On 20/02/18 01:36 PM, Norm Green wrote:
Hi Dennis,
You're right, I did modify the config file...
I have managed to get to the link stage here and ran into some odd
syntax issue.
Have to dig around and see what LDCMD was intended to be.
${LDCMD:-/opt/developerstudio12.6/bin/cc}
https://github.com/openssl/openssl/pull/5423
On 2/20/18, 2:10 PM, "Salz, Rich via openssl-users"
wrote:
I agree, let's just use malloc for the reasons you said. PR later today.
On 2/20/18, 2:08 PM, "Viktor Dukhovni" wrote:
Hi,
I am attempting to crosscompile openssl for ARM and am having some issues when
linking an external application to the crosscompiled OpenSSL version.
I am compiling OpenSSL like so:
./Configure linux-generic32 shared \
--prefix=/openssl_libs \
--openssldir=/openssl_libs \
Thanks Viktor
As usual, Your answer throws light. Now, it is time to get started.
Will revert if got obstructed on the way
On Wed, Feb 21, 2018 at 9:58 AM, Viktor Dukhovni wrote:
>
>
> > On Feb 20, 2018, at 12:58 PM, Devchandra L Meetei
> wrote:
In message <6088d4cb-7566-c216-1e28-0892641cd...@blastwave.org> on Tue, 20 Feb
2018 21:17:32 -0500, Dennis Clarke said:
dclarke> Have to dig around and see what LDCMD was intended to be.
LDCMD is a convenience variable for some users to specify a different
command than
> On Feb 20, 2018, at 12:58 PM, Devchandra L Meetei wrote:
>
> By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl?
The basic functionality is already there:
If you want to parse in-memory PEM, see the use of PEM_X509_INFO_read_bio()
[needs
On 20/02/2018 11:04, Tobias Dussa (SCC) wrote:
Hi,
I was wondering whether it was possible somehow to take a certificate and an
enciphered private key, both in .pem format, and combine them into a PKCS12
structure without knowing the key passphrase?
Googling does not reveal much useful
Hi,
I was wondering whether it was possible somehow to take a certificate and an
enciphered private key, both in .pem format, and combine them into a PKCS12
structure without knowing the key passphrase?
Googling does not reveal much useful information, unfortunately, and so far we
have been
Would making buf a union also avoid the problem?
union { unsigned long dummy[2]; char buf[DATA_BUF_SIZE]; } d
and then replace 'buf' with 'd.buf' in the code?
On 2/20/18, 12:00 AM, "Viktor Dukhovni" wrote:
On Mon, Feb 19, 2018 at 01:45:26PM -0800, Norm
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Norm Green
> Sent: Monday, February 19, 2018 17:02
> To: Benjamin Kaduk; openssl-users@openssl.org
> Subject: Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC
>
> For the failure in secmemtst, it appears
On Tue, Feb 20, 2018 at 01:26:02PM +, Salz, Rich via openssl-users wrote:
> Would making buf a union also avoid the problem?
>
> union { unsigned long dummy[2]; char buf[DATA_BUF_SIZE]; } d
> and then replace 'buf' with 'd.buf' in the code?
If alignment of "buf" is the issue, then yes,
> On Mon, 19 Feb 2018 Jayalakshmi Bhat wrote:
>
> Engine usage is application specific.There are couple of applications
> dependent on RSA TPM? engine. And are few applications dependent on
> RSA smart card engine.?
>
> We wanted to know if there are any APIs provided by OpenSSL to make the
>
On 20/02/2018 16:38, Devchandra L Meetei wrote:
I have been looking for API like `SSL_CTX_load_verify_mem` which will
load
CA[s] from mem buffer.
Looks like OpenSSL does not have it yet, Is there any other way to
work around
this ?
I think it can be done step by step, at least in 1.0.x:
Hi,
On Wed, Feb 21, 2018 at 01:04:17AM +0900, Frank Migge wrote:
> >> the question remains: Is there a way to reuse an already-encrypted privkey?
> I'd say yes it *could* work, but not with OpenSSL API functions. You'd
> have to roll your own code for the PKCS12 creation.
> OpenSSL's
I have been looking for API like `SSL_CTX_load_verify_mem` which will load
CA[s] from mem buffer.
Looks like OpenSSL does not have it yet, Is there any other way to work
around
this ?
--
Warm Regards
--Dev
OpenPegasus Developer
"I'm one of those people that think Thomas Edison and the light
Hi,
On Tue, Feb 20, 2018 at 01:27:51PM +, Viktor Dukhovni wrote:
> > In the commonly accepted variants of PKCS#12, private key and all the
> > certificates are encrypted with the same password. PKCS#12 with
> > different password for private key and certificates is not widely
> > supported.
Hi Toby,
>> the question remains: Is there a way to reuse an already-encrypted privkey?
I'd say yes it *could* work, but not with OpenSSL API functions. You'd
have to roll your own code for the PKCS12 creation.
OpenSSL's PKCS12_create() function expects an unencrypted EVP_PKEY
object. But,
Hi Viktor,
Your patch tests clean, however there is an easier way which avoids malloc:
Norm
Index: test/asn1_encode_test.c
===
--- test/asn1_encode_test.c (revision 43654)
+++ test/asn1_encode_test.c (working copy)
@@
On 20/02/18 12:47 PM, Norm Green wrote:
On 2/20/2018 5:43 AM, Michael Wojcik wrote:
Not by default. The comments in /usr/include/sys/feature_tests.h (on a
Solaris system) explain this in excruciating detail, but in short you
need either -DPOSIX_C_SOURCE=200112L or -D_XOPEN_SOURCE=600 (or the
Just download and build v1.1.1 pre alpha 1 on Solaris. It's on
ftp.openssl.org. That's all I did. Configure using
solaris64-sparcv9-cc . I'm using Solaris studio 12.3.
Norm
On 2/20/2018 10:01 AM, Dennis Clarke wrote:
On 20/02/18 12:47 PM, Norm Green wrote:
On 2/20/2018 5:43 AM, Michael
On 20/02/18 01:50 PM, Dennis Clarke wrote:
On 20/02/18 01:36 PM, Norm Green wrote:
Making progress here ...
/opt/developerstudio12.6/bin/c99 -I. -Icrypto/include -Iinclude
-errfmt=error -erroff=%none -errshort=full -xstrconst -xildoff -m64
-xmemalign=8s -xnolibmil -Xc -xcode=pic32
>-- Original Message --
>
>On 20/02/18 12:47 PM, Norm Green wrote:
>> On 2/20/2018 5:43 AM, Michael Wojcik wrote:
>>> Not by default. The comments in /usr/include/sys/feature_tests.h (on a
>>> Solaris system) explain this in excruciating detail, but in short you
>>> need either
On 20/02/18 02:06 PM, Erik Forsberg wrote:
-- Original Message --
On 20/02/18 12:47 PM, Norm Green wrote:
On 2/20/2018 5:43 AM, Michael Wojcik wrote:
<... snippage ...>
I also tried building with c99 instead of cc, without success.
I build my Solaris OpenSSL binaries using studo
> On Feb 20, 2018, at 11:36 AM, Norm Green
> wrote:
>
> Your patch tests clean, however there is an easier way which avoids malloc:
Great, so it was the unaligned "buf". Great. As for malloc vs. tricks to
align the stack-based array, I see little need to
I agree, let's just use malloc for the reasons you said. PR later today.
On 2/20/18, 2:08 PM, "Viktor Dukhovni" wrote:
> On Feb 20, 2018, at 11:36 AM, Norm Green
wrote:
>
> Your patch tests clean, however
On Tue, Feb 13, 2018 at 9:33 AM, Emmanuel Deloget wrote:
> Hello,
>
> On Tue, Feb 13, 2018 at 7:14 AM, Kyle Hamilton wrote:
>
> > The only thing that the server can know is whether the client has
> > terminated the connection with a fatal alert. If the
Hi Dennis,
You're right, I did modify the config file, sorry. I did it so long ago
I had forgotten. I will email it to you shortly.
Norm
On 2/20/2018 10:14 AM, Dennis Clarke wrote:
On 20/02/18 01:11 PM, Norm Green wrote:
Just download and build v1.1.1 pre alpha 1 on Solaris. It's on
On 02/20/2018 06:34 PM, J Decker wrote:
> Yes that is true however here's the scenario.
> Client does a verification and passes or fails, and via the SSL layer I can
> query if the client validated the certificate.
> If it failed, provide a option for the client to get a
> So ... this will be fun.
:)
Thanks for poking at this, folks. Please take a look at the INSTALL and README
files which do cover some of this prerequisites. And then once you've "fixed"
it, let us know what we need to change!!
--
openssl-users mailing list
To unsubscribe:
On 20/02/18 01:11 PM, Norm Green wrote:
Just download and build v1.1.1 pre alpha 1 on Solaris. It's on
ftp.openssl.org. That's all I did. Configure using
solaris64-sparcv9-cc . I'm using Solaris studio 12.3.
Did you modify the Configure file ? Last time I looked the CFLAGS
as well as
On 20/02/18 01:11 PM, Norm Green wrote:
Just download and build v1.1.1 pre alpha 1 on Solaris. It's on
ftp.openssl.org. That's all I did. Configure using
solaris64-sparcv9-cc . I'm using Solaris studio 12.3.
Let's have a look.
corv $ uname -a
SunOS corv 5.10 Generic_150400-59 sun4u
On 20/02/18 01:36 PM, Norm Green wrote:
Hi Dennis,
You're right, I did modify the config file, sorry. I did it so long ago
I had forgotten. I will email it to you shortly.
Not a problem .. everyone does.
I mean look at this mess if you don't :
corv $ ./Configure shared zlib threads
No, you cannot query the SSL layer to know if the client validated the
certificate. SSL/TLS don't provide any means of querying the remote
side.
Here's how the workflow works:
1) client doesn't trust certificate, doesn't override distrust:
connection closes with fatal unknown_ca or
On 2/20/2018 5:43 AM, Michael Wojcik wrote:
Not by default. The comments in /usr/include/sys/feature_tests.h (on a Solaris
system) explain this in excruciating detail, but in short you need either
-DPOSIX_C_SOURCE=200112L or -D_XOPEN_SOURCE=600 (or the equivalent in the code)
to compile with
Thanks Jakob for the hint
Let me try out the suggested approach.
By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl?
On Tue, Feb 20, 2018 at 9:23 PM, Jakob Bohm wrote:
> On 20/02/2018 16:38, Devchandra L Meetei wrote:
>
>> I have been looking for
Hi,
On Tue, Feb 20, 2018 at 12:23:14PM +0100, Jakob Bohm wrote:
> >Googling does not reveal much useful information, unfortunately, and so far
> >we
> >have been unsuccessfully diving into PKCS12/8/5 specs. I don't really see a
> >reason why it should not be possible, but of course that doesn't
On Tue, Feb 20, 2018 at 12:23:14PM +0100, Jakob Bohm wrote:
> > I was wondering whether it was possible somehow to take a certificate and an
> > enciphered private key, both in .pem format, and combine them into a PKCS12
> > structure without knowing the key passphrase?
>
> In the commonly
On 20/02/18 01:52 PM, Salz, Rich via openssl-users wrote:
So ... this will be fun.
:)
Thanks for poking at this, folks. Please take a look at the INSTALL and README files
which do cover some of this prerequisites. And then once you've "fixed" it,
let us know what we need to
38 matches
Mail list logo