Re: strangeness in `x509 -noout -text` output

2002-04-29 Thread Michael Bell 

Lutz Jaenicke schrieb:
 
 On Sun, Apr 28, 2002 at 08:07:43PM +0100, Dr S N Henson wrote:
  However a new FAQ entry might be in order or possibly changing the
  default display options so that the old behaviour is no longer the
  default and adding a -nameopt old option is explicitly needed instead.
 
 -nameopt compat shall retain compatibility.
 Hmm, make oneline the new default? Or rather leave it as is and just
 add it to the FAQ. Robert Joop and Michael Bell, active in discussing
 DN issues, are with the OpenCA project. It should be possible for them
 to catch the problem by using an appropriate command line flag when
 calling openssl x509.

I think the FAQ entry is enough. If you set a new default then you can
surprise many small scripts and their users. The flag -nameopt is a good
solution.

The only problem for the future is the support of this flag in all the
other tools (especially ca and req have problems with their option
-subj).

I found a small problem with -nameopt RFC2253:

The X509v3 Authority Key Identifier doesn't use -nameopt for DirName. Is
this DN stored as a string?

Michael
-- 
---
Michael Bell   Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email:  [EMAIL PROTECTED]
Humboldt-University of Berlin  Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax:  +49 (0)30-2093 2959
10099 Berlin
Germany   http://www.openca.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 0.9.7 20020427 snapshot errors on Win32

2002-04-29 Thread Richard Levitte - VMS Whacker 

In message [EMAIL PROTECTED] on Sun, 28 Apr 2002 
15:51:51 EDT, Jeffrey Altman [EMAIL PROTECTED] said:

jaltman cl /Fotmp32dll\s3_pkt.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
jaltman /Ox /O2 /O
jaltman b2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN
jaltman -DL_ENDIAN  -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll
jaltman -DOPENSSL_NO_IDEA -DZLIB -DOPENSSL_THREADS -DDSO_WIN32 -DKRB5_MIT -D_WINDLL 
-D_DLL
jaltman  -DOPENSSL_BUILD_SHLIBSSL -c .\ssl\s3_pkt.c
jaltman s3_pkt.c
jaltman .\ssl\s3_pkt.c(248) : error C2220: warning treated as error - no
jaltman object file generated
jaltman .\ssl\s3_pkt.c(248) : warning C4018: '!=' : signed/unsigned mismatch
jaltman .\ssl\s3_pkt.c(608) : warning C4018: '' : signed/unsigned mismatch
jaltman 
jaltman int vs unsigned int
jaltman 
jaltman 
jaltman --
jaltman 
jaltman 
jaltman cl /Fotmp32dll\ssl_cert.obj  -Iinc32 -Itmp32dll /MD /W3 /WX
jaltman /G5 /Ox /O2
jaltman /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32
jaltman -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM 
-DRMD160_ASM /Fdout32dll
jaltman -DOPENSSL_NO_IDEA -DZLIB -DOPENSSL_THREADS -DDSO_WIN32 -DKRB5_MIT -D_WINDLL
jaltman -D_DLL  -DOPENSSL_BUILD_SHLIBSSL -c .\ssl\ssl_cert.c
jaltman ssl_cert.c
jaltman .\ssl\ssl_cert.c(828) : error C2065: 'd' : undeclared identifier
jaltman .\ssl\ssl_cert.c(828) : warning C4013: 'closedir' undefined; assuming
jaltman extern returning int
jaltman 
jaltman 'd' does not exist in the Windows implementation
jaltman 
jaltman  
jaltman --
jaltman 
jaltman link /nologo /subsystem:console /machine:I386 /opt:ref
jaltman /out:out32dll\eng
jaltman inetest.exe @H:\DOCUME~1\jaltman\LOCALS~1\Temp\nmx03400.
jaltman cl /Fotmp32dll\ssltest.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5
jaltman /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 
-DWIN32_LEAN_AND_MEAN
jaltman -DL_ENDIAN  -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll
jaltman -DOPENSSL_NO_IDEA -DZLIB -DOPENSSL_THREADS -DDSO_WIN32 -DKRB5_MIT  -c
jaltman .\ssl\ssltest.c
jaltman ssltest.c
jaltman .\ssl\ssltest.c(1058) : error C2220: warning treated as error - no
jaltman object file generated
jaltman .\ssl\ssltest.c(1058) : warning C4018: '' : signed/unsigned mismatch
jaltman 
jaltman  size_t != int

Hmm, I fixed those, but apparently only in the 0.9.7-stable branch.  I'll
merge those changes into the main branch...

jaltman 
jaltman --
jaltman 
jaltman There is still an issue with 
jaltman 
jaltman   perl Configure VC-WIN32 no-idea --with-krb5-flavor=MIT zlib-dynamic
jaltman 
jaltman which produces in MINFO
jaltman 
jaltman  CFLAG=-DOPENSSL_SYSNAME_WIN32 -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS \
jaltman -DDSO_WIN32 -DKRB5_MIT -DOPENSSL_NO_IDEA
jaltman 
jaltman However, the CFLAG values are not imported into ms\nt*.mak when
jaltman ms\do_*.bat is executed.  The resulting .mak files need to be edited
jaltman by hand to include the flags
jaltman 
jaltman-DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_WIN32 -DKRB5_MIT

util/mk1mf.pl doesn't look at the CFLAG or CFLAGS variables of MINFO.
Why is beyond me.  You are currently required to call it (i.e. hack
ms\do_*.bat) with the same arguments as you used for Configure.
Unfortunately, Configure and the scripts in util/ aren't entirely in
sync...

I don't work on Windows right now, so I could do some changes, but
they'd be pure guesswork.  I've planned to try to unify the Windows/MSDOS
scripts with Configure so things work a little more like on Unix, but
haven't had time yet.

Yes, this is a mess...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: cvs commit: openssl/ssl s3_pkt.c

2002-04-29 Thread Bodo Moeller 

On Mon, Apr 29, 2002 at 12:28:33PM +0200, [EMAIL PROTECTED] wrote:

   Log:
   Synchronise with 0.9.7-stable.
   
   Revision  ChangesPath
   1.49  +2 -2  openssl/ssl/s3_pkt.c
   
   Index: s3_pkt.c
   ===
   RCS file: /e/openssl/cvs/openssl/ssl/s3_pkt.c,v
   retrieving revision 1.48
   retrieving revision 1.49
   diff -u -r1.48 -r1.49
   --- s3_pkt.c2002/04/20 10:23:19 1.48
   +++ s3_pkt.c2002/04/29 10:28:29 1.49
   @@ -245,7 +245,7 @@
   extra=SSL3_RT_MAX_EXTRA;
   else
   extra=0;
   -   if ((size_t)extra != (s-s3-rbuf.len - SSL3_RT_MAX_PACKET_SIZE))
   +   if (extra != (s-s3-rbuf.len - SSL3_RT_MAX_PACKET_SIZE))
   {
   /* actually likely an application error: 
SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
* set after ssl3_setup_buffers() was done */
   @@ -605,7 +605,7 @@
   if (prefix_len = 0)
   goto err;

   -   if (s-s3-wbuf.len  (size_t)prefix_len + 
SSL3_RT_MAX_PACKET_SIZE)
   +   if (s-s3-wbuf.len  prefix_len + SSL3_RT_MAX_PACKET_SIZE)
   {

Here you reversing patches that you had committed for 0.9.8-dev but
not for 0.9.7-stable ...


-- 
Bodo Möller [EMAIL PROTECTED]
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]