Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. Re: INN and openssl 1.1 (Julien ?LIE)
2. Re: INN and openssl 1.1
(Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
Problem, , 669-2000, 470-2224)
3. Re: INN and openssl 1.1
(The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000, 473-4587)
4. Re: INN and openssl 1.1 (Julien ?LIE)
5. Re: INN and openssl 1.1 (The Doctor)
6. Re: INN and openssl 1.1
(The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000, 473-4587)
----------------------------------------------------------------------
Message: 1
Date: Sat, 5 Mar 2016 15:51:39 +0100
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: INN and openssl 1.1
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252
The Doctor,
>>> Hopefully OPenssl commiter for 1.1 branch will hear my plea for
>>> backwards compatability so that you have
>>>
>>> #define SSLeay_add_ssl_algorithms OpenSSL_add_ssl_algorithms
>>> #define SSLv23_server_method TLS_server_method
I've just tried to build INN with latest OpenSSL 1.1.0-pre3 version, and it
seems that these define's are present.
Do you confirm you no longer have an issue with these two functions?
> INN so far is the only package against Openssl 1.1 that is easy to migrate.
Glad to know!
Could you please try the following patch and report if everything is OK for you?
(that is to say the patch is enough to make INN work with OpenSSL 1.1.0-pre3
on your server)
--- nnrpd/tls.c (r?vision 9984)
+++ nnrpd/tls.c (copie de travail)
@@ -216,7 +216,10 @@
default:
/* We should check current keylength vs. requested keylength
* also, this is an extremely expensive operation! */
- dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL,
NULL);
+ dh = DH_new();
+ if (dh != NULL) {
+ DH_generate_parameters_ex(dh, keylength, DH_GENERATOR_2,
NULL);
+ }
r = dh;
}
@@ -492,8 +495,13 @@
if (tls_loglevel >= 2)
Printf("starting TLS engine");
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
+#else
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#endif
CTX = SSL_CTX_new(SSLv23_server_method());
if (CTX == NULL) {
--- nnrpd/tls.h (r?vision 9984)
+++ nnrpd/tls.h (copie de travail)
@@ -22,8 +22,12 @@
#ifndef TLS_H
#define TLS_H
#include <openssl/lhash.h>
#include <openssl/bn.h>
+#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
--- m4/openssl.m4 (r?vision 9984)
+++ m4/openssl.m4 (copie de travail)
@@ -71,10 +71,10 @@
[AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
[$inn_openssl_extra])
AS_IF([test x"$inn_reduced_depends" = xtrue],
- [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
+ [AC_CHECK_LIB([ssl], [SSL_accept], [OPENSSL_LIBS=-lssl],
[AS_IF([test x"$1" = xtrue],
[AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
- [AC_CHECK_LIB([ssl], [SSL_library_init],
+ [AC_CHECK_LIB([ssl], [SSL_accept],
[OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
[AS_IF([test x"$1" = xtrue],
[AC_MSG_ERROR([cannot find usable OpenSSL library])])],
Russ, would you mind committing the change of SSL_library_init to SSL_accept
in the openssl.m4 file shipped with rra-c-util?
This way, the OpenSSL library can be found (for both 1.1.0 and older versions).
Thanks,
--
Julien ?LIE
? L'atour est fiel aux Huns valides. ?
------------------------------
Message: 2
Date: Sat, 5 Mar 2016 13:01:56 -0700 (MST)
From: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of
the Problem, , 669-2000, 470-2224" <[email protected]>
To: Julien ?LIE <[email protected]>
Cc: [email protected]
Subject: Re: INN and openssl 1.1
Message-ID: <[email protected]>
Content-Type: text/plain; charset="US-ASCII"
[ Charset windows-1252 unsupported, converting... ]
> The Doctor,
>
> >>> Hopefully OPenssl commiter for 1.1 branch will hear my plea for
> >>> backwards compatability so that you have
> >>>
> >>> #define SSLeay_add_ssl_algorithms OpenSSL_add_ssl_algorithms
> >>> #define SSLv23_server_method TLS_server_method
>
> I've just tried to build INN with latest OpenSSL 1.1.0-pre3 version, and it
> seems that these define's are present.
> Do you confirm you no longer have an issue with these two functions?
>
>
>
> > INN so far is the only package against Openssl 1.1 that is easy to migrate.
>
> Glad to know!
>
> Could you please try the following patch and report if everything is OK for
> you?
> (that is to say the patch is enough to make INN work with OpenSSL 1.1.0-pre3
> on your server)
>
>
> --- nnrpd/tls.c (r?vision 9984)
> +++ nnrpd/tls.c (copie de travail)
> @@ -216,7 +216,10 @@
> default:
> /* We should check current keylength vs. requested keylength
> * also, this is an extremely expensive operation! */
> - dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL,
> NULL);
> + dh = DH_new();
> + if (dh != NULL) {
> + DH_generate_parameters_ex(dh, keylength, DH_GENERATOR_2,
> NULL);
> + }
> r = dh;
> }
>
> @@ -492,8 +495,13 @@
> if (tls_loglevel >= 2)
> Printf("starting TLS engine");
>
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> SSL_load_error_strings();
> SSLeay_add_ssl_algorithms();
> +#else
> + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
> + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
> +#endif
>
> CTX = SSL_CTX_new(SSLv23_server_method());
> if (CTX == NULL) {
>
>
>
>
>
>
> --- nnrpd/tls.h (r?vision 9984)
> +++ nnrpd/tls.h (copie de travail)
> @@ -22,8 +22,12 @@
> #ifndef TLS_H
> #define TLS_H
>
> #include <openssl/lhash.h>
> #include <openssl/bn.h>
> +#include <openssl/dh.h>
> #include <openssl/err.h>
> #include <openssl/pem.h>
> #include <openssl/rand.h>
>
>
>
>
>
>
> --- m4/openssl.m4 (r?vision 9984)
> +++ m4/openssl.m4 (copie de travail)
> @@ -71,10 +71,10 @@
> [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
> [$inn_openssl_extra])
> AS_IF([test x"$inn_reduced_depends" = xtrue],
> - [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
> + [AC_CHECK_LIB([ssl], [SSL_accept], [OPENSSL_LIBS=-lssl],
> [AS_IF([test x"$1" = xtrue],
> [AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
> - [AC_CHECK_LIB([ssl], [SSL_library_init],
> + [AC_CHECK_LIB([ssl], [SSL_accept],
> [OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
> [AS_IF([test x"$1" = xtrue],
> [AC_MSG_ERROR([cannot find usable OpenSSL library])])],
>
>
Let me test this out recpomiling today's current and
use slrn with SSL to access the newsgroups.
Will get back to you soon.
>
> Russ, would you mind committing the change of SSL_library_init to SSL_accept
> in the openssl.m4 file shipped with rra-c-util?
> This way, the OpenSSL library can be found (for both 1.1.0 and older
> versions).
>
> Thanks,
>
> --
> Julien ?LIE
>
> ? L'atour est fiel aux Huns valides. ?
> _______________________________________________
> inn-workers mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/inn-workers
------------------------------
Message: 3
Date: Sat, 5 Mar 2016 13:17:50 -0700 (MST)
From: "The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000,
473-4587" <[email protected]>
To: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of
the Problem, , 669-2000, 470-2224" <[email protected]>
Cc: [email protected]
Subject: Re: INN and openssl 1.1
Message-ID: <[email protected]>
Content-Type: text/plain; charset="US-ASCII"
> [ Charset windows-1252 unsupported, converting... ]
> > The Doctor,
> >
> > >>> Hopefully OPenssl commiter for 1.1 branch will hear my plea for
> > >>> backwards compatability so that you have
> > >>>
> > >>> #define SSLeay_add_ssl_algorithms OpenSSL_add_ssl_algorithms
> > >>> #define SSLv23_server_method TLS_server_method
> >
> > I've just tried to build INN with latest OpenSSL 1.1.0-pre3 version, and it
> > seems that these define's are present.
> > Do you confirm you no longer have an issue with these two functions?
> >
> >
> >
> > > INN so far is the only package against Openssl 1.1 that is easy to
> > > migrate.
> >
> > Glad to know!
> >
> > Could you please try the following patch and report if everything is OK for
> > you?
> > (that is to say the patch is enough to make INN work with OpenSSL 1.1.0-pre3
> > on your server)
> >
> >
> > --- nnrpd/tls.c (r?vision 9984)
> > +++ nnrpd/tls.c (copie de travail)
> > @@ -216,7 +216,10 @@
> > default:
> > /* We should check current keylength vs. requested keylength
> > * also, this is an extremely expensive operation! */
> > - dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL,
> > NULL);
> > + dh = DH_new();
> > + if (dh != NULL) {
> > + DH_generate_parameters_ex(dh, keylength,
> > DH_GENERATOR_2, NULL);
> > + }
> > r = dh;
> > }
> >
> > @@ -492,8 +495,13 @@
> > if (tls_loglevel >= 2)
> > Printf("starting TLS engine");
> >
> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > SSL_load_error_strings();
> > SSLeay_add_ssl_algorithms();
> > +#else
> > + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
> > + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
> > +#endif
> >
> > CTX = SSL_CTX_new(SSLv23_server_method());
> > if (CTX == NULL) {
> >
> >
> >
> >
> >
> >
> > --- nnrpd/tls.h (r?vision 9984)
> > +++ nnrpd/tls.h (copie de travail)
> > @@ -22,8 +22,12 @@
> > #ifndef TLS_H
> > #define TLS_H
> >
> > #include <openssl/lhash.h>
> > #include <openssl/bn.h>
> > +#include <openssl/dh.h>
There is no dn.h in the openssl includes.
> > #include <openssl/err.h>
> > #include <openssl/pem.h>
> > #include <openssl/rand.h>
> >
> >
> >
> >
> >
> >
> > --- m4/openssl.m4 (r?vision 9984)
> > +++ m4/openssl.m4 (copie de travail)
> > @@ -71,10 +71,10 @@
> > [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
> > [$inn_openssl_extra])
> > AS_IF([test x"$inn_reduced_depends" = xtrue],
> > - [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
> > + [AC_CHECK_LIB([ssl], [SSL_accept], [OPENSSL_LIBS=-lssl],
> > [AS_IF([test x"$1" = xtrue],
> > [AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
> > - [AC_CHECK_LIB([ssl], [SSL_library_init],
> > + [AC_CHECK_LIB([ssl], [SSL_accept],
> > [OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
> > [AS_IF([test x"$1" = xtrue],
> > [AC_MSG_ERROR([cannot find usable OpenSSL library])])],
> >
> >
>
> Let me test this out recpomiling today's current and
> use slrn with SSL to access the newsgroups.
>
> Will get back to you soon.
>
> >
> > Russ, would you mind committing the change of SSL_library_init to SSL_accept
> > in the openssl.m4 file shipped with rra-c-util?
> > This way, the OpenSSL library can be found (for both 1.1.0 and older
> > versions).
> >
> > Thanks,
> >
> > --
> > Julien ?LIE
> >
> > ? L'atour est fiel aux Huns valides. ?
> > _______________________________________________
> > inn-workers mailing list
> > [email protected]
> > https://lists.isc.org/mailman/listinfo/inn-workers
> _______________________________________________
> inn-workers mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/inn-workers
------------------------------
Message: 4
Date: Sat, 5 Mar 2016 21:30:21 +0100
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: INN and openssl 1.1
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8; format=flowed
The Doctor,
>>> --- nnrpd/tls.h (r?vision 9984)
>>> +++ nnrpd/tls.h (copie de travail)
>>> @@ -22,8 +22,12 @@
>>> #ifndef TLS_H
>>> #define TLS_H
>>>
>>> #include <openssl/lhash.h>
>>> #include <openssl/bn.h>
>>> +#include <openssl/dh.h>
>
> There is no dn.h in the openssl includes.
It is "dh.h".
Don't you have openssl/dh.h in your OpenSSL install?
https://github.com/openssl/openssl/blob/master/include/openssl/dh.h
In which header is DH_GENERATOR_2 defined in your install?
(openssl/ssl.h?)
--
Julien ?LIE
? L'atour est fiel aux Huns valides. ?
------------------------------
Message: 5
Date: Sat, 5 Mar 2016 13:45:19 -0700
From: The Doctor <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: INN and openssl 1.1
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Sat, Mar 05, 2016 at 01:17:50PM -0700, The Doctor,3328-138 Ave Edmonton AB
T5Y 1M4,669-2000,473-4587 wrote:
> > [ Charset windows-1252 unsupported, converting... ]
> > > The Doctor,
> > >
> > > >>> Hopefully OPenssl commiter for 1.1 branch will hear my plea for
> > > >>> backwards compatability so that you have
> > > >>>
> > > >>> #define SSLeay_add_ssl_algorithms OpenSSL_add_ssl_algorithms
> > > >>> #define SSLv23_server_method TLS_server_method
> > >
> > > I've just tried to build INN with latest OpenSSL 1.1.0-pre3 version, and
> > > it seems that these define's are present.
> > > Do you confirm you no longer have an issue with these two functions?
> > >
> > >
> > >
> > > > INN so far is the only package against Openssl 1.1 that is easy to
> > > > migrate.
> > >
> > > Glad to know!
> > >
> > > Could you please try the following patch and report if everything is OK
> > > for you?
> > > (that is to say the patch is enough to make INN work with OpenSSL
> > > 1.1.0-pre3
> > > on your server)
> > >
> > >
> > > --- nnrpd/tls.c (r?vision 9984)
> > > +++ nnrpd/tls.c (copie de travail)
> > > @@ -216,7 +216,10 @@
> > > default:
> > > /* We should check current keylength vs. requested keylength
> > > * also, this is an extremely expensive operation! */
> > > - dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL,
> > > NULL);
> > > + dh = DH_new();
> > > + if (dh != NULL) {
> > > + DH_generate_parameters_ex(dh, keylength,
> > > DH_GENERATOR_2, NULL);
> > > + }
> > > r = dh;
> > > }
> > >
> > > @@ -492,8 +495,13 @@
> > > if (tls_loglevel >= 2)
> > > Printf("starting TLS engine");
> > >
> > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > > SSL_load_error_strings();
> > > SSLeay_add_ssl_algorithms();
> > > +#else
> > > + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
> > > + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
> > > +#endif
> > >
> > > CTX = SSL_CTX_new(SSLv23_server_method());
> > > if (CTX == NULL) {
> > >
> > >
> > >
> > >
> > >
> > >
> > > --- nnrpd/tls.h (r?vision 9984)
> > > +++ nnrpd/tls.h (copie de travail)
> > > @@ -22,8 +22,12 @@
> > > #ifndef TLS_H
> > > #define TLS_H
> > >
> > > #include <openssl/lhash.h>
> > > #include <openssl/bn.h>
> > > +#include <openssl/dh.h>
>
>
> There is no dn.h in the openssl includes.
>
> > > #include <openssl/err.h>
> > > #include <openssl/pem.h>
> > > #include <openssl/rand.h>
> > >
> > >
> > >
> > >
> > >
> > >
> > > --- m4/openssl.m4 (r?vision 9984)
> > > +++ m4/openssl.m4 (copie de travail)
> > > @@ -71,10 +71,10 @@
> > > [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
> > > [$inn_openssl_extra])
> > > AS_IF([test x"$inn_reduced_depends" = xtrue],
> > > - [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
> > > + [AC_CHECK_LIB([ssl], [SSL_accept], [OPENSSL_LIBS=-lssl],
> > > [AS_IF([test x"$1" = xtrue],
> > > [AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
> > > - [AC_CHECK_LIB([ssl], [SSL_library_init],
> > > + [AC_CHECK_LIB([ssl], [SSL_accept],
> > > [OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
> > > [AS_IF([test x"$1" = xtrue],
> > > [AC_MSG_ERROR([cannot find usable OpenSSL library])])],
> > >
> > >
> >
> > Let me test this out recpomiling today's current and
> > use slrn with SSL to access the newsgroups.
> >
> > Will get back to you soon.
> >
> > >
> > > Russ, would you mind committing the change of SSL_library_init to
> > > SSL_accept
> > > in the openssl.m4 file shipped with rra-c-util?
> > > This way, the OpenSSL library can be found (for both 1.1.0 and older
> > > versions).
> > >
> > > Thanks,
> > >
It works.
PLease commit with the exception of the non-existant <openssl/dh.h>
> > > --
> > > Julien ?LIE
> > >
> > > ? L'atour est fiel aux Huns valides. ?
> > > _______________________________________________
> > > inn-workers mailing list
> > > [email protected]
> > > https://lists.isc.org/mailman/listinfo/inn-workers
> > _______________________________________________
> > inn-workers mailing list
> > [email protected]
> > https://lists.isc.org/mailman/listinfo/inn-workers
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
Manitoba and Saskatchewan! Save your provinces in April! Vote Liberal!!
------------------------------
Message: 6
Date: Sat, 5 Mar 2016 13:48:26 -0700 (MST)
From: "The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000,
473-4587" <[email protected]>
To: Julien ?LIE <[email protected]>
Cc: [email protected]
Subject: Re: INN and openssl 1.1
Message-ID: <[email protected]>
Content-Type: text/plain; charset="US-ASCII"
[ Charset UTF-8 unsupported, converting... ]
> The Doctor,
>
>>>> --- nnrpd/tls.h (r?vision 9984)
>>>> +++ nnrpd/tls.h (copie de travail)
>>>> @@ -22,8 +22,12 @@
>>>> #ifndef TLS_H
>>>> #define TLS_H
>>>>
>>>> #include <openssl/lhash.h>
>>>> #include <openssl/bn.h>
>>>> +#include <openssl/dh.h>
>>
>> There is no dn.h in the openssl includes.
>
> It is "dh.h".
>
> Don't you have openssl/dh.h in your OpenSSL install?
> https://github.com/openssl/openssl/blob/master/include/openssl/dh.h
>
> In which header is DH_GENERATOR_2 defined in your install?
> (openssl/ssl.h?)
>
Sorry, I saw dn.h; must clean the screen one day effectively.
It works. Please commit.
> --
> Julien ?LIE
>
> ? L'atour est fiel aux Huns valides. ?
> _______________________________________________
> inn-workers mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/inn-workers
------------------------------
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
End of inn-workers Digest, Vol 82, Issue 1
******************************************
