Re: [EXTERNAL] Re: GNU Make erroring on makefile

2021-07-01 Thread David von Oheimb 
On Thu, 01 Jul 2021 15:22:46 +0200, Joe Carroll wrote:

> I'm getting a "missing separator" error on line 56.
Would be good to add a note to the top of both Makefile and makefile for
which flavor of make they are intended,
and maybe we can add some check to them that gives a more to-the-point
hint if an unsuitable one is used.

>  I do not have access to nmake.exe.

Everyone who uses a VC-* configuration should have access to cl.exe and
nmake.exe.

    David


On 01.07.21 16:55, Joe Carroll wrote:
> Thanks Matt.  That clears it up.
>
>
>
> -Original Message-
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
> Matt Caswell
> Sent: Thursday, July 1, 2021 9:40 AM
> To: openssl-users@openssl.org
> Subject: Re: [EXTERNAL] Re: GNU Make erroring on makefile
>
>
> On 01/07/2021 15:06, Joe Carroll wrote:
>> Windows 10
>> perl Configure VC-WIN64A
> The VC-WIN64A target generates a Makefile suitable for consumption by 
> nmake. Hence its not possible to use GNU make with it.
>
> [...]
>
>
> Matt
>
>
>
>
>> -Original Message-
>> From: Richard Levitte [mailto:levi...@openssl.org]
>> Sent: Thursday, July 1, 2021 8:25 AM
>> To: Joe Carroll 
>> Cc: openssl-users@openssl.org
>> Subject: [EXTERNAL] Re: GNU Make erroring on makefile
>>
>> How did you configure, and on what platform?
>>
>> On Thu, 01 Jul 2021 15:22:46 +0200,
>> Joe Carroll wrote:
>>> Has anyone successfully used GNU Make as part of the install process for 
>>> version 1.1.1k or later?
>>> I'm getting a "missing separator" error on line 56.  I do not have access 
>>> to nmake.exe.
>>>   
>>> !IF "$(DESTDIR)" != ""
>>>
>>>

Re: CNG engine on GitHub

2021-07-01 Thread Reinier Torenbeek 
Hi Matt,

I am aware of the deprecation of the engine interface with 3.0 but have not 
looked into the details of support providers yet. I  expect converting an 
engine to a support provider could be done with quite a bit of code reuse, 
correct? Would you say the interface and design of support providers is stable 
at this point?

Thanks,
Reinier

> On Jul 1, 2021, at 4:41 PM, Matt Caswell  wrote:
> 
> Nice! Are there any thoughts to support providers? The engine interface is 
> deprecated in 3.0.
> 
> Matt
> 
> 
>> On 01/07/2021 18:49, Reinier Torenbeek wrote:
>> Hi,
>> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you may 
>> want to check out this new OpenSSL CNG Engine project on GitHub: 
>> https://github.com/rticommunity/openssl-cng-engine 
>>  . The associated User's 
>> Manual is on ReadTheDocs: 
>> https://openssl-cng-engine.readthedocs.io/en/latest/index.html 
>>  .
>> The project implements the majority of the EVP interface, to leverage the 
>> BCrypt crypto implementations, as well as a subset of the STORE interface, 
>> for integration with the Windows Certificate and Keystore(s), via the NCrypt 
>> and Cert APIs. It has been tested with 1.1.1k on Windows 10, with Visual 
>> Studio 2017 and 2019. It is released under the Apache-2.0 license.
>> Any feedback is welcome, please send it to me or open an issue on GitHub.
>> Best regards,
>> Reinier

Re: email notice [was: Not getting some macros for FIPS]

2021-07-01 Thread Jakob Bohm via openssl-users 

On 2021-06-25 22:26, Richard Levitte wrote:

On Wed, 23 Jun 2021 10:51:05 +0200,
Tomas Mraz wrote:

On Wed, 2021-06-23 at 08:12 +, Kumar Mishra, Sanjeev wrote:


Notice: This e-mail together with any attachments may contain
information of Ribbon Communications Inc. and its Affiliates that is
confidential and/or proprietary for the sole use of the intended
recipient. Any review, disclosure, reliance or distribution by others
or forwarding without express permission is strictly prohibited. If
you are not the intended recipient, please notify the sender
immediately and then delete all copies, including any attachments.

It's a little bit strange to send e-mails with such notices to public
mailing lists where the intented recipient is _anyone_.

Those notices are a bit amusing, yeah.  Of course, Sanjeev can't be
blamed for this, as we can probably assume that it's a corporate
filter that automagically adds those.

And oh boy!  openssl-users having almost 3000 subscribers, that's
quite a lot of people to chase down and ensure they have destroyed all
copies, I tell ya!  "Good luck" is probably an appropriate response
;-)



Which is why I have set up dedicated e-mail identities for posting to such
public lists, using a different disclaimer in the sig-block.

I hope this can inspire other sysadmins to set up something similar.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

Re: CNG engine on GitHub

2021-07-01 Thread Matt Caswell 
Nice! Are there any thoughts to support providers? The engine interface 
is deprecated in 3.0.


Matt


On 01/07/2021 18:49, Reinier Torenbeek wrote:

Hi,

For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you 
may want to check out this new OpenSSL CNG Engine project on GitHub: 
https://github.com/rticommunity/openssl-cng-engine 
 . The associated 
User's Manual is on ReadTheDocs: 
https://openssl-cng-engine.readthedocs.io/en/latest/index.html 
 .


The project implements the majority of the EVP interface, to leverage 
the BCrypt crypto implementations, as well as a subset of the STORE 
interface, for integration with the Windows Certificate and Keystore(s), 
via the NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 
10, with Visual Studio 2017 and 2019. It is released under the 
Apache-2.0 license.


Any feedback is welcome, please send it to me or open an issue on GitHub.

Best regards,
Reinier

CNG engine on GitHub

2021-07-01 Thread Reinier Torenbeek 
Hi,

For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you may
want to check out this new OpenSSL CNG Engine project on GitHub:
https://github.com/rticommunity/openssl-cng-engine . The associated User's
Manual is on ReadTheDocs:
https://openssl-cng-engine.readthedocs.io/en/latest/index.html .

The project implements the majority of the EVP interface, to leverage the
BCrypt crypto implementations, as well as a subset of the STORE interface,
for integration with the Windows Certificate and Keystore(s), via the
NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with
Visual Studio 2017 and 2019. It is released under the Apache-2.0 license.

Any feedback is welcome, please send it to me or open an issue on GitHub.

Best regards,
Reinier

RE: Compilation error using OpenSSL 1.1.1i

2021-07-01 Thread Michael Wojcik 
> From: openssl-users  On Behalf Of 
> Jayalakshmi bhat
> Sent: Wednesday, 30 June, 2021 08:29

> I am getting the below error. Does anyone have inputs. Any help would be 
> appreciated.

> openssl/safestack.h(159) : error C2054: expected '(' to follow '__inline__'

[I don't think I've seen a reply to this. If it's already been answered, my 
apologies for the noise.]

With OpenSSL build questions, please always supply the Configure command line.

Offhand, it looks like your compiler doesn't recognize __inline__ as a 
decoration on a function declaration, and the pp-token "ossl_inline" is defined 
to expand to "__inline__".

Without digging through the configuration mechanism I can't say exactly how 
ossl_inline is defined, but presumably it's set by configuration based on what 
C implementation it believes you're using. So you may be using the wrong 
Configure target, or that target may assume a different C compiler, or a newer 
version of it.

--
Michael Wojcik

RE: [EXTERNAL] Re: GNU Make erroring on makefile

2021-07-01 Thread Joe Carroll 
Thanks Matt.  That clears it up.



-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Matt Caswell
Sent: Thursday, July 1, 2021 9:40 AM
To: openssl-users@openssl.org
Subject: Re: [EXTERNAL] Re: GNU Make erroring on makefile


On 01/07/2021 15:06, Joe Carroll wrote:
> Windows 10
> perl Configure VC-WIN64A

The VC-WIN64A target generates a Makefile suitable for consumption by 
nmake. Hence its not possible to use GNU make with it.

It *is* possible to build for Windows using GNU make with a different 
target however.

To do this you must first install MSYS2 with the mingw compiler packages 
and associated toolchain, as well as the MSYS2 version of perl (*not* 
other versions of perl).

Then you can configure and build as normal:

perl Configure mingw64
make
make test
make install

See the section "mingw and mingw64" in NOTES.WIN.

Matt




> 
> 
> -Original Message-
> From: Richard Levitte [mailto:levi...@openssl.org]
> Sent: Thursday, July 1, 2021 8:25 AM
> To: Joe Carroll 
> Cc: openssl-users@openssl.org
> Subject: [EXTERNAL] Re: GNU Make erroring on makefile
> 
> How did you configure, and on what platform?
> 
> On Thu, 01 Jul 2021 15:22:46 +0200,
> Joe Carroll wrote:
>>
>> Has anyone successfully used GNU Make as part of the install process for 
>> version 1.1.1k or later?
>> I'm getting a "missing separator" error on line 56.  I do not have access to 
>> nmake.exe.
>>   
>> !IF "$(DESTDIR)" != ""
>>
>>

Re: [EXTERNAL] Re: GNU Make erroring on makefile

2021-07-01 Thread Matt Caswell 



On 01/07/2021 15:06, Joe Carroll wrote:

Windows 10
perl Configure VC-WIN64A


The VC-WIN64A target generates a Makefile suitable for consumption by 
nmake. Hence its not possible to use GNU make with it.


It *is* possible to build for Windows using GNU make with a different 
target however.


To do this you must first install MSYS2 with the mingw compiler packages 
and associated toolchain, as well as the MSYS2 version of perl (*not* 
other versions of perl).


Then you can configure and build as normal:

perl Configure mingw64
make
make test
make install

See the section "mingw and mingw64" in NOTES.WIN.

Matt







-Original Message-
From: Richard Levitte [mailto:levi...@openssl.org]
Sent: Thursday, July 1, 2021 8:25 AM
To: Joe Carroll 
Cc: openssl-users@openssl.org
Subject: [EXTERNAL] Re: GNU Make erroring on makefile

How did you configure, and on what platform?

On Thu, 01 Jul 2021 15:22:46 +0200,
Joe Carroll wrote:


Has anyone successfully used GNU Make as part of the install process for 
version 1.1.1k or later?
I'm getting a "missing separator" error on line 56.  I do not have access to 
nmake.exe.
  
!IF "$(DESTDIR)" != ""

RE: [EXTERNAL] Re: GNU Make erroring on makefile

2021-07-01 Thread Joe Carroll 
Windows 10 
perl Configure VC-WIN64A


-Original Message-
From: Richard Levitte [mailto:levi...@openssl.org] 
Sent: Thursday, July 1, 2021 8:25 AM
To: Joe Carroll 
Cc: openssl-users@openssl.org
Subject: [EXTERNAL] Re: GNU Make erroring on makefile

How did you configure, and on what platform?

On Thu, 01 Jul 2021 15:22:46 +0200,
Joe Carroll wrote:
> 
> Has anyone successfully used GNU Make as part of the install process for 
> version 1.1.1k or later? 
> I'm getting a "missing separator" error on line 56.  I do not have access to 
> nmake.exe.
>  
> !IF "$(DESTDIR)" != ""
> 
> 
-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

Re: GNU Make erroring on makefile

2021-07-01 Thread Richard Levitte 
How did you configure, and on what platform?

On Thu, 01 Jul 2021 15:22:46 +0200,
Joe Carroll wrote:
> 
> Has anyone successfully used GNU Make as part of the install process for 
> version 1.1.1k or later? 
> I’m getting a “missing separator” error on line 56.  I do not have access to 
> nmake.exe.
>  
> !IF "$(DESTDIR)" != ""
> 
> 
-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

GNU Make erroring on makefile

2021-07-01 Thread Joe Carroll 
Has anyone successfully used GNU Make as part of the install process for 
version 1.1.1k or later?  I'm getting a "missing separator" error on line 56.  
I do not have access to nmake.exe.

!IF "$(DESTDIR)" != ""

Re: client certificate error

2021-07-01 Thread Jan Just Keijser 

Hi,

On 30/06/21 15:22, Paulo Wollny wrote:

Hi,

thank you for the answer.

can you please point the right direction for solution, please?


try
 http://httpd.apache.org/userslist.html


Regarding the "look suspicious - it means your client is connecting 
from 127.0.0.1 and your server is also listening on 127.0.0.1 ; is 
this really what you have in mind? "  i'm testin on my local system, 
having apache server and browser (chrome) on the same system.


And yes, the server cetificate have localhost as DNS alias.


The apache mailing list is a better place to ask ; as for using a 
certificate with localhost alias - I would not recommend doing that. It 
is better to use a FDQN and then add that FQDN to the /etc/hosts file using

  127.0.0.1    


HTH,

JJK