[no subject]

2009-01-08 Thread Rustam Rakhimov
Hi what means: Error Loading extension section v3_ca I received this error when I type: openssl x509 -req -in rootreq.pem -sha1 -extfile myconf.cnf -extensions v3_ca -signkey rootkey.pem -out rootcert.pem --

[openssl.org #1812] the openssl build environment is broken

2009-01-08 Thread Felix von Leitner via RT
First of all, .../lib/ is hard coded, which forces me to do kludges like this to get openssl to install correctly: sed -e 's@/lib\@/li...@g' -e 's...@\*/li...@\*/l...@g' Makefile Makefile.fnord; mv -f Makefile.fnord Makefile; \ sed -e 's@/lib/@/lib64/@g' engines/Makefile

Re: [openssl.org #1812] the openssl build environment is broken

2009-01-08 Thread Bodo Moeller via RT
On Thu, Jan 8, 2009 at 4:01 PM, Felix von Leitner via RT r...@openssl.org wrote: [...] Apart from the inherent wrongness of doing recursive make (see http://miller.emu.id.au/pmiller/books/rmch/ and note that the traditionally cited reason for doing recursive makes, namely being able to go

Re: OpenSSL Security Advisory

2009-01-08 Thread Harakiri
--- On Wed, 1/7/09, Dr. Stephen Henson st...@openssl.org wrote: Incorrect checks for malformed signatures - --- It is not perfectly clear to me if regular certificate validiations and smime signature validiation is also affected by this. Could you

GPG verification of patch vulnerability CVE-2008-5077..

2009-01-08 Thread Vineet Kumar
Before taking in the patch for the recent security advisory for vulnerability CVE-2008-5077, I want to verify its authenticity using GPG. However, I get this: *** % (gpg --list-keys 89A36572 /dev/null 21 || gpg --recv-keys 89A36572) gpg --verify openssl_dsa_advisory.asc gpg: Signature

OpenSSL 0.9.8j bug (reproducible SSL negotiation issue, 0.9.8i unaffected)

2009-01-08 Thread Brad House
What I've narrowed it down to is this ... Command run: ./openssl s_client -no_ssl2 -connect igusprodb.globalpay.com:443 Tested versions: OpenSSL 0.9.8h - good OpenSSL 0.9.8i - good OpenSSL 0.9.8j-stable-SNAP-20081123 - good OpenSSL 0.9.8j release - bad Without the -no_ssl2, the release 0.9.8j

Re: OpenSSL 0.9.8j bug (reproducible SSL negotiation issue, 0.9.8i unaffected)

2009-01-08 Thread Dr. Stephen Henson
On Thu, Jan 08, 2009, Brad House wrote: What I've narrowed it down to is this ... Command run: ./openssl s_client -no_ssl2 -connect igusprodb.globalpay.com:443 Tested versions: OpenSSL 0.9.8h - good OpenSSL 0.9.8i - good OpenSSL 0.9.8j-stable-SNAP-20081123 - good OpenSSL 0.9.8j release

Re: OpenSSL 0.9.8j bug (reproducible SSL negotiation issue, 0.9.8i unaffected)

2009-01-08 Thread Brad House
What I've narrowed it down to is this ... Command run: ./openssl s_client -no_ssl2 -connect igusprodb.globalpay.com:443 Tested versions: OpenSSL 0.9.8h - good OpenSSL 0.9.8i - good OpenSSL 0.9.8j-stable-SNAP-20081123 - good OpenSSL 0.9.8j release - bad Without the -no_ssl2, the release 0.9.8j

Re: pubkey format

2009-01-08 Thread Dhiva
Thanks for the sample code. I am getting the following errors. _BIO_f_base64, referenced from: _main in ccxPEkYV.o _ERR_get_error, referenced from: _main in ccxPEkYV.o _main in ccxPEkYV.o _ERR_free_strings, referenced from: ... in total 23 errors I tried with gcc as well as

Re: OpenSSL version 0.9.8j released

2009-01-08 Thread Gilles Espinasse
- Original Message - From: Dr. Stephen Henson st...@openssl.org To: openssl-dev@openssl.org Sent: Thursday, January 08, 2009 12:52 AM Subject: Re: OpenSSL version 0.9.8j released On Thu, Jan 08, 2009, Gilles Espinasse wrote: Where 0.9.8i was successfully compiled on linux using