[openssl-dev] [openssl.org #4182] Error in generating my certificate
Dear Sirs I have run the open ssl The first step has executed successfully: OpenSSL> genrsa 1024 > myID -key.pem But when attempt to execute the next step which is req -new -days 365 -key myID -key.pem -out myID -csr.pem Then the following error appear so Please please advise regarding this issue in order to be solved which telling that the myID.pem has not generated : Error opening Private Key myID -key.pem 3344:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:356:fopen('myID.pem','rb') 3344:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:358: Best Regards, Mohammed Al-Otaibi,MSc CS [OCA_JavaSE7Programmer_clr][cid:image002.png@01D0AE85.EC6C0550][itil3] Senior Java Developer E-Solutions Department Memeber of Talal Abu-Ghazaleh Organization (TAGorg) Telephone No.: +962 6 5100900 ext:1399 Email: malota...@tagorg.com<mailto:malota...@tagorg.com> Website: www.tagorg.com<http://www.tagorg.com/> MMO [Description: Description: Description: C:\Users\azar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\4S0OOK20\label-tagiti.png] TAGORG.com: The Global organization for professional services and education. We work hard to stay first ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
RE: how to create an already revoked certificate?
Thanks for the reply, I have control of the CA in creating certificates. The CRL contains the SN of the certs that are revoked. I also noticed we have an SRL file which shows the last SN used for the certificates and it increments by 1 for every certificate created. You said: Having the same serial on CA2 as on CA1 is totally irrelevant. Does that mean the CRL goes by more than the SN? I was thinking of doing this: edit the SRL and replace it with the SN of the revoked cert, after using it i revert back to the correct SN pattern. If the CRL does need to have a perfect match to treat the created cert as a revoked cert do i need to create a perfect replication in terms of all input parameters or the CRL will be smart enough to know they are still different? thanks --- On Tue, 11/17/09, Dave Thompson dave.thomp...@princetonpayments.com wrote: From: Dave Thompson dave.thomp...@princetonpayments.com Subject: RE: how to create an already revoked certificate? To: openssl-dev@openssl.org Date: Tuesday, November 17, 2009, 4:06 PM From: owner-openssl-...@openssl.org On Behalf Of Al Sent: Monday, 16 November, 2009 15:40 I am trying to create a certificate that is already revoked (for testing purposes). I noticed the CRL has the SNs of the certificates and i am wondering if i could set the SN to Yes, certs are identified for many purposes, including revocation on a CRL, by serial within CA. revoked cert SNs during new certificate creation? This is not entirely clear; I assume you mean create a new cert with a serial that is already on a CRL issued by the (same) CA. (You can't change the serial on an issued cert; it's part of the signed content. You legally could create/issue a new cert, with new CA/serial, and all other contents the same as an existing cert, even validity. But it's usual to redo the validity. Having the same serial on CA2 as on CA1 is totally irrelevant.) If you control the CA, maybe; it depends on what the CA software does. A CA is not SUPPOSED to ever issue different certs with the same serial, but you may be able to override or fake yours. openssl ca|x509(ca)depend on text files you can clobber; openssl req(self)|x509(self) obey the command line. If you do create two (or more) certs with the same serial, and both (or multiple) of them are ever present in any environment, you have a very good chance of creating chaos. The purpose of the serial is to uniquely identify the cert within a given CA, and lots of software assumes this. If there are two different certs with the same serial for the same CA, all kinds of things can go wrong that you can spend months debugging. But if you control the CA, you should be able to easily issue a new CRL about as easily as you can issue a new cert. If you don't control the CA, and it is competently run, no. It will always create new certs with unique serials, as it should. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: how to create an already revoked certificate?
I tried replacing the SRL SN and it does create a new cert with same SN with only the CN being different (since it is unique). I do get the problem with CRL trying to revoke the 2nd cert with the same SN. I get: ERROR:name does not match /C=US/ST=foo/L=bar/CN=2 R 09234567Z 09234567Z E95C35AC12345676unknown /C=US/ST=foo/L=bar/CN=1 ERROR:revokeCert:revoke failed the SN is E95C35AC12345676. You did suggest removing .index file and .certs of the original but i am not sure which files you mean. Is the .index file the CRL index file with the rejected SNs? if that is the case then arent i rewritting the CRL which unrevokes the original? The CA folder only has index.txt where the CRL stuff are and the index.txt.attr. the directory is like: /FooCA: /cert1 - etc/ - ca/ , cert files... /cert2 . /etc I guess i could remove the SN from the CRL temporarily, after the 2nd cert gets revoked successfully (since the cert1 with same SN is not revoked anymore..) i re-edit the CRL file and put back the Cert1's info. Not sure what effect it will have later on though.. So basically right now i can create a cert with same SN as the cert in the CRL and could make every parameter the same except CN.. --- On Wed, 11/18/09, Thomas Francis, Jr. thomas.fran...@pkware.com wrote: From: Thomas Francis, Jr. thomas.fran...@pkware.com Subject: RE: how to create an already revoked certificate? To: openssl-dev@openssl.org Date: Wednesday, November 18, 2009, 10:01 AM The CRL identifies certificates by serial number only; the issuer is implied. You cannot have a CRL that revokes certificates from more than one issuing certificate. The only parameter from a certificate to determine if it is revoked is the serial number. However, it's important to note that a certificate can only be revoked by a CRL that has the same issuer. Two certificates issued by different CAs can have the same serial number. A CRL from CA1 can only revoke the certificate from CA1; it cannot revoke a certificate from CA2, even if both certificates have the same serial number. Given that you're controlling the CA, I suppose the method you list below could work, but you'll also need to remove the original certificate from the .index file and from the .certs directory that OpenSSL creates to manage the CA. Failure to do that will result in OpenSSL giving an error message. If the goal is to have a CRL whose lastUpdate is before the notBefore parameter on one of the certificates it revokes, I would recommend instead to set the clock backwards, and then generate a new CRL. I would be surprised if OpenSSL checks the current date against the dates on the certificate(s) that are revoked. -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl- d...@openssl.org] On Behalf Of Al Sent: Wednesday, November 18, 2009 9:12 AM To: dave.thomp...@princetonpayments.com Cc: openssl-dev@openssl.org Subject: RE: how to create an already revoked certificate? Thanks for the reply, I have control of the CA in creating certificates. The CRL contains the SN of the certs that are revoked. I also noticed we have an SRL file which shows the last SN used for the certificates and it increments by 1 for every certificate created. You said: Having the same serial on CA2 as on CA1 is totally irrelevant. Does that mean the CRL goes by more than the SN? I was thinking of doing this: edit the SRL and replace it with the SN of the revoked cert, after using it i revert back to the correct SN pattern. If the CRL does need to have a perfect match to treat the created cert as a revoked cert do i need to create a perfect replication in terms of all input parameters or the CRL will be smart enough to know they are still different? thanks --- On Tue, 11/17/09, Dave Thompson dave.thomp...@princetonpayments.com wrote: From: Dave Thompson dave.thomp...@princetonpayments.com Subject: RE: how to create an already revoked certificate? To: openssl-dev@openssl.org Date: Tuesday, November 17, 2009, 4:06 PM From: owner-openssl-...@openssl.org On Behalf Of Al Sent: Monday, 16 November, 2009 15:40 I am trying to create a certificate that is already revoked (for testing purposes). I noticed the CRL has the SNs of the certificates and i am wondering if i could set the SN to Yes, certs are identified for many purposes, including revocation on a CRL, by serial within CA. revoked cert SNs during new certificate creation? This is not entirely clear; I assume you mean create a new cert with a serial that is already on a CRL issued by the (same) CA. (You can't change the serial on an issued cert; it's part of the signed content. You legally could create/issue a new cert, with new CA/serial, and all other contents the same
problem with creating cert with openssl x509
I am trying to create a certificate with specific starting and ending dates. I searched around and it seems the parameter for -startdate from x509 is YYMMDDHHMMSSZ but when i tried to put the parameter: -startdate 091119111506Z i get unknown option 091119111506Z error. The statement in the script is something like: openssl x509 -req -sha1 ${DAYSTILLEXPIRE} ${STARTDATE} .. DAYSTILLEXPIRE is -days 10 and that works fine but it doesnt like the parameters i put for STARTDATE anyone can help me out? thanks! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: problem with creating cert with openssl x509
is the date format correct then? the x509 doesnt seem to give me the exact format for datesetting and i used YYMMDDHHMMSSZ. I tried other formats but all no good. How did you set yours? --- On Wed, 11/11/09, Lou Picciano loupicci...@comcast.net wrote: From: Lou Picciano loupicci...@comcast.net Subject: Re: problem with creating cert with openssl x509 To: openssl-dev@openssl.org Date: Wednesday, November 11, 2009, 11:13 AM #yiv965433757 p {margin:0;}Don't know that it will help, but can commiserate a little...(!) We recently ran into a similar issue, ours related to notAfter: In recent testing, we were able to issue a certificate with a notAfter field without error, but (this was against a PostgreSQL server, if it helps): LOG: could not accept SSL connection: no certificate returned So, in verifying the cert, bingo! $ openssl verify (etc) error 14 at 0 depth lookup:format error in certificate's notAfter field (same test was OK on server, so is this an OpenSSL version issue?) - Original Message - From: Al shase...@yahoo.com To: openssl-dev@openssl.org Sent: Wednesday, November 11, 2009 10:56:48 AM GMT -05:00 US/Canada Eastern Subject: problem with creating cert with openssl x509 I am trying to create a certificate with specific starting and ending dates. I searched around and it seems the parameter for -startdate from x509 is YYMMDDHHMMSSZ but when i tried to put the parameter: -startdate 091119111506Z i get unknown option 091119111506Z error. The statement in the script is something like: openssl x509 -req -sha1 ${DAYSTILLEXPIRE} ${STARTDATE} .. DAYSTILLEXPIRE is -days 10 and that works fine but it doesnt like the parameters i put for STARTDATE anyone can help me out? thanks! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1802] Bug report: Persistent memory leak that cannot be freed
Richard, Let me give me more details about this issue. I am using another library libcurl that uses openssl. After initialization and proper cleanup of CURL handles, I detect this memory leak. I contacted libcurl developers and they suggested that libcrypto is doing some global initializations (that include calling ENGINE_new) as the previous post shows. However, libcrypto seems to be not cleaning up after itself. A solution to this issue could be by having libcurl developers call a global cleanup function of libcrypto in their cleanup functions. Does such a function that cleans up the global memory allocations done in libcrypto exist? Thanks, Huzaifa On Thu, Dec 25, 2008 at 2:30 PM, Richard Levitte via RT r...@openssl.org wrote: Looks like you called ENGINE_new(). Did you do a corresponding call to ENGINE_free()? [halna...@gmail.com - Tue Dec 23 09:07:34 2008]: Greetings, I used OPENSSL in a project and it is leading to memory leak. Although this is not significantly harmful, I believe that there should be a function that can free all allocated memory before the application quits. I tried all the functions that were suggested in the FAQ and the memory leak is still reported. The functions that I tried for freeing this memory are: CONF_modules_free(); ERR_remove_state(0); ENGINE_cleanup(); CONF_modules_unload(1); ERR_free_strings(); EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); And still the memory leak is reported. I am using openssl-0.9.8e. The memory leak is traced to: ENGINE_new in libcrypto 276 bytes in 7 blocks are still reachable in loss record 1 of 1 at 0x40204E5: malloc (in /usr/lib/valgrind/x86- linux/vgpreload_memcheck.so) by 0x43CEF0B: (within /usr/lib/libcrypto.so.0.9.8) by 0x43CF5A3: CRYPTO_malloc (in /usr/lib/libcrypto.so.0.9.8) by 0x442B58D: ENGINE_new (in /usr/lib/libcrypto.so.0.9.8) by 0x408FF8F: (below main) (in /lib/i686/libc-2.6.1.so) Is this a known issue, or is there any other function that can be used to free memory before the application quits? Thanks, Huzaifa -- Richard Levitte levi...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1802] Bug report: Persistent memory leak that cannot be freed
Greetings, I used OPENSSL in a project and it is leading to memory leak. Although this is not significantly harmful, I believe that there should be a function that can free all allocated memory before the application quits. I tried all the functions that were suggested in the FAQ and the memory leak is still reported. The functions that I tried for freeing this memory are: CONF_modules_free(); ERR_remove_state(0); ENGINE_cleanup(); CONF_modules_unload(1); ERR_free_strings(); EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); And still the memory leak is reported. I am using openssl-0.9.8e. The memory leak is traced to: ENGINE_new in libcrypto 276 bytes in 7 blocks are still reachable in loss record 1 of 1 at 0x40204E5: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) by 0x43CEF0B: (within /usr/lib/libcrypto.so.0.9.8) by 0x43CF5A3: CRYPTO_malloc (in /usr/lib/libcrypto.so.0.9.8) by 0x442B58D: ENGINE_new (in /usr/lib/libcrypto.so.0.9.8) by 0x408FF8F: (below main) (in /lib/i686/libc-2.6.1.so) Is this a known issue, or is there any other function that can be used to free memory before the application quits? Thanks, Huzaifa __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL on z/OS
I have recently build openssl-0.9.8b on z/OS (USS). After running 'Configure OS390-unix', and a little tweaking, I got it to build. After fixing up some of the tests (EBCDIC conversions were not done in all tests, and some tests seg faulted because they used ebcdic2ascii to overwrite literal (read-only) storage), I also got those to work. I would be happy to supply the fixes I made if it would be appropriate for me to do so. My project requires that openSSL be in shared libraries, and 'Configure OS390-unix' doesn't support that. The USS platform does in fact support shared libraries, so I tried to figure out how to twek 'Configure'. I couldn't make heads or tails of it. Has anybody tried to make shared libraries on z/OS USS? Can anyone help me understand how to work with 'Configure'? Thank you, Al Martin [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/OpenSSL-on-z-OS-tf1867765.html#a5103672 Sent from the OpenSSL - Dev forum at Nabble.com. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: [openssl.org #1250] Ssltest -ssl3 crashes on windows when compiled with zlib.
Hi Steve, I have now tested the snapshot from the 12:th of December. - OpenSSL DLL with zlib DLL works! - OpenSSL LIB with zlib DLL works! - OpenSSL DLL with zlib LIB works! - OpenSSL LIB with zlib LIB works! I would consider the problems I reported as solved! Some comments: When linking statically with zlib the build system links with zlib1.lib. Both for debug and release. When building zlib the resulting libs are called zlib.lib and zlibd.lib. Since the debug version of OpenSSL builds without the /Zi switch I cannot start e.g. ssltest.exe in the MS free debugger WinDbg and set breakpoints etc. Cheers, Tommy M. Larsson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Henson via RT Sent: den 11 december 2005 03:04 To: Tommy Larsson M (AL/EAB) Cc: openssl-dev@openssl.org Subject: [openssl.org #1250] Ssltest -ssl3 crashes on windows when compiled with zlib. I've added some new configure options to OpenSSL 0.9.8 which allow the use of static zlib libraries and Windows. It should now also work properly with the Windows zlib1.dll library. Any recent 0.9.8 snapshot should include them. Let me know of any problems. Steve. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: [openssl.org #1250] Ssltest -ssl3 crashes on windows when compiled with zlib.
Hi Steve, I have now tested the snapshot from the 12:th of December. - OpenSSL DLL with zlib DLL works! - OpenSSL LIB with zlib DLL works! - OpenSSL DLL with zlib LIB works! - OpenSSL LIB with zlib LIB works! I would consider the problems I reported as solved! Some comments: When linking statically with zlib the build system links with zlib1.lib. Both for debug and release. When building zlib the resulting libs are called zlib.lib and zlibd.lib. Since the debug version of OpenSSL builds without the /Zi switch I cannot start e.g. ssltest.exe in the MS free debugger WinDbg and set breakpoints etc. Cheers, Tommy M. Larsson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Henson via RT Sent: den 11 december 2005 03:04 To: Tommy Larsson M (AL/EAB) Cc: openssl-dev@openssl.org Subject: [openssl.org #1250] Ssltest -ssl3 crashes on windows when compiled with zlib. I've added some new configure options to OpenSSL 0.9.8 which allow the use of static zlib libraries and Windows. It should now also work properly with the Windows zlib1.dll library. Any recent 0.9.8 snapshot should include them. Let me know of any problems. Steve. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1250] Ssltest -ssl3 crashes on windows when compiled with zlib.
Hi OpenSSL-bugs, I have found some bugs and have some suggested fixes. Environment : Windows XP SP2 with Visual Studio .NET 2003 (i.e. v7.1) on a HP NC8000 with 1GB memory and a 1.7GHz Pentium M. Version of OpenSSL : v0.9.8a Bug : When compiling OpenSSL v0.9.8a (dynamic, static, no debug, with debug) with zlib v1.2.3 the command ssltest -ssl3 crashes. How to reproduce : - Obtain the source to OpenSSL 0.9.8a. - Obtain source or binary distribution of zlib v1.2.3. http://www.zlib.org - Uncompress them both to e.g. C:\ - Make sure that the compiler can find zlib.h and zconf.h. I put them in C:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\include - Make sure that Windows can find zlib1.dll. I put it in C:\WINDOWS\system32 - Compile OpenSSL according to instructions but configure it to use zlib. - perl Configure VC-WIN32 zlib-shared - ms\do_masm - nmake -f ms\ntdll.mak - cd out32dll - ssltest -ssl3 = CRASH! First of all it is impossible to debug. I have WinDbg to pop up when something crashes (by using WinDbg -i) but WinDbg seems to not find any symbols nor any call stack. Suggested fix 1 : The switch /Zi should be added to the command line for cl, to be able to debug! (line 93 in VC-32.pl) I found that the crash is because an EVP_CIPHER_CTX is used without being initialized. Suggested fix 2 : All allocated EVP_CIPHER_CTX should be initialized as soon as they are sucessfully allocated. Line 222 and 255 in s3_enc.c should be followed by a EVP_CIPHER_CTX_init(). The same in t1_enc.c line 268 and 302. Then it seems like there is no support for zlib to be used statically. Since the build system allows the possibility to configure with zlib _or_ zlib-shared this ought to be possible. To make it work ZLIB_SHARED must not be set if just ZLIB is set so line 76 - 78 in c_zlib.c must be remarked. I do not know how to change the build system in a good way so the Configure perl script can handle zlib different from zlib_dynamic. I just edited the VC-32.pl script so OpenSSL linked the correct zlib-library depending on if debug was selected or not. Since I got OpenSSL to work with zlib I stopped my debugging here. There is still a problem and that is that when using zlib dynamically it still crashes! (and I get no call stack in WinDbg) I have not been able to resolve that problem but at least it works to run with zlib statically linked! Cheers, Tommy M. Larsson __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Data Linkage Table (+z) overflow in file openssl.o
trying to install for use with perl5 CryptSSLeay, having problems compiling. i am using the hpux version of gcc on a hpux 10.20 gcc -o openssl -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DNO_ASM - I/opt/gcc/hppa1.1-hp-hpux10.20/include/ -fpic -DB_ENDIAN -DBN_DIV2W -O3 openssl. o verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o pkcs7.o crl 2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_clien t.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o ns eq.o pkcs12.o pkcs8.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -lcrypto -L/opt/gcc/lib/gcc-lib/hppa1.1-hp-hpux10.20/2.8.1/ -L/opt/gcc/lib/ collect2: ld returned 1 exit status /usr/ccs/bin/ld: Data Linkage Table (+z) overflow in file openssl.o - use +Z opt ion to recompile *** Error exit code 1 Stop. *** Error exit code 1 Stop. *** Error exit code 1 Stop. [root-jots1:apps] cd ../ [root-jots1:openssl-0.9.4] ./config -t Operating system: 9000/735-hp-hpux10 Configuring for hpux10-gcc /h/FTS/bin/perl5 ./Configure hpux10-gcc here's my config ./config --openssldir=/h/FTS/openssl no-asm -I/opt/gcc/hppa1.1-hp-hpux10.20/include/ -L/opt/gcc/lib/gcc-lib/hppa1.1-hp-hpux10.20/2.8.1/ -L/opt/gcc/lib/ -fpic tried the default config ./config --openssldir=/h/FTS/openssl and got it to compile, but got same overflow error when i tried to install perl's CryptSSLeay. so i did a make clean, then new ./config al *** AL Lewis Systems Engineer Evolutionary Systems Inc. http://www.es-inc.com (831)392.1092 (831)392.1192 fax __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: 0.9.3 bug ?
Well, to be honest I don't really have a clear clue:-) It just works! I suppose egcs-1.1.2 optimizer takes it easier on for(;1;) than on for(;;)... Hmmm ... so who is reporting this to the egcs guys? already done. regards, -al. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: 0.9.3 bug ?
could you apply this patch and try again? sure: 82E8FF318CBABE4C37B8DD0B737D813D7F31F0A2061BBE34D10 * 2 - 105D1FE6319757C986F71BA16E6FB027AFE63E1440C377C69A20 105D1FE6319757C986F71BA16E6FB027AFE63E1440C377C69A20 * 2 - 20BA3FCC632EAF930DEE3742DCDF604F5FCC7C288186EF8D3440 test BN_lshift (fixed) C64F43042AEACA6E5836805BE8C99B045D4836C2FD16C964F0 * 2 - 18C9E860855D594DCB06D00B7D1933608BA906D85FA2D92C9E0 Left shift test failed! a=C64F43042AEACA6E5836805BE8C99B045D4836C2FD16C964F0 b=18C9E860855D594DCB06D00B7D1933608BA906D85FA2D92C9E0 c=2 d=8061668 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]