PRoblems with openssl-SNAP-20080916
Using BSD/OS 4.3.1 for openssl-SNAP-20080916 and using homemade debug-bsdi-x86-elfI got: Script started on Tue Sep 16 04:48:14 2008 gallifrey.nk.ca//usr/source/openssl-SNAP-20080916$ egrep bsdi Configure bsdi-elf-gcc, gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), debug-bsdi-x86-elf, gcc3:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 -march=pentium3 -Wall -g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), gallifrey.nk.ca//usr/source/openssl-SNAP-20080916$ make make test making all in crypto... making all in crypto/objects... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/whrlpool... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/camellia... making all in crypto/seed... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/ecdsa... making all in crypto/dh... making all in crypto/ecdh... making all in crypto/dso... making all in crypto/engine... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... making all in crypto/cms... making all in crypto/pqueue... making all in crypto/ts... if [ -n libcrypto.so.0.9.9 libssl.so.0.9.9 ]; then (cd ..; make libcrypto.so.0.9.9); fi `libcrypto.so.0.9.9' is up to date. making all in ssl... if [ -n libcrypto.so.0.9.9 libssl.so.0.9.9 ]; then (cd ..; make libssl.so.0.9.9); fi `libssl.so.0.9.9' is up to date. making all in engines... echo ccgost ccgost making all in engines/ccgost... making all in apps... making all in test... making all in tools... testing... making all in apps... ../util/shlib_wrap.sh ./destest Doing cbcm Doing ecb Doing ede ecb Doing cbc Doing desx cbc Doing ede cbc Doing pcbc Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done Doing ofb Doing ofb64 Doing ede_ofb64 Doing cbc_cksum Doing quad_cksum input word alignment test 0 1 2 3 output word alignment test 0 1 2 3 fast crypt test ../util/shlib_wrap.sh ./ideatest ecb idea ok cbc idea ok cfb64 idea ok ../util/shlib_wrap.sh ./shatest test 1 ok test 2 ok test 3 ok ../util/shlib_wrap.sh ./sha1test test 1 ok test 2 ok test 3 ok ../util/shlib_wrap.sh ./sha256t Testing SHA-256 ... passed. Testing SHA-224 ... passed. ../util/shlib_wrap.sh ./sha512t Testing SHA-512 ... passed. Testing SHA-384 ... passed. ../util/shlib_wrap.sh ./md4test test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok ../util/shlib_wrap.sh ./md5test test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok ../util/shlib_wrap.sh ./hmactest test 0 ok test 1 ok test 2 ok test 3 ok ../util/shlib_wrap.sh ./md2test test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok ../util/shlib_wrap.sh ./mdc2test pad1 - ok pad2 - ok ../util/shlib_wrap.sh ./wp_test Testing Whirlpool . passed. ../util/shlib_wrap.sh ./rmdtest test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok test 8 ok ../util/shlib_wrap.sh ./rc2test ecb RC2 ok ../util/shlib_wrap.sh ./rc4test test 0 ok test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test end processing done test multi-call done bulk test ok ../util/shlib_wrap.sh ./rc5test ecb RC5 ok cbc RC5 ok ../util/shlib_wrap.sh ./bftest testing blowfish in raw ecb mode testing blowfish in ecb mode testing blowfish set_key testing blowfish in cbc mode testing blowfish in cfb64 mode testing blowfish in ofb64 ../util/shlib_wrap.sh ./casttest ecb cast5 ok This test will take some time123456789ABCDEF ok ../util/shlib_wrap.sh ./randtest test 1 done test 2 done test 3 done test 4 done starting big number library test, could take a while... test BN_add test BN_sub test BN_lshift1 test BN_lshift (fixed) test BN_lshift test BN_rshift1 test BN_rshift test BN_sqr test BN_mul test BN_div test BN_div_word test BN_div_recp test BN_mod test BN_mod_mul test BN_mont test BN_mod_exp test
ssl teses forbidden in FIPS mode
Is this correct for openssl 0.9.8 using FIPS? test SSL protocol test ssl3 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: 1: zlib compression SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done gmake[1]: *** [test_ssl] Error 1 gmake[1]: Leaving directory `/usr/source/openssl-0.9.8-stable-SNAP-20080918-fips/test' gmake: *** [tests] Error 2 -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Canada vote anything but Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
OPenssl 0.9.8j dev
Need to split the FIPS and non-FIPS compliant technologies: When I do a fips compile namely ./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf -g -O3 -Wall -mcpu=pentium3 with debug-bsdi-x86-elf debug-bsdi-x86-elf, gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 -march=pentium3 -Wall -g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), I get: Testing cipher SEED-ECB(encrypt) Key 28 db c3 bc 49 ff d8 7d cf a5 09 b1 1d 42 2b e7 Plaintext b4 1e 6b e2 eb a8 4a 14 8e 2e ed 84 59 3c 5e c7 Ciphertext 9b 9b 7b fc d1 81 3c b9 5d 0b 36 18 f4 0f 51 22 test SSL protocol test ssl3 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: 1: zlib compression 8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1402: 8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1402: test ssl2 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: 1: zlib compression 8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1402: 8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1402: test tls1 *** IN FIPS MODE *** Available compression methods: 1: zlib compression 8956:error:0406A08D:rsa routines:RSA_new_method:non fips method:rsa_eng.c:183: 8956:error:0D079064:asn1 encoding routines:ASN1_ITEM_EX_COMBINE_NEW:aux error:tasn_new.c:221: 8956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:402:Type=RSA 8956:error:0D09B00D:asn1 encoding routines:d2i_PublicKey:ASN1 lib:d2i_pu.c:99: 8956:error:0B077066:x509 certificate routines:X509_PUBKEY_get:err asn1 lib:x_pubkey.c:366: 8956:error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402: ERROR in SERVER 8956:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1037: TLSv1, cipher (NONE) (NONE) 1 handshakes of 256 bytes done *** Error code 1 (continuing) Test IGE mode ../util/shlib_wrap.sh ./igetest `tests' not remade because of errors. util/opensslwrap.sh version -a OpenSSL 0.9.8j-fips-dev xx XXX built on: Sat Sep 20 08:02:29 MDT 2008 platform: debug-bsdi-x86-elf options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O3 -Wall -mcpu=pentium3 -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 -march=pentium3 -Wall -g -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM OPENSSLDIR: /usr/contrib `test' is up to date. using make -k test . Please fix. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Canada vote anything but Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OPenssl 0.9.8j dev
On Sat, Sep 20, 2008 at 01:47:55PM -0700, Kyle Hamilton wrote: Fips folk: Should the 'fipsdso' target complain if it gets any other command line arguments in ./Configure? Since specifying it means that you're trying to build the shared object... -Kyle H On Sat, Sep 20, 2008 at 8:56 AM, The Doctor [EMAIL PROTECTED] wrote: Need to split the FIPS and non-FIPS compliant technologies: When I do a fips compile namely ./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf -g -O3 -Wall -mcpu=pentium3 with debug-bsdi-x86-elf debug-bsdi-x86-elf, gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 -march=pentium3 -Wall -g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), I get: Testing cipher SEED-ECB(encrypt) Key 28 db c3 bc 49 ff d8 7d cf a5 09 b1 1d 42 2b e7 Plaintext b4 1e 6b e2 eb a8 4a 14 8e 2e ed 84 59 3c 5e c7 Ciphertext 9b 9b 7b fc d1 81 3c b9 5d 0b 36 18 f4 0f 51 22 test SSL protocol test ssl3 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: 1: zlib compression 8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1402: 8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1402: test ssl2 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: 1: zlib compression 8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1402: 8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1402: test tls1 *** IN FIPS MODE *** Available compression methods: 1: zlib compression 8956:error:0406A08D:rsa routines:RSA_new_method:non fips method:rsa_eng.c:183: 8956:error:0D079064:asn1 encoding routines:ASN1_ITEM_EX_COMBINE_NEW:aux error:tasn_new.c:221: 8956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:402:Type=RSA 8956:error:0D09B00D:asn1 encoding routines:d2i_PublicKey:ASN1 lib:d2i_pu.c:99: 8956:error:0B077066:x509 certificate routines:X509_PUBKEY_get:err asn1 lib:x_pubkey.c:366: 8956:error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402: ERROR in SERVER 8956:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1037: TLSv1, cipher (NONE) (NONE) 1 handshakes of 256 bytes done *** Error code 1 (continuing) Test IGE mode ../util/shlib_wrap.sh ./igetest `tests' not remade because of errors. util/opensslwrap.sh version -a OpenSSL 0.9.8j-fips-dev xx XXX built on: Sat Sep 20 08:02:29 MDT 2008 platform: debug-bsdi-x86-elf options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O3 -Wall -mcpu=pentium3 -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 -march=pentium3 -Wall -g -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM OPENSSLDIR: /usr/contrib `test' is up to date. using make -k test . Please fix. From the Configure file: elsif (/^fips$/) { $fips=1; } elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. # The check for the option is there so scripts aren't # broken } elsif (/^nofipscanistercheck$/) { $fips = 1; $nofipscanistercheck = 1; } elsif (/^fipscanisterbuild$/) { $fips = 1; $nofipscanistercheck = 1; $fipslibdir=; $fipscanisterinternal=y; } elsif (/^fipsdso$/) { $fips = 1; $nofipscanistercheck = 1; $fipslibdir=; $fipscanisterinternal=y; $fipsdso = 1; } -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Canada vote anything but Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca . -- This message
Re: ssl teses forbidden in FIPS mode
On Sun, Sep 21, 2008 at 12:58:26PM +1000, Michael Gray wrote: On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote: TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC which is a problem, but the reason for not using SSLv3 is FIPS regulation. Not Exactly. The TLS PRF uses *both* SHA1 and MD5, in a way which is carefully designed to have the security properties of the stronger of the two. NIST and the labs have accepted the argument that this means that, effectively, only Approved algorithms are used for security (because even if you consider MD5 to be zero-strength, the TLS PRF is as strong as SHA1). This is not the case for SSLv3, which is why SSLv3 is not acceptable in a FIPS-140 certified product: an unapproved algorithm (MD5) is used for data integrity. There is no specific regulation, just the general requirement that only Approved algorithms be used. -- Thor Lancelot Simon [EMAIL PROTECTED] Even experienced UNIX users occasionally enter rm *.* at the UNIX prompt only to realize too late that they have removed the wrong segment of the directory structure. - Microsoft WSS whitepaper __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] Not Exactly? Both TLS and SSLv3 both use SHA1 and MD5 in the PRF, which is IMHO very cleaver as it requires both HASH functions to be broken. But, the TLS PRF is a HMAC for both SHA1 and MD5 whereas SSLv3 is not. The specific regulation is http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf page 61. Several other regulation references exist as well... SSLv3 was allowed in the past with special CipherSuites see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html , which was never truly official AFAIK in any NIST Document, but widely used and IMHO painful. In this case these CipherSuites used the TLS PRF instead of the SSLv3 PRF (wont bother going in the fine specifics). __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. That being said, how do you get openssl to compile with FIPS and be backwards compatable at the same time? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Canada vote anything but Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ssl teses forbidden in FIPS mode
On Tue, Sep 23, 2008 at 08:26:23AM +1000, Tim Hudson wrote: The Doctor wrote: That being said, how do you get openssl to compile with FIPS and be backwards compatable at the same time? That is what the FIPS mode is for - the library built supports all algorithms and when in FIPS mode it disables the use of non-approved algorithms. A single application can work in both FIPS and non-FIPS mode. You can add in code to choose which mode to be in on a per-connection basis if that is what your application requires. See the usage of FIPS_mode_set() Note also that due to an implementation quirk you need to clear the currently set RNG when switching back into FIPS mode. i.e. RAND_set_rand_method(NULL); FIPS_set_mode(1); Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Apart from me, anyone else tried the fipdso in their configuration as extensively as I have? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Canada vote anything but Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ssl teses forbidden in FIPS mode
On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote: On Mon, Sep 22, 2008, The Doctor wrote: Apart from me, anyone else tried the fipdso in their configuration as extensively as I have? The fipsdso option isn't terribly useful for most users. To use it you need a corresponding binary validated shared library installed. If you want to test the shared library build of the 1.2 test module then you should instead install the test 1.2 module and just use the fips option of the 0.9.8-stable branch. Steve. Here is what I am using: ./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf -g -O3 -Wall -mcpu=pentium3 ; make update The reason being is that fipsdso does give a wider option. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Canada vote anything but Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ssl teses forbidden in FIPS mode
On Tue, Sep 23, 2008 at 06:46:31PM +0200, Dr. Stephen Henson wrote: On Tue, Sep 23, 2008, The Doctor wrote: On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote: On Mon, Sep 22, 2008, The Doctor wrote: Apart from me, anyone else tried the fipdso in their configuration as extensively as I have? The fipsdso option isn't terribly useful for most users. To use it you need a corresponding binary validated shared library installed. If you want to test the shared library build of the 1.2 test module then you should instead install the test 1.2 module and just use the fips option of the 0.9.8-stable branch. Steve. Here is what I am using: ./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf -g -O3 -Wall -mcpu=pentium3 ; make update The reason being is that fipsdso does give a wider option. Can you explain what you mean by does give a wider option? The only option end users will use in practice once the 1.2 validation is available is fips. The options fipsdso and fipscanisterbuild are only useful for generating test versions which never will be validated. I've just fixed a typo which affects the fipsdso build and it now passes make test on my setup. Steve. I mean elsif (/^fipsdso$/) { $fips = 1; $nofipscanistercheck = 1; $fipslibdir=; $fipscanisterinternal=y; $fipsdso = 1; } Also just trying fips fails here every time. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Canada vote anything but Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ssl teses forbidden in FIPS mode
On Thu, Sep 25, 2008 at 08:22:11AM -0400, Steve Marquess wrote: David Jacobson wrote: Tim Hudson wrote: The Doctor wrote: That being said, how do you get openssl to compile with FIPS and be backwards compatable at the same time? That is what the FIPS mode is for - the library built supports all algorithms and when in FIPS mode it disables the use of non-approved algorithms. A single application can work in both FIPS and non-FIPS mode. You can add in code to choose which mode to be in on a per-connection basis if that is what your application requires. See the usage of FIPS_mode_set() Note also that due to an implementation quirk you need to clear the currently set RNG when switching back into FIPS mode. It is not an implementation quirk, it is a requirement of FIPS 140. FIPS 140 requires that when switching modes all keys and critical security parameters must be cleared. The random number generator state is a critical security parameter. (I'm doing this from memory, but I'm quite sure I've got it right.) It is an implementation quirk (or to be honest, an outright goof). By the time we caught this problem it was too late to fix it (with the FIPS 140 validation process you freeze your code first, *then* test -- ready, fire, aim!). Since there is little practical reason to disable FIPS mode once enabled (reference earlier discussion) we elected to just leave that bug as-is rather than abort and restart the validation process. -Steve M. -- Steve Marquess Open Source Software Institute [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. The end gives up either to choose FIPs and non-MD5 or non-FIPS and MD5. Please fix as compilation quirks on this is not a laughing matter. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Canada vote anything but Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl-0.9.8-stable-SNAP-20081115 and FIPS
On Mon, Nov 17, 2008 at 02:33:18PM -0500, Green, Paul wrote: Dear 'The Doctor', I am not on the OpenSSL team so I'm just speaking for myself here. But I have done work on many other open-source products, so I'm responding based on my overall experience with open-source development. When you find a problem in an open-source product, the accepted protocol is to boil the problem down to the smallest reproducible test case that reliably demonstrates the failure and then post just that information. Posting the entire output of the build procedure is incredibly lame and completely unhelpful. Posting to two different OpenSSL mailing lists is also clueless; they have different purposes. If I were a member of the OpenSSL team, I'd ignore your postings until you took the time to learn how to add value to the process instead of being a drag on other people's productivity. Well I moved everything to 0.9.9/dev so that is up to the programmers to find the rest. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Merry Christmas 2008 NOT 2o8 and Happy New Year 2009 NOT 2o9 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Possible problem in 0.9.9
Ran this test today. Script started on Mon Dec 29 06:34:17 2008 gallifrey.nk.ca//usr/source/openssl-SNAP-20081229$ make test testing... making all in apps... ../util/shlib_wrap.sh ./destest Doing cbcm Doing ecb Doing ede ecb Doing cbc Doing desx cbc Doing ede cbc Doing pcbc Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done Doing ofb Doing ofb64 Doing ede_ofb64 Doing cbc_cksum Doing quad_cksum input word alignment test 0 1 2 3 output word alignment test 0 1 2 3 fast crypt test ../util/shlib_wrap.sh ./ideatest ecb idea ok cbc idea ok cfb64 idea ok ../util/shlib_wrap.sh ./shatest test 1 ok test 2 ok test 3 ok ../util/shlib_wrap.sh ./sha1test test 1 ok test 2 ok test 3 ok ../util/shlib_wrap.sh ./sha256t Testing SHA-256 ... passed. Testing SHA-224 ... passed. ../util/shlib_wrap.sh ./sha512t Testing SHA-512 ... passed. Testing SHA-384 ... passed. ../util/shlib_wrap.sh ./md4test test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok ../util/shlib_wrap.sh ./md5test test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok ../util/shlib_wrap.sh ./hmactest test 0 ok test 1 ok test 2 ok test 3 ok ../util/shlib_wrap.sh ./md2test test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok ../util/shlib_wrap.sh ./mdc2test pad1 - ok pad2 - ok ../util/shlib_wrap.sh ./wp_test Testing Whirlpool . passed. ../util/shlib_wrap.sh ./rmdtest test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok test 8 ok ../util/shlib_wrap.sh ./rc2test ecb RC2 ok ../util/shlib_wrap.sh ./rc4test test 0 ok test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test end processing done test multi-call done bulk test ok ../util/shlib_wrap.sh ./rc5test ecb RC5 ok cbc RC5 ok ../util/shlib_wrap.sh ./bftest testing blowfish in raw ecb mode testing blowfish in ecb mode testing blowfish set_key testing blowfish in cbc mode testing blowfish in cfb64 mode testing blowfish in ofb64 ../util/shlib_wrap.sh ./casttest ecb cast5 ok This test will take some time123456789ABCDEF ok ../util/shlib_wrap.sh ./randtest test 1 done test 2 done test 3 done test 4 done starting big number library test, could take a while... test BN_add test BN_sub test BN_lshift1 test BN_lshift (fixed) test BN_lshift test BN_rshift1 test BN_rshift test BN_sqr test BN_mul test BN_div test BN_div_word test BN_div_recp test BN_mod test BN_mod_mul test BN_mont test BN_mod_exp test BN_mod_exp_mont_consttime test BN_exp test BN_kronecker ++ test BN_mod_sqrt . . . . . . . . .. . . . . .. . .. . .. . . test BN_GF2m_add test BN_GF2m_mod test BN_GF2m_mod_mul test BN_GF2m_mod_sqr test BN_GF2m_mod_inv test BN_GF2m_mod_div test BN_GF2m_mod_exp test BN_GF2m_mod_sqrt test BN_GF2m_mod_solve_quad running bc verify BN_add verify BN_sub.. verify BN_lshift1 verify BN_lshift (fixed) verify BN_lshift verify BN_rshift1 verify BN_rshift verify BN_sqr verify BN_mul.. verify BN_div verify BN_div_word verify
Errors comping openssl-SNAP-20090113
THis came from compiling on i386/BSD this morning gost89.o: In function `gost_mac': gost89.o(.text+0x2746): undefined reference to `memcpy' gost89.o: In function `gost_mac_iv': gost89.o(.text+0x2814): undefined reference to `memcpy' gost94_keyx.o: In function `pkey_gost94_derive': gost94_keyx.o(.text+0x17e): undefined reference to `memset' gost94_keyx.o: In function `pkey_GOST94cp_encrypt': gost94_keyx.o(.text+0x61c): undefined reference to `memset' gost94_keyx.o: In function `pkey_GOST94cp_decrypt': gost94_keyx.o(.text+0xa14): undefined reference to `memset' gost_ameth.o: In function `pub_encode_gost01': gost_ameth.o(.text+0x11c4): undefined reference to `memset' gost_crypt.o: In function `gost_cipher_do_cfb': gost_crypt.o(.text+0x382): undefined reference to `memcpy' gost_crypt.o(.text+0x39c): undefined reference to `memcpy' gost_crypt.o: In function `gost89_get_asn1_parameters': gost_crypt.o(.text+0x7f3): undefined reference to `memcpy' gost_crypt.o: In function `gost_imit_update': gost_crypt.o(.text+0x9b9): undefined reference to `memcpy' gost_crypt.o: In function `gost_cipher_init': gost_crypt.o(.text+0xa6c): undefined reference to `memcpy' gost_crypt.o(.text+0xbaa): more undefined references to `memcpy' follow gost_crypt.o: In function `gost_imit_cleanup': gost_crypt.o(.text+0xe80): undefined reference to `memset' gost_ctl.o: In function `get_gost_engine_param': gost_ctl.o(.text+0xdc): undefined reference to `getenv' gost_ctl.o: In function `gost_set_default_param': gost_ctl.o(.text+0x15c): undefined reference to `getenv' gost_eng.o: In function `bind_gost': gost_eng.o(.text+0x129): undefined reference to `strcmp' gost_eng.o(.text+0x158): undefined reference to `puts' gost_eng.o(.text+0x24a): undefined reference to `__sstderr' gost_eng.o(.text+0x25b): undefined reference to `fwrite' gost_eng.o(.text+0x27d): undefined reference to `__sstderr' gosthash.o: In function `init_gost_hash_ctx': gosthash.o(.text+0x25): undefined reference to `malloc' gosthash.o: In function `done_gost_hash_ctx': gosthash.o(.text+0x79): undefined reference to `free' gosthash.o: In function `hash_block': gosthash.o(.text+0x140): undefined reference to `memcpy' gosthash.o(.text+0x251): undefined reference to `memcpy' gosthash.o: In function `hash_step': gosthash.o(.text+0xa15): undefined reference to `memmove' gosthash.o(.text+0xacc): undefined reference to `memmove' gosthash.o(.text+0xb85): undefined reference to `memmove' gost_md.o: In function `gost_digest_copy': gost_md.o(.text+0xf9): undefined reference to `memcpy' gost_md.o: In function `gost_digest_cleanup': gost_md.o(.text+0x14a): undefined reference to `memset' gost_pmeth.o: In function `pkey_gost_ctrl': gost_pmeth.o(.text+0x45f): undefined reference to `memcpy' gost_pmeth.o: In function `pkey_gost_ctrl94_str': gost_pmeth.o(.text+0x4b3): undefined reference to `strlen' gost_pmeth.o(.text+0x4c6): undefined reference to `strlen' gost_pmeth.o(.text+0x554): undefined reference to `_CurrentRuneLocale' gost_pmeth.o(.text+0x578): undefined reference to `_CurrentRuneLocale' gost_pmeth.o(.text+0x5bd): undefined reference to `___toupper' gost_pmeth.o(.text+0x5cb): undefined reference to `___toupper' gost_pmeth.o(.text+0x5ee): undefined reference to `_CurrentRuneLocale' gost_pmeth.o(.text+0x645): undefined reference to `___toupper' gost_pmeth.o: In function `pkey_gost_ctrl01_str': gost_pmeth.o(.text+0x693): undefined reference to `strlen' gost_pmeth.o(.text+0x6a6): undefined reference to `strlen' gost_pmeth.o(.text+0x734): undefined reference to `_CurrentRuneLocale' gost_pmeth.o(.text+0x758): undefined reference to `_CurrentRuneLocale' gost_pmeth.o(.text+0x786): undefined reference to `___toupper' gost_pmeth.o(.text+0x794): undefined reference to `___toupper' gost_pmeth.o(.text+0x7ae): undefined reference to `_CurrentRuneLocale' gost_pmeth.o(.text+0x801): undefined reference to `___toupper' gost_pmeth.o: In function `pkey_gost_mac_ctrl_str': gost_pmeth.o(.text+0xeb5): undefined reference to `strlen' gost_sign.o: In function `pack_sign_cp': gost_sign.o(.text+0x20d): undefined reference to `memset' gost_sign.o: In function `store_bignum': gost_sign.o(.text+0x7fa): undefined reference to `memset' gmake[3]: Leaving directory `/usr/source/openssl-SNAP-20090113/engines/ccgost' Generate and verify a certificate request generating certificate request rsa There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 512 bit RSA private key ... . writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU
Openssl-SNAP still erroring out
Right in the tests we run into There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 512 bit RSA private key .. . writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au 134954328:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and key type not supported:a_sign.c:245: problems creating request *** Error code 1 Stop. *** Error code 1 Stop. Source of the problem if (type-flags EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { if (!pkey-ameth || !OBJ_find_sigid_by_algs(signid, EVP_MD_nid(type), pkey-ameth-pkey_id)) { ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; } } Using ./Configure 386 threads shared no-sse2 enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf ; gmake update;gmake depend to compile. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Time for patriots to declare their fundamental alliance! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Openssl-SNAP still erroring out
On Fri, Feb 06, 2009 at 11:54:26AM -0800, Kyle Hamilton wrote: This does not appear on MacOSX 10.5.6 (with 0.9.8-stable-SNAP-20090206). ./config threads shared no-sse2 enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib (Note that I don't have GMP, so I had to remove it from the line.) All tests pass. (however, experimental-jpake fails with Bob fails to process Alice's step 3a (hash of hash of key mismatch).) -Kyle H MAcOSX having a /usr/contrib? Please replace with /usr/local . whrlpool works with openssl 0.9.8? Also gmp is available at ftp://ftp.ftp.gnu.org/pub/gnu . On Fri, Feb 6, 2009 at 8:23 AM, Dr. Stephen Henson st...@openssl.org wrote: On Fri, Feb 06, 2009, The Doctor wrote: Right in the tests we run into There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 512 bit RSA private key .. . writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au 134954328:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and key type not supported:a_sign.c:245: problems creating request *** Error code 1 Stop. *** Error code 1 Stop. Source of the problem if (type-flags EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { if (!pkey-ameth || !OBJ_find_sigid_by_algs(signid, EVP_MD_nid(type), pkey-ameth-pkey_id)) { ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; } } Using ./Configure 386 threads shared no-sse2 enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf ; gmake update;gmake depend to compile. Still can't reproduce it here. Can you try a vanilla build with: ./config to see if you still get that? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Time for patriots to declare their fundamental alliance! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Openssl-SNAP still erroring out
On Fri, Feb 06, 2009 at 05:23:59PM +0100, Dr. Stephen Henson wrote: On Fri, Feb 06, 2009, The Doctor wrote: Right in the tests we run into There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 512 bit RSA private key .. . writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au 134954328:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and key type not supported:a_sign.c:245: problems creating request *** Error code 1 Stop. *** Error code 1 Stop. Source of the problem if (type-flags EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { if (!pkey-ameth || !OBJ_find_sigid_by_algs(signid, EVP_MD_nid(type), pkey-ameth-pkey_id)) { ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; } } Using ./Configure 386 threads shared no-sse2 enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf ; gmake update;gmake depend to compile. Still can't reproduce it here. Can you try a vanilla build with: ./config to see if you still get that? Steve. -- Sir, I invite you to this network to see for yourself. Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Time for patriots to declare their fundamental alliance! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Openssl-SNAP still erroring out
On Sat, Feb 07, 2009 at 11:48:31AM +0100, Dr. Stephen Henson wrote: On Fri, Feb 06, 2009, The Doctor wrote: Right in the tests we run into There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 512 bit RSA private key .. . writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au 134954328:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and key type not supported:a_sign.c:245: problems creating request *** Error code 1 Stop. *** Error code 1 Stop. Source of the problem if (type-flags EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { if (!pkey-ameth || !OBJ_find_sigid_by_algs(signid, EVP_MD_nid(type), pkey-ameth-pkey_id)) { ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; } } Using ./Configure 386 threads shared no-sse2 enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf ; gmake update;gmake depend to compile. I'm not sure how you are managing that debug-bsdi-x86-elf isn't a valid platform name. That command alone gives an error message here. Point well taken. This is a hybrid that I come up with which has worked with openssl 0.9.8 . It combines bsdi-elf-gcc and debug-BSD-x86-elf and is as follows: debug-bsdi-x86-elf, gcc3:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Time for patriots to declare their fundamental alliance! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Fwd: Openssl-SNAP still erroring out (verified on OSX 10.5.6 and virgin config)
On Sat, Feb 07, 2009 at 12:46:52PM -0800, Kyle Hamilton wrote: The bug does appear on OSX 10.5.6 (openssl-SNAP-20090207) with the following command line: ./config threads shared no-sse2 enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-mdc2 enable-rc5 --prefix=/$HOME/ossl --openssldir=$HOME/ossl [...] Generate and verify a certificate request generating certificate request rsa There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 512 bit RSA private key .. writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au 2693744484:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and key type not supported:a_sign.c:245: problems creating request make[1]: *** [test_gen] Error 1 make[1]: Leaving directory `/Users/kyanha/workspace/ossl/snap/openssl-SNAP-20090207/test' make: *** [tests] Error 2 It also appears with the following command-line: ./config --prefix=$HOME/ossl --openssldir=$HOME/ossl -Kyle H -- Forwarded message -- From: Dr. Stephen Henson st...@openssl.org Date: Sat, Feb 7, 2009 at 2:30 AM Subject: Re: Openssl-SNAP still erroring out To: openssl-dev@openssl.org On Fri, Feb 06, 2009, Kyle Hamilton wrote: This does not appear on MacOSX 10.5.6 (with 0.9.8-stable-SNAP-20090206). ./config threads shared no-sse2 enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib You'd need to try the 0.9.9 snapshots to check the reported error. That bit of code (the EVP_PKEY APIs) isn't in 0.9.8. Steve. Hence it is BSD related. The last one that did work was openssl-SNAP-20081228 . Kyle would you like a copy of said package? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Time for patriots to declare their fundamental alliance! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: {?} Re: Fwd: Openssl-SNAP still erroring out (verified on OSX 10.5.6 and virgin config)
On Mon, Feb 09, 2009 at 11:04:56PM +0100, Dr. Stephen Henson wrote: On Sat, Feb 07, 2009, The Doctor wrote: On Sat, Feb 07, 2009 at 12:46:52PM -0800, Kyle Hamilton wrote: The bug does appear on OSX 10.5.6 (openssl-SNAP-20090207) with the following command line: ./config threads shared no-sse2 enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-mdc2 enable-rc5 --prefix=/$HOME/ossl --openssldir=$HOME/ossl [...] Generate and verify a certificate request generating certificate request rsa There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 512 bit RSA private key .. writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au 2693744484:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and key type not supported:a_sign.c:245: problems creating request make[1]: *** [test_gen] Error 1 make[1]: Leaving directory `/Users/kyanha/workspace/ossl/snap/openssl-SNAP-20090207/test' make: *** [tests] Error 2 It also appears with the following command-line: ./config --prefix=$HOME/ossl --openssldir=$HOME/ossl -Kyle H -- Forwarded message -- From: Dr. Stephen Henson st...@openssl.org Date: Sat, Feb 7, 2009 at 2:30 AM Subject: Re: Openssl-SNAP still erroring out To: openssl-dev@openssl.org On Fri, Feb 06, 2009, Kyle Hamilton wrote: This does not appear on MacOSX 10.5.6 (with 0.9.8-stable-SNAP-20090206). ./config threads shared no-sse2 enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib You'd need to try the 0.9.9 snapshots to check the reported error. That bit of code (the EVP_PKEY APIs) isn't in 0.9.8. Steve. Hence it is BSD related. The last one that did work was openssl-SNAP-20081228 . Kyle would you like a copy of said package? I can't see anything in CVS around that time which could affect this. I don't use BSD much myself but couldn't reproduce this on FreeBSD 7.1 under VMWare. Steve. How about FreeBSD 5.X or 6.X? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Time for patriots to declare their fundamental alliance! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: {?} Re: Fwd: Openssl-SNAP still erroring out (verified on OSX 10.5.6 and virgin config)
On Tue, Feb 10, 2009 at 02:06:31PM +0100, Dr. Stephen Henson wrote: On Tue, Feb 10, 2009, Kyle Hamilton wrote: *** virgin/crypto/objects/obj_xref.h2009-02-10 05:01:06.0 -0800 --- openssl-SNAP-20090207/crypto/objects/obj_xref.h 2009-02-10 [snipped] Ah, that explains it. The top level Makefile call to objxref.pl was breaking it. I've just committed a fix. Please try the latest HEAD or the next snapshot. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Still seeing: There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 512 bit RSA private key ... writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au 134999776:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and key type not supported:a_sign.c:245: problems creating request gmake[1]: *** [test_gen] Error 1 gmake[1]: Leaving directory `/usr/source/openssl-SNAP-20090210/test' gmake: *** [tests] Error 2 -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Time for patriots to declare their fundamental alliance! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: {?} Re: {?} Re: Fwd: Openssl-SNAP still erroring out (verified on OSX 10.5.6 and virgin config)
On Tue, Feb 10, 2009 at 06:51:32PM +0100, Dr. Stephen Henson wrote: On Tue, Feb 10, 2009, The Doctor wrote: On Tue, Feb 10, 2009 at 02:06:31PM +0100, Dr. Stephen Henson wrote: On Tue, Feb 10, 2009, Kyle Hamilton wrote: *** virgin/crypto/objects/obj_xref.h2009-02-10 05:01:06.0 -0800 --- openssl-SNAP-20090207/crypto/objects/obj_xref.h 2009-02-10 [snipped] Ah, that explains it. The top level Makefile call to objxref.pl was breaking it. I've just committed a fix. Please try the latest HEAD or the next snapshot. Still seeing: You'll need the latest source from CVS/rsync or tomorrow's snapshot. Alternatively apply this patch: http://cvs.openssl.org/chngview?cn=17825 If you aren't starting from virgin sources you may need to delete crypto/objects/obj_xref.h first too. Steve. -- I will try 20090211 and let you know. Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Time for patriots to declare their fundamental alliance! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: {?} Re: {?} Re: Fwd: Openssl-SNAP still erroring out (verified on OSX 10.5.6 and virgin config)
On Tue, Feb 10, 2009 at 02:55:50PM -0700, The Doctor wrote: On Tue, Feb 10, 2009 at 06:51:32PM +0100, Dr. Stephen Henson wrote: On Tue, Feb 10, 2009, The Doctor wrote: On Tue, Feb 10, 2009 at 02:06:31PM +0100, Dr. Stephen Henson wrote: On Tue, Feb 10, 2009, Kyle Hamilton wrote: *** virgin/crypto/objects/obj_xref.h 2009-02-10 05:01:06.0 -0800 --- openssl-SNAP-20090207/crypto/objects/obj_xref.h 2009-02-10 [snipped] Ah, that explains it. The top level Makefile call to objxref.pl was breaking it. I've just committed a fix. Please try the latest HEAD or the next snapshot. Still seeing: You'll need the latest source from CVS/rsync or tomorrow's snapshot. Alternatively apply this patch: http://cvs.openssl.org/chngview?cn=17825 If you aren't starting from virgin sources you may need to delete crypto/objects/obj_xref.h first too. Steve. -- I will try 20090211 and let you know. Attention everyone, this should work as the primary server is now using this. When in openssl 0.9.9 expected to be released? Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal InternationalThis is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Time for patriots to declare their fundamental alliance! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Time for patriots to declare their fundamental alliance! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
32-bit vs 64-bit FreeBSD on Openssl-0.9.8-SNAPs
Can someone answer why when I use ./Configure threads shared enable-capieng enable-cms enable-montasm enable-krb5 enable-tlsext enable-seed enable-fips fipsdso enable-camellia enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/ --openssldir=/usr/ BSD-x86-elf -g -O3 -Wall ; make depend no problem on FreeBSD 6.X am64 but on FreeBSD 5.X i386 I get Msg =
Error showed up in openssl-SNAP-20090315
This showed up on today's compile as an assert error. /path/to/openssl-SNAP-20090315/crypto/x509v3/v3_addr.c As an error Please add then line #insert assert.h to solve in /path/to/openssl-SNAP-date/crypto/x509v3/v3_addr.c assert error . -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Point to http://tv.cityonahillproductions.com/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: apache http server not connecting to correct open ssl -- urgent help needed
On Thu, Apr 02, 2009 at 05:20:30PM -0400, Srinivas Jonnalagadda wrote: Hi, I have openssl 0.9.8b installed with apache http server 2.0.55 on sloariz machine. when i installed i used the /usr/local/ssl as prefix and i did not use shared threads option. I was able to install successfully. On the same machine i installed openssl 0.9.8i in /usr/local/openssl098i directory and used the shared threads option. i installed apache http 2.0.63 on the same machine and when i installed i gave prefix as /usr/local/openssl098i. my intention was tht when i start apache http 2.0.63 i should use /usr/local/openssl098i and when is start apache http server 2.0.55 i should use /usr/local/ssl. My problem now is when i start both are connecting to openssl 0.9.8b. Please tell me how to connect to both. You need to make slight modifications to the Apache code! Instead of STACK you need to specify STACK_OF( ). Thanks, Srinivas Jonnalagadda __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Point to http://tv.cityonahillproductions.com/ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Openssl 1.0.0
Now we are on to Beta 2 , Great News. When should expecting: BetaX RCX and the release? Also what errors or issues are we looking for in this beta? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Point to http://tv.cityonahillproductions.com/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Issue with openssl-1.0.0-stable-SNAP-20090429
Errors are as follow on BSD/OS 4.3 test SSL protocol ../util/shlib_wrap.sh ./ssltest -test_cipherlist testing SSLv2 cipher list order: ok testing SSLv3 cipher list order: ok testing TLSv1 cipher list order: ok test sslv2 Available compression methods: 1: zlib compression 134547716:error:140A90A1:SSL routines:SSL_CTX_new:library has no ciphers:ssl_lib.c:1535: 134547716:error:140A90A1:SSL routines:SSL_CTX_new:library has no ciphers:ssl_lib.c:1535: *** Error code 1 Stop. *** Error code 1 NO problem in openssl-1.0.0-stable-SNAP-20090428 . Any other BSDish platform seeing this problems? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! 12 May BC vote Liberal and remember the NDP scandals like Mulroney! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Error in openssl-1.0.0 beta release 20090507
In engines/e_padlock.c Somewhere you need to add an #endif . I did so above the last 2 but I could be wrong. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! 12 May BC vote Liberal and remember the NDP scandals like Mulroney! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Error in openssl-1.0.0-stable-SNAP-20090516
make making all in crypto... making all in crypto/objects... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/whrlpool... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/camellia... making all in crypto/seed... making all in crypto/modes... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/ecdsa... making all in crypto/dh... making all in crypto/ecdh... making all in crypto/dso... making all in crypto/engine... making all in crypto/buffer... making all in crypto/bio... gcc -I.. -I../.. -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O2 -Wall -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 -march=pentium3 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c bss_dgram.c bss_dgram.c: In function `dgram_read': bss_dgram.c:292: structure has no member named `hstimeout' bss_dgram.c: In function `dgram_ctrl': bss_dgram.c:337: warning: unused variable `sockopt_val' bss_dgram.c:338: warning: unused variable `sockopt_len' *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! If you cannot lead a family how can you pastor a church? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Error in openssl-1.0.0-stable-SNAP-20090516
On Sun, May 17, 2009 at 07:16:47PM +0200, Ger Hobbelt wrote: See ongoing discussion regarding DTLS: this is something that should be adjusted in the next CVS, if I read Mr. Henson's messages correctly. DTLS is in progress, so expect some issues in the near future: snapshots are a, after all, only snaps of the development process at work.) Take care, Ger On Sat, May 16, 2009 at 1:50 PM, The Doctor doc...@doctor.nl2k.ab.ca wrote:  make making all in crypto... making all in crypto/objects... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/whrlpool... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/camellia... making all in crypto/seed... making all in crypto/modes... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/ecdsa... making all in crypto/dh... making all in crypto/ecdh... making all in crypto/dso... making all in crypto/engine... making all in crypto/buffer... making all in crypto/bio... gcc -I.. -I../.. -I../asn1 -I../evp -I../../include  -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN  -DHAVE_DLFCN_H -g -O2 -Wall  -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer  -O9 -march=pentium3 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c bss_dgram.c bss_dgram.c: In function `dgram_read': bss_dgram.c:292: structure has no member named `hstimeout' bss_dgram.c: In function `dgram_ctrl': bss_dgram.c:337: warning: unused variable `sockopt_val' bss_dgram.c:338: warning: unused variable `sockopt_len' *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 -- Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! If you cannot lead a family how can you pastor a church? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project                 http://www.openssl.org Development Mailing List            openssl-dev@openssl.org Automated List Manager              majord...@openssl.org -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web:http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org It got corrected this morning. BTW, I am a daily tester. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! If you cannot lead a family how can you pastor a church? __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
EVP_md2 error
Show stopper in php-5.2.8 + ext/openssl/.libs/openssl.o: In function `php_openssl_get_evp_md_from_algo': /usr/source/php-5.3.0/ext/openssl/openssl.c:908: undefined reference to `EVP_md2' Can this call be restored? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! The fool says in his heart, There is no God. They are corrupt, and their ways are vile; there is no one who does good. - Ps 53:1 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Today's error in openssl-1.0.0-stable-SNAP-20090714
making all in crypto/store... if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libcrypto.so.1.0.0); fi rm -f openssl shlib_target=; if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then shlib_target=bsd-gcc-shared; fi; LIBRARIES=-L.. -lssl -L.. -lcrypto ; make -f ../Makefile.shared -e APPNAME=openssl OBJECTS=openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o LIBDEPS= $LIBRARIES -lgmp -ldl -lm -lc link_app.${shlib_target} x509.o: In function `x509_main': /usr/source/openssl-1.0.0-stable-SNAP-20090714/apps/x509.c:629: undefined reference to `X509_gmtime_adj_ex' *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! The fool says in his heart, There is no God. They are corrupt, and their ways are vile; there is no one who does good. - Ps 53:1 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Noticed something in the openssl-1.0.0 20090811 SNAPshot
First Time I have seem Cannot find path to openssl/engines/ . In FreeBSD-7.2 and64 it is a show stopper. In the old BSDI BSD/OS 4.3.X just create directory and away you go. Suggestion: Can the path to openssl/engines/ point ot path to openssl/lib/ after all only .so's are being installed. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! The fool says in his heart, There is no God. They are corrupt, and their ways are vile; there is no one who does good. - Ps 53:1 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Error in 20090826 SNAPs
Script started on Wed Aug 26 05:26:54 2009 doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20090826$ make making all in crypto... ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o mem_clr.o /usr/bin/ranlib ../libcrypto.a || echo Never mind. making all in crypto/objects... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/whrlpool... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/camellia... making all in crypto/seed... making all in crypto/modes... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/ecdsa... making all in crypto/dh... making all in crypto/ecdh... making all in crypto/dso... making all in crypto/engine... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... making all in crypto/cms... making all in crypto/pqueue... making all in crypto/ts... making all in crypto/jpake... making all in crypto/store... if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libcrypto.so.1.0.0); fi making all in ssl... if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libssl.so.1.0.0); fi making all in engines... echo making all in engines/ccgost... making all in apps... gcc -DMONOLITH -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O2 -Wall -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c s_socket.c s_socket.c: In function `init_client_ip': s_socket.c:245: storage size of `them' isn't known s_socket.c:251: `AF_INET' undeclared (first use in this function) s_socket.c:251: (Each undeclared identifier is reported only once s_socket.c:251: for each function it appears in.) s_socket.c:260: `SOCK_STREAM' undeclared (first use in this function) s_socket.c:261: warning: implicit declaration of function `socket' s_socket.c:261: `IPPROTO_TCP' undeclared (first use in this function) s_socket.c:263: `SOCK_DGRAM' undeclared (first use in this function) s_socket.c:263: `IPPROTO_UDP' undeclared (first use in this function) s_socket.c:265: `INVALID_SOCKET' undeclared (first use in this function) s_socket.c:276: warning: implicit declaration of function `connect' s_socket.c:245: warning: unused variable `them' s_socket.c:246: warning: unused variable `i' s_socket.c: In function `do_server': s_socket.c:298: `SOCK_STREAM' undeclared (first use in this function) s_socket.c:302: warning: implicit declaration of function `SHUTDOWN' s_socket.c:311: warning: implicit declaration of function `SHUTDOWN2' s_socket.c: In function `init_server_long': s_socket.c:323: storage size of `server' isn't known s_socket.c:329: `AF_INET' undeclared (first use in this function) s_socket.c:332: `INADDR_ANY' undeclared (first use in this function) s_socket.c:341: `SOCK_STREAM' undeclared (first use in this function) s_socket.c:342: `IPPROTO_TCP' undeclared (first use in this function) s_socket.c:344: `SOCK_DGRAM' undeclared (first use in this function) s_socket.c:344: `IPPROTO_UDP' undeclared (first use in this function) s_socket.c:346: `INVALID_SOCKET' undeclared (first use in this function) s_socket.c:354: warning: implicit declaration of function `bind' s_socket.c:362: warning: implicit declaration of function `listen' s_socket.c:323: warning: unused variable `server' s_socket.c: In function `do_accept': s_socket.c:383: storage size of `from' isn't known s_socket.c:400: warning: implicit declaration of function `accept' s_socket.c:401: `INVALID_SOCKET' undeclared (first use in this function) s_socket.c:431: warning: implicit declaration of function `gethostbyaddr' s_socket.c:432: `AF_INET' undeclared (first use in this function) s_socket.c:432: warning: assignment makes pointer from integer without a cast s_socket.c:445: dereferencing pointer to incomplete type s_socket.c:450: dereferencing pointer to
Bug up in openssl 0.9.8
How does this effect openssl 1+ ? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.myspace.com/502748630 For the latest World News go to http://www.cuttingedge.org/ - Lest we forget 2009 . __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
New blackout
I was able to see openssl.org last night MST but not at this current time. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.myspace.com/502748630 Merry Christmas 2009 and Happy New Year 2010 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Any errors of interest?
Script started on Wed Dec 2 05:54:45 2009 doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20091202$ egrep bsdi Con figure bsdi-elf-gcc, gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), debug-bsdi-x86-elf, gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20091202$ make test Error opening certificate file ../certs/*.pem 134962536:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('../certs/*.pem','r') 134962536:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357: error 40 at 0 depth lookup:proxy certificates not allowed, please set the appropriate flag error 40 at 0 depth lookup:proxy certificates not allowed, please set the appropriate flag 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051: 134962536:error:2F06606C:time stamp routines:TS_CHECK_POLICY:policy mismatch:ts_rsp_verify.c:575: 134962536:error:2F06606C:time stamp routines:TS_CHECK_POLICY:policy mismatch:ts_rsp_verify.c:575: 134962536:error:2F064067:time stamp routines:TS_CHECK_IMPRINTS:message imprint mismatch:ts_rsp_verify.c:659: 134523612:error:3106706A:lib(49):JPAKE_STEP3A_process:hash of hash of key mismatch:jpake.c:443: ALL TESTS SUCCESSFUL. OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.0-beta4 10 Nov 2009 built on: Wed Dec 2 05:44:38 MST 2009 platform: debug-bsdi-x86-elf options: bn(64,32) md2(int) rc4(4x,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O2 -Wall -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM OPENSSLDIR: /usr/contrib `test' is up to date. doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20091202$ exit exit Script done on Wed Dec 2 05:59:23 2009 -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.myspace.com/502748630 Merry Christmas 2009 and Happy New Year 2010
openssl-1.0.0-stable-SNAP-20091218
This is flaky and inconsistent. openssl-1.0.0-stable-SNAP-20091217 works better. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.myspace.com/502748630 Merry Christmas 2009 and Happy New Year 2010 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
openssl-0.9.7-stable-SNAP-20031228 not compiling on BSD/OS
inttypes.h seems to be the culprit Here is a script of the transaction Script started on Sun Dec 28 06:51:25 2003 doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031228$ make making all in crypto... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/dh... making all in crypto/dso... making all in crypto/engine... making all in crypto/aes... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/objects... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make -f Makefile.ssl libcrypto.so.0.9.7); fi `libcrypto.so.0.9.7' is up to date. making all in ssl... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make -f Makefile.ssl libssl.so.0.9.7); fi `libssl.so.0.9.7' is up to date. making all in apps... making all in test... gcc -I.. -I../include -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ssltest.c ssltest.c: In function `app_verify_callback': ssltest.c:1512: `uintptr_t' undeclared (first use in this function) ssltest.c:1512: (Each undeclared identifier is reported only once ssltest.c:1512: for each function it appears in.) ssltest.c:1512: syntax error before `ctx' *** Error code 1 Stop. *** Error code 1 Stop. doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031228$ uname BSD/OS doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031228$ exit exit Script done on Sun Dec 28 06:51:35 2003 openssl-0.9.7-stable-stable-SNAP-20031227 did not have this problem. -- Member - Liberal International On 11 Sept 2001 the WORLD was violated. This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] Society MUST be saved! Extremists must dissolve. Merry Christmas 2003 and Happy New Year 2004 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl-0.9.7-stable-SNAP-20031228 not compiling on BSD/OS
On Sun, Dec 28, 2003 at 07:28:53PM +0100, Richard Levitte - VMS Whacker wrote: OK, I'll restore it to what it was previously, tomorrow. Still get the following in 1229 Script started on Mon Dec 29 07:45:39 2003 doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031229$ make making all in crypto... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/dh... making all in crypto/dso... making all in crypto/engine... making all in crypto/aes... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/objects... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make -f Makefile.ssl libcrypto.so.0.9.7); fi `libcrypto.so.0.9.7' is up to date. making all in ssl... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make -f Makefile.ssl libssl.so.0.9.7); fi `libssl.so.0.9.7' is up to date. making all in apps... making all in test... gcc -I.. -I../include -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ssltest.c ssltest.c:122: inttypes.h: No such file or directory *** Error code 1 Stop. *** Error code 1 Stop. doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031229$ exit exit Script done on Mon Dec 29 07:45:47 2003 In message [EMAIL PROTECTED] on Sun, 28 Dec 2003 06:59:44 -0700, The Doctor [EMAIL PROTECTED] said: doctor inttypes.h seems to be the culprit doctor doctor Here is a script of the transaction doctor doctor doctor Script started on Sun Dec 28 06:51:25 2003 doctor doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031228$ make doctor making all in crypto... doctor making all in crypto/md2... doctor making all in crypto/md4... doctor making all in crypto/md5... doctor making all in crypto/sha... doctor making all in crypto/mdc2... doctor making all in crypto/hmac... doctor making all in crypto/ripemd... doctor making all in crypto/des... doctor making all in crypto/rc2... doctor making all in crypto/rc4... doctor making all in crypto/rc5... doctor making all in crypto/idea... doctor making all in crypto/bf... doctor making all in crypto/cast... doctor making all in crypto/bn... doctor making all in crypto/ec... doctor making all in crypto/rsa... doctor making all in crypto/dsa... doctor making all in crypto/dh... doctor making all in crypto/dso... doctor making all in crypto/engine... doctor making all in crypto/aes... doctor making all in crypto/buffer... doctor making all in crypto/bio... doctor making all in crypto/stack... doctor making all in crypto/lhash... doctor making all in crypto/rand... doctor making all in crypto/err... doctor making all in crypto/objects... doctor making all in crypto/evp... doctor making all in crypto/asn1... doctor making all in crypto/pem... doctor making all in crypto/x509... doctor making all in crypto/x509v3... doctor making all in crypto/conf... doctor making all in crypto/txt_db... doctor making all in crypto/pkcs7... doctor making all in crypto/pkcs12... doctor making all in crypto/comp... doctor making all in crypto/ocsp... doctor making all in crypto/ui... doctor making all in crypto/krb5... doctor if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make -f Makefile.ssl libcrypto.so.0.9.7); fi doctor `libcrypto.so.0.9.7' is up to date. doctor making all in ssl... doctor if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make -f Makefile.ssl libssl.so.0.9.7); fi doctor `libssl.so.0.9.7' is up to date. doctor making all in apps... doctor making all in test... doctor gcc -I.. -I../include -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ssltest.c doctor ssltest.c: In function `app_verify_callback': doctor ssltest.c:1512: `uintptr_t' undeclared (first use in this function
Re: openssl-0.9.7-stable-SNAP-20031228 not compiling on BSD/OS
This error is still occuring. Script started on Tue Dec 30 07:17:24 2003 doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031230$ make making all in crypto... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/dh... making all in crypto/dso... making all in crypto/engine... making all in crypto/aes... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/objects... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make -f Makefile.ssl libcrypto.so.0.9.7); fi `libcrypto.so.0.9.7' is up to date. making all in ssl... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make -f Makefile.ssl libssl.so.0.9.7); fi `libssl.so.0.9.7' is up to date. making all in apps... making all in test... gcc -I.. -I../include -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ssltest.c ssltest.c:122: inttypes.h: No such file or directory *** Error code 1 Stop. *** Error code 1 Stop. doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031230$ exit exit Script done on Tue Dec 30 07:17:36 2003 On Mon, Dec 29, 2003 at 07:57:33AM -0700, The Doctor wrote: On Sun, Dec 28, 2003 at 07:28:53PM +0100, Richard Levitte - VMS Whacker wrote: OK, I'll restore it to what it was previously, tomorrow. Still get the following in 1229 Script started on Mon Dec 29 07:45:39 2003 doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031229$ make making all in crypto... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/dh... making all in crypto/dso... making all in crypto/engine... making all in crypto/aes... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/objects... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make -f Makefile.ssl libcrypto.so.0.9.7); fi `libcrypto.so.0.9.7' is up to date. making all in ssl... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make -f Makefile.ssl libssl.so.0.9.7); fi `libssl.so.0.9.7' is up to date. making all in apps... making all in test... gcc -I.. -I../include -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ssltest.c ssltest.c:122: inttypes.h: No such file or directory *** Error code 1 Stop. *** Error code 1 Stop. doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031229$ exit exit Script done on Mon Dec 29 07:45:47 2003 In message [EMAIL PROTECTED] on Sun, 28 Dec 2003 06:59:44 -0700, The Doctor [EMAIL PROTECTED] said: doctor inttypes.h seems to be the culprit doctor doctor Here is a script of the transaction doctor doctor doctor Script started on Sun Dec 28 06:51:25 2003 doctor doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031228$ make doctor making all in crypto
openssl 0.9.7e snapshot error 28 June 2004
Script started on Mon Jun 28 05:57:31 2004 doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20040628$ make making all in crypto... making all in crypto/objects... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/dh... making all in crypto/dso... making all in crypto/engine... making all in crypto/aes... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make libcrypto.so.0.9.7); fi + rm -f libcrypto.so.0 + rm -f libcrypto.so + rm -f libcrypto.so.0.9.7 libs='-L. '; for i in crypto; do if [ crypto = ssl -a -n ]; then libs= $libs; fi; ( set -x; gcc -shared -o lib$i.so.0.9.7 -Wl,-soname=lib$i.so.0.9.7 -Wl,-Bsymbolic -Wl,--whole-archive lib$i.a -Wl,--no-whole-archive $libs -ldl -lc ) || exit 1; libs=-l$i $libs; done + gcc -shared -o libcrypto.so.0.9.7 -Wl,-soname=libcrypto.so.0.9.7 -Wl,-Bsymbolic -Wl,--whole-archive libcrypto.a -Wl,--no-whole-archive -L. -ldl -lc libcrypto.a(fips_dh_check.o): In function `DH_check': /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_check.c(.text+0x0): multiple definition of `DH_check' libcrypto.a(dh_check.o)(.text+0x0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_check.c: first defined here libcrypto.a(fips_dh_key.o): In function `DH_OpenSSL': /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2a0): multiple definition of `DH_OpenSSL' libcrypto.a(dh_key.o)(.text+0x2a0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c: first defined here libcrypto.a(fips_dh_key.o): In function `DH_generate_key': /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2c0): multiple definition of `DH_generate_key' libcrypto.a(dh_key.o)(.text+0x2c0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c: first defined here libcrypto.a(fips_dh_key.o): In function `DH_compute_key': /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2f0): multiple definition of `DH_compute_key' libcrypto.a(dh_key.o)(.text+0x2f0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c: first defined here *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20040628$ exit exit Script done on Mon Jun 28 05:57:39 2004 OS BSD/OS 4.3.1 -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Canada - VOTE __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl 0.9.7e snapshot error 28 June 2004
On Mon, Jun 28, 2004 at 02:40:45PM +0200, Richard Levitte - VMS Whacker wrote: Try the following: make clean; make Cheers, Richard (OpenSSL doctor :-)) Same error occurs. This did not happen yesterday. In message [EMAIL PROTECTED] on Mon, 28 Jun 2004 06:09:50 -0600, The Doctor [EMAIL PROTECTED] said: doctor Script started on Mon Jun 28 05:57:31 2004 doctor doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20040628$ make doctor making all in crypto... doctor making all in crypto/objects... doctor making all in crypto/md2... doctor making all in crypto/md4... doctor making all in crypto/md5... doctor making all in crypto/sha... doctor making all in crypto/mdc2... doctor making all in crypto/hmac... doctor making all in crypto/ripemd... doctor making all in crypto/des... doctor making all in crypto/rc2... doctor making all in crypto/rc4... doctor making all in crypto/rc5... doctor making all in crypto/idea... doctor making all in crypto/bf... doctor making all in crypto/cast... doctor making all in crypto/bn... doctor making all in crypto/ec... doctor making all in crypto/rsa... doctor making all in crypto/dsa... doctor making all in crypto/dh... doctor making all in crypto/dso... doctor making all in crypto/engine... doctor making all in crypto/aes... doctor making all in crypto/buffer... doctor making all in crypto/bio... doctor making all in crypto/stack... doctor making all in crypto/lhash... doctor making all in crypto/rand... doctor making all in crypto/err... doctor making all in crypto/evp... doctor making all in crypto/asn1... doctor making all in crypto/pem... doctor making all in crypto/x509... doctor making all in crypto/x509v3... doctor making all in crypto/conf... doctor making all in crypto/txt_db... doctor making all in crypto/pkcs7... doctor making all in crypto/pkcs12... doctor making all in crypto/comp... doctor making all in crypto/ocsp... doctor making all in crypto/ui... doctor making all in crypto/krb5... doctor if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make libcrypto.so.0.9.7); fi doctor + rm -f libcrypto.so.0 doctor + rm -f libcrypto.so doctor + rm -f libcrypto.so.0.9.7 doctor libs='-L. '; for i in crypto; do if [ crypto = ssl -a -n ]; then libs= $libs; fi; ( set -x; gcc -shared -o lib$i.so.0.9.7 -Wl,-soname=lib$i.so.0.9.7 -Wl,-Bsymbolic -Wl,--whole-archive lib$i.a -Wl,--no-whole-archive $libs -ldl -lc ) || exit 1; libs=-l$i $libs; done doctor + gcc -shared -o libcrypto.so.0.9.7 -Wl,-soname=libcrypto.so.0.9.7 -Wl,-Bsymbolic -Wl,--whole-archive libcrypto.a -Wl,--no-whole-archive -L. -ldl -lc doctor libcrypto.a(fips_dh_check.o): In function `DH_check': doctor /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_check.c(.text+0x0): multiple definition of `DH_check' doctor libcrypto.a(dh_check.o)(.text+0x0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_check.c: first defined here doctor libcrypto.a(fips_dh_key.o): In function `DH_OpenSSL': doctor /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2a0): multiple definition of `DH_OpenSSL' doctor libcrypto.a(dh_key.o)(.text+0x2a0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c: first defined here doctor libcrypto.a(fips_dh_key.o): In function `DH_generate_key': doctor /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2c0): multiple definition of `DH_generate_key' doctor libcrypto.a(dh_key.o)(.text+0x2c0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c: first defined here doctor libcrypto.a(fips_dh_key.o): In function `DH_compute_key': doctor /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2f0): multiple definition of `DH_compute_key' doctor libcrypto.a(dh_key.o)(.text+0x2f0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c: first defined here doctor *** Error code 1 doctor doctor Stop. doctor *** Error code 1 doctor doctor Stop. doctor *** Error code 1 doctor doctor Stop. doctor *** Error code 1 doctor doctor Stop. doctor doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20040628$ exit doctor exit doctor doctor Script done on Mon Jun 28 05:57:39 2004 doctor doctor OS BSD/OS 4.3.1 - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info
Re: openssl 0.9.7e snapshot error 28 June 2004
threads / debug/ zlib-dynamic / shared / no-fips Using bsd/os 4.3.1 and elf On Mon, Jun 28, 2004 at 06:10:46PM +0200, Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Mon, 28 Jun 2004 08:14:36 -0600, The Doctor [EMAIL PROTECTED] said: doctor On Mon, Jun 28, 2004 at 02:40:45PM +0200, Richard Levitte - VMS Whacker wrote: doctor Try the following: doctor doctor make clean; make doctor doctor Cheers, doctor Richard (OpenSSL doctor :-)) doctor doctor Same error occurs. This did not happen yesterday. Hmm, and how did you configure, exactly? doctor In message [EMAIL PROTECTED] on Mon, 28 Jun 2004 06:09:50 -0600, The Doctor [EMAIL PROTECTED] said: doctor doctor doctor Script started on Mon Jun 28 05:57:31 2004 doctor doctor doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20040628$ make doctor doctor making all in crypto... doctor doctor making all in crypto/objects... doctor doctor making all in crypto/md2... doctor doctor making all in crypto/md4... doctor doctor making all in crypto/md5... doctor doctor making all in crypto/sha... doctor doctor making all in crypto/mdc2... doctor doctor making all in crypto/hmac... doctor doctor making all in crypto/ripemd... doctor doctor making all in crypto/des... doctor doctor making all in crypto/rc2... doctor doctor making all in crypto/rc4... doctor doctor making all in crypto/rc5... doctor doctor making all in crypto/idea... doctor doctor making all in crypto/bf... doctor doctor making all in crypto/cast... doctor doctor making all in crypto/bn... doctor doctor making all in crypto/ec... doctor doctor making all in crypto/rsa... doctor doctor making all in crypto/dsa... doctor doctor making all in crypto/dh... doctor doctor making all in crypto/dso... doctor doctor making all in crypto/engine... doctor doctor making all in crypto/aes... doctor doctor making all in crypto/buffer... doctor doctor making all in crypto/bio... doctor doctor making all in crypto/stack... doctor doctor making all in crypto/lhash... doctor doctor making all in crypto/rand... doctor doctor making all in crypto/err... doctor doctor making all in crypto/evp... doctor doctor making all in crypto/asn1... doctor doctor making all in crypto/pem... doctor doctor making all in crypto/x509... doctor doctor making all in crypto/x509v3... doctor doctor making all in crypto/conf... doctor doctor making all in crypto/txt_db... doctor doctor making all in crypto/pkcs7... doctor doctor making all in crypto/pkcs12... doctor doctor making all in crypto/comp... doctor doctor making all in crypto/ocsp... doctor doctor making all in crypto/ui... doctor doctor making all in crypto/krb5... doctor doctor if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make libcrypto.so.0.9.7); fi doctor doctor + rm -f libcrypto.so.0 doctor doctor + rm -f libcrypto.so doctor doctor + rm -f libcrypto.so.0.9.7 doctor doctor libs='-L. '; for i in crypto; do if [ crypto = ssl -a -n ]; then libs= $libs; fi; ( set -x; gcc -shared -o lib$i.so.0.9.7 -Wl,-soname=lib$i.so.0.9.7 -Wl,-Bsymbolic -Wl,--whole-archive lib$i.a -Wl,--no-whole-archive $libs -ldl -lc ) || exit 1; libs=-l$i $libs; done doctor doctor + gcc -shared -o libcrypto.so.0.9.7 -Wl,-soname=libcrypto.so.0.9.7 -Wl,-Bsymbolic -Wl,--whole-archive libcrypto.a -Wl,--no-whole-archive -L. -ldl -lc doctor doctor libcrypto.a(fips_dh_check.o): In function `DH_check': doctor doctor /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_check.c(.text+0x0): multiple definition of `DH_check' doctor doctor libcrypto.a(dh_check.o)(.text+0x0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_check.c: first defined here doctor doctor libcrypto.a(fips_dh_key.o): In function `DH_OpenSSL': doctor doctor /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2a0): multiple definition of `DH_OpenSSL' doctor doctor libcrypto.a(dh_key.o)(.text+0x2a0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c: first defined here doctor doctor libcrypto.a(fips_dh_key.o): In function `DH_generate_key': doctor doctor /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2c0): multiple definition of `DH_generate_key' doctor doctor libcrypto.a(dh_key.o)(.text+0x2c0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c: first defined here doctor doctor libcrypto.a(fips_dh_key.o): In function `DH_compute_key': doctor doctor /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2f0): multiple definition of `DH_compute_key' doctor doctor libcrypto.a(dh_key.o)(.text+0x2f0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c: first defined here doctor doctor *** Error code 1 doctor doctor doctor doctor Stop. doctor
Openssl 0.9.7f test is looking for the wrong libssl.so
The test is looking for /libssl.so . should it not be looking for ../libssl.so ? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Alberta on 22 Nov 2004 Boot out Ralph Klein - Vote Liberal!! __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Openssl 0.9.7f test is looking for the wrong libssl.so
On Sun, Nov 07, 2004 at 09:32:51PM +0100, Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Sun, 7 Nov 2004 05:36:48 -0700, The Doctor [EMAIL PROTECTED] said: doctor The test is looking for /libssl.so . doctor doctor should it not be looking for ../libssl.so ? Please send us a log and tell us what platform and how you configured. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis ./Configure threads shared zlib-dynamic debug --prefix=/usr/contrib --openssldir=/usr/contrib bsdi-elf-gcc -g -O3 -Wall -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Alberta on 22 Nov 2004 Boot out Ralph Klein - Vote Liberal!! __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL 0.9.8 pre-release
Error compiling programme: Script started on Sat Dec 18 06:44:16 2004 gallifrey.nk.ca//usr/source/openssl-SNAP-20041218$ !./ gallifrey.nk.ca//usr/source/openssl-SNAP-20041218$ configure Configure --help Usage: Configure [no-cipher ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags] gallifrey.nk.ca//usr/source/openssl-SNAP-20041218$ !./C ./Configure threads shared zlib-dynamic debug --prefix=/usr/contrib --openssldir=/usr/contrib bsdi-elf-gcc -g -O3 -Wall target already defined - debug gallifrey.nk.ca//usr/source/openssl-SNAP-20041218$ ^debug^ ./Configure threads shared zlib-dynamic --prefix=/usr/contrib --openssldir=/usr/contrib bsdi-elf-gcc -g -O3 -Wall Configuring for bsdi-elf-gcc IsMK1MF=0 CC=gcc CFLAG =-fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -g -O3 -Wall -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM EX_LIBS =-ldl BN_ASM=asm/bn86-elf.o asm/co86-elf.o DES_ENC =asm/dx86-elf.o asm/yx86-elf.o BF_ENC=asm/bx86-elf.o CAST_ENC =c_enc.o RC4_ENC =asm/rx86-elf.o RC5_ENC =asm/r586-elf.o MD5_OBJ_ASM =asm/mx86-elf.o SHA1_OBJ_ASM =asm/sx86-elf.o asm/s512sse2-elf.o RMD160_OBJ_ASM=asm/rm86-elf.o PROCESSOR = RANLIB=/usr/bin/ranlib ARFLAGS = PERL =/usr/bin/perl5 THIRTY_TWO_BIT mode DES_PTR used DES_RISC1 used DES_UNROLL used BN_LLONG mode RC4_INDEX mode RC4_CHUNK is undefined Makefile = Makefile.ssl created directory `include/openssl' e_os2.h = include/openssl/e_os2.h making links in crypto... Makefile = Makefile.ssl crypto.h = ../include/openssl/crypto.h tmdiff.h = ../include/openssl/tmdiff.h opensslv.h = ../include/openssl/opensslv.h opensslconf.h = ../include/openssl/opensslconf.h ebcdic.h = ../include/openssl/ebcdic.h symhacks.h = ../include/openssl/symhacks.h ossl_typ.h = ../include/openssl/ossl_typ.h Makefile = Makefile.ssl making links in crypto/objects... Makefile = Makefile.ssl objects.h = ../../include/openssl/objects.h obj_mac.h = ../../include/openssl/obj_mac.h making links in crypto/md2... Makefile = Makefile.ssl md2.h = ../../include/openssl/md2.h md2test.c = ../../test/md2test.c making links in crypto/md4... Makefile = Makefile.ssl md4.h = ../../include/openssl/md4.h md4test.c = ../../test/md4test.c md4.c = ../../apps/md4.c making links in crypto/md5... Makefile = Makefile.ssl md5.h = ../../include/openssl/md5.h md5test.c = ../../test/md5test.c making links in crypto/sha... Makefile = Makefile.ssl sha.h = ../../include/openssl/sha.h shatest.c = ../../test/shatest.c sha1test.c = ../../test/sha1test.c sha256t.c = ../../test/sha256t.c sha512t.c = ../../test/sha512t.c making links in crypto/mdc2... Makefile = Makefile.ssl mdc2.h = ../../include/openssl/mdc2.h mdc2test.c = ../../test/mdc2test.c making links in crypto/hmac... Makefile = Makefile.ssl hmac.h = ../../include/openssl/hmac.h hmactest.c = ../../test/hmactest.c making links in crypto/ripemd... Makefile = Makefile.ssl ripemd.h = ../../include/openssl/ripemd.h rmdtest.c = ../../test/rmdtest.c making links in crypto/des... Makefile = Makefile.ssl des.h = ../../include/openssl/des.h des_old.h = ../../include/openssl/des_old.h destest.c = ../../test/destest.c making links in crypto/rc2... Makefile = Makefile.ssl rc2.h = ../../include/openssl/rc2.h rc2test.c = ../../test/rc2test.c making links in crypto/rc4... Makefile = Makefile.ssl rc4.h = ../../include/openssl/rc4.h rc4test.c = ../../test/rc4test.c making links in crypto/rc5... Makefile = Makefile.ssl rc5.h = ../../include/openssl/rc5.h rc5test.c = ../../test/rc5test.c making links in crypto/idea... Makefile = Makefile.ssl idea.h = ../../include/openssl/idea.h ideatest.c = ../../test/ideatest.c making links in crypto/bf... Makefile = Makefile.ssl blowfish.h = ../../include/openssl/blowfish.h bftest.c = ../../test/bftest.c making links in crypto/cast... Makefile = Makefile.ssl cast.h = ../../include/openssl/cast.h casttest.c = ../../test/casttest.c making links in crypto/bn... Makefile = Makefile.ssl bn.h = ../../include/openssl/bn.h bntest.c = ../../test/bntest.c exptest.c = ../../test/exptest.c making links in crypto/ec... Makefile = Makefile.ssl ec.h = ../../include/openssl/ec.h ectest.c = ../../test/ectest.c making links in crypto/rsa... Makefile = Makefile.ssl rsa.h = ../../include/openssl/rsa.h rsa_test.c = ../../test/rsa_test.c making links in crypto/dsa... Makefile = Makefile.ssl dsa.h = ../../include/openssl/dsa.h dsatest.c = ../../test/dsatest.c making links in crypto/ecdsa... Makefile = Makefile.ssl ecdsa.h = ../../include/openssl/ecdsa.h ecdsatest.c = ../../test/ecdsatest.c making links in crypto/dh... Makefile = Makefile.ssl dh.h =
Re: OpenSSL 0.9.8 pre-release
On Sat, Dec 18, 2004 at 07:09:29PM +0100, Andy Polyakov wrote: Configuring for bsdi-elf-gcc ... asm/s512sse2-elf.s: Assembler messages: asm/s512sse2-elf.s:26: Error: no such 386 instruction: `movdqu (%edx),%xmm0' You need up-to-date assembler to compile SSE2-enabled modules available in 0.9.8. I know nothing about bsdi, but it seems to be common that bare-bone BSD flavors are equipped with minimally-featured assembler. Fully-fledged one might or might not be available as add-on package for your OS. Your options are 1. find or compile SSE2-capable assembler, such as one found in binutils-2.14, or 2. re-configure OpenSSL with no-sse2 option and sacrifice some performance on P4 platform. A. I will try binutilis first then if that does not working no-sse2 . I will report back. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Merry Christmas 2004 and Happy New Year 2005 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL 0.9.8 pre-release
On Sat, Dec 18, 2004 at 12:11:14PM -0700, The Doctor wrote: On Sat, Dec 18, 2004 at 07:09:29PM +0100, Andy Polyakov wrote: Configuring for bsdi-elf-gcc ... asm/s512sse2-elf.s: Assembler messages: asm/s512sse2-elf.s:26: Error: no such 386 instruction: `movdqu (%edx),%xmm0' You need up-to-date assembler to compile SSE2-enabled modules available in 0.9.8. I know nothing about bsdi, but it seems to be common that bare-bone BSD flavors are equipped with minimally-featured assembler. Fully-fledged one might or might not be available as add-on package for your OS. Your options are 1. find or compile SSE2-capable assembler, such as one found in binutils-2.14, or 2. re-configure OpenSSL with no-sse2 option and sacrifice some performance on P4 platform. A. I will try binutilis first then if that does not working no-sse2 . First off, I need to compile binutils 2.15 for BSDI BSD/OS 4.3 . Another fun task, but It is my job. So I went with no-sse2 option and that did it. Suggestion openssl 0.9.8 should look for an accurate binutil. I will report back. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Merry Christmas 2004 and Happy New Year 2005 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Merry Christmas 2004 and Happy New Year 2005 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem with 0.9.7 SNAPSHOT 20041229
On Thu, Dec 30, 2004 at 12:14:31PM +0100, Andy Polyakov wrote: gcc -DMONOLITH -I.. -I../include -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -g -O3 -Wall -DPERL5 -DL_ENDIAN -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -g -c apps.c apps.c: In function `load_cert': apps.c:734: `err' redeclared as different kind of symbol apps.c:820: previous declaration of `err' apps.c: In function `load_key': apps.c:734: `err' redeclared as different kind of symbol apps.c:902: previous declaration of `err' *** Error code 1 Fix is committed. For reference what is your compiler version? gcc -v? A. GCC 2.95.3 on BSD/OS 4.3.1 . I am working on a port of GCC 3.X for BSD/OS 4.3.1 and binutils current for BSD/OS 4.3.1 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Merry Christmas 2004 and Happy New Year 2005 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
20050110 packages
20050110 packages were not tarred correctly this morning. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Birthdate: 29 Jan 1969 Redhill, Surrey, England, UK __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl-SNAP-20050124
On Mon, Jan 24, 2005 at 05:45:22PM +0100, Andy Polyakov wrote: Just tried this with binutils 2.15 . I got the following: Script started on Mon Jan 24 06:20:49 2005 gallifrey.nk.ca//usr/source/openssl-SNAP-20050124$ make !./C ./Configure threads shared zlib-dynamic debug --prefix=/usr/contrib --openssldir=/usr/contrib bsdi-elf-gcc -g -O3 -Wall target already defined - debug First of all one thing not directly related to the problem in question. I'm trying to unify BSD targets in HEAD and wonder if you could download openssl-SNAP-20050125 when it becomes available(!) or 'cvs checkout' now and verify BSD-x86-elf targer on your system. I mean instead of asking for bsdi-elf-gcc in your ./Configure line, ask for BSD-x86-elf. ../libcrypto.so: undefined reference to `AES_Te' ../libcrypto.so: undefined reference to `AES_encrypt' ../libcrypto.so: undefined reference to `AES_Td' ../libcrypto.so: undefined reference to `AES_decrypt' *** Error code 1 If you go through your log, you'll see that no assembler modules were compiled, but some were linked. Follow sx86-elf for example... How come? ax86-elf does not appear at all and that's where above symbols reside now... Normally this would occur if you do 'cvs checkout' and then attempt to 'make' without reconfigure... And I can't reproduce the problem with BSD-x86-elf target if I checkout into an empty location... It must be your local problem... make clean, reconfigure, figure out why ax86-elf was not compiled [automatically]... A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] I do not see a BSD-x86-elf option. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl-SNAP-20050125 Re: Openssl-SNAP-20050124
On Tue, Jan 25, 2005 at 11:40:41PM +0100, Andy Polyakov wrote: ../libcrypto.so: undefined reference to `dlerror' ../libcrypto.so: undefined reference to `dlclose' ../libcrypto.so: undefined reference to `dlopen' ../libcrypto.so: undefined reference to `dlsym' ../libcrypto.so: undefined reference to `AES_encrypt' ../libcrypto.so: undefined reference to `AES_Td' ../libcrypto.so: undefined reference to `AES_decrypt' And it failed to compile AES assembler module again... Apparently it's BSD make issue, it's not reproducible with GNU make. http://cvs.openssl.org/chngview?cn=12847 should do the trick... I think you are missing -ldl somewhere. -ldl is not required on [Open|Net|Free]BSD, which are prime targets for unification. Yet I'd appreciate if you could give another try and verify if './Confgure BSD-x86-elf -ldl ...' works on bsdi. Naturally provided that AES assembler module gets compiled. -ldl is a libraby that is needed in BSDs. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Birthdate: 29 Jan 1969 Redhill, Surrey, England, UK __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl-SNAP-20050129 Re: Openssl-SNAP-20050125 Re: Openssl-SNAP-20050124
On Sat, Jan 29, 2005 at 06:23:29PM +0100, Andy Polyakov wrote: ... ./sha512t Illegal instruction *** Error code 132 This means that your kernel does not support SSE2 and you have to other choice but to configure with no-sse2 and give up SSE2 enhancements. I'm sorry if I've lead you to wrong expectations, but my BSD experience was not broad enough to foresee this. A. Will future openssl releases have the no-sse2 option? __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Birthdate: 29 Jan 1969 Redhill, Surrey, England, UK __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Snapshots and BSD
1) What happened to the 200503027 snapshots? 2) BSD and OPenssl: Apaarently GCC 3 will get the 512 sets working with openssl 0.9.8 . I tried with bsdi-elf-gcc and BSD-x86-ELF. Can anyone else confirm this? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Remember Christ is the reason for the Season!! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl 20050404 snapshots
MAtes, I got a 0 block error. Please fix. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! UK as 5 May 2005 approaches, vote LDem!! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
20050509 SNAPSHOT issue
Why did the below happen? Script started on Mon May 9 07:32:50 2005 gallifrey.nk.ca//usr/source/openssl-0.9.7-stable-SNAP-20050509$ make making all in crypto... making all in crypto/objects... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/dh... making all in crypto/dso... making all in crypto/engine... making all in crypto/aes... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... `libcrypto.so.0.9.7' is up to date. making all in fips... making all in ssl... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make libssl.so.0.9.7); fi `libssl.so.0.9.7' is up to date. making all in apps... (cd ..; make DIRS=ssl all) making all in ssl... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make libssl.so.0.9.7); fi `libssl.so.0.9.7' is up to date. making all in test... (cd ..; make DIRS=ssl all) making all in ssl... if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then (cd ..; make libssl.so.0.9.7); fi `libssl.so.0.9.7' is up to date. + LD_LIBRARY_PATH=..:/usr/contrib/qt/lib:/usr/contrib/qt/lib:/usr/libdata/perl5/i386-bsdos/CORE gcc -o fips_rsavtest -I.. -I../include -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -g -O9 -Wall -march=i686 -g -DPERL5 -DL_ENDIAN -O9 -march=i686 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -g fips_rsavtest.o -L.. -lssl -L.. -lcrypto -ldl fips_rsavtest.o(.text+0x641): In function `rsa_test': /usr/source/openssl-0.9.7-stable-SNAP-20050509/test/fips_rsavtest.c:223: undefined reference to `EVP_sha512' fips_rsavtest.o(.text+0x671):/usr/source/openssl-0.9.7-stable-SNAP-20050509/test/fips_rsavtest.c:221: undefined reference to `EVP_sha384' fips_rsavtest.o(.text+0x678):/usr/source/openssl-0.9.7-stable-SNAP-20050509/test/fips_rsavtest.c:219: undefined reference to `EVP_sha256' fips_rsavtest.o(.text+0x67f):/usr/source/openssl-0.9.7-stable-SNAP-20050509/test/fips_rsavtest.c:217: undefined reference to `EVP_sha224' *** Error code 1 Stop. *** Error code 1 Stop. gallifrey.nk.ca//usr/source/openssl-0.9.7-stable-SNAP-20050509$ gmake making all in crypto... gmake[1]: Entering directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto' making all in crypto/objects... gmake[2]: Entering directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/objects' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/objects' making all in crypto/md2... gmake[2]: Entering directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md2' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md2' making all in crypto/md4... gmake[2]: Entering directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md4' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md4' making all in crypto/md5... gmake[2]: Entering directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md5' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md5' making all in crypto/sha... gmake[2]: Entering directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/sha' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/sha' making all in crypto/mdc2... gmake[2]: Entering directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/mdc2' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/mdc2' making all in crypto/hmac... gmake[2]: Entering directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/hmac' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/hmac' making all in crypto/ripemd... gmake[2]: Entering directory
Re: SHA512
On Sat, May 21, 2005 at 08:53:19PM -0700, Tim Rice wrote: It looks like SHA512 requires a 64bit data type. So on older platforms that do not have long long support, you get errors like ... making all in crypto/sha... gmake[2]: Entering directory `/var/local/src/libs/openssl-0.9.8/crypto/sha' cc -I.. -I../.. -I../../include -DOPENSSL_THREADS -Kthread -DFILIO_H -DNO_STRINGS_H -c sha_dgst.c UX:acomp: ERROR: ../../include/openssl/sha.h, line 172: invalid type combination UX:acomp: ERROR: ../../include/openssl/sha.h, line 173: invalid type combination UX:acomp: ERROR: ../../include/openssl/sha.h, line 175: invalid type combination gmake[2]: *** [sha_dgst.o] Error 1 ... I tried adding -DOPENSSL_NO_SHA512 and that did not help. It looks like the #ifndef OPENSSL_NO_SHA512 line in include/openssl/sha.h comes too late. Try a no-sse2 option. The unixware-2.0, unixware-2.1, and sco5-cc targets should have OPENSSL_NO_SHA512 defined by default. Hmm, I may have to add a unixware-2.0-gcc target. -- Tim Rice Multitalents(707) 887-1469 [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! insert you thought here. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.8 beta 6 released
On Wed, Jun 22, 2005 at 11:57:29PM +1000, Steven Reddie wrote: Hi, I've tested it on the platforms below with no problems. Looking good! Commands executed on Windows (not Cygwin): perl Configure VC-WIN32 ms\do_ms (didn't have MASM/NASM handy) nmake -f ms\ntdll.mak cd out32dll ..\ms\test Commands executed on all other platforms: ./config (Operating system and Configured for below as reported by config) make make test Operating system Configured for Compiler --- -- - Windows 2000 VC-WIN32MSVC 6.0 Cygwin 1.5.5-1i686-whatever-cygwin Cygwin gcc 3.3.1 Red Hat Linux 9 i686-whatever-linux2 linux-elf gcc 3.2.2 FreeBSD 4.6 i586-pc-freebsd4.6 BSD-x86-elf gcc 2.95.3 Solaris 2.6 sun4u-whatever-solaris2 solaris-sparcv9-cc Sun WorkShop 6 update 2 C 5.3 Solaris 2.7 sun4u-whatever-solaris2 solaris-sparcv9-cc Sun WorkShop 6 update 2 C 5.3 AIX 5.1 0050C89A4C00-ibm-aix aix-cc C for AIX Compiler, Version 6 HP-UX 11.11 9000/800-hp-hpux1x hpux-parisc2-cc HP C Compiler B.11.11.08 Tru64 OSF1 V4.0E alpha-dec-tru64 tru64-alpha-cc DEC C V5.8-009 For BSD/OS 4.3.1 Is and using a combination og debug-BSD-x86-elf and bsdi-gcc-elf and note no problems. OTOH, I think Apache is waiting for this ot be realease so that 2.0 can be Openssl 0.9.8 complaint. Regards, Steven __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! nk.ca started 1 June 1995 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Error in July releases of Openssl 0.9.7
The previews versions have an error. They do not recognize Certs in Apache-SSL. The problems turns up in 20050701 . -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Canada Day 1 July, USA Day 4 July - PARTY ON! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Error in July releases of Openssl 0.9.7
On Sun, Jul 03, 2005 at 03:34:09PM +0200, Andy Polyakov wrote: The previews versions have an error. They do not recognize Certs in Apache-SSL. The problems turns up in 20050701 . Are you sure that not earlier? The closest change that might affect certificate look-ups is dated 23rd, to be specific http://cvs.openssl.org/chngview?cn=14114. The new code is buggy! As it is now dir variable can be used uninitialized and it appears to me there're couple of curly braces missing... This affects all branches! 20050630 has no problem. This appears on 20050701 and later. Verify http://cvs.openssl.org/chngview?cn=14203 or tomorrow snapshot as it becomes available. A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Canada Day 1 July, USA Day 4 July - PARTY ON! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Openssl tagged for 15 April has a bug
Script started on Sat Apr 15 06:07:24 2006 doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$ less /usr/con tri [Adoctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$ less /usr/con [K[Adoctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$ less /usr/co[K [K[Adoctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$ less /usr/co con fi [Adoctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$ less /usr/con [Ktrib/bin/configopenssl [?1h=[24;1H[K./Configure threads shared no-sse2 --prefix=/usr/contrib --openssldir=/usr/con trib debug-bsdi-x86-elf -g -O3 -Wall; make depend [24;1H[K[7m/usr/contrib/bin/configopenssl (END) [m[24;1H[K[?1ldoctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$ ^less^v cat cat /usr/contrib/bin/configopenssl ./Configure threads shared no-sse2 --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf -g -O3 -Wall; make depend doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$ make making all in crypto... making all in crypto/objects... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/ecdsa... making all in crypto/dh... making all in crypto/ecdh... making all in crypto/dso... making all in crypto/engine... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... making all in crypto/store... making all in crypto/pqueue... if [ -n libcrypto.so.0.9.8 libssl.so.0.9.8 ]; then (cd ..; make libcrypto.so.0.9.8); fi `libcrypto.so.0.9.8' is up to date. making all in ssl... if [ -n libcrypto.so.0.9.8 libssl.so.0.9.8 ]; then (cd ..; make libssl.so.0.9.8); fi `libssl.so.0.9.8' is up to date. making all in engines... making all in apps... rm -f openssl shlib_target=; if [ -n libcrypto.so.0.9.8 libssl.so.0.9.8 ]; then shlib_target=bsd-gcc-shared; fi; if [ ${shlib_target} = darwin-shared ] ; then LIBRARIES=../libssl.a ../libcrypto.a ; else LIBRARIES=-L.. -lssl -L.. -lcrypto ; fi; make -f ../Makefile.shared -e APPNAME=openssl OBJECTS=openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o LIBDEPS= $LIBRARIES -ldl link_app.${shlib_target} ../libcrypto.so: undefined reference to `ASN1_bn_print' *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$ exit exit Script done on Sat Apr 15 06:08:06 2006 -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Remeber Christ is the Reason for Good Friday and Resurrection Sunday -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Error in 20060610 releases
Script started on Sat Jun 10 06:12:11 2006 doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060610$ make cat /usr/contr ib/bin/configopenssl ./Configure threads shared no-sse2 --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf -g -O3 -Wall; make depend doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060610$ egrep bsdi Con figure bsdi-elf-gcc, gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), debug-bsdi-x86-elf, gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 -march=i686 -Wall -g::${BSDthreads}::-ldl:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060610$ make make test making all in crypto... making all in crypto/objects... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/ecdsa... making all in crypto/dh... making all in crypto/ecdh... making all in crypto/dso... making all in crypto/engine... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... make: don't know how to make e_camellia.o. Stop *** Error code 1 Stop. *** Error code 1 Stop. doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060610$ exit exit Script done on Sat Jun 10 06:12:55 2006 -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Beware Linux the MS Windows of Unix! Demand UseNet an integral part of Internet! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
camellia and uint
Upon this mornings compile on my BSD boxes, camellia was found to have uint's and inttypes.h which has to be corrected to U-int's and commenting out respectively. Please fix. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Beware Linux the MS Windows of Unix! Demand UseNet an integral part of Internet! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Please include this config in furture configuration files
debug-bsdi-x86-elf, gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 -march=i686 -Wall -g::${BSDthreads}::-ldl -lc -lm:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), This works no problem as long as you have gcc3 and one can get gcc3 working on BSD/OS if they ever got BSD/OS 5.1 . -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Happy Christmas 2006 and Merry New Year 2007. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Downages
2 nights in a row?! What is going on ??!! -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Hey! Hey! Ho! Ho! Lying Stephen Harper has got to go! Hey! Hey! Ho! Ho! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Downage
Downage on 8 MArch 2010 . When will this be rectified? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Hey! Hey! Ho! Ho! Lying Stephen Harper has got to go! Hey! Hey! Ho! Ho! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL server problems
On Tue, Mar 09, 2010 at 01:24:25PM +0100, Lutz Jaenicke wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! In the past few days we had some problems with the hardware of the OpenSSL server providing the public services (web, mail, etc). We are now closely monitoring the system and preparing to migrate to another server if necessary. Thank you very much for your patience. Best regards, Lutz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBS5Y9+XiZOxScWKZtAQL7RwP/R+FK3C8MCUDFDYADupddZS01Qx1yBAEf 4G5gdT6N9Hhr1F9LCDRk0liD7E9kERnD/0pYLYH0sV4B9FAWq5JuaekwwrnoSCqu tiJ/y7py/mPKHFA9vPx+/4GyC0AlnOTUcNrUnahXi7lQp5sRq78/Uk2w6RXZX2iY UfpFnI+yqL0= =2kO7 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org Thank you. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Hey! Hey! Ho! Ho! Lying Stephen Harper has got to go! Hey! Hey! Ho! Ho! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Plans for openssl 1.1?
On Tue, Oct 12, 2010 at 02:21:21PM +0200, Hanno Böck wrote: Hi, I wanted to ask if there are any plans when openssl 1.1 or at least a pre/alpha/beta-version of it is going to be released. (the background I'm asking this is that I'm currently interested in the usage of RSA-PSS signatures - university work - and I'd like to get a rough estimation when an openssl version supporting PSS will be out) cu, -- Hanno BöckBlog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de http://schokokeks.org - professional webhosting AFAIK the alph is out on snapshots. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Are you a real human: http://www.cuttingedge.org/news/n1334.cfm __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
assert issue in openssl-1.0.1-stable-SNAP-20110103
All right, when attempting to compile openssl-1.0.1-stable-SNAP-20110103 I got making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... making all in crypto/cms... making all in crypto/pqueue... making all in crypto/ts... making all in crypto/jpake... making all in crypto/store... if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libcrypto.so.1.0.0); fi libcrypto.a(v3_asid.o): In function `v3_asid_validate_path_internal': /usr/source/openssl-1.0.1-stable-SNAP-20110103/crypto/x509v3/v3_asid.c:802: undefined reference to `assert' (cd ..; make DIRS=ssl all) making all in ssl... if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libssl.so.1.0.0); fi rm -f openssl shlib_target=; if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then shlib_target=bsd-gcc-shared; fi; LIBRARIES=-L.. -lssl -L.. -lcrypto ; make -f ../Makefile.shared -e APPNAME=openssl OBJECTS=openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o LIBDEPS= $LIBRARIES -lgmp -ldl -lm -lc link_app.${shlib_target} ../libcrypto.so: undefined reference to `assert' *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. using debug-bsdi-x86-elf, gcc3:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g::${BSDthreads}::-lgmp -ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), to compile openssl . This issue is not in 20110102 . -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Merry Christmas 2010 and Happy New Year 2011 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [CVS] OpenSSL: OpenSSL_1_0_1-stable: openssl/crypto/x509v3/ v3_asid.c
On Mon, Jan 03, 2011 at 01:52:11PM +0100, Dr. Stephen Henson wrote: OpenSSL CVS Repository http://cvs.openssl.org/ Server: cvs.openssl.org Name: Dr. Stephen Henson Root: /v/openssl/cvs Email: st...@openssl.org Module: openssl Date: 03-Jan-2011 13:52:11 Branch: OpenSSL_1_0_1-stable Handle: 2011010312521100 Modified files: (Branch: OpenSSL_1_0_1-stable) openssl/crypto/x509v3 v3_asid.c Log: oops missed an assert Summary: RevisionChanges Path 1.5.6.3 +1 -1 openssl/crypto/x509v3/v3_asid.c patch -p0 '@@ .' Index: openssl/crypto/x509v3/v3_asid.c $ cvs diff -u -r1.5.6.2 -r1.5.6.3 v3_asid.c --- openssl/crypto/x509v3/v3_asid.c 3 Jan 2011 01:40:45 - 1.5.6.2 +++ openssl/crypto/x509v3/v3_asid.c 3 Jan 2011 12:52:11 - 1.5.6.3 @@ -799,7 +799,7 @@ /* * Trust anchor can't inherit. */ - assert(x != NULL); + OPENSSL_assert(x != NULL); if (x-rfc3779_asid != NULL) { if (x-rfc3779_asid-asnum != NULL x-rfc3779_asid-asnum-type == ASIdentifierChoice_inherit) @@ . __ OpenSSL Project http://www.openssl.org CVS Repository Commit List openssl-...@openssl.org Automated List Manager majord...@openssl.org This works!! Thank you again!! -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Birthdate 29 Jan 1969 Redhill Surrey England UK __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
openssl-1.0.1-stable-SNAP-20110508 issues
Finally got fips to work, however 1) In either README or READ.FIPS, please state to compile FIPS, please use GNU make. BSD make was choking 2) openssl version -a yields OpenSSL 1.1.0-fips-dev xx XXX built on: Sun May 8 10:06:19 MDT 2011 platform: debug-bsdi-x86-elf options: bn(64,32) md2(int) rc4(4x,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O2 -Wall -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM Please fix. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Stop Stephen Harper ! on 2 May 2011 vote ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: openssl-1.0.1-stable-SNAP-20110508 issues
On Sun, May 08, 2011 at 02:02:59PM -0600, The Doctor wrote: Finally got fips to work, however 1) In either README or READ.FIPS, please state to compile FIPS, please use GNU make. BSD make was choking 2) openssl version -a yields OpenSSL 1.1.0-fips-dev xx XXX built on: Sun May 8 10:06:19 MDT 2011 platform: debug-bsdi-x86-elf options: bn(64,32) md2(int) rc4(4x,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O2 -Wall -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM Please fix. Additional, In Apache 2.2 I get [Sun May 08 15:39:25 2011] [notice] Apache/2.2.17 (Unix) DAV/2 configured -- res uming normal operations [Sun May 08 15:39:47 2011] [error] [client 127.0.0.1] Invalid method in request quit [Sun May 08 16:28:56 2011] [notice] caught SIGTERM, shutting down [Sun May 08 16:29:49 2011] [notice] Operating in SSL FIPS mode [Sun May 08 16:29:49 2011] [error] Init: Skipping generating temporary 512 bit R SA private key in FIPS mode [Sun May 08 16:29:49 2011] [error] Init: Skipping generating temporary 512 bit D H parameters in FIPS mode [Sun May 08 16:29:49 2011] [warn] RSA server certificate CommonName (CN) `ns2.nk .ca' does NOT match server name!? [Sun May 08 16:29:49 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/cont rib/bin/suexec) [Sun May 08 16:29:51 2011] [error] Init: Skipping generating temporary 512 bit R SA private key in FIPS mode [Sun May 08 16:29:51 2011] [error] Init: Failed to generate temporary 1024 bit R SA private key [Sun May 08 16:29:51 2011] [error] SSL Library Error: 755589263 error:2D09608F:F IPS routines:fips_check_rsa_prng:prng strength too low Configuration Failed [Sun May 08 16:31:18 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/cont rib/bin/suexec) [Sun May 08 16:31:20 2011] [notice] Digest: generating secret for digest authent ication ... [Sun May 08 16:31:20 2011] [notice] Digest: done [Sun May 08 16:31:20 2011] [notice] Apache/2.2.17 (Unix) DAV/2 configured -- res uming normal operations All right what needs to be fixed? -- Member - Liberal InternationalThis is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Stop Stephen Harper ! on 2 May 2011 vote ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Stop Stephen Harper ! on 2 May 2011 vote ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
openssl 1.0.1 and FIPS
What is happening? No Fips in the Openssl 1.0.1 STABLe. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Stop Stephen Harper ! on 2 May 2011 vote ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1 and FIPS
On Fri, May 13, 2011 at 12:24:25PM -0400, Steve Marquess wrote: What is happening? No Fips in the Openssl 1.0.1 STABLe. Correct, and you won't be seeing the FIPS capable support there for some time. We're concentrating on the validation of the module (OpenSSL FIPS Object Module 2.0) now. -Steve M. Actually when it was in openssl 1.0.1 I was not seeing a problem with the exception of Apache , but that is their problem. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Stop Stephen Harper ! on 2 May 2011 vote ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
openssl-1.0.1-stable-SNAP-20110811 error
This happened when compiling Script started on Wed Aug 10 22:38:49 2011 doctor.nl2k.ab.ca//usr/source/openssl-1.0.1-stable-SNAP-20110811$ make making all in crypto... ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o mem_clr.o [ -z ] || ar r ../libcrypto.a fipscanister.o /usr/bin/ranlib ../libcrypto.a || echo Never mind. making all in crypto/objects... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/whrlpool... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/camellia... making all in crypto/seed... making all in crypto/modes... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/ecdsa... making all in crypto/dh... making all in crypto/ecdh... making all in crypto/dso... making all in crypto/engine... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... making all in crypto/cms... making all in crypto/pqueue... making all in crypto/ts... making all in crypto/jpake... making all in crypto/srp... making all in crypto/store... making all in crypto/cmac... if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libcrypto.so.1.0.0); fi [ -z ] || gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -ldl -lm -lc libcrypto.a(eng_rdrand.o): In function `get_random_bytes': /usr/source/openssl-1.0.1-stable-SNAP-20110811/crypto/engine/eng_rdrand.c:74: undefined reference to `OPENSSL_ia32_rdrand' /usr/source/openssl-1.0.1-stable-SNAP-20110811/crypto/engine/eng_rdrand.c:67: undefined reference to `OPENSSL_ia32_rdrand' making all in ssl... if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libssl.so.1.0.0); fi [ -z ] || gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -ldl -lm -lc making all in engines... echo making all in engines/ccgost... making all in apps... rm -f openssl shlib_target=; if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then shlib_target=bsd-gcc-shared; elif [ -n ]; then FIPSLD_CC=gcc; CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC FIPSLD_CC; fi; LIBRARIES=-L.. -lssl -L.. -lcrypto ; make -f ../Makefile.shared -e APPNAME=openssl OBJECTS=openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o LIBDEPS= $LIBRARIES -ldl -lm -lc link_app.${shlib_target} ../libcrypto.so: undefined reference to `OPENSSL_ia32_rdrand' *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. doctor.nl2k.ab.ca//usr/source/openssl-1.0.1-stable-SNAP-20110811$ exit exit Script done on Wed Aug 10 22:39:06 2011 -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee IT is done! http://groups.google.com/group/rec.arts.drwho/about
Re: OpenSSL Security Advisory
On Tue, Sep 06, 2011 at 03:40:30PM +0200, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [6 September 2011] Two security flaws have been fixed in OpenSSL 1.0.0e CRL verification vulnerability in OpenSSL = Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. (CVE-2011-3207) This issue applies to OpenSSL versions 1.0.0 through 1.0.0d. Versions of OpenSSL before 1.0.0 are not affected. Users of affected versions of OpenSSL should update to the OpenSSL 1.0.0e release, which contains a patch to correct this issue. Thanks to Kaspar Brand o...@velox.ch for identifying this bug and suggesting a fix. TLS ephemeral ECDH crashes in OpenSSL = OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and furthermore can crash if a client violates the protocol by sending handshake messages in incorrect order. (CVE-2011-3210) This issue applies to OpenSSL 0.9.8 through 0.9.8s (experimental ECCdraft ciphersuites) and to OpenSSL 1.0.0 through 1.0.0d. Affected users of OpenSSL should update to the OpenSSL 1.0.0e release, which contains a patch to correct this issue. If you cannot immediately upgrade, we recommend that you disable ephemeral ECDH ciphersuites if you have enabled them. Thanks to Adam Langley a...@chromium.org for identifying and fixing this issue. Which applications are affected === Applications are only affected by the CRL checking vulnerability if they enable OpenSSL's internal CRL checking which is off by default. For example by setting the verification flag X509_V_FLAG_CRL_CHECK or X509_V_FLAG_CRL_CHECK_ALL. Applications which use their own custom CRL checking (such as Apache) are not affected. Only server-side applications that specifically support ephemeral ECDH ciphersuites are affected by the ephemeral ECDH crash bug and only if ephemeral ECDH ciphersuites are enabled in the configuration. You can check to see if application supports ephemeral ECDH ciphersuites by looking for SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTRL_SET_TMP_ECDH, SSL_CTX_set_tmp_ecdh_callback, SSL_set_tmp_ecdh_callback, SSL_CTRL_SET_TMP_ECDH_CB in the source code. References == URL for this Security Advisory: http://www.openssl.org/news/secadv_20110906.txt -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTmYhWqLSm3vylcdZAQKsnQgAsD+GwbfpXuZyhLNcHrJjTiHgfVWQLiFq 6RupYmgfxPiCrGdSEvp6Uh3Y+bcOOoDXTXujk7T6RTRU4iYiARFkXo8bUtH47dWO AfwOyMxiM88G9TYj69RUjKNP70j1rEATIz+m4kpnDgmmsodDNsPj56k4gptsoELc S4Cb4+97uCBv1mkVFgvu71RVXbIwqOMt/vveHUttQQLEcdu2XcUylbMarDaOcZui e9AjYX3LoqdhPRl2v01tuJf3c8wmNTE+GtsO8hwda6eo8Mu/BAnqtFsiFRVjmJ2M vgj1Ot/SPQHcpDu7N3V3GY4tdY8iDHWZ5FfbyaoXvzM6guS+o4cDww== =xfeL -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org Will this affect openssl 1.0.1 ? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k IT is done! http://groups.google.com/group/rec.arts.drwho/about __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Thunderbird Issue
Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Thunderbird Issue
On Tue, Jan 03, 2012 at 09:36:24PM +0100, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, The Doctor wrote: Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. I can confirm I can reproduce the problem. Looking into it. Temporary workaround is to use no-heartbeats as a configuration option. Please explain whaty you are saying. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Thunderbird Issue
On Tue, Jan 03, 2012 at 06:08:54PM -0700, The Doctor wrote: On Tue, Jan 03, 2012 at 09:36:24PM +0100, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, The Doctor wrote: Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. I can confirm I can reproduce the problem. Looking into it. Temporary workaround is to use no-heartbeats as a configuration option. Please explain whaty you are saying. Nwever mind. I caught the explanation. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal InternationalThis is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Thunderbird Issue
On Tue, Jan 03, 2012 at 11:16:36PM +0100, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, The Doctor wrote: Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. I can confirm I can reproduce the problem. Looking into it. Temporary workaround is to use no-heartbeats as a configuration option. Should be fixed now, thanks for the report. Please try tomorrows snapshot or apply this patch: http://cvs.openssl.org/chngview?cn=21914 Steve. Error log reports Jan 3 22:21:19 gallifrey doctor[42]: exim[13062]: 2012-01-03 22:21:19 TLS error on connection from vg138.ntf.els4.ticketmaster.com [209.104.37.138] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:29:22 gallifrey doctor[42]: exim[16704]: 2012-01-03 22:29:22 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:31:32 gallifrey doctor[42]: exim[16960]: 2012-01-03 22:31:32 TLS error on connection from vg198.ntf.els4.ticketmaster.com [209.104.37.198] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:34:55 gallifrey doctor[42]: exim[17753]: 2012-01-03 22:34:55 TLS error on connection from peebles.dataspaces.com [216.176.58.138] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:36:07 gallifrey doctor[42]: exim[18025]: 2012-01-03 22:36:07 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:41:41 gallifrey doctor[42]: exim[18935]: 2012-01-03 22:41:41 TLS error on connection from vg94.ntf.els4.ticketmaster.com [209.104.37.94] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:44:53 gallifrey doctor[42]: exim[18861]: 2012-01-03 22:44:53 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): timed out Jan 3 22:52:58 gallifrey doctor[42]: exim[185]: 2012-01-03 22:52:58 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired Jan 3 22:53:18 gallifrey doctor[42]: exim[217]: 2012-01-03 22:53:18 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired Jan 3 22:55:03 gallifrey doctor[42]: exim[447]: 2012-01-03 22:55:03 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error::lib(0):func(0):reason(0) -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Thunderbird Issue
On Tue, Jan 03, 2012 at 10:57:42PM -0700, The Doctor wrote: On Tue, Jan 03, 2012 at 11:16:36PM +0100, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, The Doctor wrote: Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. I can confirm I can reproduce the problem. Looking into it. Temporary workaround is to use no-heartbeats as a configuration option. Should be fixed now, thanks for the report. Please try tomorrows snapshot or apply this patch: http://cvs.openssl.org/chngview?cn=21914 Steve. Error log reports Jan 3 22:21:19 gallifrey doctor[42]: exim[13062]: 2012-01-03 22:21:19 TLS error on connection from vg138.ntf.els4.ticketmaster.com [209.104.37.138] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:29:22 gallifrey doctor[42]: exim[16704]: 2012-01-03 22:29:22 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:31:32 gallifrey doctor[42]: exim[16960]: 2012-01-03 22:31:32 TLS error on connection from vg198.ntf.els4.ticketmaster.com [209.104.37.198] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:34:55 gallifrey doctor[42]: exim[17753]: 2012-01-03 22:34:55 TLS error on connection from peebles.dataspaces.com [216.176.58.138] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:36:07 gallifrey doctor[42]: exim[18025]: 2012-01-03 22:36:07 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:41:41 gallifrey doctor[42]: exim[18935]: 2012-01-03 22:41:41 TLS error on connection from vg94.ntf.els4.ticketmaster.com [209.104.37.94] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:44:53 gallifrey doctor[42]: exim[18861]: 2012-01-03 22:44:53 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): timed out Jan 3 22:52:58 gallifrey doctor[42]: exim[185]: 2012-01-03 22:52:58 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired Jan 3 22:53:18 gallifrey doctor[42]: exim[217]: 2012-01-03 22:53:18 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired Jan 3 22:55:03 gallifrey doctor[42]: exim[447]: 2012-01-03 22:55:03 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error::lib(0):func(0):reason(0) ITs working. Thunderbird has to accept the next Exim cert. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal InternationalThis is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Openssl 1.1.0 Status
when Will Openssl 1.1.0 become beta? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k USA petition to dissolve the Republic and vote to disoolve it in November 2012 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
{Spam?} openssl-1.0.2-stable-SNAP-20121220 issues
From make test signed content DER format, RSA key: OK signed detached content DER format, RSA key: OK signed content test streaming BER format, RSA: OK signed content DER format, DSA key: OK signed detached content DER format, DSA key: OK signed detached content DER format, add RSA signer: OK signed content test streaming BER format, DSA key: OK signed content test streaming BER format, 2 DSA and 2 RSA keys: OK signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes: OK signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: OK signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys: OK enveloped content test streaming S/MIME format, 3 recipients: OK enveloped content test streaming S/MIME format, 3 recipients, 3rd used: OK enveloped content test streaming S/MIME format, 3 recipients, key only used: OK enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients: OK signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid: OK signed content test streaming PEM format, 2 DSA and 2 RSA keys: OK signed content MIME format, RSA key, signed receipt request: OK signed receipt MIME format, RSA key: OK enveloped content test streaming S/MIME format, 3 recipients, keyid: OK enveloped content test streaming PEM format, KEK: OK enveloped content test streaming PEM format, KEK, key only: OK data content test streaming PEM format: OK encrypted content test streaming PEM format, 128 bit RC2 key: OK encrypted content test streaming PEM format, 40 bit RC2 key: OK encrypted content test streaming PEM format, triple DES key: OK encrypted content test streaming PEM format, 128 bit AES key: OK compressed content test streaming PEM format: OK ALL TESTS SUCCESSFUL. Test OCSP === VALID OCSP RESPONSES === NON-DELEGATED; Intermediate CA - EE Response verify OK NON-DELEGATED; Root CA - Intermediate CA Response verify OK NON-DELEGATED; Root CA - EE Response verify OK DELEGATED; Intermediate CA - EE Response Verify Failure 135004312:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:178:Verify error:unable to get local issuer certificate *** Error code 1 Stop. *** Error code 1 -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Merry Christmas 2012 and Happy New Year 2013 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Apple are, apparently, dicks...
On Thu, Jun 13, 2013 at 05:39:36PM +0100, Ben Laurie wrote: ...and don't intend to fix their broken ECDSA support in Safari. It is therefore suggested that I pull this patch: https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d What do people think? No keep the patch. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism The false churches will conform themselves to this world's demands, seeing as they do not fear and thus do not obey God. - anon __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
23 Aug 2013 openssl dailies
Why can I not reach ftp.openssl.org or www.openssl.org ? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism The world will happily agree whenever a church labels the Scriptures wrong.-anon __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
openssl-1.0.2-stable-SNAP-20131111
This might have cropped into all the SSL snapshots. /usr/bin/ranlib ../libssl.a || echo Never mind. if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libssl.so.1.0.0); fi [ -z ] || gcc3 -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g -DOPENSSL_EXPERIMENTAL_DANE -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -lgmp -ldl -lm -lc /bin/sh: 1: Syntax error: ( unexpected (expecting fi) *** Error code 2 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. openssl-1.0.2-stable-SNAP-20131110 did not have the above problem. Please fix. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism 23 Nov 2013 a Big day indeed __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Openssl 20140630 packages showing error
This was not an issue in 20140629 Setting up TSA test directory... Creating CA for TSA tests... Creating a new CA for the TSA tests... Generating a 1024 bit RSA private key ..++ ...++ writing new private key to 'tsacakey.pem' - Creating tsa_cert1.pem TSA server cert... Generating a 1024 bit RSA private key .++ ++ writing new private key to 'tsa_key1.pem' - Using extension tsa_cert Signature ok subject=/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa1 Getting CA Private Key Creating tsa_cert2.pem non-TSA server cert... Generating a 1024 bit RSA private key .++ ..++ writing new private key to 'tsa_key2.pem' - Using extension non_tsa_cert Signature ok subject=/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa2 Getting CA Private Key Creating req1.req time stamp request for file testtsa... Using configuration from ../CAtsa.cnf Printing req1.req... Using configuration from ../CAtsa.cnf Version: 1 Hash Algorithm: sha1 Message data: - 48 44 c4 76 26 9d e5 5d-9c 67 1e 3b 0c ec b3 cd HD.v..].g.; 0010 - c5 b8 6e 67 ..ng Policy OID: tsa_policy1 Nonce: 0xC8EA000912EB1D3F Certificate required: yes Extensions: Generating valid response for req1.req... Using configuration from ../CAtsa.cnf Warning: could not open file ./tsa_serial for reading, using serial number: 1 Segmentation fault TSA test failed! *** Error code 1 Stop. *** Error code 1 Stop. Please fix. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Victory attained by violence is tantamount to a defeat, for it is momentary. -Mahatma Gandhi __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Openssl 20140630 packages showing error
On Mon, Jun 30, 2014 at 03:06:35PM +0200, Dr. Stephen Henson wrote: On Sun, Jun 29, 2014, The Doctor wrote: This was not an issue in 20140629 [snip] Please fix. Should be fixed now thanks for the report. In future it would help if you indicated which version of OpenSSL snapshots had the problem. When I saw 20140629 I thought it must be a problem with the master branch and spent a while trying to reproduce it whereas it was in fact 1.0.2. Please note the word not. I will try again tonight. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Victory attained by violence is tantamount to a defeat, for it is momentary. -Mahatma Gandhi __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OPenssl 20140909 issues
= Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 18 at 0 depth lookup:self signed certificate C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 10 at 0 depth lookup:certificate has expired OK ../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 18 at 0 depth lookup:self signed certificate C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 10 at 0 depth lookup:certificate has expired OK *** Error code 2 Stop. *** Error code 1 Stop. You have new mail in /var/mail/doctor doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20140909$ exit exit Script done on Mon Sep 8 23:33:59 2014 This did not happen with openssl 20140908 -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism 22 Sept 2014 New Brunswick save the province vote Liberal! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Outstanding issues since 2014 09 09
strings zlib ls: error initializing month strings ls: error initializing month strings zlib base64 ls: error initializing month strings ls: error initializing month strings echo test normal x509v1 certificate test normal x509v1 certificate sh ./tx509 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p echo test first x509v3 certificate test first x509v3 certificate sh ./tx509 v3-cert1.pem 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p echo test second x509v3 certificate test second x509v3 certificate sh ./tx509 v3-cert2.pem 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p rsa testing rsa conversions p - d p - p d - d p - d d - p p - p ../util/shlib_wrap.sh ./rsa_test ls: error initializing month strings PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok testing crl conversions p - d p - p d - d p - d d - p p - p testing session-id conversions p - d p - p d - d p - d d - p p - p Generate and verify a certificate request generating certificate request ls: error initializing month strings rsa There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. ls: error initializing month strings Generating a 1024 bit RSA private key ..++ ..++ writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au ls: error initializing month strings verify OK testing req conversions p - d p - p d - d p - d d - p p - p testing req conversions p - d p - p d - d p - d d - p p - p testing pkcs7 conversions p - d p - p d - d p - d d - p p - p testing pkcs7 conversions (2) p - d p - p d - d p - d d - p p - p The following command should have some OK's and some failures There are definitly a few expired certificates ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem ls: error initializing month strings ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit) error 20 at 0 depth lookup:unable to get local issuer certificate ../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA error 20 at 0 depth lookup:unable to get local issuer certificate 135027776:error:0B06E06B:x509 certificate routines:X509_get_pubkey_parameters:unable to find parameters in chain:x509_vfy.c:1972: ../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 18 at 0 depth lookup:self signed certificate C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 10 at 0 depth lookup:certificate has expired OK ../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 18 at 0 depth lookup:self signed certificate C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 10 at 0 depth lookup:certificate has expired OK *** Error code 2 Stop. *** Error code 1 Stop. You have new mail in /var/mail/doctor doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20140910$ g make isntall install making all in crypto... ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o mem_clr.o test -z || ar r ../libcrypto.a fipscanister.o /usr/bin/ranlib ../libcrypto.a || echo Never mind. making all in crypto/objects... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/whrlpool... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/camellia... making all
Still one outstanding issue sine 20140909 releases
initializing month strings ls: error initializing month strings zlib base64 ls: error initializing month strings ls: error initializing month strings echo test normal x509v1 certificate test normal x509v1 certificate sh ./tx509 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p echo test first x509v3 certificate test first x509v3 certificate sh ./tx509 v3-cert1.pem 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p echo test second x509v3 certificate test second x509v3 certificate sh ./tx509 v3-cert2.pem 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p rsa testing rsa conversions p - d p - p d - d p - d d - p p - p ../util/shlib_wrap.sh ./rsa_test ls: error initializing month strings PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok testing crl conversions p - d p - p d - d p - d d - p p - p testing session-id conversions p - d p - p d - d p - d d - p p - p Generate and verify a certificate request generating certificate request ls: error initializing month strings rsa There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. ls: error initializing month strings Generating a 1024 bit RSA private key ..++ ++ writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au ls: error initializing month strings verify OK testing req conversions p - d p - p d - d p - d d - p p - p testing req conversions p - d p - p d - d p - d d - p p - p testing pkcs7 conversions p - d p - p d - d p - d d - p p - p testing pkcs7 conversions (2) p - d p - p d - d p - d d - p p - p The following command should have some OK's and some failures There are definitly a few expired certificates ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem ls: error initializing month strings ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit) error 20 at 0 depth lookup:unable to get local issuer certificate ../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA error 20 at 0 depth lookup:unable to get local issuer certificate 135027776:error:0B06E06B:x509 certificate routines:X509_get_pubkey_parameters:unable to find parameters in chain:x509_vfy.c:1972: ../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 18 at 0 depth lookup:self signed certificate C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 10 at 0 depth lookup:certificate has expired OK ../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 18 at 0 depth lookup:self signed certificate C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 10 at 0 depth lookup:certificate has expired OK *** Error code 2 Stop. *** Error code 1 Stop. You have new mail in /var/mail/doctor doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20140911$ exit exit Script done on Thu Sep 11 12:04:52 2014 Richard Salz that you for solvingthe install bit. What about during tests? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism 22 Sept 2014 New Brunswick save the province vote Liberal! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
2014 Nov 29 Snaphots
Something did not work tonight. Please eximane why nightly snapshots suddenly cannot materialise correctly. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Merry Christmas 2014 and Happy New Year 2015 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: 2014 Nov 29 Snaphots
On Sat, Nov 29, 2014 at 04:01:12AM -0500, Salz, Rich wrote: I'll fix it thanks Unfortunate a weird side effect took place. When untarring the package, a .tar.gz is part of the directory name. Please fix. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl- d...@openssl.org] On Behalf Of The Doctor Sent: Saturday, November 29, 2014 1:09 AM To: openssl-us...@openssl.org; openssl-dev@openssl.org Subject: 2014 Nov 29 Snaphots Something did not work tonight. Please eximane why nightly snapshots suddenly cannot materialise correctly. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Merry Christmas 2014 and Happy New Year 2015 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Merry Christmas 2014 and Happy New Year 2015 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl-dev] More POODLE issues
Now POODLE is hitting TLS http://www.computerworld.com/article/2857274/security0/poodle-flaw-tls-itbwcw.html Any fixes in the works? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Merry Christmas 2014 and Happy New Year 2015 ___ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-users] SNAPSHOT updates
On Sat, Mar 14, 2015 at 11:22:56AM +0100, Kurt Roeckx wrote: On Fri, Mar 13, 2015 at 11:14:18AM -0600, The Doctor wrote: What is happening? In the Moutain Time Zone: It was at 22:22 MST then 23:22 MDT then 00:22 MDT !! Do you mean when the snapshot is made? The machine runs in UTC, and the files seem to be made at 6:22 UTC. How many times did they change the time release? Kurt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Know how to listen, and you will profit even from those who talk badly.-Plutarch ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] SNAPSHOT updates
What is happening? In the Moutain Time Zone: It was at 22:22 MST then 23:22 MDT then 00:22 MDT !! -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Never compare your inside with somebody else's outside. -Hugh Macleod ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] openssl-1.0.2-stable-SNAP-20150504 error
secret with Brainpool Prime-Curve brainpoolP512r1 ok cat base64 aes-128-cbc aes-128-cbc base64 aes-128-ecb aes-128-ecb base64 aes-192-cbc aes-192-cbc base64 aes-192-ecb aes-192-ecb base64 aes-256-cbc aes-256-cbc base64 aes-256-ecb aes-256-ecb base64 base64 base64 base64 bf bf base64 bf-cbc bf-cbc base64 bf-cfb bf-cfb base64 bf-ecb bf-ecb base64 bf-ofb bf-ofb base64 camellia-128-cbc camellia-128-cbc base64 camellia-128-ecb camellia-128-ecb base64 camellia-192-cbc camellia-192-cbc base64 camellia-192-ecb camellia-192-ecb base64 camellia-256-cbc camellia-256-cbc base64 camellia-256-ecb camellia-256-ecb base64 cast cast base64 cast-cbc cast-cbc base64 cast5-cbc cast5-cbc base64 cast5-cfb cast5-cfb base64 cast5-ecb cast5-ecb base64 cast5-ofb cast5-ofb base64 des des base64 des-cbc des-cbc base64 des-cfb des-cfb base64 des-ecb des-ecb base64 des-ede des-ede base64 des-ede-cbc des-ede-cbc base64 des-ede-cfb des-ede-cfb base64 des-ede-ofb des-ede-ofb base64 des-ede3 des-ede3 base64 des-ede3-cbc des-ede3-cbc base64 des-ede3-cfb des-ede3-cfb base64 des-ede3-ofb des-ede3-ofb base64 des-ofb des-ofb base64 des3 des3 base64 desx desx base64 idea idea base64 idea-cbc idea-cbc base64 idea-cfb idea-cfb base64 idea-ecb idea-ecb base64 idea-ofb idea-ofb base64 rc2 rc2 base64 rc2-40-cbc rc2-40-cbc base64 rc2-64-cbc rc2-64-cbc base64 rc2-cbc rc2-cbc base64 rc2-cfb rc2-cfb base64 rc2-ecb rc2-ecb base64 rc2-ofb rc2-ofb base64 rc4 rc4 base64 rc4-40 rc4-40 base64 rc5 rc5 base64 rc5-cbc rc5-cbc base64 rc5-cfb rc5-cfb base64 rc5-ecb rc5-ecb base64 rc5-ofb rc5-ofb base64 seed seed base64 seed-cbc seed-cbc base64 seed-cfb seed-cfb base64 seed-ecb seed-ecb base64 seed-ofb seed-ofb base64 zlib zlib base64 echo test normal x509v1 certificate test normal x509v1 certificate sh ./tx509 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p echo test first x509v3 certificate test first x509v3 certificate sh ./tx509 v3-cert1.pem 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p echo test second x509v3 certificate test second x509v3 certificate sh ./tx509 v3-cert2.pem 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p rsa testing rsa conversions p - d p - p d - d p - d d - p p - p ../util/shlib_wrap.sh ./rsa_test PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok testing crl conversions p - d p - p d - d p - d d - p p - p testing session-id conversions p - d p - p d - d p - d d - p p - p Generate and verify a certificate request generating certificate request rsa There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 1024 bit RSA private key ...++ ..++ writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au verify OK testing req conversions p - d p - p d - d p - d d - p p - p testing req conversions p - d p - p d - d p - d d - p p - p testing pkcs7 conversions p - d p - p d - d p - d d - p p - p testing pkcs7 conversions (2) p - d p - p d - d p - d d - p p - p The following command should have some OK's and some failures There are definitly a few expired certificates ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem Segmentation fault *** Error code 139 Stop. *** Error code 1 Stop. ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150504$ exit exit Script done on Mon May 4 07:09:07 2015 This error does not occur in openssl-1.0.2-stable-SNAP-20150502 Please fix. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Alberta time to save the province from corruption! Vote Liberal on 5 May 2015
[openssl-dev] openssl 20150503 SNAP issue
base64 des-cfb des-cfb base64 des-ecb des-ecb base64 des-ede des-ede base64 des-ede-cbc des-ede-cbc base64 des-ede-cfb des-ede-cfb base64 des-ede-ofb des-ede-ofb base64 des-ede3 des-ede3 base64 des-ede3-cbc des-ede3-cbc base64 des-ede3-cfb des-ede3-cfb base64 des-ede3-ofb des-ede3-ofb base64 des-ofb des-ofb base64 des3 des3 base64 desx desx base64 idea idea base64 idea-cbc idea-cbc base64 idea-cfb idea-cfb base64 idea-ecb idea-ecb base64 idea-ofb idea-ofb base64 rc2 rc2 base64 rc2-40-cbc rc2-40-cbc base64 rc2-64-cbc rc2-64-cbc base64 rc2-cbc rc2-cbc base64 rc2-cfb rc2-cfb base64 rc2-ecb rc2-ecb base64 rc2-ofb rc2-ofb base64 rc4 rc4 base64 rc4-40 rc4-40 base64 rc5 rc5 base64 rc5-cbc rc5-cbc base64 rc5-cfb rc5-cfb base64 rc5-ecb rc5-ecb base64 rc5-ofb rc5-ofb base64 seed seed base64 seed-cbc seed-cbc base64 seed-cfb seed-cfb base64 seed-ecb seed-ecb base64 seed-ofb seed-ofb base64 zlib zlib base64 echo test normal x509v1 certificate test normal x509v1 certificate sh ./tx509 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p echo test first x509v3 certificate test first x509v3 certificate sh ./tx509 v3-cert1.pem 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p echo test second x509v3 certificate test second x509v3 certificate sh ./tx509 v3-cert2.pem 2/dev/null testing X509 conversions p - d p - n p - p d - d n - d p - d d - n n - n p - n d - p n - p p - p rsa testing rsa conversions p - d p - p d - d p - d d - p p - p ../util/shlib_wrap.sh ./rsa_test PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok testing crl conversions p - d p - p d - d p - d d - p p - p testing session-id conversions p - d p - p d - d p - d d - p p - p Generate and verify a certificate request generating certificate request rsa There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 1024 bit RSA private key ++ ..++ writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:e...@mincom.oz.au verify OK testing req conversions p - d p - p d - d p - d d - p p - p testing req conversions p - d p - p d - d p - d d - p p - p testing pkcs7 conversions p - d p - p d - d p - d d - p p - p testing pkcs7 conversions (2) p - d p - p d - d p - d d - p p - p The following command should have some OK's and some failures There are definitly a few expired certificates ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem Segmentation fault *** Error code 139 Stop. *** Error code 1 Stop. ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150503$ x sh: x: command not found ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150503$ exit exit Script done on Sun May 3 05:46:57 2015 Please fix. This was working in 20150502 Snapshots. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Alberta time to save the province from corruption! Vote Liberal on 5 May 2015!! ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] openssl 1.0.2 and openssl 1.1.0 Snapshots
What is happening lately? openssl 1.0.2 snapshots have do materialised properly in the last 2 days and now opensl 1.1.0 is flopping. Please fix. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism UK! Vote LDem on 7 May 2015!! ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] NEed help
I am trying to compile openssl 1.0.2 SNAP 20150801 and now I get if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libcrypto.so.1.0.0); fi [ -z ] || gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -march=pentium3 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_LIBUNBOUND -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -ldl -lm -lc /usr/lib/libc.a(sha.o): In function `SHA': sha.o(.text+0x0): multiple definition of `SHA' libcrypto.a(sha_one.o):/usr/source/openssl-1.0.2-stable-SNAP-20150801/crypto/sha/sha_one.c:66: first defined here ld: Warning: size of symbol `SHA' changed from 142 to 92 in /usr/lib/libc.a(sha.o) /usr/lib/libc.a(malloc.o)(.text+0x16): undefined reference to `__progname' /usr/lib/libc.a(malloc.o)(.text+0xe0): undefined reference to `__progname' /usr/lib/libc.a(syslog.o): In function `vsyslog': syslog.o(.text+0x3a5): undefined reference to `__progname' /usr/lib/libc.a(getenv.o): In function `__findenv': getenv.o(.text+0x65): undefined reference to `environ' getenv.o(.text+0x72): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execl': exec.o(.text+0x103): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execv': exec.o(.text+0x26b): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execvp': exec.o(.text+0x400): undefined reference to `environ' /usr/lib/libc.a(exec.o)(.text+0x4da): more undefined references to `environ' follow *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. Pointers please on how to fix. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Abuse a man unjustly, and you will make friends for him. -Edgar Watson Howe ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev