Configuring with no-apps does not work either (even though it states
its skipping the directory):
$ ./config shared -no-ssl2 -no-ssl3 -no-comp -no-hw -no-engine
-no-apps --openssldir=/usr/local/ssl/android-14/
Operating system: i686-whatever-android
Configuring for android-x86
no-apps
Hi
I want to install OpenSSL 1.0.1e on my CentOS 6.4. I downloaded the souce
and built it by running
./config
make
make install
The make install is not installing libcrypto.so, libssl.so and openssl
binary into /usr/bin and /usr/lib64. I need it to be installed there.
Any advice?
Thanks
Rahul
On Wed, Jun 11, 2014 at 2:50 AM, Rahul Godbole rahulmg1...@gmail.com wrote:
Hi
I want to install OpenSSL 1.0.1e on my CentOS 6.4. I downloaded the souce
and built it by running
./config
make
make install
The make install is not installing libcrypto.so, libssl.so and openssl
binary into
Tried this. Still doesn't solve my problem. I still do not see 1.0.1g libs
being copied to /usr/lib or /usr/lib64.
I also tried installing from 1.0.1g RPM but the installation failed.
I already have 1.0.1e installed and want to upgrade to 1.0.1g. Any other
way out?
Thanks
Rahul
On Wed, Jun
On Wed, Jun 11, 2014 at 03:17:10AM -0400, Jeffrey Walton wrote:
The make install is not installing libcrypto.so, libssl.so and openssl
binary into /usr/bin and /usr/lib64. I need it to be installed there.
By default, the library is installed at /usr/local/ssl.
One can override the parent
On Wed, Jun 11, 2014 at 01:04:14PM +0530, Rahul Godbole wrote:
Tried this. Still doesn't solve my problem. I still do not see 1.0.1g libs
being copied to /usr/lib or /usr/lib64.
I also tried installing from 1.0.1g RPM but the installation failed.
I already have 1.0.1e installed and want
Hi Charles,
I was facing the same problem here. I did now quite get where to add the
'includes' code part in.
Can you suggest me more detailed steps to take?
I'm using nmake.exe and .mak to build from the visual studio command prompt
(2010).
Thank you.
Eirene
Charles Mills wrote
The
Hi,
I am trying to build openssl-0.9.8za with openssl-fips-1.2, but with no
luck. Came to know from release notes, that openssl-0.9.8za have know
compilation issues with FIPS. I got below statement from release notes
FIPS capable link failure with missing symbol
Adding further I already tried below to build openssl, I already built fips
libs with /tmp/_install path
/config fips --prefix=/tmp/_install --with-fipslibdir=/tmp/_install/lib
-DOPENSSL_NO_EC -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ECDH
It also gives below build error
../../include/openssl/ec.h:78:2:
Hi Stephen,
I understand it got fixed with development version. I tried it its working
fine. But I want to build 0.9.8za with FIPS, and release notes says it
could be done by compiling openssl without EC algorithms,can you point me
out how can I do that ?
-
Saurabh
On Tue, Jun 10, 2014 at 8:23
Hi All,
During linking my application with the OpenSSL FIPs, fipsld is invoked to embed
the digest and during runtime it is calculated and verified during
FIPS_mode_set.
Can you help me to understand if digest is calculated only for fipscanister
module or the entire application code?
My
On Wed, Jun 11, 2014, Saurabh Pandya wrote:
Adding further I already tried below to build openssl, I already built fips
libs with /tmp/_install path
/config fips --prefix=/tmp/_install --with-fipslibdir=/tmp/_install/lib
-DOPENSSL_NO_EC -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ECDH
It also gives
On Wed, Jun 11, 2014, Bala Duvvuri wrote:
Hi All,
During linking my application with the OpenSSL FIPs, fipsld is invoked to
embed the digest and during runtime it is calculated and verified during
FIPS_mode_set.
Can you help me to understand if digest is calculated only for fipscanister
I am trying to create an android app which can send sign and encrypted
mails using OpenSSL.
So far I am able to send Signed Emails and verify them using both web
browsers and my android apps.
Same is the case with Encryption and Decryption.
But now when I am trying to send signed+encrypted
Hey Jeff,
You might want to look at Arne Swabe's ics-openvpn.
https://code.google.com/p/ics-openvpn/
If you are just looking for how to compile for various android chip arch's.
He is using and Android.mk file which is a Make file that is specific to
Android, but if you know one you can figure
Thanks you very much for prompt info.
What could be the end-user effect if I start using openssl with no-ec ?
(sorry for a silly question !!)
-
Saurabh
On Wed, Jun 11, 2014 at 5:17 PM, Dr. Stephen Henson st...@openssl.org
wrote:
On Wed, Jun 11, 2014, Saurabh Pandya wrote:
Adding further I
On Wed, Jun 11, 2014, Zhang, Ping (Unisphere) wrote:
Added the command line used and the error.
perl Configure VC-WIN32 no-asm fips no-ec
--with-fipslibdir=C:\openssl_build\openssl-fips-1.2.4\out32dll
cl /Fotmp32dll\fips_premain.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3 /WX
/Gs0 /GF
Hi Matt,
Thanks very much!
I'm glad I'm on the right track in regards to EVP vs EC.
The signature is generated by a client program (also a 'c' program). What
is the format of a signature? How do I find out?
Just to confirm - whether it's ECDSA or RSA, for verification, we just get
the EVP_PKEY
Added the command line used and the error.
perl Configure VC-WIN32 no-asm fips no-ec
--with-fipslibdir=C:\openssl_build\openssl-fips-1.2.4\out32dll
cl /Fotmp32dll\fips_premain.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3 /WX
/Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN
On Wed, Jun 11, 2014, Jeffrey Walton wrote:
I'm working with OpenSSL 1.0.1h. I'm configuring for android-x86.
setenv-android.sh worked fine, and exported the following:
export MACHINE=i686
export RELEASE=2.6.37
export SYSTEM=android
export ARCH=x86
export
Added the command line used and the error.
perl Configure VC-WIN32 no-asm fips no-ec
--with-fipslibdir=C:\openssl_build\openssl-fips-1.2.4\out32dll
cl /Fotmp32dll\fips_premain.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3 /WX
/Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN
Hi guys,
I know 0.9.7 is no longer under development, but for various reasons, I have an
app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
Thanks,
ScottN
__
OpenSSL Project
On Wed, Jun 11, 2014, Scott Neugroschl wrote:
Hi guys,
I know 0.9.7 is no longer under development, but for various reasons, I have
an app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
I think you mean CVE-2014-0224. Yes it is vulnerable as an
Hello list,
given that I'm developing a custom client-server application that
communicates via TLS, I decided to zero-out all options since I don't care
about backwards compatibility and heterogenous clients like browsers by
doing:
SSL_CTX_clear_options(ssl_ctx,
On Wed, Jun 11, 2014 at 04:09:47PM +, Scott Neugroschl wrote:
I know 0.9.7 is no longer under development, but for various
reasons, I have an app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
There are I expect many unresolved issues (even if not
On Wed, Jun 11, 2014 at 07:24:05PM +0200, Dimitrios Apostolou wrote:
Hello list,
given that I'm developing a custom client-server application that
communicates via TLS, I decided to zero-out all options since I don't care
about backwards compatibility and heterogenous clients like browsers
The subtle issue is that some option settings *enable* behavior, and some
option settings *disable* behavior. You can just set/clear them all and really
expect something good to happen.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me;
From Victor:
On Wed, Jun 11, 2014 at 04:09:47PM +, Scott Neugroschl wrote:
I know 0.9.7 is no longer under development, but for various reasons,
I have an app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
There are I expect many unresolved issues
AARGH.
You *cannot* just set or clear them all...
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Salz, Rich
Sent:
On Wed, Jun 11, 2014 at 07:07:09PM +, Scott Neugroschl wrote:
We are aware of this, and are looking to upgrade. Does anyone
have a recommendation as to 0.9.8 vs 1.0.0 (1.0.1 is too bleeding
edge)? If you have a recommendation, may I ask what led you to
choose that path?
I would
On Wed, Jun 11, 2014 at 03:15:06PM -0400, Salz, Rich wrote:
You *cannot* just set or clear them all...
Except that SSL_OP_ALL is implicitly recommended, while no options
is the default. This said SSL_OP_ALL is a compile-time constant,
which is a bit of a nuisance when the run-time library has
Following page mentions about known issues with OpenSSL 1.0.1h and OpenSSL
1.0.1i in progress:
OpenSSL: OpenSSL 1.0.1 Release Notes.
OpenSSL: OpenSSL 1.0.1 Release Notes.
OpenSSL 1.0.1 Branch Release notes
The major changes and known issues for the 1.0.1 branch of the OpenSSL
toolkit are
Following page mentions about known issues with OpenSSL 1.0.1h and OpenSSL
1.0.1i in progress:
http://www.openssl.org/news/openssl-1.0.1-notes.html
What is the expected timeline for OpenSSL 1.0.1i release?
Thanks
__
Hi,
I would implement an OpenSSL Server which can handle authentication
initiated by 2 client certificates issued by 2 CAs:
Client1 CA1 Root1
and
Client2 CA2 Root2
Please how to achieve mutual authentication using some APIs:
- X509_STORE_add_cert
- SSL_CTX_add_extra_chain_cert
-
34 matches
Mail list logo