Hi (probably) Richard,
Compaq TCP/IP Services for OpenVMS Alpha Version V5.3
on a AlphaServer 1200 5/533 4MB running OpenVMS V7.3
Compaq C V6.5-001 on OpenVMS Alpha V7.3
has some minor issues for me (hope it's still intelligable).
Just FYI ;
An existing (and functional) Perl script that generated and exported
pkcs12 certs now fails with the upgrade to 9.6e.
The command running is (retyped from another screen):
openssl pkcs12 -chain -CAfile MY-CAcert.pem -name BillyBob -out
testdir/BillyBob.p12 -in alldata
Here's a patch that fixes the DETECT_GNU_LD code in Makefile.org when
building on a Sun box with GCC 2.95.2 and higher. Yes the timestamp
is a few months old, but the patch applies cleanly to
openssl-0.9.6e/Makefile.org Please let me know if this is not your
preferred
On Wed, 31 Jul 2002, Jon Peatfield wrote:
Looking through the rest of the 0.9.6e patch I can't see any other
cases where realloc() is called like this but I might well have missed
some. I'm hoping that someone who understands the code better will
confirm/check this.
Might it not be better
Attached is a trivial patch to allow Win32 to build the OpenSSL dll's. If you want
to post it up to contrib, that's fine. Even a non-patch user should be able to follow
what to do.
Will
# The new OpenSSLDie() entry point was undefined in the 0.9.6e release
# and win32 dll's will not build
On Tue, Jul 30, 2002 at 11:37:36AM -0400, Chris Jarshant wrote:
I asked this on -users but I think -dev might be more appropriate...
Are there any declarations of the stability of the APIs found in the OpenSSL
distribution? For example, are there any guarantees or even
we will try not to's
Hi
We have found a strange and different behavior between OpenSSL 0.9.6d 9
May 2002 and OpenSSL 0.9.7-beta2 16 Jun 2002, working on Windows 2000.
We have a 2 level hierarchy of Cas, with 9 second level Cas, based on
openssl, with a Lotus Domino Interface, for managing all the lifecycle
of
In message [EMAIL PROTECTED] on Wed, 31 Jul 2002 11:15:03 -0500, Ken Hoo
[EMAIL PROTECTED] said:
Ken_Hoo Is read_pwd.c used in version 097beta2? When I change it, it
Ken_Hoo doesn't seem to compile and create a new object file.
It isn't used any more. Please take a look in crypto/ui/ to see
[[EMAIL PROTECTED] - Thu Aug 1 09:20:27 2002]:
On Wed, 31 Jul 2002, Jon Peatfield wrote:
Looking through the rest of the 0.9.6e patch I can't see any
other
cases where realloc() is called like this but I might well have
missed
some. I'm hoping that someone who understands the code
AAAaaargh! I didn't read properly. Please ignore my rant.
I rather believe that the change should be done in
OPENSSL_realloc(), so future uses elsewhere do not get into the same
trouble.
[levitte - Thu Aug 1 11:23:34 2002]:
[[EMAIL PROTECTED] - Thu Aug 1 09:20:27 2002]:
On Wed, 31
[jaenicke - Wed Jul 31 09:46:10 2002]:
[[EMAIL PROTECTED] - Wed Jul 31 09:35:46 2002]:
When I type ./config under HP-UX 10.20 I get the message
./config[398]: test: Specify a parameter with this command.
The problem occurs with version 0.9.6e, not with earlier
versions.
This
[jaenicke - Tue Jul 30 22:25:20 2002]:
[[EMAIL PROTECTED] - Tue Jul 30 18:49:55 2002]:
Some of the files in the 0.9.6e tarball have restrictive
permissions
which prevent building and installing as different non-privileged
users.
-rw--- openssl/openssl 23853 Jul 30 11:06 2002
resubmitting via RT. The absence of a quick reply leads me to believe
that there is indeed something wrong. I encourage you too look at this
before 0.9.7 release, otherwise we will run into serious
interoperability problems in the future.
Andreas.
Original Message
Subject:
On Thu, Aug 01, 2002 at 12:24:46PM +0200, Richard Levitte via RT wrote:
[jaenicke - Tue Jul 30 22:25:20 2002]:
[[EMAIL PROTECTED] - Tue Jul 30 18:49:55 2002]:
Some of the files in the 0.9.6e tarball have restrictive
permissions
which prevent building and installing as different
Hmm, there's a problem that haven't been addressed at all by the
IETF. SSLv3 contains the following as part of it's ciphersuite:
The final cipher suites are for the FORTEZZA token.
CipherSuite SSL_FORTEZZA_KEA_WITH_NULL_SHA = {
0X00,0X1C };
CipherSuite
Richard Levitte via RT wrote:
Hmm, there's a problem that haven't been addressed at all by the
IETF. SSLv3 contains the following as part of it's ciphersuite:
The final cipher suites are for the FORTEZZA token.
CipherSuite SSL_FORTEZZA_KEA_WITH_NULL_SHA = {
0X00,0X1C
On Thu, Aug 01, 2002 at 02:17:20AM -0400, Scott Gifford wrote:
I've done some work on running SSL/TLS code as a separate process in a
chroot jail as an unprivileged user, communicating with the daemon
it's doing encryption for via UNIX domain sockets. This approach
massively mitigates the
Has anyone sent a query to Win Treese [EMAIL PROTECTED] [TLS WG chair]
and perhaps the area directors looking for guidance?
The TLS Protocol Version 1.0 is in the process of being re-issued:
http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-01.txt
and clearly this problem should
Where can I find information on connecting a java based application to
an OpenSSL based Certificate Authority?
Thank you.
--
Mark Webb
Software Engineer
Dolphin Technology
1300B Floyd Ave
Rome, NY 13440
Phone: (315) 334-4892 x222
Fax: (315) 339-4846
Email: [EMAIL PROTECTED]
Hi,
The -rother option of the 'ocsp' command is not processed correctly (probably nobody
has used it before :-)). Here is a patch for openssl-0.9.7-beta3, I tested and it
works, the additional certificates are included in the OCSP response.
Regards,
Zoltan
---
Patch applied as given. Thanks. This ticket is now resolved.
[[EMAIL PROTECTED] - Thu Aug 1 15:15:55 2002]:
Hi,
The -rother option of the 'ocsp' command is not processed correctly
(probably nobody has used it before :-)). Here is a patch for
openssl-0.9.7-beta3, I tested and it
In light of the recent vulnerabilities announced in openssl, I am attempting
to recompile packages against openssl-0.9.6e. Finding binaries/libraries
compiled against shared libraries has been straightforward. However, I
have no clue how to approach finding binaries/libraries that have
In message 87731AA8A1D5D411A6260002555821870A5C17@SPHD on Thu, 1 Aug 2002 10:39:11
+0200 , Sharon Hezy [EMAIL PROTECTED] said:
shezy --* When linking the libraries, make sure that libssl finds libcrypto
shezy --and that they both find all their external dependencies at run time.
shezy --This is
On Tue, Jul 30, 2002 at 06:08:46PM +0300, Arne Ansper wrote:
attached is a patch for openssl-0.9.6e that removes the usage of die.
please review it carefully. all changes are localized but the action i
take in some places where error reporting is not possible might be little
bit wrong (i.e.
On Mon, 8 Jul 2002, Mehdi Jabal Ameli wrote:
when I sign a certificate , the start date of certificate is different from time of
my computer?(about 3 hours diffrence)
is this openssl bug?
My answer: maybe the time difference between your local time and GMT time
is about 3 hours...
What is
Sorry for this late delivery. It seems pipes can be filled with
old stuff sometimes. ;)
On Mon, 8 Jul 2002, Erwann ABALEA wrote:
On Mon, 8 Jul 2002, Mehdi Jabal Ameli wrote:
[...]
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
J'aurai aimé savoir si en Norvège il y
Friends,
I have compiled openssl source code on AS 400 system and have created
nodules and service program. How can I test the client server handshake ? I
mean which files or applications to use for that ?
Thanks in advance,
Ankit Shah
On Thu, Aug 01, 2002 at 10:09:18AM -0500, Mike Green wrote:
In light of the recent vulnerabilities announced in openssl, I am attempting
to recompile packages against openssl-0.9.6e. Finding binaries/libraries
compiled against shared libraries has been straightforward. However, I
have no
[[EMAIL PROTECTED] - Wed Jul 24 14:24:12 2002]:
1) cmdline openssl rsa cannot read keys from stdin, they have to be
specified using the -in argument.
I believe I've fixed this part. Please test the next snapshot.
--
Richard Levitte
[EMAIL PROTECTED]
[[EMAIL PROTECTED] - Wed Jul 24 14:24:12 2002]:
2) cmdline openssl x509 doesn't set AKI although it is specified
in the
config file and the CA cert has an appropriate SKI.
Do you have the possibility to send me that config file, your CA cert
and that resulting cert, so I can take a look,
On Tue, Jul 30, 2002 at 06:08:46PM +0300, Arne Ansper wrote:
attached is a patch for openssl-0.9.6e that removes the usage of die.
please review it carefully. all changes are localized but the action i
take in some places where error reporting is not possible might be little
bit wrong (i.e.
On windows It can be fixed by adding the following in the code
__declspec( dllexport ) before the OpenSSLDie function? I am not sure
if it is safe?
[[EMAIL PROTECTED] - Thu Aug 1 16:14:14 2002]:
On Tue, Jul 30, 2002 at 06:08:46PM +0300, Arne Ansper wrote:
attached is a patch for
I'd suggest adding a -ldl to the makefile.
Lynn Gazis
-Original Message-
From: Darrel Rüg [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 31, 2002 7:52 PM
To: [EMAIL PROTECTED]
Subject: compilation failure on rh 6.2
attempting to compile openssl-0.9.6e on rh 6.2 kernel 2.2.14-5.0
Friends,
Are s_server.c and s_client.c are the
applications(openssl-engine-0.9.6d/apps) which I can use for testing
client-server handshake ?
Ankit Shah, Software Engineer
__
OpenSSL Project
In message [EMAIL PROTECTED] on Thu, 1 Aug
2002 13:17:24 -0500, ANKIT K SHAH [EMAIL PROTECTED] said:
anshah Friends,
anshah Are s_server.c and s_client.c are the
anshah applications(openssl-engine-0.9.6d/apps) which I can use for testing
anshah client-server handshake ?
Yes.
--
Richard
On Thu, 1 Aug 2002, Andrew Reynolds wrote:
I'm having trouble building openssl-0.9.6e under Irix 6.5.
I've tried building on two different machines and I've tried using
the most recent snapshot.
I've added the following line to the Makefile:
irix-mips3-cc-uiuc,cc:-mips3 -n32 -O2
[[EMAIL PROTECTED] - Thu Aug 1 23:12:26 2002]:
We tracked this problem to the use of parallel make (make -P under
IRIX). The test routines run shell scripts that are not safe to
run in parallel. For example, in tx509 there is the sequence:
cp $t fff.p
$cmd -in fff.p -inform p -outform p
In message [EMAIL PROTECTED] on Thu, 1 Aug
2002 16:53:15 -0500, ANKIT K SHAH [EMAIL PROTECTED] said:
anshah I try to run s_client.c application (openssl-engien-0.9.6d) and it's giving
anshah me run time error connect: A remote host refused an attempted connect
anshah operation.
anshah What
The -V ZIP of the .LIS files was a little big for my mailer Richard.
I have placed it at
http://wasd.vsm.com.au/wasd_tmp/
On the other issue. After the latest OpenSSL build and after a relink
it seems to work. This is obviously some issue with my original build.
I will go back to scratch
Hello Everyone,
Has anyone had any experience using DES Decryption routines to decrypt a 16 byte
ciphertext into the original using an IV??
I am receiving the IV and the Encrypted Data from a server that is using the MS Crypto
API for des encryption and decryption. The mode is CBC (Cipher
40 matches
Mail list logo
