[openssl.org #2153] OpenSSL 1.0.0 on UnixWare
CVS OpenSSL_1_0_0-stable pulled 20 Jan 2010 On UnixWare 7.1.4 w/ MP4, If I build OpenSSL without static libs it builds and tests fine. . ALL TESTS SUCCESSFUL. OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.0-beta6-dev 20 Jan 2010 built on: Sat Jan 23 11:10:13 PST 2010 platform: unixware-7 options: bn(64,32) rc4(1x,char) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: cc -DZLIB -DOPENSSL_THREADS -Kthread -DDSO_DLFCN -DHAVE_DLFCN_H -Kpentium_pro -D__i386__ -O -DFILIO_H -Kalloca -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM OPENSSLDIR: /etc/ssl . If I add the shared option to config it will build but tests fail. . enveloped content test streaming S/MIME format, 3 recipients, keyid: OK enveloped content test streaming PEM format, KEK: verify error *** Error code 1 (bu21) UX:make: ERROR: fatal error. . I've attached uw714-shared-testlog.gz On UnixWare 7.1.1 w/ MP5, OpenSSL fails to build because of the #define _XOPEN_SOURCE 500 line in test/ssltest.c (really ssl/ssltest.c) It we wrap it in a #ifdef OPENSSL_SYS_VMS it builds and tests fine both shared and static. -- Tim RiceMultitalents(707) 887-1469 t...@multitalents.net uw714-shared-testlog.gz Description: Binary data
[openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured
[steve - Fri Jun 26 17:06:22 2009]: [jor...@redhat.com - Fri Jun 26 13:52:18 2009]: On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote: I agree with the analysis. Do you also agree with David's proposal to change the calls to BIO_ctrl(, BIO_CTRL_INFO, ) into BIO_wpending() in ssl/*.c? It seems to make sense to me. Yes, I've applied it to all branches now. Many thanks David. Ticket resolved. Just a postscript to the issue. The above minimal fix was applied to OpenSSL but the lack of a corresponding Apache fix has resulted in some problems, not least of which is renegotiation not working because the server hello request is not flushed. As a result the OpenSSL change has been updated to call BIO_CTRL_INFO and if that returns zero BIO_CTRL_WPENDING. This should now cover all cases. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured
Hi Steve, Do you also agree with David's proposal to change the calls to BIO_ctrl(, BIO_CTRL_INFO, ) into BIO_wpending() in ssl/*.c? It seems to make sense to me. Yes, I've applied it to all branches now. Many thanks David. Ticket resolved. Just a postscript to the issue. The above minimal fix was applied to OpenSSL but the lack of a corresponding Apache fix has resulted in some problems, not least of which is renegotiation not working because the server hello request is not flushed. As a result the OpenSSL change has been updated to call BIO_CTRL_INFO and if that returns zero BIO_CTRL_WPENDING. This should now cover all cases. Thanks for that fix and for informing us. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0 beta5 release v. VMS
In message 10012317353256_20205...@antinode.info on Sat, 23 Jan 2010 17:35:32 -0600 (CST), Steven M. Schweda s...@antinode.info said: smsOne cause seems to be this stuff in tests/CAtsa.cnf: sms sms [...] sms # This definition stops the following lines choking if HOME isn't sms # defined. sms HOME= . sms RANDFILE= $ENV::HOME/.rnd sms [...] sms sms All the other tests/*.cnf files seem to say this (which seems to be sms harmless): sms sms RANDFILE = ./.rnd Unless someone gives me a really good reason for CAtsa.cnf being different than the other config files, I think change CAtsa.cnf is the way to go. It's just a test, basically... smsThat still leaves all this stuff: sms sms [...] sms - sms Using configuration from [-]CATSA.CNF sms Error Loading extension section TSA_CERT sms 2075840056:error:02001002:system library:fopen:no such file or directory:ALP$DKA sms 0:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0-beta5.crypto.bio]bss_file.c;1:126:fope sms n('./demoCA/index.txt-attr','r') sms 2075840056:error:2006D080:BIO routines:BIO_new_file:no such file:ALP$DKA0:[UTILI sms TY.SOURCE.OPENSSL.openssl-1^.0^.0-beta5.crypto.bio]bss_file.c;1:129: sms 2075840056:error:0E078072:configuration file routines:DEF_LOAD:no such file:ALP$ sms DKA0:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0-beta5.crypto.conf]conf_def.c;1:197: sms 2075840056:error:0E06D06C:configuration file routines:NCONF_get_string:no value: sms ALP$DKA0:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0-beta5.crypto.conf]conf_lib.c;1: sms 334:group=CA_default name=email_in_dn sms [...] sms smsSo far, I haven't tried to figure out what this test is trying to do, sms so I have no real idea where it's going wrong. Might be a fault in test/testtsa.com... I'll see if I can find something there... Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte rich...@levitte.org http://richard.levitte.org/ Life is a tremendous celebration - and I'm invited! -- from a friend's blog, translated from Swedish __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0 beta5 release v. VMS
For VMS folks, please have a look at upcoming snapshots. I've applied the recent changes suggest by Steven M. Schweda s...@antinode.info and changed test/CAtsa.cnf following his comments on the use of $ENV::HOME there... I have performed no tests yes following the changes, so I do not know what the result will be. I'll keep on working on this in the week that follows. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte rich...@levitte.org http://richard.levitte.org/ Life is a tremendous celebration - and I'm invited! -- from a friend's blog, translated from Swedish __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0 beta5 release v. VMS
From: Richard Levitte rich...@levitte.org Might be a fault in test/testtsa.com... I'll see if I can find something there... I got some improvement by trying harder to preserve case in some places: -$ call create_tsa_cert 1 tsa_cert +$ call create_tsa_cert 1 tsa_cert -$ call create_tsa_cert 2 non_tsa_cert +$ call create_tsa_cert 2 non_tsa_cert Knowing nothing, I'd guess that the missing TSA_CERT was actually supposed to be tsa_cert. I normally run with Parse Style: Extended, and that may make me more vulnerable to these things. Or, it could just be lame DCL. (Finally, there's a good reason to use: X = aBc instead of: X := aBc among other things.) And correcting some file names: -$ open/write file VMStsa-response1.create_tsa_cert +$ open/write file VMStsa-response_1.create_tsa_cert -$ define/user sys$input VMStsa-response.create_tsa_cert +$ define/user sys$input VMStsa-response_1.create_tsa_cert -$ open/write file VMStsa-response2.create_tsa_cert +$ open/write file VMStsa-response_2.create_tsa_cert -$ define/user sys$input VMStsa-response.create_tsa_cert +$ define/user sys$input VMStsa-response_2.create_tsa_cert Creating a file named one thing and then using a file named some other thing looked suspicious to me. The next problem I saw in that test: unable to load certificates: ./tsaca.pem seems to be an inability to find a file specified in the .cnf file: certs = $dir/tsaca.pem The shell script seems to say things like -out tsaca.pem -keyout tsacakey.pem, while the DCL never mentions tsaca.pem. Either more code theft or else less would seem to be in order here. Steven M. Schweda s...@antinode-info 382 South Warwick Street(+1) 651-699-9818 Saint Paul MN 55105-2547 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org