[[EMAIL PROTECTED] - Thu Jan 30 20:06:53 2003]:
First of all apologies for mixing several problems in one
post - i promise to do better next time, but i didn't consider
the Rand-problems bugs and really just wanted to mention them
on the side (having solved them for my purposes anyways)
as a
From: Richard Levitte via RT [mailto:[EMAIL PROTECTED]]
Hmm, BIO_socket_ioctl() should really take a void* instead of
an unsigned long *. Then, BIO_socket_nbio() should send a
pointer to an int instead of a pointe to a long. The latter
can be done anyway and pushed through useing a
[levitte - Fri Jan 31 00:02:41 2003]:
Hmm, BIO_socket_ioctl() should really take a void* instead of an
unsigned long *. Then, BIO_socket_nbio() should send a pointer to
an int instead of a pointe to a long. The latter can be done
anyway and pushed through useing a cast (ugly), or
I haven't had the time to go into it, but here's code from
the MSDN VC++6 samples MAPIDBG.C that is said
to do just this and seems reasonable.
I'll test this some other time if there's interest.
#if defined( _WINNT)
/*++
Routine Description:
This routine returns if the service specified
On Fri, Jan 31, 2003 at 08:12:41AM +0100, Cameron Gregory via RT wrote:
for num 15 .. always get the same result.. and it's larger than
expected...
Reason: The internal OpenSSL function 'probable_prime' (in
crypto/bn/bn_prime.c) uses a built-in list of small primes for sieving
out candidate
On Wed, Dec 04, 2002 at 10:16:37AM -0500, Jack Lloyd wrote:
I asked Eric Rescorla, and he agreed the section of the TLS RFC was
definitely unclear, but he wasn't totally sure which way it should go as
far as stripping any leading 0s before using the shared secret to generate
keys. It
In message [EMAIL PROTECTED] on Fri, 31 Jan 2003 15:50:06
+0100 (MET), Bodo Moeller via RT [EMAIL PROTECTED] said:
rt A second theory is that OpenSSL should always clear the error queue by
rt calling ERR_clear_error() if stuff left in the error queue might cause
rt confusion later.
The problem
In message [EMAIL PROTECTED] on Fri, 31 Jan 2003 15:50:06
+0100 (MET), Bodo Moeller via RT [EMAIL PROTECTED] said:
rt A second theory is that OpenSSL should always clear the error queue by
rt calling ERR_clear_error() if stuff left in the error queue might cause
rt confusion later.
The problem
Richard Levitte via RT wrote:
OK, does anyone know a good way to detect (in run-time!) when the program is running as a service? If there's a way, the rest should be easy.
Sorry I have been out of contact on this issue but the problems here are
not about OpenSSL being used within a service
OK, I'm ready to look at what remains of this ticket. I've got a question:
[levitte - Fri Dec 13 16:19:05 2002]:
* When linking the libraries, make sure that libssl finds libcrypto
and that they both find all their external dependencies at run time.
This is accomplished by the -R, -rpath
[[EMAIL PROTECTED] - Thu Nov 14 18:54:19 2002]:
RFC 2246 is very vague:
8.1.2. Diffie-Hellman
A conventional Diffie-Hellman computation is performed. The
negotiated key (Z) is used as the pre_master_secret, and is
converted
into the master_secret, as specified above.
Bodo Moeller via RT wrote:
On Tue, Nov 26, 2002 at 10:44:15PM +0200, Arne Ansper wrote:
I just checked. Seems that SSL_CTX_use_certificate_chain_file has a same
problem. Other uses of ERR_peek_error seem to be immune to the old entries
in error stack.
One theory is that applications should
[[EMAIL PROTECTED] - Fri Jan 31 07:56:07 2003]:
In message [EMAIL PROTECTED] on Fri, 31 Jan
2003 04:59:36 +0100 (MET), via RT [EMAIL PROTECTED] said:
rt
rt Do you have any ideia when?
0.9.8 at the earliest.
0.9.8 at the latest :-)
I'm currently testing some code that handles IPv6 and
i'm sorry for the delay in response. i've been out of the office during the
last couple of weeks.
yes, more tests fail than i reported, but we only wanted enough openssl
to work with openssh, so once i got what i wanted, i didn't go any further
until i had more time to devote to it.
attached
[[EMAIL PROTECTED] - Fri Jan 31 21:06:07 2003]:
i'm sorry for the delay in response. i've been out of the office
during the
last couple of weeks.
yes, more tests fail than i reported, but we only wanted enough
openssl
to work with openssh, so once i got what i wanted, i didn't go
i'm happy to test anything you want, but crays are more my forte
and NEC just my spare time, so i can't provide much programming
help myself.
Stephen Henson via RT wrote:
[[EMAIL PROTECTED] - Fri Jan 31 21:06:07 2003]:
i'm sorry for the delay in response. i've been out of the office
I just checked. Seems that SSL_CTX_use_certificate_chain_file has a same
problem. Other uses of ERR_peek_error seem to be immune to the old entries
in error stack.
One theory is that applications should not call arbitrary OpenSSL
functions while there is stuff in the error queue.
[[EMAIL PROTECTED] - Fri Jan 31 21:36:01 2003]:
i'm happy to test anything you want, but crays are more my forte
and NEC just my spare time, so i can't provide much programming
help myself.
I don't have acess to anything like that myself so...
From that report it looks like the stuff that
$ cd apps
$ ./openssl req -x509 -new -nodes -out sscert.pem
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Generating a 1024 bit RSA private key
8953:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
G'Day Bodo,
A descent solution here is just to update to the documentation,
since the man page says it generates a num bit prime but in certain
cases, it does not :-) (num 15?)
Some mention to the randomness of the prime at low num might
also be worthy (if indeed there is some issue
[[EMAIL PROTECTED] - Sat Feb 1 00:02:48 2003]:
$ cd apps
$ ./openssl req -x509 -new -nodes -out sscert.pem
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Generating a 1024 bit RSA private key
$ ./openssl req -x509 -new -nodes -out sscert.pem -rand /tmp/somefile
Generating a 1024 bit RSA private key
++
..++
writing new private key to 'privkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your
Hello,
Quote from Richard Levitte via RT:
} * When linking the libraries, make sure that libssl finds libcrypto
} and that they both find all their external dependencies at run time.
} This is accomplished by the -R, -rpath or --rpath flags which behave
} just like the -L flag. It is
23 matches
Mail list logo
