I've added the two latest contributions to
http://www.openssl.org/contrib/.
--
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Corrected. Thanks. Ticket resolved.
[EMAIL PROTECTED] - Thu Apr 17 19:18:35 2003]:
> Hi!
>
> openssl-0.9.6g/bugs/SSLv3:non-self-sighed CA which does not have it's
> CA in netscape, and the
> openssl-0.9.6g/doc/ssl/SSL_CTX_set_options.pod:non-self-sighed CA
> which does not have it's CA in net
I've addressed all three concerns with small changes. Please try
tomorrow's 0.9.7 snapshot, and report a bug report if you find them.
Ticket resolved.
[EMAIL PROTECTED] - Thu Apr 17 19:20:13 2003]:
> Hi,
>
> sorry, another issue, that seems not to be cleanly handled
> (for more info about pla
I fixed this a while ago. Ticket resolved.
[EMAIL PROTECTED] - Tue Apr 22 13:02:44 2003]:
> Hi *,
>
> I have just tried to build openssl-SNAP-20030421 on
> a Solaris box and got an error (see below). Note:
> this error does not occur in 0.9.7.
>
> Regards,
> Nils
>
>
> OpenSSL self-test rep
Patch applied and committed. Thanks. Ticket resolved.
[EMAIL PROTECTED] - Thu Apr 24 18:41:01 2003]:
> managment -> management
>
> i diffed against openssl-0.9.7a.
> jmc.
>
> --- demos/engines/zencod/hw_zencod.h Tue Aug 13 14:26:40 2002
> +++ hw_zencod.h.new Thu Apr 24 13:
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
__
OpenSSL Project http://www.openssl.org
Development Mailing
//www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=595
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
Patch applied and committed to 0.9.8-dev. Thanks. Ticket resolved.
--
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List [
I've added ean entry for X509_TRUST_OBJECT_SIGN in trstandard[]. Please
test tomorrow's snapshot.
[EMAIL PROTECTED] - Fri May 16 12:54:13 2003]:
> Hi All,
>
> The X509_TRUST_OBJECT_SIGN, which is defined in crypto/x509/x509.h, is
>not
> included in the trstandard table defined in crypto/x5
[EMAIL PROTECTED] - Fri May 16 12:54:13 2003]:
> Hi All,
>
> The X509_TRUST_OBJECT_SIGN, which is defined in crypto/x509/x509.h, is
not
> included in the trstandard table defined in crypto/x509/x509_trs.c.
The
> number of trust options and the number of entries and their order in
this
> table sh
Is this resolved?
[steve - Tue Jun 3 02:00:41 2003]:
> I've tried this on the latest 0.9.7-stable version and it fails with a
> base64 decoding error.
>
> The cause is that the base64 BIO is rather broken as I discovered when
> I
> attempted to run some exhaustive non-blocking I/O tests on it
I've implemented ERR_set_mark() and ERR_pop_to_mark(), which can be used
for similar functionality. I'll look into ERR_disable() and
ERR_enable() as well, but that requires quite a lot more work.
If the implemented functions are enough for you for now, I'll resolve
this ticket.
[EMAIL PROTECTED
I've no idea. I think you should ask in the Apache mailing lists, not
here.
I'm resolving this ticket.
[EMAIL PROTECTED] - Fri May 30 09:17:48 2003]:
> hi,
> For Apache version 2.0.42 (web server) which version
> of openssl is compatible
> Please kindly help me on this
>
> from
> athma
>
> _
Patch applied and committed. Thank you. Ticket resolved.
[EMAIL PROTECTED] - Sun Jun 1 16:35:09 2003]:
> I've noticed that openssl installs the man page des_modes.7 and makes
> three links to it called Modes.7, of.7, and DES.7 (because the title
is
> "Modes of DES").
>
> To fix this, I have
I just committed a change, which will appear in tomorrow's snapshots.
Thanks for the report. Ticket resolved.
[levitte - Wed Jun 11 20:16:02 2003]:
> [EMAIL PROTECTED] - Wed Jun 11 09:21:46 2003]:
>
> > Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom
> >
> > The rsa command fa
[EMAIL PROTECTED] - Wed Jun 11 09:21:46 2003]:
> Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom
>
> The rsa command fails strangely when attempting to use
> both -passin fd: and -passout fd: together. My code was
>
> openssl rsa -passin fd:5 -des3 -passout fd:7
>
> and it was
I just made a test with the given files, using 0.9.8-dev on Solaris
(Solaris 8, OpenSSL compiled with gcc). No problems with it...
[EMAIL PROTECTED] - Thu May 22 15:47:06 2003]:
>
--
Richard Levitte
[EMAIL PROTECTED]
__
Open
Thanks for the report, I just committed a fix. Ticket resolved.
[EMAIL PROTECTED] - Tue May 27 08:33:05 2003]:
> Hi,
> I came upon a bounds bug in the testsuite program destest.c and
> set_key.c . I have
> attached the snippet of code from the files.
> The problem is that in the loop in destest
[levitte - Sun Apr 13 00:29:12 2003]:
> [EMAIL PROTECTED] - Thu Mar 27 22:04:39 2003]:
>
> I just had a look at your testing script, and I believe it has a flaw
>in this part:
>
>
> > #
> > # Search for shared libraries (libcrypto and libssl).
> > # Relies on shared libraries looking like
[EMAIL PROTECTED] - Thu Mar 27 22:04:39 2003]:
I just had a look at your testing script, and I believe it has a flaw in this part:
> #
> # Search for shared libraries (libcrypto and libssl).
> # Relies on shared libraries looking like "libcrypto.s*"
> #
> echo "Searching for and checking OpenSS
This isn't an OpenSSL bug as far as I can see, but rather a bug in the configuration
script of whatever software (you haven't said what software you're trying yo do this
with).
All I can do is conclude that the openssl.pc mentioned isn't used, or perhaps
PKG_CONFIG_PATH isn't properly set.
[E
Thanks. Fixed.
Ticket resolved.
[EMAIL PROTECTED] - Sat Apr 5 13:50:22 2003]:
> Type:
> -
> Bug report
>
> OpenSSL Version:
> -
> 0.9.7a
>
> Description:
> -
> I am building OpenSSL on FreeBSD wi
You might want to investigate why there isn't a dso_win32.o...
[EMAIL PROTECTED] - Fri Mar 28 08:20:27 2003]:
> Sorry I meant I edited the $HOME/crypto/dso/Makefile.ssl file.
>
> - Original Message -
> From: RCS
> To: [EMAIL PROTECTED]
> Sent: Thursday, March 27, 2003 9:35 PM
> Subject:
Fixed. Thanks.
Ticket resolved.
[EMAIL PROTECTED] - Fri Mar 28 14:06:43 2003]:
> Hi,
>
> I discovered that -setalias in apps/x509.c is tested twice. It's not a
> real bug but it is unnecessary. I use 0.9.7a.
>
> Best regards
>
> Michael
--
Richard Levitte
[EMAIL PROTECTED]
__
[EMAIL PROTECTED] - Mon Mar 31 13:12:19 2003]:
> The code fails because of the following:
>
> 1. title is empty --> indent will not be incremented
> 2. if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
> This printf tries to print an empty string.
>
> Printf returns in this case a zero wh
Applied. Thanks.
Ticket resolved.
[EMAIL PROTECTED] - Mon Mar 31 14:44:47 2003]:
> Hi,
>
> the fingerprint option in apps/crl.c is not documented in 0.9.7a if
> the
> online help is used. The simple patch is attached.
>
> Best regards
>
> Michael
--
Richard Levitte
[EMAIL PROTECTED]
Could you please download the latest 0.9.6 snapshot and check that it works for you?
As far as I understand, the MT issue has been adressed, but solved in a different
manner.
[EMAIL PROTECTED] - Fri Mar 28 08:22:16 2003]:
> This patch fixes the multithreading issues I was having when an RSA
[jaenicke - Fri Feb 14 16:39:21 2003]:
> [levitte - Wed Dec 4 21:19:17 2002]:
>
> > MD5 is one of those algorithms that's used so much it isn't easy to
> > disable. However, you only had problems in two files with it, we're
> > apparently doing fine. I'll investigate and get back to you.
>
>
I've included [EMAIL PROTECTED] as additional requestor. I hope noone minds.
Can you tell me exactly what is wrong with the certificate in question? "not
functional" doesn't say very much. If you want to send me the certificate (NOT the
key) in question, please do, that would help a lot.
I
And that resolves this ticket.
Thansk for the help!
[EMAIL PROTECTED] - Thu Mar 27 12:33:14 2003]:
[...]
>openssl-0.9.7-stable-SNAP-20030326 produced no errors
--
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project
I added a rather quick fix. Will be tested thoroughyl tonight.
This ticket is now resolved.
[levitte - Wed Mar 26 23:56:49 2003]:
> Very simple error, and is already fixed in 0.9.7 and on.
>
> Needs to be fixed before any further release of the 0.9.6 branch.
--
Richard Levitte
[EMAIL PROTE
Very simple error, and is already fixed in 0.9.7 and on.
Needs to be fixed before any further release of the 0.9.6 branch.
--
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.opens
[EMAIL PROTECTED] - Fri Mar 21 09:58:12 2003]:
> I downloaded openssl-0.9.7-stable-SNAP-20030320 and it does indeed
> fix the
> problem with "make test". I'm a little uncomfortable installing this
> develop-
> ment version and re-linking all my SSL applications against it - any
> idea if
> 0.9.
Fixed. Thanks.
This ticket is now resolved.
[EMAIL PROTECTED] - Wed Mar 19 13:04:48 2003]:
> doc/apps/s_client.pod:The following command option is not mentioned
>
>-starttls prot - use the STARTTLS command before starting TLS
>for those protocols that support i
Done. Thanks.
This ticket is now resolved.
[EMAIL PROTECTED] - Tue Mar 18 19:23:21 2003]:
> OpenSSL version 0.9.7a
> AIX version 4.3.3 ML10
>
> AIX does NOT respond "command not found" when a command can't be found.
> It respond with "ksh: cc: not found.".
>
> Change line 461 in config
> (cc
Fixed. Thanks.
This ticket is now resolve.
[EMAIL PROTECTED] - Sun Mar 16 19:26:20 2003]:
> "self-sighed" should be "self-signed"
> "it's" should be "its"
--
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project
I think I've fixed the problem. Please try tomorrows snapshot and tell me how it
worked.
[guest - Thu Mar 6 15:34:46 2003]:
> Solaris 8 [SPARC]
> gcc 3.3.2
> openssl 0.9.7a
>
> Using
>
> ./config
>
> everything works as expected, however with
>
> ./config shared
>
> make test fails as
Interesting, since all our Solaris targets have "-lsocket -lnsl -ldl" as extra linking
flags... So just to check, is -lnsl really missing in your builds, or is it just
-lxnet?
[EMAIL PROTECTED] - Wed Mar 5 14:00:08 2003]:
> Hi
> building openssl under Solaris 2.6 (probably also other version
I've inserted "| head -1 " between the "hinv" command and the pipe to "sed". HTH.
Please try the next snapshot of 0.9.7.
This ticket is now resolved.
[EMAIL PROTECTED] - Wed Feb 26 09:11:56 2003]:
> The config script in openssl-0.9.7a uses the command 'hinv -t cpu' to
> determine which type
Uhmmm, I don't believe this is a question for the request database. It would be a
good idea if you directed your question to [EMAIL PROTECTED]
I'm killing this ticket now.
[EMAIL PROTECTED] - Fri Feb 21 14:30:37 2003]:
> Dear Sir,
>
> I'm working in a small company. We have developed a produ
Patch applied and committed. This ticket is now resolved.
Thank you.
[EMAIL PROTECTED] - Fri Feb 21 08:30:00 2003]:
>
> This isn't a big one, but the HP ANSI C (and the HP ANSI C++) compiler give
> the following warnings when building crypto/pkcs12/p12_npas.c:
>
> cc: warning 5004: Uninitial
[EMAIL PROTECTED] - Thu Feb 20 11:59:09 2003]:
> System:
> IA-64, SuSE SLES-8
> Compiler:
> Intel(R) C++ Itanium(R) Compiler for Itanium(R)-based applications
> Version 7.0, Build 20021210
>
> I've patched the Configure script by adding a new configuration,
> "linux-ia64-ecc". It's
Did Stephens fix solve the problem? Please answer so we can decide if there's more to
this issue or if we can resolve it.
Thank you.
[EMAIL PROTECTED] - Wed Mar 12 10:27:11 2003]:
> Stephen,
>
> On Wed, 12 Mar 2003, Stephen Henson via RT wrote:
> >
> > [EMAIL PROTECTED] - Thu Feb 20 11:16:21
Is this still an issue, and if it is, have you tested version 0.9.7a, and does the
problem still remain?
If you still have problems, please send a full log of configuration and building.
Thanks.
[EMAIL PROTECTED] - Mon Feb 17 21:29:30 2003]:
> Hello
>
> (a beginner using linux+ssl)
>
> I t
Fix committed. It will appear in OpenSSL 0.9.7a and on.
This ticket is now resolved.
[[EMAIL PROTECTED] - Tue Feb 18 12:29:43 2003]:
> Hello !
>
> I'm trying to compile OpenSSL on a Windows 2000 server with Borland
> C++
> Builder 5 using nasm.
>
> With the OpenSSL 0.9.7 stable snapshot 2003
In other words, this is a user error. This ticket is now resolved.
[[EMAIL PROTECTED] - Sat Feb 15 01:53:26 2003]:
> In message <[EMAIL PROTECTED]> on Fri, 14 Feb
> 2003 21:18:45 +0100 (MET), " via RT" <[EMAIL PROTECTED]> said:
>
> rt>
> rt> Hi,
> rt>
> rt> I'm using the latest (0.9.7) Crypto
I've inserted changes that we didn't already have. Does FreeBSD on ia64 really not
have threading support?
Please test tomorrows snapshot on sparc64 and ia64.
This ticket is now resolved.
[[EMAIL PROTECTED] - Sun Jan 12 23:00:37 2003]:
>
> Hi,
>
> In order to support compilation on FreeBSD
Fixed. Thanks for the report.
This ticket is now resolved.
[[EMAIL PROTECTED] - Tue Dec 24 21:58:02 2002]:
> Hello,
>
> This is a bug report against 0.9.7-stable-SNAP-20021221.
>
> OpenSSL, when configured with Kerberos support, now has run-time
> dependencies on the krb5 set of libraries (w
Thanks. I made a slightly different change, by taking the bn_ops (BN_LLONG...) from
OpenBSD-mips. Also, I only applied this to 0.9.7a-dev and 0.9.8-dev.
Please test tomorrows snapshot.
This ticket is now resolved.
[[EMAIL PROTECTED] - Thu Feb 13 20:32:13 2003]:
> Hello,
>
> I needed shared
Problem fixed. This ticket is now resolved.
[[EMAIL PROTECTED] - Thu Feb 13 20:33:58 2003]:
> Hi,
>
> I had some problems building 0.9.7 on win32 using masm and VC.
>
> I used the "no-ripemd no-ssl2" arguments to mk1mf.pl, and then tried to
> make. Apparently some ripemd files were still incl
Have you tested if 0.9.7 works without making any extra changes?
[[EMAIL PROTECTED] - Thu Feb 13 20:34:15 2003]:
> I note that for openssl-0.9.6b, the recommendation for people with
> alpha-dec-osf platform is to use the following to circumvent virtual
> memory
> problems.
>
> make DIRS=crypto
I believe this is resolved.
--
Richard Levitte
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
OK, patch applied and committed.
This ticket is now resolved.
[[EMAIL PROTECTED] - Tue Nov 26 20:05:17 2002]:
> I am working on trying to build the libraries (libcrypto and libssl)
> to
> run on an embedded system with limited storage. To give you an idea, i
> have
> approximately 1.5 megabytes
I've now looked at both items, and even tried implementing. It became a too large
change for the 0.9.7 development track, so I'm moving this to 0.9.8. As a matter of
fact, I just implemented full -R/-rpath support for 0.9.8-dev, for the platforms where
I could find out how it should be done..
Can we assume that this won't be handled for 0.9.7a?
[jaenicke - Thu Nov 14 15:35:03 2002]:
> [levitte - Thu Nov 14 15:31:34 2002]:
>
> > Lütz, did you get anywhere with this?
> >
>
> No. I didn't have the time to look into it. And I don't know, whether
> I will find the time before next week
I'm not sure about your solution. Have you tested it at all and verified that it
works? According to my understanding of the source, X509_load_crl_file() will not
load a certificate into the cache if there already exists another cert with the same
subject in that same cache. In effect, your
[[EMAIL PROTECTED] - Mon Feb 3 22:04:45 2003]:
>
> We found some serious build issues with the original submission
> (openssl-lunaca3-patch-0.9.7.tar.gz) and we are busy updating the
> patch. I
> expect the update will be necessary before this ticket is closed.
>
> Let me know when you have t
OK, I'm ready to look at what remains of this ticket. I've got a question:
[levitte - Fri Dec 13 16:19:05 2002]:
> > * When linking the libraries, make sure that libssl finds libcrypto
> > and that they both find all their external dependencies at run time.
> > This is accomplished by the -R, -
[levitte - Fri Jan 31 00:02:41 2003]:
> Hmm, BIO_socket_ioctl() should really take a void* instead of an
>unsigned long *. Then, BIO_socket_nbio() should send a pointer to
>an int instead of a pointe to a long. The latter can be done
>anyway and pushed through useing a cast (ugly),
Hmm, BIO_socket_ioctl() should really take a void* instead of an unsigned long *.
Then, BIO_socket_nbio() should send a pointer to an int instead of a pointe to a long.
The latter can be done anyway and pushed through useing a cast (ugly), or we could
change that last argument type to BIO_soc
Will anything happen with this?
[[EMAIL PROTECTED] - Sat Jan 18 11:02:31 2003]:
> I already answered this once, but it didn't come through for some
> reason...
>
> > >>+ "sx6", "cc:-g -DTERMIOS::(unknown):::SIXTY_FOUR_BIT DES_INT:::",
> > >>
> > >
> > > No optimization? Not even lousy -O?
> >
>
Since the 0.9.6 branch is now dead, I suggest this ticket gets killed.
[steve - Sat Jan 11 02:13:30 2003]:
> [[EMAIL PROTECTED] - Fri Jan 10 15:10:09 2003]:
>
> >
>
> Ugh, can't quote the original message...
>
> This refers to OpenSSL 0.9.6X which does indeed only show the DN of
> the
> CSR (
I applied your changes, to be committed as soon as my tests get through. Please try
the next snapshot and send in a new bug report if it still doesn't work properly.
This ticket is now resolved.
[[EMAIL PROTECTED] - Tue Nov 26 09:37:12 2002]:
> Below msg is a re-send to the correct address [E
OK...
[jaenicke - Thu Jan 30 22:21:50 2003]:
> On Thu, Jan 30, 2003 at 10:09:22PM +0100, Richard Levitte via RT
> wrote:
> >
> > Any more thoughts on this issue?
>
> The problem is not yet solved. Using the global error stack as error
> indicator
> instead of co
Any more thoughts on this issue?
--
Richard Levitte
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
[[EMAIL PROTECTED] - Fri Nov 1 16:57:20 2002]:
> Notes on documentation files:
>
> - The FAQ ("Why does the OpenSSL compilation fail on
> Win32 with VC++?")refers to using VCVARS32.BAT. That
> is the correct name for VC++6. For VS.NET (think of it
> as 'VC++7'), the name is VSVARS32.BAT instead
[[EMAIL PROTECTED] - Tue Jan 28 11:07:34 2003]:
> And (while i'm at it) another thing to mention:
While we're mentioning stuff, I'd like to mention that we can handle bug reports much
better if there's only *one* bug per report. Please keep that in mind in the future.
> I'm using openssl with
Hmm, mind if I skip the freebsd-shared: part? It doesn't seem to be used anywhere
anyway...
[[EMAIL PROTECTED] - Sun Jan 12 23:00:37 2003]:
>
> Hi,
>
> In order to support compilation on FreeBSD I have to suggest some
>patches.
> Please revise and send me comment.
>
> regesssion te
It's not supposed to. It's only under unusual circumstances that this needs updating,
and it should be done in the original source directory anyway.
[[EMAIL PROTECTED] - Mon Jan 27 19:48:27 2003]:
> In the original 0.9.7 release there also seems to be some
> configuration
> remnants left in th
Why does this matter?
[[EMAIL PROTECTED] - Mon Jan 27 19:20:17 2003]:
> I've checked over the snapshot that was current on or about 14-Jan-
> 2003.
> It builds OK.
>
> In the original 0.9.7.tar.gz there were symbolic links already present
> in include/openssl, and they are not removed by make c
e TLS RFC was
> > definitely unclear, but he wasn't totally sure which way it should
>go
> > as
> > far as stripping any leading 0s before using the shared secret to
> > generate
> > keys. It basically depends on what various implementations have
> > decid
OK, I looked at the no-engine patch again, and really saw no harm in it, so it's
committed, and will be part of all release from 0.9.7a and on (as well as the current
0.9.7 and main snapshots).
This ticket is now resolved.
--
Richard Levitte
___
Thanks for the report, I just committed a fix, which will be present in 0.9.7a.
This ticket is now resolved.
--
Richard Levitte
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Thanks for the report and the patch. I applied it almost verbatim.
This ticket is now resolved.
[[EMAIL PROTECTED] - Sat Jan 25 18:18:47 2003]:
> Hi,
>
> I found a memory leak in openssl (version 0.9.6h). I've reproduced it
> with demos/bio/saccept.c.
>
> openssl-0.9.6h/demos/bio$ valgrind -
[[EMAIL PROTECTED] - Tue Jan 28 11:07:34 2003]:
> Hi there !
>
> I thought this was worth mentioning:
>
> Very reproducably, openssl ca crashes each time when having finished
> the job.
> (Worked in 0.9.6x)
I just fixed the problem. Thanks for the stack trace, that made all the difference!
F
[[EMAIL PROTECTED] - Thu Jan 30 09:08:11 2003]:
> The handling of the thisupd and nextupd pointers in
> make_ocsp_response()
> is incorrect. The pointers should be the first parameter of
> x509_gmtime_adj(), rather than the return value.
Why do you think it's incorrect? Have you checked what ha
Thanks for the correction, it's now applied and committed.
This ticket is now resolved.
[guest - Tue Jan 21 10:50:11 2003]:
> The commit for PR: 462 broke build on FreeBSD 4.2, looks like a
> missing
> zero or in the #if conditional.
--
Richard Levitte
___
Thanks. The patch is applied and committed.
This ticket is now resolved.
[[EMAIL PROTECTED] - Thu Jan 16 19:05:40 2003]:
> Hello,
>
> The following modifications (or similar) are needed to enable
> cryptodev support on FreeBSD (which has imported OpenBSD's
> /dev/crypto). FreeBSD's /dev/cryp
Actually, most of that was already written (at least in 0.9.7 and on). I got inspired
by your document and wrote something about creating keys. Thanks.
Please look at http://www.openssl.org/docs/HOWTO/ in an hour or so. You should see
the two files certificates.txt and keys.txt. Please read
The example was incorrect. I've committed a change.
This ticket is now resolved. Thanks to Nils Larsch for helping me figure this one out.
[[EMAIL PROTECTED] - Tue Jan 14 12:56:55 2003]:
> I just test, with OpenSSL 0.9.7a-dev (fresh checkout), the command to
> generate a self-signed cerificat
Please test the latest snapshot and answer the questions below. I'm skipping VPATH
discussion for now. I'd like to resolve this ticket soon.
[levitte - Fri Jan 10 16:52:20 2003]:
> > If you just leave out the "-o -type l"
> > you won't make any of the links, and the include/openssl directory
[[EMAIL PROTECTED] - Mon Jan 13 18:47:42 2003]:
> "openssl ca" is one of them, and probably the most cumbersome.
> "openssl req -new -out $FILE" does not verify that $FILE is a writable
> file.
I suspected 'openssl ca' was one of them.
As to the 'openssl req' example you give, so what? The pro
I just applied your patch and will commit soon. Please check tomorrows snapshot.
This ticket is now resolved.
[[EMAIL PROTECTED] - Sun Jan 5 10:50:22 2003]:
> Some test-files include a protype for read(). Unfortunately this
> protype doesn't
> match the one in djgpp's . Can we not removed thi
[[EMAIL PROTECTED] - Fri Jan 10 15:08:41 2003]:
It would be good to know exactly which openssl commands are involved in this issue.
I'm pretty sure this issue only applies for some of them.
--
Richard Levitte
__
OpenSSL Proje
[[EMAIL PROTECTED] - Fri Jan 10 15:09:40 2003]:
It's correct, recertification doesn't work very well. A change would however mean
making a substantial change to the database (index.txt), which makes it too
complicated to get into the 0.9.7 branch.
I'm planning to work on changing this behavio
[[EMAIL PROTECTED] - Sun Jan 12 23:00:22 2003]:
> On Sun, 12 Jan 2003, Andy Polyakov wrote:
>
> > > dkaufman> I noticed that the makefile contains a special line for
> > > dkaufman> DJGPP, similar to the one for Cygwin. This isn't needed for
> > > dkaufman> DJGPP. Patch attached.
> > >
> > > Pl
Hello,
Thanks for the report. Unfortunately, your conclusions are incorrect. The functions
that you spotted in ui_lib.c return the expected values, it's UI_UTIL_read_pw() that
interprets those values incorrectly.
I'm committing a change that should fix this. Please try tomorrows snapshot.
Kris reported that the change I proposed works (except for thread support, which I
promptly fixed).
This ticket is now resolved.
--
Richard Levitte
__
OpenSSL Project http://www.openssl.org
Deve
I just committed the final change that makes 'make install' print a recommendation on
handling the shared libraries of such a thing was installed anywhere else than in
/usr/lib.
The text that's shown is rather close to the one suggested by Jeff, with additions
about pkg-config and a reordering
[[EMAIL PROTECTED] - Fri Jan 10 16:35:08 2003]:
> I think a sufficient requirement is that files in the source tree that
> are relative links need to be recreated as relative links within the
> platform dependent directory.
exactly.
> If you just leave out the "-o -type l"
> you won't make any
[[EMAIL PROTECTED] - Sat Jan 4 19:22:11 2003]:
> On Sat, 4 Jan 2003, Nick Briggs via RT wrote:
>
> [snip]
> > # Place yourself outside of the OpenSSL source tree. In
> > # this example, the environment variable OPENSSL_SOURCE
> > # is assumed to contain the absolute Ope
I've removed '-o -type l' from the note in CHANGES. I've also added a note on
separate build directories at the end of INSTALL. Finally, I've made sure that
test/testgen removes the files it generates if they exist before the actual generation.
I've tested this against a read-only source tree
[[EMAIL PROTECTED] - Sat Jan 4 12:04:29 2003]:
> These instructions, from the CHANGES file:
>
> ==
> *) Add appropriate support for separate platform-dependent build
> directories. The recommended way to make a platform-dependent
> build directory is the following (tested o
It's unfortunate that cryptoki.h is GPLd, or I would put it in our contribution area.
GPL is not compatible with the OpenSSL license. Is it possible to get a different
cryptoki.h?
Also, is conf.h really necssary?
I'm willing to do the transformation needed for this bundle to work properly wit
Quite. I've committed that change.
This ticket is now resolved.
[[EMAIL PROTECTED] - Fri Jan 10 08:44:13 2003]:
>
>
> During our memory stress testing we discovered a bug in the
> BN_generate_prime() function. In the case that the creation of a new BN_CTX
> fails (line 143), execution drops
I've made the corrections (most were already there) in 0.9.7a-dev and 0.9.8-dev.
This ticket is now resolved.
[[EMAIL PROTECTED] - Fri Jan 10 08:44:04 2003]:
> Hello,
>
> Some typos in the openssl man pages were discovered (see NetBSD's PR
> misc/19627
> http://www.NetBSD.org/cgi-bin/query-pr-
[levitte - Thu Jan 9 00:20:00 2003]:
> You can find teh white paper here:
>
> http://www.cisco.com/warp/public/cc/pd/sqsw/tech/scep_wp.htm
Oh look, there's a draft too:
http://www.ietf.org/internet-drafts/draft-nourse-scep-06.txt
--
Richard Levitte
__
[jaenicke - Wed Jan 8 09:11:41 2003]:
> I am not familiar with SCEP (yet), however would consider it a worthful
> addition to the OpenSSL toolkit.
You can find teh white paper here:
http://www.cisco.com/warp/public/cc/pd/sqsw/tech/scep_wp.htm
>From the looks of it, I get CMC vibes... We shou
Patch applied.
This ticket is now resolved.
[[EMAIL PROTECTED] - Tue Dec 31 16:42:29 2002]:
> The files.
> ./crypto/dsa/dsagen.c
> ./crypto/x509v3/v3conf.c
>
> seems no longer used (reference from makefiles). But some functions
> have
> wrong number of arguments. The files should IMHO be r
I fixed the problem, but in a different way: I changed 't->length+2' to 't->length+3'.
Please test the snapshot with name 'openssl-0.9.7-stable-SNAP-20030101.tar.gz'
whenever it appears.
This ticket is now resolved.
[[EMAIL PROTECTED] - Tue Dec 31 18:01:25 2002]:
> The ASN1_TIME_to_generalize
501 - 600 of 940 matches
Mail list logo