still contain ..
CROSS_COMPILE_PREFIX='$(CROSS_COMPILE_PREFIX)' ..
so later build fail with ... windres: command not found -
see
Alon Bar-Lev via RT wrote:
The following is required in order to make beta4 compile using mingw (w64).
Every time there is #includewindows.h some symbols should be removed.
Also, there is no need to #includewindows.h if e_os2.h was included.
[SNIP]
diff -urNp
Quoting of DEVRANDOM after DOS DJGPP changes in crypto/rand/rand_unix.c
my break all other platforms, except OpenBSD.
Result is file with name DEVRANDOM instead of list defined in e_os.h.
The test case:
=
#include string.h
#include
Kurt Roeckx wrote:
Hi,
I've attached a patch that fixed a warning about the arguments to
a printf function. strlen() returns an size_t, so it should have
the z modifier.
Is the patch tested on windows ?
z modifier - I'm not sure that this is portable.
[SNIP]
Gisle Vanem wrote:
As the comment in b_print.c says;
As snprintf is not available everywhere, we provide our own
implementation
So we should use BIO_snprintf() in apps/s_client.c and ssl/ssltest.c.
The other patch to ssltest.c fixes the missing newline problem under DOS
and Windows. Patch
Bruno Kozlowski via RT wrote:
[SNIP]
The resulting mailfile has mixed EOLs: Most lines end in LF, but
3 lines end in CRLF:
| $ cat -A mailfile | grep \^M
| Content-Type: text/plain^M$
| ^M$
| some text^M$
I think that this is correct - EOL for emails(headers, empty line, body) is
CRLF,
David Schwartz wrote:
An object may be the type of its last cast -- but it also can't
exactly lose the benefit/cost of being cast to a pointer to an
undefined type. As soon as you undefine the type of a pointer, it
loses the remnant of ever having had the initial type in the first
place.
Hi Alon,
Alon Bar-Lev via RT wrote:
Hello,
I use i686-w64-mingw32...
We discussed this in past (I think) LEAN_AND_MEAN was added to win64
but not win32.
As w64 compiler much more complete and maintained I use it to compile
win32 as-well.
Alon.
On Tue, Jan 12, 2010 at 11:14 PM, Roumen Petrov
NARUSE, Yui wrote:
Hi,
(2010/01/12 9:38), Dr. Stephen Henson wrote:
On Mon, Jan 11, 2010, NARUSE, Yui wrote:
So I request X509_STORE_set_default_paths call this.
When this is merge, both Unix user and Windows user can use
[SNIP]
Thank you for your comment.
So I rewrite my patch as you
brown wrap wrote:
I have several programs that I am trying to compile and they compile due to
openssl As an example in trying to compile gobject-introspection-0.6.8, after
the configure, the make fails:
File
William A. Rowe Jr. wrote:
On 3/16/2010 4:53 PM, Kees Dekker wrote:
* I saw a lot of NT4 code.
What NT4 code? You must be referring to _WIN32_WINNT macro
sometimes set
to 0x400. It does not denote NT4-specific code, it denotes
that NT4 is
required *minimum*. Meaning that it targets *all*
Kaspar Brand via RT wrote:
When using -nameopt with the x509/req/ca commands, OpenSSL will
currently abort the output if no sep_xxx option is provided. Examining
the certificate from https://rt.openssl.org with openssl 509 -noout
-text -nameopt utf8 e.g. gives
Certificate:
Data:
Ray Satiro wrote:
Third time's the charm, hopefully...
--
Without this patch the make will error with Pick one target type from and a
list of assembler types.
mingw32-make: *** [tmp\x86cpuid.asm] Error 1
--
I had to make some changes to compile OpenSSL 1.0.0 (3/29/10) using MinGW. The
Hello all,
Check-in [19505] and [19557] cryptlib.c: allow application to override
OPENSSL_isservice adds call for GetProcAddress with argument name of
function that start with underscore.
The function OPENSSL_isservice is specific for windows platforms and on
those platforms in not well
M.-A. Lemburg via RT wrote:
An application that only includes openssl/ssl.h from OpenSSL
1.0.0 and doesn't use winsock.h will run into problems on Windows,
since the dtls1.h header file includes the winsock.h header file long
after the ossl_typ.h header file was loaded.
What about to define
Guenter via RT wrote:
Hi,
it seems that all native MingW32 versions (tested with MingW32 4.50)
lack of stuff to compile e_capi.c:
[SNIP]
make[1]: *** [e_capi.o] Error 1
make[1]: Leaving directory `/d/openssl-1.0.0b/engines'
Therefore I've added some more define tests to OpenSSL 1.0.0b
Stephen Henson via RT wrote:
[open...@roumenpetrov.info - Thu Feb 03 16:36:58 2011]:
The mingw cross-build of current HEAD(2011-01-31) fail :
WARNING: mkdef.pl doesn't know the following algorithms:
NEXTPROTONEG
Creating library file: libcrypto.dll.a
Cannot export FIPS_dh_free: symbol
Andrey Kulikov via RT wrote:
Hello,
Please find file attached: server_cert_from_engine4.patch
This is a patch to allow loading server SSL certificate by ENGINE.
[SNIP]
After applying this patch s_server will accept -certform ENGINE option.
This patch supplied by Stonesoft Corporation, who
Darryl Miles wrote:
[SNIP]
Tried using:
ms\mingw32.bat
[SNIP]
Try with ./Configure mingw .
Roumen
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Darryl Miles wrote:
Roumen Petrov wrote:
[SNIP]
I have tried using perl Configure mingw ... manually but I have not
been able to find a combination that works to produce a usable
Makefile that mingw32-make.exe (a version of GNU Make) can use.
May be issue is to find working version of mingw
Marc Wäckerlin via RT wrote:
Hi OpenSSL
I managed to Cross Compile OpenSSL on Linux so that I can develop OpenSSL
applications that run on Windows entireliy inside a Linux build environment.
It even builds the executables and the DLLs on Linux.
Please add my changes to the official Configure
Nick Lewis via RT wrote:
The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not work
correctly for some combinations of ctx-chain, x and issuer. For example when
the cert x is in the chain at a location other than the top, a path loop is
incorrectly declared. Also if the
Hi Dmitry,
Dmitry Belyavsky wrote:
Greetings!
During the 1.x version the current scheme of
algorithms providing through engines was implemented.
Debugging our (Cryptocom LTD) engines, I’ve found some troubles in the
way it works, please tell me
where I’m mistaken.
Openssl is configured with
Nick Lewis via RT wrote:
Roumen
Thank you for looking at the patch
[SNIP]
+ if (issuer_num (issuer_num x_num))
Please find a corrected version below
Best Regards
Nick
[SNIP]
With update version i confirm that regression test of a software now
pass with OpenSSL HEAD
Dmitry Belyavsky wrote:
Greetings!
On Thu, Sep 22, 2011 at 3:00 AM, Roumen Petrov
open...@roumenpetrov.info wrote:
[SNIP]
What is result if register__gost methotds are moved from bind to init ?
Double-free occurs too.
The
openssl speed -engine gost -evp gost89
is successful
Hi,
One of the changes is past week is to not enable ... sorry I remove
diffs files and I cannot remember exact change (file, date, etc)...
Result is that now regression test in head fail with :
...:error:04075070:rsa routines:RSA_sign:digest too big for rsa
key:rsa_sign.c:119:
One of recent changes is Add DTLS-SRTP negotiation from RFC 5764.
After update build fail for HEAD . The simple solution is to move
function declarations from srtp.h to tls1.h
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
int SSL_set_tlsext_use_srtp(SSL *ctx,
be
verified only with 1.0.1 and verification fail with earlier version.
Issue with certificates apply to CRLs
Regards,
Roumen Petrov
P.S. high level log with test case failure:
=== entering .../origin+x509-7.1x-0.9.8t/...
... testing with OpenSSL 0.9.8t 18 Jan 2012 ...
testid_rsa-rsa_mdc2.crt
Dr. Stephen Henson wrote:
On Wed, Feb 01, 2012, Roumen Petrov wrote:
[SNIP]
Looking into this there is a long standing incompatibility between
various functions that use mdc2 for signatures. Since SSLeay the
function RSA_sign() using mdc2 as an argument uses a DigestInfo
structure whereas
Dr. Stephen Henson wrote:
[SNIP]
Should be fixed now, see:
http://cvs.openssl.org/chngview?cn=22124
to make OpenSSL understand both formats when verifying and:
http://cvs.openssl.org/chngview?cn=22126
to use the same format as older versions of OpenSSL when creating signatures.
10x . I confirm
the build GCC 4.6.1 warn user for
bad cast and that application will terminate it code is reached.
I note this on 64-bit platform with gcc 4.5.2 and as Steve suggest I
switch to 0.9.8x fips build.
Regards,
Roumen Petrov
Hi Dmitry,
Dmitry Belyavsky wrote:
Greetings!
What is the correct way to get the ENGINESDIR value It is defined in
opensslconf.h but it is not enough to include opensslconf.h to get it
defined.
Why engine directory for openssl configuration is so important ?
Engine installation may depend
Kevin Vargo via RT wrote:
Some minor updates to the openssl.spec: wrapping ifarch around the various lib
dirs to get the right files in the right places.
See attached diff
Configure script and spec are not consistent regarding multilib. It
seems to me spec file should use libdir script
Leandro Santiago via RT wrote:
I'm trying to compile openssl 1.0.1 (but I also tested the 1.0.0) on
mingw-w64 (gcc 4.7), but I'm having errors.
I tested in three configurations: Ubuntu 11.04 32-bit, Kubuntu 11.10
64-bit and Windows 7 32-bit having the same errors.
The command line I used was:
Dr. Stephen Henson wrote:
On Wed, Apr 18, 2012, Erik Tkal wrote:
Any takers? Should I be able to build a FIPS-capable OpenSSL and have some of
the implementation be provided via an ENGINE (e.g. let's say I have a hardware
module to perform AES) but some by the OpenSSL FIPS canister? Or is
Hello OpenSSL developers.
I could not understand *Check-in [22619]* Reduce version skew in
openssl 1.0.1 stable branch. May be this version adds some useful
improvements but FIPS build(compile) is broken. I wonder what is policy
to update 1.0.1 stable branch.
After remove of #include
Stephen Henson via RT wrote:
I've finally had time to look into this. Please see if this fixes the issue:
May be is not related, but this engine lack call of
ENGINE_register_pkey_asn1_meths . It seems to me without this
registration initialization is different . If engine configuration is
Hi,
FIPS enabled build fail at same line.
Brad House wrote:
It appears there is a major regression with OpenSSL 1.0.1d over
1.0.1c. I've narrowed it down to setting a custom cipher
list I think as if I do not set a cipher list, the issue does
not occur.
I have reproduced the issue with the
cannot be executed as makefile lack suffix for dependent
executables . Please find attached proposed fix
0001-use-EXE_EXT-in-dependecies.patch.gz .
Regards,
Roumen Petrov
0001-use-EXE_EXT-in-dependecies.patch.gz
Description: GNU Zip compressed data
0002-use-ULL-for-GCC-instead-MSC-specific
Hello,
According the current version scheme 1.0.2 retain binary compatibility.
In this case is expected external application linked 1.0.1 to work with
1.0.2 without modification.
It seems to me now FIPS build retain binary but lost functional
compatibility. For instance EVP_dss1 could be
lookup:unable to get local issuer certificate
2
===
There is extra error with code 20. This may break external applications
with custom verification callback.
For historic reasons exit code of openssl verify command is not used and
to me this is not so important.
Regards,
Roumen Petrov
set of flags as 'separator' is required.
Pages x509 and X509_NAME_print_ex could be updated to detail that
'separator' flag is required.
Regards,
Roumen Petrov
__
OpenSSL Project http
in script.
[SNIP]
OPENSSL_NO_STORE
Also removing the code?
Regards,
Roumen Petrov
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Dr. Stephen Henson wrote:
On Sat, Oct 17, 2015, Roumen Petrov wrote:
Hello,
After embed some attributes OCSP in master stop to work.
The current status is the client comment report "Cert Status:
unknown" and "Nonce Verify error" for X.509 certificates used in my
ssh reg
nown version to work is
"47c9a1b5096be684c18335137284f0dfcefd12d6 : embed support for ASN1_STRING"
(optionally with "Appease gcc's Wmaybe-uninitialized" if build fail due
to pedantic compiler flags).
First regression is from "af170194a88d6127d447bea826845c23ca192727 :
embed OCSP_CERTID&q
patch" - note that index
CRYPTO_EX_INDEX is with gap in numbering but I would like patch to be
minimal.
I would like to request external applications to be able to change
method - see attached patch "0009-access-EC_KEY-method-property.patch".
Regards,
:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Thu, 3 Dec 2015 23:43:24 +0200
Subject: [PATCH 01/15] __STDC_VERSION__ is not defined for c89 compilers
---
include/openssl/e_os2.h | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/openssl/e_os2.
Hello,
After modification OPENSSL_strlcpy is declared twice.
Regards,
Roumen
>From 5f5b81e162eae025dcc40a7074a973621c7dac33 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Mon, 21 Dec 2015 18:45:06 +0200
Subject: [PATCH 02/15] redundant rede
eth);
pkey_rsa->engine = eng;
ENGINE_up_ref(eng);
Let me know how to proceed with this request.
Roumen Petrov
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
d. Windows modification is similar.
Roumen
>From a7e0111eea1ef51d62a673e8511e9017945c2780 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Sat, 21 May 2016 10:29:51 +0300
Subject: [PATCH 2/2] make templates: prepend path to source headers
---
Configurations
Hello,
With master branch my ssh ocsp tests start to fail again.
The program code call BIO_new_connect("127.0.01") and then parsing of
'name' crash.
Please find attached proposed patch.
Roumen
>From 65f29abcce374e3ceddc93f2854493f1839eb305 Mon Sep 17 00:00:00 2001
From: Roumen
Richard Levitte wrote:
That patch just got merged into master, commit
80926502986a97eed53afe1d85fc074e40829547
10x
It seems to me #4296 is second report.
Cheers,
Richard
In message <56b718f3.9070...@roumenpetrov.info> on Sun, 07 Feb 2016 12:14:11 +0200,
Roumen Petrov
Hello,
I just finish tests with new initialization methods. Memory detection
tool report a number of memory leaks.
Startup code is:
OPENSSL_init_crypto(
OPENSSL_INIT_ENGINE_ALL_BUILTIN |
OPENSSL_INIT_ADD_ALL_CIPHERS |
OPENSSL_INIT_ADD_ALL_DIGESTS |
Hello,
The current master branch does not create shared libraries. Attached
patch restore build with gnu tools.
Regards,
Roumen Petrov
>From 2c3d122965a0a6a0b8b2ae3188b7c16658e5a57a Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Tue, 23 Feb 2016
Hello,
OPENSSL_config with NULL argument crash in master branch.
Please find attached file with proposed patch.
Regards,
Roumen
>From f6eee9281567e47ae23383c527845cc4a897d195 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Fri, 12 Feb 2016 22:18:59 +020
Brad House wrote:
It appears OpenSSL 1.0.2g introduced a regression when attempting to run
'make test' on a fips-enabled build on linux. When compiling without FIPS, the
tests pass as expected. However, with fips turned on, "make test" fails
when trying to use ssl2 it appears. Running 'make
Hello ,
It seems to me unified build system work quite well with simultaneous
build jobs.
I would like to report a minor issue - I have to run make 3 times until
all decencies are resolved. Second make rebuild about 450 items. Third
time only speed is rebuild.
The build is in a clean source
xit () from /lib64/libc.so.6
#11 0x0041cf5d in main (argc=, argv=out>) at apps/openssl.c:361
(gdb)
My build is based on commit 603358de576217812cb3d752e97c78e476cdc879
-plus remaining modifications from issue "#4207 engine key format in 1.1"
Regards,
Roumen Petrov
Roumen Petr
Hi Matt,
Matt Caswell wrote:
Hi Roumen
On 10/03/16 22:21, Roumen Petrov wrote:
Hello,
With new thread model in some configurations openssl hands on unload of
engine.
I just pushed commit 773fd0bad4 to master which should hopefully resolve
this issue.
It seems to me hang is resolved after
Hello ,
Issue 4436 report only ECDSA_SIG_get0 but DSA is the same.
Perhaps DSA_SIG_get0 could use constant signature pointer.
Stephen Henson via RT wrote:
Fixed now. Closing ticket.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available
Hi
With current master "corrupted double-linked list" disappear but error
still exist, see below
Roumen Petrov wrote:
[SNIP]
Stack trace
*** Error in '/apps/openssl': corrupted double-linked list:
0x006de730 ***
^C
Program received signal SIGINT, Interrupt.
0x7f
Hi,
Currently access to engine member is available for some keys:
$ grep -r get0_engine include/
include/openssl/dh.h:ENGINE *DH_get0_engine(DH *d);
include/openssl/dsa.h:ENGINE *DSA_get0_engine(DSA *d);
include/openssl/rsa.h:ENGINE *RSA_get0_engine(RSA *r);
Please add function for EC_KEY.
If
Hi,
Please see attached file
0003-build-with-defined-ENGINE_REF_COUNT_DEBUG.patch .
If ENGINE_REF_COUNT_DEBUG is defined build fail. Proposed patch resolve
issue.
Regards,
Roumen
>From 3db4a9eb01f6caf1c59c50d8f6a3f6ec73cc71df Mon Sep 17 00:00:00 2001
From: Roumen Petrov &l
umen
>From 32b59c4406581d9e0418ba9b61a1abe2044468ff Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Sat, 16 Apr 2016 19:10:19 +0300
Subject: [PATCH 4/4] remove defines X509_STORE_set_verify_... as context is
now opaque
---
include/openssl/x509_vfy.h | 3 ---
1 file changed, 3
Hi Openssl developers,
Recent modification to X509... structures prevent external
implementation of X509_LOOKUP_METHOD.
Main issue that 1.1beta5 is not usable. A lot of X509... structures are
now opaque, but there is no access neither memory management functions.
I hop that soon will be
blic part between get0 and
set0 key methods.
For protocol "0009-sshkey.c-opaque-DSA-structure.patch" is practical
sample of an upgrade to 1.1 API. RSA is similar.
Cheers,
Richard
Roumen
>From 57d17bdf3ef9975b6f09a597557843943909b5b9 Mon Sep 17 00:00:00 2001
From: Roumen Petr
Hi Rich,
Salz, Rich wrote:
Can you look at https://github.com/openssl/openssl/pull/1044 and see if it
addresses the issues?
Yes.
May be with some definitions for backward compatibility. I mean for
renamed pre 1.1 functions - with inserted ..._CTX into name of :
-
Salz, Rich wrote:
Can you look at https://github.com/openssl/openssl/pull/1044 [SNIP ]
I pushed a new version that adds your feedback.
10x, it's fine by me.
Roumen
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi Rich,
Scope of my request is "use of a lookup method".
Salz, Rich wrote:
You need
(1)
I test port to current openssl code with following definitions
X509_OBJECT_new() and X509_OBJECT_get0_X509_CRL. :
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index ff64821..8547b0d
Rich Salz via RT wrote:
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
Resolved?
Hmm, how to implement X.509 lookup method with 1.1+ API?
Regards,
Roumen Petrov
--
openssl-dev mailing list
Hi Richard,
Richard Levitte wrote:
Hi,
I've some ponderings that I need to bounce a bit with you all.
Some have talked about replace the X509_LOOKUP_METHOD
X.509 lookup method could return certificate , revocation list or
EVP_KEY (structure x509_object_st).
Unfortunately functionality of
means that the key_id is actually a bio
pointer.
I'm not sure that is good idea to pass pointers between loadable
modules. It could be used if there is no alternative. In this case URN
format for could inform engine how to load key.
[SNIP]
Regadrs,
Roumen Petrov
--
openssl-dev mailing list
Salz, Rich wrote:
[SNIP]
I posted yesterday, what's your config. I standard config/make does
not do this for me.
For instance:
CONFIGURE_ARGS=--prefix=... -DOPENSSL_NO_BUF_FREELISTS shared no-ssl2
no-ssl3 zlib-dynamic enable-gost enable-unit-test linux-x86_64
Roumen
--
openssl-dev mailing
HI Richard,
Richard Levitte wrote:
In message<58472e4f.3010...@roumenpetrov.info> on Tue, 06 Dec 2016 23:31:59 +0200,
Roumen Petrov<open...@roumenpetrov.info> said:
openssl> Hi Richard,
openssl>
[SNIP]
openssl> > Check. My STORE branch is made to support that
1 - 100 of 156 matches
Mail list logo
