Re: Linking kdelibs against openssl 1.0

2011-06-25 Thread Igor Galić 


- Original Message -
> I am trying to build kdelibs. I built openssl with
>
> ./config --prefix=/home/ddoria/bin shared
> make
> make install
>
> Everything seemed to go well.
>
> Then when I run cmake on kdelibs, it seems to find my system version
> of openssl (/usr/...) even though I have /home/ddoria/bin first on
> PATH and /home/ddoria/bin/lib first on LD_LIBRARY_PATH. Why would it

You should not need to set LD_LIBRARY_PATH, ever.

> not find my local build of openssl? I tried to set it manually by
> setting:
>
>  OPENSSL_INCLUDE_DIR  /home/ddoria/bin/include/openssl
>  OPENSSL_LIBRARIES/home/ddoria/bin/lib64/libssl.so
>
> but when I try to build kdelibs I get:
>
> Linking CXX shared module ../../lib/kio_http.so
> /usr/krb5/lib/libkrb5.a(pkinit_crypto_openssl.o): In function
> `pkinit_decode_data':
> pkinit_crypto_openssl.c:(.text+0x75ea): undefined reference to
> `EVP_PKEY_decrypt_old'
>
> I take this to mean that it is still not using the correct openssl?

Not necessarily, though it's hard to say without seeing the actual
call to the linker.

> Any clues on how to make it use the right one?
>
> Thanks,
>
> David

i

--
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Compiling OpenSSL on linux-ia64-icc - Problem with SHA1 Asm

2011-06-23 Thread Igor Galić 


> Is there a target for x86_64 with icc? I could not find one in the
> Configure script, therefore I assume icc is not supported, or is it?

Try creating your own, base it off the linux-ia64-icc and the linux-x86_64
If it works out fine and passes make test submit a patch, please.

i

--
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: generic configuration for 64 bit

2011-06-12 Thread Igor Galić 


- Original Message -
> hi all,
>
>   The Configure file has generic 32 bit configurations:
>
> # Basic configs that should work on any (32 and less bit) box
> "gcc","gcc:-O3::(unknown):::BN_LLONG:::",
> "cc", "cc:-O::(unknown)::",
>
>   What would be an equivalent generic configuration for 64 bit?


If you are on Linux system, that would be:

    ./Configure linux-x86_64


> Best,
>   Misha

i

--
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: s_client

2011-06-06 Thread Igor Galić 


- Original Message -
> Trying to use the "openssl s_client" utility to test an https page.
>  I
> am able to connect, and to perform a GET and see pages, but I can't
> make
> a POST work.  I try to do something like:


Having established that GET works via SSL, why not use something like
curl for the POST?

i

--
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Tutorial to start with openssl.

2011-06-06 Thread Igor Galić 

> All,
>
>
> I am a newbie, any tutorial to start with openssl?

That highly depends on what you want to achieve.
There *is* documentation. http://openssl.org/docs/

You probably want to start with the
http://openssl.org/docs/HOWTO/ which explains some of the
essential concepts you'll need to know.


> Benix.

i

--
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: default certs path

2011-02-05 Thread Igor Galić 

- "Kārlis Repsons"  wrote:

> Hello all,
> 
> perhaps there is someone out there, who knows why openssl doesn't
> seem
> to look for certs in /etc/ssl/certs as indicated in openssl.cnf:
> 
> [ ca ]
> default_ca  = CA_default# The default ca section
> 
> [ CA_default ]
> dir = /etc/ssl  # Where everything is kept
> certs   = $dir/certs# Where the issued certs are
> 
> 
> For example with s_client: if it's given -CApath /etc/ssl/certs, the
> process is successful, otherwise it can't find the local
> certificates...
> 
> openssl s_client -CApath /etc/ssl/certs -connect paypal.com:443
> vs
> openssl s_client -connect paypal.com:443

Actually, you will find that

openssl s_client -CApath /zomg/wtf -connect paypal.com:443

Will give you the same result as a valid path.

> There are also problems with various other programs, which can't do
> verification...
> 
> Any cure known? Something more to specify here?

None of which I would know, or RT:
http://rt.openssl.org/Ticket/Display.html?id=977&user=guest&pass=guest


i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: [FWD] Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost ServerName set.

2011-02-03 Thread Igor Galić 

- "Lutz Jaenicke"  wrote:

> Forwarded to openssl-users for discussion.
> 
> Best regards,
>   Lutz
> 
> - Forwarded message from Ryan Wehrle  -
> 
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>   d=gmail.com; s=gamma;
>   h=domainkey-signature:mime-version:date:message-id:subject:from:to
>   :content-type:content-transfer-encoding;
>   bh=3SVqXgi7XU2AyKoIAg/VcZOohkhWLoGcOoKp1DiDvDk=;
>   b=ZUJ6eCdhqG0h+ngPIKyLyMlCq01n0oosXtQsTZcHpCtbUAQf56BS9QqlL4FExWbv37
>   B6JGAP655zKncgyS3jNI5Vc2SPcPb/VOWyRuEX41X9D5ZY5t8JK2w32kC4UvQnp1IfS+
>   zRM7B8vBpRxg59oMVSN6RTm614C6EpCHmykWk=
> DomainKey-Signature: a=rsa-sha1; c=nofws;
>   d=gmail.com; s=gamma;
>   h=mime-version:date:message-id:subject:from:to:content-type
>   :content-transfer-encoding;
>   b=YOwcRm54U5D8GeoTmcDzmBYbFXUFV0B1cFp2JVd95Us2SNfo4mnypM8kAwrTXLAcU8
>   vrWYlHFFdnrEw2IHqoZxNanZP3Cp8ZNGD5y+oUgw/s4PZlFVtjRRY4IHvHi/NOgVjjGR
>   B2pIaT7YHgSOyqbilSsPzmMHsMYHaGXYpXUzE=
> Date: Mon, 31 Jan 2011 03:40:12 -0600
> Subject: Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost
>   ServerName set.
> From: Ryan Wehrle 
> To: openssl-b...@openssl.org
> 
> Essentially here are my results:
> In other browsers (IE/FF/Chrome):
> If I set the ServerName property to RFiles.org

ServerNames are domain names are case insensitive.


> (httpd.exe crashes because of ssleay32.dll from OpenSSL 1.0.0c)

Can you provide a trace of the crash?

What do your certificates look like?
i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org