Re: Apache client certificate authentication
You are right. Looks ubuntu packages didn't get that update up to now. Thanks, Nuno 2010/3/20 Peter Sylvester : > > Wasn't there a pb with a great number of CA names? There are 16K already? > The pb was in apache ad some of my three neurons seem to agree. > > https://issues.apache.org/bugzilla/show_bug.cgi?id=46952 > > /PS > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Apache client certificate authentication
Wasn't there a pb with a great number of CA names? There are 16K already? The pb was in apache ad some of my three neurons seem to agree. https://issues.apache.org/bugzilla/show_bug.cgi?id=46952 /PS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Apache client certificate authentication
Very sory. I was getting the following error: The following message to was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 550-'5.7.1 Message rejected due to content restrictions' Final-Recipient: rfc822;frank.heis...@messagingstrategy.com Action: failed Status: 5.0.0 (permanent failure) Remote-MTA: dns; [10.11.25.21] Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'5.7.1 Message rejected due to content restrictions' (delivery attempts: 0) -- While I now see that It was not a list error, and probably only a subscriber e-mail server replying to me, I believed that it was indeed from the list. Probably this person server is sending error messages to the "from" and not "reply-to", and I tough that the strange e-mail would be from some web filter proxy. This is why in the later message I removed the http:// links. To see if the list had that blocked due to spam. I apologize for any inconvenience. Regards, Nuno On Sat, Mar 20, 2010 at 18:13, Michael S. Zick wrote: > On Sat March 20 2010, Nuno Gonçalves wrote: >> I'm trying to set client certificate authentication. >> It looks that I cant set even the simple demo... >> > > Look like your e-mail client isn't correct either, it > seems to be sending the same message every two hours. > > Mike >> With apache2.2 installed: >> sudo a2enmod ssl >> sudo a2ensite default-ssl >> sudo /etc/init.d/apache2 restart >> >> Browse with firefox to (https)localhost - page retrieved after >> security warning, ssl working. >> >> Then I edit default-ssl and add: >> SSLCACertificatePath /etc/ssl/certs/ >> SSLVerifyClient require >> >> I now browse again to the address. >> As I don't have any certificate for the roots I have >> installed(defaults) I would expect the browser to display a error >> message. Actually it just hangs. >> Also a .net client application that I created can't display the >> "acceptable issuers" list. Empty. >> >> n...@ground2:/etc/ssl/certs$ openssl s_client -host localhost -port 443 >> -debug >> CONNECTED(0003) >> write to 0x1acf790 [0x1ad0e60] (118 bytes => 118 (0x76)) >> - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00 .tK... ..9.. >> 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 >> 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../... >> 0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 >> 0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @... >> 0050 - 00 00 03 02 00 80 e8 cd-46 6c ac 68 35 93 d6 74 Fl.h5..t >> 0060 - fb e8 80 20 3f 35 bd 84-13 a1 7c da 22 f4 3d 39 ... ?5|.".=9 >> 0070 - b9 69 1e 2b 77 9c .i.+w. >> read from 0x1acf790 [0x1ad63c0] (7 bytes => 7 (0x7)) >> - 16 03 01 00 4a 02 J. >> 0007 - >> read from 0x1acf790 [0x1ad63c7] (72 bytes => 72 (0x48)) >> - 00 46 03 01 4b a4 1a 68-ea 82 78 13 40 b9 bd 53 .f..k..h@..s >> 0010 - f4 5c 3f c8 e2 aa 88 60-57 d7 7e 38 ce 82 c5 51 .\?`W.~8...Q >> 0020 - a1 70 90 d0 20 79 67 a2-48 a9 9c 09 e5 47 85 e7 .p.. yg.HG.. >> 0030 - f6 b3 8d 88 7a 5a 62 39-83 f9 14 40 20 a1 66 ac zZb9...@ .f. >> 0040 - a1 a5 2d 5a f8 00 39 ..-Z..9 >> 0048 - >> read from 0x1acf790 [0x1ad63c0] (5 bytes => 5 (0x5)) >> - 16 03 01 01 a9 . >> read from 0x1acf790 [0x1ad63c5] (425 bytes => 425 (0x1A9)) >> - 0b 00 01 a5 00 01 a2 00-01 9f 30 82 01 9b 30 82 ..0...0. >> 0010 - 01 04 02 09 00 c3 8d a4-df 92 38 53 ba 30 0d 06 ..8S.0.. >> 0020 - 09 2a 86 48 86 f7 0d 01-01 05 05 00 30 12 31 10 .*.H0.1. >> 0030 - 30 0e 06 03 55 04 03 13-07 67 72 6f 75 6e 64 32 0...Uground2 >> 0040 - 30 1e 17 0d 31 30 30 33-32 30 30 30 31 39 35 30 0...100320001950 >> 0050 - 5a 17 0d 32 30 30 33 31-37 30 30 31 39 35 30 5a Z..200317001950Z >> 0060 - 30 12 31 10 30 0e 06 03-55 04 03 13 07 67 72 6f 0.1.0...Ugro >> 0070 - 75 6e 64 32 30 81 9f 30-0d 06 09 2a 86 48 86 f7 und20..0...*.H.. >> 0080 - 0d 01 01 01 05 00 03 81-8d 00 30 81 89 02 81 81 ..0. >> 0090 - 00 e3 62 43 c7 97 30 f7-15 81 90 50 ea 21 66 21 ..bC..0P.!f! >> 00a0 - 04 4d 2c 29 aa b7 da 7c-fd 4b 35 ca 7f f7 16 ca .M,)...|.K5. >> 00b0 - 98 d7 66 20 ff c4 66 43-88 9f ab 1d 2f a5 c7 b9 ..f ..fC/... >> 00c0 - c6 cb ee 06 ab 92 50 d9-ef 5c e0 ee 77 f1 12 a3 ..P..\..w... >> 00d0 - 41 d0 33 c6 e6 7a 06 12-01 7c cb 50 89 51 0d 01 A.3..z...|.P.Q.. >> 00e0 - 21 0c 3e 02 c3 74 d0 30-46 bd 2d 67 f2 8d 41 34 !.>..t.0F.-g..A4 >> 00f0 - 9c b2 15 99 6d d0 e0 ef-2c e9 5e 2f eb 91 8d 66 m...,.^/...f >> 0100 - be c6 76 7f 09 f5 fc e3-78 2b 9f 8d 1a 00 ff 10 ..v.x+.. >> 0110 - 49 02 03 01 00 01 30 0d-06 09 2a 86 48 86 f7 0d I.0...*.H... >> 0120 - 01 01 05 05 00 03 81 81-00 70 c5 4a 78 49 af 68 .p.JxI.h >> 0130 - 6e 6f c4 a6 bc 6b 07 62-a6 ad 82
Re: Apache client certificate authentication
On Sat, Mar 20, 2010, Graham Leggett wrote: > On 2010/03/20 6:55 PM, Nuno Gonçalves wrote: > >> Questions: >> Is normal that firefox hangs when it doesn't have a valid certificate >> to provide? >> Openssl output looks OK?(or the error in the end is a exception?) > > I am not 100% sure of the details, but I do recall a hang being a symptom > of using a client or a server that did not have the TLS renegotiation bug > fixed along with a server or client that did. > The only known case is an OpenSSL client without secure renegotiation support (i.e. earlier than 0.9.8m) attempting to renegotiate with a server which does support renegotiation. If the server initiates renegotiation you don't get a a hang. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Apache client certificate authentication
On Sat March 20 2010, Nuno Gonçalves wrote: > I'm trying to set client certificate authentication. > It looks that I cant set even the simple demo... > Look like your e-mail client isn't correct either, it seems to be sending the same message every two hours. Mike > With apache2.2 installed: > sudo a2enmod ssl > sudo a2ensite default-ssl > sudo /etc/init.d/apache2 restart > > Browse with firefox to (https)localhost - page retrieved after > security warning, ssl working. > > Then I edit default-ssl and add: > SSLCACertificatePath /etc/ssl/certs/ > SSLVerifyClient require > > I now browse again to the address. > As I don't have any certificate for the roots I have > installed(defaults) I would expect the browser to display a error > message. Actually it just hangs. > Also a .net client application that I created can't display the > "acceptable issuers" list. Empty. > > n...@ground2:/etc/ssl/certs$ openssl s_client -host localhost -port 443 -debug > CONNECTED(0003) > write to 0x1acf790 [0x1ad0e60] (118 bytes => 118 (0x76)) > - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00 .tK... ..9.. > 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 > 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../... > 0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 > 0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @... > 0050 - 00 00 03 02 00 80 e8 cd-46 6c ac 68 35 93 d6 74 Fl.h5..t > 0060 - fb e8 80 20 3f 35 bd 84-13 a1 7c da 22 f4 3d 39 ... ?5|.".=9 > 0070 - b9 69 1e 2b 77 9c .i.+w. > read from 0x1acf790 [0x1ad63c0] (7 bytes => 7 (0x7)) > - 16 03 01 00 4a 02 J. > 0007 - > read from 0x1acf790 [0x1ad63c7] (72 bytes => 72 (0x48)) > - 00 46 03 01 4b a4 1a 68-ea 82 78 13 40 b9 bd 53 .f..k..h@..s > 0010 - f4 5c 3f c8 e2 aa 88 60-57 d7 7e 38 ce 82 c5 51 .\?`W.~8...Q > 0020 - a1 70 90 d0 20 79 67 a2-48 a9 9c 09 e5 47 85 e7 .p.. yg.HG.. > 0030 - f6 b3 8d 88 7a 5a 62 39-83 f9 14 40 20 a1 66 ac zZb9...@ .f. > 0040 - a1 a5 2d 5a f8 00 39 ..-Z..9 > 0048 - > read from 0x1acf790 [0x1ad63c0] (5 bytes => 5 (0x5)) > - 16 03 01 01 a9 . > read from 0x1acf790 [0x1ad63c5] (425 bytes => 425 (0x1A9)) > - 0b 00 01 a5 00 01 a2 00-01 9f 30 82 01 9b 30 82 ..0...0. > 0010 - 01 04 02 09 00 c3 8d a4-df 92 38 53 ba 30 0d 06 ..8S.0.. > 0020 - 09 2a 86 48 86 f7 0d 01-01 05 05 00 30 12 31 10 .*.H0.1. > 0030 - 30 0e 06 03 55 04 03 13-07 67 72 6f 75 6e 64 32 0...Uground2 > 0040 - 30 1e 17 0d 31 30 30 33-32 30 30 30 31 39 35 30 0...100320001950 > 0050 - 5a 17 0d 32 30 30 33 31-37 30 30 31 39 35 30 5a Z..200317001950Z > 0060 - 30 12 31 10 30 0e 06 03-55 04 03 13 07 67 72 6f 0.1.0...Ugro > 0070 - 75 6e 64 32 30 81 9f 30-0d 06 09 2a 86 48 86 f7 und20..0...*.H.. > 0080 - 0d 01 01 01 05 00 03 81-8d 00 30 81 89 02 81 81 ..0. > 0090 - 00 e3 62 43 c7 97 30 f7-15 81 90 50 ea 21 66 21 ..bC..0P.!f! > 00a0 - 04 4d 2c 29 aa b7 da 7c-fd 4b 35 ca 7f f7 16 ca .M,)...|.K5. > 00b0 - 98 d7 66 20 ff c4 66 43-88 9f ab 1d 2f a5 c7 b9 ..f ..fC/... > 00c0 - c6 cb ee 06 ab 92 50 d9-ef 5c e0 ee 77 f1 12 a3 ..P..\..w... > 00d0 - 41 d0 33 c6 e6 7a 06 12-01 7c cb 50 89 51 0d 01 A.3..z...|.P.Q.. > 00e0 - 21 0c 3e 02 c3 74 d0 30-46 bd 2d 67 f2 8d 41 34 !.>..t.0F.-g..A4 > 00f0 - 9c b2 15 99 6d d0 e0 ef-2c e9 5e 2f eb 91 8d 66 m...,.^/...f > 0100 - be c6 76 7f 09 f5 fc e3-78 2b 9f 8d 1a 00 ff 10 ..v.x+.. > 0110 - 49 02 03 01 00 01 30 0d-06 09 2a 86 48 86 f7 0d I.0...*.H... > 0120 - 01 01 05 05 00 03 81 81-00 70 c5 4a 78 49 af 68 .p.JxI.h > 0130 - 6e 6f c4 a6 bc 6b 07 62-a6 ad 82 9f b4 f3 6e 1e no...k.b..n. > 0140 - 81 b3 d5 bf 71 30 71 94-28 cd d6 95 b5 de 62 b4 q0q.(.b. > 0150 - 13 34 fa 54 ae f5 0c 1c-1b 0e 71 29 4c 1e e9 8f .4.T..q)L... > 0160 - 10 f9 f9 f1 d5 f4 6e 91-7f ae e8 89 86 17 cc 88 ..n. > 0170 - 5b 11 1f d7 2c 67 0b 3b-ea de a6 0b 13 73 5e 9c [...,g.;.s^. > 0180 - 42 3b 9f 4e 6b 6d 26 29-e5 2a 7b 25 ee 39 50 e6 B;.Nkm&).*{%.9P. > 0190 - 6c 85 57 d3 c8 26 47 7c-bf ea 3d af be 7a 42 a1 l.W..&G|..=..zB. > 01a0 - 97 ff 6e 4c 4e d2 83 c7-a8 ..nLN > depth=0 /CN=ground2 > verify error:num=18:self signed certificate > verify return:1 > depth=0 /CN=ground2 > verify return:1 > read from 0x1acf790 [0x1ad63c0] (5 bytes => 5 (0x5)) > - 16 03 01 01 8d . > read from 0x1acf790 [0x1ad63c5] (397 bytes => 397 (0x18D)) > - 0c 00 01 89 00 80 d6 7d-e4 40 cb bb dc 19 36 d6 .@6. > 0010 - 93 d3 4a fd 0a d5 0c 84-d2 39 a4 5f 52 0b b8 81 ..J..9._R... > 0020 - 74 cb 98 bc e9 51 84 9f-91 2e 63 9c 72 fb 13 b4 tQc.r... > 0030 - b4 d7 17 7e 16
Re: Apache client certificate authentication
On 2010/03/20 6:55 PM, Nuno Gonçalves wrote: Questions: Is normal that firefox hangs when it doesn't have a valid certificate to provide? Openssl output looks OK?(or the error in the end is a exception?) I am not 100% sure of the details, but I do recall a hang being a symptom of using a client or a server that did not have the TLS renegotiation bug fixed along with a server or client that did. First, check you are using the latest version of openssl, the latest version of the webserver, and the latest version of Firefox. Regards, Graham -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Memory handling and BIO_*
Hi there, I am struggling with the BIO_* API to understand how I can control the memory. I found a nice function for read-only memory: BIO *data = BIO_new_mem_buf((void*)array, len); but I do not understand how to control output memory (I need to write to a C++ std::stringstream). So what I am doing is memory duplication for now: std::stringstream ss; char *binary; long biolen = BIO_get_mem_data(bio_buffer,&binary); ss.str( std::string(binary, biolen) ); Has anyone found a way to pass from a BIO_* to a std::stringstream for write operation ? Thanks, -- Mathieu __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Apache client certificate authentication
I'm trying to set client certificate authentication. It looks that I cant set even the simple demo... With apache2.2 installed: sudo a2enmod ssl sudo a2ensite default-ssl sudo /etc/init.d/apache2 restart Browse with firefox to (https)localhost - page retrieved after security warning, ssl working. Then I edit default-ssl and add: SSLCACertificatePath /etc/ssl/certs/ SSLVerifyClient require I now browse again to the address. As I don't have any certificate for the roots I have installed(defaults) I would expect the browser to display a error message. Actually it just hangs. Also a .net client application that I created can't display the "acceptable issuers" list. Empty. n...@ground2:/etc/ssl/certs$ openssl s_client -host localhost -port 443 -debug CONNECTED(0003) write to 0x1acf790 [0x1ad0e60] (118 bytes => 118 (0x76)) - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00 .tK... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../... 0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @... 0050 - 00 00 03 02 00 80 e8 cd-46 6c ac 68 35 93 d6 74 Fl.h5..t 0060 - fb e8 80 20 3f 35 bd 84-13 a1 7c da 22 f4 3d 39 ... ?5|.".=9 0070 - b9 69 1e 2b 77 9c .i.+w. read from 0x1acf790 [0x1ad63c0] (7 bytes => 7 (0x7)) - 16 03 01 00 4a 02 J. 0007 - read from 0x1acf790 [0x1ad63c7] (72 bytes => 72 (0x48)) - 00 46 03 01 4b a4 1a 68-ea 82 78 13 40 b9 bd 53 .f..k..h@..s 0010 - f4 5c 3f c8 e2 aa 88 60-57 d7 7e 38 ce 82 c5 51 .\?`W.~8...Q 0020 - a1 70 90 d0 20 79 67 a2-48 a9 9c 09 e5 47 85 e7 .p.. yg.HG.. 0030 - f6 b3 8d 88 7a 5a 62 39-83 f9 14 40 20 a1 66 ac zZb9...@ .f. 0040 - a1 a5 2d 5a f8 00 39 ..-Z..9 0048 - read from 0x1acf790 [0x1ad63c0] (5 bytes => 5 (0x5)) - 16 03 01 01 a9 . read from 0x1acf790 [0x1ad63c5] (425 bytes => 425 (0x1A9)) - 0b 00 01 a5 00 01 a2 00-01 9f 30 82 01 9b 30 82 ..0...0. 0010 - 01 04 02 09 00 c3 8d a4-df 92 38 53 ba 30 0d 06 ..8S.0.. 0020 - 09 2a 86 48 86 f7 0d 01-01 05 05 00 30 12 31 10 .*.H0.1. 0030 - 30 0e 06 03 55 04 03 13-07 67 72 6f 75 6e 64 32 0...Uground2 0040 - 30 1e 17 0d 31 30 30 33-32 30 30 30 31 39 35 30 0...100320001950 0050 - 5a 17 0d 32 30 30 33 31-37 30 30 31 39 35 30 5a Z..200317001950Z 0060 - 30 12 31 10 30 0e 06 03-55 04 03 13 07 67 72 6f 0.1.0...Ugro 0070 - 75 6e 64 32 30 81 9f 30-0d 06 09 2a 86 48 86 f7 und20..0...*.H.. 0080 - 0d 01 01 01 05 00 03 81-8d 00 30 81 89 02 81 81 ..0. 0090 - 00 e3 62 43 c7 97 30 f7-15 81 90 50 ea 21 66 21 ..bC..0P.!f! 00a0 - 04 4d 2c 29 aa b7 da 7c-fd 4b 35 ca 7f f7 16 ca .M,)...|.K5. 00b0 - 98 d7 66 20 ff c4 66 43-88 9f ab 1d 2f a5 c7 b9 ..f ..fC/... 00c0 - c6 cb ee 06 ab 92 50 d9-ef 5c e0 ee 77 f1 12 a3 ..P..\..w... 00d0 - 41 d0 33 c6 e6 7a 06 12-01 7c cb 50 89 51 0d 01 A.3..z...|.P.Q.. 00e0 - 21 0c 3e 02 c3 74 d0 30-46 bd 2d 67 f2 8d 41 34 !.>..t.0F.-g..A4 00f0 - 9c b2 15 99 6d d0 e0 ef-2c e9 5e 2f eb 91 8d 66 m...,.^/...f 0100 - be c6 76 7f 09 f5 fc e3-78 2b 9f 8d 1a 00 ff 10 ..v.x+.. 0110 - 49 02 03 01 00 01 30 0d-06 09 2a 86 48 86 f7 0d I.0...*.H... 0120 - 01 01 05 05 00 03 81 81-00 70 c5 4a 78 49 af 68 .p.JxI.h 0130 - 6e 6f c4 a6 bc 6b 07 62-a6 ad 82 9f b4 f3 6e 1e no...k.b..n. 0140 - 81 b3 d5 bf 71 30 71 94-28 cd d6 95 b5 de 62 b4 q0q.(.b. 0150 - 13 34 fa 54 ae f5 0c 1c-1b 0e 71 29 4c 1e e9 8f .4.T..q)L... 0160 - 10 f9 f9 f1 d5 f4 6e 91-7f ae e8 89 86 17 cc 88 ..n. 0170 - 5b 11 1f d7 2c 67 0b 3b-ea de a6 0b 13 73 5e 9c [...,g.;.s^. 0180 - 42 3b 9f 4e 6b 6d 26 29-e5 2a 7b 25 ee 39 50 e6 B;.Nkm&).*{%.9P. 0190 - 6c 85 57 d3 c8 26 47 7c-bf ea 3d af be 7a 42 a1 l.W..&G|..=..zB. 01a0 - 97 ff 6e 4c 4e d2 83 c7-a8 ..nLN depth=0 /CN=ground2 verify error:num=18:self signed certificate verify return:1 depth=0 /CN=ground2 verify return:1 read from 0x1acf790 [0x1ad63c0] (5 bytes => 5 (0x5)) - 16 03 01 01 8d . read from 0x1acf790 [0x1ad63c5] (397 bytes => 397 (0x18D)) - 0c 00 01 89 00 80 d6 7d-e4 40 cb bb dc 19 36 d6 .@6. 0010 - 93 d3 4a fd 0a d5 0c 84-d2 39 a4 5f 52 0b b8 81 ..J..9._R... 0020 - 74 cb 98 bc e9 51 84 9f-91 2e 63 9c 72 fb 13 b4 tQc.r... 0030 - b4 d7 17 7e 16 d5 5a c1-79 ba 42 0b 2a 29 fe 32 ...~..Z.y.B.*).2 0040 - 4a 46 7a 63 5e 81 ff 59-01 37 7b ed dc fd 33 16 JFzc^..Y.7{...3. 0050 - 8a 46 1a ad 3b 72 da e8-86 00 78 04 5b 07 a7 db .F..;rx.[... 0060 - ca 78 74 08 7d 15 10 ea-9f cc 9d dd 33 05 07 dd .xt.}...3... 0070 - 62 db 88 ae aa 74 7d e0-f4 d6 e2 bd 68 b0 e7 39
Problem in using openssl in PC
Hi, I am using openssl in QT4.I copy libeay32.dll,ssleay32.dll along with my application.In some machine its work fine.While in some other PC i get error ssl not supported Please help as only ssl creating problem. Its urgent Thanks in advanced __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Openssl-0.9.8m On Darwin
Folks, I can't get the latest version of openssl to build on Darwin. I *think* the assembler is confused by the quotes in comments. I did this: ./Configure darwin-ppc-cc make The build fails thus: ... cc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch ppc -O3 -DB_ENDIAN -c -o osx_ppc32.o osx_ppc32.s osx_ppc32.s:132: unterminated character constant osx_ppc32.s:1481: unterminated character constant osx_ppc32.s:1482: unterminated character constant osx_ppc32.s:1743: unterminated character constant make[2]: *** [osx_ppc32.o] Error 1 make[1]: *** [subdirs] Error 1 make: *** [build_crypto] Error 1 -Nigel __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org