question re fedora 14
I see from the faq the notice about a custom openssl in fedora core 7. We are now at fedora 14 and my version installed from the redhat repository is: openssl-1.0.0c-1.fc14.i686 Are we still dealing with a reduced functionality version? If so, are the options to get around this still the same as posted in the faq for fedora core 7? Thanks, Perazim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Building OpenSSL vs Downloaded
You do not need to build the library unless you want to customize it. If you do compile it, it can be used with other compilers. I use the downloaded version with Borland C++Builder 5 and 6, though it was originally built with VC++, and it works fine. Ryan Pfeifle Sr. Programmer Voice Print International, Inc. [cid:vpi_logo.jpg@87236855d28f43db886de2c17b94c35f]http://www.VPI-corp.com/ Immediate Results. Unmatched Value.http://www.VPI-corp.com/ValueTM Tel: 1.805.389.5200 x5297 Fax: N/A Email: r...@vpi-corp.com Web: www.VPI-corp.com Experience the VPI Value Advantagehttp://www.vpi-corp.com/ValueAdvantageTM The information transmitted in this message is intended only for the addressee and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this material from any computer. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of hpenaguz...@aim.com Sent: Friday, December 17, 2010 6:59 PM To: openssl-users@openssl.org Subject: Building OpenSSL vs Downloaded Have two questions: 1) Is it mandatory to build the OpenSSL library in order to use the functionality provided by OpenSSL?, or is it possible to use it with the OpenSSL-Win32 library I downloaded. 2) If I build the OpenSSL library with one compiler is it possible to use with another compiler?, for instance I'm have Borland ver. 5 and 6 but can get one program compiled using OpenSSL programs and libraries, besides it doesn't work with string so I had to start doing some of the programing in QT. Is this possible? Thanks in advance! inline: vpi_logo.jpg
[FWD] OPENSSL - Windows CE
Forwarded to openssl-users for public discussion. Best regards, Lutz - Forwarded message from Cerriman Lima cerri...@hotmail.com - From: Cerriman Lima cerri...@hotmail.com To: r...@openssl.org Subject: OPENSSL - Windows CE Date: Tue, 21 Dec 2010 03:25:42 + Importance: Normal Hello I have an project in windows CE that i need to sign the message and verify the signature. I need to compile full OpenSSL? How to compile a short version? Can you help me, please. Thanks, Cerriman. - End forwarded message - -- Lutz Jaenicke jaeni...@openssl.org OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
[FWD] Bug report: ntdll.mak file is not present
Forwarded to openssl-users for public discussion. Best regards, Lutz - Forwarded message from Philippe Palazon cestlab...@gmail.com - DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=E7Dp7SiYSQG3A4ZV4depFf/jH5SffEUW2fNMhi6GY+E=; b=XDRLT8c2YlZH2vuV3Fyb9hx0+AW1IBsoA1eoYr6lXSI0sRlCZskbTTgc+lG32jJtgn xRfmPt6Uhh75SjV+fz43FjETjtjdSvN8eMXidVRZaMU55CvN+pWcrhhoudkkjBcNN0ZS d2zNnlfLPHgLox0sic4zdhc7bt6RI2KhkqRkM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=u+QwjddI4suAz1y5sKeFikoFpLozinw96S14lE9ou046R0KUYNQHRy+LgLEvIiXns/ 5ySklyXLOSEwnxwS867qspUoK1VyN/GGFJ1EcATRXr9FaplSCyLAMXsxHLJ6YpA303NS N40kVII5c3tSiyiW0QOly8+Y87zXMnMJLxnXg= Date: Mon, 20 Dec 2010 15:51:34 +0100 Subject: Bug report: ntdll.mak file is not present From: Philippe Palazon cestlab...@gmail.com To: r...@openssl.org Hello Madam, Sir, I donwload the *1.0.0c* version of OpenSsl. I have wanted to install it on Windows (seven) but under the *ms*sub-directory the * ntdll.mak* file is not present. Thanks. Best regards, Philippe. - End forwarded message - -- Lutz Jaenicke jaeni...@openssl.org OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [FWD] OPENSSL - Windows CE
Just go there : http://delaage.pierre.free.fr and you will get all the answers you are looking for. and pray that finally my updates get included in openssl code one day, something that unfortunately never happened... and see also this page in openssl rt system : http://rt.openssl.org/index.html?q=2350 (user guest password guest). Pierre Delaage Le 21/12/2010 04:36, Lutz Jaenicke a écrit : Forwarded to openssl-users for public discussion. Best regards, Lutz - Forwarded message from Cerriman Limacerri...@hotmail.com - From: Cerriman Limacerri...@hotmail.com To: r...@openssl.org Subject: OPENSSL - Windows CE Date: Tue, 21 Dec 2010 03:25:42 + Importance: Normal Hello I have an project in windows CE that i need to sign the message and verify the signature. I need to compile full OpenSSL? How to compile a short version? Can you help me, please. Thanks, Cerriman. - End forwarded message - -- Lutz Jaenicke jaeni...@openssl.org OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [FWD] Bug report: ntdll.mak file is not present
Are you sure you are following the instructions in install.w32 ? because this file should be created by the configure process etc... Pierre Le 21/12/2010 05:17, Lutz Jaenicke a écrit : Forwarded to openssl-users for public discussion. Best regards, Lutz - Forwarded message from Philippe Palazoncestlab...@gmail.com - DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=E7Dp7SiYSQG3A4ZV4depFf/jH5SffEUW2fNMhi6GY+E=; b=XDRLT8c2YlZH2vuV3Fyb9hx0+AW1IBsoA1eoYr6lXSI0sRlCZskbTTgc+lG32jJtgn xRfmPt6Uhh75SjV+fz43FjETjtjdSvN8eMXidVRZaMU55CvN+pWcrhhoudkkjBcNN0ZS d2zNnlfLPHgLox0sic4zdhc7bt6RI2KhkqRkM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=u+QwjddI4suAz1y5sKeFikoFpLozinw96S14lE9ou046R0KUYNQHRy+LgLEvIiXns/ 5ySklyXLOSEwnxwS867qspUoK1VyN/GGFJ1EcATRXr9FaplSCyLAMXsxHLJ6YpA303NS N40kVII5c3tSiyiW0QOly8+Y87zXMnMJLxnXg= Date: Mon, 20 Dec 2010 15:51:34 +0100 Subject: Bug report: ntdll.mak file is not present From: Philippe Palazoncestlab...@gmail.com To: r...@openssl.org Hello Madam, Sir, I donwload the *1.0.0c* version of OpenSsl. I have wanted to install it on Windows (seven) but under the *ms*sub-directory the * ntdll.mak* file is not present. Thanks. Best regards, Philippe. - End forwarded message - -- Lutz Jaenicke jaeni...@openssl.org OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [FWD] OPENSSL - Windows CE
Hi, of course your will FAIL to compile openssl 100b or c because my patch are NOT included in. But if you go to my website you will find everything you need to compile successfully openssl 100a. the bug you just mentioned is solved in my version of openssl 100a. Please do as described in my first mail : Just go there : http://delaage.pierre.free.fr and you will get all the answers you are looking for. and pray that finally my updates get included in openssl code one day, something that unfortunately never happened... and see also this page in openssl rt system : http://rt.openssl.org/index.html?q=2350 (user guest password guest). Unless you will reinvent the wheel and rediscover all the bugs I already solved. Yours sincerely, Pierre Delaage Le 21/12/2010 07:07, Cerriman Lima a écrit : Hi Thank you for help, but I try to compile and i get the following error: Creating library out32dll_ARMV4I\capi.lib and object out32dll_ARMV4I\capi.exp e_capi.obj : error LNK2019: unresolved external symbol CryptSignHashA referenced in function capi_rsa_sign e_capi.obj : error LNK2019: unresolved external symbol CryptEnumProvidersA refer enced in function capi_get_provname e_capi.obj : error LNK2019: unresolved external symbol CryptAcquireContextA refe renced in function capi_list_containers out32dll_ARMV4I\capi.dll : fatal error LNK1120: 3 unresolved externals NMAKE : fatal error U1077: 'link' : return code '0x460' Stop. Best regards, Cerriman. Date: Tue, 21 Dec 2010 05:37:00 -0500 From: delaage.pie...@free.fr To: openssl-users@openssl.org CC: jaeni...@openssl.org; cerri...@hotmail.com Subject: Re: [FWD] OPENSSL - Windows CE Just go there : http://delaage.pierre.free.fr and you will get all the answers you are looking for. and pray that finally my updates get included in openssl code one day, something that unfortunately never happened... and see also this page in openssl rt system : http://rt.openssl.org/index.html?q=2350 (user guest password guest). Pierre Delaage Le 21/12/2010 04:36, Lutz Jaenicke a écrit : Forwarded to openssl-users for public discussion. Best regards, Lutz - Forwarded message from Cerriman Limacerri...@hotmail.com - From: Cerriman Limacerri...@hotmail.com To: r...@openssl.org Subject: OPENSSL - Windows CE Date: Tue, 21 Dec 2010 03:25:42 + Importance: Normal Hello I have an project in windows CE that i need to sign the message and verify the signature. I need to compile full OpenSSL? How to compile a short version? Can you help me, please. Thanks, Cerriman. - End forwarded message - -- Lutz Jaenicke jaeni...@openssl.org OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: [FWD] OPENSSL - Windows CE
Hi Thank you for help, but I try to compile and i get the following error: Creating library out32dll_ARMV4I\capi.lib and object out32dll_ARMV4I\capi.exp e_capi.obj : error LNK2019: unresolved external symbol CryptSignHashA referenced in function capi_rsa_sign e_capi.obj : error LNK2019: unresolved external symbol CryptEnumProvidersA refer enced in function capi_get_provname e_capi.obj : error LNK2019: unresolved external symbol CryptAcquireContextA refe renced in function capi_list_containers out32dll_ARMV4I\capi.dll : fatal error LNK1120: 3 unresolved externals NMAKE : fatal error U1077: 'link' : return code '0x460' Stop. Best regards, Cerriman. Date: Tue, 21 Dec 2010 05:37:00 -0500 From: delaage.pie...@free.fr To: openssl-users@openssl.org CC: jaeni...@openssl.org; cerri...@hotmail.com Subject: Re: [FWD] OPENSSL - Windows CE Just go there : http://delaage.pierre.free.fr and you will get all the answers you are looking for. and pray that finally my updates get included in openssl code one day, something that unfortunately never happened... and see also this page in openssl rt system : http://rt.openssl.org/index.html?q=2350 (user guest password guest). Pierre Delaage Le 21/12/2010 04:36, Lutz Jaenicke a écrit : Forwarded to openssl-users for public discussion. Best regards, Lutz - Forwarded message from Cerriman Limacerri...@hotmail.com - From: Cerriman Limacerri...@hotmail.com To: r...@openssl.org Subject: OPENSSL - Windows CE Date: Tue, 21 Dec 2010 03:25:42 + Importance: Normal Hello I have an project in windows CE that i need to sign the message and verify the signature. I need to compile full OpenSSL? How to compile a short version? Can you help me, please. Thanks, Cerriman. - End forwarded message - -- Lutz Jaenicke jaeni...@openssl.org OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
strange behavior of self signed cert “VeriSign Cla ss 3 Public Primary Certification Authority - G5”.
Hi, recently when we bought certificate from Verisign, our cert has new root Certificate which is “VeriSign Class 3 Public Primary Certification Authority - G5”. This cert is quite strange when I run it at the openssl s_cilent command line, it won't stop at G5, it will go to another cert Class 3 Public Primary Certification Authority, Here is part of the command line output: C:\OpenSSL-Win32\binopenssl s_client -connect xxx.xxx.com:443 -CAfile cert_path\cert.pem Loading 'screen' into random state - done CONNECTED(0160) depth=3 C = US, O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority verify return:1 depth=2 C = US, O = VeriSign, Inc., OU = VeriSign Trust Network, OU = (c) 200 6 VeriSign, Inc. - For authorized use only, CN = VeriSign Class 3 Public Primar y Certification Authority - G5 verify return:1 depth=1 C = US, O = VeriSign, Inc., OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign Class 3 Secure Server CA - G3 verify return:1 depth=0 C = US, ST = Pennsylvania, L = , O = , OU = , OU = Terms of use at www.verisign.com/rpa (c)05, CN = xxx.xxx.com verify return:1 --- Certificate chain 0 s:/C=US/ST=Pennsylvania/L=/O=/OU=/OU=Terms of use at www .verisign.com/rpa (c)05/CN=xxx.xxx.com i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https:/ /www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https:/ /www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Auth ority - G5 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Auth ority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority Note that it doesn't stop at “VeriSign Class 3 Public Primary Certification Authority - G5”. However firefox will stop at that cert. From the cert, its issuer is: CN = VeriSign Class 3 Public Primary Certification Authority - G5 OU = (c) 2006 VeriSign, Inc. - For authorized use only OU = VeriSign Trust Network O = VeriSign, Inc. C = US which is itself. Any idea? Did some search on internet and didn't find any useful information on this, however see this post: http://efreedom.com/Question/2-72580/OpenSSL-Certificate-Signature-Failure-Error which has the same verification chain as I saw here. My second question is that for the root CA used here Class 3 Public Primary Certification Authority, there are both expired and unexpired cert at CAfile (one is expired at 2004, one is good till 2028, we probably should not do that in the first place, however the software is already at customer, not easy to change this). The strange behavior I saw here is that openssl sometimes uses the expired cert, sometimes uses the unexpired cert which really get me confused. At the above openssl s_client run, the verification is ok, however after I just removed 2 certs from the CAfile, now s_client starts complaining that root cert is expired: C:\OpenSSL-Win32\binopenssl s_client -connect xxx.xxx.com:443 -CAfile cert_path\cert.pem Loading 'screen' into random state - done CONNECTED(0160) depth=3 C = US, O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority verify error:num=10:certificate has expired notAfter=Jan 7 23:59:59 2004 GMT verify return:0 --- Certificate chain 0 s:/C=US/ST=Pennsylvania/L=/O=/OU=/OU=Terms of use at www .verisign.com/rpa (c)05/CN=xxx.xxx.com i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https:/ /www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https:/ /www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Auth ority - G5 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Auth ority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority Just wonder what sequence openssl is used to build up the certification verification chain. Is this an openssl bug? Do you see this problem before? Really appreciated. Thanks, Pingzhong Li -- View this message in context: http://old.nabble.com/strange-behavior-of-self-signed-cert-%E2%80%9CVeriSign-Class-3-Public-Primary-Certification-Authority---G5%E2%80%9D.-tp30506166p30506166.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL
RE: ifdef OPENSSL_NO_COMP
Hi Viktor, As U suggested I did 1)./ Configure no-zlib no-krb5 no-rc5 no-idea threads shared linux-x86_64 And as desired I saw. Since you've disabled or enabled at least one algorithm, you need to do the following before building: make depend Configured for linux-x86_64. 2) I did make depend, I got the following errors make[1]: Entering directory `/root/openssl-1.0.0b/crypto' gcc-4.3: ambiguous abbreviation -- gcc-4.3: ambiguous abbreviation -- In file included from /usr/include/features.h:354, from /usr/include/stdlib.h:25, from cryptlib.h:62, from cryptlib.c:117: /usr/include/gnu/stubs.h:9:27: error: gnu/stubs-64.h: No such file or directory In the Makefile I have CC=gcc-4.3 MAKEDEPPROG= gcc-4.3 I have gcc as gcc-4.3 in my Linux PC. Can anyone suggest me what is wrong here. r...@debian:~/openssl-1.0.0b# make depend making depend in crypto... make[1]: Entering directory `/root/openssl-1.0.0b/crypto' ../util/domd: line 25: gcc: command not found make[1]: *** [depend] Error 1 make[1]: Leaving directory `/root/openssl-1.0.0b/crypto' make: *** [depend] Error 1 r...@debian:~/openssl-1.0.0b# -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Victor Duchovni Sent: Monday, December 20, 2010 10:55 PM To: openssl-users@openssl.org Subject: Re: ifdef OPENSSL_NO_COMP On Mon, Dec 20, 2010 at 07:21:54PM -0500, Bhola Ray wrote: I have noticed the above flag in our openssl code in several c and h files. If I use #define OPENSSL_NO_COMP 1 in the right include file, and build the libcrypto.a and libssl.a then in that build Do not do this by hand. Is it correct, can anyone comment on that...thanks in advance. Example: ./Configure no-zlib no-krb5 no-rc5 no-idea threads shared linux-x86_64 make depend make The no-zlib flag disables compression at compile time. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL cert chain validation timestamp issues
On 12/20/2010 10:49 AM, travis+ml-open...@subspacefield.org wrote: So a friend ran into this lately; libnss, at least on Linux, checks that the signing cert (chain) is valid at the time of signature - as opposed to present time. (It may check present time as well - not sure on that) This is correct behavior. Certificates don't expire even if the credentials used to sign them do. The whole point of a signature is that it cannot be repudiated. This makes for problems if you renew the cert, since the new cert will have a creation (start) date of the current time, after the object was signed. The new cert didn't make the signature and has nothing to do with the signature. The phrase renew the cert is code for issue a new certificate to the same recipient with a later expiration date. It has no effect on the existing certificate and it certainly has no retroactive effect on things the previous certificate has already done. Can anyone think of why this would be a good thing? It's vital. What good would an expiring signature be? The whole point of a signature is that it cannot be repudiated, revoked, expired, or otherwise invalidated. If one actually trusted the signature date, someone could lie by backdating the object. Sure, those we trust can always lie. But we're not stupid. We pick the entites we trust by making sure they are entities we do not expect to lie. If you can get Verisign to issue a forged timestamp, then you can make us think a signature was made in the past. (The timestamp is normally itself signed by an entity we have chosen to trust for that purpose.) Also, we're unsure how to create a new cert that's still valid for the range - I think we're gonna have the person set their system clock back, since I don't think openssl command line actually prompts for a creation date. Why would you want to do that and what good would that do? They wouldn't be able to get a past timestamp unless they bribed a timestamping authority. And if they did that, why would you want to help them create a certificate with a bogus date?! So what exactly would the point be? I think you are expecting a new certificate to somehow go back and time and modify or affect previous operations that have already taken place. It can do no such thing. Operations that have taken place in the past are beyond our ability to affect in the future. Again, the whole point of a signature is that nothing done after the signature is made can affect it. It stands forever as it is as conclusive proof that the entity named certified the information signed. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
do i need a dedicated ip address for https?
http://help.godaddy.com/article/1054 # Set up SSL protection on your website. is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain? thank you happy Christmas! :) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: do i need a dedicated ip address for https?
I believe you can sort of get around that requirement using a wildcard SSL certificate (e.g. for *.domain.tld). But that only helps you if you're running multiple subdomains for the same TLD. I think I heard something about a change to the SSL protocol which would allow sending of the hostname during SSL negotiation, but I have no references. Plus any such change would require years or decades to propogate throughout all clients on the Internet. Mike On Tue, Dec 21, 2010 at 10:53 PM, S Mathias smathias1...@yahoo.com wrote: http://help.godaddy.com/article/1054 # Set up SSL protection on your website. is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain? thank you happy Christmas! :) __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org