Re: Congratulations! Missing 3.0.0 tag?
On Thu, Sep 09, 2021 at 01:03:28AM +0200, Steffen Nurpmeso wrote: > But if i use > > #?0|kent:tls-openssl.git$ alias gl1 > alias gl1='git slpn -1' > #?0|kent:tls-openssl.git$ git alias|grep slpn > alias.slpn log --show-signature --patch --find-renames --stat > --no-abbrev-commit > #?0|kent:tls-openssl.git$ gl1 openssl-3.0.0 > commit 89cd17a031e022211684eb7eb41190cf1910f9fa (tag: > refs/tags/openssl-3.0.0) > ... > > i do not. Hm, maybe i need to relearn git again, looking around > i see a couple of projects for which this is true (Linux, > wireguard-tools), for others it is not (my own project, nghttp2). > Eg "alias.slo log --show-signature --oneline --graph": I think (off the top of my head, i.e., without consulting a reference) that `git log` (which your aliases end up at) will only display signatures on commits, but will not show the tag objects themselves. `git show` does display the tag object, and for openssl only the tag object is what is signed; the commits themselves are not signed. -Ben
Re: Congratulations! Missing 3.0.0 tag?
With the change to (almost) semantic versioning, we also decided to make the tags easier to type. Pauli On 9/9/21 9:03 am, Steffen Nurpmeso wrote: Benjamin Kaduk wrote in <2021090848.gx19...@akamai.com>: |On Thu, Sep 09, 2021 at 12:15:44AM +0200, Steffen Nurpmeso wrote: |> |> P.S.: maybe at least release commits and tags could be signed? |> And/or HTTPS access to the repository ... but then i get the gut |> feeling that the answer to this will be "use github" or something. | |tag openssl-3.0.0 |Tagger: Richard Levitte |Date: Tue Sep 7 13:46:40 2021 +0200 | |OpenSSL 3.0.0 release tag |-BEGIN PGP SIGNATURE- | |iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF |O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w== |=pGf9 |-END PGP SIGNATURE- | |looks signed to me. That is really interesting now. If i use "git show openssl-3.0.0" i see this myself. tag openssl-3.0.0 Tagger: Richard Levitte TaggerDate: 2021-09-07 13:46:40 +0200 OpenSSL 3.0.0 release tag -BEGIN PGP SIGNATURE- iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w== =pGf9 -END PGP SIGNATURE- commit 89cd17a031 (tag: refs/tags/openssl-3.0.0) ... But if i use #?0|kent:tls-openssl.git$ alias gl1 alias gl1='git slpn -1' #?0|kent:tls-openssl.git$ git alias|grep slpn alias.slpn log --show-signature --patch --find-renames --stat --no-abbrev-commit #?0|kent:tls-openssl.git$ gl1 openssl-3.0.0 commit 89cd17a031e022211684eb7eb41190cf1910f9fa (tag: refs/tags/openssl-3.0.0) ... i do not. Hm, maybe i need to relearn git again, looking around i see a couple of projects for which this is true (Linux, wireguard-tools), for others it is not (my own project, nghttp2). Eg "alias.slo log --show-signature --oneline --graph": #?141|kent:nail.git$ git slo -1 master Reading passphrase from file descriptor 4 * 69be61071c (...) gpg: Signature made Wed 01 Sep 2021 01:19:46 PM CEST | gpg:using RSA key DF082F6AEEC8C2FF | gpg: Good signature from "Steffen Nurpmeso " | gpg: WARNING: This key is not certified with a trusted signature! | gpg: There is no indication that the signature belongs to the owner. | Primary key fingerprint: EE19 E1C1 F2F7 054F 8D39 54D8 3089 64B5 1883 A0DD | Subkey fingerprint: 8A2A 4D60 9FDC 539C 75F5 5B95 DF08 2F6A EEC8 C2FF | Clear an installed alarm(2) in fork(2)ed childs (Stephen Isard) #?0|kent:nghttp2.git$ git slo -1 fcc20334da Reading passphrase from file descriptor 4 * fcc20334da gpg: Signature made Sat 04 Sep 2021 10:26:47 AM CEST |\ gpg:using RSA key 4AEE18F83AFDEB23 | | gpg: Can't check signature: public key not found | | Merge pull request #1613 from mkauf/check_pseudo_header_chars #?0|kent:wireguard-tools.git$ git slo -1 v1.0.20210424 * ecb1ea29d7 (tag: refs/tags/v1.0.20210424) version: bump #?128|kent:linux.git$ git slo -1 v5.10.62 * f6dd002450 (tag: refs/tags/v5.10.62, refs/remotes/origin/linux-5.10.y) Linux 5.10.62 Ooops, i am totally off again. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: Congratulations! Missing 3.0.0 tag?
Benjamin Kaduk wrote in <2021090848.gx19...@akamai.com>: |On Thu, Sep 09, 2021 at 12:15:44AM +0200, Steffen Nurpmeso wrote: |> |> P.S.: maybe at least release commits and tags could be signed? |> And/or HTTPS access to the repository ... but then i get the gut |> feeling that the answer to this will be "use github" or something. | |tag openssl-3.0.0 |Tagger: Richard Levitte |Date: Tue Sep 7 13:46:40 2021 +0200 | |OpenSSL 3.0.0 release tag |-BEGIN PGP SIGNATURE- | |iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF |O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w== |=pGf9 |-END PGP SIGNATURE- | |looks signed to me. That is really interesting now. If i use "git show openssl-3.0.0" i see this myself. tag openssl-3.0.0 Tagger: Richard Levitte TaggerDate: 2021-09-07 13:46:40 +0200 OpenSSL 3.0.0 release tag -BEGIN PGP SIGNATURE- iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w== =pGf9 -END PGP SIGNATURE- commit 89cd17a031 (tag: refs/tags/openssl-3.0.0) ... But if i use #?0|kent:tls-openssl.git$ alias gl1 alias gl1='git slpn -1' #?0|kent:tls-openssl.git$ git alias|grep slpn alias.slpn log --show-signature --patch --find-renames --stat --no-abbrev-commit #?0|kent:tls-openssl.git$ gl1 openssl-3.0.0 commit 89cd17a031e022211684eb7eb41190cf1910f9fa (tag: refs/tags/openssl-3.0.0) ... i do not. Hm, maybe i need to relearn git again, looking around i see a couple of projects for which this is true (Linux, wireguard-tools), for others it is not (my own project, nghttp2). Eg "alias.slo log --show-signature --oneline --graph": #?141|kent:nail.git$ git slo -1 master Reading passphrase from file descriptor 4 * 69be61071c (...) gpg: Signature made Wed 01 Sep 2021 01:19:46 PM CEST | gpg:using RSA key DF082F6AEEC8C2FF | gpg: Good signature from "Steffen Nurpmeso " | gpg: WARNING: This key is not certified with a trusted signature! | gpg: There is no indication that the signature belongs to the owner. | Primary key fingerprint: EE19 E1C1 F2F7 054F 8D39 54D8 3089 64B5 1883 A0DD | Subkey fingerprint: 8A2A 4D60 9FDC 539C 75F5 5B95 DF08 2F6A EEC8 C2FF | Clear an installed alarm(2) in fork(2)ed childs (Stephen Isard) #?0|kent:nghttp2.git$ git slo -1 fcc20334da Reading passphrase from file descriptor 4 * fcc20334da gpg: Signature made Sat 04 Sep 2021 10:26:47 AM CEST |\ gpg:using RSA key 4AEE18F83AFDEB23 | | gpg: Can't check signature: public key not found | | Merge pull request #1613 from mkauf/check_pseudo_header_chars #?0|kent:wireguard-tools.git$ git slo -1 v1.0.20210424 * ecb1ea29d7 (tag: refs/tags/v1.0.20210424) version: bump #?128|kent:linux.git$ git slo -1 v5.10.62 * f6dd002450 (tag: refs/tags/v5.10.62, refs/remotes/origin/linux-5.10.y) Linux 5.10.62 Ooops, i am totally off again. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: Congratulations! Missing 3.0.0 tag?
On Thu, Sep 09, 2021 at 12:15:44AM +0200, Steffen Nurpmeso wrote: > > P.S.: maybe at least release commits and tags could be signed? > And/or HTTPS access to the repository ... but then i get the gut > feeling that the answer to this will be "use github" or something. tag openssl-3.0.0 Tagger: Richard Levitte Date: Tue Sep 7 13:46:40 2021 +0200 OpenSSL 3.0.0 release tag -BEGIN PGP SIGNATURE- iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w== =pGf9 -END PGP SIGNATURE- looks signed to me. -Ben
Re: Congratulations! Missing 3.0.0 tag?
On Wed, Sep 8, 2021 at 5:15 PM Steffen Nurpmeso wrote: > > Hello. > > William Roberts wrote in > : > |It's there: > |https://github.com/openssl/openssl/releases/tag/openssl-3.0.0 > | > |I checked it out this morning. > > Oh! I have > > fetch = +refs/heads/master:refs/remotes/origin/master > fetch = > +refs/heads/OpenSSL_1_0_2-stable:refs/remotes/origin/OpenSSL_1_0_2-stable > fetch = > +refs/heads/OpenSSL_1_0_1-stable:refs/remotes/origin/OpenSSL_1_0_1-stable > fetch = > +refs/heads/OpenSSL_1_1_0-stable:refs/remotes/origin/OpenSSL_1_1_0-stable > fetch = > +refs/heads/OpenSSL_1_1_1-stable:refs/remotes/origin/OpenSSL_1_1_1-stable > > and only saw refs/tags/openssl-3.0.0-alpha* and -beta*! > I see now via ls-remote there is a new openssl-3.0 branch.. > > From git://git.openssl.org/openssl >* [new branch]openssl-3.0 -> origin/openssl-3.0 >* [new tag] openssl-3.0.0 -> openssl-3.0.0 > > Yes, there it is, thank you! > > P.S.: maybe at least release commits and tags could be signed? > And/or HTTPS access to the repository ... but then i get the gut > feeling that the answer to this will be "use github" or something. > You could grab the release tarballs which have signatures https://www.openssl.org/source/
Re: Congratulations! Missing 3.0.0 tag?
Hello. William Roberts wrote in : |It's there: |https://github.com/openssl/openssl/releases/tag/openssl-3.0.0 | |I checked it out this morning. Oh! I have fetch = +refs/heads/master:refs/remotes/origin/master fetch = +refs/heads/OpenSSL_1_0_2-stable:refs/remotes/origin/OpenSSL_1_0_2-stable fetch = +refs/heads/OpenSSL_1_0_1-stable:refs/remotes/origin/OpenSSL_1_0_1-stable fetch = +refs/heads/OpenSSL_1_1_0-stable:refs/remotes/origin/OpenSSL_1_1_0-stable fetch = +refs/heads/OpenSSL_1_1_1-stable:refs/remotes/origin/OpenSSL_1_1_1-stable and only saw refs/tags/openssl-3.0.0-alpha* and -beta*! I see now via ls-remote there is a new openssl-3.0 branch.. From git://git.openssl.org/openssl * [new branch]openssl-3.0 -> origin/openssl-3.0 * [new tag] openssl-3.0.0 -> openssl-3.0.0 Yes, there it is, thank you! P.S.: maybe at least release commits and tags could be signed? And/or HTTPS access to the repository ... but then i get the gut feeling that the answer to this will be "use github" or something. Ciao! --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: Congratulations! Missing 3.0.0 tag?
It's there: https://github.com/openssl/openssl/releases/tag/openssl-3.0.0 I checked it out this morning. On Wed, Sep 8, 2021, 16:32 Steffen Nurpmeso wrote: > Yeah? > :) > > --steffen > | > |Der Kragenbaer,The moon bear, > |der holt sich munter he cheerfully and one by one > |einen nach dem anderen runter wa.ks himself off > |(By Robert Gernhardt) >
Congratulations! Missing 3.0.0 tag?
Yeah? :) --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: ENGINE API replacement for Openssl3.0
Hello,
there is no direct replacement. The ENGINEs as a pluggable crypto
modules concept is replaced with the providers concept which is much
more sophisticated and capable.
Please look at
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
ENGINEs support is not removed from OpenSSL 3.0 however it is
deprecated. If you cannot use deprecated functions you have to drop
support for engines which means those functions just should not be
called and there is no replacement.
Providers allow for configuration via the default configuration file so
for an application to support crypto modules in form of providers the
application does not necessarily have to have any extra functions
called. Just the default configuration file has to be present and the
configuration of the desired provider(s) needs to be there.
Tomas
On Wed, 2021-09-08 at 13:07 +, Shivakumar Poojari wrote:
> Hi
> Upgrading our code to openssl 3.0. the below function we trying to
> replace
>
> ENGINE_load_dynamic()
>
> Replacment for 3.0 what i
> found OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL)
>
> ENGINE_by_id("dynamic")
>
> ENGINE_ctrl_cmd_string()
>
> ENGINE_set_default()
>
> ENGINE_get_DH()
>
> ENGINE_free()
>
> Need a replacement for the above-highlighted function. I searched in
> man pages did not find any replacement and searched in google for
> sample programs also not found
>
>
> Thanks,
> shiva kumar.
>
>
>
>
>
>
>
>
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others
> or forwarding without express permission is strictly prohibited. If you
> are not the intended recipient, please notify the sender immediately
> and then delete all copies, including any attachments.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
ENGINE API replacement for Openssl3.0
Hi
Upgrading our code to openssl 3.0. the below function we trying to replace
ENGINE_load_dynamic()
Replacment for 3.0 what i found
OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL)
ENGINE_by_id("dynamic")
ENGINE_ctrl_cmd_string()
ENGINE_set_default()
ENGINE_get_DH()
ENGINE_free()
Need a replacement for the above-highlighted function. I searched in man pages
did not find any replacement and searched in google for sample programs also
not found
Thanks,
shiva kumar.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its Affiliates that is confidential and/or
proprietary for the sole use of the intended recipient. Any review, disclosure,
reliance or distribution by others or forwarding without express permission is
strictly prohibited. If you are not the intended recipient, please notify the
sender immediately and then delete all copies, including any attachments.
