From: [EMAIL PROTECTED]
EBCDIC... I dunno about the rest of the team, but I find the issue
full of confusion, and I can't say for sure what's the right thing to
expect from OpenSSL in this case. This is not very surprising as I
have no and have never had a EBCDIC machine to play with, and I
haven't heard any other team member mention any such machine available
either. Any EBCDIC support changes that have been made lately were
through kind contributions in form of patches from some developer that
needed to use OpenSSL.
If I understand correctly, one of the bigger issue is that PEM files
may be ASCII or EBCDIC encoded, and that there may be some confusion
about this particular detail and what is really supported, is that
correct? I can't answer, since the support is old, from the SSLeay
times, and without the possibility to verify the proper function of
OpenSSL on that platform, support becomes hesitant at best.
What we need is your help, either to figure out how things should
really be done and where they aren't done correctly, or by lending one
of us an account where we can experiment ourselves. Note, however,
that the latter will take some time, since we all have a number of
things on our plates already.
Ken.Torri> Any one,
Ken.Torri>
Ken.Torri> I issued a request for information on porting OpenSSL to EBCDIC platforms
Ken.Torri> last week but have not received any detailed response. So I am reissuing
Ken.Torri> my plea for information with addtional information.
Ken.Torri>
Ken.Torri> I work for Software AG and we have incorporated OpenSSL 0.9.6 into a
Ken.Torri> middleware transport component of ours. We have successfully done this on
Ken.Torri> NT and several Unix platforms but are struggling to port OpenSSL to OS/390
Ken.Torri> because of EBCDIC platform issues. We have gotten OpenSSL ported to OS/390
Ken.Torri> running in ascii mode but not ebcdic mode. Researching the OpenSSL email
Ken.Torri> archives it appears as if some have had success at porting to EBCDIC
Ken.Torri> playforms, hopefully one of them can be of assistance.
Ken.Torri>
Ken.Torri> What we are trying to do:
Ken.Torri> Port OpenSSL to OS/390 where the application is compiled and run in EBCDIC
Ken.Torri> mode, i.e. all manifests and literals in the compiled code are EBCDIC
Ken.Torri> encoded. We want to pass / use certificates generated on an ASCII
Ken.Torri> platform. These ASCII certificates are kept in OS/390 datasets and are
Ken.Torri> ascii.
Ken.Torri>
Ken.Torri> What we have done:
Ken.Torri> We have successfully compiled and linked OpenSSL 0.9.6 , not 0.9.6a, using
Ken.Torri> the System C compiler with CHARSET_EBCDIC defined. We hit problems during
Ken.Torri> the SSL_CTX_use_certificate_file function where we are passing a server
Ken.Torri> certificate, note certificate is in ASCII. In the
Ken.Torri> SSL_CTX_use_certificate_file processing path a call is made to PEM_read_bio
Ken.Torri> which does some checking for the "-----BEGIN CERTIFICATE-----" heading in
Ken.Torri> the certificate. This comparison checks a EBCDIC manifest against the data
Ken.Torri> in the Certificate which is ASCII and results in a non equal comparison and
Ken.Torri> a "SSL_CTX_use_certificate_file:missing asn1 eos error".
Ken.Torri>
Ken.Torri> With the System C compiler we have the capability of having all program
Ken.Torri> literals and mainfests to be compiled as ascii. Thus we have also tried
Ken.Torri> the following:
Ken.Torri> Compile our application code in EBCDIC mode.
Ken.Torri> Compile OpenSSL code with CHARSET_EBCDIC defined and the ASCII literal /
Ken.Torri> manifest generation specified.
Ken.Torri> When running in this mode we get problems very early in OpenSSL
Ken.Torri> intiialization because the C runtime functions such as sprintf expect EBCDIC
Ken.Torri> literals but are receiving ASCII literals and the format specifiers are not
Ken.Torri> detected, which results in invalid strings that lead to the initialization
Ken.Torri> problems.
Ken.Torri>
Ken.Torri>
Ken.Torri>
Ken.Torri> We have the following questions:
Ken.Torri>
Ken.Torri> Martin:
Ken.Torri> In your BS2000 port does OSD_POSIX use a EBCDIC character set? i.e. when
Ken.Torri> you compile OpenSSL code on the BS2000 are all literals and manifests
Ken.Torri> EBCDIC?
Ken.Torri>
Ken.Torri> Do you use ASCII certificates or do you generate certificates on the BS2000
Ken.Torri> that are EBCDIC pem files?
Ken.Torri>
Ken.Torri> It is our understandment that the idea behind CHARSET_EBCDIC was to allow
Ken.Torri> passing of EBCDIC text arguments to the OpenSSL api and have EBCDIC text
Ken.Torri> data returned from the OpenSSL api but all internal processing be in
Ken.Torri> ascii. Is this correct?
Ken.Torri>
Ken.Torri> If OSD_POSIX uses EBCDIC and out assumption of what CHARSET_EBCDIC does how
Ken.Torri> do you handle ASCII certificates?
Ken.Torri>
Ken.Torri>
Ken.Torri> Louis:
Ken.Torri>
Ken.Torri> Were you ever able to get OpenSSL ported successfully to the OS/390?
Ken.Torri>
Ken.Torri> Did you have to make changes besides those supplied by the CHARSET_EBCDIC
Ken.Torri> manifests?
Ken.Torri>
Ken.Torri>
Ken.Torri> Can either of you offer some advice that may progress our porting effort.
Ken.Torri>
Ken.Torri> I really appreciate any help you can provide, and I do hope the direct
Ken.Torri> contact is not an issue.
Ken.Torri>
Ken.Torri>
Ken.Torri> Thank You Very Much
Ken.Torri>
Ken.Torri> Ken Torri
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
