> [openssl-...@openssl.org - Wed Apr 22 18:16:24 2009]:
>
> Hi All,
>
> I just tried building OpenSSL 1.0.0 on OS/2 using GCC 4.3.3
>
> A couple of patches required - to configure and rand_os2.c
>
> Current patch hacks makefile.shared - I need some suggestions here to
> handle the fact that wi
I'm not sure about this. Surely if the openssl utility is found on the
PATH it should be able to execute it without having to include its
absolute pathname?
__
OpenSSL Project http://www.openssl.org
Patch committed (with some minor modification and editing). Thanks for
the contribution.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.o
> [darryl-mailingli...@netbauds.net - Wed Apr 08 16:58:40 2009]:
>
> At this time I am seeking approval / consensus / agreement in principal
> on this patch inclusion. Once that is reached then I'd like to work on
> related matters about this issue like updating man pages / API
> documentation
> [kil...@mail.zutom.sk - Mon Mar 16 16:16:38 2009]:
>
>
> STEPS TO REPRODUCE
> Specify a "-keyform pkcs12" argument to openssl and it will behave as if
> you specified "-keyform pem". The only way to really use PKCS12 is to
> specify "-keyform 1" (see line 275).
>
> I'm currently unable to prov
> [jrebi...@gmail.com - Mon Nov 26 14:35:33 2007]:
>
> Hi,
>
> Shouldn't the do_dirname() function (in v3_alt.c, l.559) call
> X509V3_section_free(ctx, sk) to free memory which might be allocated
> previously by X509V3_get_section(ctx, value) ?
>
Fix applied (finally!) thanks for the report, St
> [...@multitalents.net - Fri Apr 03 09:08:23 2009]:
>
>
> OpenSSL_1_0_0-stable and HEAD use socklen_t.
> Some platforms do not have the socklen_t data type.
>
> I propose the following patch (also attached) so a person could
>./config --socklen_t=int
>
There isn't any real need for a spec
Patch not applied yet due to portability issues with gettimeofday().
This doesn't exist on WIN32 and not sure about others such as VMS.
GetSystemTimeAsFileTime() is one possibility on WIN32: see fips_rand.c
for an example. The speed utility (apps/speed.c) also has various
versions so that may be us
Applied to 0.9.8-stable, doesn't apply cleanly to 1.0.0-beta1
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Applied to 0.9.8-stable, doesn't apply cleanly to 1.0.0-beta1
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Patch applied to 0.9.8-stable, doesn't apply cleanly to 1.0.0-beta1
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Man
> [n...@nekochan.net - Wed Apr 01 16:07:15 2009]:
>
> Hello,
>
> I've encountered a compile failure of openssl-1.0.0-beta1. Details are
> as follows:
>
> # uname -aR
> IRIX64 Kazehana 6.5 6.5.30f 07202013 IP35
>
> # cc -v
> MIPSpro Compilers: Version 7.4.4m
>
>
> ./Configure --prefix=/u
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
__
OpenSSL Project http://www.openssl.org
Development Mailing
> [openssl-...@openssl.org - Thu Apr 02 08:15:41 2009]:
>
>
> The struct timeval is found in sys/time.h on this platform.
> In the 1.0.0 version of apps/ocsp.c the USE_SOCKETS define has been
> removed so sys/time.h is not included from e_os.h as it was in 0.9.8.
>
I don't think it was so much
> [mr...@linux.ee - Wed Apr 01 13:24:34 2009]:
>
>
> Seems like -lsocket is missing from autodetection, or maybe -lnsl too.
>
> OpenSSL self-test report:
>
> OpenSSL version: 1.0.0-beta1
> Last change: Support use of registered digest and cipher names
>for d...
> Options: no
> [philipp_s...@redfish-solutions.com - Mon Jan 26 12:04:34 2009]:
>
> The OCF code has been ported to Linux:
>
> http://sourceforge.net/project/showfiles.php?group_id=133575
>
>
> it would be very nice if this were supported in openssl without patching.
>
> For instance, crypto/engine/eng_all
> [philipp_s...@redfish-solutions.com - Mon Jan 26 12:00:57 2009]:
>
> When doing a version bump on distros (especially distros that may have
> required some patching to accommodate this package), the "silent death"
> of commands that run and fail without emitting any output makes it
> especial
> [ding...@hotmail.com - Tue Mar 03 08:06:37 2009]:
>
>
>
> Hi all,
>
> In the current release OpenSSL 0.9.8j, there are two bugs in
>./crpto/x509/x509_vfy.c and ./crpto/x509/x509_cmp.c
>
> Here are the details:
>
> 1) The return value of function X509_NAME_cmp in
>./crpto/x509/x509_c
> [oli...@volatilevoid.net - Fri Mar 06 13:51:18 2009]:
>
> Am Wed, 4 Mar 2009 17:28:09 +0100 (CET) schrieb Stephen Henson via RT:
>
> > IMHO a better way to implement this functionality is with a new
> > function ASN1_TIME_set_string() which uses UTCTime/Generalize
> [doug.c.zo...@fnis.com - Wed Feb 25 20:32:50 2009]:
>
> While trying to build the daily snaps from the period 02/01/2009 -
> 02/24/2009 on AIX I get the error:
> Cannot find a rule to create target ../include/openssl/fips.h
> from
> dependencies
>
> I have not built the fips library and di
> [oli...@volatilevoid.net - Wed Mar 04 07:42:52 2009]:
>
> This patch adds support for GeneralizedTime for startdate/enddate in
> openssl ca. I guess not too many people need certificates beyond 2049
> (or before 1950) right now, but having the capability surely can't hurt.
>
> Also, previously
> [jeffw...@gmail.com - Fri Feb 27 20:34:24 2009]:
>
> From: Jeff Wu
> Date: Thu, Feb 26, 2009 at 4:41 PM
> Subject: "openssl verify -CAfile mutil_ca.pem site.cert" fails even if
> mutil_ca.pem contains the chain for site.cert
> To: openssl-b...@openssl.org
>
>
> Verification fails even if the
> [had...@danisch.de - Thu Jan 01 10:43:14 2009]:
>
> I tried to decrypt the encrypted objects in PDF documents. These are
> encrypted using RC4 and,
> as far as I can see at the moment, key of key length 16 byte derived
> from a master file key of 5 byte length.
>
> After calculation of that mas
> [ko...@fillibach.de - Sun Dec 14 13:21:24 2008]:
>
>
> I would like to write a patch to read the hash algorithm from the
> signature. But only if someone is interested in merging the patch. I
wont
> make the effort to let it bitrot in a tracker...
>
This would only work with RSA PKCS#1 v1
> [EMAIL PROTECTED] - Tue Nov 25 17:11:56 2008]:
>
> hi,
> i do these command using vs6++ and get an error.
> >F:\Program Files\Microsoft Visual Studio\VC98\Bin\vcvars32.bat
> >cd C:\devdiv\openssl-0.9.8i
> >ms\do_ms
> >nmake -f ms\ntdll.mak
>
Did you do:
perl Configure VC-WIN32
first?
__
> [EMAIL PROTECTED] - Thu Nov 27 07:45:29 2008]:
>
> This patch is the first portion of SRP (RFC 5054) support in OpenSSL.
>
> The original work to add SRP to OpenSSL was done by the EdelKey project
> (http://www.edelweb.fr/EdelKey/). I am updating these patches for the
> latest
> development
If the certificate chain cannot be built to a trusted root then none of
the keys can be trusted either. An attacker could build a totally bogus
chain using their own keys and valid signatures... but it would not be
valid because it would not chain to a trusted root.
Signature verification can be a
You patch has now been applied to HEAD. Thank you for the contribution.
Let me know of any problems.
Steve.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
> [EMAIL PROTECTED] - Wed Nov 12 14:46:47 2008]:
>
> On Tue, Nov 11, 2008 at 12:09:55PM +0100, Stephen Henson via RT wrote:
>
> > OK, we'd need the generic extension part of the patch modified to
> only
> > override the session ticket extension.
>
> I repla
> [EMAIL PROTECTED] - Wed Oct 22 13:56:16 2008]:
>
> On Wed, Oct 22, 2008 at 01:19:53PM +0200, Stephen Henson via RT wrote:
>
> > I've had an initial look at this patch. Is there some reason you need to
> > be able to generate generic extensions rather than just b
> [EMAIL PROTECTED] - Thu Nov 06 09:19:52 2008]:
>
> Why not increase the default, say, to 100 instead, as Globus did?
>
>
What did they actually change?
Changing the line:
9, /* depth */
in x509_vpm.c should do the trick. Can you confirm this works?
> [EMAIL PROTECTED] - Wed Oct 22 17:10:41 2008]:
>
> cryptlib.h:62:20: error: stdlib.h: No such file or directory
> cryptlib.h:63:20: error: string.h: No such file or directory
> In file included from cryptlib.h:65,
> from cryptlib.c:117:
> .../e_os.h:412:30: error: unistd.h: No s
> [EMAIL PROTECTED] - Sun Sep 28 16:41:18 2008]:
>
> Update the OpenSSL patch for EAP-FAST support to work with the current
> OpenSSL snapshot. The ssl/s3_srvr.c change from 03-Sep-2008 (rev 1.163)
> seemed to have reverted some earlier changes and because of this, the
> extra call to ssl3_digest_
> [steve - Sat Nov 29 13:17:25 2003]:
>
> I actually looked into this before and got quite far with it. I'd
> located a number of useful time algorithms and got some initial code.
>
The time routines have been enhanced in HEAD. This covers the case where
a large value for -days is given and avoi
This bug is fixed in the 0.9.8 snapshots and will appear in the next
OpenSSL release.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Fixed in the latest snapshots.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
Fixed in the latest snapshots.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
Well originally a PKCS#12 file had localKeyId present only on matching
certificates and private keys. This wasn't very well documented and some
implementations don't follow this.
Since a number of implementations no longer do this I'll look into
making PKCS12_parse() more tolerant.
__
> [EMAIL PROTECTED] - Fri Jul 11 09:18:46 2008]:
>
>
>
> Step3 Try to use pkcs12
> openssl req -x509 -out demoCA/cacert.pem -new -keyout
> demoCA/private/cakey.pem -subj
> /C=US/ST=California/L=Cupertino/O=Senas/CN=ca -nodes
> openssl req -out ksb_cert_req.pem -new -keyout ksb_priv
> [EMAIL PROTECTED] - Mon Jun 02 10:49:53 2008]:
>
> I think I've spotted a problem generating PKCS#7 DER-encoded output
> using OpenSSL 0.9.8e
>
> crypto/pkcs7/pk7_asn1.c has an ASN.1 definition for PKCS7_SIGNED as:
>
> > ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
> > ASN1_SIMPLE(PKCS7_SIGNE
> [EMAIL PROTECTED] - Fri May 02 08:13:24 2008]:
>
> 1) CMS_final() and CMS_verify() both appear to be ignoring an
>EVP_R_COMMAND_NOT_SUPPORTED error. That is: both functions are
>giving me what I think are meant to be successful returns (non-zero
>return value for CMS_final(), return
> [EMAIL PROTECTED] - Thu Mar 13 06:56:17 2008]:
>
> Hi OpenSSL Developers,
>
> Thank you for your advise.
>
> I tried to use the latest source via
> ftp://ftp.openssl.org/snapshot/openssl-0.9.8-fips-test-SNAP-
> 20080312.tar.gz and followed the instructions to build fips openssl.
>
Thanks for
> [EMAIL PROTECTED] - Mon Mar 10 09:06:07 2008]:
>
> enclosed pleas find a patch that adds support for the freshestCRL
extension.
>
> Have fun.
>
>
>
Would be better if it didn't zap two new OIDs which I recently added ;-)
Steve.
__
> [EMAIL PROTECTED] - Fri Mar 07 09:30:15 2008]:
>
>
> 2)
> [EMAIL PROTECTED] pwd
> /home/boqian/fips/openssl-fips-0.9.8f-dev
> [EMAIL PROTECTED] ./Configure hpux-cc fipscanisterbuild
>
You should do:
./config fipscanisterbuild
>
>It shows the eckey_secp112r1.pem file's format may be wr
> [EMAIL PROTECTED] - Sat Jan 26 22:21:55 2008]:
>
> I'm running a 32-bit chroot on an x86_64 machine. That is, the kernel
>can execute
> 64 and 32 bit binaries, but everything has been compiled with -m32
>within the chroot. All the installed packages including gcc and
>glibc have just
> [EMAIL PROTECTED] - Fri Dec 21 12:58:22 2007]:
>
> Please review!
>
Patches applied. I didn't include the change to mk1mf.pl that changed
the install
command for the include files though. The *.[ch] version is needed in
WIN32 to
include applink.c
Let me know if that's a problem, or any other
> [EMAIL PROTECTED] - Wed Dec 19 13:04:39 2007]:
>
> Hi,
>
> here a patch to openssl crl.c to display the crlNumber using option
> -crlnumber
>
Accessing OpenSSL structure internals is never a good idea if it can be
avoided.
A much better way to handle things is to get the crlNumber as an
ASN
> [EMAIL PROTECTED] - Thu Oct 18 09:05:32 2007]:
>
> Starting with OpenSSL 0.9.8f, Windows builds using ms\do_masm.bat
> generate .asm files with the MASM
> directive XMMWORD.
>
> XMMWORD was added to MASM 8 (Visual Studio C++ 2005).
> ref: http://msdn2.microsoft.com/en-us/library/cw0399sf(VS.80)
The code was changed when TLS ticket support was added. In that case a
zero length session ID can result in a resumed session based on the
ticket. It didn't catch the case where ticket resumtion failed and the
session legth was zero.
This patch should fix it:
http://cvs.openssl.org/chngview?cn=16
> [EMAIL PROTECTED] - Tue Sep 11 23:09:59 2007]:
>
> Hi guys,
>
> [as advised on the list, i'm going through rt]
>
> I'm writing several privilege separated daemons which rely on openssl
> and need reload support. What I really need is to be able to create
> SSL
> context in jails, SSL_use_chain
> [EMAIL PROTECTED] - Wed Sep 05 00:05:31 2007]:
>
>
> Dear maintainers,
>
> In some circumstances, OpenSSL fails to decrypt an S/MIME message
> when we generate a key and encrypt a message using OpenSSL.
>
>
I think the problem in this case is the certificate creation technique.
S/MIME uses
> [EMAIL PROTECTED] - Wed Sep 05 00:05:31 2007]:
>
>
> Dear maintainers,
>
> In some circumstances, OpenSSL fails to decrypt an S/MIME message
> when we generate a key and encrypt a message using OpenSSL.
>
>
> The conditions are as follows:
> * Generate a private key and certificate in certai
An alternative technique is mentioned in:
http://marc.info/?l=openssl-dev&m=118001266831974&w=2
this doesn't make use of gcc specific features and might be the way to
go. It needs to cover a few additional cases though such as safestack, I
haven't had time to cover those cases yet.
Steve.
__
I've attempted to reuse the header files in s_client.c which have used
similar select() functionality for quite a while.
If this still doesn't work properly on all systems I'd suggest using
something similar to s_client.c, s_server.c or speed.c
Let me know of any problems.
___
> [EMAIL PROTECTED] - Tue Mar 13 09:12:05 2007]:
>
>
> I'm totally confused by a difference I'm observing
> between openssl-0.9.8 and openssl-0.9.8d, both
> compiled on the same solaris box with the same
> compiler installation (gcc-3.4.4), both passing
> "make test".
>
> I'm decrypting a DES-en
This change causes a number of problems. Not least of which that
kerberos ciphersuites no longer work at all on OpenSSL 0.9.8e.
In more detail:
1. We should check pms not p for the version info. If the rollback bug
flag is to tolerate clients (including OpenSSL before this) which put
random data
> [EMAIL PROTECTED] - Fri Mar 02 09:58:13 2007]:
>
> openssl pkcs12 -export -in _.pem -nodes -out _.p12
>
> generates PFX DER data with MacData in which empty password is used
> incorrectly, violating following quote from Chapter B, section B.2, item
> 3 of PKCS#12 standard [1]:
>
> "Note
> [EMAIL PROTECTED] - Thu Mar 01 18:42:31 2007]:
>
> On further examination, this problem appears to be bad compilation of
> the sha/fips_standalone_sha1 program:
>
Which would indicate either a bad SHA1 implementation or that that
programs' calls are getting a translated version of the file.
>
> "-mcpu" wasn't deprecated on SPARC. I think it was only deprecated
> on i386.
>
Seems that some platforms support -mcpu and others -march, ugh. I've
reverted the sparc changes to the Configure script. Please try this patch:
http://cvs.openssl.org/chngview?cn=15967
or the next snapshot.
> [guest - Sat Feb 24 04:06:10 2007]:
>
>
> -mcpu was replaced with -march in the 0.9.7 branch only. This change
> was never made to the 0.9.8 branch (which builds successfully for me).
> If
> I switch -march back to -mcpu in the generated Makefile then
> everything works again.
>
>
Can you u
Flexible non-blocking OCSP request handler added to 0.9.9.
Ticket resolved.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automate
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
__
OpenSSL Project http://www.openssl.org
Development Mailing
//www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=872
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
[EMAIL PROTECTED] - Wed Jan 17 20:15:49 2007]:
>
> Right: Outside of some very basic cases, like English Ascii text,
> OpenSSL isn't enough MIME-aware to be usable alone. There is still a
> need for pre- and post-processing around OpenSSL before a proper mail
> can be fed to an MTA. The pres
IMHO the best solution is to have a filter BIO which can handle the
necessary canonicalisation and/or conversion to local eol format.
That kind of thing will be needed if and when full streaming is
supported anyway.
__
OpenSSL P
This is to work around broken encodings and not just for OCSP. OpenSSL
effectively uses the received encoding when computing signatures instead
of converting it to DER. OpenSSL isn't alone in doing this and it is
fairly common practice.
In the past several (rather important) certificates would ha
[EMAIL PROTECTED] - Wed Dec 6 06:32:05 2006]:
> 2006/12/5, Stephen Henson via RT <[EMAIL PROTECTED]>:
> >
> > The sign and verify options of RSA are a kind of "raw sign"
> operation.
> > The PKCS#11 API does support it but some tokens do not. It is not
&g
[guest - Tue Dec 5 20:37:24 2006]:
> I have an Aladdin eToken, which differentiates signing and encryption
> keys. The signing and encryption operation is different in the PKCS#11
> API. They happen to work the same way with RSA, but they are different
ones.
>
> Look at apps/rsautl.c:272
> cas
[EMAIL PROTECTED] - Fri Dec 1 12:42:27 2006]:
> Hi,
>
> I need to sign large files with openssl. How I can retrieve this patch?
>
> Thanks in advance!
>
This patch only applies to the smime utility under certain
circumstances. The patch has already been added to the latest versions
of OpenSS
[EMAIL PROTECTED] - Fri Dec 1 09:42:37 2006]:
> via RT wrote:
> > Some X509v3 OIDs from RFC 2459 are currently missing from objects.txt:
> >
> > * X509v3 Certificate Issuer
> > * X509v3 Issuing Distribution Point
> > * X509v3 Subject Directory Attributes
> >
> > All the other OIDs from the R
[EMAIL PROTECTED] - Fri Oct 20 16:23:50 2006]:
> With this patch, instead of the subjectAltName getting
> "othername:unsupported" it will be something like
> "othername:UPN<[EMAIL PROTECTED]"
>
> Nice when working with ceritifcates from CAC cards.
>
I like the general idea of displaying som
[guest - Fri Nov 17 05:24:37 2006]:
> If a CA uses intermediary certs that are not distributed in all
> truststores such as quovadis with mozilla's trust store. Servers do not
> only transmit leaf certificates, but also intermediary ones.
>
> http://httpd.apache.org/docs/2.1/mod/mod_ssl.html#ssl
Thanks for the report. Patch applied.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
[EMAIL PROTECTED] - Thu Oct 26 11:00:32 2006]:
> Hello -
>
> I was trying to include a CRL distribution point in a certificate, but
> the documentation on the page
> http://www.openssl.org/docs/apps/x509v3_config.html on CRL
> distribution points didn't work for me.
[snip]
> I'm using OpenSSL
[EMAIL PROTECTED] - Fri Oct 6 15:51:45 2006]:
> I followed the instructions step-by-step. I've managed to build previous
> without any problem. I know that I have to do the perl step first
> because I then add the debug options to the makefile output of perl.
>
> By the way, I'm using this with
[EMAIL PROTECTED] - Thu Sep 21 20:00:31 2006]:
> I get the following errors when trying to build on Windows:
>
>
>
> .\crypto\ec\ec_asn1.c(262) : error C2370: "ECPKPARAMETERS_it' :
> redefinition; different storage class
>
The usual cause of this is not doing:
perl Configure VC-WIN32
did
[EMAIL PROTECTED] - Thu Oct 5 18:51:21 2006]:
> Found this bug in OpenSSL 0.9.8d source. A logical AND is being used
> where a bitwise AND is clearly intended. If I understand correctly, the
> bug would allow "any" matching even if the certificate was not self
> issued, at least in circumstanc
[EMAIL PROTECTED] - Thu Oct 5 11:21:54 2006]:
>
> Hi,
>
> I'm submitting this patch as suggested below. This patch adds the
x509_proxy
> module to openssl which can create and printout proxy certificates.
>
It should already be possible to print out proxy certificates using the
OpenSSL 'x50
Patch applied.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
Fixed now. Ticket Resolved.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL P
Fixed, thanks for the report.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
Fixed, thanks for the report.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
[guest - Wed Sep 6 09:51:06 2006]:
> Hi,
>
> It would be great to have an additional parameter to create the request
> for such a receipt in "openssl smime -sign" as per
> http://www.faqs.org/rfcs/rfc2634.html chapter 2.
>
> It seems that MS-Outlook can do this since a while.
>
> Others seem
[EMAIL PROTECTED] - Wed Sep 6 09:51:24 2006]:
> I am trying to use SMIME_read_PKCS7 to read a signed and encrypted MIME
> message from memory BIO, but I can't get it to work. It works fine if I
> construct a file BIO to read from. I can't see anything I am doing wrong
> (and nobody answered to m
[steve - Thu Jul 20 18:12:32 2006]:
>
> Oops, mea culpa on that. I changed it from the old EVP_Sign*() interface
> to EVP_DigestSign(). The old one was unsigned int * for the sig length
> the new one (in line with other things) uses size_t *.
>
> Which causes problems is sizeof(size_t) == sizeo
[EMAIL PROTECTED] - Thu Jul 20 17:27:31 2006]:
>
> Yeah. And I even managed to reproduce it on solaris64-sparcv9-cc. So
> it's our bug, not compiler. Verify below patch. Why I commented on gcc
> and being root thing? Well, for future reference. If you run into
> compiler bug, you can't expect
[EMAIL PROTECTED] - Wed May 11 17:37:29 2005]:
> Current snapshots (checked on 20050503 and 20050511) and 0.9.7e do not
> work when asked to sign non-seekable input. 0.9.6c in Debian woody
> (package version 0.9.6c-2.woody.7) does work.
>
> That is,
>
> echo hello|openssl smime -sign -inkey pr
Don't have that platform to test on. However from the stack dump:
#0 0x000800d6e466 in memcpy () from /lib/libc.so.6
#1 0x000800770a5e in asn1_ex_i2c (pval=0x61d708,
cout=0x61d708
"IxMVoXDTA5MDcxMjE2MjIxMVowRDELMAkGA1UEBhMCSFUx\nETAPBgNVBAgTCEJ1ZGFwZXN0MRQwEgYDVQQKEwtHb3YtQ0EgTHRkLj
[EMAIL PROTECTED] - Thu Jul 6 20:52:49 2006]:
> Hello,
>
>
>
> I have encountered a error compiling fips_premain.c with the Sun
Studio C++
> compiler. Lines 62-66 assign the 41-byte literal HMAC_SHA1_SIG (40
> characters plus null terminator) to the unsigned char array
> FINGERPRINT_ascii_v
This was cause by attempting to load the config file multiple times in
interactive mode.
Fixed.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@
I've disabled the check when compression is negotiated and that seems OK.
Ticket resolved.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@opens
Fixed in 0.9.8b.
Steve.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROT
[guest - Tue May 2 12:16:18 2006]:
> [steve - Fri Apr 28 14:58:16 2006]:
>
> Any suggestions ?
>
Yes the standard suggestion (I think I'll add this to the FAQ). If a
build of a release version fails TRY THE LATEST SNAPSHOT.
_
[guest - Fri Apr 28 12:25:05 2006]:
> Hello,
>
> i have found a bug in openssl 0.9.7i Configure file, used by
> ms/mingw32.bat. Due to this bug, the makefile creation fails.
>
> The problem is that the variable:
>
> @WinTargets=qw(VC-NT VC-CE VC-WIN32 ... BC-32 BC-16 Mingw32 OS2-EMX);
>
> sho
[steve - Wed Apr 26 14:13:22 2006]:
> There is still an error about undefined externals which I'm looking into
> now.
That turned out to be down to a bad installation of VC 2005 Express on
my laptop. A reinstall fixed it and the latest snapshot now compiles
without any problems.
Please check th
You should try the latest snapshots if you have problems compiling the
latest release version, often many problems are already addressed.
There is still an error about undefined externals which I'm looking into
now.
__
OpenSSL Pr
[EMAIL PROTECTED] - Thu Apr 6 14:55:42 2006]:
>
> I'm still not convinced that all of the other assumptions made in the
> X509 name comparison routines are valid for subsequent use of the sorted
> list in a binary search. We are not seeing any more problems though.
>
>
Yes the problem is m
Done, thanks for the report.
Steve.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
[EMAIL PROTECTED] - Wed Mar 29 02:30:32 2006]:
> Hi
>
> I think fPIC is required, the code may not compile without fPIC. I
will try
> with other 0.9.7e/f/g version and let you know. Also on other 64bit
systems
> i.e. HP-UX, Solaris, Linux x86_64, SGI the openssl works just fine.
>
> The x_name.
[EMAIL PROTECTED] - Wed Mar 29 00:43:29 2006]:
> Hi
>
> I compiled openssl 0.9.8a in two different directories one without debug
> option and another with -g debug mode. My openssl configure command is:
>
> ./Configure --openssldir=$(PKG_64BIT_INSTALL_DIR) -fPIC linux-ia64
> (no-debug)
701 - 800 of 998 matches
Mail list logo
