[openssl.org #71] [Fwd: Bug#141360: libssl-dev: gcc warning: redundant declaration of ERR_load_PEM_strings()]

2002-06-05 Thread Richard Levitte via RT 


I'm sure you read pem2.h and therefore the reason it exists.  If you 
have a better idea on solving the circular dependency problem 
described, we're all ears.

However, double declaration isn't an error, at least if the 
declarations are exactly the same.  Until someone comes up with a 
better solution to break the circular dependency mentioned above, I 
don't see that this really needs to get fixed.  I'll add the keyword 
nice to have to this ticket...

-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #74] problem with openssl-0.9.7-beta1 mkdef.pl

2002-06-05 Thread Richard Levitte via RT 


Thanks for the report, that was an error in production.

If you grab the latest 0.9.7 snapshot, you'll probably see that 
things have improved...

[[EMAIL PROTECTED] - Tue Jun  4 19:40:45 2002]:

 Hi,
 
 I have winnt 4.0 sp6a , vc++ 6 and NASM version 0.98
 When I execute ms\do_nasm
 
 I have the following errors:
 
 
 D:\proyecto\sw\openssl\openssl-0.9.7-beta1perl util\mkdef.pl 16 
libeay
 1ms\libeay16.def
 Warning: EVP_aes_128_cfb does not have a number assigned
 Warning: EVP_aes_128_ofb does not have a number assigned
 Warning: EVP_aes_192_cfb does not have a number assigned
 Warning: EVP_aes_192_ofb does not have a number assigned
 Warning: EVP_aes_256_cfb does not have a number assigned
 Warning: EVP_aes_256_ofb does not have a number assigned
 
 D:\proyecto\sw\openssl\openssl-0.9.7-beta1perl util\mkdef.pl 32 
libeay
 1ms\libeay32.def
 Warning: EVP_aes_128_cfb does not have a number assigned
 Warning: EVP_aes_128_ofb does not have a number assigned
 Warning: EVP_aes_192_cfb does not have a number assigned
 Warning: EVP_aes_192_ofb does not have a number assigned
 Warning: EVP_aes_256_cfb does not have a number assigned
 Warning: EVP_aes_256_ofb does not have a number assigned
 
 
 after that I have not problem to compile and run openssl
 some ideas?
 
 thanks in advance
 
 
__
 OpenSSL Project 
http://www.openssl.org
 Development Mailing List   
[EMAIL PROTECTED]
 Automated List Manager   
[EMAIL PROTECTED]


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #79] 0.9.7 Beta1 - Build problems on OpenVMS.

2002-06-05 Thread Richard Levitte via RT 


I just commited a fix.  Thanks for the report.  The next snapshot will 
contain the fix.

[[EMAIL PROTECTED] - Tue Jun  4 22:13:18 2002]:

   I downloaded beta1 to a OpenVMS V7.2-1 system
  running DEC C V6.2-008.  I ran into two build problems:
 
   1. SSL-LIB.COM contains an ON ERROR statement
   that does not have a THEN clause.

Embarassing!!!

   2. TESTS.COM does not accept NONE as a valid TCPIP
   option.

You mean MAKETESTS.COM, I'm sure :-).

  I have included the complete build log below.

-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #80] [Lutz.Jaenicke@aet.TU-Cottbus.DE: Re: Naina announce (was: [ANNOUNCE] OpenSSL 0.9.1 beta 1 released)]

2002-06-05 Thread Vadim Fedukovich via RT 


hi Lutz,

patch to add SET-specific objects is attached. It's rather large,
still it would let to build Naina without modifying openssl code.

thank you,
Vadim


- Forwarded message from Lutz Jaenicke [EMAIL PROTECTED] -

From: Lutz Jaenicke [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Naina announce (was: [ANNOUNCE] OpenSSL 0.9.1 beta 1 released)

On Wed, Jun 05, 2002 at 03:35:31AM +0300, Vadim Fedukovich wrote:
 hi list,
 
 Naina library may be considered an ASN.1 test; it handles some
 Secure Electronic Transactions messages.
 http://www.unity.net/~vf/naina_r1.tgz
 
 It works with 0.9.7-beta-1, on linux, gcc 2.9.5
 
 It could be great to include SET-specific objects into openssl;
 patch is there inside

* Would you please just submit the patch with the additional OIDs into
  [EMAIL PROTECTED]? I however won't promise that it will make it
  into 0.9.7, which is already in feature freeze (depends on the actual
  submission).
* Do you have a homepage for your project, for which we can add a link?

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

- End forwarded message -
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #81] Bug Report 0.9.7b1: make install broken on NeXTSTEP/OpenStep

2002-06-05 Thread \\ Jeffrey H.Johnson \ via RT\ 


I successfully built OpenSSL 0.9.7-beta1 on my m68k-next-openstep42
system.  It did require adding an extra include somewhere I can't
remember offhand, and patching one of the test case files, but other
than that it built right out of the box without any issues.  Make test
completes without any errors.

However, I cannot install using the Makefile.  The exact error is

making all in tools...
installing man1/CA.pl.1
sh: dirname: not found
*** Exit 1

NeXTSTEP and OpenStep include the basename utility, but not the
dirname utility.  Is there some sort of pre-existing workaround or is
there an implmentation of dirname available in one of the GNU packages?

I just thought I'd report this.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #70] [Fwd: Bug#144586: libssl-dev: Typo inBN_rand(3ssl) man page]

2002-06-05 Thread Christoph Martin 

Am Mit, 2002-06-05 um 08.12 schrieb Richard Levitte via RT:
 
 BN_pseudo_rand_range() was given in the synopsis exactly as you 
 requested, since 0.9.6c (or at least, that's what I can make out by 
 checking with our repository).  I must say that I have some difficulty 
 doing anything with this report because of that...

I had to apply the following patch for 0.9.6d:

--- openssl-0.9.6d.orig/doc/crypto/BN_rand.pod
+++ openssl-0.9.6d/doc/crypto/BN_rand.pod
 -14,7 +14,7 
 
  int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 
- int BN_pseudo_rand_range(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
 
 =head1 DESCRIPTION
 




signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Re: [openssl.org #70] [Fwd: Bug#144586: libssl-dev: Typo in BN_rand(3ssl) man page]

2002-06-05 Thread Christoph Martin via RT 


Am Mit, 2002-06-05 um 08.12 schrieb Richard Levitte via RT:
 
 BN_pseudo_rand_range() was given in the synopsis exactly as you 
 requested, since 0.9.6c (or at least, that's what I can make out by 
 checking with our repository).  I must say that I have some difficulty 
 doing anything with this report because of that...

I had to apply the following patch for 0.9.6d:

--- openssl-0.9.6d.orig/doc/crypto/BN_rand.pod
+++ openssl-0.9.6d/doc/crypto/BN_rand.pod
@@ -14,7 +14,7 @@
 
  int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 
- int BN_pseudo_rand_range(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
 
 =head1 DESCRIPTION
 

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] AutoReply: Bug Report 0.9.7b1: make install broken on NeXTSTEP/OpenStep

2002-06-05 Thread \\ Jeffrey H.Johnson \ via RT\ 


To follow up, I compiled a small dirname from the ucLinux project, and
while that operates correctly, these man pages would not install. In the
end I just ended up commenting out the Perl manual stuff and installing it
by hand. The rest of the make install process completes successfully.

Please, lets keep NeXTSTEP/OpenStep support in OpenSSL.  I know that some
other projects (such as GCC) are considering dropping NeXT support as an
obsolete architecture, along with alot of other systems, like m68k and PDP.

 making all in tools...
 installing man1/CA.pl.1
 sh: dirname: not found
 *** Exit 1

 NeXTSTEP and OpenStep include the basename utility, but not the
 dirname utility.  Is there some sort of pre-existing workaround or is
 there an implmentation of dirname available in one of the GNU packages?
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #70] [Fwd: Bug#144586: libssl-dev: Typo inBN_rand(3ssl) man page]

2002-06-05 Thread Richard Levitte - VMS Whacker 

In message 1023267032.28480.18.camel@woodstock on 05 Jun 2002 10:50:31 +0200, 
Christoph Martin [EMAIL PROTECTED] said:

martin Am Mit, 2002-06-05 um 08.12 schrieb Richard Levitte via RT:
martin  
martin  BN_pseudo_rand_range() was given in the synopsis exactly as you 
martin  requested, since 0.9.6c (or at least, that's what I can make out by 
martin  checking with our repository).  I must say that I have some difficulty 
martin  doing anything with this report because of that...
martin 
martin I had to apply the following patch for 0.9.6d:
martin 
martin --- openssl-0.9.6d.orig/doc/crypto/BN_rand.pod
martin +++ openssl-0.9.6d/doc/crypto/BN_rand.pod
martin @@ -14,7 +14,7 @@
martin  
martin   int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
martin  
martin - int BN_pseudo_rand_range(BIGNUM *rnd, int bits, int top, int bottom);
martin + int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
martin  
martin  =head1 DESCRIPTION

D'oh!  I looked in bn.pod.  Silly me...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #77] Openssl 0.9.6d coredumps

2002-06-05 Thread Jarmo Järvenpää 

Hi,

The private key is not generated by me, it's generated with some
commercial software (unknown vendor).
Shamely, I need to sign my own certificate with this cert, can't avoid
using this .-/.

I will contact the provider and ask the software they are using.

Thanks,
Jarmo

Robert Eiglmaier wrote:
 
 Hi Jarmo,
 
 how did you generate your private key?
 When I asn1parse it it looks very different from my openssl generated.
 First it has an AlgorithmIdentifier (rsaEncryption) where mine doesn't
 have one. And then it only has 6 integers (probably Modulus, pubKey,
 privKey, exp1, exp2 and coeff) where mine has 8
 (Modulus, pubKey, privKey, P, Q, exp1, exp2 and coeff)
 
 Maybe this helps...
 
 Robert
 
 -Original Message-
 From: Jarmo Järvenpää via RT [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, June 04, 2002 7:50 PM
 Cc: [EMAIL PROTECTED]
 Subject: [openssl.org #77] Openssl 0.9.6d coredumps
 
 Hi all,
 
 I've tried to use the following certificate and private key to sign my
 own requested certificate but for some reason, openssl coredumps.
 
 Coredumps occur also when trying to obtain information from private key
 (with commands like pkcs8, rsa).
 Any idea why this is happening? (I can provide the coredump file if
 necessary)
 
 -BEGIN PRIVATE KEY-
 MIIB5DANBgkqhkiG9w0BAQEFADCCAdECgYBTAI9HrMBfEfuTiT9NyUD2jGsWIi1YKqsLt3SdTwi
 9Bh/k7/x68GpTRcAzDpklvs4ZaJBXwiJxs6cLJabV+dCHZnH9X3SSrn8Hz1zYrcNgkHqm3Jx6jE
 aZxjN4MwRQd3KOjwmdZAvHd3+5IXRZPbmYdM1gC0QMiQpCP8rXXJzkZwIBIwKBgANzDplBB1Roe
 ioJsYI8Oo3nP6ErT66NaNqV65QrLj5hVcWw30WbnLBYAqsD7m1JwhUBBVVvIgNlOM/sSW1MNeGs
 RTOxpo6hbqe6WRqqtTEIopyOx/RUNM33NQ6Rfvo27/Sop4/xUe8DUQsnYJ0pJ5QStwOjlSXo9KV
 mT3nkuQYLAkEAgwz57Wdk9dGOxyYKHsWTk2Y4NlV87/+/QNRO5Wfl/YNKIDuHxLFTin7netad7X
 MFp43TPtBaNceNzx1UmctmuwJBAKIj149VZaw21RQ2vONV4R1Ll3qblnIQPnjyesCdBbABVVSOH
 gCW7K0ytUMY9aH+N8rrxTw+0h3D6ILVHbMtXEUCQCwSZx1ZSpxyRU6/6SWMZDibdjxd5Zh03GZh
 XxLSxzoiRyMygmB65OS5wFncscrd9CYmlpMpAKmatE7G0p+IrVE=
 -END PRIVATE KEY-
 
 ...
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   [EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   [EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #79] 0.9.7 Beta1 - Build problems on OpenVMS.

2002-06-05 Thread via RT 



 Hi,
I downloaded beta1 to a OpenVMS V7.2-1 system
 running DEC C V6.2-008.  I ran into two build problems:

1. SSL-LIB.COM contains an ON ERROR statement
that does not have a THEN clause.

2. TESTS.COM does not accept NONE as a valid TCPIP
option.

 I have included the complete build log below.

 Thanks,
 Kevin Greaney

 makevms.log.doc 
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #77] Openssl 0.9.6d coredumps

2002-06-05 Thread Jarmo Järvenpää 

Just found out the software, it's F-Secure VPN+.

Robert Eiglmaier wrote:
 
 Hi Jarmo,
 
 how did you generate your private key?
 When I asn1parse it it looks very different from my openssl generated.
 First it has an AlgorithmIdentifier (rsaEncryption) where mine doesn't
 have one. And then it only has 6 integers (probably Modulus, pubKey,
 privKey, exp1, exp2 and coeff) where mine has 8
 (Modulus, pubKey, privKey, P, Q, exp1, exp2 and coeff)
 
 Maybe this helps...
 
 Robert
 
 -Original Message-
 From: Jarmo Järvenpää via RT [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, June 04, 2002 7:50 PM
 Cc: [EMAIL PROTECTED]
 Subject: [openssl.org #77] Openssl 0.9.6d coredumps
 
 Hi all,
 
 I've tried to use the following certificate and private key to sign my
 own requested certificate but for some reason, openssl coredumps.
 
 Coredumps occur also when trying to obtain information from private key
 (with commands like pkcs8, rsa).
 Any idea why this is happening? (I can provide the coredump file if
 necessary)
 
 -BEGIN PRIVATE KEY-
 MIIB5DANBgkqhkiG9w0BAQEFADCCAdECgYBTAI9HrMBfEfuTiT9NyUD2jGsWIi1YKqsLt3SdTwi
 9Bh/k7/x68GpTRcAzDpklvs4ZaJBXwiJxs6cLJabV+dCHZnH9X3SSrn8Hz1zYrcNgkHqm3Jx6jE
 aZxjN4MwRQd3KOjwmdZAvHd3+5IXRZPbmYdM1gC0QMiQpCP8rXXJzkZwIBIwKBgANzDplBB1Roe
 ioJsYI8Oo3nP6ErT66NaNqV65QrLj5hVcWw30WbnLBYAqsD7m1JwhUBBVVvIgNlOM/sSW1MNeGs
 RTOxpo6hbqe6WRqqtTEIopyOx/RUNM33NQ6Rfvo27/Sop4/xUe8DUQsnYJ0pJ5QStwOjlSXo9KV
 mT3nkuQYLAkEAgwz57Wdk9dGOxyYKHsWTk2Y4NlV87/+/QNRO5Wfl/YNKIDuHxLFTin7netad7X
 MFp43TPtBaNceNzx1UmctmuwJBAKIj149VZaw21RQ2vONV4R1Ll3qblnIQPnjyesCdBbABVVSOH
 gCW7K0ytUMY9aH+N8rrxTw+0h3D6ILVHbMtXEUCQCwSZx1ZSpxyRU6/6SWMZDibdjxd5Zh03GZh
 XxLSxzoiRyMygmB65OS5wFncscrd9CYmlpMpAKmatE7G0p+IrVE=
 -END PRIVATE KEY-
 
 ...
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   [EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   [EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

`NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-05 Thread Mike Pechkin 

hi,

We have ssl (VERSION=0.9.7-dev) in the OpenBSD-CURRENT.
Now we dig the problem in ${PORTS}/comms/kermit.

cc -O2   -DBSD44 -DCK_CURSES -DCK_NEWTERM  -DTCPSOCKET -DOPENBSD
-DUSE_UU_LOCK -DFNFLOAT -DUSE_STRERROR  -DCKHTTP  -DCK_SSL
-DCK_AUTHENTICATION -DCK_ENCRYPTION -DCK_DES -DKTARGET=\openbsd\ -c ck_ssl.c
ck_ssl.c: In function sl_tn_init':
ck_ssl.c:1535: warning: assignment from incompatible pointer type
ck_ssl.c:1536: warning: assignment from incompatible pointer type
ck_ssl.c: In function sl_http_init':
ck_ssl.c:2060: warning: assignment from incompatible pointer type
ck_ssl.c: In function sl_check_server_name':
ck_ssl.c:2671: warning: assignment makes pointer from integer without a cast
ck_ssl.c:2714: warning: assignment makes pointer from integer without a cast
ck_ssl.c: In function k_tn_tls_negotiate':
ck_ssl.c:3232: ID_uniqueIdentifier' undeclared (first use in this function)
ck_ssl.c:3232: (Each undeclared identifier is reported only once
ck_ssl.c:3232: for each function it appears in.)
ck_ssl.c: In function k_ssl_incoming':
ck_ssl.c:3529: ID_uniqueIdentifier' undeclared (first use in this function)
*** Error code 1

Stop in /home/ports/comms/kermit/w-kermit-8.0.201.
*** Error code 1

Stop in /home/ports/comms/kermit (line 1758 of
/usr/ports/infrastructure/mk/bsd.port.mk).


I need a solution for this in ssl.

--mpech
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #77] Openssl 0.9.6d coredumps

2002-06-05 Thread Richard Levitte via RT 


OK, there are several issues here.

First of all, your private key is broken, or rather the structure it 
has been packed into.  BEGIN PRIVATE KEY indicates that the key is 
wrapped in a PKCS8 structure.  That structure should start with an 
integer indicating the version number of the structure (for now, 
it'll always be 0).  That integer is missing, meaning the structure 
can't be correctly parsed.

Second, it seems like OpenSSL lacks error control during the parsing 
of this particular type of structure, leading to the coredump you 
experienced.  The following patch (which I shall commit promptly) 
fixes the problem (instead of a coredump, you'll get a few lines of 
error messages):

--- crypto/pem/pem_lib.c2002/02/20 17:55:34 1.30.2.1
+++ crypto/pem/pem_lib.c2002/06/05 11:52:06
@@ -258,6 +258,7 @@
PKCS8_PRIV_KEY_INFO *p8inf;
p8inf=d2i_PKCS8_PRIV_KEY_INFO(
(PKCS8_PRIV_KEY_INFO **) x, 
p, len);
+   if(!p8inf) goto p8err;
ret = (char *)EVP_PKCS82PKEY(p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {


For everyones info, the same error exists in 0.9.7 beta 1 as well.  
Beta 2 will be corrected appropriately.

[[EMAIL PROTECTED] - Tue Jun  4 19:49:46 2002]:

 Hi all,
 
 I've tried to use the following certificate and private key to 
sign my
 own requested certificate but for some reason, openssl coredumps.
 
 Coredumps occur also when trying to obtain information from private
 key
 (with commands like pkcs8, rsa).
 Any idea why this is happening? (I can provide the coredump file if
 necessary)
 
 
 -BEGIN PRIVATE KEY-
 
MIIB5DANBgkqhkiG9w0BAQEFADCCAdECgYBTAI9HrMBfEfuTiT9NyUD2jGsWIi1YKqsLt3SdTwi
 
9Bh/k7/x68GpTRcAzDpklvs4ZaJBXwiJxs6cLJabV+dCHZnH9X3SSrn8Hz1zYrcNgkHqm3Jx6jE
 
aZxjN4MwRQd3KOjwmdZAvHd3+5IXRZPbmYdM1gC0QMiQpCP8rXXJzkZwIBIwKBgANzDplBB1Roe
 
ioJsYI8Oo3nP6ErT66NaNqV65QrLj5hVcWw30WbnLBYAqsD7m1JwhUBBVVvIgNlOM/sSW1MNeGs
 
RTOxpo6hbqe6WRqqtTEIopyOx/RUNM33NQ6Rfvo27/Sop4/xUe8DUQsnYJ0pJ5QStwOjlSXo9KV
 
mT3nkuQYLAkEAgwz57Wdk9dGOxyYKHsWTk2Y4NlV87/+/QNRO5Wfl/YNKIDuHxLFTin7netad7X
 
MFp43TPtBaNceNzx1UmctmuwJBAKIj149VZaw21RQ2vONV4R1Ll3qblnIQPnjyesCdBbABVVSOH
 
gCW7K0ytUMY9aH+N8rrxTw+0h3D6ILVHbMtXEUCQCwSZx1ZSpxyRU6/6SWMZDibdjxd5Zh03GZh
 XxLSxzoiRyMygmB65OS5wFncscrd9CYmlpMpAKmatE7G0p+IrVE=
 -END PRIVATE KEY-
 
 The matching public key: (this seems to work)
 
 -BEGIN CERTIFICATE-
 
MIICRzCCAbCgAwIBAgIEATEF8TANBgkqhkiG9w0BAQQFADBVMQswCQYDVQQGEwJGSTEoMCYGA1U
 
EChMfVGhlIEZpbm5pc2ggQmFua2VycyBBc3NvY2lhdGlvbjEcMBoGA1UECxMTQ2xpZW50IENBIF
 
VudHJ1c3RlZDAeFw0wMDA2MTQwNjMwMDBaFw0yNzEwMzEwODMwMDBaMFUxCzAJBgNVBAYTAkZJM
 
SgwJgYDVQQKEx9UaGUgRmlubmlzaCBCYW5rZXJzIEFzc29jaWF0aW9uMRwwGgYDVQQLExNDbGll
 
bnQgQ0EgVW50cnVzdGVkMIGcMA0GCSqGSIb3DQEBAQUAA4GKADCBhgKBgFMAj0eswF8R+5OJP03
 
JQPaMaxYiLVgqqwu3dJ1PCL0GH+Tv/HrwalNFwDMOmSW+zhlokFfCInGzpwslptX50Idmcf1fdJ
 
KufwfPXNitw2CQeqbcnHqMRpnGM3gzBFB3co6PCZ1kC8d3f7khdFk9uZh0zWALRAyJCkI/ytdcn
 
ORnAgEjoycwJTAPBgNVHQ8BAf8EBQMDB4AAMBIGA1UdEwEB/wQIMAYBAf8CAQIwDQYJKoZIhvcN
 
AQEEBQADgYEAUQu1peUXTmTBcNvNXAc8bQ5TDW8vL5Sl9zPNJsWD99pAqjIyMXLx02+96g46fUA
 
ujxTzsVFNlnJ+tbejvTDZcWqSc6r/H1TeGOc14HAAFIRGV3ifI65Kj3XAHYRAuaVQtb69DAvWxM
 7VINWzZp1Ip3kM1MC1J7GjlbW5yyxDiGM=
 -END CERTIFICATE-
 
 Regards,
 Jarmo
 
__
 OpenSSL Project 
http://www.openssl.org
 User Support Mailing List
[EMAIL PROTECTED]
 Automated List Manager   
[EMAIL PROTECTED]


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #71] [Fwd: Bug#141360: libssl-dev: gcc warning:redundant declaration of ERR_load_PEM_strings()]

2002-06-05 Thread Rich Salz 

 However, double declaration isn't an error, at least if the 
 declarations are exactly the same.  Until someone comes up with a 
 better solution to break the circular dependency mentioned above, I 
 don't see that this really needs to get fixed.  I'll add the keyword 
 nice to have to this ticket...

This is typically done by making the declaration be like this;
#ifndef _DECLARED_FOO
extern struct foo *getafoo();
#define _DECLARED_FOO
#endif




__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #78] Memleak in libcrypto

2002-06-05 Thread Richard Levitte via RT 


A little more analysis seems to indicate that X509_EXTENSION isn't 
properly coded, since freeing it requires a dive into the 
OCTET_STRING (or whatever that translates to) and free whatever 
that's pointing to.

The code in question is crypto/asn1/x_exten.c, and for comparison, 
one might want to look at crypto/asn1/x_x509.c...

I've assigned this ticket to Steve, since he's much more competent 
on this type of stuff...

[levitte - Wed Jun  5 14:12:27 2002]:

 Looks to me like X509_EXTENSION_free() doesn't do it's job 
properly.
 
 [[EMAIL PROTECTED] - Wed Jun  5 13:28:48 2002]:
 
  Ok, then when are those datas supposed to be freed ?
  Here is the code:
  
  X509V3_CTX ctx;
  X509V3_set_ctx_test(ctx);
  X509_EXTENSION *ext;
  char * FieldName=authorityInfoAccess;
  char *
  FieldValue=caIssuers;URI:http://www.openssl.org/root.crt;
  
  if (!(ext = X509V3_EXT_nconf(NULL, ctx, FieldName,
  FieldValue)))
  {
  return false;
  }
  X509_EXTENSION_free(ext);
  
  I don't see what I forget to free ?


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] Bug Report 0.9.7b1: make install broken onNeXTSTEP/OpenStep

2002-06-05 Thread Rich Salz 

Richard Levitte via RT wrote:
 Can I assume that sed exists and works properly?  dirname can be 
 coded like this:

echo $$i | sed -e 's|[^/]*$||' -e 's|/$||'

dirname foo returns . which the above doesn't catch.
I can only think of the following short shell script
#! /bin/sh
for I
do
case $I in
*/* ) echo $I | sed -e 's@\(.*\)/.*@\1@' ;;
*) echo .
esac
done

sed has had \(\) since v7 unix days. ...

on the other hand, since you're already requirring perl ...

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] Bug Report 0.9.7b1: make install broken onNeXTSTEP/OpenStep

2002-06-05 Thread Richard Levitte - VMS Whacker 

In message [EMAIL PROTECTED] on Wed, 05 Jun 2002 09:43:45 -0400, Rich 
Salz [EMAIL PROTECTED] said:

rsalz Richard Levitte via RT wrote:
rsalz  Can I assume that sed exists and works properly?  dirname can be 
rsalz  coded like this:
rsalz 
rsalz echo $$i | sed -e 's|[^/]*$||' -e 's|/$||'
rsalz 
rsalz dirname foo returns . which the above doesn't catch.

Ah, I missed that...

rsalz  */* ) echo $I | sed -e 's@\(.*\)/.*@\1@' ;;

Why such a complicated sed?  's@/[^/]*$@@' is perfecty sufficient, and
a little bit more efficient :-).

rsalz on the other hand, since you're already requirring perl ...

That was my next option.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #66] Possible bug in OpenSSL-0.9.6d/crypto/asn1/a_utctm.c

2002-06-05 Thread Richard Levitte via RT 


Thanks for the report, I've commited the suggested fix.

[[EMAIL PROTECTED] - Fri May 31 21:03:26 2002]:

 
 
 I believe that I have found a bug in the above file and would like 
for
someone
 else to santiy check it.
 
 At line 290 in a_utctm.c, a separate code block is being used if 
the
library
 needs to call gmtime_r()  to get the time structure.  The value is
stored in a
 temporary (data) that is declared in this code block.  The address 
of
the
 temporary is assigned to an external variable  tm.   This can 
cause
some
 memory corruption problems.  The memory corruption would occur if 
the
compiler
 removes the memory allocated to the temporary after the code block 
is
done.  The
 derefencing of tm a couple of lines later could result in a SIGSEGV
because that
 memory has been returned.  The solution to this problem is to 
remove
the code
 block and declare   struct tm data  at the beginning of
 ASN1_UTCTIME_cmp_time_t().
 
 Darin Broady
 [EMAIL PROTECTED]
 Lexmark International, Inc.
 
 
 
__
 OpenSSL Project 
http://www.openssl.org
 Development Mailing List   
[EMAIL PROTECTED]
 Automated List Manager   
[EMAIL PROTECTED]


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #71] [Fwd: Bug#141360: libssl-dev: gcc warning:redundant declaration of ERR_load_PEM_strings()]

2002-06-05 Thread Richard Levitte - VMS Whacker 

In message [EMAIL PROTECTED] on Wed, 05 Jun 2002 09:32:44 -0400, Rich 
Salz [EMAIL PROTECTED] said:

rsalz  However, double declaration isn't an error, at least if the 
rsalz  declarations are exactly the same.  Until someone comes up with a 
rsalz  better solution to break the circular dependency mentioned above, I 
rsalz  don't see that this really needs to get fixed.  I'll add the keyword 
rsalz  nice to have to this ticket...
rsalz 
rsalz This is typically done by making the declaration be like this;
rsalz  #ifndef _DECLARED_FOO
rsalz  extern struct foo *getafoo();
rsalz  #define _DECLARED_FOO
rsalz  #endif

Eeeep.  I know that would only be required in pem.h, but since the
section where ERR_load_PEM_strings() is declared is generated
automagically, it ultimately means we need to have that construction
in all headers.  It's ugly...

Oh well, I'll see what I can do.  I think I'll use names like
_OPENSSL_DECLARED_FOO...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #71] [Fwd: Bug#141360: libssl-dev: gcc warning: redundant declaration of ERR_load_PEM_strings()]

2002-06-05 Thread Rich Salz via RT 


 However, double declaration isn't an error, at least if the 
 declarations are exactly the same.  Until someone comes up with a 
 better solution to break the circular dependency mentioned above, I 
 don't see that this really needs to get fixed.  I'll add the keyword 
 nice to have to this ticket...

This is typically done by making the declaration be like this;
#ifndef _DECLARED_FOO
extern struct foo *getafoo();
#define _DECLARED_FOO
#endif




__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] Bug Report 0.9.7b1: make install broken on NeXTSTEP/OpenStep

2002-06-05 Thread Rich Salz via RT 


Richard Levitte via RT wrote:
 Can I assume that sed exists and works properly?  dirname can be 
 coded like this:

echo $$i | sed -e 's|[^/]*$||' -e 's|/$||'

dirname foo returns . which the above doesn't catch.
I can only think of the following short shell script
#! /bin/sh
for I
do
case $I in
*/* ) echo $I | sed -e 's@\(.*\)/.*@\1@' ;;
*) echo .
esac
done

sed has had \(\) since v7 unix days. ...

on the other hand, since you're already requirring perl ...

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] Bug Report 0.9.7b1: make install broken on NeXTSTEP/OpenStep

2002-06-05 Thread Richard Levitte - VMS Whacker via RT 


In message [EMAIL PROTECTED] on Wed, 05 Jun 2002 09:43:45 -0400, Rich 
Salz [EMAIL PROTECTED] said:

rsalz Richard Levitte via RT wrote:
rsalz  Can I assume that sed exists and works properly?  dirname can be 
rsalz  coded like this:
rsalz 
rsalz echo $$i | sed -e 's|[^/]*$||' -e 's|/$||'
rsalz 
rsalz dirname foo returns . which the above doesn't catch.

Ah, I missed that...

rsalz  */* ) echo $I | sed -e 's@\(.*\)/.*@\1@' ;;

Why such a complicated sed?  's@/[^/]*$@@' is perfecty sufficient, and
a little bit more efficient :-).

rsalz on the other hand, since you're already requirring perl ...

That was my next option.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #71] [Fwd: Bug#141360: libssl-dev: gcc warning: redundant declaration of ERR_load_PEM_strings()]

2002-06-05 Thread Richard Levitte - VMS Whacker via RT 


In message [EMAIL PROTECTED] on Wed, 05 Jun 2002 09:32:44 -0400, Rich 
Salz [EMAIL PROTECTED] said:

rsalz  However, double declaration isn't an error, at least if the 
rsalz  declarations are exactly the same.  Until someone comes up with a 
rsalz  better solution to break the circular dependency mentioned above, I 
rsalz  don't see that this really needs to get fixed.  I'll add the keyword 
rsalz  nice to have to this ticket...
rsalz 
rsalz This is typically done by making the declaration be like this;
rsalz  #ifndef _DECLARED_FOO
rsalz  extern struct foo *getafoo();
rsalz  #define _DECLARED_FOO
rsalz  #endif

Eeeep.  I know that would only be required in pem.h, but since the
section where ERR_load_PEM_strings() is declared is generated
automagically, it ultimately means we need to have that construction
in all headers.  It's ugly...

Oh well, I'll see what I can do.  I think I'll use names like
_OPENSSL_DECLARED_FOO...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] Bug Report 0.9.7b1: make install broken on NeXTSTEP/OpenStep

2002-06-05 Thread Robert Joop 

On 02-06-05 15:43:45 CEST, Rich Salz wrote:
 Richard Levitte via RT wrote:
 Can I assume that sed exists and works properly?  dirname can be 
 coded like this:
 
echo $$i | sed -e 's|[^/]*$||' -e 's|/$||'
 
 dirname foo returns . which the above doesn't catch.
 I can only think of the following short shell script
   #! /bin/sh
   for I
   do
   case $I in
   */* ) echo $I | sed -e 's@\(.*\)/.*@\1@' ;;
   *) echo .
   esac
   done

i remember on my SVR3 machine dirname(1) was a shell script:

-r-xr-xr-x  1 sys  bin93 Oct 11  1985 /bin/dirname*

expr \
  ${1-.}'/' : '\(/\)[^/]*/$' \
  \| ${1-.}'/' : '\(.*[^/]\)//*[^/][^/]*//*$' \
  \| .

the solaris 1 dirname is:

#! /bin/sh
#
#   @(#)dirname.sh 1.5 89/03/22 SMI; from S5R2 1.2
#
PATH=/bin:/usr/bin
expr \
  ${1-.}'/' : '\(/\)[^/]*//*$' \
  \| ${1-.}'/' : '\(.*[^/]\)//*[^/][^/]*//*$' \
  \| .

i.e. the same with attribution.
unlike sed expr usually is a sh built-in.

rj
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] Bug Report 0.9.7b1: make install broken on NeXTSTEP/OpenStep

2002-06-05 Thread [EMAIL PROTECTED] via RT 


On 02-06-05 15:43:45 CEST, Rich Salz wrote:
 Richard Levitte via RT wrote:
 Can I assume that sed exists and works properly?  dirname can be 
 coded like this:
 
echo $$i | sed -e 's|[^/]*$||' -e 's|/$||'
 
 dirname foo returns . which the above doesn't catch.
 I can only think of the following short shell script
   #! /bin/sh
   for I
   do
   case $I in
   */* ) echo $I | sed -e 's@\(.*\)/.*@\1@' ;;
   *) echo .
   esac
   done

i remember on my SVR3 machine dirname(1) was a shell script:

-r-xr-xr-x  1 sys  bin93 Oct 11  1985 /bin/dirname*

expr \
  ${1-.}'/' : '\(/\)[^/]*/$' \
  \| ${1-.}'/' : '\(.*[^/]\)//*[^/][^/]*//*$' \
  \| .

the solaris 1 dirname is:

#! /bin/sh
#
#   @(#)dirname.sh 1.5 89/03/22 SMI; from S5R2 1.2
#
PATH=/bin:/usr/bin
expr \
  ${1-.}'/' : '\(/\)[^/]*//*$' \
  \| ${1-.}'/' : '\(.*[^/]\)//*[^/][^/]*//*$' \
  \| .

i.e. the same with attribution.
unlike sed expr usually is a sh built-in.

rj
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] Bug Report 0.9.7b1: make install broken onNeXTSTEP/OpenStep

2002-06-05 Thread Rich Salz 

 rsalz*/* ) echo $I | sed -e 's@\(.*\)/.*@\1@' ;;
 
 Why such a complicated sed?  's@/[^/]*$@@' is perfecty sufficient, and
 a little bit more efficient :-).

Because it makes the implementation of basename pretty obvious :)

As for efficiency :) here's an implementation that uses all shell 
builtins ...

#! /bin/sh
export IFS
case $1 in
*/*)
 OLDIFS=$IFS ; IFS=/ ; set $1 ; IFS=$OLDIFS
 p=''
 while : ;  do
 case $2 in
 ) break ;;
 esac
 case $p in
 ) p=$1 ;;
 *) p=$p/$1 ;;
 esac
 shift
 done
 echo $p
 ;;
*)
 echo .
 ;;
esac

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #81] Bug Report 0.9.7b1: make install broken on NeXTSTEP/OpenStep

2002-06-05 Thread Richard Levitte via RT 


I just commited a change that involves having a new script called 
dirname.pl in util/.

Thanks for the report.

[[EMAIL PROTECTED] - Wed Jun  5 09:33:57 2002]:

 I successfully built OpenSSL 0.9.7-beta1 on my m68k-next-openstep42
 system.  It did require adding an extra include somewhere I can't
 remember offhand, and patching one of the test case files, but 
other
 than that it built right out of the box without any issues.  Make 
test
 completes without any errors.
 
 However, I cannot install using the Makefile.  The exact error is
 
 making all in tools...
 installing man1/CA.pl.1
 sh: dirname: not found
 *** Exit 1
 
 NeXTSTEP and OpenStep include the basename utility, but not the
 dirname utility.  Is there some sort of pre-existing workaround or 
is
 there an implmentation of dirname available in one of the GNU
 packages?
 
 I just thought I'd report this.


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] Bug Report 0.9.7b1: make install broken onNeXTSTEP/OpenStep

2002-06-05 Thread Richard Levitte - VMS Whacker 

In message [EMAIL PROTECTED] on Wed, 05 Jun 2002 10:10:52 -0400, Rich 
Salz [EMAIL PROTECTED] said:

rsalz  rsalz */* ) echo $I | sed -e 's@\(.*\)/.*@\1@' ;;
rsalz  
rsalz  Why such a complicated sed?  's@/[^/]*$@@' is perfecty sufficient, and
rsalz  a little bit more efficient :-).
rsalz 
rsalz Because it makes the implementation of basename pretty
rsalz obvious :)

sed -e 's|^[^/]*/||g'

rsalz As for efficiency :) here's an implementation that uses all
rsalz shell builtins ...

Heh, we can probably battle endlessly about efficiency.  That was a
pretty good one, and a bit less obscure than the expr variant shown
here.

:-)

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #71] [Fwd: Bug#141360: libssl-dev: gcc warning: redundant declaration of ERR_load_PEM_strings()]

2002-06-05 Thread Richard Levitte via RT 


Uhmm, BTW, what exactly do you think that'll solve, considering the 
actual problem?

[[EMAIL PROTECTED] - Wed Jun  5 15:54:26 2002]:

  However, double declaration isn't an error, at least if the
  declarations are exactly the same.  Until someone comes up with a
  better solution to break the circular dependency mentioned 
above, I
  don't see that this really needs to get fixed.  I'll add the 
keyword
  nice to have to this ticket...
 
 This is typically done by making the declaration be like this;
   #ifndef _DECLARED_FOO
   extern struct foo *getafoo();
   #define _DECLARED_FOO
   #endif
 
 
 
 


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: cvs commit: openssl/crypto/asn1 a_enum.c a_int.c

2002-06-05 Thread Ben Laurie 

[EMAIL PROTECTED] wrote:
 levitte 05-Jun-2002 13:23:23
 
   Modified:crypto/asn1 Tag: OpenSSL_0_9_6-stable a_enum.c a_int.c
   Log:
   signedness warning corrected
   
   Revision  ChangesPath
   No   revision
   No   revision
   1.15.2.2  +2 -1  openssl/crypto/asn1/a_enum.c
   1.17.2.2  +2 -1  openssl/crypto/asn1/a_int.c
   
   Index: a_enum.c
   ===
   RCS file: /e/openssl/cvs/openssl/crypto/asn1/a_enum.c,v
   retrieving revision 1.15.2.1
   retrieving revision 1.15.2.2
   diff -u -r1.15.2.1 -r1.15.2.2
   --- a_enum.c2002/05/30 16:48:07 1.15.2.1
   +++ a_enum.c2002/06/05 11:23:18 1.15.2.2
   @@ -207,7 +207,8 @@
   len=((j == 0)?0:((j/8)+1));
   if (ret-length  len+4)
   {
   -   char *new_data=(char *)OPENSSL_realloc(ret-data, len+4);
   +   unsigned char *new_data=
   +   (unsigned char *)OPENSSL_realloc(ret-data, len+4);

Why cast at all?

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

small problem with openssl 0.9.7.b1 and the ocsp function

2002-06-05 Thread Jean-Marc Desperrier 

The doc says :

Create an OCSP request and write it to a file:

 openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der


In my test, I try to do exactly that with :
openssl ocsp  -issuer ocsp_ca.pem -cert ocsp_valide.cer  -cert 
ocsp_revoque.cer -reqout req.der

But no req.der file is created.

openssl ocsp  -issuer ocsp_ca.pem -cert ocsp_valide.cer  -cert 
ocsp_revoque.cer -text
gives me this :

OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
  Hash Algorithm: sha1
  Issuer Name Hash: F2891129F54C9DDEAA3E936DBFB870560335231F
  Issuer Key Hash: 6BFA75BDCDF62581B3A4265BB4462F11D3321B78
  Serial Number: 56C745365CDD8F771ED95A323267765F
Certificate ID:
  Hash Algorithm: sha1
  Issuer Name Hash: F2891129F54C9DDEAA3E936DBFB870560335231F
  Issuer Key Hash: 6BFA75BDCDF62581B3A4265BB4462F11D3321B78
  Serial Number: 01CA788D7569634FDF4BF6B4029CE1A9
Request Extensions:
OCSP Nonce:
955CF8ECF789D6B68443206F4BAE2163

openssl ocsp  -issuer ocsp_ca.pem -cert ocsp_valide.cer  -cert 
ocsp_revoque.cer -text -reqout req.der
gives only the text output and does not create the file.

Are you in the process of writing the programming side documentation for 
the ocsp functionnality ?


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #71] [Fwd: Bug#141360: libssl-dev: gcc warning: redundant declaration of ERR_load_PEM_strings()]

2002-06-05 Thread Rich Salz via RT 


It avoid the double declaration


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] Bug Report 0.9.7b1: make install broken on NeXTSTEP/OpenStep

2002-06-05 Thread Rich Salz via RT 


 rsalz*/* ) echo $I | sed -e 's@\(.*\)/.*@\1@' ;;
 
 Why such a complicated sed?  's@/[^/]*$@@' is perfecty sufficient, and
 a little bit more efficient :-).

Because it makes the implementation of basename pretty obvious :)

As for efficiency :) here's an implementation that uses all shell 
builtins ...

#! /bin/sh
export IFS
case $1 in
*/*)
 OLDIFS=$IFS ; IFS=/ ; set $1 ; IFS=$OLDIFS
 p=''
 while : ;  do
 case $2 in
 ) break ;;
 esac
 case $p in
 ) p=$1 ;;
 *) p=$p/$1 ;;
 esac
 shift
 done
 echo $p
 ;;
*)
 echo .
 ;;
esac

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-05 Thread Mike Pechkin 

On Wed, Jun 05, 2002 at 03:10:58PM +0200, Lutz Jaenicke via RT wrote:
 
 [[EMAIL PROTECTED] - Wed Jun  5 14:48:52 2002]:
 
  ck_ssl.c: In function k_tn_tls_negotiate':
  ck_ssl.c:3232: ID_uniqueIdentifier' undeclared (first use in this
  function)
  ck_ssl.c:3232: (Each undeclared identifier is reported only once
  ck_ssl.c:3232: for each function it appears in.)
  ck_ssl.c: In function k_ssl_incoming':
  ck_ssl.c:3529: ID_uniqueIdentifier' undeclared (first use in this
  function)
  *** Error code 1

Thank you for a reply.
 
 The problem is caused by inconsistent definitions for the OID values.
 According to RFC2256, the OID 2.5.4.45 is assigned to
 X500UniqueIdentifier. UniqueIdentifier was assigned to
 pilotAttributeType.44 in RFC1274.
 If you have a look into crypto/objects/objects.txt you will see, that
 this was (still is) commented out. The reason is that UniqueIdentifier
 was (incorrectly) used for 2.5.4.45...
 In OpenSSL 0.9.7 I renamed the entry for 2.5.4.45 to fully comply with
 RFC2256. Now UniqueIdentifier is missing, as I did not uncomment the
 entry for RFC1274 (otherwise maybe nobody would have noted and only
 later strange failures would have been reported).
I see.

Let's discuss how to fix it!?

For instance, mod_ssl 2.8.8-1.3.24 use workaround:
#ifndef NID_uniqueIdentifier
#define NID_uniqueIdentifier 102
#endif

##
##
##

Also, markus@ created this temp patch:
+@@ -102,6 +104,13 @@
+ !ERROR This module requires OpenSSL 0.9.5a or higher
+ #endif /* OPENSSL_VERSION_NUMBER */
+ #endif /* SSLDLL */
++
++#if OPENSSL_VERSION_NUMBER  0x00907000L
++#else
++  #ifndef NID_UniqueIdentifier
++  #define NID_uniqueIdentifier NID_x500UniqueIdentifier
++  #endif
++#endif
+
+ static int auth_ssl_valid = 0;
+ static char *auth_ssl_name = 0;/* this holds the oneline name */


Comments ?

--mpech
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #81] Bug Report 0.9.7b1: make install broken onNeXTSTEP/OpenStep

2002-06-05 Thread Doug Kaufman 

On Wed, 5 Jun 2002, Richard Levitte via RT wrote:

 Can I assume that sed exists and works properly?  dirname can be 
 coded like this:
 
echo $$i | sed -e 's|[^/]*$||' -e 's|/$||'
 
 If that's guaranteed to work everywhere, that seems to be a good 
 candidate for a 'dirname $$i' replacement...

This won't work in systems where an initial / doesn't signify an
absolute path. Windows and DOS based systems may start with a \ or
with [a-zA-Z]:[\\/] for absolute path. DJGPP and Cygwin have their own
dirname applications (from GNU shell utilities), so this shouldn't
be a problem for them. I am not sure about other DOS/Windows based
compilers. What about VMS?
   Doug
__ 
Doug Kaufman
Internet: [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #76] Cygwin problems with 0.9.7

2002-06-05 Thread Richard Levitte via RT 


[[EMAIL PROTECTED] - Tue Jun  4 19:47:39 2002]:

 Building 0.9.7 (snapshot from June 1) with Cygwin led to several
 warnings during compilation related to the assembly code now 
included
 by default. Despite the warnings, it passed the tests in make 
test.
 Does something need to get fixed? These warnings under Cygwin's 
port
 of
 GCC were errors under the DJGPP port of GCC.
   Doug
 
 (cd asm; /usr/local/bin/perl md5-586.pl cpp mx86unix.cpp)

The argument cpp should probably be gaswin when used with 
Cygwin.  There are probably other changes needed as well, but that's 
what I can guess so far.

 gcc -E -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
 {standard input}: Assembler messages:
 {standard input}:57: Warning: .type pseudo-op used outside of
 .def/.endef ignored.
 {standard input}:57: Warning: rest of line ignored; first ignored
 character is `_'
[...]

-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]