Re: [openssl-dev] [openssl-commits] [openssl] master update

Oops, my mistake. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz > -Original Message- > From: Rainer Jung [mailto:rainer.j...@kippdata.de] > Sent: Saturday, January 16, 2016 5:12 AM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev]

Re: [openssl-dev] [openssl.org #4243] 1.1.0-pre2: bug: EVP_CIPHER_CTX isn't completely opaque

> This is according to our interpretation of "type opacity", meaning that the > type name is available but not its content. "Data hiding" is another way to p ut > it. This means that there will be a need to adapt, stack allocated > EVP_CIPHER_CTX is no longer allowed, but there are functions to

[openssl-dev] '-CIPHER_DEBUG' error on 'dh_dsa'

Having '-DCIPHER_DEBUG' in the CFLAGS causes this error in MingW (gcc 5.1): ssl/ssl_lib.c:2499:58: error: 'dh_dsa' undeclared (first use in this function) dh_tmp, rsa_enc, rsa_sign, dsa_sign, dh_rsa, dh_dsa); (+ a lot wore warnings). Time to retire/rewrite this 'CIPHER_DEBUG' part?

Re: [openssl-dev] Upcoming build system change

In message <5699df80.6030...@dancingdragon.be> on Fri, 15 Jan 2016 22:13:20 -0800, Joey Yandle said: dragon> I tried building your branch on windows, but the windows Configure dragon> targets appear to be missing: I haven't done anything specific with Windows yet...

Re: [openssl-dev] [openssl.org #4157] Download Documentation

Seems to me this can be closed now. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4159] BUG ::: Null dereference in ssl3_free

Kurt said this is fixed in git, can be closed I guess. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4026] patches to eliminate some warnings from clang

Looks like some things are already fixed in master, does this needs any more actions? Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4207] engine key format in 1.1

Also patches for commands: - pkey : "0017-pkey-cmd-restore-keys-from-engine.patch" - req : "0018-req-cmd-restore-keys-from-engine.patch" >From 0ea1c0b9b600977e93efed4545166ec4ae245bc9 Mon Sep 17 00:00:00 2001 From: Roumen Petrov Date: Sat, 9 Jan 2016 14:52:14 +0200

Re: [openssl-dev] [openssl.org #4219] [typos] DANE related docs

Seems fixed in master, so this can be closed. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4183] No SSL_CIPHER_description() for ChaCha20/Poly1305

Looks fixed in master, can probably be closed. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4140] GITHUB PULL REQUEST: do not load engines twice

PR merged, can be closed. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4112] GH458: Fix "primarility" typo

PR merged, can be closed. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4222] Wrong definition of the macro SSL_set1_sigalgs in ssl.h (PR #519)

PR merged, can be closed now. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4174] Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633)

PR merged, can be closed. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

This has been (partially) fixed, so it can probably be closed. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4054] [BUG] engine-provided ciphers are unavailable for command-line utility

Seems that this works in master, so it can probably be closed. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4239] [PATCH] fixing wildcard matching on punycode domains

On Fri, Jan 15, 2016 at 06:08:38pm +, Viktor Dukhovni via RT wrote: > > > On Jan 15, 2016, at 10:32 AM, Zi Lin via RT wrote: > > > > > > Yes, this will get fixed. Thanks. Patches merged, can be closed now. Cheers ___

Re: [openssl-dev] Upcoming build system change

In message <20160116164653.gh12...@calimero.vinschen.de> on Sat, 16 Jan 2016 17:46:53 +0100, Corinna Vinschen said: vinschen> > ./config --unified vinschen> vinschen> I tried that and it doesn't work correctly for Cygwin on x86_64. vinschen> Rather than choosing the

Re: [openssl-dev] '-CIPHER_DEBUG' error on 'dh_dsa'

On Sat, Jan 16, 2016 at 01:51:28pm +0100, Gisle Vanem wrote: > Having '-DCIPHER_DEBUG' in the CFLAGS causes this error in > MingW (gcc 5.1): > ssl/ssl_lib.c:2499:58: error: 'dh_dsa' undeclared (first use in this > function) > dh_tmp, rsa_enc, rsa_sign, dsa_sign, dh_rsa, dh_dsa); >

Re: [openssl-dev] '-CIPHER_DEBUG' error on 'dh_dsa'

On Sat, Jan 16, 2016 at 03:03:41PM +, Alessandro Ghedini wrote: > On Sat, Jan 16, 2016 at 01:51:28pm +0100, Gisle Vanem wrote: > > Having '-DCIPHER_DEBUG' in the CFLAGS causes this error in > > MingW (gcc 5.1): > > ssl/ssl_lib.c:2499:58: error: 'dh_dsa' undeclared (first use in this > >

[openssl-dev] [openssl.org #4249] ECDSA method flags

In 1.0.2 branch commit 94c2f77a62be7079ab1893ab14b18a30157c4532 add functions to set ECDSA_METHOD structure. One on functions is to set flags. Until now ECDSA flags are defined only in non-installed header. 1) "0003-move-some-ECDSA_METHOD-declarations-after-descriptio.patch" First patch is

Re: [openssl-dev] Upcoming build system change

Hi Richard, On Jan 14 21:59, Richard Levitte wrote: > Hi, > > there's an effort going on to revamp the build system for future > OpenSSL, coining it as "unified". The intention is to have one and > the same base of information for all platforms, instead of having to > maintain one set of files

Re: [openssl-dev] [openssl.org #4246] OpenSSL-1.1-pre2 openssl req fails to use engine

Yes, #458 is similar but for the pkeyutl.c I would have changed: {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, to {"keyform", OPT_KEYFORM, 'f', "Private key format - default PEM"}, The patch also adds an additional parameter, {"engine_impl", OPT_ENGINE_IMPL, '-', "Also

Re: [openssl-dev] [openssl.org #4246] OpenSSL-1.1-pre2 openssl req fails to use engine

Yes, #458 is similar but for the pkeyutl.c I would have changed: {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, to {"keyform", OPT_KEYFORM, 'f', "Private key format - default PEM"}, The patch also adds an additional parameter, {"engine_impl", OPT_ENGINE_IMPL, '-', "Also

[openssl-dev] SSL_set_tlsext_host_name(ssl, "")

While playing around with the DANE suppport in OpenSSL 1.1 I noticed that the TLS handshake will fail if I specify an empty name: SSL_dane_enable(ssl, "") (AFAICT no name is needed for DANE-TA(2) RRs). This can also be reproduced using openssl s_client -servername "" ... The error I'm getting

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

On Jan 14 15:44, Richard Levitte wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > >OpenSSL version 1.1.0 pre release 2 (alpha) >=== I tried to build this for Cygwin and got some problems. First, with 1,0.2, we built the Cygwin package

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

On Sat, Jan 16, 2016 at 07:42:50PM +0100, Corinna Vinschen wrote: > On Jan 16 19:37, Corinna Vinschen wrote: > > On Jan 14 15:44, Richard Levitte wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > > > >OpenSSL version 1.1.0 pre release 2 (alpha) > > >

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

On Jan 16 20:01, Corinna Vinschen wrote: > On Jan 16 19:59, Kurt Roeckx wrote: > > On Sat, Jan 16, 2016 at 07:42:50PM +0100, Corinna Vinschen wrote: > > > On Jan 16 19:37, Corinna Vinschen wrote: > > > > On Jan 14 15:44, Richard Levitte wrote: > > > > > -BEGIN PGP SIGNED MESSAGE- > > > > >

Re: [openssl-dev] MSVC 2015 internal compiler error

Hi, FWIW I encountered the same problem last week with the statem_srvr.c. I undestood that it was a compiler bug, but suspected there was an underlying problem with the source code, as usually it is error in MY code that make the compiler crashes... :-( So I gave a try to Visual Studio Community

[openssl-dev] [openssl.org #4183] No SSL_CIPHER_description() for ChaCha20/Poly1305

yes, fixed. closing. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Keyed hashing APIs for EVP?

On Sat, Jan 16, 2016, Bill Cox wrote: > > I feel keyed hashing is here to stay. Keccak also has this feature. > Assuming I'm reading the EVP API correctly, should add support for keyed > digests to EVP. What do you folks think? > Support for MAC already exists in EVP. It's possible to access

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

On Jan 16 19:59, Kurt Roeckx wrote: > On Sat, Jan 16, 2016 at 07:42:50PM +0100, Corinna Vinschen wrote: > > On Jan 16 19:37, Corinna Vinschen wrote: > > > On Jan 14 15:44, Richard Levitte wrote: > > > > -BEGIN PGP SIGNED MESSAGE- > > > > Hash: SHA1 > > > > > > > > > > > >OpenSSL

Re: [openssl-dev] "SSL_dane_enable() may be called"

On Sat, Jan 16, 2016 at 04:30:26AM -0800, Claus Assmann wrote: > SSL_CTX_dane_enable.pod states: > > SSL_dane_enable() may be called before the SSL handshake is > initiated with L to enable DANE for that connection. > > "may" seems to be a bit confusing here: if you want "to

[openssl-dev] [openssl.org #4174] Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633)

Yes merged and closing this. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4250] [typos] doc/ssl/SSL_CTX_dane_enable.pod

> On Jan 16, 2016, at 3:56 PM, Claus Assmann via RT wrote: > > -int depth = SSL_get0_dane_authority(s, NULL, ); > +int depth = SSL_get0_dane_authority(ssl, NULL, ); > -(void) SSL_get0_dane_tlsa(s, , , , NULL, NULL); > +(void) SSL_get0_dane_tlsa(ssl, , ,

Re: [openssl-dev] [openssl.org #4250] [typos] doc/ssl/SSL_CTX_dane_enable.pod

> On Jan 16, 2016, at 3:56 PM, Claus Assmann via RT wrote: > > -int depth = SSL_get0_dane_authority(s, NULL, ); > +int depth = SSL_get0_dane_authority(ssl, NULL, ); > -(void) SSL_get0_dane_tlsa(s, , , , NULL, NULL); > +(void) SSL_get0_dane_tlsa(ssl, , ,

[openssl-dev] [openssl.org #4250] [typos] doc/ssl/SSL_CTX_dane_enable.pod

The example uses "s" in some places instead of "ssl": diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod index c3c203e..21788ad 100644 --- a/doc/ssl/SSL_CTX_dane_enable.pod +++ b/doc/ssl/SSL_CTX_dane_enable.pod @@ -210,9 +210,9 @@ the lifetime of the SSL connection.

[openssl-dev] [openssl.org #4251] PR request: Add OCSP_SINGLERESP_get0_id() accessor

Since 1.1.0 API will be freezed soon, can you review the following pull-request Remi Gacogne posted: Add an OCSP_SINGLERESP_get0_id() accessor to the OCSP_CERTID of a OCSP_SINGLERESP https://github.com/openssl/openssl/pull/334 Thank you!

Re: [openssl-dev] "SSL_dane_enable() may be called"

On Sat, Jan 16, 2016, Viktor Dukhovni wrote: > On Sat, Jan 16, 2016 at 04:30:26AM -0800, Claus Assmann wrote: > > SSL_dane_enable() may be called before the SSL handshake is > > initiated with L to enable DANE for that connection. > > "may" seems to be a bit confusing here:

[openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

we did everything we want to do, closing this. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4222] Wrong definition of the macro SSL_set1_sigalgs in ssl.h (PR #519)

merged, closing. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] SSL_set_tlsext_host_name(ssl, "")

On Sat, Jan 16, 2016, Viktor Dukhovni wrote: > > Please try the two attached patches. > Better version of the first patch. Those solve the problem for me. Thanks! ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

In message <20160116183724.gi12...@calimero.vinschen.de> on Sat, 16 Jan 2016 19:37:24 +0100, Corinna Vinschen said: vinschen> Who had this funny idea to use the Windows definitions when building for vinschen> Cygwin? I'm afraid that is lost in the thin web of history ;-)