[openssl.org #1621] [PATCH] - OS390-Unix (EBCDIC) 0.9.7m
Very old release, unsupported platform, closing ticket. Long live big iron! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: [openssl.org #1621] [PATCH] - OS390-Unix (EBCDIC) 0.9.7m
Hi, I can't speak for Richard Koenning, or the core OpenSSL team, but, from my position as a contributor of the AS/400-iSeries-i5 port, which also relies on the EBCDIC patches, I can imagine that the core team will only include these in the main development threads if there is somebody who can be guaranteed to test them, and do further code revisions, when this is required, and especially for every new release, which is more than I am able to do. It's the usual thing. If you announce support for a platform, you have to do it comprehensively and reliably - you shouldn't be half-arsed about it. So for platforms that do not have official support, patches are used to provide semi-official support. G. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Chu Sent: 14 December 2007 00:57 To: openssl-dev@openssl.org Subject: Re: [openssl.org #1621] [PATCH] - OS390-Unix (EBCDIC) 0.9.7m It's a bit disappointing, considering I first wrote those patches back in 2002. It would be nice if someone could comment on what's preventing them from getting incorporated. JBYTuna wrote: Richard, Oh my. So, these patches have not been incorporated? Will they ever get incorporated? We did not know these patches existed. We've been chasing this problem for a couple of years now. Because we've never received response to postings with regard to this problem, we felt we were on our own. We WERE using 0.9.7d, when the problem arose. I've submitted two patches, same patch, but for 97m and 98e. (of course, the patches I've submitted only solve OUR problem, and probably don't address the issue to the extent the patches that have already been created) As the existing patches do not fit directly into 97d and 98e (for 64 bit), I'm not sure how to proceed. Because of several platforms involved, in addition to z/OS (OS390-Unix), we need to use these releases of OpenSSL for our new release. Any advice you might offer would be greatly appreciated. Thanks, John B. Young --- Richard Koenning [EMAIL PROTECTED] wrote: JBYTuna via RT wrote: When an OpenSSL server built on z/OS is using client verification, the following error is incurred: 0x140890b2 - error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned From tracing, we found the correct certificate was being returned. We found the code in crypto/x509/x509_vfy.c will not work in an EBCDIC environment, as the data is in ASCII. The solution is to translate the ASCII to EBCDIC, prior to the validation process. John B. Young Here's the patch, in diff -u form: The patch is already contained in #843: EBCDIC patches for 0.9.7c (http://rt.openssl.org/Ticket/Display.html?id=843user=guestpass=gue st), which has been updated to 0.9.7j by Jeremy Grieshop. That patch contains also a second ASCII to EBCDIC conversion after the X509_time_adj in the region of line 960. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ __ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sunhttp://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1621] [PATCH] - OS390-Unix (EBCDIC) 0.9.7m
JBYTuna wrote: Oh my. So, these patches have not been incorporated? Will they ever get incorporated? I get once or twice a year this question, but every time i have to answer: i don't know. We did not know these patches existed. We've been chasing this problem for a couple of years now. Because we've never received response to postings with regard to this problem, we felt we were on our own. [...] Any advice you might offer would be greatly appreciated. When i look at the long list of entries in http://rt.openssl.org/NoAuth/Buglist.html i can understand, that the EBCDIC patches don't have the highest priority for the OpenSSL team. Therefore the best advice i can give is to use RT entry #843 for collecting all EBCDIC related patches, so one can point the EBCDIC community to it. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1621] [PATCH] - OS390-Unix (EBCDIC) 0.9.7m
On Fri, Dec 14, 2007, Richard Koenning wrote: When i look at the long list of entries in http://rt.openssl.org/NoAuth/Buglist.html i can understand, that the EBCDIC patches don't have the highest priority for the OpenSSL team. Therefore the best advice i can give is to use RT entry #843 for collecting all EBCDIC related patches, so one can point the EBCDIC community to it. There's an element of that. In my case things that pay the bills have priority. Things I don't know a great deal about and hope someone else will look into are near the bottom ;-) 0.9.7 isn't being actively developed and we encourage people to move to 0.9.8 where possible. If clean patches are available for those trees I'll review them and either suggest changes or apply them. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1621] [PATCH] - OS390-Unix (EBCDIC) 0.9.7m
It's a bit disappointing, considering I first wrote those patches back in 2002. It would be nice if someone could comment on what's preventing them from getting incorporated. JBYTuna wrote: Richard, Oh my. So, these patches have not been incorporated? Will they ever get incorporated? We did not know these patches existed. We've been chasing this problem for a couple of years now. Because we've never received response to postings with regard to this problem, we felt we were on our own. We WERE using 0.9.7d, when the problem arose. I've submitted two patches, same patch, but for 97m and 98e. (of course, the patches I've submitted only solve OUR problem, and probably don't address the issue to the extent the patches that have already been created) As the existing patches do not fit directly into 97d and 98e (for 64 bit), I'm not sure how to proceed. Because of several platforms involved, in addition to z/OS (OS390-Unix), we need to use these releases of OpenSSL for our new release. Any advice you might offer would be greatly appreciated. Thanks, John B. Young --- Richard Koenning [EMAIL PROTECTED] wrote: JBYTuna via RT wrote: When an OpenSSL server built on z/OS is using client verification, the following error is incurred: 0x140890b2 - error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned From tracing, we found the correct certificate was being returned. We found the code in crypto/x509/x509_vfy.c will not work in an EBCDIC environment, as the data is in ASCII. The solution is to translate the ASCII to EBCDIC, prior to the validation process. John B. Young Here's the patch, in diff -u form: The patch is already contained in #843: EBCDIC patches for 0.9.7c (http://rt.openssl.org/Ticket/Display.html?id=843user=guestpass=guest), which has been updated to 0.9.7j by Jeremy Grieshop. That patch contains also a second ASCII to EBCDIC conversion after the X509_time_adj in the region of line 960. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sunhttp://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1621] [PATCH] - OS390-Unix (EBCDIC) 0.9.7m
Richard, Oh my. So, these patches have not been incorporated? Will they ever get incorporated? We did not know these patches existed. We've been chasing this problem for a couple of years now. Because we've never received response to postings with regard to this problem, we felt we were on our own. We WERE using 0.9.7d, when the problem arose. I've submitted two patches, same patch, but for 97m and 98e. (of course, the patches I've submitted only solve OUR problem, and probably don't address the issue to the extent the patches that have already been created) As the existing patches do not fit directly into 97d and 98e (for 64 bit), I'm not sure how to proceed. Because of several platforms involved, in addition to z/OS (OS390-Unix), we need to use these releases of OpenSSL for our new release. Any advice you might offer would be greatly appreciated. Thanks, John B. Young --- Richard Koenning [EMAIL PROTECTED] wrote: JBYTuna via RT wrote: When an OpenSSL server built on z/OS is using client verification, the following error is incurred: 0x140890b2 - error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned From tracing, we found the correct certificate was being returned. We found the code in crypto/x509/x509_vfy.c will not work in an EBCDIC environment, as the data is in ASCII. The solution is to translate the ASCII to EBCDIC, prior to the validation process. John B. Young Here's the patch, in diff -u form: The patch is already contained in #843: EBCDIC patches for 0.9.7c (http://rt.openssl.org/Ticket/Display.html?id=843user=guestpass=guest), which has been updated to 0.9.7j by Jeremy Grieshop. That patch contains also a second ASCII to EBCDIC conversion after the X509_time_adj in the region of line 960. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1621] [PATCH] - OS390-Unix (EBCDIC) 0.9.7m
When an OpenSSL server built on z/OS is using client verification, the following error is incurred: 0x140890b2 - error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned From tracing, we found the correct certificate was being returned. We found the code in crypto/x509/x509_vfy.c will not work in an EBCDIC environment, as the data is in ASCII. The solution is to translate the ASCII to EBCDIC, prior to the validation process. John B. Young Here's the patch, in diff -u form: --- old/x509_vfy.c 2007-12-11 10:41:37.0 -0800 +++ new/x509_vfy.c 2007-12-11 10:37:30.0 -0800 @@ -900,6 +900,9 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) { char *str; +#ifdef CHARSET_EBCDIC + char strx[40]; +#endif ASN1_TIME atm; long offset; char buff1[24],buff2[24],*p; @@ -907,7 +910,12 @@ p=buff1; i=ctm-length; +#ifdef CHARSET_EBCDIC + ascii2ebcdic( strx, ctm-data, ctm-length ); + str=strx; +#else str=(char *)ctm-data; +#endif if (ctm-type == V_ASN1_UTCTIME) { if ((i 11) || (i 17)) return 0; Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1621] [PATCH] - OS390-Unix (EBCDIC) 0.9.7m
JBYTuna via RT wrote: When an OpenSSL server built on z/OS is using client verification, the following error is incurred: 0x140890b2 - error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned From tracing, we found the correct certificate was being returned. We found the code in crypto/x509/x509_vfy.c will not work in an EBCDIC environment, as the data is in ASCII. The solution is to translate the ASCII to EBCDIC, prior to the validation process. John B. Young Here's the patch, in diff -u form: The patch is already contained in #843: EBCDIC patches for 0.9.7c (http://rt.openssl.org/Ticket/Display.html?id=843user=guestpass=guest), which has been updated to 0.9.7j by Jeremy Grieshop. That patch contains also a second ASCII to EBCDIC conversion after the X509_time_adj in the region of line 960. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]