Hi,
I am preparing to upgrade to the upcomming OpenSSL 0.9.5 and ran into two
problems:
1. When loading CAfile data, SSL_CTX_load_verify_locations() returns 0,
even if certificates are available (and did work with 0.9.4).
There are no errors on the error stack to be printed, so I would have
to trace through the code to find the reason.
As of know, my software will understand the return value 0 as error
indicator and will abort; in s_server.c etc, the return value is only
used for possible printout of errors and otherwise silently ignored.
Before I spend hours digging tracing through openssl: Is there a cure
available? I remember having seen similar problems discussed before,
but no complete solution.
2. As of the latest snapshot, OpenSSL became picky of seeding the PRNG.
I have EGD available, as it was recommended for OpenSSH; the sample code
for querying it being quite simple.
a. Could you thing of including EGD support into the apps/?
b. Can you give recommondations on the number of bytes needed to seed
the PRNG? Consider me using EGD....
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]