Re: Build issue- openssl 1.0.1c with FIPS

2013-03-13 Thread Cipher
(Re-Aligning) Hi, I am trying to build FIPS capable openssl 1.0.1c.(Cross Compiling, but both OS s are linux x86_64) Following are the steps i followed- 1) Downloaded openssl-fips-2.0.2.tar.gz untared and build object module in /common/openssl/openssl-fips-2.0.2/ using -

Re: Build issue- openssl 1.0.1c with FIPS

2013-03-13 Thread Dr. Stephen Henson
On Wed, Mar 13, 2013, Cipher wrote: (Re-Aligning) Hi, I am trying to build FIPS capable openssl 1.0.1c.(Cross Compiling, but both OS s are linux x86_64) Following are the steps i followed- 1) Downloaded openssl-fips-2.0.2.tar.gz untared and build object module in

[openssl.org #3014] bug report: 1.0.1e - Linux/OSX/Windows/All? - CRL validation fails with unknown CRL critical extension

2013-03-13 Thread Stephen Henson via RT
On Tue Mar 12 23:15:50 2013, thomas_harn...@symantec.com wrote: When attempting to validate certificates using a CRL with the X509_verify_cert setup, it fails w/ the error code 36 - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION The extension in question is the AKID - Authority Key Identifier

Re: Build issue- openssl 1.0.1c with FIPS

2013-03-13 Thread Cipher
Dr. Stephen Henson wrote On Wed, Mar 13, 2013, Cipher wrote: (Re-Aligning) Hi, I am trying to build FIPS capable openssl 1.0.1c.(Cross Compiling, but both OS s are linux x86_64) Following are the steps i followed- 1) Downloaded openssl-fips-2.0.2.tar.gz untared and build object

Re: [openssl.org #3002] Communication problems with 1.0.1e

2013-03-13 Thread Andy Polyakov via RT
I can provide a staticly linked version of s_client with debug symbols if you think that's useful. But I would still need to know what to ask. I can't really think of anything specific to ask either. As suggested first step would be to try to reproduce with statically linked openssl

[openssl.org #3016] openssl ts fix

2013-03-13 Thread Peter Sylvester via RT
is is badly written), I think the verification of a chain in the ess was not appropriate logic. regards *** openssl-SNAP-20130313/crypto/ts/ts_rsp_verify.c 2013-01-11 15:13:43.0 +0100 --- openssl-SNAP-20130313-ps/crypto/ts/ts_rsp_verify.c 2013-03-13 14:49:32.047821036 +0100

Re: [openssl.org #3002] Communication problems with 1.0.1e

2013-03-13 Thread Kurt Roeckx
On Wed, Mar 13, 2013 at 01:42:07PM +0100, Andy Polyakov via RT wrote: Actually my intention was to test if the problem can be reproduced with *same binary*. That's why I suggested that you, Kurt, compile one and hand it to user. Other way around would also work, i.e. user hands over the

Re: [openssl.org #3002] Communication problems with 1.0.1e

2013-03-13 Thread Kurt Roeckx via RT
On Wed, Mar 13, 2013 at 01:42:07PM +0100, Andy Polyakov via RT wrote: Actually my intention was to test if the problem can be reproduced with *same binary*. That's why I suggested that you, Kurt, compile one and hand it to user. Other way around would also work, i.e. user hands over the