signed after/before encryption?
While normally the original data before encryption gets signed, what is the effect of signing the encrypted data? In this form, the verification can take place without decrypting the data. Any pros and cons of this method? Thanks -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6643 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: fwd: Joke
Beware !!! This file is infected with the VBS.LoveLetter virus !!! Regards, Olivier __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Computer Virus
Achtung, die von Ihnen versandte Mail enthaelt entweder einen Computer Virus oder mindestens eine beigefuegte Datei des Typs BAT, CHM, CMD, COM, CPL, EXE, HLP, INF, INS, ISP, JAR, JS, JSE, LNK, MDB, MDE, MSC, MSI, MSP, MST, OCX, PIF, PL, REG, SCR, SCT, SHB, SHS, VB, VBE, VBS, WSC, WSF, WSH und wurde daher nicht an den Empfaenger weitergeleitet. Wenn Sie Dateien der genannten Typen senden wollen, koennen Sie diese innerhalb einer ZIP oder TAR Datei, welche Sie Ihrer Mail beifuegen, uebertragen. Attention, your mail contains either a computer virus or one of the following attachment types: BAT, CHM, CMD, COM, CPL, EXE, HLP, INF, INS, ISP, JAR, JS, JSE, LNK, MDB, MDE, MSC, MSI, MSP, MST, OCX, PIF, PL, REG, SCR, SCT, SHB, SHS, VB, VBE, VBS, WSC, WSF, WSH. These types are not delivered to the final recipients. If you want to send one of these types, please encode them as ZIP or TAR files. [EMAIL PROTECTED] - Unsent message follows - Received: from ossp1.ossp.org(62.208.181.50) by mozart.adv.magwien.gv.at via smap (V2.0) id xma063272; Mon, 6 Nov 00 10:38:35 +0100 Received: by mail.ossp.org (Sendmail 8.11.0+/smtpfeed 1.07) for openssl-users-L2 id eA69aW231299; Mon, 6 Nov 2000 10:36:32 +0100 (CET) Received: by mail.ossp.org (Sendmail 8.11.0+) via ESMTP for [EMAIL PROTECTED] from opensource.ee.ethz.ch id eA69aVq31296; Mon, 6 Nov 2000 10:36:31 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2/smtpfeed 1.06) for openssl-users-L id KAA15918; Mon, 6 Nov 2000 10:36:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for [EMAIL PROTECTED] from platone.tasitalia.com id KAA15894; Mon, 6 Nov 2000 10:36:01 +0100 (MET) Received: from CVPNT ([10.166.64.190]) by platone.tasitalia.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id VVT8Y0XW; Mon, 6 Nov 2000 10:31:04 +0100 From: "Gianluca Russo" [EMAIL PROTECTED] To: "SSL_user" [EMAIL PROTECTED] Subject: fwd: Joke Date: Mon, 6 Nov 2000 10:33:18 - Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_0081_01C047DC.FA669D20" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: [EMAIL PROTECTED] Precedence: bulk Reply-To: [EMAIL PROTECTED] X-Sender: "Gianluca Russo" [EMAIL PROTECTED] X-List-Manager: OpenSSL Majordomo [version 1.94.4] X-List-Name: openssl-users X-Header-From: "Gianluca Russo" [EMAIL PROTECTED] X-Header-From: "Gianluca Russo" [EMAIL PROTECTED] - Message body suppressed - __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Antigen found =*.vbs file
Antigen for Exchange found Very Funny.vbs matching =*.vbs file filter. The file is currently Deleted. The message, "fwd: Joke", was sent from Gianluca Russo and was discovered in IMC Queues\Inbound located at UAlbany/ADM/EMAIL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
InterScan NT Alert
Receiver, InterScan has detected virus(es) in the e-mail attachment. Date: Mon, 06 Nov 2000 10:37:02 +0100 (W. Europe Standard Time) Method: Mail From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] File: Very Funny.vbs Action: clean failed - deleted Virus: VBS_LOVELETTER-O __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Blind signatures
I would like to know is there is an easy way of making blind signatures with openssl. I need a text string to be signed but I don`t want the server that is going to sign this text string to know it. Openssl uses blinding in RSA but it is used to avoid timing attacks. Thanks in advanced. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: What should be freed when looping?
On Mon, Nov 06, 2000 at 03:50:02PM +0100, Stephane Bortzmeyer wrote: I have a program (whose purpose is to test and benchmark Web servers) which can loop over a given server. During the loop, what should I close/free? Since there is apparently no documentation of the API (if I'm wrong, I pay a beer for any pointer to actual documentation), I wonder if I should: New manual pages are added over time. Please get a latest snapshot or access the online documentation on www.openssl.org; there are links at the bottom of the ssl(3) manual page... SSL_free (ssl); SSL_CTX_free (ctx); at every iteration or not? May I safely reuse contexts? You can and should safely reuse a SSL_CTX object, so that you don't need to reinitialize things like the certificate stuff. An SSL object can also be reused, you should however make sure to call SSL_clear() on it before reuse. I cannot give you numbers on the performance impact of SSL_new() or SSL_CTX_new(), respectively. Both functions do however call functions of the malloc() class quite often, so that memory fragmentation might occur. For this reason alone, I would already recommend you to reuse SSL and SSL_CTX objects. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: What should be freed when looping?
At 03:50 PM 11/6/00 +0100, Stephane wrote: Since there is apparently no documentation of the API (if I'm wrong, I pay a beer for any pointer to actual documentation), Did you check the "documentation" section of the website listed below in the maillist signature? __ OpenSSL Project http://www.openssl.org It's mostly 'man pages' and may not answer your question, but it's a start... Tom Biggs '89 FJ1200 DoD #1146 "The whole aim of practical politics is to keep the populace alarmed - and hence clamorous to be led to safety - by menacing it with an endless series of hobgoblins, all of them imaginary." -- H.L. Mencken __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: What should be freed when looping?
On Monday 6 November 2000, at 10 h 3, the keyboard of Tom Biggs [EMAIL PROTECTED] wrote: Did you check the "documentation" section of the website listed below in the maillist signature? It's just the list of the prototypes of the functions... Without any semantic information. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Crypt::SSLeay mmap failed
Joshua, Thank you for the response. The LD_LIBRARY_PATH had been set fine. What I did was download the full release of openssl and use gcc instead. There also seems to be an issue with the patch-level of the OS for Solaris 2.6. It works on a machine with kernel level 105181-23, but not on one 105181-08. I set the user/envs/perl/gcc/openssl exactly the same across both machines. One worked and the other one did not...of course I could be completely off Thanks, Joe -Original Message- From: Joshua Chamas [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 02, 2000 7:54 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Crypt::SSLeay mmap failed "Thykattil, Joe" wrote: Hello, Having trouble compiling/testing the CRYPT Perl module Crypt-SSLeay-0.17 with openssl-0.9.6-beta2. The compile, test and install on the openssl went fine. The compile of the SSLeay module had the following ran fine. The test of the SSLeay module encountered the following error: Any suggestions would be greatly appreciated. Thanks, That was pretty bad... I haven't see this kind of error before, though I saw you had perl5. which is good, but that you are using Sun's cc compiler, which is generally bad. Lots of times, if you just use gcc to compile your stuff, especially, perl, things just work, so your compiler might be the problem. Here's the error that particularly struck me... t/ssl_context...Can't load 'blib/arch/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: ld.so.1: /home/rmiller/bin/perl: fatal: blib/arch/auto/Crypt/SSLeay/SSLeay.so: mmap failed: No such device at /home/rmiller/lib/perl5/sun4-solaris/DynaLoader.pm line 169. You are on Solaris/SunOS?, there's a chance that your LD_LIBRARY_PATH is not set to include your openssl libs? Try that too. -- Joshua __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
excuse me !!!!!
I'm sorry ! I apologizeforthe virus I sent to the comunity.I'm a victim too. excuse me ! Gianluca
RE: HELP !
I am resending this message ::: Hello, I am receiving the following error with openssl 0.9.6.. - ./openssl genrsa -des3 -out server.key 1024 warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus 12754:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:474:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html 12754:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182: -- I went to the web site, but I do not understand what the issue is.. I patched the solaris 2.6 server... But I still get the error.. can I get Idiot Proof instructions .. I do not know what to do .. the make ran, the make test ran, and the make ran fine.. now I get some unseeded issue ?? what is that? Customer Support Program Manager/Remedy Development Manager [Zandi Patrick S TSgt AFRL/IFOSS] OLE Object: Picture (Metafile) WP 315-330-3911 Fax 315-330-3314 Air Force Rome Research Laboratory, 525 Brooks Ave Rome NY, 13440, OLE Object: Picture (Metafile) Mailto:[EMAIL PROTECTED] OLE Object: Picture (Metafile) http://www.rl.af.mil Way to Go Remedy ~~~ OLE Object: Picture (Metafile) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Self Signed Company CA Root --signs-- Project CA --signs- Server and Client certs
I'm having a bitch of a time getting client verification to work to work. I've got the root CA cert, project CA cert, and server and client certs (keys with passphrase removed) all in pem encoded format. I've done the following. 1.Created a new mod_ssl instance of apache 2.Set the server key and cert tags 3.set verifyclient to 'require', left the verifydepth at 10 (i've tried playing with this.. seems to have _no_ affect) 4. multiple scenerios here. a) set the ca file to the project CA cert (errors with something like 'failed to get local issuer) b) set the ca file to the root CA cert (some other error which basically said.. can't verify the issuer) c) set the capath to a directory with the server, root ca, and project ca certs and ran make to build the hash symlinks d) set cerfificate chain to a file with project CA cert and root ca cert e) set ca file to a ca bundle I created with name, md5 fingerprint, cert, and text ouput of root CA and project CA. What works? if i turn off client verification i can hit the server with an https connection I realize that I'm not including error messages, and thats cuz they all seem to be alittle different. I've tried connecting to all these scenerio's using a p12 version of the client cert which i generated using the client cert, key (with passphrase removed) and also using openssl s_client with cert and key parameters using the pem format cert/key (pass removed) Has anyone else attempted to do this multiple level CA thing and had success doing client cert verification? Is there something I might have missed? some various errors for a-e) "Certificate Verification: Error (26): unsupported certificate purpose" "Certificate Verification: Error (20): unable to get local issuer certificate" openssl 0.9.5a apache 1.3.12 Matthew Lenz __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Newbie question: How do you share parameters (IV, padding scheme) with other non-ssl clients?
I'm trying to write a package that links to the OpenSSL libs on the C side and communicates with another server that will be running Java's JCE. I can get the two to talk using DES ECB (and I expect Triple DES, but haven't tried that yet.) This is because both sides internally agree to use PKCS5 padding. But for DES CBC or others that want an IV, I'm not sure how to communicate the IV (or another padding scheme). Both sides use a binary shared key. I considered encoding it into the head of the transmission, sort of like the way the base64 salt is prepended to Unix passwords. But this is problematic. But I've read some stuff that indicates that some sort of this scheme exists already. Its not in the KeyAgreement stuff, which seems to want to open a socket based path between the two end points. This won't work in our case. I just need the entire ciphertext to be interpreted correctly by my libs on the other end. Can anyone help? Are there existing protocols for this sort of thing? Thanks Ed Ed Howland Director, Unix Development StreamSearch.com (314) 746-1827 (314) 406-6836 (mobile) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ostrich head in the sand... Please stop sending the virus!
Erwann ABALEA wrote: [...] I thought that using Pine solved the problem of viruses... I was wrong... Even the simple 'mailx' can be exploited... and I don't have any multimedia extension to Pine... ;-) I know this is drifting off-topic, but I'm curious. Our corporate gateway apparently filtered this virus, since there's no trace of it in my inbox other than converstion about it. What vulnerability did it exploit? If you care to reply, perhaps edit the To: line to point to me instead of the list. Thanks! Paul Allen -- Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964 Unix Technical Support | [EMAIL PROTECTED] Boeing Phantom Works Math Computing Technology Site Operations, POB 3707 M/S 7L-68, Seattle, WA 98124-2207 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Self Signed Company CA Root --signs-- Project CA --signs-Server and Client certs
[EMAIL PROTECTED] wrote: I'm having a bitch of a time getting client verification to work to work. I've got the root CA cert, project CA cert, and server and client certs (keys with passphrase removed) all in pem encoded format. I've done the following. 1.Created a new mod_ssl instance of apache 2.Set the server key and cert tags 3.set verifyclient to 'require', left the verifydepth at 10 (i've tried playing with this.. seems to have _no_ affect) 4. multiple scenerios here. a) set the ca file to the project CA cert (errors with something like 'failed to get local issuer) b) set the ca file to the root CA cert (some other error which basically said.. can't verify the issuer) c) set the capath to a directory with the server, root ca, and project ca certs and ran make to build the hash symlinks d) set cerfificate chain to a file with project CA cert and root ca cert e) set ca file to a ca bundle I created with name, md5 fingerprint, cert, and text ouput of root CA and project CA. What works? if i turn off client verification i can hit the server with an https connection I realize that I'm not including error messages, and thats cuz they all seem to be alittle different. I've tried connecting to all these scenerio's using a p12 version of the client cert which i generated using the client cert, key (with passphrase removed) and also using openssl s_client with cert and key parameters using the pem format cert/key (pass removed) Has anyone else attempted to do this multiple level CA thing and had success doing client cert verification? Is there something I might have missed? some various errors for a-e) "Certificate Verification: Error (26): unsupported certificate purpose" "Certificate Verification: Error (20): unable to get local issuer certificate" You don't say what you are using as a client. It looks like its having problems verifying the client certificate chain. You mention root CA, project CA and server and client certificates. What actually signs the client certificates, i.e. what is its chain? Also the unsupported purpose error suggests that you've either hit the OpenSSL 0.9.5a verification bug (which can cause server verify problems: its fixed in 0.9.6) or the chain is really invalid. Without seeing the client certificate chain (text output) I can't decide which. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Self Signed Company CA Root --signs-- Project CA --signs- Server and Client certs
Mathew, Sounds like certificate problems. I've set up the nsopenssl module for AOLserver to do what you're trying to do, so I know that at least OpenSSL 0.9.5a works ok in this regard. I've taken the Dept of Defense root CA and second level CA and made them available to the web server for verifying client certificates. Then I used s_client with my client cert and key (and the same two CA certs so s_client could verify the server cert) and made a connection to the server. The verify depth was set to 3, but only 2 levels were needed to verify. Both client and server verified fine. All certs were in PEM format. Although I haven't done this with Apache/mod_ssl, I have a few ideas about what you might try. First, make sure the CA certificates are in a directory of their own. I don't think your server certificate should not be in the same directory as the CA certificates. Second, reverse the process: generate a server certificate from your root CA/project CA certificates and have your Apache server use that certificate for https connections. Make sure verify client is OFF. Then point 'openssl s_client' to the root CA/project CA certificates and connect to your server. If s_client verifies your server certificate, then you know that your root CA/project CA certificates and the process you're using to generate certificates is sound. I notice in 4a 4b below that you've set the ca file to either the root CA or the project CA; both must be available to verify the chain, if memory serves me correctly. /s. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 06, 2000 1:43 PM Subject: Self Signed Company CA Root --signs-- Project CA --signs- Server and Client certs I'm having a bitch of a time getting client verification to work to work. I've got the root CA cert, project CA cert, and server and client certs (keys with passphrase removed) all in pem encoded format. I've done the following. 1.Created a new mod_ssl instance of apache 2.Set the server key and cert tags 3.set verifyclient to 'require', left the verifydepth at 10 (i've tried playing with this.. seems to have _no_ affect) 4. multiple scenerios here. a) set the ca file to the project CA cert (errors with something like 'failed to get local issuer) b) set the ca file to the root CA cert (some other error which basically said.. can't verify the issuer) c) set the capath to a directory with the server, root ca, and project ca certs and ran make to build the hash symlinks d) set cerfificate chain to a file with project CA cert and root ca cert e) set ca file to a ca bundle I created with name, md5 fingerprint, cert, and text ouput of root CA and project CA. What works? if i turn off client verification i can hit the server with an https connection I realize that I'm not including error messages, and thats cuz they all seem to be alittle different. I've tried connecting to all these scenerio's using a p12 version of the client cert which i generated using the client cert, key (with passphrase removed) and also using openssl s_client with cert and key parameters using the pem format cert/key (pass removed) Has anyone else attempted to do this multiple level CA thing and had success doing client cert verification? Is there something I might have missed? some various errors for a-e) "Certificate Verification: Error (26): unsupported certificate purpose" "Certificate Verification: Error (20): unable to get local issuer certificate" openssl 0.9.5a apache 1.3.12 Matthew Lenz __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl install problem
Hi sorry for the newbie question, but when I run make, I get the following: making all in crypto... make[1]: Entering directory `/tmp/openssl-0.9.6/crypto' ( echo "#ifndef MK1MF_BUILD"; \ echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \ echo " #define CFLAGS \"gcc -DTHREADS -D_REENTRANT -DB_ENDIAN -DTERMIO -O3 -fom it-frame-pointer -Wall\""; \ echo " #define PLATFORM \"linux-sparcv7\""; \ echo " #define DATE \"`date`\""; \ echo "#endif" ) buildinf.h gcc -I. -I../include -DTHREADS -D_REENTRANT -DB_ENDIAN -DTERMIO -O3 -fomit-f rame -pointer -Wall -c -o cryptlib.o cryptlib.c In file included from /usr/include/errno.h:36, from ../include/openssl/err.h:90, from cryptlib.h:70, from cryptlib.c:61: /usr/include/bits/errno.h:25: linux/errno.h: No such file or directory make[1]: *** [cryptlib.o] Error 1 make[1]: Leaving directory `/tmp/openssl-0.9.6/crypto' make: *** [all] Error 1 Can anyone point me in the right direction? I've tried doing a ./config -no-asm, but that didn't seem to work any better. Thanks, Bryan __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: signed after/before encryption?
I am sorry for my unclear questions. In a scenario that the signature is stored in PKCS#7 format which is encrypted with the recipient's public key. While the data is encrypted with 3DES. If the data are to be stored in its encryption form and only decrypted when its in use, does the verification of encrypted data's signature have the same level of security of the decrypted data's signature? The reason for this is that if the data have been corrupted, there is no point to decrypt them. -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6643 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
0.9.6 for MacOS X Public Beta?
Suggestions for building the latest version of OpenSSL for MacOS X PB? Currently installed version is 0.95a (I think), but it doesn't have the includes and such that are needed to compile "cURL" with ssl support... Help? -KenS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl-engine has some problem with profiling
Has anybody ever used profiling(CFLAGS=-pg) to analyze the amount of time spent in each routine in openssl? I tried it in openssl-engine-0.9.6. But the option -pg seemed to conflict with the option of -fomit-frame-pointer, so I got rid of the latter. But when I tried to do speed test(apps/openssl speed -engine cswift), it failed. THe following is the error message: can't use that engine 6653:error:25067066:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:157: 6653:error:25072066:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:230: 6653:error:26065068:engine routines:CSWIFT_INIT:DSO failure:hw_cswift.c:271: 6653:error:2607E06D:engine routines:ENGINE_SET_DEFAULT_TYPE:init failed:engine_lib.c:399: error in speed I'm using FreeBSD 4.1. I did add -DDSO_DLFCN -DHAVE_DLFCN_H when I did config, and there was no problem when I didn't use profiling. Only when I added -pg and got rid of -formit-frame-pointer did this problem exist. Does anybody has such experience? Please give me some hint. Thanks a lot, Jennifer _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: openssl install problem
Hi sorry for the newbie question, but when I run make, I get the following: Your build environment is corrupt. It's not OpenSSL's fault. /usr/include/bits/errno.h:25: linux/errno.h: No such file or directory Seems like '/usr/include/bits/errno.h' refers to a 'linux/errno.h' file that doesn't exist. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]