[openssl-dev] Make under windows

2016-05-04 Thread dcruette 

Hi

I used to compile and test the daily tarball under jenkins CI 
successfully, under windows, perl, mingw.

I am facing a new issue.
The make depend command runs fine.
The make command fails, the \ character seams to be removed.

Could you help me ?

Thanks
Didier


D:\LogicielDeBaseQcr\Jenkins\jobs\qcr-maven-plugin-testsunitaires-qcr4cpp-openssl-daily-de-base-windows\workspace\openssl-SNAP-20160504>perl 
./Configure mingw


Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced]   
OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 
(skip dir)

no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip 
dir)

no-zlib [default]
no-zlib-dynamic [default]
Configuring for mingw

CC=gcc
CFLAG =-DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE 
-m32 -Wall -O3 -fomit-frame-pointer -D_MT

SHARED_CFLAG  =-D_WINDLL
DEFINES   =OPENSSL_USE_APPLINK DSO_WIN32 NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_PART_WORDS 
OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM 
SHA256_ASM SHA512_ASM MD5_ASM RMD160_ASM AES_ASM VPAES_ASM WHIRLPOOL_ASM 
GHASH_ASM ECP_NISTZ256_ASM POLY1305_ASM

LFLAG =
PLIB_LFLAG=
EX_LIBS   =-lws2_32 -lgdi32 -lcrypt32
APPS_OBJ  =../ms/applink.o
CPUID_OBJ =x86cpuid.o
UPLINK_OBJ=../ms/uplink.o uplink-x86.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC=bf-586.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
PADLOCK_OBJ   =e_padlock-x86.o
CHACHA_ENC=chacha-x86.o
POLY1305_OBJ  =poly1305-x86.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=true
ARFLAGS   =
PERL  =D:\LogicielDeBaseQcr\Perl\bin\perl.exe

THIRTY_TWO_BIT mode
BN_LLONG mode

Configured for mingw.


D:\LogicielDeBaseQcr\Jenkins\jobs\qcr-maven-plugin-testsunitaires-qcr4cpp-openssl-daily-de-base-windows\workspace\openssl-SNAP-20160504>make 
depend


D:\LogicielDeBaseQcr\Jenkins\jobs\qcr-maven-plugin-testsunitaires-qcr4cpp-openssl-daily-de-base-windows\workspace\openssl-SNAP-20160504>make

CC="gcc" D:\LogicielDeBaseQcr\Perl\bin\perl.exe 
crypto\aes\asm\aes-586.pl coff -DOPENSSL_USE_APPLINK -DDSO_WIN32 
-DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC 
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"\usr\local\ssl\"" 
-DENGINESDIR="\"\usr\local\lib\engines\"" -DL_ENDIAN 
-DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -m32 -Wall -O3 
-fomit-frame-pointer -D_MT  -D_WINDLL  crypto\aes\aes-586.s

/bin/sh: D:LogicielDeBaseQcrPerlbinperl.exe: command not found
make: *** [crypto\aes\aes-586.s] Error 127

D:\LogicielDeBaseQcr\Jenkins\jobs\qcr-maven-plugin-testsunitaires-qcr4cpp-openssl-daily-de-base-windows\workspace\openssl-SNAP-20160504>make 
test


gcc -DOPENSSL_USE_APPLINK -DDSO_WIN32 -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m 
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM 
-DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM 
-DPOLY1305_ASM -DOPENSSLDIR="\"\usr\local\ssl\"" 
-DENGINESDIR="\"\usr\local\lib\engines\"" -DL_ENDIAN 
-DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -m32 -Wall -O3 
-fomit-frame-pointer -D_MT   -Iinclude -I. -MMD -MF apps\app_rand.d.tmp 
-MT apps\app_rand.o -c -o apps\app_rand.o apps\app_rand.c

gcc.exe: error: appsapp_rand.c: No such file or directory
gcc.exe: fatal error: no input files
compilation terminated.
make: *** [apps\app_rand.o] Error 1

D:\LogicielDeBaseQcr\Jenkins\jobs\qcr-maven-plugin-testsunitaires-qcr4cpp-openssl-daily-de-base-windows\workspace\openssl-SNAP-20160504>e

Re: [openssl-dev] [openssl.org #4533] AutoReply: [PATCH] Add missing NULL check in i2d_PrivateKey()

2016-05-04 Thread Kurt Cancemi via RT 
Attached is the patch to fix the issue, also please close RT#4534 I
sent an invalid reply which got translated into another RT issue.

--
Kurt Cancemi
https://www.x64architecture.com

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4533
Please log in as guest with password guest if prompted

>From c27b3a648532388cf59ee55c41ad433c8f323542 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi 
Date: Wed, 4 May 2016 17:34:23 -0400
Subject: [PATCH] Add missing NULL check in i2d_PrivateKey()

---
 crypto/asn1/i2d_pr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
index 7ca643f..8b6c92c 100644
--- a/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c
@@ -69,10 +69,12 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 }
 if (a->ameth && a->ameth->priv_encode) {
 PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
+if (p8 == NULL)
+return -1;
 int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
 PKCS8_PRIV_KEY_INFO_free(p8);
 return ret;
 }
 ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-return (-1);
+return -1;
 }
-- 
2.8.0

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4534] Re: [PATCH] Add missing NULL check in i2d_PrivateKey()

2016-05-04 Thread Kurt Cancemi via RT 
Attached is the patch to fix the issue

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4534
Please log in as guest with password guest if prompted

>From c27b3a648532388cf59ee55c41ad433c8f323542 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi 
Date: Wed, 4 May 2016 17:34:23 -0400
Subject: [PATCH] Add missing NULL check in i2d_PrivateKey()

---
 crypto/asn1/i2d_pr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
index 7ca643f..8b6c92c 100644
--- a/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c
@@ -69,10 +69,12 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 }
 if (a->ameth && a->ameth->priv_encode) {
 PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
+if (p8 == NULL)
+return -1;
 int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
 PKCS8_PRIV_KEY_INFO_free(p8);
 return ret;
 }
 ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-return (-1);
+return -1;
 }
-- 
2.8.0

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4533] [PATCH] Add missing NULL check in i2d_PrivateKey()

2016-05-04 Thread Kurt Cancemi via RT 
The attached patch adds a missing NULL check in i2d_PrivateKey(), it
also removes the parentheses around the last return value to be
consistent with the rest of the function.

--
Kurt Cancemi
https://www.x64architecture.com


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4533
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] null byte in hostname validation.

2016-05-04 Thread Viktor Dukhovni 
On Wed, May 04, 2016 at 03:04:51PM +0200, none wrote:

> Hello, where are the parts of the code that check if a null byte is used in
> a string part of a x509 certificate ?
> 
> This is purely informative. I already know about
> https://www.openssl.org/docs/manmaster/crypto/X509_check_host.html. However
> I failed to find in which function and source file that part is located.

See crypto/x509v3/v3_utl.c:

X509_check_host()
X509_check_email()
equal_nocase()  (just in case :-)

-- 
Viktor.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4532] Replacing the “div_spoiler” hack in CBC code with Barrett reduction.

2016-05-04 Thread Adam Langley via RT 
(This is a pointer to a pull request:
https://github.com/openssl/openssl/pull/1027)

The “div_spoiler” was designed to always trigger the slow path division
on Intel chips and be sufficiently obfuscated to stop the compiler
optimising it away. It was always a huge hack but I didn't know the
correct solution at the time.

Replace that hack with Barrett reduction, which solves the problem
without using division in the first place.

This change has been running in BoringSSL for some time without
issues.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4532
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-users] Problems with OpenSSL 1.0.2 h

2016-05-04 Thread Short, Todd 
Have you tried to configure this cipher at the top of your cipher list 
initially with SSL_OP_SERVER_CIPHER_PREFERENCE?

--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."

On May 4, 2016, at 12:04 PM, Benjamin Kaduk 
> wrote:

Hello,

On 05/04/2016 05:21 AM, Dirk Menstermann wrote:
Hi,

I've trouble with the newest OpenSSL as I'm operating a webserver application
that answers with HTTP1.x and HTTP2.

I registered the ALPN callback and in this the cipher list was adjusted
"SSL_set_cipher_list (ssl, "ECDHE-RSA-AES128-GCM-SHA256")" if H2 was negotiated.

With versions < OpenSSL 1.0.2h this works, but now it seems that this cipher
selection will be ignored, resulting in using a cipher that is black listed for
HTTP2 (Firefox and Chrome refuse to connect)

Was there an indented change or is there an official way to select the cipher
based on the ALPN extension value?


There was an intended change to the order in which ALPN extensions were
processed, see
https://github.com/openssl/openssl/commit/af2db04c9979554ada88d969da6332a827a47599
-- ALPN is now processed after SNI, since the ALPN callback is attached
to the SSL_CTX, and SNI processing is likely to swap out the SSL_CTX in
use.  It does look like "late" TLS extensions are now handled after
cipher selection, so the ALPN callback can no longer affect the
negotiated cipher.

Even at the specification level, how all the TLS extensions are supposed
to interact with each other and the rest of the handshake is not
terribly well specified, so adding -dev to discuss what the desired
behavior actually is.

-Ben
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-users] Problems with OpenSSL 1.0.2 h

2016-05-04 Thread Benjamin Kaduk 
Hello,

On 05/04/2016 05:21 AM, Dirk Menstermann wrote:
> Hi,
>
> I've trouble with the newest OpenSSL as I'm operating a webserver application
> that answers with HTTP1.x and HTTP2.
>
> I registered the ALPN callback and in this the cipher list was adjusted
> "SSL_set_cipher_list (ssl, "ECDHE-RSA-AES128-GCM-SHA256")" if H2 was 
> negotiated.
>
> With versions < OpenSSL 1.0.2h this works, but now it seems that this cipher
> selection will be ignored, resulting in using a cipher that is black listed 
> for
> HTTP2 (Firefox and Chrome refuse to connect)
>
> Was there an indented change or is there an official way to select the cipher
> based on the ALPN extension value?
>

There was an intended change to the order in which ALPN extensions were
processed, see
https://github.com/openssl/openssl/commit/af2db04c9979554ada88d969da6332a827a47599
-- ALPN is now processed after SNI, since the ALPN callback is attached
to the SSL_CTX, and SNI processing is likely to swap out the SSL_CTX in
use.  It does look like "late" TLS extensions are now handled after
cipher selection, so the ALPN callback can no longer affect the
negotiated cipher.

Even at the specification level, how all the TLS extensions are supposed
to interact with each other and the rest of the handshake is not
terribly well specified, so adding -dev to discuss what the desired
behavior actually is.

-Ben
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4531] openssl 1.0.2h: Parsing really large CRLs fails, side effect of change in x_name.c?

2016-05-04 Thread Jürgen Brauckmann via RT 
The following CRL triggers this behaviour:

https://info.pca.dfn.de/doc/large_crl.pem

Thanks,
   Jürgen


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4531
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] openssl 1.0.2h: Parsing really large CRLs fails, side effect of change in x_name.c?

2016-05-04 Thread Richard Levitte 
In message <5729fe86.1080...@dfn-cert.de> on Wed, 4 May 2016 15:52:06 +0200, 
Jürgen Brauckmann  said:

brauckmann> [double-post; sent this previously to r...@openssl.org, and didn't 
get a
brauckmann> ticket reply or something. As I feel that potentially a large number
brauckmann> of people is affected, e.g. via Apache crl parsing etc., re-sent to
brauckmann> openssl-dev.]

r...@openssl.org is moderated.  A little now and then, someone in the
team goes and checks for messages on hold (that is, everything that
comes in), lets messages such as yours through and tosses the load of
crap that came as well (you can't imagine the load of SPAM getting to
that address).

So, ticket replies aren't immediate.

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4531] openssl 1.0.2h: Parsing really large CRLs fails, side effect of change in x_name.c?

2016-05-04 Thread Jürgen Brauckmann via RT 
Hi.

Openssl 1.0.2h cannot parse really large CRLs anymore. "Really large" 
means > some 1MB.

It seems as if the new check in line 202 in x_name.c, commited 5 days 
ago, has a side effect beyond name decoding:

https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/asn1/x_name.c#L202

# openssl crl -in large_crl.pem
unable to load CRL
3078178440:error:0D09E09B:asn1 encoding routines:X509_NAME_EX_D2I:too 
long:x_name.c:203:
3078178440:error:0D08303A:asn1 encoding 
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 
error:tasn_dec.c:697:Field=issuer, Type=X509_CRL_INFO
3078178440:error:0D08303A:asn1 encoding 
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 
error:tasn_dec.c:697:Field=crl, Type=X509_CRL
3078178440:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 
lib:pem_oth.c:83:
[root@strangepork ~]# /services/inst/openssl/openssl-1.0.2g/bin/openssl 
crl -out c -in cacrl.pem
[root@strangepork ~]# /services/inst/openssl/openssl-1.0.2h/bin/openssl 
crl -out c -in cacrl.pem
unable to load CRL

All name structures in "large_crl.pem" have normale sizes, but it 
contains a large number of revoked certificates:

# openssl-102g crl -in large_crl.pem -noout -issuer
issuer=/C=DE/O=client-1/CN=Testinstanz client-1

# openssl-102g crl -in large_crl.pem -noout  | grep "Revocation Date:" | 
wc -l
49813

Best regards,
   Jürgen


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4531
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] openssl 1.0.2h: Parsing really large CRLs fails, side effect of change in x_name.c?

2016-05-04 Thread Jürgen Brauckmann 
[double-post; sent this previously to r...@openssl.org, and didn't get a 
ticket reply or something. As I feel that potentially a large number of 
people is affected, e.g. via Apache crl parsing etc., re-sent to 
openssl-dev.]


Hi.

Openssl 1.0.2h cannot parse really large CRLs anymore. "Really large" 
means > some 1MB.


It seems as if the new check in line 202 in x_name.c, commited 5 days 
ago, has a side effect beyond name decoding:


https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/asn1/x_name.c#L202

# openssl crl -in large_crl.pem
unable to load CRL
3078178440:error:0D09E09B:asn1 encoding routines:X509_NAME_EX_D2I:too 
long:x_name.c:203:
3078178440:error:0D08303A:asn1 encoding 
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 
error:tasn_dec.c:697:Field=issuer, Type=X509_CRL_INFO
3078178440:error:0D08303A:asn1 encoding 
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 
error:tasn_dec.c:697:Field=crl, Type=X509_CRL
3078178440:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 
lib:pem_oth.c:83:
[root@strangepork ~]# /services/inst/openssl/openssl-1.0.2g/bin/openssl 
crl -out c -in cacrl.pem
[root@strangepork ~]# /services/inst/openssl/openssl-1.0.2h/bin/openssl 
crl -out c -in cacrl.pem

unable to load CRL

All name structures in "large_crl.pem" have normal sizes, but the crl 
contains a large number of revoked certificates:


# openssl-102g crl -in large_crl.pem -noout -issuer
issuer=/C=DE/O=client-1/CN=Testinstanz client-1

# openssl-102g crl -in large_crl.pem -noout  | grep "Revocation Date:" | 
wc -l

49813

Best regards,
  Jürgen
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] null byte in hostname validation.

2016-05-04 Thread none 
Hello, where are the parts of the code that check if a null byte is used 
in a string part of a x509 certificate ?



This is purely informative. I already know about 
https://www.openssl.org/docs/manmaster/crypto/X509_check_host.html. 
However I failed to find in which function and source file that part is 
located.

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4514] [BUG] PKCS12_key_gen_uni() crashes when used with Blake

2016-05-04 Thread Stephen Henson via RT 
This has now been fixed. I've addred checks for the block length and set the
Blake2 block length properly.

Thanks for the report.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4514
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4527] Bug in d2i_PrivateKey (openssl-1.1.0-pre5)

2016-05-04 Thread Stephen Henson via RT 
Fixed, thanks for the report.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4527
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev