openssl 0.9.7 and debug
./config -d on a standard linux box (RedHat 7.1) gives : Operating system: i686-whatever-linux2 This system (debug-linux-pentium) is not supported. See file INSTALL for details I think that out of the box debug support for this kind of platform is needed. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Small patch to 0.9.6c crypto/objects/obj_dat.c
On Wed, Apr 17, 2002 at 09:43:07PM -0700, Howard Chu wrote: I just checked the CVS head and this patch should be valid there as well: diff -u -r1.1 obj_dat.c --- obj_dat.c 2002/04/18 04:34:17 1.1 +++ obj_dat.c 2002/04/18 04:35:10 @@ -437,8 +437,7 @@ return(0); } - nid=OBJ_obj2nid(a); - if ((nid == NID_undef) || no_name) { + if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) { len=a-length; p=a-data; (Just a slight speedup when I'm munging DNs by OID...) I hope you can commit this for 0.9.6d/0.9.7 without too much trouble. :) I have applied the change to all trees including 0.9.6d. 0.9.6d is already in beta, so I was a bit reluctant to apply the change, but finally decided that the change is small enough. Best regards, Lutz PS. Please do not embed patches in the text but better send it as attachement. In your mail the TAB was transfored to SPACEs, so that the patch utility could not apply it. -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Stratus OpenSSL diffs and test results.
Disclaiemr: I can't by any means give an authorative answer, since I am not part of the development team But I think you should consider the following: - if you are in the US, you should send every source code contribution in CC to [EMAIL PROTECTED] - I think that it's not so nice to include your own copyright notice in the diffs where you essentially changed openssl example source code (if that is the case - it seems to be so from what I gather by looking at the diff briefly). If you want to officially contribute this port, you should be aware that OpenSSL is licensed with an Apache Style license. - In case this port is appreciated by the developers (can't speak for them), a patch against 0.9.7 might be useful, since 0.9.6d won't be change much as it is now in beta Best Regards, David __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl 0.9.7 and debug
On Thu, Apr 18, 2002 at 01:36:39PM +0200, Jean-Marc Desperrier wrote: ./config -d on a standard linux box (RedHat 7.1) gives : Operating system: i686-whatever-linux2 This system (debug-linux-pentium) is not supported. See file INSTALL for details I think that out of the box debug support for this kind of platform is needed. Thanks, fixed. The debug-linux-pentium was missing (-pentiumpro and -k6 where there). Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
There is no closedir in /ssl/ssl_cert.c
Dear Sirs! In version 0.9.6c there is no closedir after opendir/readdir. If it is already fixed then forget this note... Sincerely yours: Lorinczy Zsigmond __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
crypt() function
Hi guys. I find it rather unfortunate that you provide crypt() function. This causes a lot of conflicts in poorly written configure scripts and Makefiles especially on GNU systems that provide crypt with richer functionality. I see few possible solutions: - removing crypt() from libcrypto this has probably close to no chance as there may be many projects that rely on your implementation - optionally removing crypt() based on options given to config script - enhancing crypt() with the functionality provided by GNU glibc so that it provides the same features (MD5 crypt) I'm looking forward to your point of view. Jan -- Jan Fedak mailto:[EMAIL PROTECTED] Linux - the ultimate NT Service Pack. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Stratus OpenSSL diffs and test results.
Dear David, Thank you for your input. I hope to hear from the OpenSSL developers shortly. Our changes to example programs are platform specific changes only to run on our VOS. We will be glad to remove Stratus copy right notice. We want to give all our changes to OpenSSL to incorporate into future OpenSSL release. We would like to officially contribute all our changes to OpenSSL. This is our way of small contribution to OpenSSL and also thanking OpenSSL development team for all their work. Thank you, Bose -Original Message- From: David Maurus [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 7:49 AM To: [EMAIL PROTECTED] Cc: Sundaram, Mani; Ghanta, Bose; '[EMAIL PROTECTED]' Subject: Re: Stratus OpenSSL diffs and test results. Disclaiemr: I can't by any means give an authorative answer, since I am not part of the development team But I think you should consider the following: - if you are in the US, you should send every source code contribution in CC to [EMAIL PROTECTED] - I think that it's not so nice to include your own copyright notice in the diffs where you essentially changed openssl example source code (if that is the case - it seems to be so from what I gather by looking at the diff briefly). If you want to officially contribute this port, you should be aware that OpenSSL is licensed with an Apache Style license. - In case this port is appreciated by the developers (can't speak for them), a patch against 0.9.7 might be useful, since 0.9.6d won't be change much as it is now in beta Best Regards, David __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[no subject]
There is an input sanity check in asn1_lib.c that is #if'd out for some reason. In its absence, a corrupt certificate read by d2i_X509() can at least crash the process. Additionally, the sanity checks both there and in a_bytes.c do not take into account a possibility of negative length and of pointer wrap-around, with similar results. Code to demonstrate the bug (just run it for a few hours) and a diff are attached. Was the #if'ing out of the test intentional, and am I risking anything by enabling it? Right now I am patching openssl-engine-0.9.6c privately, but of course I'd be much happier to know I'd be able to just use plain vanilla 0.9.6d. Thanks for the excellent library, and thanks in advance for your reply, -- Adi Stav - developer Topaz Prism RD Mercury Interactive +972-3-5399481 [EMAIL PROTECTED] test_d2i_X509.c Description: Binary data openssl.diff Description: Binary data
Re: [patch] Sign certs that aren't self signed for x509 -CA
What about the patch below for 0.9.6d? Doc patch as well: --- x509.pod.orig Mon Jan 14 12:03:55 2002 +++ x509.podMon Jan 14 12:03:35 2002 @@ -43,6 +43,7 @@ [B-CAkey filename] [B-CAcreateserial] [B-CAserial filename] +[B-noselfsign] [B-text] [B-C] [B-md2|-md5|-sha1|-mdc2] @@ -300,7 +301,8 @@ of the CA and it is digitally signed using the CAs private key. This option is normally combined with the B-req option. Without the -B-req option the input is a certificate which must be self signed. +B-req option the input is a certificate which must be self signed +(unless B-noselfsign is specified). =item B-CAkey filename @@ -327,6 +329,11 @@ it will contain the serial number 02 and the certificate being signed will have the 1 as its serial number. Normally if the B-CA option is specified and the serial number file does not exist it is an error. + +=item B-noselfsign + +with this option the mini CA (see B-CA) will sign certificates +with unverified signatures. =item B-extfile filename Simon Josefsson [EMAIL PROTECTED] writes: This patch that allows you to override the check for a valid self-signed certificate when signing certs using 'x509 -CA'. I find this useful for those times when you edit certs with M-x hexl-mode. --- x509.c.orig Mon Jan 14 11:41:05 2002 +++ x509.cMon Jan 14 11:41:41 2002 @@ -122,6 +122,7 @@ missing, it is assumed to be in the CA file.\n, -CAcreateserial - create serial number file if it does not exist\n, -CAserial - serial file\n, + -noselfsign - accept certificates that aren't self signed, for -CA.\n, -text - print the certificate in text form\n, -C - print out C code forms\n, -md2/-md5/-sha1/-mdc2 - digest to use\n, @@ -137,7 +138,8 @@ LHASH *conf, char *section); static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial, - int create,int days, int clrext, LHASH *conf, char *section); + int create,int days, int clrext, LHASH *conf, + char *section, int noselfsign); static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); static int reqfile=0; @@ -158,6 +160,7 @@ char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *CAkeyfile=NULL,*CAserial=NULL; char *alias=NULL; + int noselfsign=0; int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; @@ -339,6 +342,8 @@ } else if (strcmp(*argv,-C) == 0) C= ++num; + else if (strcmp(*argv,-noselfsign) == 0) + noselfsign = ++num; else if (strcmp(*argv,-email) == 0) email= ++num; else if (strcmp(*argv,-serial) == 0) @@ -844,8 +849,8 @@ assert(need_rand); if (!x509_certify(ctx,CAfile,digest,x,xca, - CApkey, CAserial,CA_createserial,days, clrext, - extconf, extsect)) + CApkey, CAserial,CA_createserial,days, + clrext, extconf, extsect, noselfsign)) goto end; } else if (x509req == i) @@ -966,7 +971,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create, - int days, int clrext, LHASH *conf, char *section) + int days, int clrext, LHASH *conf, char *section, int noselfsign) { int ret=0; BIO *io=NULL; @@ -1068,8 +1073,8 @@ /* NOTE: this certificate can/should be self signed, unless it was * a certificate request in which case it is not. */ X509_STORE_CTX_set_cert(xsc,x); - if (!reqfile !X509_verify_cert(xsc)) - goto end; + if (!reqfile !noselfsign !X509_verify_cert(xsc)) + goto end; if (!X509_check_private_key(xca,pkey)) { @@ -1132,6 +1137,7 @@ if (ok) { BIO_printf(bio_err,error with certificate to be certified - should be self signed\n); + BIO_printf(bio_err,consider using -noselfsign\n); return 0; } else __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager
Re: crypt() function
In message [EMAIL PROTECTED] on Thu, 18 Apr 2002 14:05:04 +0200, Jan Fedak [EMAIL PROTECTED] said: jack I find it rather unfortunate that you provide crypt() function. This jack causes a lot of conflicts in poorly written configure scripts and jack Makefiles especially on GNU systems that provide crypt with richer jack functionality. jack jack I see few possible solutions: jack - removing crypt() from libcrypto jack this has probably close to no chance as there may be many jack projects that rely on your implementation jack - optionally removing crypt() jack based on options given to config script jack - enhancing crypt() with the functionality provided by GNU glibc so jack that it provides the same features (MD5 crypt) If you look at the 0.9.7 snapshots, you might be pleasantly surprised. Please take a look and say what you think of the solution provided. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: 0.9.6d-beta1
In message [EMAIL PROTECTED] on Wed, 17 Apr 2002 23:01:58 +0200 (MET DST), Francesco Gennai [EMAIL PROTECTED] said: Francesco.Gennai #include e_os.h Francesco.Gennai .^ Francesco.Gennai %CC-F-NOINCLFILEF, Cannot find file e_os.h specified in #include directive. Francesco.Gennai at line number 70 in file Francesco.Gennai $4$DKA201:[OPENSSL.OPENSSL-0_9_6D-BETA1.CRYPTO.CONF]CONF_API.C;1 Francesco.Gennai conf_def.c Thanks, we know about that one. The simple solution is to replaced e_os.h with openssl/e_os.h in [.crypto.conf]conf_def.c -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Stratus OpenSSL diffs and test results.
Disclaiemr: I can't by any means give an authorative answer, since I am not part of the development team But I think you should consider the following: - if you are in the US, you should send every source code contribution in CC to [EMAIL PROTECTED] - I think that it's not so nice to include your own copyright notice in the diffs where you essentially changed openssl example source code (if that is the case - it seems to be so from what I gather by looking at the diff briefly). If you want to officially contribute this port, you should be aware that OpenSSL is licensed with an Apache Style license. - In case this port is appreciated by the developers (can't speak for them), a patch against 0.9.7 might be useful, since 0.9.6d won't be change much as it is now in beta Best Regards, David Sundaram, Mani wrote: Hi, We ported OpenSSL to our operating system VOS that has a POSIX API. In addition to OpenSSL, we have successfully ported other open source software such as Gnu gcc, gdb, Gnu tools(bash, gmake, ...), Apache, Samba, Perl, Python. OpenSSL was relatively easy port. Ben Laurie suggested that we send our OpenSSL diffs to the developers for review. We would like to call our port as VOS OpenSSL; we request your permission to use the OpenSSL name. Our changes include adding header files to compile on VOS - mostly sys/types.h and sys/select.h. This is because on the Linux OpenSSL code base, time.h includes types.h and select.h whereas in VOS it does not. There are two other changes that we did to the code: 1. VOS doesn't support getrusage( ) or ftime( ). However, we do support gettimeofday( ) and times( ). We had to write a new else condition in speed.c to handle this case. We haven't modified the functionality of the code. 2. gcc -Wall warns when sprintf (foo, %d, foobar) is called (foobar is a long datatype). We fixed this. We believe that these changes are platform specific only and no functionality of the product has been compromised. We didn't delete any source code. We are enclosing the diff and the self-test results. We would appreciate your prompt reply with the approval of our changes and the use of the OpenSSL name. Please do not hesitate to contact us if you need further information. We thank you once again in developing OpenSSL. Sincerely, Bose (Engineering Manager) Mani (Software Engineer) --- Here is the diff and the OpenSSL self-test results. The porting base was revision 0.9.6; please note that we have patched md_rand.c with the security fix posted on your website. diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/app_rand.c /p/openssl/porting_base/apps/app_rand.c 145,147d144 #ifdef VOS_DEBUG printf(\n file = %s, file); #endif /* VOS */ diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/dh.c /p/openssl/porting_base/apps/dh.c 63,65d62 #ifdef __VOS__ #include sys/types.h #endif diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/dhparam.c /p/openssl/porting_base/apps/dhparam.c 115,117d114 #ifdef __VOS__ #include sys/types.h #endif diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/dsa.c /p/openssl/porting_base/apps/dsa.c 63,65d62 #ifdef __VOS__ #include sys/types.h #endif diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/dsaparam.c /p/openssl/porting_base/apps/dsaparam.c 62,64d61 #ifdef __VOS__ #include sys/types.h #endif diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/openssl.cnf /p/openssl/porting_base/apps/openssl.cnf 8a9 RANDFILE = $ENV::HOME/.rnd 36c37 dir= ./demoCA# Where everything is kept --- dir = ./demoCA # Where everything is kept 39,40c40,41 database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place for new certs. --- database = $dir/index.txt# database index file. new_certs_dir = $dir/newcerts # default place for new certs. diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/pkcs7.c /p/openssl/porting_base/apps/pkcs7.c 62,64d61 #ifdef __VOS__ #include sys/types.h #endif diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/req.c /p/openssl/porting_base/apps/req.c 61,63d60 #ifdef __VOS__ #include sys/types.h #endif diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/rsa.c /p/openssl/porting_base/apps/rsa.c 63,65d62 #ifdef __VOS__ #include sys/types.h #endif diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/s_client.c /p/openssl/porting_base/apps/s_client.c 63,68d62 #ifdef __VOS__ #include sys/types.h #include sys/select.h #endif 444,447d437 #ifdef VOS_DEBUG printf(\n WIDTH = %d\n, width); #endif 495,497d484 #ifdef VOS_DEBUG printf(\n
Re: Stratus OpenSSL diffs and test results.
A few comments: - Since you're based in the US, you MUST cc: any patch to OpenSSL to [EMAIL PROTECTED] (preferably, because that address is publically archived) or [EMAIL PROTECTED] The cc: MUST be visible for us, or we (the OpenSSL team) will not permit ourselves to even look at the patch (to protect OpenSSL against possible future legal action). - Please generate context diffs, perferably unified ones. The flag to generate the older context diff format is -c, and for unified diff format it's -u (available at least with GNU diff). With context diffs, it's actually possible to apply your patches to other versions of OpenSSL without doing too much guesswork. - IT IS NOT OK for you to try to take copyright on the maurice demo code, especially when the changes are so very small. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
0.9.6d-beta1
Compaq C V6.4-008 on OpenVMS Alpha V7.3 OpenSSL 0.9.6d-beta1 Building by the following command $ @MAKEVMS ALL NORSAREF NODEBUG DECC UCX I get the following error .. .. ... . Compiling The CONF Library Files. (LIBRARY,LIB) conf_err.c conf_lib.c conf_api.c #include e_os.h .^ %CC-F-NOINCLFILEF, Cannot find file e_os.h specified in #include directive. at line number 70 in file $4$DKA201:[OPENSSL.OPENSSL-0_9_6D-BETA1.CRYPTO.CONF]CONF_API.C;1 conf_def.c regards Francesco Gennai -- -- Francesco Gennai Internet : [EMAIL PROTECTED] http://mail.iat.cnr.it/gennai IIT - CNRPhone: +39-050-3152592 Area di Ricerca di Pisa Fax : +39-050-3152593 Via Moruzzi, 1 56124 PISA ITALY -- -- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl dgst ignores read errors
Hi, This sounds like a bug to me. Noticed it last year and I've just checked that it's still not resolved in the latest snapshot. jill!solar:~/build/openssl-SNAP-20020416$ apps/openssl dgst -md5 /bin/ls MD5(/bin/ls)= d93498d9f52c3dc0330ab930fe3ffc50 OK. jill!solar:~/build/openssl-SNAP-20020416$ apps/openssl dgst -md5 /bin MD5(/bin)= d41d8cd98f00b204e9800998ecf8427e jill!solar:~/build/openssl-SNAP-20020416$ apps/openssl dgst -md5 /dev/log MD5(/dev/log)= d41d8cd98f00b204e9800998ecf8427e Wrong. I'd want it to fail with a message to stderr and a non-zero exit code. Also on any read error, not just on non-regular files. open(/bin, O_RDONLY) = 4 [some getpid()'s] read(4, 0x8189fb0, 8192)= -1 EISDIR (Is a directory) [lots of getpid()'s, why?!] write(1, MD5(/bin)= d41d8cd98f00b204e9800..., 44) = 44 -- /sd __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
problem OpenSA SSL
Hi I don't know if this a bug but I advise you about my problem : I am running OpenSA on a Windows 2000 server. Since I have tried to launch the service with SSL it doesn't work. Iget this error message on the prompt : syntax error on line 209 of d:/opensa/apache/conf/httpd.conf cannot load d:/opensa/apache/modules/mod_ssl.so into server : 126 le module spécifié est introuvable I thing everything is correctly set up and don't understand where it comes from. Thank you for your help Xavier
Re: There is no closedir in /ssl/ssl_cert.c
In message [EMAIL PROTECTED] on Wed, 17 Apr 2002 18:38:02 +0200, Lorinczy Zsigmond [EMAIL PROTECTED] said: lzsiga In version 0.9.6c there is no closedir after opendir/readdir. lzsiga If it is already fixed then forget this note... Thanks, I'm fixing it as I speak. I also noticed that the Windowsy variant would fail to close on all errors, even when the directory was correctly opened and the error occured later. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problem OpenSA SSL
On Thu, 18 Apr 2002, xavier de CD and LP wrote: I don't know if this a bug but I advise you about my problem : I am running OpenSA on a Windows 2000 server. Since I have tried to launch the service with SSL it doesn't work. I get this error message on the prompt : syntax error on line 209 of d:/opensa/apache/conf/httpd.conf cannot load d:/opensa/apache/modules/mod_ssl.so into server : 126 le module spécifié est introuvable I thing everything is correctly set up and don't understand where it comes from. * This is *not* the good mailing list: - this one is *not* related to OpenSA at all - this one is for OpenSSL developers only (not OpenSSL users) * You *don't* have a bug, you have an error, and the error message is pretty easy to read and understand, as it is written in french, and you seem to be french (as me). Please look at the d:/opensa/apache/modules directory, and see if you can find a file named mod_ssl.so. If not, then carefully read your documentation, and correct your configuration file according to this documentation. My first guess is that you won't find a file named mod_ssl.so in this directory, but a file named mod_ssl.dll, and that changing the mod_ssl.so into mod_ssl.dll in the configuration file should do the trick. -- Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5 - NT n'a pas pu initialiser le fichier de partage de la partition de démarrage pour le vidage sur incident. Ceci est peut-être dû au fait que le système ne dispose plus que de 3,8 Go de mémoire physique. -+- Windows NT in GNU : Giga ou giga pas ? Si c'est comme ça, je me crashe. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
How to read the personal certificate in IE Browser
Hi, All I have issued personal certificate and installed it in IE Browser. I want to read the certificate installed in IE browser, specially the private key ,and then sign the web Form data that IE submit. How can i do ? Thank you very much! Hao Shi [EMAIL PROTECTED] ¡¡2002-04-18 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[ANNOUNCE] OpenSSL 0.9.6d beta 1 released
The first beta release of OpenSSL 0.9.6d is now available from the OpenSSL FTP site URL: ftp://ftp.openssl.org/source/. This is planned to be the only beta, as we believe that the snapshots have been tested quite thoroughly tested by a number of people. If everything works as planned, the release won't differ except for the version number. The release of OpenSSL 0.9.6d is scheduled for Tuesday 2002-04-30. To make sure that it will work correctly, please test this version (especially on less common platforms), and report any problems to [EMAIL PROTECTED]. Changes between 0.9.6c and 0.9.6d include: o Various SSL/TLS library bugfixes. o Fix DH parameter generation for 'non-standard' generators. -- Richard Levitte [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~levitte/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Stratus OpenSSL diffs and test results.
On Tue, Apr 16, 2002 at 02:32:11PM -0400, Sundaram, Mani wrote: Ben Laurie suggested that we send our OpenSSL diffs to the developers for review. We would like to call our port as VOS OpenSSL; we request your permission to use the OpenSSL name. Our changes include adding header files to compile on VOS - mostly sys/types.h and sys/select.h. This is because on the Linux OpenSSL code base, time.h includes types.h and select.h whereas in VOS it does not. There are two other changes that we did to the code: 1. VOS doesn't support getrusage( ) or ftime( ). However, we do support gettimeofday( ) and times( ). We had to write a new else condition in speed.c to handle this case. We haven't modified the functionality of the code. 2. gcc -Wall warns when sprintf (foo, %d, foobar) is called (foobar is a long datatype). We fixed this. We believe that these changes are platform specific only and no functionality of the product has been compromised. We didn't delete any source code. We are enclosing the diff and the self-test results. We would appreciate your prompt reply with the approval of our changes and the use of the OpenSSL name. Please do not hesitate to contact us if you need further information. You already received other statements about your submission. 0.9.6 is closed. Please contribute against 0.9.7. If you hurry up, it may still make it into 0.9.7, going to be released soon. I will add some more statements on the fly. diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/app_rand.c /p/openssl/porting_base/apps/app_rand.c 145,147d144 #ifdef VOS_DEBUG printf(\n file = %s, file); #endif /* VOS */ Please remove debugging statements, patches should be least intrusive. diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/dh.c /p/openssl/porting_base/apps/dh.c 63,65d62 #ifdef __VOS__ #include sys/types.h #endif Please check out e_os.h. Other operating systems have similar problems and these problems are handled in e_os.h. diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/openssl.cnf /p/openssl/porting_base/apps/openssl.cnf 8a9 RANDFILE= $ENV::HOME/.rnd 36c37 dir= ./demoCA# Where everything is kept --- dir = ./demoCA # Where everything is kept 39,40c40,41 database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place for new certs. --- database= $dir/index.txt# database index file. new_certs_dir = $dir/newcerts # default place for new certs. It seems that there is no difference in the contents (except for RANDFILE) but probably only indentation diffs. Please edit these out before submitting. diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/apps/speed.c /p/openssl/porting_base/apps/speed.c 72,80d71 #ifdef __VOS__ #ifndef _BSD #define _BSD /* for gettimeofday() */ #endif /* _BSD */ #ifndef _SYSV #define _SYSV #endif /* _SYSV */ #endif /*__VOS__ */ This change does make sense to me. In how far are _BSD and _SYSV symbols involved, when just the VOS case should be handled. 84c78 #define SIGACTION /* Define this if you have sigaction() */ --- /* #define SIGACTION */ /* Define this if you have sigaction() */ Are you sure that this will not break other platforms? /p/openssl/dev.0.9/src/openssl-0.9.6/crypto/opensslconf.h /p/openssl/porting_base/crypto/opensslconf.h 6,11c6 # ifndef NO_IDEA # define NO_IDEA # endif # ifndef NO_RC5 # define NO_RC5 # endif --- /* no ciphers excluded */ 16,18d10 # ifndef NO_ASM # define NO_ASM # endif 28c20 #define OPENSSLDIR /system/openssl --- #define OPENSSLDIR /usr/local/ssl 77c69 #define BN_LLONG --- #undef BN_LLONG Please do not change OpenSSL build defaults in a platform specific patch. 17c13 #include string.h --- #include strings.h This may break other platforms. diff -r -x Makefile* /p/openssl/dev.0.9/src/openssl-0.9.6/test/tcrl /p/openssl/porting_base/test/tcrl 80c80 /system/gnu_library/bin/rm -f f.* ff.* fff.* --- /bin/rm -f f.* ff.* fff.* This will most likely break other platforms. (More of these deleted.) Additional note: We collect platform specific settings in Configure. Please add a corresponding entry for your OS (and a detection routine for config, if applicable). You will see, that your patch will shrink significantly, when following my advice. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL
REMOVE
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Erwann ABALEA Sent: 18 April 2002 17:02 To: xavier de CD and LP Cc: [EMAIL PROTECTED] Subject: Re: problem OpenSA SSL On Thu, 18 Apr 2002, xavier de CD and LP wrote: I don't know if this a bug but I advise you about my problem : I am running OpenSA on a Windows 2000 server. Since I have tried to launch the service with SSL it doesn't work. I get this error message on the prompt : syntax error on line 209 of d:/opensa/apache/conf/httpd.conf cannot load d:/opensa/apache/modules/mod_ssl.so into server : 126 le module spécifié est introuvable I thing everything is correctly set up and don't understand where it comes from. * This is *not* the good mailing list: - this one is *not* related to OpenSA at all - this one is for OpenSSL developers only (not OpenSSL users) * You *don't* have a bug, you have an error, and the error message is pretty easy to read and understand, as it is written in french, and you seem to be french (as me). Please look at the d:/opensa/apache/modules directory, and see if you can find a file named mod_ssl.so. If not, then carefully read your documentation, and correct your configuration file according to this documentation. My first guess is that you won't find a file named mod_ssl.so in this directory, but a file named mod_ssl.dll, and that changing the mod_ssl.so into mod_ssl.dll in the configuration file should do the trick. -- Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5 - NT n'a pas pu initialiser le fichier de partage de la partition de démarrage pour le vidage sur incident. Ceci est peut-être dû au fait que le système ne dispose plus que de 3,8 Go de mémoire physique. -+- Windows NT in GNU : Giga ou giga pas ? Si c'est comme ça, je me crashe. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6d beta 1 released [DOS PATCH]
On Wed, 17 Apr 2002, Richard Levitte - VMS Whacker wrote: The first beta release of OpenSSL 0.9.6d is now available from the OpenSSL FTP site URL: ftp://ftp.openssl.org/source/. This is This still doesn't have the patch for DOS integrated, so it probably won't work on platforms that don't have symbolic links. I updated the patch for 0.9.6d and have attached it. With the patch it configures and compiles without warnings on DJGPP. make test has no errors. Doug __ Doug Kaufman Internet: [EMAIL PROTECTED] 096d.pch.gz Description: application/gunzip
Re: Announcement of OpenSSL 0.9.6d and 0.9.7 Release Plan and Schedule[DOS PATCH]
On Tue, 16 Apr 2002, Lutz Jaenicke wrote: Announcement of OpenSSL 0.9.6d and 0.9.7 Release Plan and Schedule == The OpenSSL developers team is pleased to announce the upcoming release of OpenSSL 0.9.7. OpenSSL 0.9.7 contains several changes ... 30 Apr 2002: 0.9.7-beta1 13 May 2002: 0.9.7-beta2 The 0.9.7 snapshot from 17 April still doesn't have the DJGPP patch integrated and probably doesn't work on platforms that don't have symbolic links. I have updated the patch I previously submitted for DJGPP on 0.9.7 and have attached it. With the patch, the snapshot configures, makes, and make test without errors. Doug __ Doug Kaufman Internet: [EMAIL PROTECTED] 097.pch.gz Description: application/gunzip