What is the rationale of not having a newline at the end? It's text,
after all?
no rationale, just an oversight.
So ... I was going to add the newline while working on the patch, but
then it occurred to me as you said this comes from OpenBSD CVS I might
be breaking something there. No r
On Mon, Jun 15, 2009 at 5:46 AM, Phil Pennock wrote:
> When RFC 5246 came out, specifying TLS 1.2 and having all mandated
> cipher suites use SHA-256, we assumed that to aid the transition OpenSSL
> would add EVL_sha256() to the list of digests initialised in
> SSL_library_init(), even before supp
On Mar 25, 2010, at 6:33 PM, Jean-Marc Desperrier wrote:
OpenSSL wrote:
"Record of death" vulnerability in OpenSSL 0.9.8f through 0.9.8m
How comes the vulnerability doesn't touch 0.9.8e though the patched
file wasn't modified between 0.9.8e and 0.9.8f ?
But that code was modified between
On Mar 30, 2010, at 3:04 PM, Adam Langley wrote:
On Tue, Mar 30, 2010 at 7:35 AM, Thomas Jarosch
wrote:
28141:error:14092073:SSL routines:SSL3_GET_SERVER_HELLO:bad packet
length:s3_clnt.c:878:
openssl is compiled with the "no-tlsext" option. no-tlsext was
added back
in 2009 as openssl 0.9.8j
On Sep 6, 2010, at 10:39 AM, Darryl Miles wrote:
The only user of these field(s) is libssl.so itself. The exact
meaning, usage and interpretation of the field(s) is a matter of
"implementation detail" which is encapsulated and presented to the
application via the document OpenSSL APIs.
I
On Thu, Nov 11, 1999 at 03:36:01PM +, Geoff Thorpe wrote:
[...]
> So, if SSL_CTX_set_session_id_context doesn't exist then that's probably
> because it hadn't been introduced at that point and isn't needed. I belive
> this issue only applies to session caches you implement yourself via
> call
On Thu, Nov 11, 1999 at 11:26:16AM +0100, Andreas Sterbenz wrote:
> I would like to use the DH_RSA and DH_DSS ciphers (non-ephemeral) [...]
You cannot use them with OpenSSL because OpenSSL does not support DH
certificates. In general, virtually no-one uses DH certificates
although I think there
On Tue, Nov 16, 1999 at 10:30:10PM +, Geoff Thorpe wrote:
>> Maybe we should have a naming convention for ..._set_... calls too?
>> There are already such ambiguities for them, e.g. SSL_CTX_set_tmp_rsa
>> vs. SSL_CTX_set_tmp_dh.
> It seems to be a play-off between backwards compatibility, an
On Wed, Nov 17, 1999 at 12:40:55PM +, Geoff Thorpe wrote:
>>> It seems that
>>> everything works if you make the calls the way the authors had intended
>>> rather than making the calls the way the authors made available.
>> How can you
On Wed, Nov 24, 1999 at 11:56:53AM -, Paul Akehurst wrote:
> Make fails on my system.
> ERROR File = /usr/include/math.h, Line = 731
> Declaration is incompatible with "char *inistate(unsigned int,char *,
> int)"
> (declared at line 207 of "/usr/include/stdlib.h").
Broken system header
On Mon, Nov 29, 1999 at 10:10:08AM +, Ben Laurie wrote:
>> [...] but OpenSSL only uses 50 rounds of primality testing doesn't
>> it? Which means that only 1 in 2^78 "primes" actually are primes.
> What it means is that there's a 1 in 2^50 chance (or perhaps 1 in 2^100)
> that any particular
On Wed, Dec 01, 1999 at 12:39:26PM -0800, Sean Walker wrote:
>> Has anyone been able to compile using the "no-rsa" flag under WindowNT. I
>> get 26 unresolved functions at link time. This appears to happen because
>> there are functions in libeay32.def that are from files that are not
>> compiled
On Thu, Dec 02, 1999 at 02:09:08PM -0800, Sean Walker wrote:
> [...] I can't use SSLv2 without RSA. Is this normal?
Yes, SSLv2 has only RSA ciphersuites.
__
OpenSSL Project http://www.openssl.org
On Fri, Dec 03, 1999 at 12:00:59PM -0600, Allan Jones wrote:
> obj_dat.c:96: `NUM_NID' undeclared here (not in a function)
NUM_NID should be declared in file crypto/objects/obj_dat.h, which is
automatically generated. What does it look like on your system?
Deleting it and running make again mig
John A. Reed <[EMAIL PROTECTED]>:
> I am attempting to install OpenSSL 0.9.5-dev (from the
> openssl-SNAP-19991202 snapshot) on an SGI running IRIX 6.5. make
> runs fine, but when I run make test, it fails when attempting to
> test sslv2 server authentication:
> test SSL protocol
>
Gilles LERAT <[EMAIL PROTECTED]>:
> Michael Ströder <[EMAIL PROTECTED]>:
>>> OpenSSL and BSAFE SSL-C both are derived from SSLeay. The most
>>> important difference between the two is the price. ;-)
>> And the RSA license.
> You mean the use of the OpenSSL toolkit does not require a licence for
> From: Dr Stephen Henson <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
>> From: Ziacek Martin <[EMAIL PROTECTED]>
>> To: "'[EMAIL PROTECTED] '" <[EMAIL PROTECTED]>
Remember that messages to openssl-bugs usually come from people who
are not subscribed to openssl-dev, and without Cc's to them they
On Wed, Dec 08, 1999 at 10:10:10AM -0800, Michael DeMan wrote:
> I have built openssl on a PowerPC running MacOSX server. The build
> works under the following configure:
>
> ./Configure gcc no-threads
>
> But when I run 'make test' it stops as show below. I am absolutely
> clueless
Lutz Jaenicke <[EMAIL PROTECTED]>:
> Since the patch is a 70kB context diff, I don't want to send it over the
> mailing list.
Unified diffs (diff -u) are easier to read, and they are shorter.
You may have to install GNU diff to create them.
___
Sean O'Dell <[EMAIL PROTECTED]>:
> I'm using a single CTX for each SSL. I perform the accept() in the main
> thread and then spawn a new thread. In the new thread, I create a new SSL
> with the one common CTX, then perform SSL_accept, etc., including
> SSL_shutdown; all in the new thread.
>
>
On Thu, Dec 16, 1999 at 05:40:18PM -0700, Alexey Melnikov wrote:
> I am developing multithreaded server that uses asynchronous socket IO.
> I would like to add SSL support, however it seems that OpenSSL handles
> socket IO itself. Server architecture requires that all socket
> operations are cont
On Mon, Nov 08, 1999 at 08:18:09PM +, Geoff Thorpe wrote:
[...]
> I'm getting extremely weird reference counts on SSLs and BIOs as below -
> this is happening with 0_9_4 and with a recent snapshot of 0_9_5.
>
> (1) I create two BIOs, a read (bio_read) and write (bio_write) that are
> both BI
Alice Joseph <[EMAIL PROTECTED]>:
> I am getting some problems with SSL_Connect.
> v. Initiate an SSLConnection
> SSL_connect(ssl);
>
> This call doesn't return at times and 'gdb' shows it's in read() called
> by ssl_read().
>
> How do I timeout this SSL_connect() call?
Use sockets in non
James Darwin <[EMAIL PROTECTED]>:
> I'm having trouble makeing the server side cache hang on to SSL sessions
> when all connections from the client are lost. If the client maintains one
> open connection, and re-uses its ssl session, the cache on the server knows
> to use the same session - i.e.
Alexey Melnikov <[EMAIL PROTECTED]>:
> You should use select() with timeout, however this will require
> modifications to OpenSSL.
Why? What modifications?
__
OpenSSL Project http://www.openssl.o
Geoff Thorpe <[EMAIL PROTECTED]>:
>> The idea is that you hand those BIOs over to the SSL library, you
>> usually don't keep pointers of your own. SSL_free(ssl) will call
>> BIO_free for each of them, but just once if bio_read == bio_write, so
>> usually everything works as intended. Obviously
On Mon, Dec 20, 1999 at 10:34:22AM +0100, Andy Polyakov wrote:
> Hi, everybody! Looks like I've got a lot of catch-up to do, huh?
> Unfortunately as a part of the catch-up I accidentaly managed to screw
> up openssl-SNAP-19991219:-( [...]
It's just a snaphost, it does not really matter if somet
> Shmuel Siegel wrote:
>> I have tried porting a recent version ( say two weeks old) to a Macintosh. I
>> am having problems with certificate verification in ssltest. SSL2
>> verification of both server and client certificates works. However for SSL3
>> the client complains about the server certi
Kyle R. Rose <[EMAIL PROTECTED]>:
> In the course of using OpenSSL for a client application, I would
> regularly get a SEGV in the client session caching code under high
> load. After some examination, I traced it to SSL_CTX_add_session,
> where two data structures (a hash and a list) are not be
Peter 'Luna' Runestig <[EMAIL PROTECTED]>:
> Problem:
>
> If the negotiated cipher is ADH (ie, the SSL_aNULL flag is set) and if
> the verify mode is SSL_VERIFY_PEER, the server will send a certificate
> request to the client. The receipt of this request by the client is
> considered a fatal pr
On Wed, Dec 29, 1999 at 10:37:24AM -0500, Jeffrey Altman wrote:
>> Probably ADH ciphers should be automatically excluded if
>> SSL_VERIFY_PEER is set. SSL_VERIFY_PEER usually means that the
>> application *wants* the handshake to fail unless the peer can be
>> authenticated; they should never se
Jeffrey Altman <[EMAIL PROTECTED]>:
>> Without some alternative mode of server authentication, of course,
>> Anon DH remains a pretty scary proposition -- all the more so because it
>> implies a level of trustworthiness that it can not provide.
> In the telnet protocol we would like to u
Gary Keith <[EMAIL PROTECTED]>:
> I am running openssl v9.4, on solaris 2.6, Whenever I try to complie my
> program I get the errors listed below. Any ideas what can be done to
> correct this problem. Thanks
>> make
> gcc -I/usr/include/openssl -c client1.c
> client1.c:12: parse error befor
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>:
>> If the LIBEAY32.DLL is linked to the MSVCRT.DLL library and the app
>> is linked to MSVCRTD.DLL it is necessary for CRYTPO_malloc_init() to
>> be executed by the app so that the proper memory
>> allocation/deallocations routines are used.
> C
Does anyone want to keep the dep/ directory and its contents?
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
Lutz Jaenicke <[EMAIL PROTECTED]>:
[...]
> This patch enhances the SSL/TLS cipher mechanism to correctly handle
> the TLS 56bit ciphers. Without this patch the 56bit ciphers can be enabled,
> but the sorting is wrong (visible in client mode, since the first cipher
> the client lists and that is a
> cc: "obj_dat.c", line 96: error 1588: "NUM_NID" undefined.
or
> obj_dat.c:96: `NUM_NID' undeclared here (not in a function)
The macro NUM_NID should be defined in file crypto/objects/obj_dat.h,
which is automatically generated by a Perl script.
cd to crypto/objects and run "perl obj_dat.pl < ob
[EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> + *) New function X509_CTX_rget_chain(), this returns the chain
I think I'd prefer to have an upcase letter in the "...get..."
component of such function names, e.g. "X509_CTX_getR_chain"
(inserting another _ would IMO not improve readability,
but "rge
Dr Stephen Henson <[EMAIL PROTECTED]>:
> getR looks a bit peculiar to me.
Yes, but the essential difference between XYZ_get_abc, XYZ_rget_abc
and XYZ_iget_abc (for example X509_CTX_rget_chain, X509_CTX_iget_chain,
X509_CTX_get_chain, except that we don't have all three names for this
one) might
>>> So any preferences or alternative suggestions?
>> peek for iget and copy for rget
> I like the peek thing, but "copy" is not a perfect choice of words: [...]
Also note that we need a convention not just for "get" functions,
there are also "set" functions. SSL_CTX_set_tmp_dh and
SSL_CTX_set_
Simon Edwards <[EMAIL PROTECTED]>:
> I'm having problems using the RSA routines from openssl 0.9.4. I've got
> a very simple C program which generates and RSA key (I'm not worried
> about the randomness of the key at this stage) and then proceeds to
> read data from a file encrypting the data an
Arne Ansper <[EMAIL PROTECTED]>:
>> So any preferences or alternative suggestions?
> peek for iget and copy for rget
I like the peek thing, but "copy" is not a perfect choice of words:
There's a difference between really copying a structure on the one
hand and just providing another pointer and
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>:
> raulg> What is the meanig of field
> raulg>
> raulg> RANDFILE = $ENV::HOME/.rnd
> raulg> oid_file = $ENV::HOME/.oid
> raulg>
> raulg> in the openssl config file?
> raulg>
> raulg> If i have the OpenSSL on a MS NT 4 PC, what value can i
On Wed, Jan 12, 2000 at 12:00:00AM +, Per Nilsson wrote:
> There's a similar problem that I ran into when I wanted to use the debug dll
> version of the runtime library: Things like file handles will also be different.
> So this following piece of code will crash:
>
> fp=fopen(cert_file,"rb"
Remo Inverardi <[EMAIL PROTECTED]>:
> [...] windows sockets [...] blocking or non-blocking?
The SSL library can work with both blocking and non-blocking socket I/O;
this should be basically the same on NT as on Unix.
__
OpenSSL
Remo Inverardi <[EMAIL PROTECTED]>:
> With OpenSSL 0.9.4, Visual C++ reports memory leaks even if I only
> use these two lines of OpenSSL code:
>> SSL_CTX *ctx = SSL_CTX_new(SSLv2_server_method());
>> SSL_CTX_free(ctx);
> Question is: do I have to free anything else manually or is the
> leak ca
On Mon, Jan 17, 2000 at 01:06:27AM +0100, Richard Levitte - VMS Whacker wrote:
> DEC C for VMS is getting really mean. Version 6.2 (latest, as far as
> I know) spews out a message when a (char *) cast is done to a function
> pointer and vice versa.
Every compiler should print such warnings, suc
Remo Inverardi <[EMAIL PROTECTED]>:
>> Before the program exits, call EVP_cleanup() and ERR_free_strings()
>> to free the memory allocated in these steps.
> Mmh, how come I've never read about these functions before?
You haven't read apps/openssl.c :-)
>
Andy Polyakov <[EMAIL PROTECTED]>:
>> The function pointer *must* be inside a data object to make such constructs
>> legal,
> But that's what Richard (subconsciously?) attempted to do in first
> place:
>
> static void (*mem_cb)()=NULL;
>
> void CRYPTO_mem_leaks_cb(void (*cb)())
> {
>
On Tue, Jan 18, 2000 at 10:59:53AM +0100, Richard Levitte - VMS Whacker wrote:
>> bit data pointers). To force C to convert values between
>> these types, you'd have to cast to some integer type inbetween:
>> (void (*)()) (long) cb
> This may very well be a problem on architectures whe
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>:
[...]
> The easiest way to avoid the conversions noted above is to have a
> union like this:
>
> union foo {
> void *simple;
> int (*fn)();
> };
>
> and use it internally. You put whatever char * you wan
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>:
> Let me see if I got it all. So far, I've seen the following
> alternatives:
>
> 1. ignore the problem (obviously not the right thing to do :-)).
> 2. take the parameter in question as we do today, but use a union so
> the compiler wi
Alex Cosic <[EMAIL PROTECTED]>:
> Unhandled exception in NTDLL.DLL 0:0xC05 Access Violation
> Is there some problem with my dll libraries or my code is not correct.
I bet you're not using the multi-threading versions of standard DLLs.
See INSTALL.W32.
___
Andy Polyakov <[EMAIL PROTECTED]>:
>> 5. Have the caller tuck the parameter in a union that will represent
>> function pointers as well as other pointers, and pass that union
>> by reference.
>> Choices 4 and 5 assumes that the parameter in question will be
>> prototyped and used lik
On Mon, Jan 24, 2000 at 12:38:17PM +0100, Richard Levitte - VMS Whacker wrote:
[ssl/s2_clnt.c, get_server_hello]
> if (s->session->peer != NULL)
> X509_free(s->session->peer);
>
> #if 0 /* What is all this meant to accomplish?? */
> /* hmmm, can we have the problem
Matti Aarnio <[EMAIL PROTECTED]>:
> It turned out that while the socket the SMTP client code creates is
> running in non-blocking mode, I must temporarily turn the blocking mode
> on while the SSL setup negotiations are under way.
> I don't know if creating some wrapper to retry calls to SSL_con
On Thu, Jan 20, 2000, Richard Levitte - VMS Whacker wrote:
> babinebell> I think we should seperate the functions handling values
> babinebell> and the functions handling callbacks:
> babinebell>
> babinebell> int BIO_ctrl_callback(BIO *bp,int cmd,long larg,int (*cb)());
> Hmm, actually, I like
On Wed, Jan 26, 2000, Bodo Moeller wrote:
> On Thu, Jan 20, 2000, Richard Levitte - VMS Whacker wrote:
>> Hmm, actually, I like that alternative. That allows us to go around
>> the whole union/pass-by-value/and-so-on brouhaha... :-)
> Looks ok. Will you implement it?
Her
Amnon Cohen <[EMAIL PROTECTED]>:
> Where did you get the man page for SSL_get_error() from?
I wrote it. Several new manual pages will be in OpenSSL 0.9.5 (for
HTTP versions, see http://www.openssl.org/~levitte/), however there's
not much about the SSL library yet.
__
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>:
[...]
> I would trust passwords passed over stdin before anything passed in
> the command line or environment, any time. Not that stdin is perfect
> either, mind you, but still...
Environment variables must usually be considered public. PGP
ev
Erik Aronesty <[EMAIL PROTECTED]>:
> I have an app working very well... *except* i now want (need?) to
> accurately determine if it's "ok to write" (will not block) or "ok to
> read". Without SSL, I could do this with a select().. however a
> select() is clearly not correct when using SSL.
Set
Remo Inverardi <[EMAIL PROTECTED]>:
> I'm using OpenSSL 0.9.4, compiled with Visual C++ 6.0 on a Windows
> [...] I've got the buffer overflows and some leeks.
I have found some memory leaks since, but what I thought were buffer
overflows turned out to be harmless because the dangerously-looking
Chris Bamford <[EMAIL PROTECTED]>:
> I wonder if anyone can help? I am getting occasional core dumps
> when using SSL_CTX_free() in a multi-threaded application.
[...]
Do you provide mutexes to the library? For multi-threaded applications,
the following calls are required in initialization:
On Wed, Feb 23, 2000 at 03:19:27PM -0500, Rick W. Porter wrote:
> 6. from crypto, I did a "make all"
[...]
> 7. from apps, I did a "make all"
[...]
When you are in a sub-directory and don't want to run make from
the top directory, you are supposed to just run "make" (which
is equivalent to "ma
On Fri, Feb 25, 2000 at 01:20:36PM +0100, Lutz Jaenicke wrote:
> if (read(fd, buf, 1) != 1) goto err;
> + if (buf[0] == 0) goto err;
> num = read(fd, buf, 255);
> Of course, the returned buf[0] value must match the later returned "num" value,
> but what should we do if it does not
On Fri, Feb 25, 2000 at 03:04:14PM +0100, Emanuele La Cognata wrote:
> Hello,
> I compiled the OpenSSL library under Windows NT with :
> -DNO_IDEA -DNO_RC2 -DNO_RC4 -DNO_RC5 -DNO_RSA -DCIPHER_DEBUG
>
> When I run the server and client demos on my PC (localhost) I have this
> error:
> ERROR in S
Niels Poppe <[EMAIL PROTECTED]>:
> Updating a linux rpm build, following 'standard' filesystem conventions
> leads to a conflict of /usr/man/man1/passwd.1 being owned by another pkg
> :(
>
> One could
> 1. rename passwd.1 to passwd.1ssl
> 2. insist on installing it in /usr/local/man/man1
> 3. i
Raghuram Belur <[EMAIL PROTECTED]> in ulf.openssl.dev:
> We have an application for which we are using SSL enabled clients and
> servers(our own server not a web server). I have been trying to get the
> session key reuse going for the past several days. [...]
Use SSL_CTX_set_session_id_context()
Gregory Stark <[EMAIL PROTECTED]>:
> You might want to go to http://www.cryptosavvy.com/suggestions.htm and show
> your boss that 4096 bit RSA is approximately equivalent in strength to
> 150-160 bit keysize symmetric ciphers. [...]
Their estimate is not that 4096 bit RSA is as strong as 150-160
Rich Salz <[EMAIL PROTECTED]>:
>>> I've looked through the documentation, but I can't seem to
>>> find how to build an exportable (40 bit) version of OpenSSL?
>> You can't, but the new regulations don't have that limit anyway.
> sure you can -- set the cipherspec.
You cannot build a 40-bit ver
Ben Laurie <[EMAIL PROTECTED]>:
> I'm pretty damn confident it won't break the release, being as it is all
> new code. It may not work itself, but it shouldn't touch anything that
> exists already! OK, its barely possible it might cause compile problems.
It would be the first code in OpenSSL to
On Mon, Feb 28, 2000 at 03:54:39PM -0800, Jeremy Bennett wrote:
> 1) I see that SSL_write and SSL_read can result in errors
> SSL_ERROR_WANT_READ/WRITE. Since this is the case, can I have
> simultaneous outstanding SSL_reads and SSL_writes? That is, if I call
> SSL_read and it results in SSL_ERRO
On Tue, Feb 29, 2000 at 03:42:09PM +0100, Juergen Moellenhoff wrote:
> I use the OpenSSL-Lib since version 0.5.1b (SSLeay) for my HTTPS-PlugIn for
> the OmniWeb-Browser (MacOS X/OPENSTEP) and had no problems to use and compile
> the OpenSSL-Lib as Framework (shared lib) for MacOS X and OPENST
Lutz Jaenicke <[EMAIL PROTECTED]>:
> 1. When loading CAfile data, SSL_CTX_load_verify_locations() returns 0,
>even if certificates are available (and did work with 0.9.4).
>There are no errors on the error stack to be printed, so I would have
>to trace through the code to find the rea
Bruce LeMaster <[EMAIL PROTECTED]>:
> The following block of server code does not work properly when using
> non-blocking sockets on AIX 4.3.
> This block of code works properly on Solaris 2.51, 2.6, HPUX 10.20,11.00, NT
> 4, etc.
> if ((err = SSL_accept( (SSL*)ssl )) <= 0) {
> realError = SSL_ge
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>:
>>SSLeay_add_ssl_algorithms ();<---*(1)
>>SSL_load_error_strings ();<---*(1)
> (1) These are really only mean to be used ONCE for the whole
> application. The ssl
Chris Bamford <[EMAIL PROTECTED]>:
>> Do you provide mutexes to the library? For multi-threaded applications,
>> the following calls are required in initialization:
>>
>> CRYPTO_set_id_callback(id_callback);
>> CRYPTO_set_locking_callback(locking_callback);
> Hmmm. Please bear
Lutz Jaenicke <[EMAIL PROTECTED]>:
> when saving the random state with RAND_write_file(file) and reloading with
> RAND_load_file(file, max_bytes), the length of the random pool written to
> "file" is not available as macro, so the max_bytes must be hard coded from
> the documented value of "1k".
On Tue, Feb 22, 2000 at 08:37:12PM +, Ben Laurie wrote:
> Yoram Meroz wrote:
>> Since moving from the 02-20 to the 02-21 snapshots, I've been consistently
>> unable to connect to www.apache-ssl.org or www.rsasecurity.com .
>> www.verisign.com and www.buy.com work fine. Since I am one of very
On Wed, Feb 23, 2000 at 12:17:43AM +0100, Ulf Möller wrote:
> I was trying to compile the current 0.9.5-dev on a Solaris machine.
> The linker complained about many missing symbols. nm reports
>
> libcrypto.a[cryptlib.o]:
> nm: cryptlib.o: invalid file type
>
> and so on for a large part of the
On Wed, Feb 23, 2000 at 02:32:32PM +0100, Lutz Jaenicke wrote:
>> Can anyone reproduce the errors? www.apache-ssl.org works fine for
>> me; at first I thought I had found a problem at www.rsarecurity.com,
>> but that's just the server closing the connection without having sent
>> a single byte i
On Wed, Feb 23, 2000 at 06:47:53PM +0100, Lutz Jaenicke wrote:
> On Wed, Feb 23, 2000 at 06:45:46PM +0100, Bodo Moeller wrote:
> > On Wed, Feb 23, 2000 at 02:32:32PM +0100, Lutz Jaenicke wrote:
>>> I have just tried it with latest SNAPSHOT on HP-UX 10.20.
>>> C
On Wed, Feb 23, 2000 at 01:00:27PM -0800, Yoram Meroz wrote:
>> So what's the matter with www.apache-ssl.org
>> ("openssl s_client -debug -state -connect www.apache-ssl.org:443")?
> The error is returned by ssl3_read_bytes (s3_pkt.c, line 912). The comment
> says, "In the case where we try to re
Michael E Buckley <[EMAIL PROTECTED]>:
> I am getting the "prgn not seeded" message on a Solaris 7 Ultra 10
> when I create non-dummy certificates. [...]
> STEP 4: Enrypting RSA private key with a pass phrase [...]
> Encrypt the private key now? [Y/n]:
> read RSA key
> writing RSA key
> Enter P
Andy Polyakov <[EMAIL PROTECTED]>:
>> I am getting the "prgn not seeded" message on a Solaris 7 Ultra 10
>> when I create non-dummy certificates. [...]
> http://www.openssl.org/support/faq.html#6
In this case not, it seems. This was a proper bug.
Application developers: If you are developing
On Fri, Mar 03, 2000 at 10:00:39PM +0100, Lutz Jaenicke wrote:
> Maybe future versions of OpenSSL will also have the "-rand" option for
> s_server...
'openssl rand -rand file:egd-socket:whatever 0' can be used
to initialize $RANDFILE or $HOME/.rnd (in future versions of OpenSSL).
Or 'openssl ran
Joe O'Reilly <[EMAIL PROTECTED]>:
> a suse 6.2 linux system [...]. I get the same make error each time.
> (cd asm; /usr/bin/perl sha1-586.pl cpp >sx86unix.cpp)
> gcc -E -DELF asm/sx86unix.cpp | as -o asm/sx86-elf.o
> gcc: asm/sx86unix.cpp: linker input file unused since linking not done
What
> Now I'm a little confuse about the context of RAND_* in FAQ #6. I
> installed both EGD as well as librand but I am still getting the
> random number generator has not been seeded error. Can someone
> explain more about how this actually works? I did the following
> after I have successfully c
Jeremy Bennett <[EMAIL PROTECTED]>:
>>> 1) I see that SSL_write and SSL_read can result in errors
>>> SSL_ERROR_WANT_READ/WRITE. Since this is the case, can I have
>>> simultaneous outstanding SSL_reads and SSL_writes? That is, if I call
>>> SSL_read and it results in SSL_ERROR_WANT_WRITE can I g
Milan Sova <[EMAIL PROTECTED]>:
> [...] the verify_callback() function allways gets
> X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN error
> and never X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT in ctx->error.
> Using openssl binary (there are no certificates in /tmp):
> $ openssl s_client -connect s
John Badanes <[EMAIL PROTECTED]>:
> OpenSSL version: 0.9.5
[...]
> Target (default): nextstep
> Target: nextstep
> Compiler: NeXT Software, Inc. version cc-744.13, gcc version 2.7.2.1
> cc -o bntest -I../include -O -Wall bntest.o -L. -L.. -L../.. -L../../..
> -L.. -lcrypto
>
David G. Hesprich <[EMAIL PROTECTED]>:
> ./config rsaref
> make
> make test
> make install
>
> it compiles, all tests appear to complete, and installs. However, OpenSSH
> complains of the lack of RSA support in the libraries. [...]
>
> I have contacted Damien Miller at the OpenSSH project, and
Ulf Möller <[EMAIL PROTECTED]>:
> [...] The compilation failed with
>
> cc -I.. -I../../include -O -Wall -c md_rand.c
> md_rand.c:303: undefined type, found `pid_t'
On your Next system, is pid_t defined in some other header file?
If it does not exist at all, then try changing pid_t to
long.
__
Christian Margreve <[EMAIL PROTECTED]>:
> #openssl req -new > new.cert.key
> Using configuration from /usr/local/ssl/openssl.cnf //? my directory
> is : /usr/local/openssl
> Unable to load config info
> How to change the reference "/usr/local/ssl/openssl.cnf" to
> "/usr/local/openssl/opens
Lingyun Wang <[EMAIL PROTECTED]>:
> How can I install openssl under my directory?
Step 1: Read INSTALL.
Step 2: Use the --openssldir option explained in INSTALL.
__
OpenSSL Project http://www.open
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>:
[...]
> I would suggest the following instead:
>
> cat DG01.txt dg.txt netscape-4.71-linux | openssl s_client \
> -connect 10.0.0.100:5150 -cert EntrustCert1.pem \
> -key EntrustKey1.pem
>
> However, there's an
Lingyun Wang <[EMAIL PROTECTED]>:
> ./config --prefix=/home/zlww6/ssl
> --openssldir=/home/zlww6/sslprogram
>
> When "make install",
> after "install man3 and man7"
>
> Error shows up:
> Cannot create directory
> /export/home/zlww6/openssl-0.9.5/ssl/lib: File exists
> *** Error code 17 (bu21)
Brajesh Tiwari <[EMAIL PROTECTED]>:
> I am writing a client application using openssl,
> if(SSL_CTX_use_certificate_file(ssl_ctx,CERTF,SSL_FILETYPE_PEM) == 0)
> this function is returning 0. Can any one tell me why?
ERR_print_errors_fp(stderr) can, presumably.
_
[EMAIL PROTECTED]:
> Description:
> Execution of the 'openssl rsa -des3 -in test.pem -out test-1.pem' command
> caused the following error:
>
> 18026:error:24064064:random number generator:SSLEAY_RAND_BYTES:prng not
> seeded:md_rand.c:470:
The current development version (ftp://ftp.openssl.org/
> I have problems compiling openSSL 0.9.5 on a Suse 6.2 Linux system.
Try today's snapshot, ftp://ftp.openssl.org/snaphost%2fopenssl-SNAP-2312.tar.gz>
(to appear in a couple of minutes).
__
OpenSSL Project
201 - 300 of 798 matches
Mail list logo