Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:36 PM, Norm Green wrote: Hi Dennis, You're right, I did modify the config file... I have managed to get to the link stage here and ran into some odd syntax issue. Have to dig around and see what LDCMD was intended to be. ${LDCMD:-/opt/developerstudio12.6/bin/cc}

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

https://github.com/openssl/openssl/pull/5423 On 2/20/18, 2:10 PM, "Salz, Rich via openssl-users" wrote: I agree, let's just use malloc for the reasons you said. PR later today. On 2/20/18, 2:08 PM, "Viktor Dukhovni" wrote:

[openssl-users] OpenSSL Version Definitions Issue on ARM

Hi, I am attempting to crosscompile openssl for ARM and am having some issues when linking an external application to the crosscompiled OpenSSL version. I am compiling OpenSSL like so: ./Configure linux-generic32 shared \ --prefix=/openssl_libs \ --openssldir=/openssl_libs \

Re: [openssl-users] Loading CA from memory

Thanks Viktor As usual, Your answer throws light. Now, it is time to get started. Will revert if got obstructed on the way On Wed, Feb 21, 2018 at 9:58 AM, Viktor Dukhovni wrote: > > > > On Feb 20, 2018, at 12:58 PM, Devchandra L Meetei > wrote:

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

In message <6088d4cb-7566-c216-1e28-0892641cd...@blastwave.org> on Tue, 20 Feb 2018 21:17:32 -0500, Dennis Clarke said: dclarke> Have to dig around and see what LDCMD was intended to be. LDCMD is a convenience variable for some users to specify a different command than

Re: [openssl-users] Loading CA from memory

> On Feb 20, 2018, at 12:58 PM, Devchandra L Meetei wrote: > > By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl? The basic functionality is already there: If you want to parse in-memory PEM, see the use of PEM_X509_INFO_read_bio() [needs

Re: [openssl-users] Combining certificate and key in PEM format into a P12 file without knowing the key password?

On 20/02/2018 11:04, Tobias Dussa (SCC) wrote: Hi, I was wondering whether it was possible somehow to take a certificate and an enciphered private key, both in .pem format, and combine them into a PKCS12 structure without knowing the key passphrase? Googling does not reveal much useful

[openssl-users] Combining certificate and key in PEM format into a P12 file without knowing the key password?

Hi, I was wondering whether it was possible somehow to take a certificate and an enciphered private key, both in .pem format, and combine them into a PKCS12 structure without knowing the key passphrase? Googling does not reveal much useful information, unfortunately, and so far we have been

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

Would making buf a union also avoid the problem? union { unsigned long dummy[2]; char buf[DATA_BUF_SIZE]; } d and then replace 'buf' with 'd.buf' in the code? On 2/20/18, 12:00 AM, "Viktor Dukhovni" wrote: On Mon, Feb 19, 2018 at 01:45:26PM -0800, Norm

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Norm Green > Sent: Monday, February 19, 2018 17:02 > To: Benjamin Kaduk; openssl-users@openssl.org > Subject: Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC > > For the failure in secmemtst, it appears

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On Tue, Feb 20, 2018 at 01:26:02PM +, Salz, Rich via openssl-users wrote: > Would making buf a union also avoid the problem? > > union { unsigned long dummy[2]; char buf[DATA_BUF_SIZE]; } d > and then replace 'buf' with 'd.buf' in the code? If alignment of "buf" is the issue, then yes,

Re: [openssl-users] How to make OpenSSL engine usage application specific?

> On Mon, 19 Feb 2018 Jayalakshmi Bhat wrote: > > Engine usage is application specific.There are couple of applications > dependent on RSA TPM? engine. And are few applications dependent on > RSA smart card engine.? > > We wanted to know if there are any APIs provided by OpenSSL to make the >

Re: [openssl-users] Loading CA from memory

On 20/02/2018 16:38, Devchandra L Meetei wrote: I have been looking for  API like `SSL_CTX_load_verify_mem` which will load CA[s] from mem buffer. Looks like OpenSSL does not have it yet, Is there any other way to work around this ? I think it can be done step by step, at least in 1.0.x:

Re: [openssl-users] Combining certificate and key in PEM format into a P12 file without knowing the key password?

Hi, On Wed, Feb 21, 2018 at 01:04:17AM +0900, Frank Migge wrote: > >> the question remains: Is there a way to reuse an already-encrypted privkey? > I'd say yes it *could* work, but not with OpenSSL API functions. You'd > have to roll your own code for the PKCS12 creation. > OpenSSL's

[openssl-users] Loading CA from memory

I have been looking for API like `SSL_CTX_load_verify_mem` which will load CA[s] from mem buffer. Looks like OpenSSL does not have it yet, Is there any other way to work around this ? -- Warm Regards --Dev OpenPegasus Developer "I'm one of those people that think Thomas Edison and the light

Re: [openssl-users] Combining certificate and key in PEM format into a P12 file without knowing the key password?

Hi, On Tue, Feb 20, 2018 at 01:27:51PM +, Viktor Dukhovni wrote: > > In the commonly accepted variants of PKCS#12, private key and all the > > certificates are encrypted with the same password.  PKCS#12 with > > different password for private key and certificates is not widely > > supported.

Re: [openssl-users] Combining certificate and key in PEM format into a P12 file without knowing the key password?

Hi Toby, >> the question remains: Is there a way to reuse an already-encrypted privkey? I'd say yes it *could* work, but not with OpenSSL API functions. You'd have to roll your own code for the PKCS12 creation. OpenSSL's PKCS12_create() function expects an unencrypted EVP_PKEY object. But,

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

Hi Viktor, Your patch tests clean, however there is an easier way which avoids malloc: Norm Index: test/asn1_encode_test.c === --- test/asn1_encode_test.c (revision 43654) +++ test/asn1_encode_test.c (working copy) @@

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 12:47 PM, Norm Green wrote: On 2/20/2018 5:43 AM, Michael Wojcik wrote: Not by default. The comments in /usr/include/sys/feature_tests.h (on a Solaris system) explain this in excruciating detail, but in short you need either -DPOSIX_C_SOURCE=200112L or -D_XOPEN_SOURCE=600 (or the

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

Just download and build v1.1.1 pre alpha 1 on Solaris.  It's on ftp.openssl.org.  That's all I did.  Configure using solaris64-sparcv9-cc .  I'm using Solaris studio 12.3. Norm On 2/20/2018 10:01 AM, Dennis Clarke wrote: On 20/02/18 12:47 PM, Norm Green wrote: On 2/20/2018 5:43 AM, Michael

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:50 PM, Dennis Clarke wrote: On 20/02/18 01:36 PM, Norm Green wrote: Making progress here ... /opt/developerstudio12.6/bin/c99 -I. -Icrypto/include -Iinclude -errfmt=error -erroff=%none -errshort=full -xstrconst -xildoff -m64 -xmemalign=8s -xnolibmil -Xc -xcode=pic32

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

>-- Original Message -- > >On 20/02/18 12:47 PM, Norm Green wrote: >> On 2/20/2018 5:43 AM, Michael Wojcik wrote: >>> Not by default. The comments in /usr/include/sys/feature_tests.h (on a >>> Solaris system) explain this in excruciating detail, but in short you >>> need either

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 02:06 PM, Erik Forsberg wrote: -- Original Message -- On 20/02/18 12:47 PM, Norm Green wrote: On 2/20/2018 5:43 AM, Michael Wojcik wrote: <... snippage ...> I also tried building with c99 instead of cc, without success. I build my Solaris OpenSSL binaries using studo

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

> On Feb 20, 2018, at 11:36 AM, Norm Green > wrote: > > Your patch tests clean, however there is an easier way which avoids malloc: Great, so it was the unaligned "buf". Great. As for malloc vs. tricks to align the stack-based array, I see little need to

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

I agree, let's just use malloc for the reasons you said. PR later today. On 2/20/18, 2:08 PM, "Viktor Dukhovni" wrote: > On Feb 20, 2018, at 11:36 AM, Norm Green wrote: > > Your patch tests clean, however

Re: [openssl-users] Has client validated successfully?

On Tue, Feb 13, 2018 at 9:33 AM, Emmanuel Deloget wrote: > Hello, > > On Tue, Feb 13, 2018 at 7:14 AM, Kyle Hamilton wrote: > > > The only thing that the server can know is whether the client has > > terminated the connection with a fatal alert. If the

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

Hi Dennis, You're right, I did modify the config file, sorry.  I did it so long ago I had forgotten.  I will email it to you shortly. Norm On 2/20/2018 10:14 AM, Dennis Clarke wrote: On 20/02/18 01:11 PM, Norm Green wrote: Just download and build v1.1.1 pre alpha 1 on Solaris.  It's on

Re: [openssl-users] Has client validated successfully?

On 02/20/2018 06:34 PM, J Decker wrote: > Yes that is true however here's the scenario. > Client does a verification and passes or fails, and via the SSL layer I can > query if the client validated the certificate. > If it failed, provide a option for the client to get a

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

> So ... this will be fun. :) Thanks for poking at this, folks. Please take a look at the INSTALL and README files which do cover some of this prerequisites. And then once you've "fixed" it, let us know what we need to change!! -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:11 PM, Norm Green wrote: Just download and build v1.1.1 pre alpha 1 on Solaris.  It's on ftp.openssl.org.  That's all I did.  Configure using solaris64-sparcv9-cc .  I'm using Solaris studio 12.3. Did you modify the Configure file ? Last time I looked the CFLAGS as well as

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:11 PM, Norm Green wrote: Just download and build v1.1.1 pre alpha 1 on Solaris.  It's on ftp.openssl.org.  That's all I did.  Configure using solaris64-sparcv9-cc .  I'm using Solaris studio 12.3. Let's have a look. corv $ uname -a SunOS corv 5.10 Generic_150400-59 sun4u

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:36 PM, Norm Green wrote: Hi Dennis, You're right, I did modify the config file, sorry.  I did it so long ago I had forgotten.  I will email it to you shortly. Not a problem .. everyone does. I mean look at this mess if you don't : corv $ ./Configure shared zlib threads

Re: [openssl-users] Has client validated successfully?

No, you cannot query the SSL layer to know if the client validated the certificate. SSL/TLS don't provide any means of querying the remote side. Here's how the workflow works: 1) client doesn't trust certificate, doesn't override distrust: connection closes with fatal unknown_ca or

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 2/20/2018 5:43 AM, Michael Wojcik wrote: Not by default. The comments in /usr/include/sys/feature_tests.h (on a Solaris system) explain this in excruciating detail, but in short you need either -DPOSIX_C_SOURCE=200112L or -D_XOPEN_SOURCE=600 (or the equivalent in the code) to compile with

Re: [openssl-users] Loading CA from memory

Thanks Jakob for the hint Let me try out the suggested approach. By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl? On Tue, Feb 20, 2018 at 9:23 PM, Jakob Bohm wrote: > On 20/02/2018 16:38, Devchandra L Meetei wrote: > >> I have been looking for

Re: [openssl-users] Combining certificate and key in PEM format into a P12 file without knowing the key password?

Hi, On Tue, Feb 20, 2018 at 12:23:14PM +0100, Jakob Bohm wrote: > >Googling does not reveal much useful information, unfortunately, and so far > >we > >have been unsuccessfully diving into PKCS12/8/5 specs. I don't really see a > >reason why it should not be possible, but of course that doesn't

Re: [openssl-users] Combining certificate and key in PEM format into a P12 file without knowing the key password?

On Tue, Feb 20, 2018 at 12:23:14PM +0100, Jakob Bohm wrote: > > I was wondering whether it was possible somehow to take a certificate and an > > enciphered private key, both in .pem format, and combine them into a PKCS12 > > structure without knowing the key passphrase? > > In the commonly

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:52 PM, Salz, Rich via openssl-users wrote: So ... this will be fun. :) Thanks for poking at this, folks. Please take a look at the INSTALL and README files which do cover some of this prerequisites. And then once you've "fixed" it, let us know what we need to