RFC 8002 (with a null subjectName), but a CA cert MUST have a non-empty
subjectName.
Non-empty subjectName or non-empty commonName within the subject name?
Shrug. Doesn't matter, I guess. Just populate it with the string version of
the HIT name, something like
CN=IP Address
On 14/08/2019 04:55, Robert Moskowitz wrote:
I am fiddling around with an intermediate CA signing cert that the
CA's 'name' is it HIP (RFC 7401) HIT which is a valid IPv6 address.
Actually a Hierarchical HIT as in draft-moskowitz-hierarchical-hip (to
be revised soon).
For a client cert, it
s negative).
One possible fix: Change "char *ptr = buf;" to "unsigned char *ptr = buf;",
then you should get the expected output.
Regards,
Andrew.
From: openssl-users [mailto:openssl-users-boun...@openssl.org]
On Behalf Of Venkata Veldanda via openssl-users
On 09/08/2019 23:21, Felipe Gasper wrote:
On Aug 9, 2019, at 3:42 PM, Osama Mazahir via openssl-users
wrote:
Is there a way to serialize and deserialize the ssl_st state (i.e. including
any child objects)?
Background: I would like to handoff all the SSL state (along my own managed state
M, Osama Mazahir via openssl-users
> wrote:
>
> Is there a way to serialize and deserialize the ssl_st state (i.e. including
> any child objects)?
>
> Background: I would like to handoff all the SSL state (along my own managed
> state, file descriptors, etc) to ano
had its handshake completed, app data
flow had already occurred (i.e. it is not a new or early'ish context). So,
trying to see if it is possible to serialize the openssl state, shove it
through a unix domain socket to the target process and then have the target
process unpack the openssl state
Hi Experts,
I am using openssl 1.0.2
I recently moved my app from a PPC to x86 platform (application is compiled on
the respective platform) where I met an issue with BIO_read().
I read a 20bytes of data using BIO_read like following..
int res = BIO_read(bio, buf, 20);char *ptr = buf
> (why doesn't it use SSL_get_ex_data_X509_STORE_CTX_idx() instead of 0?).
History; OpenSSL reserved some exdata indices for itself.
Hi All,
I have a query related to getting thetemporary key used during the key
exchange. As a TLS client, I am able to getthe key using the API
SSL_get_peer_tmp_key().
But when acting as TLS Server, I usedAPI SSL_get_tmp_key(). ThisAPI is
returning the temp key for TLS1.3 ciphers but for
* Had to downgrade the OpenSSL used in an application from 1.1.0k to 1.0.2s.
That’s too bad, given 1.0.2 is going to become unsupported at year-end. Was it
because the application wasn’t ready to handle opaque structures?
>Due to this I have to remove the usage of OPENSSL_thread_s
>At the bottom of the man page for x509 it states the following:
The hash algorithm used in the -subject_hash and -issuer_hash options
before OpenSSL 1.0.0 was based on the deprecated MD5
algorithm and the encoding of the distinguished name. In OpenSSL 1.0.0 and
later it is ba
If looking for the location where the running program's top level file
(such as openssl.exe or
some-program-loading-an-openssl-using-plugin.exe),
use that same call but pass NULL for the hinstance parameter.
3. If looking for the system-wide secured "/etc" directory, use the
GetSys
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [30 July 2019]
Windows builds with insecure path defaults (CVE-2019-1552)
==
Severity: Low
OpenSSL has internal defaults
>Sadly, I can not make use of the "no-shared" option as I still need the
shared libraries to be built.
Statically linking against files built for shared libraries is possible on many
platforms (link against the .a even though .so exists), but not all platforms.
You can always build
>that the setenv-android.sh script doesn't account for 64 bit architectures.
Correct. The current FIPS module has not been modified for quite some time,
and your platform is not supported.
If you cannot follow the steps *exactly* you cannot claim FIPS validation. The
OpenSSL proj
I’d be VERY
appreciative!
This is what I’m seeing:
--- Using OpenSSL v1.1.1c to enable TLS on Port 8902 ---
C:\OpenSSL-Win64\bin>openssl s_server -port 8902 -4 -certform PEM -cert
"C:\OpenSSL-Win64\bin\PEM\test.cer" -cert_chain
C:\OpenSSL-Win64\bin\PEM\DigiCertTrustChain
Ectest has been broken for quite some time. What are the plans to get it fixed?
* Why the support for Heart beat extension is removed from openssl.
It’s intended use was to check MTU along the path. That is not very useful any
more.
* How to handle abnormal disconnection in DTLS?
You should be able to detect time-outs and “failure to close” in your
application.
> It seems to me that the easiest thing to do is maintain that release of
OpenSSL by themselves.
>Which would be another variation of such unofficial work.
You could look at things like that. I consider it to be more like "your free
FIPS ride is done, tim
On 08/07/2019 10:12, Dr Paul Dale wrote:
I have to disagree with the “decision not to make a FIPS module for
the current 1.1.x series” comment. Technically, this is true. More
practically, 3.0 is intended to be source compatible with 1.1.x. Thus
far, nothing should be broken in this
utside
the cryptographic boundary, the soon-to-be-deprecated OpenSSL 1.0.2
library just being the normal default.
You are correct. My statement, which was technically incorrect, is more likely to be realistic :)
The point is that some people may soon be in a desperate need to find a
FIPS-c
o-be-deprecated OpenSSL 1.0.2
>library just being the normal default.
You are correct. My statement, which was technically incorrect, is more likely
to be realistic :)
>The point is that some people may soon be in a desperate need to find a
FIPS-capable replacem
>Is the use of OpenSSL an actual legal requirement of the certification of
the FIPS object module, or just the easiest way to use it?
I'm not sure who you are asking this.
The exiting FIPS validations for OpenSSL only cover the 1.0.2 based source code.
>Difference
Is the use of OpenSSL an actual legal requirement of the certification of
the FIPS object module, or just the easiest way to use it?
Difference would be particularly significant in case someone created code
to use the validated FOM 2.0 module with the OpenSSL 1.1.x feature
enhancements
Hi
Are we expect to loose the TLS_1.3 security capability if we configure the
openssl-1.1.1b security level to -DOPENSSL_TLS_SECURITY_LEVEL=0 ?orin other
words, does it makes TLS_1.3 backwards compatible ?orwe are not using TLS_1.3
if we configure like this.
ThanksSyed
Didn’t you just ask this question? :)
If you followed the Win32 build instructions *exactly* and you build your
application to turn on FIPS mode and link against the canister, then yes.
If you made changes to the process, then no.
On 02/07/2019 22:13, Larry Jordan via openssl-users wrote:
I want to build an openssl-fips canister to force IANA cipher suite
compliance.
With the help of an openssl-iana mapping
(https://testssl.sh/openssl-iana.mapping.html) I can identify the
corresponding OpenSSL cipher suites
I want to build an openssl-fips canister to force IANA cipher suite compliance.
With the help of an openssl-iana mapping
(https://testssl.sh/openssl-iana.mapping.html) I can identify the corresponding
OpenSSL cipher suites.
IANA
>I see those macros, but ... is there any documentation?
No.
>I'm attempting to build our RHEL 7 based product on RHEL 8 and running
> into a lot of changes from openssl 1.0.2k-fips (RHEL 7) to 1.1.1 FIPS (RHEL
> 8). I haven't found a good guide to adapting the sources to these changes.
Web search for "openssl opaque accessors"
Do I construct a sequence and add items to it - top down?
No, because then you have to go back and patch the sequence length and perhaps
slide everything up or down a copule of bytes.
I would look at an existing simple sequence and start writing your own based on
that; look for
Hi Is there any test application scripts bundled with openssl_1.1.1b ? If yes.
How to compile it.Is it possible use that test application to verify SSL
handshake ?
Thank youSyed
Sent from Yahoo Mail on Android
>Yes NetBSD cares about PARISC... We still build and run on it.
Thanks. The targets removed in that PR were for hpux-parisc.
e included from ../../../../vendor/openssl/crypto/ct/ct_b64.c:17:0:
../../../../vendor/openssl/crypto/ct/ct_locl.h:58:5: error: unknown type
name 'sct_version_t'
sct_version_t version;
^
../../../../vendor/openssl/crypto/ct/ct_locl.h:78:5: error: unknown type
name 'ct_log_en
I've develepted some windows server side socket in c
and want to add sni server name indication to support sni
but servername callback never called and cant get servername
is there any suggestion?
I've defined some functions for initializing ssl before main function:
void init_openssl()
>It depends on what you want to achieve. The top level template Makefile is
> in
Configureations/unix-Makefile.tmpl. Each individual directory contains a
build.info file which allows you to make per-directory changes to things
like
the sources to be compiled, etc.
And also
If you are adding new functions to the library, you need to
1A Make sure there is a prototype in one of the existing OpenSSL
header files;
OR
1B If your prototype is in a new header file, you will have to edit
Configurations/unix-Makefile.tmpl to pick up
AES128-SHA in the OpenSSL naming scheme).
This cipher is not being offered by firefox but is by chrome. It is striking to
note that although chrome is offering a whole list of ciphersuites offering
forward secrecy (i.e. all those including ECDHE/DHE), the server is instead
selecting a very old
As requested here are two captures attached: one successfully handshakes with
the server (chrome) and one fails the handshake (firefox).
I would be very grateful if anyone could shed some light on this.
the openssl version which is linked to my server/relay program is 1.0.2s
Thanks
/Patrick
... Presumably a check for proper KU on the client
certificate would be bypassed if the client cert is v1 - but then using a v1
certificate is another violation of RFC 5246 (7.4.2) that OpenSSL probably
should not enforce.
Yes, v1 certs would get a free ride. The reason to enforce KU
in client certs would
* The issue I have is that I don’t see ‘do_win64a’ within the ‘ms’
directory (I’m following build instructions here:
certificate and server accepting it.
Is this behavior valid and according to RFC ?
There's an overarching OpenSSL policy that certificate checks are
done exclusively by the relying end (for client certs, that's the
server), except when certified end is trying to choose from
multiple certificates.
Thus
OpenSSL cross-compilation defaults.
Successful exploitation requires stunnel to be deployed
as a Windows service, and user-writable C:\ folder. This
vulnerability was discovered and reported by Rich Mirch.
- OpenSSL DLLs updated to version 1.1.1c.
* Bugfixes
- Implemented a workaround
and good when the program works on the linux PC and the handshake
is succesful using the 0xc02f cipher. and that is linked to version 3.0.0 of
openssl.
on the embedded version, (linked with version 1.0.2s) firefox fails the
handshake with ssl_no_shared_cipher whereas chrome and safari do
was getting
it from the 'msg_callback_arg' of SSL pointer but in the openssl1.1.1, SSL
structure is no longer accessible.
On Sunday, 9 June, 2019, 8:27:46 pm IST, Jeremy Harris
wrote:
On 09/06/2019 11:31, shalu dhamija wrote:
> Hi All,In openssl 1.0.2, I was using SSL_CTX_set_msg_callback_
Assuming your OpenSSL library is already FIPS capable you need to build and
link with the FIPS container library enable the integrity check in your app.
Details are in section C.1 of the FIPS user guide at
https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
On Thu, Jun 6, 2019 at 2:34 PM Larry
, the following works, using SSL_check_chain() in the cert_cb. But it
fails in 1.1.1a:
apps/openssl s_server -xcert apps/server.pem -xkey apps/server.pem -nocert
Is there harm in setting the shared_sigalgs before cert_cb and resetting them
if SSL_set_SSL_CTX() is called? Basically what PR 7256 tried
Thanks.
I had a trailing backslash on a source list, and it gobbled up the next line
which was an INCLUDE directive.
Re: openssl-1.0.2r
Re: openssl-fips-2.0.16
OS: Linux Mint 19.1 (Ubuntu)
I have added a shared library initializer function to cryptlib.c to force
OpenSSL into FIPS mode, without requiring a “module operator” to directly
initiate (i.e. call FIPS_mode_set(1)).
void __attribute__((constructor
I am importing some code into openssl and getting a strange build error:
make[1]: *** No rule to make target 'crypto/bn/crypto/include.o', needed by
'libcrypto.a'. Stop.
Any common ideas on what to look for (e.g., missing header file, wrong INCLUDE
settings in build.info, etc) ?
On 03/06/2019 14:35, Chitrang Srivastava wrote:
Hi,
I am porting Openssl 1.1.1b for an embedded platform.
I see that EC folder generate some of function in assembly for e.g
These functions are generated based on environment like
x86-64/ppc/armv8 etc.
Is there any C version of these function
On 30/05/2019 02:10, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of J.
J. Farrell
Sent: Wednesday, May 29, 2019 15:02
On 29/05/2019 18:39, ramakrushna mishra wrote:
In Openssl 1.1.1, the file "rc4-ia64.pl" is missing. This cause d
On 28/05/2019 23:48, Steffen Nurpmeso wrote:
Jay Foster wrote in <84571f12-68b3-f7ee-7896-c891a2e25...@roadrunner.com>:
|On 5/28/2019 10:39 AM, Jay Foster wrote:
|> I built OpenSSL 1.1.1c from the recent release, but have noticed what
|> seems like a significant performance d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.1c released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1c of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.0k released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.0k of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.0.2s released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2s of our open
Hi All,In my application I am using OPENSSL_config(NULL); call to initialize
the configuration. But it seems from openssl-1.1.1 this call is deprecated and
we should use CONF_modules_load_file call.But it will be difficult to add new
configuration file for openssl within my application
Thanks Richard, this is what I was expecting. It worked.
Configure script is not showing this option.
Configuring OpenSSL version 3.0.0-dev for target
Using os-specific seed configuration
Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx]
[-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw
./Configure linux-arm64 *no-shared*
make
make install
Thanks,
Raveendra
*From:* Dr Paul Dale [mailto:paul.d...@oracle.com]
*Sent:* Thursday, May 23, 2019 12:10 PM
*To:* Raveendra Padasalagi
*Cc:* openssl-users@openssl.org
*Subject:* Re: Compiling openssl executable as static binary
Link
Hi,
Any help/pointers on compiling openssl library to generate static version
of openssl executable for ARM64 bit linux platform will help.
Thanks,
Raveendra
On 22/05/2019 19:32, Dennis Clarke wrote:
Good options inspired by other cryptographic libraries include:
- Number of bits of entropy passed in call (For example, a
perfectly balanced coin flipper could provide the 4 byte
values "head" or "tail" with an entropy of 1 bit).
Let's drop the
On 21/05/2019 16:44, Salz, Rich via openssl-users wrote:
When I overhauled the RAND mechanism, I tried to deprecate this use of floating
point, in favor of just a number from 0 to 100 but was voted down.
It *is* stupid. Luckily, on a modern system with system-provided randomness to
seed
>Then just set it to 1.0 and be done with it.
>That hardly helps on systems that don't have floating point at all.
No it doesn't. Such systems aren't supported by OpenSSL. There are many
places were floating point is used/supported.
Removing the second arg to RA
>If it's a sarcasm, I'm missing the point.
I was't being sarcastic, I was trying to show that the team, recently, still
liked the use of floating point.
>There are use cases when one wants to mix/add extra randomness from, e.g.,
> an external source (that, for whatever reasons, is
When I overhauled the RAND mechanism, I tried to deprecate this use of floating
point, in favor of just a number from 0 to 100 but was voted down.
It *is* stupid. Luckily, on a modern system with system-provided randomness to
seed the RNG, you never need this call.
Hello,
I am working on a Solaris 11.4 x86 64bit virtual server. There are no specific
applications loaded on it yet. I am preparing it to be a BIND server
eventually.
To that end, I downloaded and installed OpenSSL 1.1.1b so I have the latest and
greatest to work with.
The installation
Hi All,
I am in process of using TLS1.3 using openssl 1.1.1b version in my client
application. In order to use session resumption, I have implemented an external
cache when acting as the client. The key to the cache is combination of host
and port and the value associated is SSL_SESSION
.
Only deviations from the official process in creating the
fipscanister invalidates the FIPS validation.
The FIPS-capable OpenSSL is "outside the boundary" of the
FIPS module and can be changed at will. This is why a new
FIPS validation is not needed every time OpenSSL releases
a bugfix
llow
for session resumption on other nodes in a cluster.
- Added logging the list of active connections on
SIGUSR2 or with Windows GUI.
- Logging of the assigned bind address instead of the
requested bind address.
* Bugfixes
- Service threads are terminated before OpenSSL cleanup
t
On 14/05/2019 18:39, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Karl Denninger
Sent: Tuesday, May 14, 2019 09:22
On 5/14/2019 09:48, Michael Wojcik wrote:
I can't think of what remnant of the old certificate would be there,
except
used in safestack.h and
lhash.h to omit them.
I see there is also
# elif defined(__SUNPRO_C)
#pragma weak getisax
in crypto\sparcv9cap.c
so maybe that needs consideration too.
Regards,
John.
-Original Message-
From: openssl-users On Behalf Of John
Unsworth
Sent: 10 May 2019 16:
Hi,
After upgrading openssl to 1.1.1b, I am getting compilation errors in the
openssh code.
Does Openssh 7.9p1 and above versions support building against the openssl
1.1.1b version?
In Openssh release notes, below note is mentioned:
All: support building against the openssl-1.1 API (releases
Hi Richard,
When I executed "make" in openssl directory, opensslconf.h file is
generated. When I do "make" in our projects build directory, opensslconf.h
is not generated.
is this file generated by Configure command or make command?
On Mon 13 May, 2019, 10:56 PM Richard Levi
Hi Richard,
I have extracted tar file and executed Configure command. Do we need to set
anything before Configure?
On Mon 13 May, 2019, 7:33 PM Richard Levitte, wrote:
> What else did you do other than configuring?
>
> Cheers
> Richard
>
> Samiya Khanum via openssl-users skr
Hi,
Earlier our application used openSSL version 1.0.2n. We want to upgrade to
1.1.1b.
When I compile openssl, I see "opensslconf.h" not found error.
../../../../vendor/openssl/include/openssl/e_os2.h:13:34: fatal error:
openssl/opensslconf.h: No such file or directory
With below
(hotmail.com,
live.com,
outlook.com etc.). This service load balances connections between many
servers
which cab give different results for each try.
On 10/05/2019 17:01, Chandu Gangireddy wrote:
Dear OpenSSL Users,
At my corporate environment, I'm experience a challenge to use openssl
s_client
2019, at 3:33 pm, Sunghyun Park <mailto:sun...@umich.edu>> wrote:
Nice to meet you all :)
I faced a problem while building assembly code in OpenSSL (e.g.,
crypto/x86_64cpuid.s) with Emscripten.
Since Emscripten does not support compilation for assembly code (As
far as I know), I'm
> Could you please look into the program and let me know if anything I am
> doing wrong ?
> Or else What could be the issue ?
Sorry, no not me. Maybe someone else on the list has ideas.
So now you know where to start looking, I guess. You might also change your
test program so that it calls the functions multiple times, to “smooth out” the
overhead.
I would start with doing profiling on old and new versions to see where the
slowdown is.
early_cb), I thought about whether I wanted to add a
dedicated API just for the SNI value, due to the level of complexity
involved. I ended up not doing so in the initial submission, both
because I figured it could safely be added later as an incremental
change, and because I was worried (IIRC) abou
'm hoping that there is a way to get it working.
>
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1b/crypto/evp/e_aes_cbc_hmac_sha256.c
This cipher is a special purpose cipher not intended for general
use. It is
specifically targeted at usage in TLS. Unless you're writing
The intent is that you replace the upper layer, CRYPTO_secure_x
What does your implementation do differently, and which platforms does it work
on?
On 26/04/2019 08:19, Richard Levitte wrote:
On Fri, 26 Apr 2019 07:05:01 +0200,
Ande Vishnuvardhan Reddy wrote:
We would like to build Openssl 1.1.1b with Borland compiler (bcc32 -
Embarcadero C++ 7.40). Seems
support for Borland is removed from 1.1.x .
It was dropped, that's true. The main
. Even without
doing this, and using -verify_return_error, openssl s_client does not
refuse to connect to the server. Why is this and what else do I have to
do to convince the system that this self signed cert is OK?
Three suggestions, depending on what git send-email and your system
does:
1
Is anyone looking at the failing CI builds? It’s been a few days now.
Hello,
I'm finding conflicting information on whether OpenSSL can perform OCSP
validation via AIA responders through a proxy. An open issue at GitHub suggests
that this is an open feature request
(https://github.com/openssl/openssl/issues/6965), however I've seen people
saying that a proxy
“*ASN1_CTX ctx*” in openssl 1.1.0g.
Also am getting error as /usr/include/openssl/asn1_mac.h:10:2: error: #error
"This file is obsolete; please update your software."
You are using the old ASN1 API which has been obsolete since 2002. Are you
reading/writing your own custom ASN1 structu
On Wed, Apr 10, 2019 at 12:13:27PM -0400, Dennis Clarke wrote:
> On 4/10/19 7:37 AM, Richard Moore wrote:
> >Hi All,
> >
> >I haven't found a way to list the supported openssl ciphers from the
> >command line (i.e. get the list of potential values for -ciphersuites). I
&
On 10/04/2019 14:28, Kingsley O wrote:
Hello,
I get the above error when trying to build openssl. I am on a x64
Windows 10 platform, using perl 5, version 26, subversion 3 (v5.26.3)
built for MSWin32-x64-multi-thread and Visual studio express for
Windows 10
The file limits is clearly
Dear OpenSSL Users,
This is my first interaction in this community.
While am trying to build the latest openssl-1.0.2r code on CE-X86 platform, it
fails with the below error:
rsa_pk1.c
.\crypto\rsa\rsa_pk1.c(296) : warning C4761: integral size mismatch in argument
conversion supplied
.\crypto
expired, but nobody really
trusts private algorithms any more. There’s too much good stuff readily
available.
To answer your other question: OpenSSL is covered by the Apache license and any
contributions should also use the same license or they will not be accepted.
And cryptography
Hello,
I want to use OpenSSL to create an X509 request where the signature has
been calculated by an external device (ATMEL ATECC508A). With OpenSSL
1.0 I used
X509_REQ *req;
req = X509_REQ_new();
algor = X509_ALGOR_new();
algor->algorithm = OBJ_nid2
On 03/04/2019 22:16, Jeremy Harris wrote:
On 02/04/2019 17:03, Viktor Dukhovni wrote:
Does the server have a temporally stable ticket decryption key?
Is this Exim? Is the server's SSL_CTX persistent and shared
across multiple connections?
Ah, right. Unlike GnuTLS, the STEK is tied to the
On 02/04/2019 10:44, Matt Caswell wrote:
On 01/04/2019 22:23, Steffen wrote:
Hello,
I believe that I have narrowed the problem down to one specific version of
OpenSSL. Version 1.1.0b works as expected while OpenSSL 1.1.0c does not.
Using the cert/data files you provided me off-list (thanks
On 25/03/2019 22:53, sebastien wrote:
hi
in a terminal I've got this error with
|openssl version openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1:
version `OPENSSL_1_1_1' not found (required by openssl) openssl:
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1'
not found
>This software however is 7 years old, we’re not in a position to drop
> everything and rewrite it.
Then don't upgrade? If it's for a CA you don't need TLS 1.3 for example.
Or take the existing OpenSSL code that works and jam it into the current
release.
Maybe because EVP_PKEY_EC designates an ECDSA key, that an EdDSA key is not
generated the same way (particularly the public part), and that the encodings
are different?
Cordialement,
Erwann Abalea
Le 15/03/2019 19:20, « openssl-users au nom de Sam Roberts »
a écrit :
It seems like
On 15/03/2019 14:33, Dennis Clarke wrote:
On 3/15/19 5:38 AM, Matthias St. Pierre wrote:
My guess is that your binary is loading the system's shared libraries.
To find out whether this is the case, try
ldd bin/openssl
If my assumption is correct, you might have to set the LD_LIBRARY_PATH
* checking for SPNEGO support in GSSAPI libraries... configure: error: in
configure: error: cannot run test program while cross compiling
See `config.log' for more details
That’s ot
Openssl library version : cyrus-sasl-2.1.27
Command used : configure --host=x86_64-unknown-freebsd9 --cache
601 - 700 of 1641 matches
Mail list logo