Problem solved by me three years ago. Still using
old platform. Works fine.
-- Gordon Talge
- Original Message -
From: Rich Salz via RT r...@openssl.org
To: gta...@silcon.com
Cc: openssl-dev@openssl.org
Sent: Thursday, August 14, 2014 9:34 PM
Subject: [openssl.org #2483] X509
Hi All,
I am having trouble to use enable the Subject AlterName in generating CSR or
signing the cert. I did google on it and found few places mentioning as below.
Does it work ? or something has been broken?
This is my configuration file : openssl.conf
[ req ]
req_extensions = v3_req
On Aug 14, 2014, at 9:20 PM, Salz, Rich rs...@akamai.com wrote:
Just a comment. the OpenSSL build already depends on Perl and Perl already
has a Make of it's own .
Ooh, that could be interesting. What's the perl make thing called? A web
search for perl make was too voluminous…
AFAIK,
If I may redirect the discussion here, interesting as it is... I've
got a refactoring of the build system in-hand, compatible with tools
already in use. As much as folks may be in support of adopting a new
build system entirely--which I agree, might be worthwhile--I'd like
feedback on the work
Problem solved by me three years ago. Still using old platform. Works fine.
Glad it works! Anything worth sharing or was it very specific?
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
Mike, if you like, I can try to find some time next week for a phone call to
answer questions and discuss our experience using CMake. I'm by no means an
expert, but we've used it internally on a project and have come to believe it
is completely awesome. Most open source projects are moving
I appreciate and may take you up on the offer, but it's still off-topic.
;-) I'd also be more inclined to accept after some feedback on my own
offering.
Mike
On Aug 15, 2014 9:53 AM, Tim Hollebeek tholleb...@trustwave.com wrote:
Mike, if you like, I can try to find some time next week for a
On 08/15, Mike Bland wrote:
If I may redirect the discussion here, interesting as it is... I've
got a refactoring of the build system in-hand, compatible with tools
already in use. As much as folks may be in support of adopting a new
build system entirely--which I agree, might be
Will be fixed post-1.0.2:
commit 14e961921a7ff21c90ef944b33ada2658bca6255
Author: Claus Assmann ca+ssl-...@esmtp.org
Date: Fri Aug 15 00:44:14 2014 -0400
RT3268: Fix spelling errors in CHANGES file.
Fix a bunch of typo's and speling (sic) errors in the CHANGES file.
Reviewed-by: Tim Hudson
Nathan Typanski wrote:
On 08/14, Tim Hollebeek wrote:
Have you considered moving to CMake? It makes lots of the issues
you discuss in the document just go away. cmake should work on the
vast majority of supported operating systems, if not all of them ...
Cmake has disadvantages. I
Submitted, will be part of post-1.0.2 release; thanks!
commit 01e438f28844ad4f3fd7e8d772031524593d6441
Author: Hans Wennborg h...@chromium.org
Date: Fri Aug 15 00:54:00 2014 -0400
RT3023: Redundant logical expressions
Remove some redundant logical expressions
Reviewed-by: Emilia Kasper
will be fixed in next release after 1.0.2:
commit cf8bac445660fca7a354f8cb78aeaac623afc12e
Author: Rob Austein s...@hectrn.net
Date: Fri Aug 15 00:03:14 2014 -0400
RT2465: Silence some gcc warnings
Another machine, another version of gcc, another batch
of compiler warnings. Add =NULL to some
Fixed in master, for next release after 1.0.2
commit c753e71e0a0aea2c540dab96fb02c9c62c6ba7a2
Author: Frederic Giudicelli gro...@newpki.org
Date: Thu Aug 14 22:34:49 2014 -0400
RT783: Minor optimization to ASN1_INTEGER_set
Remove local variable and avoid extra assignment.
Reviewed-by: Emilia
Ask and ye shall receive:
1. You are 100% correct that recursive make is completely broken, and
moving to a single makefile is a significant improvement even if something else
is done in the medium/long term.
2. If using GMake everywhere is practical, I think it’s a good idea.
Pls ignore this. I got it works properly now.
From: Wellen Lau
Sent: Thursday, August 14, 2014 10:50 AM
To: openssl-dev@openssl.org; openssl-us...@openssl.org
Subject: using openssl to generate SAN seems not working...
Hi All,
I am having trouble to use enable the Subject AlterName in
Nathan and Tim,
Thanks much for helping refocus here. Responses inline.
On Fri, Aug 15, 2014 at 10:29 AM, Nathan Typanski ntypan...@gmail.com wrote:
Mike,
Sorry for contributing to the off-topic discussion. I'll try to make
up for it by posting some interesting data.
No worries; I've
I have read various info regarding OpenSSL and FIPS 140-2, however I
still have this very basic question:
For a new product, can I still use OpenSSL FIPS v2.0(#1747, Policy
2.0.7) to get FIPS 140-2 certification these days(i.e. after I.G
9.5/9.10)? My platform is Linux 3.x/ARMv7/OpenWRT and I
Oh how we admire the patience of those who have waited a decade or longer for
their RT's
to be fixed... What, wait, that was me! Anyhow, things work now.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
The return values of BIO_wrtite and BIO_flush are checked.
Don't know when this fix was made.
Closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
very old release very old ticket.
things are building now, closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
When this RT was created, it made sense to consider RFC 3779 support a maybe
thing.
It's eveywhere now.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
On 08/15, Mike Bland wrote:
Thanks much for doing this! But I'm really surprised that you're
getting 16s full, nonparallel builds from the existing recursive make
structure, when my Mac Pro still clocks 65s. What am I missing here?
Oh. Crap.
$ git clone
We have the MS CAPI engine in openssl now.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
somebody fixed it; all fgets return values are checked.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
req doesn't seem to look at the key type any more.
(except for looking at DSA keyh size)
i.e., someone already fixed this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
I forgot the only important timing command in the above sequence: the
actual build step. But, yes, I use ccache and it does ridiculous
things to build times. What looks like `gcc` from my end is just
copying cached builds out of RAM.
Nathan
It looks like the default validation is ecdsa_do_verify() in ecs_ossl.c
That code puts all BIGNUM's in a BN_CTX which it frees on exit.
So this has been resolved as far as I can tell.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
Someone fixed this awhile back; thanks for the patch.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Fixed in branch, to be released post-1.0.2
commit 3938694b2a770efad980c947b68981b110e784d6
Author: Rich Salz rs...@akamai.com
Date: Fri Aug 15 14:27:04 2014 -0400
PR 2936, etc: Consistently use default cert dir
All apps that have -CApath and -CAfile now are consistent and
call common code to
Ah, ccache...all those years at the old company rotted so much of my memory. :-P
Still, it does look like the single-Makefile results are a win.
Mike
On Fri, Aug 15, 2014 at 1:44 PM, Nathan Typanski ntypan...@gmail.com wrote:
I forgot the only important timing command in the above sequence:
Rich Salz via RT wrote:
SO_REUSEADDR is done.
It is not activated in ocsp.c .
The rest is fixed in 1.+
[SNIP]
__
OpenSSL Project http://www.openssl.org
Development Mailing List
This is possible in current releases by using the -verify_hostname flag.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Ugh, you're right. Re-opening this. BIO sockets are a tangle that will take
some time to figure out.
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
No information to reproduce this. If still an issue (old defect) please post
codedata.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development
Fixed in post-1.0.2 release
commit d728e05615a97314cd74b9ef82f6073bfb576d38
Author: Rich Salz rs...@akamai.com
Date: Fri Aug 15 17:28:58 2014 -0400
PR2618: Incorrect exit status for pkeyutl -verify
If the -verify flag is given, pkeyutl always exited with
an error status.
Fixing that also fixed
Many thanks for your report.
Fixed in this commit (and other similar commits for other branches):
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f2be92b94dad3c6cbdf79d99a324804094cf1617
Matt
__
OpenSSL Project
Many thanks for your patch.
Applied here:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=750487899ad2b794078ed998b513a4a14f60f2cc
Matt
__
OpenSSL Project http://www.openssl.org
37 matches
Mail list logo