PRoblems with openssl-SNAP-20080916

[The Doctor]

Using BSD/OS 4.3.1 for openssl-SNAP-20080916

and using homemade debug-bsdi-x86-elfI got:


Script started on Tue Sep 16 04:48:14 2008
gallifrey.nk.ca//usr/source/openssl-SNAP-20080916$ egrep bsdi Configure
bsdi-elf-gcc, gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 
-march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
debug-bsdi-x86-elf,   gcc3:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer 
-O9 -march=pentium3 -Wall -g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG 
RC4_CHUNK BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
gallifrey.nk.ca//usr/source/openssl-SNAP-20080916$ make  make test
making all in crypto...
making all in crypto/objects...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/whrlpool...
making all in crypto/des...
making all in crypto/aes...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/camellia...
making all in crypto/seed...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/ecdsa...
making all in crypto/dh...
making all in crypto/ecdh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
making all in crypto/cms...
making all in crypto/pqueue...
making all in crypto/ts...
if [ -n libcrypto.so.0.9.9 libssl.so.0.9.9 ]; then  (cd ..; make 
libcrypto.so.0.9.9);  fi
`libcrypto.so.0.9.9' is up to date.
making all in ssl...
if [ -n libcrypto.so.0.9.9 libssl.so.0.9.9 ]; then  (cd ..; make 
libssl.so.0.9.9);  fi
`libssl.so.0.9.9' is up to date.
making all in engines...
echo ccgost
ccgost
making all in engines/ccgost...
making all in apps...
making all in test...
making all in tools...
testing...
making all in apps...
../util/shlib_wrap.sh ./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
Doing pcbc
Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done
Doing ofb
Doing ofb64
Doing ede_ofb64
Doing cbc_cksum
Doing quad_cksum
input word alignment test 0 1 2 3
output word alignment test 0 1 2 3
fast crypt test 
../util/shlib_wrap.sh ./ideatest
ecb idea ok
cbc idea ok
cfb64 idea ok
../util/shlib_wrap.sh ./shatest
test 1 ok
test 2 ok
test 3 ok
../util/shlib_wrap.sh ./sha1test
test 1 ok
test 2 ok
test 3 ok
../util/shlib_wrap.sh ./sha256t
Testing SHA-256 ... passed.
Testing SHA-224 ... passed.
../util/shlib_wrap.sh ./sha512t
Testing SHA-512 ... passed.
Testing SHA-384 ... passed.
../util/shlib_wrap.sh ./md4test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
../util/shlib_wrap.sh ./md5test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
../util/shlib_wrap.sh ./hmactest
test 0 ok
test 1 ok
test 2 ok
test 3 ok
../util/shlib_wrap.sh ./md2test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
../util/shlib_wrap.sh ./mdc2test
pad1 - ok
pad2 - ok
../util/shlib_wrap.sh ./wp_test
Testing Whirlpool . passed.
../util/shlib_wrap.sh ./rmdtest
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
test 8 ok
../util/shlib_wrap.sh ./rc2test
ecb RC2 ok
../util/shlib_wrap.sh ./rc4test
test 0 ok
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test end processing done
test multi-call done
bulk test ok
../util/shlib_wrap.sh ./rc5test
ecb RC5 ok
cbc RC5 ok
../util/shlib_wrap.sh ./bftest
testing blowfish in raw ecb mode
testing blowfish in ecb mode
testing blowfish set_key
testing blowfish in cbc mode
testing blowfish in cfb64 mode
testing blowfish in ofb64
../util/shlib_wrap.sh ./casttest
ecb cast5 ok
This test will take some time123456789ABCDEF ok
../util/shlib_wrap.sh ./randtest
test 1 done
test 2 done
test 3 done
test 4 done
starting big number library test, could take a while...
test BN_add
test BN_sub
test BN_lshift1
test BN_lshift (fixed)
test BN_lshift
test BN_rshift1
test BN_rshift
test BN_sqr
test BN_mul
test BN_div
test BN_div_word
test BN_div_recp
test BN_mod
test BN_mod_mul
test BN_mont
test BN_mod_exp
test 

ssl teses forbidden in FIPS mode

[The Doctor]

Is this correct for openssl 0.9.8 using FIPS?

test SSL protocol
test ssl3 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
  1: zlib compression
SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
1 handshakes of 256 bytes done
gmake[1]: *** [test_ssl] Error 1
gmake[1]: Leaving directory 
`/usr/source/openssl-0.9.8-stable-SNAP-20080918-fips/test'
gmake: *** [tests] Error 2   

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising! Canada vote anything but 
Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca .

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

OPenssl 0.9.8j dev

[The Doctor]

Need to split the FIPS and non-FIPS compliant technologies:

When I do a fips compile namely 
./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm 
enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp 
enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib 
--openssldir=/usr/contrib
debug-bsdi-x86-elf -g -O3 -Wall -mcpu=pentium3 

with debug-bsdi-x86-elf

debug-bsdi-x86-elf,   gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer 
-O9 -march=pentium3 -Wall -g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG 
RC4_CHUNK BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
  

I get:

Testing cipher SEED-ECB(encrypt)
Key
 28 db c3 bc 49 ff d8 7d cf a5 09 b1 1d 42 2b e7
Plaintext
 b4 1e 6b e2 eb a8 4a 14 8e 2e ed 84 59 3c 5e c7
Ciphertext
 9b 9b 7b fc d1 81 3c b9 5d 0b 36 18 f4 0f 51 22

test SSL protocol
test ssl3 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
  1: zlib compression
8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips 
mode:ssl_lib.c:1402:
8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips 
mode:ssl_lib.c:1402:
test ssl2 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
  1: zlib compression
8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips 
mode:ssl_lib.c:1402:
8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips 
mode:ssl_lib.c:1402:
test tls1
*** IN FIPS MODE ***
Available compression methods:
  1: zlib compression
8956:error:0406A08D:rsa routines:RSA_new_method:non fips method:rsa_eng.c:183:
8956:error:0D079064:asn1 encoding routines:ASN1_ITEM_EX_COMBINE_NEW:aux 
error:tasn_new.c:221:
8956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 
error:tasn_dec.c:402:Type=RSA
8956:error:0D09B00D:asn1 encoding routines:d2i_PublicKey:ASN1 lib:d2i_pu.c:99:
8956:error:0B077066:x509 certificate routines:X509_PUBKEY_get:err asn1 
lib:x_pubkey.c:366:
8956:error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402:
ERROR in SERVER
8956:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared 
cipher:s3_srvr.c:1037:
TLSv1, cipher (NONE) (NONE)
1 handshakes of 256 bytes done
*** Error code 1 (continuing)
Test IGE mode
../util/shlib_wrap.sh ./igetest
`tests' not remade because of errors.
util/opensslwrap.sh version -a
OpenSSL 0.9.8j-fips-dev xx XXX 
built on: Sat Sep 20 08:02:29 MDT 2008
platform: debug-bsdi-x86-elf
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) 
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS 
-pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O3 -Wall 
-mcpu=pentium3  -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 
-march=pentium3 -Wall -g -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT 
-DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
OPENSSLDIR: /usr/contrib
`test' is up to date.

using make -k test .

Please fix.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising! Canada vote anything but 
Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca .

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: OPenssl 0.9.8j dev

[The Doctor]

On Sat, Sep 20, 2008 at 01:47:55PM -0700, Kyle Hamilton wrote:
 Fips folk: Should the 'fipsdso' target complain if it gets any other
 command line arguments in ./Configure?  Since specifying it means that
 you're trying to build the shared object...
 
 -Kyle H
 
 On Sat, Sep 20, 2008 at 8:56 AM, The Doctor [EMAIL PROTECTED] wrote:
  Need to split the FIPS and non-FIPS compliant technologies:
 
  When I do a fips compile namely
  ./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm 
  enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 
  enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib 
  --openssldir=/usr/contrib
  debug-bsdi-x86-elf -g -O3 -Wall -mcpu=pentium3
 
  with debug-bsdi-x86-elf
 
  debug-bsdi-x86-elf,   gcc:-DPERL5 -DL_ENDIAN -DTERMIOS 
  -fomit-frame-pointer -O9 -march=pentium3 -Wall -g::${BSDthreads}::-ldl -lm 
  -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} 
  ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
 
  I get:
 
  Testing cipher SEED-ECB(encrypt)
  Key
   28 db c3 bc 49 ff d8 7d cf a5 09 b1 1d 42 2b e7
  Plaintext
   b4 1e 6b e2 eb a8 4a 14 8e 2e ed 84 59 3c 5e c7
  Ciphertext
   9b 9b 7b fc d1 81 3c b9 5d 0b 36 18 f4 0f 51 22
 
  test SSL protocol
  test ssl3 is forbidden in FIPS mode
  *** IN FIPS MODE ***
  Available compression methods:
   1: zlib compression
  8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips 
  mode:ssl_lib.c:1402:
  8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips 
  mode:ssl_lib.c:1402:
  test ssl2 is forbidden in FIPS mode
  *** IN FIPS MODE ***
  Available compression methods:
   1: zlib compression
  8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips 
  mode:ssl_lib.c:1402:
  8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips 
  mode:ssl_lib.c:1402:
  test tls1
  *** IN FIPS MODE ***
  Available compression methods:
   1: zlib compression
  8956:error:0406A08D:rsa routines:RSA_new_method:non fips 
  method:rsa_eng.c:183:
  8956:error:0D079064:asn1 encoding routines:ASN1_ITEM_EX_COMBINE_NEW:aux 
  error:tasn_new.c:221:
  8956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 
  error:tasn_dec.c:402:Type=RSA
  8956:error:0D09B00D:asn1 encoding routines:d2i_PublicKey:ASN1 
  lib:d2i_pu.c:99:
  8956:error:0B077066:x509 certificate routines:X509_PUBKEY_get:err asn1 
  lib:x_pubkey.c:366:
  8956:error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402:
  ERROR in SERVER
  8956:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared 
  cipher:s3_srvr.c:1037:
  TLSv1, cipher (NONE) (NONE)
  1 handshakes of 256 bytes done
  *** Error code 1 (continuing)
  Test IGE mode
  ../util/shlib_wrap.sh ./igetest
  `tests' not remade because of errors.
  util/opensslwrap.sh version -a
  OpenSSL 0.9.8j-fips-dev xx XXX 
  built on: Sat Sep 20 08:02:29 MDT 2008
  platform: debug-bsdi-x86-elf
  options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) 
  blowfish(idx)
  compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS 
  -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O3 
  -Wall -mcpu=pentium3  -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9 
  -march=pentium3 -Wall -g -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT 
  -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
  OPENSSLDIR: /usr/contrib
  `test' is up to date.
 
  using make -k test .
 
  Please fix.
 


From the Configure file:

elsif (/^fips$/)
{
$fips=1;
}
elsif (/^rsaref$/)
{
# No RSAref support any more since it's not needed.
# The check for the option is there so scripts aren't
# broken
}
elsif (/^nofipscanistercheck$/)
{
$fips = 1;
$nofipscanistercheck = 1;
}
elsif (/^fipscanisterbuild$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir=;
$fipscanisterinternal=y;
}
elsif (/^fipsdso$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir=;
$fipscanisterinternal=y;
$fipsdso = 1;
}   

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising! Canada vote anything but 
Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca .

-- 
This message

Re: ssl teses forbidden in FIPS mode

[The Doctor]

On Sun, Sep 21, 2008 at 12:58:26PM +1000, Michael Gray wrote:
 
 
  On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote:
  
   TLS uses MD5 as well in the PRF.  The PRF in SSLv3 is not a true HMAC
 which
   is a problem, but the reason for not using SSLv3 is FIPS regulation.
 
  Not Exactly.  The TLS PRF uses *both* SHA1 and MD5, in a way which
  is carefully
  designed to have the security properties of the stronger of the two.
  NIST and the
  labs have accepted the argument that this means that, effectively,
  only Approved
  algorithms are used for security (because even if you consider MD5
  to be zero-strength,
  the TLS PRF is as strong as SHA1).
 
  This is not the case for SSLv3, which is why SSLv3 is not acceptable
  in a FIPS-140
  certified product: an unapproved algorithm (MD5) is used for data
  integrity.  There is
  no specific regulation, just the general requirement that only
  Approved algorithms
  be used.
 
  --
  Thor Lancelot Simon  [EMAIL PROTECTED]
  Even experienced UNIX users occasionally enter rm *.* at the UNIX
   prompt only to realize too late that they have removed the wrong
   segment of the directory structure. - Microsoft WSS whitepaper
  __
  OpenSSL Project http://www.openssl.org
  Development Mailing List   openssl-dev@openssl.org
  Automated List Manager   [EMAIL PROTECTED]
 
 
 Not Exactly? Both TLS and SSLv3 both use SHA1 and MD5 in the PRF, which
 is IMHO very cleaver as it requires both HASH functions to be broken.  But,
 the TLS PRF is a HMAC for both SHA1 and MD5 whereas SSLv3 is not. The
 specific regulation is
 http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
 page 61. Several other regulation references exist as well...
 
 SSLv3 was allowed in the past with special CipherSuites see
 http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
  , which was never truly official AFAIK in any NIST Document, but widely
 used and IMHO painful.  In this case these CipherSuites used the TLS PRF
 instead of the SSLv3 PRF (wont bother going in the fine specifics).
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.


That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising! Canada vote anything but 
Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca .

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: ssl teses forbidden in FIPS mode

[The Doctor]

On Tue, Sep 23, 2008 at 08:26:23AM +1000, Tim Hudson wrote:
 The Doctor wrote:
 That being said, how do you get openssl to compile with FIPS
 and be backwards compatable at the same time?

 That is what the FIPS mode is for - the library built supports all 
 algorithms and when in FIPS mode it disables the use of non-approved 
 algorithms.

 A single application can work in both FIPS and non-FIPS mode. You can add 
 in code to choose which mode to be in on a per-connection basis if that is 
 what your application requires.

 See the usage of FIPS_mode_set()

 Note also that due to an implementation quirk you need to clear the 
 currently set RNG when switching back into FIPS mode.

 i.e.
 RAND_set_rand_method(NULL);
 FIPS_set_mode(1);

 Tim.
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]

 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.



Apart from me, anyone else tried the fipdso in their configuration 
as extensively as I have?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising! Canada vote anything but 
Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca .

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: ssl teses forbidden in FIPS mode

[The Doctor]

On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote:
 On Mon, Sep 22, 2008, The Doctor wrote:
 
  
  
  Apart from me, anyone else tried the fipdso in their configuration 
  as extensively as I have?
  
 
 The fipsdso option isn't terribly useful for most users. To use it you need 
 a corresponding binary validated shared library installed.
 
 If you want to test the shared library build of the 1.2 test module then you
 should instead install the test 1.2 module and just use the fips option of
 the 0.9.8-stable branch.
 
 Steve.


Here is what I am using:


./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm 
enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp 
enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib 
--openssldir=/usr/contrib debug-bsdi-x86-elf -g -O3 -Wall -mcpu=pentium3 ; 
make update

The reason being is that fipsdso does give a wider option.

 --
 Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
 OpenSSL project core developer and freelance consultant.
 Homepage: http://www.drh-consultancy.demon.co.uk
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising! Canada vote anything but 
Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca .

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: ssl teses forbidden in FIPS mode

[The Doctor]

On Tue, Sep 23, 2008 at 06:46:31PM +0200, Dr. Stephen Henson wrote:
 On Tue, Sep 23, 2008, The Doctor wrote:
 
  On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote:
   On Mon, Sep 22, 2008, The Doctor wrote:
   


Apart from me, anyone else tried the fipdso in their configuration 
as extensively as I have?

   
   The fipsdso option isn't terribly useful for most users. To use it you 
   need 
   a corresponding binary validated shared library installed.
   
   If you want to test the shared library build of the 1.2 test module then 
   you
   should instead install the test 1.2 module and just use the fips option 
   of
   the 0.9.8-stable branch.
   
   Steve.
  
  
  Here is what I am using:
  
  
  ./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm 
  enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 
  enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/contrib 
  --openssldir=/usr/contrib debug-bsdi-x86-elf -g -O3 -Wall -mcpu=pentium3 
  ; make update
  
  The reason being is that fipsdso does give a wider option.
  
 
 Can you explain what you mean by does give a wider option?
 
 The only option end users will use in practice once the 1.2 validation is
 available is fips. 
 
 The options fipsdso and fipscanisterbuild are only useful for generating
 test versions which never will be validated.
 
 I've just fixed a typo which affects the fipsdso build and it now passes make
 test on my setup.
 
 Steve.

I mean

elsif (/^fipsdso$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir=;
$fipscanisterinternal=y;
$fipsdso = 1;
} 


Also just trying fips fails here every time.

 --
 Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
 OpenSSL project core developer and freelance consultant.
 Homepage: http://www.drh-consultancy.demon.co.uk
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising! Canada vote anything but 
Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca .

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: ssl teses forbidden in FIPS mode

[The Doctor]

On Thu, Sep 25, 2008 at 08:22:11AM -0400, Steve Marquess wrote:
 David Jacobson wrote:
 Tim Hudson wrote:
 The Doctor wrote:
 That being said, how do you get openssl to compile with FIPS
 and be backwards compatable at the same time?

 That is what the FIPS mode is for - the library built supports all 
 algorithms and when in FIPS mode it disables the use of non-approved 
 algorithms.

 A single application can work in both FIPS and non-FIPS mode. You can add 
 in code to choose which mode to be in on a per-connection basis if that 
 is what your application requires.

 See the usage of FIPS_mode_set()

 Note also that due to an implementation quirk you need to clear the 
 currently set RNG when switching back into FIPS mode.

 It is not an implementation quirk, it is a requirement of FIPS 140. FIPS 
 140 requires that when switching modes all keys and critical security 
 parameters must be cleared.  The random number generator state is a 
 critical security parameter. (I'm doing this from memory, but I'm quite 
 sure I've got it right.)

 It is an implementation quirk (or to be honest, an outright goof).  By the 
 time we caught this problem it was too late to fix it (with the FIPS 140 
 validation process you freeze your code first, *then* test -- ready, fire, 
 aim!).

 Since there is little practical reason to disable FIPS mode once enabled 
 (reference earlier discussion) we elected to just leave that bug as-is 
 rather than abort and restart the validation process.

 -Steve M.

 -- 
 Steve Marquess
 Open Source Software Institute
 [EMAIL PROTECTED]

 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]

 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.



The end gives up either to choose FIPs and non-MD5 or non-FIPS and MD5.

Please fix as compilation quirks on this is not a laughing
matter.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising! Canada vote anything but 
Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca .

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: openssl-0.9.8-stable-SNAP-20081115 and FIPS

[The Doctor]

On Mon, Nov 17, 2008 at 02:33:18PM -0500, Green, Paul wrote:
 Dear 'The Doctor',
 
 I am not on the OpenSSL team so I'm just speaking for myself here.  But
 I have done work on many other open-source products, so I'm responding
 based on my overall experience with open-source development.
 
 When you find a problem in an open-source product, the accepted protocol
 is to boil the problem down to the smallest reproducible test case that
 reliably demonstrates the failure and then post just that information.
 Posting the entire output of the build procedure is incredibly lame and
 completely unhelpful.  Posting to two different OpenSSL mailing lists is
 also clueless; they have different purposes.  If I were a member of the
 OpenSSL team, I'd ignore your postings until you took the time to learn
 how to add value to the process instead of being a drag on other
 people's productivity.
 


Well I moved everything to 0.9.9/dev so 
that is up to the programmers to find the rest.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising! 
Merry Christmas 2008  NOT 2o8 and Happy New Year 2009  NOT 2o9

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Possible problem in 0.9.9

[The Doctor]

Ran this test today.


Script started on Mon Dec 29 06:34:17 2008
gallifrey.nk.ca//usr/source/openssl-SNAP-20081229$ make test
testing...
making all in apps...
../util/shlib_wrap.sh ./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
Doing pcbc
Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done
Doing ofb
Doing ofb64
Doing ede_ofb64
Doing cbc_cksum
Doing quad_cksum
input word alignment test 0 1 2 3
output word alignment test 0 1 2 3
fast crypt test 
../util/shlib_wrap.sh ./ideatest
ecb idea ok
cbc idea ok
cfb64 idea ok
../util/shlib_wrap.sh ./shatest
test 1 ok
test 2 ok
test 3 ok
../util/shlib_wrap.sh ./sha1test
test 1 ok
test 2 ok
test 3 ok
../util/shlib_wrap.sh ./sha256t
Testing SHA-256 ... passed.
Testing SHA-224 ... passed.
../util/shlib_wrap.sh ./sha512t
Testing SHA-512 ... passed.
Testing SHA-384 ... passed.
../util/shlib_wrap.sh ./md4test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
../util/shlib_wrap.sh ./md5test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
../util/shlib_wrap.sh ./hmactest
test 0 ok
test 1 ok
test 2 ok
test 3 ok
../util/shlib_wrap.sh ./md2test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
../util/shlib_wrap.sh ./mdc2test
pad1 - ok
pad2 - ok
../util/shlib_wrap.sh ./wp_test
Testing Whirlpool . passed.
../util/shlib_wrap.sh ./rmdtest
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
test 8 ok
../util/shlib_wrap.sh ./rc2test
ecb RC2 ok
../util/shlib_wrap.sh ./rc4test
test 0 ok
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test end processing done
test multi-call done
bulk test ok
../util/shlib_wrap.sh ./rc5test
ecb RC5 ok
cbc RC5 ok
../util/shlib_wrap.sh ./bftest
testing blowfish in raw ecb mode
testing blowfish in ecb mode
testing blowfish set_key
testing blowfish in cbc mode
testing blowfish in cfb64 mode
testing blowfish in ofb64
../util/shlib_wrap.sh ./casttest
ecb cast5 ok
This test will take some time123456789ABCDEF ok
../util/shlib_wrap.sh ./randtest
test 1 done
test 2 done
test 3 done
test 4 done
starting big number library test, could take a while...
test BN_add
test BN_sub
test BN_lshift1
test BN_lshift (fixed)
test BN_lshift
test BN_rshift1
test BN_rshift
test BN_sqr
test BN_mul
test BN_div
test BN_div_word
test BN_div_recp
test BN_mod
test BN_mod_mul
test BN_mont
test BN_mod_exp
test BN_mod_exp_mont_consttime
test BN_exp
test BN_kronecker
++

test BN_mod_sqrt
.
.
.
.
.
.
.
.
..
.

.

.

.
..
.
..
.
..
.

.
test BN_GF2m_add
test BN_GF2m_mod
test BN_GF2m_mod_mul
test BN_GF2m_mod_sqr
test BN_GF2m_mod_inv
test BN_GF2m_mod_div
test BN_GF2m_mod_exp
test BN_GF2m_mod_sqrt
test BN_GF2m_mod_solve_quad
running bc

verify 
BN_add
verify 
BN_sub..
verify 
BN_lshift1
verify BN_lshift 
(fixed)
verify 
BN_lshift
verify 
BN_rshift1
verify 
BN_rshift
verify 
BN_sqr
verify 
BN_mul..
verify 
BN_div
verify 
BN_div_word
verify 

Errors comping openssl-SNAP-20090113

[The Doctor]

THis came from compiling on i386/BSD this morning

gost89.o: In function `gost_mac':
gost89.o(.text+0x2746): undefined reference to `memcpy'
gost89.o: In function `gost_mac_iv':
gost89.o(.text+0x2814): undefined reference to `memcpy'
gost94_keyx.o: In function `pkey_gost94_derive':
gost94_keyx.o(.text+0x17e): undefined reference to `memset'
gost94_keyx.o: In function `pkey_GOST94cp_encrypt':
gost94_keyx.o(.text+0x61c): undefined reference to `memset'
gost94_keyx.o: In function `pkey_GOST94cp_decrypt':
gost94_keyx.o(.text+0xa14): undefined reference to `memset'
gost_ameth.o: In function `pub_encode_gost01':
gost_ameth.o(.text+0x11c4): undefined reference to `memset'
gost_crypt.o: In function `gost_cipher_do_cfb':
gost_crypt.o(.text+0x382): undefined reference to `memcpy'
gost_crypt.o(.text+0x39c): undefined reference to `memcpy'
gost_crypt.o: In function `gost89_get_asn1_parameters':
gost_crypt.o(.text+0x7f3): undefined reference to `memcpy'
gost_crypt.o: In function `gost_imit_update':
gost_crypt.o(.text+0x9b9): undefined reference to `memcpy'
gost_crypt.o: In function `gost_cipher_init':
gost_crypt.o(.text+0xa6c): undefined reference to `memcpy'
gost_crypt.o(.text+0xbaa): more undefined references to `memcpy' follow
gost_crypt.o: In function `gost_imit_cleanup':
gost_crypt.o(.text+0xe80): undefined reference to `memset'
gost_ctl.o: In function `get_gost_engine_param':
gost_ctl.o(.text+0xdc): undefined reference to `getenv'
gost_ctl.o: In function `gost_set_default_param':
gost_ctl.o(.text+0x15c): undefined reference to `getenv'
gost_eng.o: In function `bind_gost':
gost_eng.o(.text+0x129): undefined reference to `strcmp'
gost_eng.o(.text+0x158): undefined reference to `puts'
gost_eng.o(.text+0x24a): undefined reference to `__sstderr'
gost_eng.o(.text+0x25b): undefined reference to `fwrite'
gost_eng.o(.text+0x27d): undefined reference to `__sstderr'
gosthash.o: In function `init_gost_hash_ctx':
gosthash.o(.text+0x25): undefined reference to `malloc'
gosthash.o: In function `done_gost_hash_ctx':
gosthash.o(.text+0x79): undefined reference to `free'
gosthash.o: In function `hash_block':
gosthash.o(.text+0x140): undefined reference to `memcpy'
gosthash.o(.text+0x251): undefined reference to `memcpy'
gosthash.o: In function `hash_step':
gosthash.o(.text+0xa15): undefined reference to `memmove'
gosthash.o(.text+0xacc): undefined reference to `memmove'
gosthash.o(.text+0xb85): undefined reference to `memmove'
gost_md.o: In function `gost_digest_copy':
gost_md.o(.text+0xf9): undefined reference to `memcpy'
gost_md.o: In function `gost_digest_cleanup':
gost_md.o(.text+0x14a): undefined reference to `memset'
gost_pmeth.o: In function `pkey_gost_ctrl':
gost_pmeth.o(.text+0x45f): undefined reference to `memcpy'
gost_pmeth.o: In function `pkey_gost_ctrl94_str':
gost_pmeth.o(.text+0x4b3): undefined reference to `strlen'
gost_pmeth.o(.text+0x4c6): undefined reference to `strlen'
gost_pmeth.o(.text+0x554): undefined reference to `_CurrentRuneLocale'
gost_pmeth.o(.text+0x578): undefined reference to `_CurrentRuneLocale'
gost_pmeth.o(.text+0x5bd): undefined reference to `___toupper'
gost_pmeth.o(.text+0x5cb): undefined reference to `___toupper'
gost_pmeth.o(.text+0x5ee): undefined reference to `_CurrentRuneLocale'
gost_pmeth.o(.text+0x645): undefined reference to `___toupper'
gost_pmeth.o: In function `pkey_gost_ctrl01_str':
gost_pmeth.o(.text+0x693): undefined reference to `strlen'
gost_pmeth.o(.text+0x6a6): undefined reference to `strlen'
gost_pmeth.o(.text+0x734): undefined reference to `_CurrentRuneLocale'
gost_pmeth.o(.text+0x758): undefined reference to `_CurrentRuneLocale'
gost_pmeth.o(.text+0x786): undefined reference to `___toupper'
gost_pmeth.o(.text+0x794): undefined reference to `___toupper'
gost_pmeth.o(.text+0x7ae): undefined reference to `_CurrentRuneLocale'
gost_pmeth.o(.text+0x801): undefined reference to `___toupper'
gost_pmeth.o: In function `pkey_gost_mac_ctrl_str':
gost_pmeth.o(.text+0xeb5): undefined reference to `strlen'
gost_sign.o: In function `pack_sign_cp':
gost_sign.o(.text+0x20d): undefined reference to `memset'
gost_sign.o: In function `store_bignum':
gost_sign.o(.text+0x7fa): undefined reference to `memset'
gmake[3]: Leaving directory `/usr/source/openssl-SNAP-20090113/engines/ccgost'  

Generate and verify a certificate request
generating certificate request
rsa
There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
Generating a 512 bit RSA private key
...
.
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU

Openssl-SNAP still erroring out

[The Doctor]

Right 
in the tests we run into

There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
Generating a 512 bit RSA private key
..
.
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:e...@mincom.oz.au
134954328:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and key 
type not supported:a_sign.c:245:
problems creating request
*** Error code 1

Stop.
*** Error code 1

Stop. 

Source of the problem

if (type-flags  EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
{
if (!pkey-ameth ||
!OBJ_find_sigid_by_algs(signid, EVP_MD_nid(type),
pkey-ameth-pkey_id))
{
ASN1err(ASN1_F_ASN1_ITEM_SIGN,
ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
return 0;
}
}   


Using

./Configure 386 threads shared no-sse2 enable-whrlpool enable-montasm 
enable-capieng enable-cms enable-seed enable-tlsext  enable-camellia 
enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic 
--prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf ; gmake 
update;gmake depend   
to compile.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Time for patriots to declare their fundamental alliance!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Openssl-SNAP still erroring out

[The Doctor]

On Fri, Feb 06, 2009 at 11:54:26AM -0800, Kyle Hamilton wrote:
 This does not appear on MacOSX 10.5.6 (with 0.9.8-stable-SNAP-20090206).
 
 ./config threads shared no-sse2 enable-whrlpool enable-montasm
 enable-capieng enable-cms enable-seed enable-tlsext  enable-camellia
 enable-rfc3779 enable-mdc2 enable-rc5 zlib-dynamic
 --prefix=/usr/contrib --openssldir=/usr/contrib
 
 (Note that I don't have GMP, so I had to remove it from the line.)
 
 All tests pass.
 
 (however, experimental-jpake fails with Bob fails to process Alice's
 step 3a (hash of hash of key mismatch).)
 
 -Kyle H


MAcOSX having a /usr/contrib?  Please replace with /usr/local .

whrlpool works with openssl 0.9.8?

Also gmp is available at ftp://ftp.ftp.gnu.org/pub/gnu .
 
 On Fri, Feb 6, 2009 at 8:23 AM, Dr. Stephen Henson st...@openssl.org wrote:
  On Fri, Feb 06, 2009, The Doctor wrote:
 
  Right
  in the tests we run into
 
  There should be a 2 sequences of .'s and some +'s.
  There should not be more that at most 80 per line
  This could take some time.
  Generating a 512 bit RSA private key
  ..
  .
  writing new private key to 'testkey.pem'
  -
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -
  Country Name (2 letter code) [AU]:AU
  State or Province Name (full name) [Queensland]:
  Locality Name (eg, city) []:Brisbane
  Organization Name (eg, company) []:CryptSoft Pty Ltd
  Organizational Unit Name (eg, section) []:.
  Common Name (eg, YOUR name) []:Eric Young
  Email Address []:e...@mincom.oz.au
  134954328:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and 
  key type not supported:a_sign.c:245:
  problems creating request
  *** Error code 1
 
  Stop.
  *** Error code 1
 
  Stop.
 
  Source of the problem
 
  if (type-flags  EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
  {
  if (!pkey-ameth ||
  !OBJ_find_sigid_by_algs(signid, EVP_MD_nid(type),
  pkey-ameth-pkey_id))
  {
  ASN1err(ASN1_F_ASN1_ITEM_SIGN,
  ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
  return 0;
  }
  }
 
 
  Using
 
  ./Configure 386 threads shared no-sse2 enable-whrlpool enable-montasm 
  enable-capieng enable-cms enable-seed enable-tlsext  enable-camellia 
  enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic 
  --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf ; gmake 
  update;gmake depend
  to compile.
 
 
  Still can't reproduce it here. Can you try a vanilla build with:
 
  ./config
 
  to see if you still get that?
 
  Steve.
  --
  Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
  OpenSSL project core developer and freelance consultant.
  Homepage: http://www.drh-consultancy.demon.co.uk
  __
  OpenSSL Project http://www.openssl.org
  Development Mailing List   openssl-dev@openssl.org
  Automated List Manager   majord...@openssl.org
 
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Time for patriots to declare their fundamental alliance!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Openssl-SNAP still erroring out

[The Doctor]

On Fri, Feb 06, 2009 at 05:23:59PM +0100, Dr. Stephen Henson wrote:
 On Fri, Feb 06, 2009, The Doctor wrote:
 
  Right 
  in the tests we run into
  
  There should be a 2 sequences of .'s and some +'s.
  There should not be more that at most 80 per line
  This could take some time.
  Generating a 512 bit RSA private key
  ..
  .
  writing new private key to 'testkey.pem'
  -
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -
  Country Name (2 letter code) [AU]:AU
  State or Province Name (full name) [Queensland]:
  Locality Name (eg, city) []:Brisbane
  Organization Name (eg, company) []:CryptSoft Pty Ltd
  Organizational Unit Name (eg, section) []:.
  Common Name (eg, YOUR name) []:Eric Young
  Email Address []:e...@mincom.oz.au
  134954328:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and 
  key type not supported:a_sign.c:245:
  problems creating request
  *** Error code 1
  
  Stop.
  *** Error code 1
  
  Stop. 
  
  Source of the problem
  
  if (type-flags  EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
  {
  if (!pkey-ameth ||
  !OBJ_find_sigid_by_algs(signid, EVP_MD_nid(type),
  pkey-ameth-pkey_id))
  {
  ASN1err(ASN1_F_ASN1_ITEM_SIGN,
  ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
  return 0;
  }
  }   
  
  
  Using
  
  ./Configure 386 threads shared no-sse2 enable-whrlpool enable-montasm 
  enable-capieng enable-cms enable-seed enable-tlsext  enable-camellia 
  enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic 
  --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf ; gmake 
  update;gmake depend   
  to compile.
  
 
 Still can't reproduce it here. Can you try a vanilla build with:
 
 ./config
 
 to see if you still get that?
 
 Steve.
 --

Sir, I invite you to this network to see for yourself.

 Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
 OpenSSL project core developer and freelance consultant.
 Homepage: http://www.drh-consultancy.demon.co.uk
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Time for patriots to declare their fundamental alliance!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Openssl-SNAP still erroring out

[The Doctor]

On Sat, Feb 07, 2009 at 11:48:31AM +0100, Dr. Stephen Henson wrote:
 On Fri, Feb 06, 2009, The Doctor wrote:
 
  Right 
  in the tests we run into
  
  There should be a 2 sequences of .'s and some +'s.
  There should not be more that at most 80 per line
  This could take some time.
  Generating a 512 bit RSA private key
  ..
  .
  writing new private key to 'testkey.pem'
  -
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -
  Country Name (2 letter code) [AU]:AU
  State or Province Name (full name) [Queensland]:
  Locality Name (eg, city) []:Brisbane
  Organization Name (eg, company) []:CryptSoft Pty Ltd
  Organizational Unit Name (eg, section) []:.
  Common Name (eg, YOUR name) []:Eric Young
  Email Address []:e...@mincom.oz.au
  134954328:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and 
  key type not supported:a_sign.c:245:
  problems creating request
  *** Error code 1
  
  Stop.
  *** Error code 1
  
  Stop. 
  
  Source of the problem
  
  if (type-flags  EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
  {
  if (!pkey-ameth ||
  !OBJ_find_sigid_by_algs(signid, EVP_MD_nid(type),
  pkey-ameth-pkey_id))
  {
  ASN1err(ASN1_F_ASN1_ITEM_SIGN,
  ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
  return 0;
  }
  }   
  
  
  Using
  
  ./Configure 386 threads shared no-sse2 enable-whrlpool enable-montasm 
  enable-capieng enable-cms enable-seed enable-tlsext  enable-camellia 
  enable-rfc3779 enable-gmp enable-mdc2 enable-rc5 zlib-dynamic 
  --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf ; gmake 
  update;gmake depend   
  to compile.
  
 
 I'm not sure how you are managing that debug-bsdi-x86-elf isn't a valid
 platform name. That command alone gives an error message here.


Point well taken.

This is a hybrid that I come up with which has worked with openssl 0.9.8  .

It combines bsdi-elf-gcc and debug-BSD-x86-elf

and is as follows:

debug-bsdi-x86-elf,   gcc3:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer
-O2 -Wall -g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG
${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
  

 Steve.
 --
 Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
 OpenSSL project core developer and freelance consultant.
 Homepage: http://www.drh-consultancy.demon.co.uk
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Time for patriots to declare their fundamental alliance!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Fwd: Openssl-SNAP still erroring out (verified on OSX 10.5.6 and virgin config)

[The Doctor]

On Sat, Feb 07, 2009 at 12:46:52PM -0800, Kyle Hamilton wrote:
 The bug does appear on OSX 10.5.6 (openssl-SNAP-20090207) with the
 following command line: ./config threads shared no-sse2
 enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed
 enable-tlsext  enable-camellia enable-rfc3779 enable-mdc2 enable-rc5
 --prefix=/$HOME/ossl --openssldir=$HOME/ossl
 
 [...]
 Generate and verify a certificate request
 generating certificate request
 rsa
 There should be a 2 sequences of .'s and some +'s.
 There should not be more that at most 80 per line
 This could take some time.
 Generating a 512 bit RSA private key
 
 ..
 writing new private key to 'testkey.pem'
 -
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -
 Country Name (2 letter code) [AU]:AU
 State or Province Name (full name) [Queensland]:
 Locality Name (eg, city) []:Brisbane
 Organization Name (eg, company) []:CryptSoft Pty Ltd
 Organizational Unit Name (eg, section) []:.
 Common Name (eg, YOUR name) []:Eric Young
 Email Address []:e...@mincom.oz.au
 2693744484:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest
 and key type not supported:a_sign.c:245:
 problems creating request
 make[1]: *** [test_gen] Error 1
 make[1]: Leaving directory
 `/Users/kyanha/workspace/ossl/snap/openssl-SNAP-20090207/test'
 make: *** [tests] Error 2
 
 It also appears with the following command-line: ./config
 --prefix=$HOME/ossl --openssldir=$HOME/ossl
 
 -Kyle H
 
 
 -- Forwarded message --
 From: Dr. Stephen Henson st...@openssl.org
 Date: Sat, Feb 7, 2009 at 2:30 AM
 Subject: Re: Openssl-SNAP still erroring out
 To: openssl-dev@openssl.org
 
 
 On Fri, Feb 06, 2009, Kyle Hamilton wrote:
 
  This does not appear on MacOSX 10.5.6 (with 0.9.8-stable-SNAP-20090206).
 
  ./config threads shared no-sse2 enable-whrlpool enable-montasm
  enable-capieng enable-cms enable-seed enable-tlsext  enable-camellia
  enable-rfc3779 enable-mdc2 enable-rc5 zlib-dynamic
  --prefix=/usr/contrib --openssldir=/usr/contrib
 
 
 You'd need to try the 0.9.9 snapshots to check the reported error. That bit of
 code (the EVP_PKEY APIs) isn't in 0.9.8.
 
 Steve.

Hence it is BSD related.

The last one that did work was openssl-SNAP-20081228 .

Kyle would you like a copy of said package?

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Time for patriots to declare their fundamental alliance!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: {?} Re: Fwd: Openssl-SNAP still erroring out (verified on OSX 10.5.6 and virgin config)

[The Doctor]

On Mon, Feb 09, 2009 at 11:04:56PM +0100, Dr. Stephen Henson wrote:
 On Sat, Feb 07, 2009, The Doctor wrote:
 
  On Sat, Feb 07, 2009 at 12:46:52PM -0800, Kyle Hamilton wrote:
   The bug does appear on OSX 10.5.6 (openssl-SNAP-20090207) with the
   following command line: ./config threads shared no-sse2
   enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed
   enable-tlsext  enable-camellia enable-rfc3779 enable-mdc2 enable-rc5
   --prefix=/$HOME/ossl --openssldir=$HOME/ossl
   
   [...]
   Generate and verify a certificate request
   generating certificate request
   rsa
   There should be a 2 sequences of .'s and some +'s.
   There should not be more that at most 80 per line
   This could take some time.
   Generating a 512 bit RSA private key
   
   ..
   writing new private key to 'testkey.pem'
   -
   You are about to be asked to enter information that will be incorporated
   into your certificate request.
   What you are about to enter is what is called a Distinguished Name or a 
   DN.
   There are quite a few fields but you can leave some blank
   For some fields there will be a default value,
   If you enter '.', the field will be left blank.
   -
   Country Name (2 letter code) [AU]:AU
   State or Province Name (full name) [Queensland]:
   Locality Name (eg, city) []:Brisbane
   Organization Name (eg, company) []:CryptSoft Pty Ltd
   Organizational Unit Name (eg, section) []:.
   Common Name (eg, YOUR name) []:Eric Young
   Email Address []:e...@mincom.oz.au
   2693744484:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest
   and key type not supported:a_sign.c:245:
   problems creating request
   make[1]: *** [test_gen] Error 1
   make[1]: Leaving directory
   `/Users/kyanha/workspace/ossl/snap/openssl-SNAP-20090207/test'
   make: *** [tests] Error 2
   
   It also appears with the following command-line: ./config
   --prefix=$HOME/ossl --openssldir=$HOME/ossl
   
   -Kyle H
   
   
   -- Forwarded message --
   From: Dr. Stephen Henson st...@openssl.org
   Date: Sat, Feb 7, 2009 at 2:30 AM
   Subject: Re: Openssl-SNAP still erroring out
   To: openssl-dev@openssl.org
   
   
   On Fri, Feb 06, 2009, Kyle Hamilton wrote:
   
This does not appear on MacOSX 10.5.6 (with 0.9.8-stable-SNAP-20090206).
   
./config threads shared no-sse2 enable-whrlpool enable-montasm
enable-capieng enable-cms enable-seed enable-tlsext  enable-camellia
enable-rfc3779 enable-mdc2 enable-rc5 zlib-dynamic
--prefix=/usr/contrib --openssldir=/usr/contrib
   
   
   You'd need to try the 0.9.9 snapshots to check the reported error. That 
   bit of
   code (the EVP_PKEY APIs) isn't in 0.9.8.
   
   Steve.
  
  Hence it is BSD related.
  
  The last one that did work was openssl-SNAP-20081228 .
  
  Kyle would you like a copy of said package?
  
 
 I can't see anything in CVS around that time which could affect this.
 
 I don't use BSD much myself but couldn't reproduce this on FreeBSD 7.1 under
 VMWare.
 
 Steve.

How about FreeBSD 5.X or 6.X?

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Time for patriots to declare their fundamental alliance!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: {?} Re: Fwd: Openssl-SNAP still erroring out (verified on OSX 10.5.6 and virgin config)

[The Doctor]

On Tue, Feb 10, 2009 at 02:06:31PM +0100, Dr. Stephen Henson wrote:
 On Tue, Feb 10, 2009, Kyle Hamilton wrote:
 
  *** virgin/crypto/objects/obj_xref.h2009-02-10 05:01:06.0 
  -0800
  --- openssl-SNAP-20090207/crypto/objects/obj_xref.h 2009-02-10
 
 [snipped]
 
 Ah, that explains it. The top level Makefile call to objxref.pl was breaking
 it. I've just committed a fix. Please try the latest HEAD or the next
 snapshot.
 
 Steve.
 --
 Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
 OpenSSL project core developer and freelance consultant.
 Homepage: http://www.drh-consultancy.demon.co.uk
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 


Still seeing:

There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
Generating a 512 bit RSA private key

...
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:e...@mincom.oz.au
134999776:error:0D0C30C6:asn1 encoding routines:ASN1_item_sign:digest and key 
type not supported:a_sign.c:245:
problems creating request
gmake[1]: *** [test_gen] Error 1
gmake[1]: Leaving directory `/usr/source/openssl-SNAP-20090210/test'
gmake: *** [tests] Error 2 
-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Time for patriots to declare their fundamental alliance!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: {?} Re: {?} Re: Fwd: Openssl-SNAP still erroring out (verified on OSX 10.5.6 and virgin config)

[The Doctor]

On Tue, Feb 10, 2009 at 06:51:32PM +0100, Dr. Stephen Henson wrote:
 On Tue, Feb 10, 2009, The Doctor wrote:
 
  On Tue, Feb 10, 2009 at 02:06:31PM +0100, Dr. Stephen Henson wrote:
   On Tue, Feb 10, 2009, Kyle Hamilton wrote:
   
*** virgin/crypto/objects/obj_xref.h2009-02-10 05:01:06.0 
-0800
--- openssl-SNAP-20090207/crypto/objects/obj_xref.h 2009-02-10
   
   [snipped]
   
   Ah, that explains it. The top level Makefile call to objxref.pl was 
   breaking
   it. I've just committed a fix. Please try the latest HEAD or the next
   snapshot.
   
  
  Still seeing:
  
 
 You'll need the latest source from CVS/rsync or tomorrow's snapshot.
 
 Alternatively apply this patch:
 
 http://cvs.openssl.org/chngview?cn=17825
 
 If you aren't starting from virgin sources you may need to delete
 crypto/objects/obj_xref.h first too.
 
 Steve.
 --
I  will try 20090211 and let you know.


 Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
 OpenSSL project core developer and freelance consultant.
 Homepage: http://www.drh-consultancy.demon.co.uk
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Time for patriots to declare their fundamental alliance!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: {?} Re: {?} Re: Fwd: Openssl-SNAP still erroring out (verified on OSX 10.5.6 and virgin config)

[The Doctor]

On Tue, Feb 10, 2009 at 02:55:50PM -0700, The Doctor wrote:
 On Tue, Feb 10, 2009 at 06:51:32PM +0100, Dr. Stephen Henson wrote:
  On Tue, Feb 10, 2009, The Doctor wrote:
  
   On Tue, Feb 10, 2009 at 02:06:31PM +0100, Dr. Stephen Henson wrote:
On Tue, Feb 10, 2009, Kyle Hamilton wrote:

 *** virgin/crypto/objects/obj_xref.h  2009-02-10 05:01:06.0 
 -0800
 --- openssl-SNAP-20090207/crypto/objects/obj_xref.h   2009-02-10

[snipped]

Ah, that explains it. The top level Makefile call to objxref.pl was 
breaking
it. I've just committed a fix. Please try the latest HEAD or the next
snapshot.

   
   Still seeing:
   
  
  You'll need the latest source from CVS/rsync or tomorrow's snapshot.
  
  Alternatively apply this patch:
  
  http://cvs.openssl.org/chngview?cn=17825
  
  If you aren't starting from virgin sources you may need to delete
  crypto/objects/obj_xref.h first too.
  
  Steve.
  --
 I  will try 20090211 and let you know.


Attention everyone, this should work as the primary server
is now using this.

When in openssl 0.9.9 expected to be released?
 
 
  Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
  OpenSSL project core developer and freelance consultant.
  Homepage: http://www.drh-consultancy.demon.co.uk
  __
  OpenSSL Project http://www.openssl.org
  Development Mailing List   openssl-dev@openssl.org
  Automated List Manager   majord...@openssl.org
  
  -- 
  This message has been scanned for viruses and
  dangerous content by MailScanner, and is
  believed to be clean.
  
 
 -- 
 Member - Liberal InternationalThis is doc...@nl2k.ab.ca
 Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
 Never Satan President Republic!
 Time for patriots to declare their fundamental alliance!
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Time for patriots to declare their fundamental alliance!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

32-bit vs 64-bit FreeBSD on Openssl-0.9.8-SNAPs

[The Doctor]

Can someone answer why

when I use

./Configure threads shared enable-capieng enable-cms enable-montasm enable-krb5
enable-tlsext enable-seed  enable-fips fipsdso enable-camellia enable-rfc3779 
enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix=/usr/ 
--openssldir=/usr/ BSD-x86-elf -g -O3 -Wall ; make depend   

no problem on FreeBSD 6.X am64 but on FreeBSD 5.X i386 I get

 Msg = 

Error showed up in openssl-SNAP-20090315

[The Doctor]

This showed up on today's compile as an assert error.

/path/to/openssl-SNAP-20090315/crypto/x509v3/v3_addr.c

As an error

Please add

then line

#insert assert.h

to solve in  /path/to/openssl-SNAP-date/crypto/x509v3/v3_addr.c

assert error .


-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Point to http://tv.cityonahillproductions.com/ 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: apache http server not connecting to correct open ssl -- urgent help needed

[The Doctor]

On Thu, Apr 02, 2009 at 05:20:30PM -0400, Srinivas Jonnalagadda wrote:
 Hi,
 
 I have openssl 0.9.8b installed with apache http server 2.0.55 on sloariz 
 machine. when i installed i used the /usr/local/ssl as prefix and i did not 
 use shared threads option. I was able to install successfully. On the same 
 machine i installed openssl 0.9.8i in /usr/local/openssl098i directory and 
 used the shared threads option. i installed apache http 2.0.63 on the same 
 machine and when i installed i gave prefix as /usr/local/openssl098i. my 
 intention was tht when i start apache http 2.0.63 i should use 
 /usr/local/openssl098i and when is start apache http server 2.0.55 i should 
 use  /usr/local/ssl. My problem now is when i start both are connecting to 
 openssl 0.9.8b. Please tell me how to connect to both.
 



You need to make slight modifications to the Apache code!

Instead of STACK you need to specify STACK_OF( ).
 
 Thanks,
 Srinivas Jonnalagadda
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-us...@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Point to http://tv.cityonahillproductions.com/ 
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Openssl 1.0.0

[The Doctor]

Now we are on to Beta 2 , Great News.

When should expecting:

BetaX
RCX
and
the 
release?

Also what errors or issues are we looking for in this beta?

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Point to http://tv.cityonahillproductions.com/ 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Issue with openssl-1.0.0-stable-SNAP-20090429

[The Doctor]

Errors are as follow on BSD/OS 4.3

test SSL protocol
../util/shlib_wrap.sh ./ssltest -test_cipherlist
testing SSLv2 cipher list order: ok
testing SSLv3 cipher list order: ok
testing TLSv1 cipher list order: ok
test sslv2
Available compression methods:
  1: zlib compression
134547716:error:140A90A1:SSL routines:SSL_CTX_new:library has no 
ciphers:ssl_lib.c:1535:
134547716:error:140A90A1:SSL routines:SSL_CTX_new:library has no 
ciphers:ssl_lib.c:1535:
*** Error code 1

Stop.
*** Error code 1
  

NO problem in openssl-1.0.0-stable-SNAP-20090428 .

Any other BSDish platform seeing this problems?

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
12 May BC vote Liberal and remember the NDP scandals like Mulroney!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Error in openssl-1.0.0 beta release 20090507

[The Doctor]

In engines/e_padlock.c


Somewhere you need to add an #endif .


I did  so above the last 2 but I could be wrong.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
12 May BC vote Liberal and remember the NDP scandals like Mulroney!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Error in openssl-1.0.0-stable-SNAP-20090516

[The Doctor]

 make
making all in crypto...
making all in crypto/objects...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/whrlpool...
making all in crypto/des...
making all in crypto/aes...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/camellia...
making all in crypto/seed...
making all in crypto/modes...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/ecdsa...
making all in crypto/dh...
making all in crypto/ecdh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/buffer...
making all in crypto/bio...
gcc -I.. -I../.. -I../asn1 -I../evp -I../../include  -fPIC -DOPENSSL_PIC 
-DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT 
-DDSO_DLFCN
 -DHAVE_DLFCN_H -g -O2 -Wall   -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer
 -O9 -march=pentium3 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE 
-DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT 
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c 
bss_dgram.c
bss_dgram.c: In function `dgram_read':
bss_dgram.c:292: structure has no member named `hstimeout'
bss_dgram.c: In function `dgram_ctrl':
bss_dgram.c:337: warning: unused variable `sockopt_val'
bss_dgram.c:338: warning: unused variable `sockopt_len'
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
If you cannot lead a family how can you pastor a church?

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Error in openssl-1.0.0-stable-SNAP-20090516

[The Doctor]

On Sun, May 17, 2009 at 07:16:47PM +0200, Ger Hobbelt wrote:
 See ongoing discussion regarding DTLS: this is something that should
 be adjusted in the next CVS, if I read Mr. Henson's messages
 correctly. DTLS is in progress, so expect some issues in the near
 future: snapshots are a, after all, only snaps of the development
 process at work.)
 
 Take care,
 
 Ger
 
 
 On Sat, May 16, 2009 at 1:50 PM, The Doctor doc...@doctor.nl2k.ab.ca wrote:
   make
  making all in crypto...
  making all in crypto/objects...
  making all in crypto/md4...
  making all in crypto/md5...
  making all in crypto/sha...
  making all in crypto/mdc2...
  making all in crypto/hmac...
  making all in crypto/ripemd...
  making all in crypto/whrlpool...
  making all in crypto/des...
  making all in crypto/aes...
  making all in crypto/rc2...
  making all in crypto/rc4...
  making all in crypto/rc5...
  making all in crypto/idea...
  making all in crypto/bf...
  making all in crypto/cast...
  making all in crypto/camellia...
  making all in crypto/seed...
  making all in crypto/modes...
  making all in crypto/bn...
  making all in crypto/ec...
  making all in crypto/rsa...
  making all in crypto/dsa...
  making all in crypto/ecdsa...
  making all in crypto/dh...
  making all in crypto/ecdh...
  making all in crypto/dso...
  making all in crypto/engine...
  making all in crypto/buffer...
  making all in crypto/bio...
  gcc -I.. -I../.. -I../asn1 -I../evp -I../../include  -fPIC -DOPENSSL_PIC 
  -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT 
  -DDSO_DLFCN
   -DHAVE_DLFCN_H -g -O2 -Wall   -DPERL5 -DL_ENDIAN -DTERMIOS 
  -fomit-frame-pointer
   -O9 -march=pentium3 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE 
  -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS 
  -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
  -DRMD160_ASM -DAES_ASM -c bss_dgram.c
  bss_dgram.c: In function `dgram_read':
  bss_dgram.c:292: structure has no member named `hstimeout'
  bss_dgram.c: In function `dgram_ctrl':
  bss_dgram.c:337: warning: unused variable `sockopt_val'
  bss_dgram.c:338: warning: unused variable `sockopt_len'
  *** Error code 1
 
  Stop.
  *** Error code 1
 
  Stop.
  *** Error code 1
 
  --
  Member - Liberal International  This is doc...@nl2k.ab.ca
  Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
  Never Satan President Republic!
  If you cannot lead a family how can you pastor a church?
 
  --
  This message has been scanned for viruses and
  dangerous content by MailScanner, and is
  believed to be clean.
 
  __
  OpenSSL Project                                 http://www.openssl.org
  Development Mailing List                       openssl-dev@openssl.org
  Automated List Manager                           majord...@openssl.org
 
 
 
 
 
 -- 
 Met vriendelijke groeten / Best regards,
 
 Ger Hobbelt
 
 --
 web:http://www.hobbelt.com/
 http://www.hebbut.net/
 mail:   g...@hobbelt.com
 mobile: +31-6-11 120 978
 --
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-us...@openssl.org
 Automated List Manager   majord...@openssl.org

It got corrected this morning.

BTW, I am a daily tester.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
If you cannot lead a family how can you pastor a church?
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

EVP_md2 error

[The Doctor]

Show stopper in php-5.2.8 +

ext/openssl/.libs/openssl.o: In function `php_openssl_get_evp_md_from_algo':
/usr/source/php-5.3.0/ext/openssl/openssl.c:908: undefined reference to 
`EVP_md2'   


Can this call be restored?
-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
The fool says in his heart, There is no God. They are corrupt, and their ways 
are vile; there is no one who does good. - Ps 53:1
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Today's error in openssl-1.0.0-stable-SNAP-20090714

[The Doctor]

making all in crypto/store...
if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  (cd ..; make 
libcrypto.so.1.0.0);  fi
rm -f openssl
shlib_target=; if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  
shlib_target=bsd-gcc-shared;  fi;  LIBRARIES=-L.. -lssl  -L.. -lcrypto ;  
make -f ../Makefile.shared -e  APPNAME=openssl OBJECTS=openssl.o verify.o 
asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o  ca.o 
pkcs7.o crl2p7.o crl.o  rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o  x509.o 
genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o  s_time.o apps.o 
s_cb.o s_socket.o app_rand.o version.o sess_id.o  ciphers.o nseq.o pkcs12.o 
pkcs8.o pkey.o pkeyparam.o pkeyutl.o  spkac.o smime.o cms.o rand.o engine.o 
ocsp.o prime.o ts.o  LIBDEPS= $LIBRARIES -lgmp -ldl -lm -lc  
link_app.${shlib_target}
x509.o: In function `x509_main':
/usr/source/openssl-1.0.0-stable-SNAP-20090714/apps/x509.c:629: undefined 
reference to `X509_gmtime_adj_ex'
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1
   
Stop.


-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
The fool says in his heart, There is no God. They are corrupt, and their ways 
are vile; there is no one who does good. - Ps 53:1
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Noticed something in the openssl-1.0.0 20090811 SNAPshot

[The Doctor]

First Time I have seem Cannot find path to openssl/engines/ .

In FreeBSD-7.2 and64 it is a show stopper.  In the old
BSDI BSD/OS 4.3.X just create directory and away you go.

Suggestion:

Can the path to openssl/engines/ point ot path to openssl/lib/
after all only .so's are being installed.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
The fool says in his heart, There is no God. They are corrupt, and their ways 
are vile; there is no one who does good. - Ps 53:1
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Error in 20090826 SNAPs

[The Doctor]

Script started on Wed Aug 26 05:26:54 2009
doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20090826$ make
making all in crypto...
ar  r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o 
ebcdic.o uid.o o_time.o o_str.o o_dir.o mem_clr.o
/usr/bin/ranlib ../libcrypto.a || echo Never mind.
making all in crypto/objects...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/whrlpool...
making all in crypto/des...
making all in crypto/aes...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/camellia...
making all in crypto/seed...
making all in crypto/modes...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/ecdsa...
making all in crypto/dh...
making all in crypto/ecdh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
making all in crypto/cms...
making all in crypto/pqueue...
making all in crypto/ts...
making all in crypto/jpake...
making all in crypto/store...
if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  (cd ..; make 
libcrypto.so.1.0.0);  fi
making all in ssl...
if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  (cd ..; make 
libssl.so.1.0.0);  fi
making all in engines...
echo 

making all in engines/ccgost...
making all in apps...
gcc -DMONOLITH -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB 
-DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -g -O2 -Wall   -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer 
-O2 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE 
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -c s_socket.c
s_socket.c: In function `init_client_ip':
s_socket.c:245: storage size of `them' isn't known
s_socket.c:251: `AF_INET' undeclared (first use in this function)
s_socket.c:251: (Each undeclared identifier is reported only once
s_socket.c:251: for each function it appears in.)
s_socket.c:260: `SOCK_STREAM' undeclared (first use in this function)
s_socket.c:261: warning: implicit declaration of function `socket'
s_socket.c:261: `IPPROTO_TCP' undeclared (first use in this function)
s_socket.c:263: `SOCK_DGRAM' undeclared (first use in this function)
s_socket.c:263: `IPPROTO_UDP' undeclared (first use in this function)
s_socket.c:265: `INVALID_SOCKET' undeclared (first use in this function)
s_socket.c:276: warning: implicit declaration of function `connect'
s_socket.c:245: warning: unused variable `them'
s_socket.c:246: warning: unused variable `i'
s_socket.c: In function `do_server':
s_socket.c:298: `SOCK_STREAM' undeclared (first use in this function)
s_socket.c:302: warning: implicit declaration of function `SHUTDOWN'
s_socket.c:311: warning: implicit declaration of function `SHUTDOWN2'
s_socket.c: In function `init_server_long':
s_socket.c:323: storage size of `server' isn't known
s_socket.c:329: `AF_INET' undeclared (first use in this function)
s_socket.c:332: `INADDR_ANY' undeclared (first use in this function)
s_socket.c:341: `SOCK_STREAM' undeclared (first use in this function)
s_socket.c:342: `IPPROTO_TCP' undeclared (first use in this function)
s_socket.c:344: `SOCK_DGRAM' undeclared (first use in this function)
s_socket.c:344: `IPPROTO_UDP' undeclared (first use in this function)
s_socket.c:346: `INVALID_SOCKET' undeclared (first use in this function)
s_socket.c:354: warning: implicit declaration of function `bind'
s_socket.c:362: warning: implicit declaration of function `listen'
s_socket.c:323: warning: unused variable `server'
s_socket.c: In function `do_accept':
s_socket.c:383: storage size of `from' isn't known
s_socket.c:400: warning: implicit declaration of function `accept'
s_socket.c:401: `INVALID_SOCKET' undeclared (first use in this function)
s_socket.c:431: warning: implicit declaration of function `gethostbyaddr'
s_socket.c:432: `AF_INET' undeclared (first use in this function)
s_socket.c:432: warning: assignment makes pointer from integer without a cast
s_socket.c:445: dereferencing pointer to incomplete type
s_socket.c:450: dereferencing pointer to 

Bug up in openssl 0.9.8

[The Doctor]

How does this effect openssl 1+ ?
-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.myspace.com/502748630 
For the latest World News go to http://www.cuttingedge.org/ - Lest we forget 
2009 .
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

New blackout

[The Doctor]

I was able to see openssl.org last night MST
but not at this current time.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.myspace.com/502748630 
Merry Christmas 2009 and Happy New Year 2010
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Any errors of interest?

[The Doctor]

Script started on Wed Dec  2 05:54:45 2009
doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20091202$ egrep bsdi 
Con 
figure
bsdi-elf-gcc, gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 
-march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
debug-bsdi-x86-elf,   gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer 
-O2 -Wall -g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG 
${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20091202$ make test
Error opening certificate file ../certs/*.pem
134962536:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:355:fopen('../certs/*.pem','r')
134962536:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
error 40 at 0 depth lookup:proxy certificates not allowed, please set the 
appropriate flag
error 40 at 0 depth lookup:proxy certificates not allowed, please set the 
appropriate flag
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify 
failed:s2_clnt.c:1051:
134962536:error:2F06606C:time stamp routines:TS_CHECK_POLICY:policy 
mismatch:ts_rsp_verify.c:575:
134962536:error:2F06606C:time stamp routines:TS_CHECK_POLICY:policy 
mismatch:ts_rsp_verify.c:575:
134962536:error:2F064067:time stamp routines:TS_CHECK_IMPRINTS:message imprint 
mismatch:ts_rsp_verify.c:659:
134523612:error:3106706A:lib(49):JPAKE_STEP3A_process:hash of hash of key 
mismatch:jpake.c:443:  
ALL TESTS SUCCESSFUL.
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
OpenSSL 1.0.0-beta4 10 Nov 2009
built on: Wed Dec  2 05:44:38 MST 2009
platform: debug-bsdi-x86-elf
options:  bn(64,32) md2(int) rc4(4x,int) des(ptr,risc1,16,long) idea(int) 
blowfish(idx) 
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS 
-pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O2 -Wall   
-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g 
-DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE 
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
OPENSSLDIR: /usr/contrib
`test' is up to date.
doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20091202$ exit
exit

Script done on Wed Dec  2 05:59:23 2009
-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.myspace.com/502748630 
Merry Christmas 2009 and Happy New Year 2010

openssl-1.0.0-stable-SNAP-20091218

[The Doctor]

This is flaky and inconsistent.

openssl-1.0.0-stable-SNAP-20091217 works better.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.myspace.com/502748630 
Merry Christmas 2009 and Happy New Year 2010
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

openssl-0.9.7-stable-SNAP-20031228 not compiling on BSD/OS

[The Doctor]

inttypes.h seems to be the culprit

Here is a script of the transaction


Script started on Sun Dec 28 06:51:25 2003
doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031228$ make
making all in crypto...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/des...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/dh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/aes...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/objects...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make -f Makefile.ssl 
libcrypto.so.0.9.7);  fi
`libcrypto.so.0.9.7' is up to date.
making all in ssl...
if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make -f Makefile.ssl 
libssl.so.0.9.7);  fi
`libssl.so.0.9.7' is up to date.
making all in apps...
making all in test...
gcc -I.. -I../include  -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
-Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ssltest.c
ssltest.c: In function `app_verify_callback':
ssltest.c:1512: `uintptr_t' undeclared (first use in this function)
ssltest.c:1512: (Each undeclared identifier is reported only once
ssltest.c:1512: for each function it appears in.)
ssltest.c:1512: syntax error before `ctx'
*** Error code 1

Stop.
*** Error code 1

Stop.
doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031228$ uname
BSD/OS
doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031228$ exit
exit

Script done on Sun Dec 28 06:51:35 2003

openssl-0.9.7-stable-stable-SNAP-20031227 did not have this problem.

-- 
Member - Liberal International  On 11 Sept 2001 the WORLD was violated.
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
Society MUST be saved! Extremists must dissolve.  
Merry Christmas 2003 and Happy New Year 2004
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl-0.9.7-stable-SNAP-20031228 not compiling on BSD/OS

[The Doctor]

On Sun, Dec 28, 2003 at 07:28:53PM +0100, Richard Levitte - VMS Whacker wrote:
 OK, I'll restore it to what it was previously, tomorrow.



Still get the following in 1229

 
Script started on Mon Dec 29 07:45:39 2003
doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031229$ make
making all in crypto...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/des...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/dh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/aes...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/objects...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make -f Makefile.ssl 
libcrypto.so.0.9.7);  fi
`libcrypto.so.0.9.7' is up to date.
making all in ssl...
if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make -f Makefile.ssl 
libssl.so.0.9.7);  fi
`libssl.so.0.9.7' is up to date.
making all in apps...
making all in test...
gcc -I.. -I../include  -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
-Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ssltest.c
ssltest.c:122: inttypes.h: No such file or directory
*** Error code 1

Stop.
*** Error code 1

Stop.
doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031229$ exit
exit

Script done on Mon Dec 29 07:45:47 2003
 In message [EMAIL PROTECTED] on Sun, 28 Dec 2003 06:59:44 -0700, The Doctor 
 [EMAIL PROTECTED] said:
 
 doctor inttypes.h seems to be the culprit
 doctor 
 doctor Here is a script of the transaction
 doctor 
 doctor 
 doctor Script started on Sun Dec 28 06:51:25 2003
 doctor doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031228$ make
 doctor making all in crypto...
 doctor making all in crypto/md2...
 doctor making all in crypto/md4...
 doctor making all in crypto/md5...
 doctor making all in crypto/sha...
 doctor making all in crypto/mdc2...
 doctor making all in crypto/hmac...
 doctor making all in crypto/ripemd...
 doctor making all in crypto/des...
 doctor making all in crypto/rc2...
 doctor making all in crypto/rc4...
 doctor making all in crypto/rc5...
 doctor making all in crypto/idea...
 doctor making all in crypto/bf...
 doctor making all in crypto/cast...
 doctor making all in crypto/bn...
 doctor making all in crypto/ec...
 doctor making all in crypto/rsa...
 doctor making all in crypto/dsa...
 doctor making all in crypto/dh...
 doctor making all in crypto/dso...
 doctor making all in crypto/engine...
 doctor making all in crypto/aes...
 doctor making all in crypto/buffer...
 doctor making all in crypto/bio...
 doctor making all in crypto/stack...
 doctor making all in crypto/lhash...
 doctor making all in crypto/rand...
 doctor making all in crypto/err...
 doctor making all in crypto/objects...
 doctor making all in crypto/evp...
 doctor making all in crypto/asn1...
 doctor making all in crypto/pem...
 doctor making all in crypto/x509...
 doctor making all in crypto/x509v3...
 doctor making all in crypto/conf...
 doctor making all in crypto/txt_db...
 doctor making all in crypto/pkcs7...
 doctor making all in crypto/pkcs12...
 doctor making all in crypto/comp...
 doctor making all in crypto/ocsp...
 doctor making all in crypto/ui...
 doctor making all in crypto/krb5...
 doctor if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make -f 
 Makefile.ssl libcrypto.so.0.9.7);  fi
 doctor `libcrypto.so.0.9.7' is up to date.
 doctor making all in ssl...
 doctor if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make -f 
 Makefile.ssl libssl.so.0.9.7);  fi
 doctor `libssl.so.0.9.7' is up to date.
 doctor making all in apps...
 doctor making all in test...
 doctor gcc -I.. -I../include  -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS 
 -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DPERL5 -DL_ENDIAN -fomit-frame-pointer 
 -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ssltest.c
 doctor ssltest.c: In function `app_verify_callback':
 doctor ssltest.c:1512: `uintptr_t' undeclared (first use in this function

Re: openssl-0.9.7-stable-SNAP-20031228 not compiling on BSD/OS

[The Doctor]

This error is still occuring.


Script started on Tue Dec 30 07:17:24 2003
doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031230$ make
making all in crypto...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/des...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/dh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/aes...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/objects...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make -f Makefile.ssl 
libcrypto.so.0.9.7);  fi
`libcrypto.so.0.9.7' is up to date.
making all in ssl...
if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make -f Makefile.ssl 
libssl.so.0.9.7);  fi
`libssl.so.0.9.7' is up to date.
making all in apps...
making all in test...
gcc -I.. -I../include  -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
-Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ssltest.c
ssltest.c:122: inttypes.h: No such file or directory
*** Error code 1

Stop.
*** Error code 1

Stop.
doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031230$ exit
exit

Script done on Tue Dec 30 07:17:36 2003

On Mon, Dec 29, 2003 at 07:57:33AM -0700, The Doctor wrote:
 On Sun, Dec 28, 2003 at 07:28:53PM +0100, Richard Levitte - VMS Whacker wrote:
  OK, I'll restore it to what it was previously, tomorrow.
 
 
 
 Still get the following in 1229
 
  
 Script started on Mon Dec 29 07:45:39 2003
 doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031229$ make
 making all in crypto...
 making all in crypto/md2...
 making all in crypto/md4...
 making all in crypto/md5...
 making all in crypto/sha...
 making all in crypto/mdc2...
 making all in crypto/hmac...
 making all in crypto/ripemd...
 making all in crypto/des...
 making all in crypto/rc2...
 making all in crypto/rc4...
 making all in crypto/rc5...
 making all in crypto/idea...
 making all in crypto/bf...
 making all in crypto/cast...
 making all in crypto/bn...
 making all in crypto/ec...
 making all in crypto/rsa...
 making all in crypto/dsa...
 making all in crypto/dh...
 making all in crypto/dso...
 making all in crypto/engine...
 making all in crypto/aes...
 making all in crypto/buffer...
 making all in crypto/bio...
 making all in crypto/stack...
 making all in crypto/lhash...
 making all in crypto/rand...
 making all in crypto/err...
 making all in crypto/objects...
 making all in crypto/evp...
 making all in crypto/asn1...
 making all in crypto/pem...
 making all in crypto/x509...
 making all in crypto/x509v3...
 making all in crypto/conf...
 making all in crypto/txt_db...
 making all in crypto/pkcs7...
 making all in crypto/pkcs12...
 making all in crypto/comp...
 making all in crypto/ocsp...
 making all in crypto/ui...
 making all in crypto/krb5...
 if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make -f Makefile.ssl 
 libcrypto.so.0.9.7);  fi
 `libcrypto.so.0.9.7' is up to date.
 making all in ssl...
 if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make -f Makefile.ssl 
 libssl.so.0.9.7);  fi
 `libssl.so.0.9.7' is up to date.
 making all in apps...
 making all in test...
 gcc -I.. -I../include  -fPIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN 
 -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ssltest.c
 ssltest.c:122: inttypes.h: No such file or directory
 *** Error code 1
 
 Stop.
 *** Error code 1
 
 Stop.
 doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031229$ exit
 exit
 
 Script done on Mon Dec 29 07:45:47 2003
  In message [EMAIL PROTECTED] on Sun, 28 Dec 2003 06:59:44 -0700, The Doctor 
  [EMAIL PROTECTED] said:
  
  doctor inttypes.h seems to be the culprit
  doctor 
  doctor Here is a script of the transaction
  doctor 
  doctor 
  doctor Script started on Sun Dec 28 06:51:25 2003
  doctor doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20031228$ make
  doctor making all in crypto

openssl 0.9.7e snapshot error 28 June 2004

[The Doctor]

Script started on Mon Jun 28 05:57:31 2004
doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20040628$ make
making all in crypto...
making all in crypto/objects...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/des...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/dh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/aes...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make 
libcrypto.so.0.9.7);  fi
+ rm -f libcrypto.so.0
+ rm -f libcrypto.so
+ rm -f libcrypto.so.0.9.7
libs='-L. '; for i in crypto; do  if [ crypto = ssl -a -n  ]; then  libs= 
$libs;  fi;  ( set -x; gcc   -shared -o lib$i.so.0.9.7  -Wl,-soname=lib$i.so.0.9.7  
-Wl,-Bsymbolic  -Wl,--whole-archive lib$i.a  -Wl,--no-whole-archive $libs -ldl -lc ) 
|| exit 1;  libs=-l$i $libs;  done
+ gcc -shared -o libcrypto.so.0.9.7 -Wl,-soname=libcrypto.so.0.9.7 -Wl,-Bsymbolic 
-Wl,--whole-archive libcrypto.a -Wl,--no-whole-archive -L. -ldl -lc
libcrypto.a(fips_dh_check.o): In function `DH_check':
/usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_check.c(.text+0x0): 
multiple definition of `DH_check'
libcrypto.a(dh_check.o)(.text+0x0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_check.c:
 first defined here
libcrypto.a(fips_dh_key.o): In function `DH_OpenSSL':
/usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2a0): 
multiple definition of `DH_OpenSSL'
libcrypto.a(dh_key.o)(.text+0x2a0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c:
 first defined here
libcrypto.a(fips_dh_key.o): In function `DH_generate_key':
/usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2c0): 
multiple definition of `DH_generate_key'
libcrypto.a(dh_key.o)(.text+0x2c0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c:
 first defined here
libcrypto.a(fips_dh_key.o): In function `DH_compute_key':
/usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2f0): 
multiple definition of `DH_compute_key'
libcrypto.a(dh_key.o)(.text+0x2f0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c:
 first defined here
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.
doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20040628$ exit
exit

Script done on Mon Jun 28 05:57:39 2004

OS BSD/OS 4.3.1

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Canada -  VOTE 
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl 0.9.7e snapshot error 28 June 2004

[The Doctor]

On Mon, Jun 28, 2004 at 02:40:45PM +0200, Richard Levitte - VMS Whacker wrote:
 Try the following:
 
   make clean; make
 
 Cheers,
 Richard (OpenSSL doctor :-))

Same error occurs.  This did not happen yesterday.

 
 In message [EMAIL PROTECTED] on Mon, 28 Jun 2004 06:09:50 -0600, The Doctor 
 [EMAIL PROTECTED] said:
 
 doctor Script started on Mon Jun 28 05:57:31 2004
 doctor doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20040628$ make
 doctor making all in crypto...
 doctor making all in crypto/objects...
 doctor making all in crypto/md2...
 doctor making all in crypto/md4...
 doctor making all in crypto/md5...
 doctor making all in crypto/sha...
 doctor making all in crypto/mdc2...
 doctor making all in crypto/hmac...
 doctor making all in crypto/ripemd...
 doctor making all in crypto/des...
 doctor making all in crypto/rc2...
 doctor making all in crypto/rc4...
 doctor making all in crypto/rc5...
 doctor making all in crypto/idea...
 doctor making all in crypto/bf...
 doctor making all in crypto/cast...
 doctor making all in crypto/bn...
 doctor making all in crypto/ec...
 doctor making all in crypto/rsa...
 doctor making all in crypto/dsa...
 doctor making all in crypto/dh...
 doctor making all in crypto/dso...
 doctor making all in crypto/engine...
 doctor making all in crypto/aes...
 doctor making all in crypto/buffer...
 doctor making all in crypto/bio...
 doctor making all in crypto/stack...
 doctor making all in crypto/lhash...
 doctor making all in crypto/rand...
 doctor making all in crypto/err...
 doctor making all in crypto/evp...
 doctor making all in crypto/asn1...
 doctor making all in crypto/pem...
 doctor making all in crypto/x509...
 doctor making all in crypto/x509v3...
 doctor making all in crypto/conf...
 doctor making all in crypto/txt_db...
 doctor making all in crypto/pkcs7...
 doctor making all in crypto/pkcs12...
 doctor making all in crypto/comp...
 doctor making all in crypto/ocsp...
 doctor making all in crypto/ui...
 doctor making all in crypto/krb5...
 doctor if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make 
 libcrypto.so.0.9.7);  fi
 doctor + rm -f libcrypto.so.0
 doctor + rm -f libcrypto.so
 doctor + rm -f libcrypto.so.0.9.7
 doctor libs='-L. '; for i in crypto; do  if [ crypto = ssl -a -n  ]; then  
 libs= $libs;  fi;  ( set -x; gcc   -shared -o lib$i.so.0.9.7  
 -Wl,-soname=lib$i.so.0.9.7  -Wl,-Bsymbolic  -Wl,--whole-archive lib$i.a  
 -Wl,--no-whole-archive $libs -ldl -lc ) || exit 1;  libs=-l$i $libs;  done
 doctor + gcc -shared -o libcrypto.so.0.9.7 -Wl,-soname=libcrypto.so.0.9.7 
 -Wl,-Bsymbolic -Wl,--whole-archive libcrypto.a -Wl,--no-whole-archive -L. -ldl -lc
 doctor libcrypto.a(fips_dh_check.o): In function `DH_check':
 doctor 
 /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_check.c(.text+0x0): 
 multiple definition of `DH_check'
 doctor 
 libcrypto.a(dh_check.o)(.text+0x0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_check.c:
  first defined here
 doctor libcrypto.a(fips_dh_key.o): In function `DH_OpenSSL':
 doctor 
 /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2a0): 
 multiple definition of `DH_OpenSSL'
 doctor 
 libcrypto.a(dh_key.o)(.text+0x2a0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c:
  first defined here
 doctor libcrypto.a(fips_dh_key.o): In function `DH_generate_key':
 doctor 
 /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2c0): 
 multiple definition of `DH_generate_key'
 doctor 
 libcrypto.a(dh_key.o)(.text+0x2c0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c:
  first defined here
 doctor libcrypto.a(fips_dh_key.o): In function `DH_compute_key':
 doctor 
 /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2f0): 
 multiple definition of `DH_compute_key'
 doctor 
 libcrypto.a(dh_key.o)(.text+0x2f0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c:
  first defined here
 doctor *** Error code 1
 doctor 
 doctor Stop.
 doctor *** Error code 1
 doctor 
 doctor Stop.
 doctor *** Error code 1
 doctor 
 doctor Stop.
 doctor *** Error code 1
 doctor 
 doctor Stop.
 doctor doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20040628$ exit
 doctor exit
 doctor 
 doctor Script done on Mon Jun 28 05:57:39 2004
 doctor 
 doctor OS BSD/OS 4.3.1
 
 -
 Please consider sponsoring my work on free software.
 See http://www.free.lp.se/sponsoring.html for details.
 
 -- 
 Richard Levitte   \ Tunnlandsvägen 52 \ [EMAIL PROTECTED]
 [EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-708-26 53 44
 \  SWEDEN   \
 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
 Member of the OpenSSL development team: http://www.openssl.org/
 
 Unsolicited commercial email is subject to an archival fee of $400.
 See http://www.stacken.kth.se/~levitte/mail/ for more info

Re: openssl 0.9.7e snapshot error 28 June 2004

[The Doctor]

threads / debug/ zlib-dynamic / shared / no-fips 

Using bsd/os 4.3.1 and elf


On Mon, Jun 28, 2004 at 06:10:46PM +0200, Richard Levitte - VMS Whacker wrote:
 In message [EMAIL PROTECTED] on Mon, 28 Jun 2004 08:14:36 -0600, The Doctor 
 [EMAIL PROTECTED] said:
 
 doctor On Mon, Jun 28, 2004 at 02:40:45PM +0200, Richard Levitte - VMS Whacker 
 wrote:
 doctor  Try the following:
 doctor  
 doctor  make clean; make
 doctor  
 doctor  Cheers,
 doctor  Richard (OpenSSL doctor :-))
 doctor 
 doctor Same error occurs.  This did not happen yesterday.
 
 Hmm, and how did you configure, exactly?
 
 doctor  In message [EMAIL PROTECTED] on Mon, 28 Jun 2004 06:09:50 -0600, The 
 Doctor [EMAIL PROTECTED] said:
 doctor  
 doctor  doctor Script started on Mon Jun 28 05:57:31 2004
 doctor  doctor doctor.nl2k.ab.ca//usr/source/openssl-0.9.7-stable-SNAP-20040628$ 
 make
 doctor  doctor making all in crypto...
 doctor  doctor making all in crypto/objects...
 doctor  doctor making all in crypto/md2...
 doctor  doctor making all in crypto/md4...
 doctor  doctor making all in crypto/md5...
 doctor  doctor making all in crypto/sha...
 doctor  doctor making all in crypto/mdc2...
 doctor  doctor making all in crypto/hmac...
 doctor  doctor making all in crypto/ripemd...
 doctor  doctor making all in crypto/des...
 doctor  doctor making all in crypto/rc2...
 doctor  doctor making all in crypto/rc4...
 doctor  doctor making all in crypto/rc5...
 doctor  doctor making all in crypto/idea...
 doctor  doctor making all in crypto/bf...
 doctor  doctor making all in crypto/cast...
 doctor  doctor making all in crypto/bn...
 doctor  doctor making all in crypto/ec...
 doctor  doctor making all in crypto/rsa...
 doctor  doctor making all in crypto/dsa...
 doctor  doctor making all in crypto/dh...
 doctor  doctor making all in crypto/dso...
 doctor  doctor making all in crypto/engine...
 doctor  doctor making all in crypto/aes...
 doctor  doctor making all in crypto/buffer...
 doctor  doctor making all in crypto/bio...
 doctor  doctor making all in crypto/stack...
 doctor  doctor making all in crypto/lhash...
 doctor  doctor making all in crypto/rand...
 doctor  doctor making all in crypto/err...
 doctor  doctor making all in crypto/evp...
 doctor  doctor making all in crypto/asn1...
 doctor  doctor making all in crypto/pem...
 doctor  doctor making all in crypto/x509...
 doctor  doctor making all in crypto/x509v3...
 doctor  doctor making all in crypto/conf...
 doctor  doctor making all in crypto/txt_db...
 doctor  doctor making all in crypto/pkcs7...
 doctor  doctor making all in crypto/pkcs12...
 doctor  doctor making all in crypto/comp...
 doctor  doctor making all in crypto/ocsp...
 doctor  doctor making all in crypto/ui...
 doctor  doctor making all in crypto/krb5...
 doctor  doctor if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make 
 libcrypto.so.0.9.7);  fi
 doctor  doctor + rm -f libcrypto.so.0
 doctor  doctor + rm -f libcrypto.so
 doctor  doctor + rm -f libcrypto.so.0.9.7
 doctor  doctor libs='-L. '; for i in crypto; do  if [ crypto = ssl -a -n  
 ]; then  libs= $libs;  fi;  ( set -x; gcc   -shared -o lib$i.so.0.9.7  
 -Wl,-soname=lib$i.so.0.9.7  -Wl,-Bsymbolic  -Wl,--whole-archive lib$i.a  
 -Wl,--no-whole-archive $libs -ldl -lc ) || exit 1;  libs=-l$i $libs;  done
 doctor  doctor + gcc -shared -o libcrypto.so.0.9.7 -Wl,-soname=libcrypto.so.0.9.7 
 -Wl,-Bsymbolic -Wl,--whole-archive libcrypto.a -Wl,--no-whole-archive -L. -ldl -lc
 doctor  doctor libcrypto.a(fips_dh_check.o): In function `DH_check':
 doctor  doctor 
 /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_check.c(.text+0x0): 
 multiple definition of `DH_check'
 doctor  doctor 
 libcrypto.a(dh_check.o)(.text+0x0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_check.c:
  first defined here
 doctor  doctor libcrypto.a(fips_dh_key.o): In function `DH_OpenSSL':
 doctor  doctor 
 /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2a0): 
 multiple definition of `DH_OpenSSL'
 doctor  doctor 
 libcrypto.a(dh_key.o)(.text+0x2a0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c:
  first defined here
 doctor  doctor libcrypto.a(fips_dh_key.o): In function `DH_generate_key':
 doctor  doctor 
 /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2c0): 
 multiple definition of `DH_generate_key'
 doctor  doctor 
 libcrypto.a(dh_key.o)(.text+0x2c0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c:
  first defined here
 doctor  doctor libcrypto.a(fips_dh_key.o): In function `DH_compute_key':
 doctor  doctor 
 /usr2/source/openssl-0.9.7-stable-SNAP-20040628/fips/dh/fips_dh_key.c(.text+0x2f0): 
 multiple definition of `DH_compute_key'
 doctor  doctor 
 libcrypto.a(dh_key.o)(.text+0x2f0):/usr2/source/openssl-0.9.7-stable-SNAP-20040628/crypto/dh/dh_key.c:
  first defined here
 doctor  doctor *** Error code 1
 doctor  doctor 
 doctor  doctor Stop.
 doctor

Openssl 0.9.7f test is looking for the wrong libssl.so

[The Doctor]

The test is looking for /libssl.so .

should it not be looking for ../libssl.so ?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Alberta on 22 Nov 2004  Boot out Ralph Klein - Vote Liberal!!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Openssl 0.9.7f test is looking for the wrong libssl.so

[The Doctor]

On Sun, Nov 07, 2004 at 09:32:51PM +0100, Richard Levitte - VMS Whacker wrote:
 In message [EMAIL PROTECTED] on Sun, 7 Nov 2004 05:36:48 -0700, The Doctor 
 [EMAIL PROTECTED] said:
 
 doctor The test is looking for /libssl.so .
 doctor 
 doctor should it not be looking for ../libssl.so ?
 
 Please send us a log and tell us what platform and how you configured.
 
 Cheers,
 Richard
 
 -
 Please consider sponsoring my work on free software.
 See http://www.free.lp.se/sponsoring.html for details.
 
 -- 
 Richard Levitte [EMAIL PROTECTED]
 http://richard.levitte.org/
 
 When I became a man I put away childish things, including
  the fear of childishness and the desire to be very grown up.
   -- C.S. Lewis

./Configure threads shared zlib-dynamic debug --prefix=/usr/contrib 
--openssldir=/usr/contrib bsdi-elf-gcc -g -O3 -Wall 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Alberta on 22 Nov 2004  Boot out Ralph Klein - Vote Liberal!!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSL 0.9.8 pre-release

[The Doctor]

Error compiling programme:


Script started on Sat Dec 18 06:44:16 2004
gallifrey.nk.ca//usr/source/openssl-SNAP-20041218$ !./   
gallifrey.nk.ca//usr/source/openssl-SNAP-20041218$ configure       
  Configure --help
Usage: Configure [no-cipher ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] 
[no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] 
[no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] 
[--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]
gallifrey.nk.ca//usr/source/openssl-SNAP-20041218$ !./C
./Configure threads shared zlib-dynamic debug --prefix=/usr/contrib 
--openssldir=/usr/contrib bsdi-elf-gcc -g -O3 -Wall
target already defined - debug
gallifrey.nk.ca//usr/source/openssl-SNAP-20041218$ ^debug^
./Configure threads shared zlib-dynamic  --prefix=/usr/contrib 
--openssldir=/usr/contrib bsdi-elf-gcc -g -O3 -Wall
Configuring for bsdi-elf-gcc
IsMK1MF=0
CC=gcc
CFLAG =-fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DDSO_DLFCN 
-DHAVE_DLFCN_H -g -O3 -Wall -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
-Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM 
-DRMD160_ASM
EX_LIBS   =-ldl
BN_ASM=asm/bn86-elf.o asm/co86-elf.o
DES_ENC   =asm/dx86-elf.o asm/yx86-elf.o
BF_ENC=asm/bx86-elf.o
CAST_ENC  =c_enc.o
RC4_ENC   =asm/rx86-elf.o
RC5_ENC   =asm/r586-elf.o
MD5_OBJ_ASM   =asm/mx86-elf.o
SHA1_OBJ_ASM  =asm/sx86-elf.o asm/s512sse2-elf.o
RMD160_OBJ_ASM=asm/rm86-elf.o
PROCESSOR =
RANLIB=/usr/bin/ranlib
ARFLAGS   =
PERL  =/usr/bin/perl5
THIRTY_TWO_BIT mode
DES_PTR used
DES_RISC1 used
DES_UNROLL used
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined
Makefile = Makefile.ssl
created directory `include/openssl'
e_os2.h = include/openssl/e_os2.h
making links in crypto...
Makefile = Makefile.ssl
crypto.h = ../include/openssl/crypto.h
tmdiff.h = ../include/openssl/tmdiff.h
opensslv.h = ../include/openssl/opensslv.h
opensslconf.h = ../include/openssl/opensslconf.h
ebcdic.h = ../include/openssl/ebcdic.h
symhacks.h = ../include/openssl/symhacks.h
ossl_typ.h = ../include/openssl/ossl_typ.h
Makefile = Makefile.ssl
making links in crypto/objects...
Makefile = Makefile.ssl
objects.h = ../../include/openssl/objects.h
obj_mac.h = ../../include/openssl/obj_mac.h
making links in crypto/md2...
Makefile = Makefile.ssl
md2.h = ../../include/openssl/md2.h
md2test.c = ../../test/md2test.c
making links in crypto/md4...
Makefile = Makefile.ssl
md4.h = ../../include/openssl/md4.h
md4test.c = ../../test/md4test.c
md4.c = ../../apps/md4.c
making links in crypto/md5...
Makefile = Makefile.ssl
md5.h = ../../include/openssl/md5.h
md5test.c = ../../test/md5test.c
making links in crypto/sha...
Makefile = Makefile.ssl
sha.h = ../../include/openssl/sha.h
shatest.c = ../../test/shatest.c
sha1test.c = ../../test/sha1test.c
sha256t.c = ../../test/sha256t.c
sha512t.c = ../../test/sha512t.c
making links in crypto/mdc2...
Makefile = Makefile.ssl
mdc2.h = ../../include/openssl/mdc2.h
mdc2test.c = ../../test/mdc2test.c
making links in crypto/hmac...
Makefile = Makefile.ssl
hmac.h = ../../include/openssl/hmac.h
hmactest.c = ../../test/hmactest.c
making links in crypto/ripemd...
Makefile = Makefile.ssl
ripemd.h = ../../include/openssl/ripemd.h
rmdtest.c = ../../test/rmdtest.c
making links in crypto/des...
Makefile = Makefile.ssl
des.h = ../../include/openssl/des.h
des_old.h = ../../include/openssl/des_old.h
destest.c = ../../test/destest.c
making links in crypto/rc2...
Makefile = Makefile.ssl
rc2.h = ../../include/openssl/rc2.h
rc2test.c = ../../test/rc2test.c
making links in crypto/rc4...
Makefile = Makefile.ssl
rc4.h = ../../include/openssl/rc4.h
rc4test.c = ../../test/rc4test.c
making links in crypto/rc5...
Makefile = Makefile.ssl
rc5.h = ../../include/openssl/rc5.h
rc5test.c = ../../test/rc5test.c
making links in crypto/idea...
Makefile = Makefile.ssl
idea.h = ../../include/openssl/idea.h
ideatest.c = ../../test/ideatest.c
making links in crypto/bf...
Makefile = Makefile.ssl
blowfish.h = ../../include/openssl/blowfish.h
bftest.c = ../../test/bftest.c
making links in crypto/cast...
Makefile = Makefile.ssl
cast.h = ../../include/openssl/cast.h
casttest.c = ../../test/casttest.c
making links in crypto/bn...
Makefile = Makefile.ssl
bn.h = ../../include/openssl/bn.h
bntest.c = ../../test/bntest.c
exptest.c = ../../test/exptest.c
making links in crypto/ec...
Makefile = Makefile.ssl
ec.h = ../../include/openssl/ec.h
ectest.c = ../../test/ectest.c
making links in crypto/rsa...
Makefile = Makefile.ssl
rsa.h = ../../include/openssl/rsa.h
rsa_test.c = ../../test/rsa_test.c
making links in crypto/dsa...
Makefile = Makefile.ssl
dsa.h = ../../include/openssl/dsa.h
dsatest.c = ../../test/dsatest.c
making links in crypto/ecdsa...
Makefile = Makefile.ssl
ecdsa.h = ../../include/openssl/ecdsa.h
ecdsatest.c = ../../test/ecdsatest.c
making links in crypto/dh...
Makefile = Makefile.ssl
dh.h = 

Re: OpenSSL 0.9.8 pre-release

[The Doctor]

On Sat, Dec 18, 2004 at 07:09:29PM +0100, Andy Polyakov wrote:
 Configuring for bsdi-elf-gcc
 ...
 asm/s512sse2-elf.s: Assembler messages:
 asm/s512sse2-elf.s:26: Error: no such 386 instruction: `movdqu 
 (%edx),%xmm0'
 
 You need up-to-date assembler to compile SSE2-enabled modules available 
 in 0.9.8. I know nothing about bsdi, but it seems to be common that 
 bare-bone BSD flavors are equipped with minimally-featured assembler. 
 Fully-fledged one might or might not be available as add-on package for 
 your OS. Your options are 1. find or compile SSE2-capable assembler, 
 such as one found in binutils-2.14, or 2. re-configure OpenSSL with 
 no-sse2 option and sacrifice some performance on P4 platform. A.

I will try binutilis first then if that does not working no-sse2 .

I will report back.
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   [EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Merry Christmas 2004 and Happy New Year 2005
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL 0.9.8 pre-release

[The Doctor]

On Sat, Dec 18, 2004 at 12:11:14PM -0700, The Doctor wrote:
 On Sat, Dec 18, 2004 at 07:09:29PM +0100, Andy Polyakov wrote:
  Configuring for bsdi-elf-gcc
  ...
  asm/s512sse2-elf.s: Assembler messages:
  asm/s512sse2-elf.s:26: Error: no such 386 instruction: `movdqu 
  (%edx),%xmm0'
  
  You need up-to-date assembler to compile SSE2-enabled modules available 
  in 0.9.8. I know nothing about bsdi, but it seems to be common that 
  bare-bone BSD flavors are equipped with minimally-featured assembler. 
  Fully-fledged one might or might not be available as add-on package for 
  your OS. Your options are 1. find or compile SSE2-capable assembler, 
  such as one found in binutils-2.14, or 2. re-configure OpenSSL with 
  no-sse2 option and sacrifice some performance on P4 platform. A.
 
 I will try binutilis first then if that does not working no-sse2 .

First off, I need to compile binutils 2.15 for BSDI BSD/OS 4.3 .

Another fun task, but It is my job.

So I went with no-sse2 option and that did it.

Suggestion openssl 0.9.8 should look for an accurate binutil.

 
 I will report back.
  __
  OpenSSL Project http://www.openssl.org
  Development Mailing List   [EMAIL PROTECTED]
  Automated List Manager   [EMAIL PROTECTED]
 
 -- 
 Member - Liberal International
 This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED]
 God Queen and country! Beware Anti-Christ rising!
 Merry Christmas 2004 and Happy New Year 2005
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   [EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Merry Christmas 2004 and Happy New Year 2005
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Problem with 0.9.7 SNAPSHOT 20041229

[The Doctor]

On Thu, Dec 30, 2004 at 12:14:31PM +0100, Andy Polyakov wrote:
 gcc -DMONOLITH -I.. -I../include  -fPIC -DZLIB_SHARED -DZLIB 
 -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -g -O3 
 -Wall -DPERL5 -DL_ENDIAN  -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM 
 -DRMD160_ASM -g -c apps.c
 apps.c: In function `load_cert':
 apps.c:734: `err' redeclared as different kind of symbol
 apps.c:820: previous declaration of `err'
 apps.c: In function `load_key':
 apps.c:734: `err' redeclared as different kind of symbol
 apps.c:902: previous declaration of `err'
 *** Error code 1
 
 Fix is committed. For reference what is your compiler version? gcc -v? A.

GCC 2.95.3 on BSD/OS 4.3.1  .

I am working on a port of GCC 3.X for BSD/OS 4.3.1 and binutils current
for BSD/OS 4.3.1 


 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Merry Christmas 2004 and Happy New Year 2005
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

20050110 packages

[The Doctor]

20050110 packages were not tarred correctly this morning.
-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Birthdate: 29 Jan 1969 Redhill, Surrey, England, UK
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Openssl-SNAP-20050124

[The Doctor]

On Mon, Jan 24, 2005 at 05:45:22PM +0100, Andy Polyakov wrote:
 Just tried this with  binutils 2.15 .
 
 I got the following:
 
 
 Script started on Mon Jan 24 06:20:49 2005
 gallifrey.nk.ca//usr/source/openssl-SNAP-20050124$ make    !./C
 ./Configure threads shared zlib-dynamic debug --prefix=/usr/contrib 
 --openssldir=/usr/contrib bsdi-elf-gcc -g -O3 -Wall
 target already defined - debug
 
 First of all one thing not directly related to the problem in question. 
 I'm trying to unify BSD targets in HEAD and wonder if you could download 
 openssl-SNAP-20050125 when it becomes available(!) or 'cvs checkout' now 
 and verify BSD-x86-elf targer on your system. I mean instead of asking 
 for bsdi-elf-gcc in your ./Configure line, ask for BSD-x86-elf.
 
 ../libcrypto.so: undefined reference to `AES_Te'
 ../libcrypto.so: undefined reference to `AES_encrypt'
 ../libcrypto.so: undefined reference to `AES_Td'
 ../libcrypto.so: undefined reference to `AES_decrypt'
 *** Error code 1
 
 If you go through your log, you'll see that no assembler modules were 
 compiled, but some were linked. Follow sx86-elf for example... How come? 
  ax86-elf does not appear at all and that's where above symbols reside 
 now... Normally this would occur if you do 'cvs checkout' and then 
 attempt to 'make' without reconfigure... And I can't reproduce the 
 problem with BSD-x86-elf target if I checkout into an empty location... 
 It must be your local problem... make clean, reconfigure, figure out why 
 ax86-elf was not compiled [automatically]... A.
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]


I do not see a BSD-x86-elf option.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Openssl-SNAP-20050125 Re: Openssl-SNAP-20050124

[The Doctor]

On Tue, Jan 25, 2005 at 11:40:41PM +0100, Andy Polyakov wrote:
 ../libcrypto.so: undefined reference to `dlerror'
 ../libcrypto.so: undefined reference to `dlclose'
 ../libcrypto.so: undefined reference to `dlopen'
 ../libcrypto.so: undefined reference to `dlsym'
 ../libcrypto.so: undefined reference to `AES_encrypt'
 ../libcrypto.so: undefined reference to `AES_Td'
 ../libcrypto.so: undefined reference to `AES_decrypt'
 
 And it failed to compile AES assembler module again... Apparently it's 
 BSD make issue, it's not reproducible with GNU make. 
 http://cvs.openssl.org/chngview?cn=12847 should do the trick...
 
 I think you are missing -ldl somewhere.
 
 -ldl is not required on [Open|Net|Free]BSD, which are prime targets for 
 unification. Yet I'd appreciate if you could give another try and verify 
 if './Confgure BSD-x86-elf -ldl ...' works on bsdi. Naturally provided 
 that AES assembler module gets compiled. 

-ldl is a libraby that is needed in BSDs.

 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Birthdate: 29 Jan 1969 Redhill, Surrey, England, UK
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Openssl-SNAP-20050129 Re: Openssl-SNAP-20050125 Re: Openssl-SNAP-20050124

[The Doctor]

On Sat, Jan 29, 2005 at 06:23:29PM +0100, Andy Polyakov wrote:
 ... ./sha512t
 
 Illegal instruction
 
 *** Error code 132
 
 This means that your kernel does not support SSE2 and you have to other 
 choice but to configure with no-sse2 and give up SSE2 enhancements. I'm 
 sorry if I've lead you to wrong expectations, but my BSD experience was 
 not broad enough to foresee this. A.

Will future openssl releases have the no-sse2 option?

 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Birthdate: 29 Jan 1969 Redhill, Surrey, England, UK
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Snapshots and BSD

[The Doctor]

1) What happened to the 200503027 snapshots?

2)  BSD and OPenssl:

Apaarently GCC 3 will get the 512 sets working with openssl 0.9.8

.  I tried with bsdi-elf-gcc and BSD-x86-ELF.  Can anyone else confirm this?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Remember Christ is the reason for the Season!!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

openssl 20050404 snapshots

[The Doctor]

MAtes, I got a 0 block error.  Please fix.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
UK as 5 May 2005 approaches, vote LDem!!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

20050509 SNAPSHOT issue

[The Doctor]

Why did the below happen?

Script started on Mon May  9 07:32:50 2005
gallifrey.nk.ca//usr/source/openssl-0.9.7-stable-SNAP-20050509$   make
making all in crypto...
making all in crypto/objects...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/des...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/dh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/aes...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
`libcrypto.so.0.9.7' is up to date.
making all in fips...
making all in ssl...
if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make 
libssl.so.0.9.7);  fi
`libssl.so.0.9.7' is up to date.
making all in apps...
(cd ..; make DIRS=ssl all)
making all in ssl...
if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make 
libssl.so.0.9.7);  fi
`libssl.so.0.9.7' is up to date.
making all in test...
(cd ..; make DIRS=ssl all)
making all in ssl...
if [ -n libcrypto.so.0.9.7 libssl.so.0.9.7 ]; then  (cd ..; make 
libssl.so.0.9.7);  fi
`libssl.so.0.9.7' is up to date.
+ 
LD_LIBRARY_PATH=..:/usr/contrib/qt/lib:/usr/contrib/qt/lib:/usr/libdata/perl5/i386-bsdos/CORE
 gcc -o fips_rsavtest -I.. -I../include -fPIC -DZLIB_SHARED -DZLIB 
-DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -g -O9 -Wall 
-march=i686 -g -DPERL5 -DL_ENDIAN -O9 -march=i686 -Wall -DSHA1_ASM -DMD5_ASM 
-DRMD160_ASM -g fips_rsavtest.o -L.. -lssl -L.. -lcrypto -ldl
fips_rsavtest.o(.text+0x641): In function `rsa_test':
/usr/source/openssl-0.9.7-stable-SNAP-20050509/test/fips_rsavtest.c:223: 
undefined reference to `EVP_sha512'
fips_rsavtest.o(.text+0x671):/usr/source/openssl-0.9.7-stable-SNAP-20050509/test/fips_rsavtest.c:221:
 undefined reference to `EVP_sha384'
fips_rsavtest.o(.text+0x678):/usr/source/openssl-0.9.7-stable-SNAP-20050509/test/fips_rsavtest.c:219:
 undefined reference to `EVP_sha256'
fips_rsavtest.o(.text+0x67f):/usr/source/openssl-0.9.7-stable-SNAP-20050509/test/fips_rsavtest.c:217:
 undefined reference to `EVP_sha224'
*** Error code 1

Stop.
*** Error code 1

Stop.
gallifrey.nk.ca//usr/source/openssl-0.9.7-stable-SNAP-20050509$ gmake
making all in crypto...
gmake[1]: Entering directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto'
making all in crypto/objects...
gmake[2]: Entering directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/objects'
gmake[2]: Nothing to be done for `all'.
gmake[2]: Leaving directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/objects'
making all in crypto/md2...
gmake[2]: Entering directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md2'
gmake[2]: Nothing to be done for `all'.
gmake[2]: Leaving directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md2'
making all in crypto/md4...
gmake[2]: Entering directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md4'
gmake[2]: Nothing to be done for `all'.
gmake[2]: Leaving directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md4'
making all in crypto/md5...
gmake[2]: Entering directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md5'
gmake[2]: Nothing to be done for `all'.
gmake[2]: Leaving directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/md5'
making all in crypto/sha...
gmake[2]: Entering directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/sha'
gmake[2]: Nothing to be done for `all'.
gmake[2]: Leaving directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/sha'
making all in crypto/mdc2...
gmake[2]: Entering directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/mdc2'
gmake[2]: Nothing to be done for `all'.
gmake[2]: Leaving directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/mdc2'
making all in crypto/hmac...
gmake[2]: Entering directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/hmac'
gmake[2]: Nothing to be done for `all'.
gmake[2]: Leaving directory 
`/usr/source/openssl-0.9.7-stable-SNAP-20050509/crypto/hmac'
making all in crypto/ripemd...
gmake[2]: Entering directory 

Re: SHA512

[The Doctor]

On Sat, May 21, 2005 at 08:53:19PM -0700, Tim Rice wrote:
 
 It looks like SHA512 requires a 64bit data type.
 So on older platforms that do not have long long support,
 you get errors like
 ...
 making all in crypto/sha...
 gmake[2]: Entering directory `/var/local/src/libs/openssl-0.9.8/crypto/sha'
 cc -I.. -I../.. -I../../include -DOPENSSL_THREADS -Kthread -DFILIO_H 
 -DNO_STRINGS_H   -c  sha_dgst.c
 UX:acomp: ERROR: ../../include/openssl/sha.h, line 172: invalid type 
 combination
 UX:acomp: ERROR: ../../include/openssl/sha.h, line 173: invalid type 
 combination
 UX:acomp: ERROR: ../../include/openssl/sha.h, line 175: invalid type 
 combination
 gmake[2]: *** [sha_dgst.o] Error 1
 ...
 
 I tried adding -DOPENSSL_NO_SHA512 and that did not help.
 It looks like the #ifndef OPENSSL_NO_SHA512 line in include/openssl/sha.h
 comes too late.

Try a no-sse2 option.
 
 The unixware-2.0, unixware-2.1, and sco5-cc targets should have
 OPENSSL_NO_SHA512 defined by default.
 
 Hmm, I may have to add a unixware-2.0-gcc target.
 
 -- 
 Tim Rice  Multitalents(707) 887-1469
 [EMAIL PROTECTED]
 
 
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
insert you thought here.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: [ANNOUNCE] OpenSSL 0.9.8 beta 6 released

[The Doctor]

On Wed, Jun 22, 2005 at 11:57:29PM +1000, Steven Reddie wrote:
 Hi,
 
 I've tested it on the platforms below with no problems.  Looking good!
 
 
 Commands executed on Windows (not Cygwin):
   perl Configure VC-WIN32
   ms\do_ms (didn't have MASM/NASM handy)
   nmake -f ms\ntdll.mak
   cd out32dll
   ..\ms\test
 
 Commands executed on all other platforms:
   ./config (Operating system and Configured for below as reported
 by config)
   make
   make test
 
 
   Operating system Configured for  Compiler
   ---  --
 -
 Windows 2000   VC-WIN32MSVC 6.0
 Cygwin 1.5.5-1i686-whatever-cygwin Cygwin  gcc 3.3.1
 Red Hat Linux 9   i686-whatever-linux2 linux-elf   gcc 3.2.2
 FreeBSD 4.6   i586-pc-freebsd4.6   BSD-x86-elf gcc 2.95.3
 Solaris 2.6   sun4u-whatever-solaris2  solaris-sparcv9-cc  Sun WorkShop
 6 update 2 C 5.3
 Solaris 2.7   sun4u-whatever-solaris2  solaris-sparcv9-cc  Sun WorkShop
 6 update 2 C 5.3
 AIX 5.1   0050C89A4C00-ibm-aix aix-cc  C for AIX
 Compiler, Version 6
 HP-UX 11.11   9000/800-hp-hpux1x   hpux-parisc2-cc HP C Compiler
 B.11.11.08
 Tru64 OSF1 V4.0E  alpha-dec-tru64  tru64-alpha-cc  DEC C
 V5.8-009


For BSD/OS 4.3.1 Is and using a combination og debug-BSD-x86-elf and 
bsdi-gcc-elf
and note no problems.  

OTOH, I think Apache is waiting for this ot be realease so that 2.0 
can be Openssl 0.9.8 complaint.
 
 
 Regards,
 
 Steven
 
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
nk.ca started 1 June 1995
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Error in July releases of Openssl 0.9.7

[The Doctor]

The previews versions have an error.

They do not recognize Certs in Apache-SSL.  

The problems turns up in 20050701 .

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Canada Day 1 July, USA Day 4 July - PARTY ON!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Error in July releases of Openssl 0.9.7

[The Doctor]

On Sun, Jul 03, 2005 at 03:34:09PM +0200, Andy Polyakov wrote:
 The previews versions have an error.
 
 They do not recognize Certs in Apache-SSL. 
 The problems turns up in 20050701 .
 
 Are you sure that not earlier? The closest change that might affect 
 certificate look-ups is dated 23rd, to be specific 
 http://cvs.openssl.org/chngview?cn=14114. The new code is buggy! As it 
 is now dir variable can be used uninitialized and it appears to me 
 there're couple of curly braces missing... This affects all branches!


20050630 has no problem.  This appears on 20050701 and later.
 
 Verify http://cvs.openssl.org/chngview?cn=14203 or tomorrow snapshot as 
 it becomes available. A.
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Canada Day 1 July, USA Day 4 July - PARTY ON!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Openssl tagged for 15 April has a bug

[The Doctor]

Script started on Sat Apr 15 06:07:24 2006
 doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$  less 
/usr/con 
tri   
doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$  less 
/usr/con 
doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$  less 
/usr/co

doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$  less 
/usr/co  con 
fi  doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$  
less /usr/con 
trib/bin/configopenssl
[?1h=./Configure  threads shared no-sse2  --prefix=/usr/contrib 
--openssldir=/usr/con
trib debug-bsdi-x86-elf -g -O3 -Wall; make depend
/usr/contrib/bin/configopenssl (END) 
[?1ldoctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$
 ^less^v cat
 cat /usr/contrib/bin/configopenssl
./Configure  threads shared no-sse2  --prefix=/usr/contrib 
--openssldir=/usr/contrib debug-bsdi-x86-elf -g -O3 -Wall; make depend
doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$ make
making all in crypto...
making all in crypto/objects...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/des...
making all in crypto/aes...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/ecdsa...
making all in crypto/dh...
making all in crypto/ecdh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
making all in crypto/store...
making all in crypto/pqueue...
if [ -n libcrypto.so.0.9.8 libssl.so.0.9.8 ]; then  (cd ..; make 
libcrypto.so.0.9.8);  fi
`libcrypto.so.0.9.8' is up to date.
making all in ssl...
if [ -n libcrypto.so.0.9.8 libssl.so.0.9.8 ]; then  (cd ..; make 
libssl.so.0.9.8);  fi
`libssl.so.0.9.8' is up to date.
making all in engines...
making all in apps...
rm -f openssl
shlib_target=; if [ -n libcrypto.so.0.9.8 libssl.so.0.9.8 ]; then  
shlib_target=bsd-gcc-shared;  fi;  if [ ${shlib_target} = darwin-shared ] 
; then  LIBRARIES=../libssl.a  ../libcrypto.a ;  else  LIBRARIES=-L.. -lssl  
-L.. -lcrypto ;  fi;  make -f ../Makefile.shared -e  APPNAME=openssl 
OBJECTS=openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o 
passwd.o gendh.o errstr.o  ca.o pkcs7.o crl2p7.o crl.o  rsa.o rsautl.o dsa.o 
dsaparam.o ec.o ecparam.o  x509.o genrsa.o gendsa.o s_server.o s_client.o 
speed.o  s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o  
ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o  ocsp.o 
prime.o  LIBDEPS= $LIBRARIES -ldl  link_app.${shlib_target}
../libcrypto.so: undefined reference to `ASN1_bn_print'
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.
doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060415$ exit
exit

Script done on Sat Apr 15 06:08:06 2006
-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Remeber Christ is the Reason for Good Friday and Resurrection Sunday

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Error in 20060610 releases

[The Doctor]

Script started on Sat Jun 10 06:12:11 2006
doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060610$ make   
     cat /usr/contr 
ib/bin/configopenssl
./Configure  threads shared no-sse2  --prefix=/usr/contrib 
--openssldir=/usr/contrib debug-bsdi-x86-elf -g -O3 -Wall; make depend
doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060610$ egrep bsdi 
Con 
figure
bsdi-elf-gcc, gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 
-march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
debug-bsdi-x86-elf,   gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer 
-O9 -march=i686 -Wall -g::${BSDthreads}::-ldl:THIRY_TWO_BIT_LONG RC4_CHUNK 
BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060610$ make   make 
 
test
making all in crypto...
making all in crypto/objects...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/des...
making all in crypto/aes...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/ecdsa...
making all in crypto/dh...
making all in crypto/ecdh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/evp...
make: don't know how to make e_camellia.o. Stop
*** Error code 1

Stop.
*** Error code 1

Stop.
doctor.nl2k.ab.ca//usr/source/openssl-0.9.8-stable-SNAP-20060610$ exit
exit

Script done on Sat Jun 10 06:12:55 2006
-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Beware Linux the MS Windows of Unix! Demand UseNet an integral part of Internet!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

camellia and uint

[The Doctor]

Upon this mornings compile on my BSD boxes,

camellia was found to have uint's and inttypes.h which has
to be corrected to U-int's and commenting out respectively.

Please fix.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Beware Linux the MS Windows of Unix! Demand UseNet an integral part of Internet!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Please include this config in furture configuration files

[The Doctor]

debug-bsdi-x86-elf,   gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer 
-O9 -march=i686 -Wall -g::${BSDthreads}::-ldl -lc -lm:THIRY_TWO_BIT_LONG 
RC4_CHUNK BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),

This works no problem as long as you have gcc3 and one can get
gcc3 working on BSD/OS if they ever got BSD/OS 5.1 .

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Happy Christmas 2006 and Merry New Year 2007.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Downages

[The Doctor]

2 nights in a row?!

What is going on ??!!

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Hey! Hey! Ho! Ho! Lying Stephen Harper has got to go!  Hey! Hey! Ho! Ho!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Downage

[The Doctor]

Downage on 8 MArch 2010 .  When will this be rectified?

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Hey! Hey! Ho! Ho! Lying Stephen Harper has got to go!  Hey! Hey! Ho! Ho!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL server problems

[The Doctor]

On Tue, Mar 09, 2010 at 01:24:25PM +0100, Lutz Jaenicke wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Hi!
 
 In the past few days we had some problems with the hardware of the
 OpenSSL server providing the public services (web, mail, etc).
 We are now closely monitoring the system and preparing to migrate to
 another server if necessary.
 Thank you very much for your patience.
 
 Best regards,
 Lutz
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iQCVAwUBS5Y9+XiZOxScWKZtAQL7RwP/R+FK3C8MCUDFDYADupddZS01Qx1yBAEf
 4G5gdT6N9Hhr1F9LCDRk0liD7E9kERnD/0pYLYH0sV4B9FAWq5JuaekwwrnoSCqu
 tiJ/y7py/mPKHFA9vPx+/4GyC0AlnOTUcNrUnahXi7lQp5sRq78/Uk2w6RXZX2iY
 UfpFnI+yqL0=
 =2kO7
 -END PGP SIGNATURE-
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-us...@openssl.org
 Automated List Manager   majord...@openssl.org

Thank you.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Hey! Hey! Ho! Ho! Lying Stephen Harper has got to go!  Hey! Hey! Ho! Ho!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Plans for openssl 1.1?

[The Doctor]

On Tue, Oct 12, 2010 at 02:21:21PM +0200, Hanno Böck wrote:
 Hi,
 
 I wanted to ask if there are any plans when openssl 1.1 or at least a 
 pre/alpha/beta-version of it is going to be released.
 
 (the background I'm asking this is that I'm currently interested in the usage 
 of RSA-PSS signatures - university work - and I'd like to get a rough 
 estimation when an openssl version supporting PSS will be out)
 
 cu,
 -- 
 Hanno BöckBlog:   http://www.hboeck.de/
 GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
 
 http://schokokeks.org - professional webhosting

AFAIK the alph is out on snapshots.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Are you a real human: http://www.cuttingedge.org/news/n1334.cfm
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

assert issue in openssl-1.0.1-stable-SNAP-20110103

[The Doctor]

All right, when attempting to compile openssl-1.0.1-stable-SNAP-20110103

I got

making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
making all in crypto/cms...
making all in crypto/pqueue...
making all in crypto/ts...
making all in crypto/jpake...
making all in crypto/store...
if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  (cd ..; make 
libcrypto.so.1.0.0);  fi
libcrypto.a(v3_asid.o): In function `v3_asid_validate_path_internal':
/usr/source/openssl-1.0.1-stable-SNAP-20110103/crypto/x509v3/v3_asid.c:802: 
undefined reference to `assert'
(cd ..; make DIRS=ssl all)
making all in ssl...
if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  (cd ..; make 
libssl.so.1.0.0);  fi
rm -f openssl
shlib_target=; if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  
shlib_target=bsd-gcc-shared;  fi;  LIBRARIES=-L.. -lssl  -L.. -lcrypto ;  
make -f ../Makefile.shared -e  APPNAME=openssl OBJECTS=openssl.o verify.o 
asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o  ca.o 
pkcs7.o crl2p7.o crl.o  rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o  x509.o 
genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o  s_time.o apps.o 
s_cb.o s_socket.o app_rand.o version.o sess_id.o  ciphers.o nseq.o pkcs12.o 
pkcs8.o pkey.o pkeyparam.o pkeyutl.o  spkac.o smime.o cms.o rand.o engine.o 
ocsp.o prime.o ts.o  LIBDEPS= $LIBRARIES -lgmp -ldl -lm -lc  
link_app.${shlib_target}
../libcrypto.so: undefined reference to `assert'
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.  

using 

debug-bsdi-x86-elf,   gcc3:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer 
-O2 -Wall -g::${BSDthreads}::-lgmp -ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK 
BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
   

to compile openssl .

This issue is not in 20110102 .

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Merry Christmas 2010 and Happy New Year 2011
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [CVS] OpenSSL: OpenSSL_1_0_1-stable: openssl/crypto/x509v3/ v3_asid.c

[The Doctor]

On Mon, Jan 03, 2011 at 01:52:11PM +0100, Dr. Stephen Henson wrote:
   OpenSSL CVS Repository
   http://cvs.openssl.org/
   
 
   Server: cvs.openssl.org  Name:   Dr. Stephen Henson
   Root:   /v/openssl/cvs   Email:  st...@openssl.org
   Module: openssl  Date:   03-Jan-2011 13:52:11
   Branch: OpenSSL_1_0_1-stable Handle: 2011010312521100
 
   Modified files:   (Branch: OpenSSL_1_0_1-stable)
 openssl/crypto/x509v3   v3_asid.c
 
   Log:
 oops missed an assert
 
   Summary:
 RevisionChanges Path
 1.5.6.3 +1  -1  openssl/crypto/x509v3/v3_asid.c
   
 
   patch -p0 '@@ .'
   Index: openssl/crypto/x509v3/v3_asid.c
   
   $ cvs diff -u -r1.5.6.2 -r1.5.6.3 v3_asid.c
   --- openssl/crypto/x509v3/v3_asid.c 3 Jan 2011 01:40:45 -   1.5.6.2
   +++ openssl/crypto/x509v3/v3_asid.c 3 Jan 2011 12:52:11 -   1.5.6.3
   @@ -799,7 +799,7 @@
  /*
   * Trust anchor can't inherit.
   */
   -  assert(x != NULL);
   +  OPENSSL_assert(x != NULL);
  if (x-rfc3779_asid != NULL) {
if (x-rfc3779_asid-asnum != NULL 
   x-rfc3779_asid-asnum-type == ASIdentifierChoice_inherit)
   @@ .
 __
 OpenSSL Project http://www.openssl.org
 CVS Repository Commit List openssl-...@openssl.org
 Automated List Manager   majord...@openssl.org


This works!!  Thank you again!!

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Birthdate 29 Jan 1969 Redhill Surrey England UK
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

openssl-1.0.1-stable-SNAP-20110508 issues

[The Doctor]

Finally got fips to work, however

1)  In either README or READ.FIPS, please state to compile FIPS, please use 
GNU make.  BSD make was choking

2) openssl version -a yields  

OpenSSL 1.1.0-fips-dev xx XXX 
built on: Sun May  8 10:06:19 MDT 2011
platform: debug-bsdi-x86-elf
options:  bn(64,32) md2(int) rc4(4x,int) des(ptr,risc1,16,long) idea(int) 
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS 
-pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O2 -Wall   
-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g 
-DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE 
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m 
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM 
-DGHASH_ASM   

Please fix.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Stop Stephen Harper ! on 2 May 2011 vote !
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl-1.0.1-stable-SNAP-20110508 issues

[The Doctor]

On Sun, May 08, 2011 at 02:02:59PM -0600, The Doctor wrote:
 Finally got fips to work, however
 
 1)  In either README or READ.FIPS, please state to compile FIPS, please use 
 GNU make.  BSD make was choking
 
 2) openssl version -a yields  
 
 OpenSSL 1.1.0-fips-dev xx XXX 
 built on: Sun May  8 10:06:19 MDT 2011
 platform: debug-bsdi-x86-elf
 options:  bn(64,32) md2(int) rc4(4x,int) des(ptr,risc1,16,long) idea(int) 
 blowfish(idx)
 compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS 
 -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O2 -Wall  
  -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g 
 -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE 
 -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m 
 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM 
 -DGHASH_ASM   
 
 Please fix.

Additional,

In Apache 2.2 I get

[Sun May 08 15:39:25 2011] [notice] Apache/2.2.17 (Unix) DAV/2 configured -- res
uming normal operations
[Sun May 08 15:39:47 2011] [error] [client 127.0.0.1] Invalid method in request
quit
[Sun May 08 16:28:56 2011] [notice] caught SIGTERM, shutting down
[Sun May 08 16:29:49 2011] [notice] Operating in SSL FIPS mode
[Sun May 08 16:29:49 2011] [error] Init: Skipping generating temporary 512 bit R
SA private key in FIPS mode
[Sun May 08 16:29:49 2011] [error] Init: Skipping generating temporary 512 bit D
H parameters in FIPS mode
[Sun May 08 16:29:49 2011] [warn] RSA server certificate CommonName (CN) `ns2.nk
.ca' does NOT match server name!?
[Sun May 08 16:29:49 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/cont
rib/bin/suexec)
[Sun May 08 16:29:51 2011] [error] Init: Skipping generating temporary 512 bit R
SA private key in FIPS mode
[Sun May 08 16:29:51 2011] [error] Init: Failed to generate temporary 1024 bit R
SA private key
[Sun May 08 16:29:51 2011] [error] SSL Library Error: 755589263 error:2D09608F:F
IPS routines:fips_check_rsa_prng:prng strength too low
Configuration Failed
[Sun May 08 16:31:18 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/cont
rib/bin/suexec)
[Sun May 08 16:31:20 2011] [notice] Digest: generating secret for digest authent
ication ...
[Sun May 08 16:31:20 2011] [notice] Digest: done
[Sun May 08 16:31:20 2011] [notice] Apache/2.2.17 (Unix) DAV/2 configured -- res
uming normal operations  

All right what needs to be fixed?


 
 -- 
 Member - Liberal InternationalThis is doc...@nl2k.ab.ca Ici 
 doc...@nl2k.ab.ca
 God, Queen and country! Never Satan President Republic! Beware AntiChrist 
 rising! 
 http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
 Stop Stephen Harper ! on 2 May 2011 vote !
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Stop Stephen Harper ! on 2 May 2011 vote !
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

openssl 1.0.1 and FIPS

[The Doctor]

What is happening?

No Fips in the Openssl 1.0.1 STABLe.


-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Stop Stephen Harper ! on 2 May 2011 vote !
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl 1.0.1 and FIPS

[The Doctor]

On Fri, May 13, 2011 at 12:24:25PM -0400, Steve Marquess wrote:
  What is happening?
 
  No Fips in the Openssl 1.0.1 STABLe.
 
 
 
 Correct, and you won't be seeing the FIPS capable support there for
 some time.  We're concentrating on the validation of the module (OpenSSL
 FIPS Object Module 2.0) now.
 
 -Steve M.


Actually when it was in openssl 1.0.1 I was not seeing a problem
with the exception of Apache , but that is their problem.
 
 -- 
 Steve Marquess
 OpenSSL Software Foundation, Inc.
 1829 Mount Ephraim Road
 Adamstown, MD  21710
 USA
 +1 877-673-6775
 marqu...@opensslfoundation.com

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Stop Stephen Harper ! on 2 May 2011 vote !
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

openssl-1.0.1-stable-SNAP-20110811 error

[The Doctor]

This happened when compiling

Script started on Wed Aug 10 22:38:49 2011
doctor.nl2k.ab.ca//usr/source/openssl-1.0.1-stable-SNAP-20110811$ make
making all in crypto...
ar  r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o 
ebcdic.o  uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o mem_clr.o
[ -z  ] || ar  r ../libcrypto.a fipscanister.o
/usr/bin/ranlib ../libcrypto.a || echo Never mind.
making all in crypto/objects...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/whrlpool...
making all in crypto/des...
making all in crypto/aes...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/camellia...
making all in crypto/seed...
making all in crypto/modes...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/ecdsa...
making all in crypto/dh...
making all in crypto/ecdh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
making all in crypto/cms...
making all in crypto/pqueue...
making all in crypto/ts...
making all in crypto/jpake...
making all in crypto/srp...
making all in crypto/store...
making all in crypto/cmac...
if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  (cd ..; make 
libcrypto.so.1.0.0);  fi
[ -z  ] || gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS 
-pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPERL5 
-DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g 
-DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE 
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -Iinclude  
-DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso   fips_premain.c 
fipscanister.o  libcrypto.a -ldl -lm -lc
libcrypto.a(eng_rdrand.o): In function `get_random_bytes':
/usr/source/openssl-1.0.1-stable-SNAP-20110811/crypto/engine/eng_rdrand.c:74: 
undefined reference to `OPENSSL_ia32_rdrand'
/usr/source/openssl-1.0.1-stable-SNAP-20110811/crypto/engine/eng_rdrand.c:67: 
undefined reference to `OPENSSL_ia32_rdrand'
making all in ssl...
if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  (cd ..; make 
libssl.so.1.0.0);  fi
[ -z  ] || gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS 
-pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPERL5 
-DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g 
-DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE 
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -Iinclude  
-DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso   fips_premain.c 
fipscanister.o  libcrypto.a -ldl -lm -lc
making all in engines...
echo 

making all in engines/ccgost...
making all in apps...
rm -f openssl
shlib_target=; if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  
shlib_target=bsd-gcc-shared;  elif [ -n  ]; then  FIPSLD_CC=gcc; 
CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC FIPSLD_CC;  fi;  
LIBRARIES=-L.. -lssl  -L.. -lcrypto ;  make -f ../Makefile.shared -e  
APPNAME=openssl OBJECTS=openssl.o verify.o asn1pars.o req.o dgst.o dh.o 
dhparam.o enc.o passwd.o gendh.o errstr.o  ca.o pkcs7.o crl2p7.o crl.o  rsa.o 
rsautl.o dsa.o dsaparam.o ec.o ecparam.o  x509.o genrsa.o gendsa.o genpkey.o 
s_server.o s_client.o speed.o  s_time.o apps.o s_cb.o s_socket.o app_rand.o 
version.o sess_id.o  ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o 
pkeyutl.o  spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o  
LIBDEPS= $LIBRARIES -ldl -lm -lc  link_app.${shlib_target}
../libcrypto.so: undefined reference to `OPENSSL_ia32_rdrand'
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.
doctor.nl2k.ab.ca//usr/source/openssl-1.0.1-stable-SNAP-20110811$ exit
exit

Script done on Wed Aug 10 22:39:06 2011
-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
IT is done!  http://groups.google.com/group/rec.arts.drwho/about

Re: OpenSSL Security Advisory

[The Doctor]

On Tue, Sep 06, 2011 at 03:40:30PM +0200, OpenSSL wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 OpenSSL Security Advisory [6 September 2011]
 
 Two security flaws have been fixed in OpenSSL 1.0.0e
 
 CRL verification vulnerability in OpenSSL
 =
 
 Under certain circumstances OpenSSL's internal certificate verification
 routines can incorrectly accept a CRL whose nextUpdate field is in the past.
 (CVE-2011-3207)
 
 This issue applies to OpenSSL versions 1.0.0 through 1.0.0d. Versions of
 OpenSSL before 1.0.0 are not affected.
 
 Users of affected versions of OpenSSL should update to the OpenSSL 1.0.0e
 release, which contains a patch to correct this issue.
 
 Thanks to Kaspar Brand o...@velox.ch for identifying this bug and 
 suggesting a fix.
 
 
 TLS ephemeral ECDH crashes in OpenSSL
 =
 
 OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and
 furthermore can crash if a client violates the protocol by sending handshake
 messages in incorrect order. (CVE-2011-3210)
 
 This issue applies to OpenSSL 0.9.8 through 0.9.8s (experimental ECCdraft
 ciphersuites) and to OpenSSL 1.0.0 through 1.0.0d.
 
 Affected users of OpenSSL should update to the OpenSSL 1.0.0e release, which
 contains a patch to correct this issue. If you cannot immediately upgrade,
 we recommend that you disable ephemeral ECDH ciphersuites if you have enabled
 them.
 
 Thanks to Adam Langley a...@chromium.org for identifying and fixing this
 issue.
 
 Which applications are affected
 ===
 
 Applications are only affected by the CRL checking vulnerability if they 
 enable
 OpenSSL's internal CRL checking which is off by default. For example by 
 setting
 the verification flag X509_V_FLAG_CRL_CHECK or X509_V_FLAG_CRL_CHECK_ALL.
 Applications which use their own custom CRL checking (such as Apache) are not
 affected.
 
 Only server-side applications that specifically support ephemeral ECDH
 ciphersuites are affected by the ephemeral ECDH crash bug and only if
 ephemeral ECDH ciphersuites are enabled in the configuration. You can check
 to see if application supports ephemeral ECDH ciphersuites by looking for
 SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTRL_SET_TMP_ECDH,
 SSL_CTX_set_tmp_ecdh_callback, SSL_set_tmp_ecdh_callback,
 SSL_CTRL_SET_TMP_ECDH_CB in the source code.
 
 References
 ==
 
 URL for this Security Advisory:
 http://www.openssl.org/news/secadv_20110906.txt
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQEVAwUBTmYhWqLSm3vylcdZAQKsnQgAsD+GwbfpXuZyhLNcHrJjTiHgfVWQLiFq
 6RupYmgfxPiCrGdSEvp6Uh3Y+bcOOoDXTXujk7T6RTRU4iYiARFkXo8bUtH47dWO
 AfwOyMxiM88G9TYj69RUjKNP70j1rEATIz+m4kpnDgmmsodDNsPj56k4gptsoELc
 S4Cb4+97uCBv1mkVFgvu71RVXbIwqOMt/vveHUttQQLEcdu2XcUylbMarDaOcZui
 e9AjYX3LoqdhPRl2v01tuJf3c8wmNTE+GtsO8hwda6eo8Mu/BAnqtFsiFRVjmJ2M
 vgj1Ot/SPQHcpDu7N3V3GY4tdY8iDHWZ5FfbyaoXvzM6guS+o4cDww==
 =xfeL
 -END PGP SIGNATURE-
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-us...@openssl.org
 Automated List Manager   majord...@openssl.org

Will this affect openssl 1.0.1 ?


-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
https://www.fullyfollow.me/rootnl2k
IT is done!  http://groups.google.com/group/rec.arts.drwho/about
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Thunderbird Issue

[The Doctor]

Finally got Openssl 1.0.1 daily working 

However,

Mozilla Thunderbird is choking saying

SSL received a malformed Server Hello handshake message.

(Error code: ssl_error_rx_malformed_server_hello)


No such problem in Outlook Express.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Thunderbird Issue

[The Doctor]

On Tue, Jan 03, 2012 at 09:36:24PM +0100, Dr. Stephen Henson wrote:
 On Tue, Jan 03, 2012, The Doctor wrote:
 
  Finally got Openssl 1.0.1 daily working 
  
  However,
  
  Mozilla Thunderbird is choking saying
  
  SSL received a malformed Server Hello handshake message.
  
  (Error code: ssl_error_rx_malformed_server_hello)
  
  
  No such problem in Outlook Express.
  
 
 I can confirm I can reproduce the problem. Looking into it. Temporary
 workaround is to use no-heartbeats as a configuration option.



Please explain whaty you are saying.
 
 Steve.
 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-us...@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Thunderbird Issue

[The Doctor]

On Tue, Jan 03, 2012 at 06:08:54PM -0700, The Doctor wrote:
 On Tue, Jan 03, 2012 at 09:36:24PM +0100, Dr. Stephen Henson wrote:
  On Tue, Jan 03, 2012, The Doctor wrote:
  
   Finally got Openssl 1.0.1 daily working 
   
   However,
   
   Mozilla Thunderbird is choking saying
   
   SSL received a malformed Server Hello handshake message.
   
   (Error code: ssl_error_rx_malformed_server_hello)
   
   
   No such problem in Outlook Express.
   
  
  I can confirm I can reproduce the problem. Looking into it. Temporary
  workaround is to use no-heartbeats as a configuration option.
 
 
 
 Please explain whaty you are saying.


Nwever mind.

I caught the explanation.
  
  Steve.
  --
  Dr Stephen N. Henson. OpenSSL project core developer.
  Commercial tech support now available see: http://www.openssl.org
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-us...@openssl.org
  Automated List Manager   majord...@openssl.org
 
 -- 
 Member - Liberal InternationalThis is doc...@nl2k.ab.ca Ici 
 doc...@nl2k.ab.ca
 God, Queen and country! Never Satan President Republic! Beware AntiChrist 
 rising! 
 https://www.fullyfollow.me/rootnl2k
 Merry Christmas 2011 and Happy New Year 2012 !
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-us...@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Thunderbird Issue

[The Doctor]

On Tue, Jan 03, 2012 at 11:16:36PM +0100, Dr. Stephen Henson wrote:
 On Tue, Jan 03, 2012, Dr. Stephen Henson wrote:
 
  On Tue, Jan 03, 2012, The Doctor wrote:
  
   Finally got Openssl 1.0.1 daily working 
   
   However,
   
   Mozilla Thunderbird is choking saying
   
   SSL received a malformed Server Hello handshake message.
   
   (Error code: ssl_error_rx_malformed_server_hello)
   
   
   No such problem in Outlook Express.
   
  
  I can confirm I can reproduce the problem. Looking into it. Temporary
  workaround is to use no-heartbeats as a configuration option.
  
 
 Should be fixed now, thanks for the report.
 
 Please try tomorrows snapshot or apply this patch:
 
 http://cvs.openssl.org/chngview?cn=21914
 
 Steve.


Error log reports

Jan  3 22:21:19 gallifrey doctor[42]: exim[13062]: 2012-01-03 22:21:19 TLS 
error on connection from vg138.ntf.els4.ticketmaster.com [209.104.37.138] 
(SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Jan  3 22:29:22 gallifrey doctor[42]: exim[16704]: 2012-01-03 22:29:22 TLS 
error on connection from st.dwins.com [211.78.81.129] (SSL_accept): 
error::lib(0):func(0):reason(0)
Jan  3 22:31:32 gallifrey doctor[42]: exim[16960]: 2012-01-03 22:31:32 TLS 
error on connection from vg198.ntf.els4.ticketmaster.com [209.104.37.198] 
(SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Jan  3 22:34:55 gallifrey doctor[42]: exim[17753]: 2012-01-03 22:34:55 TLS 
error on connection from peebles.dataspaces.com [216.176.58.138] (SSL_accept): 
error::lib(0):func(0):reason(0)
Jan  3 22:36:07 gallifrey doctor[42]: exim[18025]: 2012-01-03 22:36:07 TLS 
error on connection from st.dwins.com [211.78.81.129] (SSL_accept): 
error::lib(0):func(0):reason(0)
Jan  3 22:41:41 gallifrey doctor[42]: exim[18935]: 2012-01-03 22:41:41 TLS 
error on connection from vg94.ntf.els4.ticketmaster.com [209.104.37.94] 
(SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Jan  3 22:44:53 gallifrey doctor[42]: exim[18861]: 2012-01-03 22:44:53 TLS 
error on connection from st.dwins.com [211.78.81.129] (SSL_accept): timed out
Jan  3 22:52:58 gallifrey doctor[42]: exim[185]: 2012-01-03 22:52:58 TLS error 
on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] 
(SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert 
certificate expired
Jan  3 22:53:18 gallifrey doctor[42]: exim[217]: 2012-01-03 22:53:18 TLS error 
on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] 
(SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert 
certificate expired
Jan  3 22:55:03 gallifrey doctor[42]: exim[447]: 2012-01-03 22:55:03 TLS error 
on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] 
(SSL_accept): error::lib(0):func(0):reason(0) 

 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-us...@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Thunderbird Issue

[The Doctor]

On Tue, Jan 03, 2012 at 10:57:42PM -0700, The Doctor wrote:
 On Tue, Jan 03, 2012 at 11:16:36PM +0100, Dr. Stephen Henson wrote:
  On Tue, Jan 03, 2012, Dr. Stephen Henson wrote:
  
   On Tue, Jan 03, 2012, The Doctor wrote:
   
Finally got Openssl 1.0.1 daily working 

However,

Mozilla Thunderbird is choking saying

SSL received a malformed Server Hello handshake message.

(Error code: ssl_error_rx_malformed_server_hello)


No such problem in Outlook Express.

   
   I can confirm I can reproduce the problem. Looking into it. Temporary
   workaround is to use no-heartbeats as a configuration option.
   
  
  Should be fixed now, thanks for the report.
  
  Please try tomorrows snapshot or apply this patch:
  
  http://cvs.openssl.org/chngview?cn=21914
  
  Steve.
 
 
 Error log reports
 
 Jan  3 22:21:19 gallifrey doctor[42]: exim[13062]: 2012-01-03 22:21:19 TLS 
 error on connection from vg138.ntf.els4.ticketmaster.com [209.104.37.138] 
 (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
 Jan  3 22:29:22 gallifrey doctor[42]: exim[16704]: 2012-01-03 22:29:22 TLS 
 error on connection from st.dwins.com [211.78.81.129] (SSL_accept): 
 error::lib(0):func(0):reason(0)
 Jan  3 22:31:32 gallifrey doctor[42]: exim[16960]: 2012-01-03 22:31:32 TLS 
 error on connection from vg198.ntf.els4.ticketmaster.com [209.104.37.198] 
 (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
 Jan  3 22:34:55 gallifrey doctor[42]: exim[17753]: 2012-01-03 22:34:55 TLS 
 error on connection from peebles.dataspaces.com [216.176.58.138] 
 (SSL_accept): error::lib(0):func(0):reason(0)
 Jan  3 22:36:07 gallifrey doctor[42]: exim[18025]: 2012-01-03 22:36:07 TLS 
 error on connection from st.dwins.com [211.78.81.129] (SSL_accept): 
 error::lib(0):func(0):reason(0)
 Jan  3 22:41:41 gallifrey doctor[42]: exim[18935]: 2012-01-03 22:41:41 TLS 
 error on connection from vg94.ntf.els4.ticketmaster.com [209.104.37.94] 
 (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
 Jan  3 22:44:53 gallifrey doctor[42]: exim[18861]: 2012-01-03 22:44:53 TLS 
 error on connection from st.dwins.com [211.78.81.129] (SSL_accept): timed out
 Jan  3 22:52:58 gallifrey doctor[42]: exim[185]: 2012-01-03 22:52:58 TLS 
 error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] 
 (SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert 
 certificate expired
 Jan  3 22:53:18 gallifrey doctor[42]: exim[217]: 2012-01-03 22:53:18 TLS 
 error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] 
 (SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert 
 certificate expired
 Jan  3 22:55:03 gallifrey doctor[42]: exim[447]: 2012-01-03 22:55:03 TLS 
 error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] 
 (SSL_accept): error::lib(0):func(0):reason(0) 



ITs working.  Thunderbird has to accept the next Exim cert.
 
  --
  Dr Stephen N. Henson. OpenSSL project core developer.
  Commercial tech support now available see: http://www.openssl.org
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-us...@openssl.org
  Automated List Manager   majord...@openssl.org
 
 -- 
 Member - Liberal InternationalThis is doc...@nl2k.ab.ca Ici 
 doc...@nl2k.ab.ca
 God, Queen and country! Never Satan President Republic! Beware AntiChrist 
 rising! 
 https://www.fullyfollow.me/rootnl2k
 Merry Christmas 2011 and Happy New Year 2012 !
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-us...@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Openssl 1.1.0 Status

[The Doctor]

when Will Openssl 1.1.0 become beta?
-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  
USA petition to dissolve the Republic and vote to disoolve it in November 2012

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

{Spam?} openssl-1.0.2-stable-SNAP-20121220 issues

[The Doctor]

From make test

signed content DER format, RSA key: OK
signed detached content DER format, RSA key: OK
signed content test streaming BER format, RSA: OK
signed content DER format, DSA key: OK
signed detached content DER format, DSA key: OK
signed detached content DER format, add RSA signer: OK
signed content test streaming BER format, DSA key: OK
signed content test streaming BER format, 2 DSA and 2 RSA keys: OK
signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes: 
OK
signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: OK
signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys: OK
enveloped content test streaming S/MIME format, 3 recipients: OK
enveloped content test streaming S/MIME format, 3 recipients, 3rd used: OK
enveloped content test streaming S/MIME format, 3 recipients, key only used: OK
enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients: OK
signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid: OK
signed content test streaming PEM format, 2 DSA and 2 RSA keys: OK
signed content MIME format, RSA key, signed receipt request: OK
signed receipt MIME format, RSA key: OK
enveloped content test streaming S/MIME format, 3 recipients, keyid: OK
enveloped content test streaming PEM format, KEK: OK
enveloped content test streaming PEM format, KEK, key only: OK
data content test streaming PEM format: OK
encrypted content test streaming PEM format, 128 bit RC2 key: OK
encrypted content test streaming PEM format, 40 bit RC2 key: OK
encrypted content test streaming PEM format, triple DES key: OK
encrypted content test streaming PEM format, 128 bit AES key: OK
compressed content test streaming PEM format: OK
ALL TESTS SUCCESSFUL.
Test OCSP
=== VALID OCSP RESPONSES ===
NON-DELEGATED; Intermediate CA - EE
Response verify OK
NON-DELEGATED; Root CA - Intermediate CA
Response verify OK
NON-DELEGATED; Root CA - EE
Response verify OK
DELEGATED; Intermediate CA - EE
Response Verify Failure
135004312:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify 
error:ocsp_vfy.c:178:Verify error:unable to get local issuer certificate
*** Error code 1

Stop.
*** Error code 1 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k Merry Christmas 2012 and Happy New Year 2013

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Apple are, apparently, dicks...

[The Doctor]

On Thu, Jun 13, 2013 at 05:39:36PM +0100, Ben Laurie wrote:
 ...and don't intend to fix their broken ECDSA support in Safari.
 
 It is therefore suggested that I pull this patch:
 
 https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
 
 What do people think?

No keep the patch.

 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
The false churches will conform themselves to this world's demands, seeing as 
they do not fear and thus do not obey God. - anon
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

23 Aug 2013 openssl dailies

[The Doctor]

Why can I not reach ftp.openssl.org or www.openssl.org ?

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
The world will happily agree whenever a church labels the Scriptures wrong.-anon
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

openssl-1.0.2-stable-SNAP-20131111

[The Doctor]

This might have cropped into all the SSL snapshots.

/usr/bin/ranlib ../libssl.a || echo Never mind.
if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  (cd ..; make 
libssl.so.1.0.0);  fi
[ -z  ] || gcc3 -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS 
-pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT 
-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g 
-DOPENSSL_EXPERIMENTAL_DANE -DOPENSSL_EXPERIMENTAL_JPAKE 
-DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude  -DFINGERPRINT_PREMAIN_DSO_LOAD -o 
fips_premain_dso   fips_premain.c fipscanister.o  libcrypto.a -lgmp -ldl -lm -lc
/bin/sh: 1: Syntax error: ( unexpected (expecting fi)
*** Error code 2

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.

openssl-1.0.2-stable-SNAP-20131110 did not have the above problem.

Please fix.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
23 Nov 2013 a Big day indeed
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Openssl 20140630 packages showing error

[The Doctor]

This was not an issue in 20140629

Setting up TSA test directory...
Creating CA for TSA tests...
Creating a new CA for the TSA tests...
Generating a 1024 bit RSA private key
..++
...++
writing new private key to 'tsacakey.pem'
-
Creating tsa_cert1.pem TSA server cert...
Generating a 1024 bit RSA private key
.++
++
writing new private key to 'tsa_key1.pem'
-
Using extension tsa_cert
Signature ok
subject=/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa1
Getting CA Private Key
Creating tsa_cert2.pem non-TSA server cert...
Generating a 1024 bit RSA private key
.++
..++
writing new private key to 'tsa_key2.pem'
-
Using extension non_tsa_cert
Signature ok
subject=/C=HU/ST=Budapest/L=Buda/O=Hun-TSA Ltd./CN=tsa2
Getting CA Private Key
Creating req1.req time stamp request for file testtsa...
Using configuration from ../CAtsa.cnf
Printing req1.req...
Using configuration from ../CAtsa.cnf
Version: 1
Hash Algorithm: sha1
Message data:
 - 48 44 c4 76 26 9d e5 5d-9c 67 1e 3b 0c ec b3 cd   HD.v..].g.;
0010 - c5 b8 6e 67   ..ng
Policy OID: tsa_policy1
Nonce: 0xC8EA000912EB1D3F
Certificate required: yes
Extensions:
Generating valid response for req1.req...
Using configuration from ../CAtsa.cnf
Warning: could not open file ./tsa_serial for reading, using serial number: 1
Segmentation fault
TSA test failed!
*** Error code 1

Stop.
*** Error code 1

Stop.

Please fix.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Victory attained by violence is tantamount to a defeat, for it is momentary.  
-Mahatma Gandhi   
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Openssl 20140630 packages showing error

[The Doctor]

On Mon, Jun 30, 2014 at 03:06:35PM +0200, Dr. Stephen Henson wrote:
 On Sun, Jun 29, 2014, The Doctor wrote:
 
  This was not an issue in 20140629
  
 [snip]
  Please fix.
  
 
 Should be fixed now thanks for the report.
 
 In future it would help if you indicated which version of OpenSSL snapshots
 had the problem. When I saw 20140629 I thought it must be a problem with
 the master branch and spent a while trying to reproduce it whereas it was in
 fact 1.0.2.

Please note the word not.

I will try again tonight.

 
 Steve.
 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Victory attained by violence is tantamount to a defeat, for it is momentary.  
-Mahatma Gandhi   
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

OPenssl 20140909 issues

[The Doctor]

 = Some-State, O = Internet Widgits Pty 
Ltd, CN = PCA
error 18 at 0 depth lookup:self signed certificate
C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA
error 10 at 0 depth lookup:certificate has expired
OK
../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN 
= Test PCA (1024 bit)
error 18 at 0 depth lookup:self signed certificate
C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
error 10 at 0 depth lookup:certificate has expired
OK
*** Error code 2

Stop.
*** Error code 1

Stop.
You have new mail in /var/mail/doctor
doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20140909$ exit
exit

Script done on Mon Sep  8 23:33:59 2014


This did not happen with openssl 20140908

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
22 Sept 2014 New Brunswick save the province vote Liberal!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Outstanding issues since 2014 09 09

[The Doctor]

 strings
zlib
ls: error initializing month strings
ls: error initializing month strings
zlib base64
ls: error initializing month strings
ls: error initializing month strings
echo test normal x509v1 certificate
test normal x509v1 certificate
sh ./tx509 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
echo test first x509v3 certificate
test first x509v3 certificate
sh ./tx509 v3-cert1.pem 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
echo test second x509v3 certificate
test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
rsa
testing rsa conversions
p - d
p - p
d - d
p - d
d - p
p - p
../util/shlib_wrap.sh ./rsa_test
ls: error initializing month strings
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
testing crl conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing session-id conversions
p - d
p - p
d - d
p - d
d - p
p - p
Generate and verify a certificate request
generating certificate request
ls: error initializing month strings
rsa
There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
ls: error initializing month strings
Generating a 1024 bit RSA private key
..++
..++
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:e...@mincom.oz.au
ls: error initializing month strings
verify OK
testing req conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing req conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing pkcs7 conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing pkcs7 conversions (2)
p - d
p - p
d - d
p - d
d - p
p - p
The following command should have some OK's and some failures
There are definitly a few expired certificates
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo 
../certs/demo/*.pem
ls: error initializing month strings
../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = 
Test CA (1024 bit)
error 20 at 0 depth lookup:unable to get local issuer certificate
../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty 
Ltd, CN = CA
error 20 at 0 depth lookup:unable to get local issuer certificate
135027776:error:0B06E06B:x509 certificate 
routines:X509_get_pubkey_parameters:unable to find parameters in 
chain:x509_vfy.c:1972:
../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty 
Ltd, CN = PCA
error 18 at 0 depth lookup:self signed certificate
C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA
error 10 at 0 depth lookup:certificate has expired
OK
../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN 
= Test PCA (1024 bit)
error 18 at 0 depth lookup:self signed certificate
C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
error 10 at 0 depth lookup:certificate has expired
OK
*** Error code 2

Stop.
*** Error code 1

Stop.
You have new mail in /var/mail/doctor
doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20140910$ g   make 
isntall       install
making all in crypto...
ar  r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o 
ebcdic.o  uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o mem_clr.o
test -z  || ar  r ../libcrypto.a fipscanister.o
/usr/bin/ranlib ../libcrypto.a || echo Never mind.
making all in crypto/objects...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/whrlpool...
making all in crypto/des...
making all in crypto/aes...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/camellia...
making all

Still one outstanding issue sine 20140909 releases

[The Doctor]

 initializing month strings
ls: error initializing month strings
zlib base64
ls: error initializing month strings
ls: error initializing month strings
echo test normal x509v1 certificate
test normal x509v1 certificate
sh ./tx509 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
echo test first x509v3 certificate
test first x509v3 certificate
sh ./tx509 v3-cert1.pem 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
echo test second x509v3 certificate
test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
rsa
testing rsa conversions
p - d
p - p
d - d
p - d
d - p
p - p
../util/shlib_wrap.sh ./rsa_test
ls: error initializing month strings
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
testing crl conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing session-id conversions
p - d
p - p
d - d
p - d
d - p
p - p
Generate and verify a certificate request
generating certificate request
ls: error initializing month strings
rsa
There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
ls: error initializing month strings
Generating a 1024 bit RSA private key
..++
++
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:e...@mincom.oz.au
ls: error initializing month strings
verify OK
testing req conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing req conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing pkcs7 conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing pkcs7 conversions (2)
p - d
p - p
d - d
p - d
d - p
p - p
The following command should have some OK's and some failures
There are definitly a few expired certificates
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo 
../certs/demo/*.pem
ls: error initializing month strings
../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = 
Test CA (1024 bit)
error 20 at 0 depth lookup:unable to get local issuer certificate
../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty 
Ltd, CN = CA
error 20 at 0 depth lookup:unable to get local issuer certificate
135027776:error:0B06E06B:x509 certificate 
routines:X509_get_pubkey_parameters:unable to find parameters in 
chain:x509_vfy.c:1972:
../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty 
Ltd, CN = PCA
error 18 at 0 depth lookup:self signed certificate
C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA
error 10 at 0 depth lookup:certificate has expired
OK
../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN 
= Test PCA (1024 bit)
error 18 at 0 depth lookup:self signed certificate
C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
error 10 at 0 depth lookup:certificate has expired
OK
*** Error code 2

Stop.
*** Error code 1

Stop.
You have new mail in /var/mail/doctor
doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20140911$ exit
exit

Script done on Thu Sep 11 12:04:52 2014

Richard Salz that you for solvingthe install bit.

What about during tests?

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
22 Sept 2014 New Brunswick save the province vote Liberal!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

2014 Nov 29 Snaphots

[The Doctor]

Something did not work tonight.

Please eximane why nightly snapshots suddenly cannot materialise correctly.

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Merry Christmas 2014 and Happy New Year 2015
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: 2014 Nov 29 Snaphots

[The Doctor]

On Sat, Nov 29, 2014 at 04:01:12AM -0500, Salz, Rich wrote:
 I'll fix it thanks


Unfortunate a weird side effect took place.

When untarring the package,

a .tar.gz is part of the directory name.

Please fix.
 
 --  
 Principal Security Engineer, Akamai Technologies
 IM: rs...@jabber.me Twitter: RichSalz
 
 
  -Original Message-
  From: owner-openssl-...@openssl.org [mailto:owner-openssl-
  d...@openssl.org] On Behalf Of The Doctor
  Sent: Saturday, November 29, 2014 1:09 AM
  To: openssl-us...@openssl.org; openssl-dev@openssl.org
  Subject: 2014 Nov 29 Snaphots
  
  Something did not work tonight.
  
  Please eximane why nightly snapshots suddenly cannot materialise correctly.
  
  --
  Member - Liberal International This is doctor@@nl2k.ab.ca Ici
  doctor@@nl2k.ab.ca God,Queen and country!Never Satan President
  Republic!Beware AntiChrist rising!
  http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
  Merry Christmas 2014 and Happy New Year 2015
  __
  
  OpenSSL Project http://www.openssl.org
  Development Mailing List   openssl-dev@openssl.org
  Automated List Manager   majord...@openssl.org
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-us...@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Merry Christmas 2014 and Happy New Year 2015
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl-dev] More POODLE issues

[The Doctor]

Now POODLE  is hitting  TLS

http://www.computerworld.com/article/2857274/security0/poodle-flaw-tls-itbwcw.html

Any fixes in the works?

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Merry Christmas 2014 and Happy New Year 2015
___
openssl-dev mailing list
openssl-dev@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-users] SNAPSHOT updates

[The Doctor]

On Sat, Mar 14, 2015 at 11:22:56AM +0100, Kurt Roeckx wrote:
 On Fri, Mar 13, 2015 at 11:14:18AM -0600, The Doctor wrote:
  What is happening?
  
  In the Moutain Time Zone:
  
  It was at 22:22 MST then 23:22 MDT then 00:22 MDT !!
 
 Do you mean when the snapshot is made?  The machine runs in UTC,
 and the files seem to be made at 6:22 UTC.
 


How many times did they change the time release?
 
 Kurt
 
 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Know how to listen, and you will profit even from those who talk badly.-Plutarch
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] SNAPSHOT updates

[The Doctor]

What is happening?

In the Moutain Time Zone:

It was at 22:22 MST then 23:22 MDT then 00:22 MDT !!


-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
 Never compare your inside with somebody else's outside.  -Hugh Macleod
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] openssl-1.0.2-stable-SNAP-20150504 error

[The Doctor]

 secret with Brainpool Prime-Curve brainpoolP512r1 ok
cat
base64
aes-128-cbc
aes-128-cbc base64
aes-128-ecb
aes-128-ecb base64
aes-192-cbc
aes-192-cbc base64
aes-192-ecb
aes-192-ecb base64
aes-256-cbc
aes-256-cbc base64
aes-256-ecb
aes-256-ecb base64
base64
base64 base64
bf
bf base64
bf-cbc
bf-cbc base64
bf-cfb
bf-cfb base64
bf-ecb
bf-ecb base64
bf-ofb
bf-ofb base64
camellia-128-cbc
camellia-128-cbc base64
camellia-128-ecb
camellia-128-ecb base64
camellia-192-cbc
camellia-192-cbc base64
camellia-192-ecb
camellia-192-ecb base64
camellia-256-cbc
camellia-256-cbc base64
camellia-256-ecb
camellia-256-ecb base64
cast
cast base64
cast-cbc
cast-cbc base64
cast5-cbc
cast5-cbc base64
cast5-cfb
cast5-cfb base64
cast5-ecb
cast5-ecb base64
cast5-ofb
cast5-ofb base64
des
des base64
des-cbc
des-cbc base64
des-cfb
des-cfb base64
des-ecb
des-ecb base64
des-ede
des-ede base64
des-ede-cbc
des-ede-cbc base64
des-ede-cfb
des-ede-cfb base64
des-ede-ofb
des-ede-ofb base64
des-ede3
des-ede3 base64
des-ede3-cbc
des-ede3-cbc base64
des-ede3-cfb
des-ede3-cfb base64
des-ede3-ofb
des-ede3-ofb base64
des-ofb
des-ofb base64
des3
des3 base64
desx
desx base64
idea
idea base64
idea-cbc
idea-cbc base64
idea-cfb
idea-cfb base64
idea-ecb
idea-ecb base64
idea-ofb
idea-ofb base64
rc2
rc2 base64
rc2-40-cbc
rc2-40-cbc base64
rc2-64-cbc
rc2-64-cbc base64
rc2-cbc
rc2-cbc base64
rc2-cfb
rc2-cfb base64
rc2-ecb
rc2-ecb base64
rc2-ofb
rc2-ofb base64
rc4
rc4 base64
rc4-40
rc4-40 base64
rc5
rc5 base64
rc5-cbc
rc5-cbc base64
rc5-cfb
rc5-cfb base64
rc5-ecb
rc5-ecb base64
rc5-ofb
rc5-ofb base64
seed
seed base64
seed-cbc
seed-cbc base64
seed-cfb
seed-cfb base64
seed-ecb
seed-ecb base64
seed-ofb
seed-ofb base64
zlib
zlib base64
echo test normal x509v1 certificate
test normal x509v1 certificate
sh ./tx509 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
echo test first x509v3 certificate
test first x509v3 certificate
sh ./tx509 v3-cert1.pem 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
echo test second x509v3 certificate
test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
rsa
testing rsa conversions
p - d
p - p
d - d
p - d
d - p
p - p
../util/shlib_wrap.sh ./rsa_test
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
testing crl conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing session-id conversions
p - d
p - p
d - d
p - d
d - p
p - p
Generate and verify a certificate request
generating certificate request
rsa
There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
Generating a 1024 bit RSA private key
...++
..++
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:e...@mincom.oz.au
verify OK
testing req conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing req conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing pkcs7 conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing pkcs7 conversions (2)
p - d
p - p
d - d
p - d
d - p
p - p
The following command should have some OK's and some failures
There are definitly a few expired certificates
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo 
../certs/demo/*.pem
Segmentation fault
*** Error code 139

Stop.
*** Error code 1

Stop.
ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150504$ exit
exit

Script done on Mon May  4 07:09:07 2015


This error does not occur in openssl-1.0.2-stable-SNAP-20150502

Please fix.

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Alberta time to save the province from corruption! Vote Liberal on 5 May 2015

[openssl-dev] openssl 20150503 SNAP issue

[The Doctor]

 base64
des-cfb
des-cfb base64
des-ecb
des-ecb base64
des-ede
des-ede base64
des-ede-cbc
des-ede-cbc base64
des-ede-cfb
des-ede-cfb base64
des-ede-ofb
des-ede-ofb base64
des-ede3
des-ede3 base64
des-ede3-cbc
des-ede3-cbc base64
des-ede3-cfb
des-ede3-cfb base64
des-ede3-ofb
des-ede3-ofb base64
des-ofb
des-ofb base64
des3
des3 base64
desx
desx base64
idea
idea base64
idea-cbc
idea-cbc base64
idea-cfb
idea-cfb base64
idea-ecb
idea-ecb base64
idea-ofb
idea-ofb base64
rc2
rc2 base64
rc2-40-cbc
rc2-40-cbc base64
rc2-64-cbc
rc2-64-cbc base64
rc2-cbc
rc2-cbc base64
rc2-cfb
rc2-cfb base64
rc2-ecb
rc2-ecb base64
rc2-ofb
rc2-ofb base64
rc4
rc4 base64
rc4-40
rc4-40 base64
rc5
rc5 base64
rc5-cbc
rc5-cbc base64
rc5-cfb
rc5-cfb base64
rc5-ecb
rc5-ecb base64
rc5-ofb
rc5-ofb base64
seed
seed base64
seed-cbc
seed-cbc base64
seed-cfb
seed-cfb base64
seed-ecb
seed-ecb base64
seed-ofb
seed-ofb base64
zlib
zlib base64
echo test normal x509v1 certificate
test normal x509v1 certificate
sh ./tx509 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
echo test first x509v3 certificate
test first x509v3 certificate
sh ./tx509 v3-cert1.pem 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
echo test second x509v3 certificate
test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2/dev/null
testing X509 conversions
p - d
p - n
p - p
d - d
n - d
p - d
d - n
n - n
p - n
d - p
n - p
p - p
rsa
testing rsa conversions
p - d
p - p
d - d
p - d
d - p
p - p
../util/shlib_wrap.sh ./rsa_test
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
testing crl conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing session-id conversions
p - d
p - p
d - d
p - d
d - p
p - p
Generate and verify a certificate request
generating certificate request
rsa
There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
Generating a 1024 bit RSA private key
++
..++
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:e...@mincom.oz.au
verify OK
testing req conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing req conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing pkcs7 conversions
p - d
p - p
d - d
p - d
d - p
p - p
testing pkcs7 conversions (2)
p - d
p - p
d - d
p - d
d - p
p - p
The following command should have some OK's and some failures
There are definitly a few expired certificates
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo 
../certs/demo/*.pem
Segmentation fault
*** Error code 139

Stop.
*** Error code 1

Stop.
ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150503$ x
sh: x: command not found
ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150503$ exit
exit

Script done on Sun May  3 05:46:57 2015

Please fix.  This was working in 20150502 Snapshots.

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Alberta time to save the province from corruption! Vote Liberal on 5 May 2015!!
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] openssl 1.0.2 and openssl 1.1.0 Snapshots

[The Doctor]

What is happening lately?

openssl 1.0.2 snapshots have do materialised properly in the last 2 days
and now opensl 1.1.0 is flopping.  Please fix.
-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
UK! Vote LDem on 7 May 2015!!
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] NEed help

[The Doctor]

I am trying to compile openssl 1.0.2 SNAP 20150801 

and now I get

if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then  (cd ..; make 
libcrypto.so.1.0.0);  fi
[ -z  ] || gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS 
-pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPERL5 
-DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -march=pentium3 -Wall -g 
-DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_LIBUNBOUND 
-DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude  -DFINGERPRINT_PREMAIN_DSO_LOAD -o 
fips_premain_dso   fips_premain.c fipscanister.o  libcrypto.a -ldl -lm -lc
/usr/lib/libc.a(sha.o): In function `SHA':
sha.o(.text+0x0): multiple definition of `SHA'
libcrypto.a(sha_one.o):/usr/source/openssl-1.0.2-stable-SNAP-20150801/crypto/sha/sha_one.c:66:
 first defined here
ld: Warning: size of symbol `SHA' changed from 142 to 92 in 
/usr/lib/libc.a(sha.o)
/usr/lib/libc.a(malloc.o)(.text+0x16): undefined reference to `__progname'
/usr/lib/libc.a(malloc.o)(.text+0xe0): undefined reference to `__progname'
/usr/lib/libc.a(syslog.o): In function `vsyslog':
syslog.o(.text+0x3a5): undefined reference to `__progname'
/usr/lib/libc.a(getenv.o): In function `__findenv':
getenv.o(.text+0x65): undefined reference to `environ'
getenv.o(.text+0x72): undefined reference to `environ'
/usr/lib/libc.a(exec.o): In function `execl':
exec.o(.text+0x103): undefined reference to `environ'
/usr/lib/libc.a(exec.o): In function `execv':
exec.o(.text+0x26b): undefined reference to `environ'
/usr/lib/libc.a(exec.o): In function `execvp':
exec.o(.text+0x400): undefined reference to `environ'
/usr/lib/libc.a(exec.o)(.text+0x4da): more undefined references to `environ' 
follow
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.

Pointers please on how to fix.

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev