Re: [PATCH] argument passing to app_verify_callback

On Thu, Feb 21, 2002, Bodo Moeller wrote: On Wed, Feb 20, 2002 at 10:18:55AM -0800, D. K. Smetters wrote: One comment made when I proposed the patch was that this functionality is currently almost entirely unused. Therefore changing the expected prototype is not likely to affect that

Re: [STATUS] OpenSSL (Sun 16-Jun-2002)

On Sun, Jun 16, 2002, OpenSSL Project wrote: Small typo: OpenSSL STATUS Last modified at __ $Date: 2002/06/16 11:33:59 $ DEVELOPMENT STATE o OpenSSL 0.9.8: Under development... o OpenSSL 0.9.7-beta1:

Re: Announcement: OpenSSL 0.9.6e (Security related upgrade)

On Tue, Jul 30, 2002, Lutz Jaenicke wrote: OpenSSL version 0.9.6e released Can someone please sign the distribution? Or at least include the MD5 checksum in a PGP signed announcement? There was an openssl-0.9.6d.tar.gz.asc but: Requesting

Re: signing distributions/announcements (was: Announcement: OpenSSL 0.9.6e (Security related upgrade))

On Tue, Jul 30, 2002, Claus Assmann wrote: On Tue, Jul 30, 2002, Lutz Jaenicke wrote: OpenSSL version 0.9.6e released Can someone please sign the distribution? Or at least include the MD5 checksum in a PGP signed announcement? Sorry for the noise, I finally found openssl

0.9.6g: .asc is unreadable

On Fri, Aug 09, 2002, Richard Levitte - VMS Whacker wrote: -BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6g released o openssl-0.9.6g.tar.gz [normal] MD5 checksum: 515ed54165a55df83f4eb4e4e9078d3f Just a very minor nit (since the announcement contains all the

0.9.7 does not compile on OpenBSD 3.2

0.9.7-Beta4 compiled fine on this machine, 0.9.7 does not. + ./config --openssldir=/home/ca/OpenBSD --prefix=/home/ca/OpenBSD Operating system: i386-whatever-openbsd Configuring for OpenBSD-i386 IsWindows=0 CC=gcc CFLAG =-DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DL_ENDIAN

openssl-SNAP-20000220: bug in passwd.c

FYI: in apps: "passwd.c", line 326: operands have incompatible types: pointer to const char ":" pointer to uchar "passwd.c", line 332: operands have incompatible types: pointer to uchar ":" pointer to const char ./config -t WARNING! Detected WorkShop C 5.0. Do make sure you

OpenSSL 0.9.5a beta1 bug on FreeBSD 3.2

(0.9.5 compiled find on this system) OpenSSL self-test report: OpenSSL version: 0.9.5a-beta1 Last change: des_quad_cksum() byte order bug fix Options: --openssldir=/usr/ca/FreeBSD --prefix=/usr/ca/FreeBSD OS (uname): FreeBSD 3.2-RELEASE FreeBSD 3.2-RELEASE #0: OS

Re: OpenSSL 0.9.5a beta1 bug on FreeBSD 3.2

t like -x. In 0.9.5 there is no -x in that line. How can I solve this problem? Do I have to edit the Makefiles? Claus Assmann schrieb: (0.9.5 compiled find on this system) OpenSSL self-test report: OpenSSL version: 0.9.5a-beta1 Last change: des_quad_cksum() byte order b

Problem on AIX: Macro name Free cannot be redefined

There's a problem with the macro name 'Free' on AIX: "/usr/include/net/radix.h", line 177.9: 1506-213 (S) Macro name Free cannot be redefined. "/usr/include/net/radix.h", line 177.9: 1506-358 (I) "Free" is defined on line 2 58 of openssl/work/src/include/openssl/crypto.h. System information:

Re: Problem on AIX: Macro name Free cannot be redefined

On Wed, Apr 26, 2000, Richard Levitte - VMS Whacker wrote: From: Claus Assmann [EMAIL PROTECTED] ca+ssl There's a problem with the macro name 'Free' on AIX: ca+ssl ca+ssl "/usr/include/net/radix.h", line 177.9: 1506-213 (S) Macro name ca+ssl Free cannot be redefined. Whi

Re: Problem on AIX: Macro name Free cannot be redefined

On Wed, Apr 26, 2000, Richard Levitte - VMS Whacker wrote: [macro Free on AIX 4.3: Free cannot be redefined.] Thanks. BTW, just to clarify, did that happen when you compiled OpenSSL or did it happen when you compiled another program that includes OpenSSL header files? It happens when I

Bug in SSLv3 protocol using SSLv23 method

Hi! At least some "good" news: I found the bug. Here's the problem description again: (starttls to connect to mail.stalker.com, using OpenSSL 0.9.5a) ! According to the SSL/TLS standard, the first 2 bytes of that secret ! should be the protocol version. Since CgatePro insists on TLSv0 (aka !

patch for bug in SSLv3 protocol using SSLv23 method

Attached is a patch for the problem reported earlier. Please let me know whether the patch is ok. (starttls to connect to mail.stalker.com, using OpenSSL 0.9.5a) ! According to the SSL/TLS standard, the first 2 bytes of that secret ! should be the protocol version. Since CgatePro insists

0.9.8 beta 6 fails to compile on OpenBSD 3.2

[Note: this isn't important for me as OpenBSD comes with OpenSSL, I was just curious whether this would work.] OpenBSD 3.2/x86: $ ./config no-asm Operating system: i386-whatever-openbsd Configuring for BSD-x86 Configuring for BSD-x86 no-asm [option] OPENSSL_NO_ASM no-gmp

Re: 0.9.8 beta 6 fails to compile on OpenBSD 3.2

On Wed, Jun 22, 2005, Andy Polyakov wrote: OpenBSD 3.2/x86: $ ./config no-asm It doesn't disable asm: This is apparently a bug in ./Configure (it's not OpenBSD specific, as it's reproducible everywhere, shall be fixed). Thanks! dx86-out.s:2376: Error: Unimplemented segment type

Re: [PATCH] openssl-0.9.7l make install fails in fips-1.0/ directory

On Fri, Sep 29, 2006, Martin Kraemer wrote: Am I the only user who observes this problem? No. I've applied a similar patch locally. It would be nice to have it in the next release. __ OpenSSL Project

Re: cmake (was: [PATCH] openssl-0.9.7l make install fails in fips-1.0/ directory)

On Fri, Sep 29, 2006, Brad House wrote: time to it... Personally I'd prefer something truly cross-platform like CMake. It would actually allow a Windows x64 fips build (which is cmake isn't exactly native on the platforms where I compile OpenSSL. Currently OpenSSL builts out of the box on

Re: openssl-0.9.6-beta1 won't build on BSDI 4.1

On Wed, Sep 13, 2000, Theodore Hope wrote: I think to needed "-lcompat option" on some *BSD* system. Perhaps the OpenSSL team could incorporate thel ogic to include "-lcompat" as part of the 'config' in the next beta release? Thanks, Why do you want to use old stuff? Just make sure

Re: 0.9.6-beta1: ftime() problem on OpenBSD 2.7

On Mon, Sep 11, 2000, Richard Levitte - VMS Whacker wrote: From: Claus Assmann [EMAIL PROTECTED] ca+openssl OpenSSL 0.9.6-beta1 doesn't compile "out of the box" on OpenBSD ca+openssl 2.7; it fails when linking in apps because speed.c uses: Is there a standard macro to odenti

OpenSSL 0.9.6 signatures not accessible

On Sun, Sep 24, 2000, Richard Levitte wrote: o ftp://ftp.openssl.org/source/ o openssl-0.9.6.tar.gz [normal] The signatures aren't accessible -rw--- Sep 24 16:37 openssl-0.9.6.tar.gz.asc -rw--- Sep 24 16:37 openssl-engine-0.9.6.tar.gz.asc

Re: Random seed and possible blocking of /dev/random

On Sat, Jan 06, 2001, Richard Levitte - VMS Whacker wrote: That would be a good idea, I think. Personally, I'd say /etc/.egd-socket rather than /etc/egd-socket. This removes some possibilities for "accidents" as well. Yes, this is security by obscurity... Please don't use /etc, it's for

OpenSSL 0.9.6a Beta 2: bctest fails on FreeBSD

FreeBSD has a problem with the new bctest (tested on 3.2 and 4.3-Beta2) running bc (standard_in) 6: illegal character: O (standard_in) 6: syntax error (standard_in) 5: illegal character: O (standard_in) 5: syntax error verify

Re: OpenSSL Security Advisory: Record of death

On Thu, Mar 25, 2010, Bodo Moeller wrote: Record of death vulnerability in OpenSSL 0.9.8f through 0.9.8m No, it's not a mistake -- it's code elsewhere that no longer tolerates the coarse logic we are changing in the patch, which has been around forever. Could you please elaborate? I'm

openssl-1.0.1-stable-SNAP-20111209 compile error on SunOS 5.10

[sent to rt before, but didn't see it back on the list, so here's an abbreviated version] OS: SunOS 5.10 Compiler: SunStudio As requested on the mailing lists I downloaded openssl-1.0.1-stable-SNAP-20111209 and tried to compile it on various OS. It failed on SunOS 5.10 when using Sun's compiler:

Re: [openssl.org #2656] [BUG]: openssl-1.0.1-stable-SNAP-20111209 compile error on SunOS 5.10

On Mon, Dec 12, 2011, Andy Polyakov via RT wrote: OS: SunOS 5.10 Assembler: modexp512-x86_64.s, line 433 : Syntax error Please verify http://cvs.openssl.org/chngview?cn=21836. Thanks, that fixes the error. __

Re: OpenSSL 1.0.1 beta 3: some test results

OpenSSL 1.0.1-beta3 23 Feb 2012 make make test succeeded on: platform: solaris64-x86_64-cc options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: cc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN

1.0.1e: crash in sha1_block_data_order_ssse3()

I'm getting a crash in sha1_block_data_order_ssse3() but currently I don't know how to debug this further as I'm not very familiar with the internals... Any suggestions for tracking this down are appreciated, e.g., is it something in the application or in OpenSSL? The problem is 100% reproducible

Re: 1.0.1e: crash in sha1_block_data_order_ssse3()

On Sun, Dec 15, 2013, Dimitry Andric wrote: Program received signal SIGBUS, Bus error. sha1_block_data_order_ssse3 () at sha1-x86_64.s:1328 1328movdqa %xmm0,0(%rsp) rsp0x800736048 0x800736048 This is most likely a stack alignment problem. The movdqa

Re: 1.0.1e: crash in sha1_block_data_order_ssse3()

On Tue, Dec 17, 2013, Florian Weimer wrote: Current language: auto; currently asm (gdb) p $rsp $15 = (void *) 0x8007360a0 Actually, it doesn'ton function entry, %rsp must be congruent 8 modulo 16. Thanks for the clarification, I misunderstood 16-byte stack alignment. The problem seems to

Re: [openssl.org #3306] OpenSSL Enhancement: the binary library should contain the version strings found in the header opensslv.h

On Mon, Apr 14, 2014, Tom Swirly via RT wrote: We'd like to make sure that the libraries we're linking to are up-to-date. Take a look at the postfix code: tls_check_version(). __ OpenSSL Project

[openssl-dev] SSL_set_tlsext_host_name(ssl, "")

While playing around with the DANE suppport in OpenSSL 1.1 I noticed that the TLS handshake will fail if I specify an empty name: SSL_dane_enable(ssl, "") (AFAICT no name is needed for DANE-TA(2) RRs). This can also be reproduced using openssl s_client -servername "" ... The error I'm getting

Re: [openssl-dev] "SSL_dane_enable() may be called"

On Sat, Jan 16, 2016, Viktor Dukhovni wrote: > On Sat, Jan 16, 2016 at 04:30:26AM -0800, Claus Assmann wrote: > > SSL_dane_enable() may be called before the SSL handshake is > > initiated with L<SSL_connect(3)> to enable DANE for that connection. > > "may&q

Re: [openssl-dev] SSL_set_tlsext_host_name(ssl, "")

On Sat, Jan 16, 2016, Viktor Dukhovni wrote: > > Please try the two attached patches. > Better version of the first patch. Those solve the problem for me. Thanks! ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] OPENSSL_INIT_new(): malloc()

commit 7253fd550c768979ecd3df8f4dbbedd6e9dd76b0 diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c +/* + * These routines call the C malloc/free, to avoid intermixing with + * OpenSSL function pointers before the library is initialized. + */ +OPENSSL_INIT_SETTINGS

Re: [openssl-dev] OpenSSL-1.1 make depend

On Wed, Jan 20, 2016, Erik Forsberg wrote: > seems util/clean-depend.pl is now broken if using Solaris cc compiler. Just a confirmation that this isn't specific to that setup: the same happens on OpenBSD (e.g., 5.3) with gcc. > I get gazillions of 'Use of uninitialized variable in ' when

Re: [openssl-dev] OpenSSL-1.1 make depend

On Thu, Jan 21, 2016, Salz, Rich wrote: > --- a/util/clean-depend.pl > -while() { > -my ($dummy, $file,$deps)=/^((.*):)? (.*)$/; > +while(my $line = ) { > +while ($line =~ /\\$/) { chop($line); chop($line); $line .= ; } > +my ($dummy, $file,$deps)=$line =~ m/^((.*):)? (.*)$/; Not for

Re: [openssl-dev] OpenSSL-1.1 make depend

On Thu, Jan 21, 2016, Salz, Rich wrote: > Try this patch do util/domd ... > else > ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \ > -${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new > +sed -e 's# /\(\\.\|[^ ]\)*##g' -e '/: *$/d' -e '/^\(#.*\| *\)$/d' \ > +

Re: [openssl-dev] OpenSSL-1.1 make depend

Hmm, something is wrong with this new approach (or just on my machine?) Several targets have been removed from Makefile and hence broke it: --- crypto/Makefile-Thu Jan 21 08:48:08 2016 +++ crypto/Makefile Thu Jan 21 08:48:14 2016 @@ -1,4 +1,3 @@ -# Generated from Makefile.in, do not edit

[openssl-dev] SSL_get0_dane_authority() and session reuse

SSL_get0_dane_authority() returns -1 on a reused TLS session in my test program. Is that - expected? - a problem with my test program? - an error in SSL_get0_dane_authority()? ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] SSL_get0_dane_authority() and session reuse

On Fri, Jan 22, 2016, Viktor Dukhovni wrote: > > On Jan 22, 2016, at 7:35 PM, Claus Assmann wrote: > > SSL_get0_dane_authority() returns -1 on a reused TLS session > > in my test program. > It is expected, but probably should be documented. Thanks; is there any chance to

Re: [openssl-dev] 1.0.1t: test fails due to expired cert

On Tue, May 10, 2016, Viktor Dukhovni wrote: [looks like there are at least three different threads now? hence I made the Subject a bit more generic.] > > 34371851688:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify > > error:pk7_smime.c:328:Verify error:certificate has expired >

[openssl-dev] 1.0.1t: CMS => PKCS#7 compatibility tests: signed content DER format, RSA key: verify error

make test fails on OpenBSD and FreeBSD (8.4): CMS => PKCS#7 compatibility tests signed content DER format, RSA key: verify error *** Error 1 in test (Makefile:330 'test_cms') more cms.err Verification failure 34371851688:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify

Re: [openssl-dev] 1.1.0 pre release 6: Installing manpages error: tr

On Thu, Aug 04, 2016, Richard Levitte wrote: > I suppose this depends on what shell is being used. I've attached a /bin/ksh > fix (apply with 'patch -p1 < unix-Makefile.tmpl.patch'), would you > mind trying it out? That works (I made those changes by hand to Makefile before). -- openssl-dev

[openssl-dev] 1.1.0 pre release 6: Installing manpages error: tr

Happens on OpenBSD and Linux (similar error message): *** Installing manpages usage: tr [-cs] string1 string2 tr [-c] -d string1 tr [-c] -s string1 tr [-c] -ds string1 string2 Seems [A-Z] etc needs to be quoted, e.g., tr '[a-z]' '[A-Z]' There are several places like this

[openssl-dev] "typo" in SSL_CTX_set_min_proto_version.pod

Seems there are 4 functions, so don't explicitly mention the number: diff --git a/doc/ssl/SSL_CTX_set_min_proto_version.pod b/doc/ssl/SSL_CTX_set_min_proto_version.pod index 8878514..3e9fe80 100644 --- a/doc/ssl/SSL_CTX_set_min_proto_version.pod +++ b/doc/ssl/SSL_CTX_set_min_proto_version.pod @@

Re: [openssl-dev] Revert commit 10621ef white space nightmare

On Mon, Jan 09, 2017, Leonard den Ottolander wrote: > If one wants to indent directives space is normally inserted before the > hash sign. I don't remember ever seeing directives being indented by > adding white space between the hash sign and the directive. Then you didn't look at source code

[openssl.org #3193] [typo] SSL_CTX_set_info_callback

diff --git a/doc/ssl/SSL_CTX_set_info_callback.pod b/doc/ssl/SSL_CTX_set_info_callback.pod index 0b4affd..e1e96a9 100644 --- a/doc/ssl/SSL_CTX_set_info_callback.pod +++ b/doc/ssl/SSL_CTX_set_info_callback.pod @@ -20,7 +20,7 @@ SSL_CTX_set_info_callback() sets the Bcallback function, that can be

[openssl.org #3417] some spelling fixes: doc/ssl/*.pod

based on spell(1) output. diff --git a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod index 4fc8f06..2049a53 100644 --- a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod +++ b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod @@ -14,12 +14,12 @@ SSL_CONF_CTX_set_ssl_ctx,

[openssl-dev] [openssl.org #4219] [typos] DANE related docs

diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod index 66eb1b3..29fc4db 100644 --- a/doc/ssl/SSL_CTX_dane_enable.pod +++ b/doc/ssl/SSL_CTX_dane_enable.pod @@ -40,7 +40,7 @@ SSL_CTX_dane_mtype_set() may then be called zero or more times to to adjust the supported

[openssl-dev] [openssl.org #4250] [typos] doc/ssl/SSL_CTX_dane_enable.pod

The example uses "s" in some places instead of "ssl": diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod index c3c203e..21788ad 100644 --- a/doc/ssl/SSL_CTX_dane_enable.pod +++ b/doc/ssl/SSL_CTX_dane_enable.pod @@ -210,9 +210,9 @@ the lifetime of the SSL connection.

[openssl-dev] [openssl.org #4264] [typo] doc/crypto/X509_LOOKUP_hash_dir.pod

diff --git a/doc/crypto/X509_LOOKUP_hash_dir.pod b/doc/crypto/X509_LOOKUP_hash_dir.pod index 680a9fd..7a5d684 100644 --- a/doc/crypto/X509_LOOKUP_hash_dir.pod +++ b/doc/crypto/X509_LOOKUP_hash_dir.pod @@ -24,7 +24,7 @@ lookup methods B and B are two certificate lookup methods to use with B,

[openssl-dev] [openssl.org #4268] [typo?] doc/ssl/SSL_get_session.pod

Not sure whether this patch is right, but AFAICT SSL_get_session() does not return a "Pointer to an SSL". diff --git a/doc/ssl/SSL_get_session.pod b/doc/ssl/SSL_get_session.pod index d360e8a..d8aa705 100644 --- a/doc/ssl/SSL_get_session.pod +++ b/doc/ssl/SSL_get_session.pod @@ -58,7 +58,7 @@ The

Re: [openssl-dev] [openssl.org #4264] [typo] doc/crypto/X509_LOOKUP_hash_dir.pod

More spelling errors, and the text about "is sequentual number" should probably be rewritten. diff --git a/doc/crypto/X509_LOOKUP_hash_dir.pod b/doc/crypto/X509_LOOKUP_hash_dir.pod index 680a9fd..fab28b6 100644 --- a/doc/crypto/X509_LOOKUP_hash_dir.pod +++ b/doc/crypto/X509_LOOKUP_hash_dir.pod