On 6/26/2011 5:59 AM, Alain Knaff via RT wrote:
openssl s_client -connect hostname.domain.com:443 does not verify that
the certificate matches the hostname. (i.e. hostname.domain.com should
match either the CN of subject, or in one of the subjectAltNames)
Without such verification any web
On 4/29/2011 3:40 AM, Bhagyashri Patel wrote:
Hello Supportl,
Here I have attached two document one with CN= “rightwaysolution” and
second with CN = “righwaysolution.com”.
We are using test mode account and able to generate the Comodo
certificate Order Id using righwaysolution_CSR.txt.
We
On 2/9/2011 10:59 AM, Nilesh Vaghela wrote:
Hi,
I just realized that may be DTLSv1_get_timeout and handle timeout is
important because when server sends Server Hello we need to get back the
response in time out.
Is that right understanding ? If that is the case then in select I can
not mix other
On 1/3/2011 4:22 AM, Uri Simchoni wrote:
I’m using OpenSSL 0.9.8i, and have noticed the following scenario:
-Some OpenSSL crypto function returns with an error, leaving a
description of the error on the error queue
-The application neglects to call ERR_clear_error()
-SSL_read() is then
On 11/28/2010 1:53 AM, Ignacio Amoeiro Bosch wrote:
The following code Works in a standalone c program, but crash (with a
seg fault) using it as a module. The crash occurs at line :
X509_get_version(x), or any method that uses x
My guess would be that the OpenSSL headers you are compiling
On 11/9/2010 4:06 PM, Karthick Ramu wrote:
I know that SSL requires a transport layer for reliability purpose. But
if there is a reliable, pre-provisioned and lossless network is it
possible to transport a SSL packet without any transport layer protocol.
Does OpenSSL support SSL without
On 10/6/2010 10:24 PM, Pierre DELAAGE wrote:
I cannit answer to all the point but at least I can comment
the redistribution one :
To my point of view, a static linking is NOT a redistribution,
just because the liked library is not usable by the end user.
It most certainly is a
Guess I replied too quickly... I see why you thought I was spreading
misinformation. Of course I agree that every library could be modified
to use atomic instructions available on their CPU to synchronize. Its
just a lot of modifications to be made considering the vast amount of
code out
Darryl Miles wrote:
David Schwartz wrote:
Actually, that wouldn't work. What if you're using a threading
library that
permits threads to run in different SMP domains? In that case, the
atomic
instructions would only synchronize between threads running in the
same SMP
domain
Joakim Tjernlund wrote:
If the server wants to timeout the connection, it
can and
should do so.
Right, but I could not find how/where to do so. Can you give me some
hints?
There's no one right way to do it. If the program only ever has to deal
with a single connection, using 'signal'
Joakim Tjernlund wrote:
I once wrote this patch to solve a problem which I logged to be:
Let EAGAIN be fatal for write to socket. Needed
to unlock a hung connection where the www client has
stopped reading its socket.
Umm, if your code asks to wait forever until it can write, then that
Nicholas Maniscalco wrote:
Can someone help me understand the motivation for why -DPURIFY isn't
the
default? I've read through the openssl-dev@ and openssl-users@
archives
and have found several threads involving -DPURIFY, but I've been unable
to glean the motivation behind it being off
Aravinda babu wrote:
During SSL/TLS handshake,a pre master secret is sent from client to the
server by encrypting pre master secret with server's public key.
From that both client and server derive master secret and finally one
symmetric key. My doubt is, why both cannot use pre master
Peter Waltenberg wrote:
Document that this can only be done from the top level executable NOT
from
a shared library - and the top level app can switch the lock model if
it
wants. Changing the locking model is something that really can only be
done
by whatever owns main() anyway - it's not
P Kamath wrote:
I don't think you can avoid a dependency on the system threading
library
though, but I don't see why that would be an issue. Many single-
threaded
programs wind up requiring the threading library on many platforms
anyway
as
it may contain functions like 'clock_gettime'
Mark Phalan wrote:
Imagine the above case happening in one thread while another thread
makes a similar seemingly innocuous call with a similar effect (dlopen
a
library which uses OpenSSL). What should pkinit and the second library
which uses OpenSSL do? If they set callbacks they'll be
Mark Phalan wrote:
Because it fixes the race when libraries are correctly checking to see
if the callbacks are already set before setting their own. It's a one
or
two line change to modify the mis-behaving libraries and new libraries
can take advantage of the new locking.
Two questions:
1)
Mark Phalan wrote:
In this case, I presume 'pkinit' only supports one threading model
(or one
set of compatible threading models). So it can set the callbacks.
It can set the callbacks but it can't set them in a way which is safe
from races.
It can set them before it performs any
Mark Phalan wrote:
On 29 Mar 2010, at 20:20, David Schwartz dav...@webmaster.com wrote:
Mark Phalan wrote:
I think this fix is actually a bad one.
I'm still not clear why you think that.
Because it doesn't solve the problem case -- where one library user sets
callbacks that another
Darryl Miles wrote:
How does each of the 3 threads arbitrate in a thread-safe manner the
initialization of the OpenSSL related libraries. How does any one of
them know it is the first user ?
For existing code, there is no fix. They will set incompatible callbacks and
they will break. I don't
Mark Phalan wrote:
I'm just suggesting a compile-time option. The application could always
set the locking callbacks back to NULL if it knew what it was doing.
-M
I think this fix is actually a bad one. Will existing libraries continue to
not set the locking callbacks and fail horribly if
Mark Phalan wrote:
Unfortunately that's not really practical. To take an example I'm
familiar with - libgss. libgss can end up calling into OpenSSL in the
following way:
libgss - kerberos - pkinit plugin - openssl
It's simply not practical to change libkrb5 and libgss and all
Mark Phalan wrote:
The threads(3) manpage states that to use OpenSSL in multi-threaded
applications then locking callback functions must be set otherwise
random crashes may occur.
That is correct.
This poses a challenge when using OpenSSL in a library which should be
MT safe. There is no
Ofer Avitzur wrote:
Hi
I am trying to add openssl to my multithreaded client application (on
linux). Currently my application sends data (over tcp socket) from one
thread and read incoming data on another thread.
Does openssl allow writing/reading from 2 different contexts ?
What is the
Allan K Pratt wrote:
EASY FIX: wherever RAND_add is defined (macro? function?), give it a
different body for -DPURIFY builds. When PURIFY is defined, don't use
the
memory being passed in at all. This sounds extreme, but it should work.
Sure, the entropy factors will change and the resulting
You're missing the point -- your comment is the height of irony, in a
way.
Use a suppression to make Valgrind shut up.
/r$
I think you misunderstand his issue. His issue is not valgrind reports a
spurious error/warning. His issue is -DPURIFY does not do what I think
it's supposed
I tried after setting mode SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
Still I am facing the same problem.
It is successfully transmitting data of more than 2000 bytes
but consistently giving problem in sending 166 bytes.
After failing once it never succeds and we have to terminate the
connection.
Can copyright can be added to modified files or new files be
contributed
under a different (but compatible) license?
Thanks,
-Mark
I don't specifically know the policy of the OpenSSL project, but I strongly
recommend simply adding them under the project's existing license if the
Kinstantin Ivanov wrote:
hi all,
I have a question about implementing http keep-alive when
going over SSL connection. If successfully established, after
I've serviced the request and I want to keep connection alive,
should I listen for the handshake again or just read the expected data?
Daniel Mentz wrote:
In my understanding DTLS should provide UDP semantics when run over the
later.
That is correct.
That is if a user message is too large in terms of the PMTU it
should either be silently discarded or the sender should be notified by
an error message similar to Message
Gordon Brown wrote:
However, when I try to do the same on another machine
that is behind a proxy server, I noticed that this same command
does not work.
NAT? Socks proxy? Squid proxy? Transparent proxy? It's not clear what you're
talking about.
I got an error message like this:
Loading
John Wilkinson wrote:
That's a useful tip, perhaps, but if the underlying calls are
embedded in a third-party libraries, such as handled by cURL etc,
the end user has no choice as to when they're being initialized.
A third-party library that monkeys with process resources (such as
Howard Chu wrote:
David Schwartz wrote:
I've managed to do this without problems for SMTP, POP,
HTTP, and a few
custom text-based protocols. Note that the protocol must be
such that the
client sends data first. If the server must send data first,
then there is
no way
Konstantin Ivanov
I was wondering if it is possible to determine if client is requesting
an ssl handshake on regular socket connection and if client does request
it, continue with SSL handshake and enable secure communication? What is
happening is that if I have a server, but I accept a
Phil Pennock wrote:
The approach of the Exim MTA to cryptography is simple -- don't
second-guess the SSL library developers when it comes to choosing which
algorithms/digests/etc to load, and provide a knob
(tls_require_ciphers) for administrators to restrict what can be
loaded. The MTA
Phil Pennock wrote:
That just won't work. Cryptography is not a drop in a library
and mark a
checkbox on your product thing. It has to be properly integrated in an
application with decisions made as to what the application
actually needs,
what threat models it faces, and so on.
On Fri, May 22, 2009 at 03:14:46PM -0700, David Schwartz wrote:
Thor Lancelot Simon wrote:
1) I have data to write, and the SSL session's descriptor
selects as ready-to-write.
This already scares me. You have data to write on the
unencrypted stream to
the SSL connection
Thor Lancelot Simon
On Sat, May 23, 2009 at 05:30:54AM -0700, David Schwartz wrote:
Let me start out by saying I think you're correct on most of your
points, and I was incorrect. But I do want to clarify one issue.
Set SSL_ACCEPT_MOVING_WRITE_BUFFER. The only requirement
Thor Lancelot Simon wrote:
1) I have data to write, and the SSL session's descriptor
selects as ready-to-write.
This already scares me. You have data to write on the unencrypted stream to
the SSL connection. The SSL session's descriptor write is for the encrypted
stream between
Sudarshan Soma wrote:
I have added SSL_pending after select call just to ensure that data is
even not present in SSL buffers, incase select returns no data.
That just makes more work for you. Unless you have some good reason not to,
you should just call SSL_read. If there is data already
Now, from whatever I know about the public key cryptography, it is not
possible to generate private key from the public key and vice versa. Both
the keys can only be generated together through some algorithm.
The depends on the algorithm and your precise definition of private key.
There is no
Now at last, there is only 48 bytes leak of (in 0.9.8k and 1.0.0 beta1 its
36 bytes) of SSL_library_init(), is of not a big issue but I will
have look
into openssl to just as minimize as I can. (Because restarting the
application many times will slowly eat up the memory.. and will require to
--- crypto\pkcs12\p12_crt.c � Wed Mar �4 13:37:26 2009
+++ crypto\pkcs12\p12_crt.c � �Wed Mar �4 12:44:40 2009
@@ -168,7 +168,8 @@ PKCS12 *PKCS12_create(char *pass, char *
�� � � �sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
�� � � �bags = NULL;
- � � � p12 = PKCS12_add_safes(safes,
Oh, one more thing. This is a very common type of error. It's very hard
to test all possible out-of-memory paths. Worse, leaks in the error paths is
common (your submitted fix even had one) making it hard to recover from an
out-of-memory condition.
If you are trying to code
What if the best solution is to abort the operation requesting the big
chunk of unavailable memory? We don't have any significant cache in
this process to dump, and it wouldn't have helped for long anyway.
That should be handled in the code that deals with requesting big chunks of
memory.
Hi,
Request for an Update on this issue. Request for a high priority check on
the same. Will provide additional information if needed.
You could start with:
1) The code around the line of code in SSL_write that fails.
2) Identifying the exact line in SSL_write that fails.
3) The contents
/* I found a bug in BN_is_prime_fasttest_ex() in which it erroneously
reports small primes as being composite. The fix is below. I also think
that the number 1 should be reported as prime.
Please download this poster:
http://www.adrianbruce.com/maths/prime-numbers/mathhelp1.gif
If one was
Hi,
The documentation for PKCS7_verify says:
PKCS7_verify() returns 1 for a successful verification and
zero or a
negative value if an error occurs.
This is correct.
And in apps/smime.c there is this code:
if (PKCS7_verify(p7, other, store, indata,
Is it possible to perform the shortened (session resumption)
handshake without reconnecting the socket? TLS 1.2 RFC 5246 states:
Yes.
[ClientHello]
The session identifier MAY be from an earlier connection, this
connection, or from another currently active connection. The second
option is
Problem Description:
When a digest has been signed and a response is produced,
the current version of openssl will not verify the contents
correctly if the certificate used to sign the digest has expired.
Solution:
When verifying the response/token, the time at which the digest was
signed
CryptManager.cc, line 731: Error: Formal argument st of
type stack_st* in call to sk_pop_free(stack_st*, void(*)(void*))
is being passed void*.
Any simple suggestions?
These function calls are pretty much the same as in the
ca.c etc under the apps directory.
Any help would be
The problem is the root CA uses MD2WithRSAEncryption as a
signature algorithm
and that is prohibited in FIPS mode.
I'm pretty ignorant when it comes to FIPS, is this a limitation of the
FIPS requirements itself or a limitation of OpenSSL's FIPS validation?
The former. FIPS does not
I tried to install OpenSSL 9.8g as follows on linux-x86_64
1. Edited config and Configure to replace ‘perl5’ with ‘perl’
2. ./config 386 no-asm
3. Modifed the CFLAGS in Makefile (removed –m64 and added –m32)
4. Make
5. Make test ….’make test fails’ . Why does it
Gabriel Soto wrote:
{
// Create BIO with some random nonexistent host.
BIO *bio = BIO_new_connect(192.168.9.9:);
if (bio == NULL) {
// Failed to obtain BIO.
return false;
}
// Set as non-blocking.
BIO_set_nbio(bio, 1);
// Attempt to
Is this correct for openssl 0.9.8 using FIPS?
test SSL protocol
test ssl3 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
1: zlib compression
SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
1 handshakes of 256 bytes done
gmake[1]: ***
Is there a command I can run to view the openssl banner? Thanks.
Bernie
If I understand your question correctly, the answer is to run the OpenSSL
command line utility with the parameters 'version -a'.
DS
__
OpenSSL Project
Ted T'so wrote:
At this point, you've just spent reams and reams of electrons stating
the obvious.
Yes, for the second time, because some people *still* don't understand it.
(It's quite obvious to you and me, not so obvious to the people who still
don't get it.)
If the endpoint is
Michael Sierchio wrote:
Theodore Tso wrote:
As the old saying goes, better to be silent, and thought to be a
fool, and to speak, and remove all doubt.
Well, Brahma said, even after ten thousand explanations, a fool is no
wiser, but an intelligent man requires only two thousand five
Kurt Roeckx wrote:
David,
I think you have a problem of not making clear what you actually mean.
I'm going to give 3 examples of how I could read what you were saying so
far:
1. A client connects to a server, but the server has been compromised
and someone knows it's secret key. The
Michael Sierchio wrote:
Are you or are you not the same David Schwartz who claimed that SSLv3 is
vulnerable to MITM? If so, what have you learned since then?
If a browser has a maliciously-included root certificate placed there
by an attacker and is using a SOCKS proxy also
Richard Salz wrote:
If a browser has a maliciously-included root certificate placed
there by an attacker and ...
I'm not aware of any definition of MITM that includes compromising any
part of an endpoint. Could you point to one?
/r$
I didn't say you are vulnerable
David Schwartz wrote:
No, we count on it [RSA] being (for practical purposes)
irreversible. That's why you need a different key to decrypt than
you used to encrypt. If it was reversible, like say DES, you
could decrypt with the same key you encrypted with by simply
reversing
Kyle Hamilton wrote:
On Thu, Aug 7, 2008 at 6:59 AM, David Schwartz
[EMAIL PROTECTED] wrote:
Kyle Hamilton wrote:
If the pool is seeded once, the randomness will be random for as
long as the amount of entropy in the seed holds out. After this, the
numbers generated won't really
David Schwartz wrote:
Deterministic is the antithesis of truly random.
You've said some truly stupid things, David, but that one
wins the prize.
Do you know of a way that an algorithmic process can produce more truly random
output than it has truly random input? Or do disagree
Michael Sierchio wrote:
David Schwartz wrote:
Deterministic is the antithesis of truly random.
I think you're obliged to define what you mean by truly random --
maybe even think about it before using such terms.
It's a well-understood term in the art. Understanding the distinction
Michael Sierchio wrote:
No. We know what cryptographically useful random bitstreams are.
[snip]
But you said it was cryptographically secure (not a term of art, btw).
Umm, yes, cryptographically secure is a term of art. It means that a
hypothetical attacker with a specific set of information
Micahel Sierchio:
David Schwartz wrote:
do disagree with my claim that an algorithmic process can
produce an very large amount of cryptographically-strong
random output with a small amount of truly random input?
Yes. A small amount of random input might mean that the
entire
David Schwartz wrote:
RSA is reversible. I never claimed otherwise. What I said is:
So /dev/random tries to provide truly random numbers while
/dev/urandom tries to provide only cryptographically-secure
pseudo-random numbers. It's as assured by the implementation as
RSA assures
David Shambroom wrote:
You're right: You are completely wrong. /dev/urandom never blocks.
See the man page.
Is this is the excerpt from the man page you are referring to?
A read from the /dev/urandom device will not block waiting for
more
entropy. As a result, if there
Kyle Hamilton wrote:
David S: to my knowledge you're at least somewhat incorrect, and part
of your advice is rather dangerous to rely upon (from a cryptographic
theory perspective).
You are at least somewhat incorrect too.
And yes, it is possible to run out the entropy pool. The amount
Tried many many times, even two running at the same time
or poll timeout set to zero, not one instance of blocking
even with
od -x /dev/urandom
and
od -x /dev/random
running simultaneously (the second one blocks, of course).
H.. what the #$%# is happening here.. more ideas?
I am seenivasan , working in MNC. When i tried to compile (make)
openssl in AIX boxes i am getting below errors. After 4 hours also the
compilation has not been finished.
cc -I. -I.. -I../include -DOPENSSL_THREADS -qthreaded -DDSO_DLFCN -
1506-507 (W) No licenses available. Contact
David Schwartz wrote:
Try launching your test program automatically on boot up at the
saem time
you launch ssh or whatever application is failing. I bet
'/dev/urandom' will
fail then.
The program had no problems running with simultaneous
od -x /dev/random, that was blocking because
Care to explain why you can't discuss how the API might or might not work
without throwing around gratuitous insults?
They are warnings, not insults. I'm sorry you see them that way.
This last message to which
I'm responding is merely condescending; the previous was downright
insulting and
Hurrey
I have the solution!
:clap::-D
If SSL_get_error give SSL_ERROR_NONE
I test with strcmp ( at the end, /soap:Envelope) .
because all data from the server must end with /soap:Envelope.
If my data is not complete I send CR LF and the last 975 Bytes appeared
3) We call SSL_read with our 8k buffer. The received data does not fit,
so OpenSSL buffers it internally and returns 8K with
SSL_ERROR_WANT_READ.
How it can both succeed (returning 8K) and fail (returning
SSL_ERROR_WANT_READ)?
DS
Let me trace through the application. Looking at the source code, it
appears that the application may have a bug (checking the SSL error stack
via SSL_get_error() when SSL_read() returned 0) but that what
is actually
happening here is:
1) SSL_read() is returning 0, SSL_get_error() is
If this is really what's happening, it's a bug in OpenSSL. The
application
should be able to pass a 1-byte buffer the OpenSSL and get 1 byte of
decrypted data.
Consider that when running with the current non-blocking API, once OpenSSL
takes the data out of the socket buffer, both
Let me just state this one more time one other way to help people wrap their
brain around it. The OpenSSL library is a black box. You are not supposed to
look inside the black box.
If you want to get decrypted plaintext from the black box, the black box may
or may not need to read data from the
Hallo
Okay, you have two choices.
1) You can pipeline, where you send the next request before you receive the
entire reply to the previous request. In this case, you may receive the rest
of the reply to the first request after you send the second.
2) You can not pipeline, where you don't send
not send the second request until you have received the entire first
reply.
yes you are right but the indication for nothing else to read
is invalid.
Where are you getting this indication from? If your answer is anything other
than my HTTP implementation, then you are confused. Only your
Hallo
I made a simple SSL Client on win32
The request and response works perfectly
when the amount of data is small enough
I made a request with SSL_write
Servers answers with ..200 OK ... etc
SSL_read gives 7159 bytes.
SSL_get_error gives allways SSL_ERROR_NONE
and therefor the
Agreed, though where possible it's preferable for PURIFY-handling
to simply
not use the uninitialised data at all, rather than initialising it before
use. (NB, I know this yields the same quality result, but
appearances in the
code are often as important as the outcome of the executable -
We’re implementing our own web-server intended to run on Win32
platform and using OpenSSL for TLS/SSL support. We’re obliged
to be FIPS-certified and we’re using OpenSSL 0.9.7 with FIPS
module for these purposes. Recently, we were requested to support
amd64 platform. I’ve tried to build
Heh, well, if you know anything about the fips build process
on windows, you know FIPS-1.1.2 (based on OpenSSL 0.9.7) will
only compile for 32bit Windows since it requires the use of
Mingw/MSYS to build the fips canister. Since Mingw/MSYS is
only available as a 32bit compiler (well, there
You mean you're not testing *all* of the real code. That's
fine, you can't
debug everythign at once.
if you haven't tested your final production binary then you
haven't tested
anything at all.
You: Two plus two is five.
Me: Are you crazy? Two plus two is not five.
You: If you don't
on the other hand it may be a known plaintext attack.
what are you guys smoking?
-dean
This argument has already been refuted in the posts you are replying to.
Such an attack would require the algorithm to not meet its specific design
security objectives. In other words, you are arguing
any special case changes for testing means you're not testing the REAL
CODE.
You mean you're not testing *all* of the real code. That's fine, you can't
debug everythign at once.
for example if you build -DPURIFY then you also won't get notified of
problems with other PRNG seeds which are
What I _wouldn't_ be happy with is a PRNG which has been fed only known
data, but enough of it at startup that it agrees to provide output to
the user. There are a terrible lot of these around, and pretending that
stack contents are random is a great way to accidentally build them.
Thor Lancelot Simon wrote:
So you're comfortable with the adversary knowing, let's say, 511 of
the first 512 bits fed through SHA1?
I'm comfortable knowing any number of bits fed into or through the SHA1
provided there are also sufficient bits he does not know. The issue of how
many bits he
Unfortunately, it may also very well include data that would be
highly predictable to adversaries.
That doesn't matter.
I am aware that this is an area without a lot of good theoretical
signposts, but I am just not very comfortable feeding arbitrary
amounts of possibly-known data into a
If feeding predictable data into a PRNG that was already well
seeded with
unpredictable data produced a weaker PRNG, then you have found
a security bug
in the PRNG and I suggest you publish.
Yeah, I've heard that a few times. However, consider the
pathological case,
in which an
Geoff Thorpe wrote:
Then tell your linux distribution to use -DPURIFY.
Hangon, I've got a better idea. How about the OpenSSL develoeprs
fix their library so that the standard version that they ship is
valgrind clean. Then the distributions won't need to do anything
other than compile it.
David Schwartz wrote:
Umm, why?
1) This is an unusual use case.
This is not an unusual case. I'm a developer and I valgrind my
code all the time because fixing problems shown up by valgrind
makes my code better.
I didn't say it was an unusual use case for you. It's an unusual use
Would a runtime flag for don't seed with uninitialized memory, rather
than (or in addition to) -DPURIFY, satisfy everybody?
John
I don't think it's necessary, since compiling with '-DPURIFY' is so
ridiculously easy, but I have no objection to it. An evironment variable
would probably be the
But how to explain that passwords like $dlkins02, $flkins02,
and $Elkins02 can be decrypted correctly? Only $elkins02 is
decrypted into empty string.
Please read this over a few times and think long and hard about it: The
decrypted data is *NOT* a C-style string, it's just an arbitrary chunk
There is no global variable named errno, it only exist in the TLS. You
could say that because there is only 1 TLS, that it's global, and it
acts that way. But it's not really the same as a normal global
variable. You can't access the variables in the same manner you access
other global
Further, on some systems you can't link with libpthread
if you intend to use fork(). I have two builds of my
software, one that does fork()ing and one that does
pthread_create()ing. So I am trying to avoid having to have two
installations of OpenSSL on every build platform.
I find it hard
void foo(void)
{
static int *my_errno=NULL;
if(my_errno==NULL) my_errno=errno;
// code that uses 'my_errno' as if it were 'errno'
}
No, this is not legal code under the POSIX standard at all.
Since this code is single-threaded only, what POSIX standard are you talking
about? The
Well, I'm late to this discussion, but it would seem to me that quite
a few things are wrong with that ...
First, my_errno=errno; might be more appropriate, after all, you need
to reference the address of errno, not the current value, right? But that
would also assume errno is declared as
1 - 100 of 243 matches
Mail list logo