Getting the tls-unique channel binding
Hello, The tls-unique channel binding is necessary to implement the SCRAM-SHA-1-PLUS authentication mechanisms (see RFC 5802, RFC 5929). We have a pending patch for Python's ssl binding to compute that piece of information (*), and I would like to know if there's some example code somewhere so that we can confirm our implementation is right. (*) http://bugs.python.org/issue12551 Thank you Antoine. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OSX still defaulting to .9 libraries after 1.0 build
The problem is in my include statements. The output of the following test program is OpenSSL version included is: 9466063 even when I compile with -I/usr/local/ssl/include/openssl. What if you try -I/usr/local/ssl/include/ instead? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL and Python
Le mercredi 21 avril 2010 à 16:06 -0700, gary clark a écrit : ImportError: /usr/local/lib/python2.5/site-packages/OpenSSL/crypto.so: undefined symbol: PyUnicodeUCS2_Decode This is a Python problem, not an unicode one. I suggest posting on comp.lang.python. Basically, you should use the pyOpenSSL package provided by your Linux distribution, or compile it from the source; but not install a standalone binary package. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl-1.0.0 compile issues on SUSE 10.1
Le vendredi 16 avril 2010 à 10:47 -0700, Jon Strait a écrit : Please bear with me as I am in the midst of my crash-course in Linux upgrade management. I am trying to upgrade from openssl-0.9.8 to openssl-1.0.0 on SUSe 10.1 32bit with HP dl380's. Why do you? Your Linux distribution will provide updated binary packages if necessary (for example to fix hypothetical security issues). They also might have their own custom patches to OpenSSL, which means your self-compiled vanilla version of OpenSSL might break installed applications. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Strange SSL_shutdown() error return (SSL_ERROR_SYSCALL but errno == 0)
Hello again, I have investigated this issue of -1/SSL_ERROR_SYSCALL with errno==0. From the SSL_get_error(3) man page: SSL_ERROR_SYSCALL Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret == 0, an EOF was observed that violates the protocol. If ret == -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details). Well, in our case, and unless I'm mistaken, ret == -1, ERR_get_error() == 0 and then errno (the Unix errno) == 0. Perhaps errno gets cleared by another operation... I may try to investigate if I get some time. Regards Antoine. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Strange SSL_shutdown() error return (SSL_ERROR_SYSCALL but errno == 0)
Hello, While testing Python's SSL support with OpenSSL = 0.9.8m, we have encountered a strange error return from SSL_shutdown on a non-blocking socket (note: this is a different problem from the one described by Victor Stinner in an earlier thread last month). Basically: - SSL_shutdown(ssl object) returns -1 - SSL_get_error(ssl object, -1) returns SSL_ERROR_SYSCALL - ERR_get_errno() returns 0 - errno is equal to 0 This situation was not hit before 0.9.8m. Our temptative workaround right now (not yet committed, awaiting your insight :-)) is to detect this particular situation and consider the call successful rather than raise an exception. What encouraged me in that workaround is that some LightHTTPd users have encountered what looks like the same issue, also starting from 0.9.8m: http://redmine.lighttpd.net/boards/2/topics/2779 « SSL_shutdown failed, SSL_get_error returned SSL_ERROR_SYSCALL, but errno == 0 - I think there is something wrong with your ssl lib. » « Since I updated to openssl 0.9.8m I have noticed the same error messages in my log. (using lighttpd 1.4.26 with the same patch applied) » I would welcome any explanations and suggestions concerning this situation. Is it an OpenSSL bug? Or does this error return correspond to an applicative error? (in which case, which error exactly, since the return codes don't point to anything precise) Thank you Antoine Pitrou. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org