Hello,
Thank you for releasing 1.0.0l and 1.0.1f.
I tested them right away (that I haven't done for more than a year) found
that there are needed some changes in order to make the it work under
OpenVMS.
1. I have tested for the very first time with HP C V7.3-020 on OpenVMS IA64
V8.4 and found that among few older informational messages there were many
warning in the code like.
Compiling The o_dir.c File. (LIBRARY,LIB)
l -= p + 1 - r;
...............^
%CC-W-MAYLOSEDATA3, In this statement, "p+1-r" has a larger data size than
int. Assignment can result in data loss.
at line number 170 in file DKA0:[WORK.openssl-100l.crypto]LPdir_vms.c;1
I know that these issues are in the code for ages, but my personal opinion
is that for a security software these warnings need to be addressed (if a
compiler has detected a warning) to improve the code quality.
Now, I just disabled the MAYLOSEDATA3 warning by configuring them in the
openvms *.com files like:
$ CCDISABLEWARNINGS = "MAYLOSEDATA3" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
In order to see clearly the important errors and warnings.
I can provide the full list if needed.
2. Problem with undefined references
file: DKA0:[WORK.openssl-100k.IA64.EXE.SSL]SSL_LIBSSL32.OLB;1
%ILINK-W-NUDFSYMS, 5 undefined symbols:
%ILINK-I-UDFSYM, SSL3_CBC_COPY_MAC
%ILINK-I-UDFSYM, SSL3_CBC_DIGEST_RECORD
%ILINK-I-UDFSYM, SSL3_CBC_RECORD_DIGEST_SUPPORTE
%ILINK-I-UDFSYM, SSL3_CBC_REMOVE_PADDING
%ILINK-I-UDFSYM, TLS1_CBC_REMOVE_PADDING
%ILINK-W-USEUNDEF, undefined symbol TLS1_CBC_REMOVE_PADDING referenced
.occur because the s3_cbc file is not compiled at all during OpenVMS build.
The solution is to add the s3_cbc file to ssl-lib.com like in the following
patch:
************
File DKA0:<WORK.openssl-100l.ssl>ssl-lib.com;1
217 "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+
-
218 "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
******
File DKA0:<WORK.openssl-100l.ssl>ssl-lib.com;4
217
"s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,s3_cbc,"+ -
218 "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
************
3. The external identifier name exceeds 31 characters type of problems
int ssl_check_clienthello_tlsext_early(SSL *s);
....^
%CC-W-LONGEXTERN, The external identifier name exceeds 31 characters;
truncated to "SSL_CHECK_CLIENTHELLO_TLSEXT_EA".
at line number 1069 in file DKA0:[WORK.openssl-100k.ssl]ssl_locl.h;1
The solution is to add them to crypto/symhacks.h like below:
************
File DKA0:<WORK.openssl-100l.crypto>symhacks.h;2
189 #undef ssl3_cbc_record_digest_supported
190 #define ssl3_cbc_record_digest_supported
ssl3_cbc_record_digest_support
191 #undef ssl_check_clienthello_tlsext_late
192 #define ssl_check_clienthello_tlsext_late
ssl_check_clihello_tlsext_late
193 #undef ssl_check_clienthello_tlsext_early
194 #define ssl_check_clienthello_tlsext_early
ssl_check_clihello_tlsext_early
195
196 /* Hack some long ENGINE names */
******
File DKA0:<WORK.openssl-100l.crypto>symhacks.h;1
189 /* Hack some long ENGINE names */
************
Please, note these patches above are valid for both 1.0.0l and 1.0.1f
After this release 1.0.0l builds and passes all tests on VAX, Alpha (32 and
64 bit) and Itanium (32 and 64 bit) as well as 1.0.1f (except on VAX,
because of already discussed reasons)
Maybe it is noteworthy to add that tests on VMS are aborted if any failure
occur. On one server I did not have perl installed (that happens rather
often in OpenVMS environment ) therefore I changed test/tests.com that
test_cms be the last one (that will fail anyway because of lack of perl)
giving chance for all other tests to perform.
Thank you.
Regards,
Z
