[openssl-users] Problem in installing gem puma
Dear All,
I am using Windows 7
ruby version :: ruby 2.1.6p336 (2015-04-13 revision 50298) [i386-mingw32]
gem version :: 2.2.3
I have a problem in installing gem puma
|PS C:\Users\VSrinivasan\mystuff\SampleApp gem install puma
Temporarily enhancing PATH to include DevKit...
Building native extensions. This could take a while...
ERROR: Error installing puma:
ERROR: Failed to build gem native extension.
C:/Ruby21/bin/ruby.exe extconf.rb
checking for BIO_read() in -lcrypto... no
checking for BIO_read() in -llibeay32... no
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers. Check the mkmf.log file for more details. You may
need configuration options.
Provided configuration options:
--with-opt-dir
--without-opt-dir
--with-opt-include
--without-opt-include=${opt-dir}/include
--with-opt-lib
--without-opt-lib=${opt-dir}/lib
--with-make-prog
--without-make-prog
--srcdir=.
--curdir
--ruby=C:/Ruby21/bin/ruby
--with-puma_http11-dir
--without-puma_http11-dir
--with-puma_http11-include
--without-puma_http11-include=${puma_http11-dir}/include
--with-puma_http11-lib
--without-puma_http11-lib=${puma_http11-dir}/lib
--with-cryptolib
--without-cryptolib
--with-libeay32lib
--without-libeay32lib
extconf failed, exit code 1
Gem files will remain installed in
C:/Ruby21/lib/ruby/gems/2.1.0/gems/puma-2.13.4 for inspection.
Results logged to
C:/Ruby21/lib/ruby/gems/2.1.0/extensions/x86-mingw32/2.1.0/puma-2.13.4/gem_make.out
|
mkmf.log
have_library: checking for BIO_read() in -lcrypto... no
gcc -o conftest.exe -IC:/Ruby21/include/ruby-2.1.0/i386-mingw32
-IC:/Ruby21/include/ruby-2.1.0/ruby/backward
-IC:/Ruby21/include/ruby-2.1.0 -I. -DFD_SETSIZE=2048
-D_WIN32_WINNT=0x0501 -D__MINGW_USE_VC2005_COMPAT
-D_FILE_OFFSET_BITS=64 -O3 -fno-omit-frame-pointer -fno-fast-math -g
-Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long
-Wno-missing-field-initializers -Wunused-variable -Wpointer-arith
-Wwrite-strings -Wdeclaration-after-statement
-Wimplicit-function-declaration conftest.c -L. -LC:/Ruby21/lib -L.
-lmsvcrt-ruby210 -lshell32 -lws2_32 -liphlpapi -limagehlp -lshlwapi
checked program was:
/* begin */
1: #include ruby.h
2:
3: #include winsock2.h
4: #include windows.h
5: int main(int argc, char **argv)
6: {
7: return 0;
8: }
/* end */
gcc -o conftest.exe -IC:/Ruby21/include/ruby-2.1.0/i386-mingw32
-IC:/Ruby21/include/ruby-2.1.0/ruby/backward
-IC:/Ruby21/include/ruby-2.1.0 -I. -DFD_SETSIZE=2048
-D_WIN32_WINNT=0x0501 -D__MINGW_USE_VC2005_COMPAT
-D_FILE_OFFSET_BITS=64 -O3 -fno-omit-frame-pointer -fno-fast-math -g
-Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long
-Wno-missing-field-initializers -Wunused-variable -Wpointer-arith
-Wwrite-strings -Wdeclaration-after-statement
-Wimplicit-function-declaration conftest.c -L. -LC:/Ruby21/lib -L.
-lmsvcrt-ruby210 -lcrypto -lshell32 -lws2_32 -liphlpapi -limagehlp
-lshlwapi
conftest.c: In function 't':
conftest.c:16:57: error: 'BIO_read' undeclared (first use in this function)
conftest.c:16:57: note: each undeclared identifier is reported only once
for each function it appears in
conftest.c:16:32: warning: variable 'p' set but not used
[-Wunused-but-set-variable]
checked program was:
/* begin */
1: #include ruby.h
2:
3: #include winsock2.h
4: #include windows.h
5:
6: /*top*/
7: extern int t(void);
8: int main(int argc, char **argv)
9: {
10: if (argc 100) {
11: printf(%p, t);
12: }
13:
14: return 0;
15: }
16: int t(void) { void ((*volatile p)()); p = (void ((*)()))BIO_read;
return 0; }
/* end */
gcc -o conftest.exe -IC:/Ruby21/include/ruby-2.1.0/i386-mingw32
-IC:/Ruby21/include/ruby-2.1.0/ruby/backward
-IC:/Ruby21/include/ruby-2.1.0 -I. -DFD_SETSIZE=2048
-D_WIN32_WINNT=0x0501 -D__MINGW_USE_VC2005_COMPAT
-D_FILE_OFFSET_BITS=64 -O3 -fno-omit-frame-pointer -fno-fast-math -g
-Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long
-Wno-missing-field-initializers -Wunused-variable -Wpointer-arith
-Wwrite-strings -Wdeclaration-after-statement
-Wimplicit-function-declaration conftest.c -L. -LC:/Ruby21/lib -L.
-lmsvcrt-ruby210 -lcrypto -lshell32 -lws2_32 -liphlpapi -limagehlp
-lshlwapi
conftest.c: In function 't':
conftest.c:16:1: warning: implicit declaration of function 'BIO_read'
[-Wimplicit-function-declaration]
c:/devkit/mingw/bin/../lib/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld.exe:
cannot find -lcrypto
collect2.exe: error: ld returned 1 exit status
checked program was:
/* begin */
1: #include ruby.h
2:
3: #include winsock2.h
4: #include windows.h
5:
6: /*top*/
7: extern int t(void);
8: int main(int argc, char **argv)
9: {
10: if (argc
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
Thanks for your comments - much appreciated. What is exactly the poodle patch and how doe sit come into providing some form of protection against the BEAST attack ? -- View this message in context: http://openssl.6102.n7.nabble.com/BEAST-and-SSL-OP-DONT-INSERT-EMPTY-FRAGMENTS-tp59291p59743.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
What about 3DES with appropriate IV, downgrade and replay countermeasures, what exactly is wrong with those ciphers that is beyond salvage?(By salvage I mean significantly better than plain text when talking to clients that don't support anything more modern, such as certain Microsoft systems). I don't know. I am not a cryptographer, and I try not to come across as if I were. There are no safe SSL3 ciphers is something several cryptographers and other members of the security community, have said loudly and often. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
Try this as a starting point: https://security.ias.edu/poodle-and-beast-isnt-love-story-sslv3-cipher-vulnerability ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Problem in installing gem puma
This is not an OpenSSL issue; it's an autoconf one.
From your installation log:
-
gcc -o conftest.exe -IC:/Ruby21/include/ruby-2.1.0/i386-mingw32
-IC:/Ruby21/include/ruby-2.1.0/ruby/backward -IC:/Ruby21/include/ruby-2.1.0 -I.
-DFD_SETSIZE=2048 -D_WIN32_WINNT=0x0501 -D__MINGW_USE_VC2005_COMPAT
-D_FILE_OFFSET_BITS=64 -O3 -fno-omit-frame-pointer -fno-fast-math -g -Wall
-Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long
-Wno-missing-field-initializers -Wunused-variable -Wpointer-arith
-Wwrite-strings -Wdeclaration-after-statement -Wimplicit-function-declaration
conftest.c -L. -LC:/Ruby21/lib -L. -lmsvcrt-ruby210 -lcrypto -lshell32
-lws2_32 -liphlpapi -limagehlp -lshlwapi
conftest.c: In function 't':
conftest.c:16:57: error: 'BIO_read' undeclared (first use in this function)
conftest.c:16:57: note: each undeclared identifier is reported only once for
each function it appears in
conftest.c:16:32: warning: variable 'p' set but not used
[-Wunused-but-set-variable]
checked program was:
/* begin */
1: #include ruby.h
2:
3: #include winsock2.h
4: #include windows.h
5:
6: /*top*/
7: extern int t(void);
8: int main(int argc, char **argv)
9: {
10: if (argc 100) {
11: printf(%p, t);
12: }
13:
14: return 0;
15: }
16: int t(void) { void ((*volatile p)()); p = (void ((*)()))BIO_read; return 0;
}
/* end */
-
Note:
- The conftest.c generated by autoconf does not include any OpenSSL headers
- gcc correctly complains that BIO_read has not been declared
It's not a linker failure - it's a compiler diagnostic. autoconf isn't
successfully checking whether the symbol can be resolved by the library because
the test program it's generating is rubbish.
Autoconf should be generating an extern declaration for BIO_read in conftest.c;
apparently whoever wrote that bit of autoconf doesn't know C. (No surprise
there.) I suspect it normally works because gcc is configured with different
default settings and treats the lack of a declaration as non-fatal. I don't
know why it's different in your case, and I have no idea how to fix it, as I've
never had to poke into the implementation of autoconf and don't know what's
making your gcc behave differently.
--
Michael Wojcik
Technology Specialist, Micro Focus
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
On 19/08/2015 16:37, Salz, Rich wrote: Try this as a starting point: https://security.ias.edu/poodle-and-beast-isnt-love-story-sslv3-cipher-vulnerability ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users That's just some guy pontificating before the SCSV countermeasure was available. Absolutely no technical arguments. The list of sources is equally random and non-detailed as to why there is nothing salvageable. For instance, one is a link where Bodo Moeller explains why something like the _EMPTY_FRAGMENTS countermeasure is needed for the IV issue. I know a lot of people said the sky was falling, I am trying to remember why. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] The manpages are on the website now
As a new feature, all releases are now online, including master. There is still some links broken. We could use some Perl hacking help. If you know how to add -podpath searching into Pod::XHTML, please get in touch. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Problem in installing gem puma
Thank you Michael Wojcik
On 19-Aug-15 7:25 PM, Michael Wojcik wrote:
This is not an OpenSSL issue; it's an autoconf one.
From your installation log:
-
gcc -o conftest.exe -IC:/Ruby21/include/ruby-2.1.0/i386-mingw32
-IC:/Ruby21/include/ruby-2.1.0/ruby/backward -IC:/Ruby21/include/ruby-2.1.0 -I.
-DFD_SETSIZE=2048 -D_WIN32_WINNT=0x0501 -D__MINGW_USE_VC2005_COMPAT
-D_FILE_OFFSET_BITS=64 -O3 -fno-omit-frame-pointer -fno-fast-math -g -Wall -Wextra
-Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers
-Wunused-variable -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement
-Wimplicit-function-declaration conftest.c -L. -LC:/Ruby21/lib -L. -lmsvcrt-ruby210
-lcrypto -lshell32 -lws2_32 -liphlpapi -limagehlp -lshlwapi
conftest.c: In function 't':
conftest.c:16:57: error: 'BIO_read' undeclared (first use in this function)
conftest.c:16:57: note: each undeclared identifier is reported only once for
each function it appears in
conftest.c:16:32: warning: variable 'p' set but not used
[-Wunused-but-set-variable]
checked program was:
/* begin */
1: #include ruby.h
2:
3: #include winsock2.h
4: #include windows.h
5:
6: /*top*/
7: extern int t(void);
8: int main(int argc, char **argv)
9: {
10: if (argc 100) {
11: printf(%p, t);
12: }
13:
14: return 0;
15: }
16: int t(void) { void ((*volatile p)()); p = (void ((*)()))BIO_read; return 0;
}
/* end */
-
Note:
- The conftest.c generated by autoconf does not include any OpenSSL headers
- gcc correctly complains that BIO_read has not been declared
It's not a linker failure - it's a compiler diagnostic. autoconf isn't
successfully checking whether the symbol can be resolved by the library because
the test program it's generating is rubbish.
Autoconf should be generating an extern declaration for BIO_read in conftest.c;
apparently whoever wrote that bit of autoconf doesn't know C. (No surprise
there.) I suspect it normally works because gcc is configured with different
default settings and treats the lack of a declaration as non-fatal. I don't
know why it's different in your case, and I have no idea how to fix it, as I've
never had to poke into the implementation of autoconf and don't know what's
making your gcc behave differently.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
On 19/08/2015 00:26, Salz, Rich wrote: There are *no* secure SSLv3 ciphers. If you need to support it (for legacy clients), then best you can do is use the poodle patch, the SCSV indicator which will at least prevents clients that are capable of more from being downgraded. What about 3DES with appropriate IV, downgrade and replay countermeasures, what exactly is wrong with those ciphers that is beyond salvage?(By salvage I mean significantly better than plain text when talking to clients that don't support anything more modern, such as certain Microsoft systems). Specifically: If the SSL library aborts session on first bad decryption, the adversary gets only one use of the padding oracle per key. Shouldn't this kill off those attacks. With 1/n-1 or 0/n splitting, the predictable IV issue should be reasonably mitigated.(Hence the prior discussion of the need to not disable thatvia SSL_OP_ALL). With export-RSA and export-DH properly disabled, attempts to downgrade to 40/56 bit symmetric keys should be detected, or is there a bug in the way strong RSA/DSA keys are used to authenticate the negotiation that would allow a downgradeto downgrade its own check? With SCSV handling enabled, shouldn't that prevent downgrade-via-browser-retry attacks (Poodle)? Except of cause with browsers that lack the feature. Which attack scenario did I forget? Of cause it is more safe to insist that everybody else uses only TLS 1.2 with ECDH, AES and SHA-2, but I think that wold rule out too many clients in practice. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
