[openssl-users] Problem in installing gem puma
Dear All, I am using Windows 7 ruby version :: ruby 2.1.6p336 (2015-04-13 revision 50298) [i386-mingw32] gem version :: 2.2.3 I have a problem in installing gem puma |PS C:\Users\VSrinivasan\mystuff\SampleApp gem install puma Temporarily enhancing PATH to include DevKit... Building native extensions. This could take a while... ERROR: Error installing puma: ERROR: Failed to build gem native extension. C:/Ruby21/bin/ruby.exe extconf.rb checking for BIO_read() in -lcrypto... no checking for BIO_read() in -llibeay32... no *** extconf.rb failed *** Could not create Makefile due to some reason, probably lack of necessary libraries and/or headers. Check the mkmf.log file for more details. You may need configuration options. Provided configuration options: --with-opt-dir --without-opt-dir --with-opt-include --without-opt-include=${opt-dir}/include --with-opt-lib --without-opt-lib=${opt-dir}/lib --with-make-prog --without-make-prog --srcdir=. --curdir --ruby=C:/Ruby21/bin/ruby --with-puma_http11-dir --without-puma_http11-dir --with-puma_http11-include --without-puma_http11-include=${puma_http11-dir}/include --with-puma_http11-lib --without-puma_http11-lib=${puma_http11-dir}/lib --with-cryptolib --without-cryptolib --with-libeay32lib --without-libeay32lib extconf failed, exit code 1 Gem files will remain installed in C:/Ruby21/lib/ruby/gems/2.1.0/gems/puma-2.13.4 for inspection. Results logged to C:/Ruby21/lib/ruby/gems/2.1.0/extensions/x86-mingw32/2.1.0/puma-2.13.4/gem_make.out | mkmf.log have_library: checking for BIO_read() in -lcrypto... no gcc -o conftest.exe -IC:/Ruby21/include/ruby-2.1.0/i386-mingw32 -IC:/Ruby21/include/ruby-2.1.0/ruby/backward -IC:/Ruby21/include/ruby-2.1.0 -I. -DFD_SETSIZE=2048 -D_WIN32_WINNT=0x0501 -D__MINGW_USE_VC2005_COMPAT -D_FILE_OFFSET_BITS=64 -O3 -fno-omit-frame-pointer -fno-fast-math -g -Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wunused-variable -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wimplicit-function-declaration conftest.c -L. -LC:/Ruby21/lib -L. -lmsvcrt-ruby210 -lshell32 -lws2_32 -liphlpapi -limagehlp -lshlwapi checked program was: /* begin */ 1: #include ruby.h 2: 3: #include winsock2.h 4: #include windows.h 5: int main(int argc, char **argv) 6: { 7: return 0; 8: } /* end */ gcc -o conftest.exe -IC:/Ruby21/include/ruby-2.1.0/i386-mingw32 -IC:/Ruby21/include/ruby-2.1.0/ruby/backward -IC:/Ruby21/include/ruby-2.1.0 -I. -DFD_SETSIZE=2048 -D_WIN32_WINNT=0x0501 -D__MINGW_USE_VC2005_COMPAT -D_FILE_OFFSET_BITS=64 -O3 -fno-omit-frame-pointer -fno-fast-math -g -Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wunused-variable -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wimplicit-function-declaration conftest.c -L. -LC:/Ruby21/lib -L. -lmsvcrt-ruby210 -lcrypto -lshell32 -lws2_32 -liphlpapi -limagehlp -lshlwapi conftest.c: In function 't': conftest.c:16:57: error: 'BIO_read' undeclared (first use in this function) conftest.c:16:57: note: each undeclared identifier is reported only once for each function it appears in conftest.c:16:32: warning: variable 'p' set but not used [-Wunused-but-set-variable] checked program was: /* begin */ 1: #include ruby.h 2: 3: #include winsock2.h 4: #include windows.h 5: 6: /*top*/ 7: extern int t(void); 8: int main(int argc, char **argv) 9: { 10: if (argc 100) { 11: printf(%p, t); 12: } 13: 14: return 0; 15: } 16: int t(void) { void ((*volatile p)()); p = (void ((*)()))BIO_read; return 0; } /* end */ gcc -o conftest.exe -IC:/Ruby21/include/ruby-2.1.0/i386-mingw32 -IC:/Ruby21/include/ruby-2.1.0/ruby/backward -IC:/Ruby21/include/ruby-2.1.0 -I. -DFD_SETSIZE=2048 -D_WIN32_WINNT=0x0501 -D__MINGW_USE_VC2005_COMPAT -D_FILE_OFFSET_BITS=64 -O3 -fno-omit-frame-pointer -fno-fast-math -g -Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wunused-variable -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wimplicit-function-declaration conftest.c -L. -LC:/Ruby21/lib -L. -lmsvcrt-ruby210 -lcrypto -lshell32 -lws2_32 -liphlpapi -limagehlp -lshlwapi conftest.c: In function 't': conftest.c:16:1: warning: implicit declaration of function 'BIO_read' [-Wimplicit-function-declaration] c:/devkit/mingw/bin/../lib/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld.exe: cannot find -lcrypto collect2.exe: error: ld returned 1 exit status checked program was: /* begin */ 1: #include ruby.h 2: 3: #include winsock2.h 4: #include windows.h 5: 6: /*top*/ 7: extern int t(void); 8: int main(int argc, char **argv) 9: { 10: if (argc
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
Thanks for your comments - much appreciated. What is exactly the poodle patch and how doe sit come into providing some form of protection against the BEAST attack ? -- View this message in context: http://openssl.6102.n7.nabble.com/BEAST-and-SSL-OP-DONT-INSERT-EMPTY-FRAGMENTS-tp59291p59743.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
What about 3DES with appropriate IV, downgrade and replay countermeasures, what exactly is wrong with those ciphers that is beyond salvage?(By salvage I mean significantly better than plain text when talking to clients that don't support anything more modern, such as certain Microsoft systems). I don't know. I am not a cryptographer, and I try not to come across as if I were. There are no safe SSL3 ciphers is something several cryptographers and other members of the security community, have said loudly and often. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
Try this as a starting point: https://security.ias.edu/poodle-and-beast-isnt-love-story-sslv3-cipher-vulnerability ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Problem in installing gem puma
This is not an OpenSSL issue; it's an autoconf one. From your installation log: - gcc -o conftest.exe -IC:/Ruby21/include/ruby-2.1.0/i386-mingw32 -IC:/Ruby21/include/ruby-2.1.0/ruby/backward -IC:/Ruby21/include/ruby-2.1.0 -I. -DFD_SETSIZE=2048 -D_WIN32_WINNT=0x0501 -D__MINGW_USE_VC2005_COMPAT -D_FILE_OFFSET_BITS=64 -O3 -fno-omit-frame-pointer -fno-fast-math -g -Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wunused-variable -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wimplicit-function-declaration conftest.c -L. -LC:/Ruby21/lib -L. -lmsvcrt-ruby210 -lcrypto -lshell32 -lws2_32 -liphlpapi -limagehlp -lshlwapi conftest.c: In function 't': conftest.c:16:57: error: 'BIO_read' undeclared (first use in this function) conftest.c:16:57: note: each undeclared identifier is reported only once for each function it appears in conftest.c:16:32: warning: variable 'p' set but not used [-Wunused-but-set-variable] checked program was: /* begin */ 1: #include ruby.h 2: 3: #include winsock2.h 4: #include windows.h 5: 6: /*top*/ 7: extern int t(void); 8: int main(int argc, char **argv) 9: { 10: if (argc 100) { 11: printf(%p, t); 12: } 13: 14: return 0; 15: } 16: int t(void) { void ((*volatile p)()); p = (void ((*)()))BIO_read; return 0; } /* end */ - Note: - The conftest.c generated by autoconf does not include any OpenSSL headers - gcc correctly complains that BIO_read has not been declared It's not a linker failure - it's a compiler diagnostic. autoconf isn't successfully checking whether the symbol can be resolved by the library because the test program it's generating is rubbish. Autoconf should be generating an extern declaration for BIO_read in conftest.c; apparently whoever wrote that bit of autoconf doesn't know C. (No surprise there.) I suspect it normally works because gcc is configured with different default settings and treats the lack of a declaration as non-fatal. I don't know why it's different in your case, and I have no idea how to fix it, as I've never had to poke into the implementation of autoconf and don't know what's making your gcc behave differently. -- Michael Wojcik Technology Specialist, Micro Focus ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
On 19/08/2015 16:37, Salz, Rich wrote: Try this as a starting point: https://security.ias.edu/poodle-and-beast-isnt-love-story-sslv3-cipher-vulnerability ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users That's just some guy pontificating before the SCSV countermeasure was available. Absolutely no technical arguments. The list of sources is equally random and non-detailed as to why there is nothing salvageable. For instance, one is a link where Bodo Moeller explains why something like the _EMPTY_FRAGMENTS countermeasure is needed for the IV issue. I know a lot of people said the sky was falling, I am trying to remember why. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] The manpages are on the website now
As a new feature, all releases are now online, including master. There is still some links broken. We could use some Perl hacking help. If you know how to add -podpath searching into Pod::XHTML, please get in touch. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Problem in installing gem puma
Thank you Michael Wojcik On 19-Aug-15 7:25 PM, Michael Wojcik wrote: This is not an OpenSSL issue; it's an autoconf one. From your installation log: - gcc -o conftest.exe -IC:/Ruby21/include/ruby-2.1.0/i386-mingw32 -IC:/Ruby21/include/ruby-2.1.0/ruby/backward -IC:/Ruby21/include/ruby-2.1.0 -I. -DFD_SETSIZE=2048 -D_WIN32_WINNT=0x0501 -D__MINGW_USE_VC2005_COMPAT -D_FILE_OFFSET_BITS=64 -O3 -fno-omit-frame-pointer -fno-fast-math -g -Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wunused-variable -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wimplicit-function-declaration conftest.c -L. -LC:/Ruby21/lib -L. -lmsvcrt-ruby210 -lcrypto -lshell32 -lws2_32 -liphlpapi -limagehlp -lshlwapi conftest.c: In function 't': conftest.c:16:57: error: 'BIO_read' undeclared (first use in this function) conftest.c:16:57: note: each undeclared identifier is reported only once for each function it appears in conftest.c:16:32: warning: variable 'p' set but not used [-Wunused-but-set-variable] checked program was: /* begin */ 1: #include ruby.h 2: 3: #include winsock2.h 4: #include windows.h 5: 6: /*top*/ 7: extern int t(void); 8: int main(int argc, char **argv) 9: { 10: if (argc 100) { 11: printf(%p, t); 12: } 13: 14: return 0; 15: } 16: int t(void) { void ((*volatile p)()); p = (void ((*)()))BIO_read; return 0; } /* end */ - Note: - The conftest.c generated by autoconf does not include any OpenSSL headers - gcc correctly complains that BIO_read has not been declared It's not a linker failure - it's a compiler diagnostic. autoconf isn't successfully checking whether the symbol can be resolved by the library because the test program it's generating is rubbish. Autoconf should be generating an extern declaration for BIO_read in conftest.c; apparently whoever wrote that bit of autoconf doesn't know C. (No surprise there.) I suspect it normally works because gcc is configured with different default settings and treats the lack of a declaration as non-fatal. I don't know why it's different in your case, and I have no idea how to fix it, as I've never had to poke into the implementation of autoconf and don't know what's making your gcc behave differently. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
On 19/08/2015 00:26, Salz, Rich wrote: There are *no* secure SSLv3 ciphers. If you need to support it (for legacy clients), then best you can do is use the poodle patch, the SCSV indicator which will at least prevents clients that are capable of more from being downgraded. What about 3DES with appropriate IV, downgrade and replay countermeasures, what exactly is wrong with those ciphers that is beyond salvage?(By salvage I mean significantly better than plain text when talking to clients that don't support anything more modern, such as certain Microsoft systems). Specifically: If the SSL library aborts session on first bad decryption, the adversary gets only one use of the padding oracle per key. Shouldn't this kill off those attacks. With 1/n-1 or 0/n splitting, the predictable IV issue should be reasonably mitigated.(Hence the prior discussion of the need to not disable thatvia SSL_OP_ALL). With export-RSA and export-DH properly disabled, attempts to downgrade to 40/56 bit symmetric keys should be detected, or is there a bug in the way strong RSA/DSA keys are used to authenticate the negotiation that would allow a downgradeto downgrade its own check? With SCSV handling enabled, shouldn't that prevent downgrade-via-browser-retry attacks (Poodle)? Except of cause with browsers that lack the feature. Which attack scenario did I forget? Of cause it is more safe to insist that everybody else uses only TLS 1.2 with ECDH, AES and SHA-2, but I think that wold rule out too many clients in practice. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users