The handling of the thisupd and nextupd pointers in make_ocsp_response()
is incorrect. The pointers should be the first parameter of
x509_gmtime_adj(), rather than the return value.
I've attached a patch that fixes this.
-John
__
Hi
Our's is a Proxy Server SSL enabled multithreaded application.
We are running on solaris operating system.
we are using OpenSSL library [ openssl-0.9.6 ]
we have serverCA and root CA certificate at the Proxy server application.
our application dumps in "ssl_connect" during certificate chain
[[EMAIL PROTECTED] - Thu Jan 30 09:08:11 2003]:
> The handling of the thisupd and nextupd pointers in
> make_ocsp_response()
> is incorrect. The pointers should be the first parameter of
> x509_gmtime_adj(), rather than the return value.
Why do you think it's incorrect? Have you checked what ha
[[EMAIL PROTECTED] - Tue Jan 28 11:07:34 2003]:
> Hi there !
>
> I thought this was worth mentioning:
>
> Very reproducably, openssl ca crashes each time when having finished
> the job.
> (Worked in 0.9.6x)
I just fixed the problem. Thanks for the stack trace, that made all the difference!
F
Thanks for the report and the patch. I applied it almost verbatim.
This ticket is now resolved.
[[EMAIL PROTECTED] - Sat Jan 25 18:18:47 2003]:
> Hi,
>
> I found a memory leak in openssl (version 0.9.6h). I've reproduced it
> with demos/bio/saccept.c.
>
> openssl-0.9.6h/demos/bio$ valgrind -
Thanks for the report, I just committed a fix, which will be present in 0.9.7a.
This ticket is now resolved.
--
Richard Levitte
__
OpenSSL Project http://www.openssl.org
Development Mailing List
[levitte - Thu Jan 30 11:21:30 2003]:
> [[EMAIL PROTECTED] - Thu Jan 30 09:08:11 2003]:
>
> > The handling of the thisupd and nextupd pointers in
> > make_ocsp_response()
> > is incorrect. The pointers should be the first parameter of
> > x509_gmtime_adj(), rather than the return value.
>
> Why
[[EMAIL PROTECTED] - Thu Jan 30 09:28:31 2003]:
>
>
>
> Hi
>
> Our's is a Proxy Server SSL enabled multithreaded application.
> We are running on solaris operating system.
> we are using OpenSSL library [ openssl-0.9.6 ]
> we have serverCA and root CA certificate at the Proxy server
> applica
OK, I looked at the no-engine patch again, and really saw no harm in it, so it's
committed, and will be part of all release from 0.9.7a and on (as well as the current
0.9.7 and main snapshots).
This ticket is now resolved.
--
Richard Levitte
___
No further reaction, so I'm making this ticket stalled.
[levitte - Fri Dec 13 16:47:19 2002]:
> No further reactions, so I'm moving this to 0.9.7a.
>
> [[EMAIL PROTECTED] - Wed Dec 4 16:14:25 2002]:
>
> > I asked Eric Rescorla, and he agreed the section of the TLS RFC was
> > definitely uncle
Why does this matter?
[[EMAIL PROTECTED] - Mon Jan 27 19:20:17 2003]:
> I've checked over the snapshot that was current on or about 14-Jan-
> 2003.
> It builds OK.
>
> In the original 0.9.7.tar.gz there were symbolic links already present
> in include/openssl, and they are not removed by make c
It's not supposed to. It's only under unusual circumstances that this needs updating,
and it should be done in the original source directory anyway.
[[EMAIL PROTECTED] - Mon Jan 27 19:48:27 2003]:
> In the original 0.9.7 release there also seems to be some
> configuration
> remnants left in th
Hmm, mind if I skip the freebsd-shared: part? It doesn't seem to be used anywhere
anyway...
[[EMAIL PROTECTED] - Sun Jan 12 23:00:37 2003]:
>
> Hi,
>
> In order to support compilation on FreeBSD I have to suggest some
>patches.
> Please revise and send me comment.
>
> regesssion te
[[EMAIL PROTECTED] - Tue Jan 28 11:07:34 2003]:
> And (while i'm at it) another thing to mention:
While we're mentioning stuff, I'd like to mention that we can handle bug reports much
better if there's only *one* bug per report. Please keep that in mind in the future.
> I'm using openssl with
* Richard Levitte via RT ([EMAIL PROTECTED]) wrote:
>
> OK, I looked at the no-engine patch again, and really saw no harm in it, so it's
>committed, and will be part of all release from 0.9.7a and on (as well as the current
>0.9.7 and main snapshots).
>
> This ticket is now resolved.
Erm, I th
> It's not supposed to. It's only under unusual circumstances that this
> needs updating, and it should be done in the original source directory anyway.
> [[EMAIL PROTECTED] - Mon Jan 27 19:48:27 2003]:
> > In the original 0.9.7 release there also seems to be some
> > configuration
> > remnants
I suspect it doesn't really matter if the links are made only for files that are not
already links.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
In message <[EMAIL PROTECTED]> on Thu, 30 Jan 2003 13:33:59 -0500,
Geoff Thorpe <[EMAIL PROTECTED]> said:
geoff> Erm, I think there's a fundemantal problem with this. I understand the
geoff> desire to build a version of openssl such that it doesn't include the
geoff> engine footprint, nor its exe
> The best you can do at present is to either use the
> DER option in 0.9.7
> if you know the encoding or the new mini-ASN1
> compiler of 0.9.8. Neither
> of which is particularly easy to do.
What do you mean the DER option in 0.9.7? Do I modify
the IP address to DER and put it in the config fi
> > I'm using openssl with stunnel.
> > When i'm running stunnel as a service, RAND_poll in
> rand_win.c can't
> > work, as
> > it needs features not available under the SYSTEM account without a
> > user logged in
> > (i.e. the UI features) so it dropped all the stuff except for the
> > CryptAcqu
> > I'm using openssl with stunnel.
> > When i'm running stunnel as a service, RAND_poll in
> rand_win.c can't
> > work, as
> > it needs features not available under the SYSTEM account without a
> > user logged in
> > (i.e. the UI features) so it dropped all the stuff except for the
> > CryptAcq
[[EMAIL PROTECTED] - Thu Jan 30 20:06:27 2003]:
>
> > The best you can do at present is to either use the
> > DER option in 0.9.7
> > if you know the encoding or the new mini-ASN1
> > compiler of 0.9.8. Neither
> > of which is particularly easy to do.
>
> What do you mean the DER option in 0.9.
[[EMAIL PROTECTED] - Fri Nov 1 16:57:20 2002]:
> Notes on documentation files:
>
> - The FAQ ("Why does the OpenSSL compilation fail on
> Win32 with VC++?")refers to using VCVARS32.BAT. That
> is the correct name for VC++6. For VS.NET (think of it
> as 'VC++7'), the name is VSVARS32.BAT instead
Any more thoughts on this issue?
--
Richard Levitte
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
On Thu, Jan 30, 2003 at 10:09:22PM +0100, Richard Levitte via RT wrote:
>
> Any more thoughts on this issue?
The problem is not yet solved. Using the global error stack as error indicator
instead of correctly passing state back via return values is a design flaw.
It happend to make problems in t
OK...
[jaenicke - Thu Jan 30 22:21:50 2003]:
> On Thu, Jan 30, 2003 at 10:09:22PM +0100, Richard Levitte via RT
> wrote:
> >
> > Any more thoughts on this issue?
>
> The problem is not yet solved. Using the global error stack as error
> indicator
> instead of correctly passing state back via re
Hello Richard,
> Richard Levitte via RT wrote:
>
> It's unfortunate that cryptoki.h is GPLd, or I would put it in our
contribution area.
>
> GPL is not compatible with the OpenSSL license. Is it possible to
get a
different cryptoki.h?
I got the original cryptoki.h which is not GPLd from RSA
__
> [EMAIL PROTECTED]
> Bull TrustWay R&D, France
> http://www.servers.bull.com/trustway
>
__
OpenSSL Project http://www.openssl.org
Development Mailing List
I applied your changes, to be committed as soon as my tests get through. Please try
the next snapshot and send in a new bug report if it still doesn't work properly.
This ticket is now resolved.
[[EMAIL PROTECTED] - Tue Nov 26 09:37:12 2002]:
> Below msg is a re-send to the correct address [E
Since the 0.9.6 branch is now dead, I suggest this ticket gets killed.
[steve - Sat Jan 11 02:13:30 2003]:
> [[EMAIL PROTECTED] - Fri Jan 10 15:10:09 2003]:
>
> >
>
> Ugh, can't quote the original message...
>
> This refers to OpenSSL 0.9.6X which does indeed only show the DN of
> the
> CSR (
Will anything happen with this?
[[EMAIL PROTECTED] - Sat Jan 18 11:02:31 2003]:
> I already answered this once, but it didn't come through for some
> reason...
>
> > >>+ "sx6", "cc:-g -DTERMIOS::(unknown):::SIXTY_FOUR_BIT DES_INT:::",
> > >>
> > >
> > > No optimization? Not even lousy -O?
> >
>
Hmm, BIO_socket_ioctl() should really take a void* instead of an unsigned long *.
Then, BIO_socket_nbio() should send a pointer to an int instead of a pointe to a long.
The latter can be done anyway and pushed through useing a cast (ugly), or we could
change that last argument type to BIO_soc
Stephen Henson via RT wrote:
However a bug was introduced into 0.9.7 ASN1_TIME_to_generalizedtime()
which causes problems in this conversion. This change would work around
the problem without addressing the underlying cause.
Since the ASN1_TIME_to_generalizedtime() bug has now been fixed in
0.9.
Stephen Henson via RT wrote:
> However a bug was introduced into 0.9.7 ASN1_TIME_to_generalizedtime()
> which causes problems in this conversion. This change would work around
> the problem without addressing the underlying cause.
>
> Since the ASN1_TIME_to_generalizedtime() bug has now been fix
[steve - Thu Jan 30 20:44:34 2003]:
> [[EMAIL PROTECTED] - Thu Jan 30 20:06:27 2003]:
>
> >
> >
> > What do you mean the DER option in 0.9.7? Do I modify
> > the IP address to DER and put it in the config file?
> >
> > subjectAltName=IP:DER:
> >
> > Is there some examples of doing this?
> >
>
[steve - Thu Jan 30 20:44:34 2003]:
> However no version of OpenSSL will currently display that correctly.
>
> This isn't very friendly and proper IPv6 support will be added at some
> stage.
Do you have any ideia when?
__
Open
In message <[EMAIL PROTECTED]> on Fri, 31 Jan 2003 04:59:36
+0100 (MET), " via RT" <[EMAIL PROTECTED]> said:
rt>
rt> [steve - Thu Jan 30 20:44:34 2003]:
rt>
rt> > However no version of OpenSSL will currently display that correctly.
rt> >
rt> > This isn't very friendly and proper IPv6 support w
In message <[EMAIL PROTECTED]> on Fri, 31 Jan 2003 04:59:36
+0100 (MET), " via RT" <[EMAIL PROTECTED]> said:
rt>
rt> [steve - Thu Jan 30 20:44:34 2003]:
rt>
rt> > However no version of OpenSSL will currently display that correctly.
rt> >
rt> > This isn't very friendly and proper IPv6 support
for num < 15 .. always get the same result.. and it's larger than
expected...
We are using small primes to verify the correctness of our system.
thanks,
Cameron
#include
#include
/*
* @author Cameron Gregory, http://www.bloke.com/
*/
char *me=NULL;
int debug=0;
int main(int argc, char
39 matches
Mail list logo
