Re: strangeness in `x509 -noout -text` output
Lutz Jaenicke schrieb: On Sun, Apr 28, 2002 at 08:07:43PM +0100, Dr S N Henson wrote: However a new FAQ entry might be in order or possibly changing the default display options so that the old behaviour is no longer the default and adding a -nameopt old option is explicitly needed instead. -nameopt compat shall retain compatibility. Hmm, make oneline the new default? Or rather leave it as is and just add it to the FAQ. Robert Joop and Michael Bell, active in discussing DN issues, are with the OpenCA project. It should be possible for them to catch the problem by using an appropriate command line flag when calling openssl x509. I think the FAQ entry is enough. If you set a new default then you can surprise many small scripts and their users. The flag -nameopt is a good solution. The only problem for the future is the support of this flag in all the other tools (especially ca and req have problems with their option -subj). I found a small problem with -nameopt RFC2253: The X509v3 Authority Key Identifier doesn't use -nameopt for DirName. Is this DN stored as a string? Michael -- --- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: 0.9.7 20020427 snapshot errors on Win32
In message [EMAIL PROTECTED] on Sun, 28 Apr 2002 15:51:51 EDT, Jeffrey Altman [EMAIL PROTECTED] said: jaltman cl /Fotmp32dll\s3_pkt.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 jaltman /Ox /O2 /O jaltman b2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN jaltman -DL_ENDIAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll jaltman -DOPENSSL_NO_IDEA -DZLIB -DOPENSSL_THREADS -DDSO_WIN32 -DKRB5_MIT -D_WINDLL -D_DLL jaltman -DOPENSSL_BUILD_SHLIBSSL -c .\ssl\s3_pkt.c jaltman s3_pkt.c jaltman .\ssl\s3_pkt.c(248) : error C2220: warning treated as error - no jaltman object file generated jaltman .\ssl\s3_pkt.c(248) : warning C4018: '!=' : signed/unsigned mismatch jaltman .\ssl\s3_pkt.c(608) : warning C4018: '' : signed/unsigned mismatch jaltman jaltman int vs unsigned int jaltman jaltman jaltman -- jaltman jaltman jaltman cl /Fotmp32dll\ssl_cert.obj -Iinc32 -Itmp32dll /MD /W3 /WX jaltman /G5 /Ox /O2 jaltman /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 jaltman -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll jaltman -DOPENSSL_NO_IDEA -DZLIB -DOPENSSL_THREADS -DDSO_WIN32 -DKRB5_MIT -D_WINDLL jaltman -D_DLL -DOPENSSL_BUILD_SHLIBSSL -c .\ssl\ssl_cert.c jaltman ssl_cert.c jaltman .\ssl\ssl_cert.c(828) : error C2065: 'd' : undeclared identifier jaltman .\ssl\ssl_cert.c(828) : warning C4013: 'closedir' undefined; assuming jaltman extern returning int jaltman jaltman 'd' does not exist in the Windows implementation jaltman jaltman jaltman -- jaltman jaltman link /nologo /subsystem:console /machine:I386 /opt:ref jaltman /out:out32dll\eng jaltman inetest.exe @H:\DOCUME~1\jaltman\LOCALS~1\Temp\nmx03400. jaltman cl /Fotmp32dll\ssltest.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 jaltman /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN jaltman -DL_ENDIAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll jaltman -DOPENSSL_NO_IDEA -DZLIB -DOPENSSL_THREADS -DDSO_WIN32 -DKRB5_MIT -c jaltman .\ssl\ssltest.c jaltman ssltest.c jaltman .\ssl\ssltest.c(1058) : error C2220: warning treated as error - no jaltman object file generated jaltman .\ssl\ssltest.c(1058) : warning C4018: '' : signed/unsigned mismatch jaltman jaltman size_t != int Hmm, I fixed those, but apparently only in the 0.9.7-stable branch. I'll merge those changes into the main branch... jaltman jaltman -- jaltman jaltman There is still an issue with jaltman jaltman perl Configure VC-WIN32 no-idea --with-krb5-flavor=MIT zlib-dynamic jaltman jaltman which produces in MINFO jaltman jaltman CFLAG=-DOPENSSL_SYSNAME_WIN32 -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS \ jaltman -DDSO_WIN32 -DKRB5_MIT -DOPENSSL_NO_IDEA jaltman jaltman However, the CFLAG values are not imported into ms\nt*.mak when jaltman ms\do_*.bat is executed. The resulting .mak files need to be edited jaltman by hand to include the flags jaltman jaltman-DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_WIN32 -DKRB5_MIT util/mk1mf.pl doesn't look at the CFLAG or CFLAGS variables of MINFO. Why is beyond me. You are currently required to call it (i.e. hack ms\do_*.bat) with the same arguments as you used for Configure. Unfortunately, Configure and the scripts in util/ aren't entirely in sync... I don't work on Windows right now, so I could do some changes, but they'd be pure guesswork. I've planned to try to unify the Windows/MSDOS scripts with Configure so things work a little more like on Unix, but haven't had time yet. Yes, this is a mess... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl/ssl s3_pkt.c
On Mon, Apr 29, 2002 at 12:28:33PM +0200, [EMAIL PROTECTED] wrote: Log: Synchronise with 0.9.7-stable. Revision ChangesPath 1.49 +2 -2 openssl/ssl/s3_pkt.c Index: s3_pkt.c === RCS file: /e/openssl/cvs/openssl/ssl/s3_pkt.c,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- s3_pkt.c2002/04/20 10:23:19 1.48 +++ s3_pkt.c2002/04/29 10:28:29 1.49 @@ -245,7 +245,7 @@ extra=SSL3_RT_MAX_EXTRA; else extra=0; - if ((size_t)extra != (s-s3-rbuf.len - SSL3_RT_MAX_PACKET_SIZE)) + if (extra != (s-s3-rbuf.len - SSL3_RT_MAX_PACKET_SIZE)) { /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER * set after ssl3_setup_buffers() was done */ @@ -605,7 +605,7 @@ if (prefix_len = 0) goto err; - if (s-s3-wbuf.len (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) + if (s-s3-wbuf.len prefix_len + SSL3_RT_MAX_PACKET_SIZE) { Here you reversing patches that you had committed for 0.9.8-dev but not for 0.9.7-stable ... -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]