Re: [openssl-dev] OpenSSL version 1.0.2n published

2017-12-08 Thread The Doctor
On Fri, Dec 08, 2017 at 10:18:37AM +, Matt Caswell wrote:
> 
> 
> On 08/12/17 05:33, The Doctor wrote:
> > On Thu, Dec 07, 2017 at 03:35:05PM +0100, Jan Ehrhardt wrote:
> >> OpenSSL in gmane.comp.encryption.openssl.devel (Thu, 7 Dec 2017 13:55:43
> >> +):
> >>>   OpenSSL version 1.0.2n released
> >>
> >> I ran into a compiling issue with openssl-fips-2.0.16.
> >> See https://github.com/openssl/openssl/issues/4864
> >> -- 
> >> Jan
> >>
> > 
> > I am getting test_fatalerr
> > ../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem
> > SSL_accept() failed -1, 1
> > 34383541656:error:140800FF:SSL routines:ssl3_accept:unknown 
> > state:s3_srvr.c:869:
> > using clang 5
> 
> 
> Please see the earlier answer on this question:
> 
> https://mta.openssl.org/pipermail/openssl-dev/2017-December/009877.html
> 
> Matt
>

FOund this in my e-mail.

I might compile the SNAP and copy over errors I see.

> -- 
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Happy Christmas 2017 and Merry New Year 2018
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Re: [openssl-dev] OpenSSL version 1.0.2n published

2017-12-08 Thread Matt Caswell


On 08/12/17 05:33, The Doctor wrote:
> On Thu, Dec 07, 2017 at 03:35:05PM +0100, Jan Ehrhardt wrote:
>> OpenSSL in gmane.comp.encryption.openssl.devel (Thu, 7 Dec 2017 13:55:43
>> +):
>>>   OpenSSL version 1.0.2n released
>>
>> I ran into a compiling issue with openssl-fips-2.0.16.
>> See https://github.com/openssl/openssl/issues/4864
>> -- 
>> Jan
>>
> 
> I am getting test_fatalerr
> ../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem
> SSL_accept() failed -1, 1
> 34383541656:error:140800FF:SSL routines:ssl3_accept:unknown 
> state:s3_srvr.c:869:
> using clang 5


Please see the earlier answer on this question:

https://mta.openssl.org/pipermail/openssl-dev/2017-December/009877.html

Matt

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Re: [openssl-dev] OpenSSL version 1.0.2n published

2017-12-08 Thread Jan Ehrhardt
Jan Ehrhardt in gmane.comp.encryption.openssl.devel (Thu, 07 Dec 2017
15:35:05 +0100):
>OpenSSL in gmane.comp.encryption.openssl.devel (Thu, 7 Dec 2017 13:55:43
>+):
>>   OpenSSL version 1.0.2n released
>
>I ran into a compiling issue with openssl-fips-2.0.16.
>See https://github.com/openssl/openssl/issues/4864

Fixed by https://github.com/openssl/openssl/pull/4870
-- 
Jan

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Re: [openssl-dev] OpenSSL version 1.0.2n published

2017-12-07 Thread The Doctor
On Thu, Dec 07, 2017 at 03:35:05PM +0100, Jan Ehrhardt wrote:
> OpenSSL in gmane.comp.encryption.openssl.devel (Thu, 7 Dec 2017 13:55:43
> +):
> >   OpenSSL version 1.0.2n released
> 
> I ran into a compiling issue with openssl-fips-2.0.16.
> See https://github.com/openssl/openssl/issues/4864
> -- 
> Jan
>

I am getting test_fatalerr
../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem
SSL_accept() failed -1, 1
34383541656:error:140800FF:SSL routines:ssl3_accept:unknown state:s3_srvr.c:869:
using clang 5

> -- 
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Happy Christmas 2017 and Merry New Year 2018
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Re: [openssl-dev] OpenSSL version 1.0.2n published

2017-12-07 Thread Viktor Dukhovni


> On Dec 7, 2017, at 8:55 AM, OpenSSL  wrote:
> 
>   OpenSSL - The Open Source toolkit for SSL/TLS
>   https://www.openssl.org/
> 
>   The OpenSSL project team is pleased to announce the release of
>   version 1.0.2n of our open source toolkit for SSL/TLS. For details
>   of changes and known issues see the release notes at:
> 
>https://www.openssl.org/news/openssl-1.0.2-notes.html

It is perhaps useful to expand on one sentence in the CHANGE log:

 Changes between 1.0.2m and 1.0.2n [7 Dec 2017]

  *) Read/write after SSL object in error state

 OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
 mechanism. The intent was that if a fatal error occurred during a handshake
 then OpenSSL would move into the error state and would immediately fail if
 you attempted to continue the handshake. This works as designed for the
 explicit handshake functions (SSL_do_handshake(), SSL_accept() and
 SSL_connect()), however due to a bug it does not work correctly if
 SSL_read() or SSL_write() is called directly. ...

What "directly" means at the end of the quoted text is "directly, without
first performing an explicit handshake".  In that case the handshake is
an implicit side-effect of the first read or write call, and it was in
that case that the "error state" mechanism did not behave as intended.

-- 
Viktor.

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Re: [openssl-dev] OpenSSL version 1.0.2n published

2017-12-07 Thread Randall S. Becker
Thanks Matt. Glad it's no factor. The test otherwise completed with $?=0.
Cheers,
Randall

-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Matt
Caswell
Sent: December 7, 2017 11:05 AM
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] OpenSSL version 1.0.2n published



On 07/12/17 15:16, Randall S. Becker wrote:
> For HPE NonStop J-Series: Builds passed. Previous version was 1.0.2m.
> 
> New breakage:
> ../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem 
> ../apps/server.pem
> SSL_accept() failed -1, 1
> 1827815872:error:140800FF:SSL routines:ssl3_accept:unknown state:
> openssl/ssl/s3_srvr.c:869:

The 1.0.2 test framework is very noisy (its much better in 1.1.0). There are
a whole bunch of tests that output "failures" and "errors" which are
actually normal operation (because they are testing failure and error
conditions). The above is normal output from a successful test. The
important thing is if the overall "make test" process completes successfully
or exits with an error.

Matt


> 
> -Original Message-
> From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf 
> Of OpenSSL
> Sent: December 7, 2017 8:56 AM
> To: OpenSSL Developer ML <openssl-dev@openssl.org>; OpenSSL User 
> Support ML <openssl-us...@openssl.org>; OpenSSL Announce ML 
> <openssl-annou...@openssl.org>
> Subject: [openssl-dev] OpenSSL version 1.0.2n published
> 
> 
>OpenSSL version 1.0.2n released
>===
> 
>OpenSSL - The Open Source toolkit for SSL/TLS
>https://www.openssl.org/
> 
>The OpenSSL project team is pleased to announce the release of
>version 1.0.2n of our open source toolkit for SSL/TLS. For details
>of changes and known issues see the release notes at:
> 
> https://www.openssl.org/news/openssl-1.0.2-notes.html
> 
>OpenSSL 1.0.2n is available for download via HTTP and FTP from the
>following master locations (you can find the various FTP mirrors under
>https://www.openssl.org/source/mirror.html):
> 
>  * https://www.openssl.org/source/
>  * ftp://ftp.openssl.org/source/
> 
>The distribution file name is:
> 
> o openssl-1.0.2n.tar.gz
>   Size: 5375802
>   SHA1 checksum: 0ca2957869206de193603eca6d89f532f61680b1
>   SHA256 checksum:
> 370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe
> 
>The checksums were calculated using the following commands:
> 
> openssl sha1 openssl-1.0.2n.tar.gz
> openssl sha256 openssl-1.0.2n.tar.gz
> 
>Yours,
> 
>The OpenSSL Project Team.
> 
> 
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Re: [openssl-dev] OpenSSL version 1.0.2n published

2017-12-07 Thread Randall S. Becker
I went back to our Jenkins test logs and found that this breakage was prior
to 1.0.2n. Sorry for the confusion. I still need to track down why this is
happening.

Advice is appreciated on pursing this.
Thanks,
Randall

-- Brief whoami: NonStop developer since approximately
UNIX(421664400)/NonStop(2112884442) 
-- In my real life, I talk too much.


-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
Randall S. Becker
Sent: December 7, 2017 10:16 AM
To: open...@openssl.org; openssl-dev@openssl.org
Subject: Re: [openssl-dev] OpenSSL version 1.0.2n published

For HPE NonStop J-Series: Builds passed. Previous version was 1.0.2m.

New breakage:
../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem
SSL_accept() failed -1, 1
1827815872:error:140800FF:SSL routines:ssl3_accept:unknown state:
openssl/ssl/s3_srvr.c:869:

-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
OpenSSL
Sent: December 7, 2017 8:56 AM
To: OpenSSL Developer ML <openssl-dev@openssl.org>; OpenSSL User Support ML
<openssl-us...@openssl.org>; OpenSSL Announce ML
<openssl-annou...@openssl.org>
Subject: [openssl-dev] OpenSSL version 1.0.2n published

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 1.0.2n released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.0.2n of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

https://www.openssl.org/news/openssl-1.0.2-notes.html

   OpenSSL 1.0.2n is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.0.2n.tar.gz
  Size: 5375802
  SHA1 checksum: 0ca2957869206de193603eca6d89f532f61680b1
  SHA256 checksum:
370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.0.2n.tar.gz
openssl sha256 openssl-1.0.2n.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJaKT/tAAoJENnE0m0OYESR/JMH/jME2y7j63xd1JX1A41mgKiC
y9ps1niQw6QVH50r2IR0bZc9EpM9WEF0zERjCPwvh/tCn2IS/40uGzdHps8aexV1
3p7F3oAyXfG3xPyY3p14zfRP+9YvatbVT28HVnhGmruUonS9p6H+4zQN4hd8LZQO
tMZ5XtdmTbULdnlD6znBVECcUN2C+LQgaGZ5WCx8Wh8b7Wo3VT50+Jwv/VtmgLAf
csQKJlD7qNQq9xZ+fMGAlWuAIeGPM4ck+bbvx2ZclVMJh98rPWMd9HniNWrtMkM4
y4z7cu7hLKlroFpgJKH9kWxlDDCSWE3pxb9RLidff1K3HFps5NDc41Rk8tYqcVU=
=CjjY
-END PGP SIGNATURE-
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Re: [openssl-dev] OpenSSL version 1.0.2n published

2017-12-07 Thread Matt Caswell


On 07/12/17 15:16, Randall S. Becker wrote:
> For HPE NonStop J-Series: Builds passed. Previous version was 1.0.2m.
> 
> New breakage:
> ../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem
> SSL_accept() failed -1, 1
> 1827815872:error:140800FF:SSL routines:ssl3_accept:unknown state:
> openssl/ssl/s3_srvr.c:869:

The 1.0.2 test framework is very noisy (its much better in 1.1.0). There
are a whole bunch of tests that output "failures" and "errors" which are
actually normal operation (because they are testing failure and error
conditions). The above is normal output from a successful test. The
important thing is if the overall "make test" process completes
successfully or exits with an error.

Matt


> 
> -Original Message-
> From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
> OpenSSL
> Sent: December 7, 2017 8:56 AM
> To: OpenSSL Developer ML ; OpenSSL User Support ML
> ; OpenSSL Announce ML
> 
> Subject: [openssl-dev] OpenSSL version 1.0.2n published
> 
> 
>OpenSSL version 1.0.2n released
>===
> 
>OpenSSL - The Open Source toolkit for SSL/TLS
>https://www.openssl.org/
> 
>The OpenSSL project team is pleased to announce the release of
>version 1.0.2n of our open source toolkit for SSL/TLS. For details
>of changes and known issues see the release notes at:
> 
> https://www.openssl.org/news/openssl-1.0.2-notes.html
> 
>OpenSSL 1.0.2n is available for download via HTTP and FTP from the
>following master locations (you can find the various FTP mirrors under
>https://www.openssl.org/source/mirror.html):
> 
>  * https://www.openssl.org/source/
>  * ftp://ftp.openssl.org/source/
> 
>The distribution file name is:
> 
> o openssl-1.0.2n.tar.gz
>   Size: 5375802
>   SHA1 checksum: 0ca2957869206de193603eca6d89f532f61680b1
>   SHA256 checksum:
> 370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe
> 
>The checksums were calculated using the following commands:
> 
> openssl sha1 openssl-1.0.2n.tar.gz
> openssl sha256 openssl-1.0.2n.tar.gz
> 
>Yours,
> 
>The OpenSSL Project Team.
> 
> 
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Re: [openssl-dev] OpenSSL version 1.0.2n published

2017-12-07 Thread Randall S. Becker
For HPE NonStop J-Series: Builds passed. Previous version was 1.0.2m.

New breakage:
../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem
SSL_accept() failed -1, 1
1827815872:error:140800FF:SSL routines:ssl3_accept:unknown state:
openssl/ssl/s3_srvr.c:869:

-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
OpenSSL
Sent: December 7, 2017 8:56 AM
To: OpenSSL Developer ML ; OpenSSL User Support ML
; OpenSSL Announce ML

Subject: [openssl-dev] OpenSSL version 1.0.2n published

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 1.0.2n released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.0.2n of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

https://www.openssl.org/news/openssl-1.0.2-notes.html

   OpenSSL 1.0.2n is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.0.2n.tar.gz
  Size: 5375802
  SHA1 checksum: 0ca2957869206de193603eca6d89f532f61680b1
  SHA256 checksum:
370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.0.2n.tar.gz
openssl sha256 openssl-1.0.2n.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJaKT/tAAoJENnE0m0OYESR/JMH/jME2y7j63xd1JX1A41mgKiC
y9ps1niQw6QVH50r2IR0bZc9EpM9WEF0zERjCPwvh/tCn2IS/40uGzdHps8aexV1
3p7F3oAyXfG3xPyY3p14zfRP+9YvatbVT28HVnhGmruUonS9p6H+4zQN4hd8LZQO
tMZ5XtdmTbULdnlD6znBVECcUN2C+LQgaGZ5WCx8Wh8b7Wo3VT50+Jwv/VtmgLAf
csQKJlD7qNQq9xZ+fMGAlWuAIeGPM4ck+bbvx2ZclVMJh98rPWMd9HniNWrtMkM4
y4z7cu7hLKlroFpgJKH9kWxlDDCSWE3pxb9RLidff1K3HFps5NDc41Rk8tYqcVU=
=CjjY
-END PGP SIGNATURE-
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Re: [openssl-dev] OpenSSL version 1.0.2n published

2017-12-07 Thread Jan Ehrhardt
OpenSSL in gmane.comp.encryption.openssl.devel (Thu, 7 Dec 2017 13:55:43
+):
>   OpenSSL version 1.0.2n released

I ran into a compiling issue with openssl-fips-2.0.16.
See https://github.com/openssl/openssl/issues/4864
-- 
Jan

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev