Re: Latest version and Win32?

1999-05-24 Thread Ralf S. Engelschall 


In article <[EMAIL PROTECTED]> you wrote:
> Ralf S. Engelschall wrote:
>> 
>> Someone on modssl-users mentioned:
>> 
>> > 6. openssl-snap-19990523-1530 has build error "NMAKE: fatal error U1073:
>> > don't know how to make '.\crypto\date.h'
>> 
>> Can someone of our Win32 experts check this and try to fix it before the
>> release tomorrow when it's really a problem. Steve? Thanks.
> 
> I've tried openssl-SNAP-19990524-0930_tar.gz and it compiles fine. The
> usual reason for this error is that the user forgot to run:
> perl Configure VC-WIN32
> first.

Ok, thanks for checking this, Steve.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: VMS patches, a correction...

1999-05-24 Thread Richard Levitte - VMS Whacker 

3moeller> >  $ GENRSA   :== $SSLEXE:OPENSSL GENRSA
3moeller> > +$ GENRSA   :== $SSLEXE:OPENSSL GENDSA
3moeller>  ^^
3moeller> GENDSA, surely?

Oops.  *blush*  Correct.  I saw in the CVS that you corrected tha
blunder.  Thank you.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-161 43  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: VMS patches, a correction...

1999-05-24 Thread Bodo Moeller 

On Mon, May 24, 1999 at 10:15:22AM +0200, Richard Levitte - VMS Whacker wrote:
> Please ignore the previous diff I sent, and use the following
> instead.
[...]
> --- VMS/openssl_utils.com 1999/05/17 12:06:06 1.1.1.1
> +++ VMS/openssl_utils.com 1999/05/23 19:37:28
> @@ -24,6 +24,7 @@
>  $ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
>  $ X509 :== $SSLEXE:OPENSSL X509
>  $ GENRSA   :== $SSLEXE:OPENSSL GENRSA
> +$ GENRSA   :== $SSLEXE:OPENSSL GENDSA
 ^^
GENDSA, surely?
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Latest version and Win32?

1999-05-24 Thread Dr Stephen Henson 

Ralf S. Engelschall wrote:
> 
> Someone on modssl-users mentioned:
> 
> > 6. openssl-snap-19990523-1530 has build error "NMAKE: fatal error U1073:
> > don't know how to make '.\crypto\date.h'
> 
> Can someone of our Win32 experts check this and try to fix it before the
> release tomorrow when it's really a problem. Steve? Thanks.
> 

I've tried openssl-SNAP-19990524-0930_tar.gz and it compiles fine. The
usual reason for this error is that the user forgot to run:
perl Configure VC-WIN32
first.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: how to make a personal certificate for IE or NS

1999-05-24 Thread Michael Stroeder 

Juan Pablo Rojas Jimenez wrote:
> 
> What you have to do is to sign a public key generated by your browser ,
> and this should be done from a web page with a form with the KEYGEN tag.

You might want to consider using my package pyCA for all these jobs:

  http://sites.inka.de/ms/python/pyca/

> SPKAC= THE PUBLIC KEY GENERATED BY NETSCAPE ( OR IE ) WITH KEYGEN

M$ IE ignores the -Tag.

Have a look at http://www.camb.opengroup.org/RI/www/prism/wwwj/ for a
good description of this stuff.

Ciao, Michael.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: R: R: A few trivial LDAP cert lookup

1999-05-24 Thread William M. Perry 

"Andrea e Luca Giacobazzi" <[EMAIL PROTECTED]> writes:

> >Your patch doesn't do _quite_ what I need it to though.  I need to allow
> >the user to configure the mapping from subject DN to LDAP DN, etc.  I'll
> >be submitting my patch when it gets working as well.  We should try and
> >merge the two so we don't have a billion patches for LDAP verification
> >floating around, kind of like the LDAP auth modules for apache. :)
> 
> Ok, of course. What I'm trying to do now is to control access on Apache
> directory with SSLRequire, depending on env var status i set in my patch,
> OCSP_LDAP_RESPONSE, but SSLRequire doesn't work and still denies
> access. I saw that the cause is that I set the env var value after
> SSLRequire check.  Any idea about that ?

I really don't know much about mod_ssl itself, just LDAP and the various
security modules we use internally :)  Sorry.

> >One thing I plan on adding to this is the ability to specify the search
> >base based on the attribute/value pairs in the subject DN.  You would
> >basically have a printf-like format string for your search base, like:
> >
> >uid=%{CN}, OU=%{OU}, OU=People, O=%{O}, C=US
> 
> I tried to perform ldap search on der attribute like
> usercertificate;binary, but I can't do that with LDAPv2 search
> filter... any suggestion ?

There is no attribute to search on binary attributes right now, which is
_really_ unfortunate.  If we could, we would not have to do any of this DN
mapping into the directory, and the configuration of this would be _MUCH_
simpler.  Maybe eventually. :)

-bp
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

info: install.w32: server name changed for perl w32 download

1999-05-24 Thread Steffen Dettmer 

Hi,

file: INSTALL.W32 Line 9 pos 42:

it seems that the URL
http://activestate.com/ActivePerl

is no longer valid (DNS couldn't get IP adress:
  *** No address (A) records available for activestate.com)
but the URL: 

http://www.activestate.com/ActivePerl
   ^^^

worked for me.

oki,

Steffen

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

No Subject

1999-05-24 Thread Erik Aronesty 




// v3_lib.c
 
void 
X509V3_EXT_cleanup(){ sk_pop_free(ext_list, 
ext_list_free); ext_list = 
NULL;    // added 
to fix problem in openssl.exe command line (and others who free/reuse the ctx 
list)}
 

Re: "options required on this system are not known"

1999-05-24 Thread Franco Papacella 


On my FreeBSD 2.2.8-stable there are '#ifdef _THREAD_SAFE' in errno.h,
stdio.h and time.h.

Additionaly I found one '#ifdef _REENTRANT' in math.h, but this one should
be irrelevant for the openssl-library, because it's only used for the
following declarations.

#ifdef _REENTRANT
extern double gamma_r __P((double, int *));
extern double lgamma_r __P((double, int *));
#endif /* _REENTRANT */

Regards, Franco


On Fri, 21 May 1999, Ulf [iso-8859-1] Möller wrote:

> On FreeBSD the Configure script prints a warning that "The library
> could not be configured for supporting multi-threaded applications as
> the compiler options required on this system are not known."
> 
> I don't know if the approach taken in Configure is optimal. Anyway,
> this is the required information from pthread(3):
> 
>  The current FreeBSD POSIX thread implementation is built in the library
>  libc_r which contains both thread-safe libc functions and the thread
>  functions.  This library replaces libc for threaded applications.
> 
>  By default, libc_r is not built as part of a 'make world'. To build and
>  install it, type:
> 
>cd /usr/src/lib/libc_r
> 
>make depend && make all && make install
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

no-shared cipher

1999-05-24 Thread Gang Lu 



Hi,
 
I tried to build a client and a server based on the example of 
cli.cpp and serv.cpp in openssl-0.9.2b. However, I always get the following erro 
message:
 
19296:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no 
shared cipher:S3_srvr.c:759
 
Could anyone give me a clue about how to solve that? 

 
Gang

R: R: A few trivial LDAP cert lookup

1999-05-24 Thread Andrea e Luca Giacobazzi 

.>Your patch doesn't do _quite_ what I need it to though.  I need to allow
the
>user to configure the mapping from subject DN to LDAP DN, etc.  I'll be
>submitting my patch when it gets working as well.  We should try and merge
the
>two so we don't have a billion patches for LDAP verification floating
around,
>kind of like the LDAP auth modules for apache. :)

Ok, of course. What I'm trying to do now is to control access on Apache
directory with SSLRequire, depending on env var status i set in my patch,
OCSP_LDAP_RESPONSE, but SSLRequire doesn't work and still denies access. I
saw that the cause is that I set the env var value after SSLRequire check.
Any idea about that ?

>
>One thing I plan on adding to this is the ability to specify the search
base
>based on the attribute/value pairs in the subject DN.  You would basically
have
>a printf-like format string for your search base, like:
>
>uid=%{CN}, OU=%{OU}, OU=People, O=%{O}, C=US

I tried to perform ldap search on der attribute like usercertificate;binary,
but I can't do that with LDAPv2 search filter... any suggestion ?

>
>Thanks for the pointers!
>

You're welcome !

Andrea


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Can you help? - openssl-SNAP-19990523-0930

1999-05-24 Thread Sydney Urshan 

>If "make" fails, please report the problem to <[EMAIL PROTECTED]>

[root openssl-SNAP-19990523-0930]# make
making all in crypto...
make[1]: Entering directory 
`/home/sites/home/openssl-SNAP-19990523-0930/crypto'
echo "#define DATE \"`date`\"" >date.h
gcc -I. -I../include -DTHREADS -D_REENTRANT -DL_ENDIAN -DTERMIO -O3 
-fomit-frame
-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM 
-DCFLAGS="\"gcc -DTHREADS
  -D_REENTRANT -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 
-Wall -DSHA1_AS
M -DMD5_ASM -DRMD160_ASM\"" -DPLATFORM="\"linux-elf\""   -c 
cryptlib.c -o cryptl
ib.o
cc1: Invalid option `486'
make[1]: *** [cryptlib.o] Error 1
make[1]: Leaving directory `/home/sites/home/openssl-SNAP-19990523-0930/crypto'
make: *** [all] Error 1
[root openssl-SNAP-19990523-0930]# ./config -t
Operating system: mips-whatever-linux2
Configuring for linux-elf
/usr/bin/perl ./Configure linux-elf
[root openssl-SNAP-19990523-0930]#

I got the same error on openssl-0.9.2b

Thanks,

Sydney Urshan
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Fixed Manually

1999-05-24 Thread Sydney Urshan 

with ./Configure linux-mips

Thanks,

Sydney Urshan
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: get current time

1999-05-24 Thread Ralf S. Engelschall 


In article <008901bea143$1eb03de0$[EMAIL PROTECTED]> you wrote:

> How can I get current time inside Apache-OpenSSL (in ssl_engine_kernel.c)
> and also sum a value in time format ?

time(3)
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re:

1999-05-24 Thread Dr Stephen Henson 

> Erik Aronesty wrote:
> 
> // v3_lib.c
> 
> void X509V3_EXT_cleanup()
> {
>  sk_pop_free(ext_list, ext_list_free);
>  ext_list = NULL;// added to fix problem in openssl.exe
> command line (and others who free/reuse the ctx list)
> }
> 
> 

Thanks for the report. This fix has now been added.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

IRIX64 build

1999-05-24 Thread Andy Polyakov 

I've got it working on IRIX64 platform. Find the patch attached. I just
want to point out that this is a temporary workaround. "Temporary" means
that I'm ready with promised SHA rewrite but as the patch is big and the
team is eager to release 0.9.3 it makes sense to wait till next cycle
when I plan to persuade the team to make [LB]_ENDIAN autodetected:-)

Andy.

*** ./crypto/sha/sha1dgst.c.origSun May  9 13:00:20 1999
--- ./crypto/sha/sha1dgst.c Sun May 23 14:51:29 1999
***
*** 216,222 
data+=SHA_CBLOCK;
sha1_block(c,p=c->data,1);
len-=SHA_CBLOCK;
! #else /* little-endian */
  #define BE_COPY(dst,src,i){   \
l = ((SHA_LONG *)src)[i];   \
Endian_Reverse32(l);\
--- 216,222 
data+=SHA_CBLOCK;
sha1_block(c,p=c->data,1);
len-=SHA_CBLOCK;
! #elif defined(L_ENDIAN)
  #define BE_COPY(dst,src,i){   \
l = ((SHA_LONG *)src)[i];   \
Endian_Reverse32(l);\
***
*** 280,286 
memcpy(p,b,SHA_CBLOCK);
sha1_block(c,p,1);
return;
! #else
if (((unsigned long)b%sizeof(SHA_LONG)) == 0)
{
SHA_LONG *q;
--- 280,286 
memcpy(p,b,SHA_CBLOCK);
sha1_block(c,p,1);
return;
! #elif defined(L_ENDIAN)
if (((unsigned long)b%sizeof(SHA_LONG)) == 0)
{
SHA_LONG *q;
*** ./crypto/sha/sha_dgst.c.origMon May 10 14:00:31 1999
--- ./crypto/sha/sha_dgst.c Sun May 23 14:51:55 1999
***
*** 211,217 
data+=SHA_CBLOCK;
sha_block(c,p=c->data,1);
len-=SHA_CBLOCK;
! #else /* little-endian */
  #define BE_COPY(dst,src,i){   \
l = ((SHA_LONG *)src)[i];   \
Endian_Reverse32(l);\
--- 211,217 
data+=SHA_CBLOCK;
sha_block(c,p=c->data,1);
len-=SHA_CBLOCK;
! #elif defined(L_ENDIAN)
  #define BE_COPY(dst,src,i){   \
l = ((SHA_LONG *)src)[i];   \
Endian_Reverse32(l);\
***
*** 275,281 
memcpy(p,b,SHA_CBLOCK);
sha_block(c,p,1);
return;
! #else
if (((unsigned long)b%sizeof(SHA_LONG)) == 0)
{
SHA_LONG *q;
--- 275,281 
memcpy(p,b,SHA_CBLOCK);
sha_block(c,p,1);
return;
! #elif defined(L_ENDIAN)
if (((unsigned long)b%sizeof(SHA_LONG)) == 0)
{
SHA_LONG *q;
*** ./Configure.origFri May 21 15:21:29 1999
--- ./Configure Fri May 21 17:35:18 1999
***
*** 134,141 
  "irix-mips3-gcc","gcc:-mips3 -O2 -DTERMIOS -DB_ENDIAN:(unknown)::MD2_CHAR RC4_INDEX 
RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:::",
  "irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS 
-DB_ENDIAN:(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:::",
  "debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:(unknown):",
! # This is the n64 mode build. (Untested!)
! "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const 
-DTERMIOS:(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT:::",
  
  # HPUX 9.X config.
  # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or gcc.
--- 134,141 
  "irix-mips3-gcc","gcc:-mips3 -O2 -DTERMIOS -DB_ENDIAN:(unknown)::MD2_CHAR RC4_INDEX 
RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:::",
  "irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS 
-DB_ENDIAN:(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:::",
  "debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:(unknown):",
! # This is the n64 mode build.
! "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS 
-DB_ENDIAN:(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:::",
  
  # HPUX 9.X config.
  # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or gcc.

Re: no-shared cipher

1999-05-24 Thread Bodo Moeller 

"Gang Lu" <[EMAIL PROTECTED]>:

> I tried to build a client and a server based on the example of cli.cpp
> and serv.cpp in openssl-0.9.2b. However, I always get the following erro
> message:

> 19296:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:S3_srvr.c:759

> Could anyone give me a clue about how to solve that?

This could indicate that you did not set a certificate and key for
the server (maybe you tried to, but it failed and you did not check
the error messages).  What does SSL_CTX_check_private_key say?
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: how to make a personal certificate for IE or NS

1999-05-24 Thread Juan Pablo Rojas Jimenez 

What you have to do is to sign a public key generated by your browser ,
and this should be done from a web page with a form with the KEYGEN tag.

With the form you must generate a file conatining the data of the
requester of the certificate , something like this :


countryName = ES
stateOrProvinceName = MADRID
localityName = BOADILLA DEL MONTE
organizationName = UNIVERSIDAD POLITECNICA DE MADRID
organizationalUnitName = DLSIIS
commonName = Juan Pablo Rojas Jimenez
Email = [EMAIL PROTECTED]
SPKAC= THE PUBLIC KEY GENERATED BY NETSCAPE ( OR IE ) WITH KEYGEN


Once you have the netscape public key ,  sign it with the ca command  (
-spkac option ) .
 ca -spkac data_of_the_requester -key  your CA key  -batch   >
certificate_file

And you should make httpd to export it as a user cert  ( adding it as a
mime type ), I'm not sure if you can load it to your browser  directly,
because it doesn't know that it's a certificate, there's something about
this in /doc ,i think.

I haven't done this for IE , but i'm sure there's something
diferent   ;-)







begin:vcard 
n:Rojas Jimenez;Juan Pablo
x-mozilla-html:FALSE
org:Faculad de Informática;DDpto. de Lenguajes y Sistemas Infotmáticos.
adr:;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Laboratorio de Teleinformática
x-mozilla-cpt:;-31968
fn:Juan Pablo Rojas Jimenez
end:vcard

VMS patches, a correction...

1999-05-24 Thread Richard Levitte - VMS Whacker 

Please ignore the previous diff I sent, and use the following
instead.  VMS/00README.1st is still to be removed.

Index: INSTALL.VMS
===
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/INSTALL.VMS,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 INSTALL.VMS
--- INSTALL.VMS 1999/05/21 07:28:35 1.1.1.2
+++ INSTALL.VMS 1999/05/24 08:06:47
@@ -83,6 +83,10 @@
 you have at least done a @MAKEVMS DATE and a @MAKEVMS SOFTLINKS.
 A lot of things will break if you don't.
 
+Note 3: Alpha users will get a number of informational messages when
+compiling the [.asm]vms.mar file in the BN (bignum) part of
+the crypto library.  These can be safely ignored.
+
 Test:
 =
 
@@ -105,6 +109,9 @@
  is the directory in which everything will be installed,
 subdirectories, libraries, header files, programs and startup command
 procedures.
+
+N.B.: INSTALL.COM builds a new directory structure, different from
+the directory tree where you have now build OpenSSL.
 
 In the [.VMS] subdirectory of the installation, you will find the
 following command procedures:
Index: makevms.com
===
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/makevms.com,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 makevms.com
--- makevms.com 1999/05/21 07:28:42 1.1.1.3
+++ makevms.com 1999/05/23 01:22:06
@@ -47,6 +47,7 @@
 $!   DECC   For DEC C.
 $!   GNUC   For GNU C.
 $!   LINK   To only link the programs from existing object files.
+$!   (not yet implemented)
 $!
 $! If you don't speficy a compiler, it will try to determine which
 $! "C" compiler to use.
@@ -669,7 +670,7 @@
 $!
 $!  Check To See If The User Entered A Valid Paramter.
 $!
-$   IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC").OR.(P4.EQS."LINK")
+$   IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC")!.OR.(P4.EQS."LINK")
 $   THEN
 $!
 $!Check To See If The User Wanted To Just LINK.
Index: VMS/TODO
===
RCS file: TODO
diff -N TODO
--- /dev/null   Mon May 24 10:05:05 1999
+++ /tmp/cvsUAAmIS7P_   Mon May 24 10:07:21 1999
@@ -0,0 +1,18 @@
+TODO:
+=
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <[EMAIL PROTECTED]> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <[EMAIL PROTECTED]>
+1999-05-24
Index: VMS/openssl_utils.com
===
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/VMS/openssl_utils.com,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 openssl_utils.com
--- VMS/openssl_utils.com   1999/05/17 12:06:06 1.1.1.1
+++ VMS/openssl_utils.com   1999/05/23 19:37:28
@@ -24,6 +24,7 @@
 $ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
 $ X509 :== $SSLEXE:OPENSSL X509
 $ GENRSA   :== $SSLEXE:OPENSSL GENRSA
+$ GENRSA   :== $SSLEXE:OPENSSL GENDSA
 $ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
 $ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
 $ SPEED:== $SSLEXE:OPENSSL SPEED
@@ -33,3 +34,5 @@
 $ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
 $ SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
 $ CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
+$ NSEQ :== $SSLEXE:OPENSSL NSEQ
+$ PKCS12   :== $SSLEXE:OPENSSL PKCS12


Thank you.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-161 43  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[STATUS] OpenSSL (Sun 23-May-1999)

1999-05-24 Thread OpenSSL Project 


  OpenSSL STATUS   Last modified at
  __   $Date: 1999/05/20 01:42:57 $

  DEVELOPMENT STATE

o  OpenSSL 0.9.3:  Freezed... only bugfixes and cleanups allowed!
   Proposed release date: Mon May 24th, 1999
   Release manager: Ben Laurie <[EMAIL PROTECTED]>
   !! Important: Any non-bugfix, non-cleanup
   !! and non-documentation commits should
   !! be approved by Ben, first.

o  OpenSSL 0.9.2b: Released on March22th, 1999
o  OpenSSL 0.9.1c: Released on December 23th, 1998

  RELEASE SHOWSTOPPERS

o BSD/OS: assembler functions must not have leading underscores

  AVAILABLE PATCHES

o OCSP ([EMAIL PROTECTED]) 
o getenv in ca.c and x509_def.c ([EMAIL PROTECTED])

  IN PROGRESS

o Steve is currently working on (in no particular order):
Proper (or at least usable) certificate chain verification.
Documentation on X509 V3 extension code.
PKCS #8 and PKCS#5 v2.0 support.
Private key, certificate and CRL API and implementation.
Checking and bugfixing PKCS#7 (S/MIME code).

o Mark is currently working on:
Folding in any changes that are in the C2Net code base that were
not in the original SSLeay-0.9.1.b release.  Plus other minor
tidying.

o Ralf is currently working on:
1. Support for SSL_set_default_verify_paths(),
   SSL_load_verify_locations(), SSL_get_cert_store() and
   SSL_set_cert_store() functions which work like their existing
   SSL_CTX_xxx() variants but on a per connection basis. That's needed
   to let us provide full-featured per-URL client verification in
   mod_ssl or Apache-SSL.
   => It still dumps core, so I suspend this and investigate
  again for OpenSSL 0.9.3.
2. The perl/ stuff to make it really work the first time ;-)
   => I'll investigate a few more hours for OpenSSL 0.9.2
3. The new documentation set in POD format under doc/
   => I'll investigate a few more hours for OpenSSL 0.9.2
4. More cleanups to get rid of obsolete/old/ugly files in the
   source tree which are not really needed.
   => Done all which were possible with my personal knowledge

o Ben is currently working on:
1. Function Prototype Thought Police issues.
2. Integrated documentation.
3. New TLS Ciphersuites.
4. Anything else that takes his fancy.

  NEEDS PATCH

o  broken demos
o  [EMAIL PROTECTED] (Rich Salz): Bug in X509_name_print
   <[EMAIL PROTECTED]>
o  [ Compilation warnings: ctype-related int vs. char ]
   => now casts (unsigned char), maybe those arrays should have
  members of that type rather than plain char (i.e.
  unsigned char *p; ; if (isspace(*p)) ...; where it's now
  char *p; ; if (isspace((unsigned char)*p)) ...;)
o  $(PERL) in */Makefile.ssl
o  "Sign the certificate?" - "n" creates empty certificate file
o  dubious declaration of crypt() in des.h

  OPEN ISSUES

o  The Makefile hierarchy and build mechanism is still not a round thing:

   1. The config vs. Configure scripts
  It's the same nasty situation as for Apache with APACI vs.
  src/Configure. It confuses.
  Suggestion: Merge Configure and config into a single configure
  script with a Autoconf style interface ;-) and remove
  Configure and config. Or even let us use GNU Autoconf
  itself. Then we can avoid a lot of those platform checks
  which are currently in Configure.

o  Support for Shared Libraries has to be added at least
   for the major Unix platforms. The details we can rip from the stuff
   Ralf has done for the Apache src/Configure script. Ben wants the
   solution to be really simple.

   Status: Ralf will look how we can easily incorporate the
   compiler PIC and linker DSO flags from Apache
   into the OpenSSL Configure script.

o  The perl/ stuff needs a major overhaul. Currently it's
   totally obsolete. Either we clean it up and enhance it to be up-to-date
   with the C code or we also could replace it with the really nice
   Net::SSLeay package we can find under
   http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
   longer time and it works fine and is a nice Perl module. Best would be
   to convince the author to work for the OpenSSL project and create a
   Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
   us.

   Status: Ralf thinks we should both contact the author of Net::SSLeay
   and look how much effort it is to bring Eric's perl/ stuff up
   to date.
   Paul +1

o

I want document openSSL library.

1999-05-24 Thread Carles 

Hello,

I would like to be the person who makes the openSSL library
documentation.
How begin ?
Who may help me ?
Dou you have some notes about the library ?

Greetings.
Carles Xavier Munyoz Baldo.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Reference manual.

1999-05-24 Thread Carles 

Hello,

Is there any manual reference for the openSSL library ?
If not, when will be some docs avaible ?

Where could I find source code examples ?

Many thanks.
Carles Xavier Munyoz Baldo.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Small last (I certainly hope) changes for VMS

1999-05-24 Thread Richard Levitte - VMS Whacker 

To begin with, please remove VMS/00README.1st.  It's obsolete.  Then
please apply the following changes/additions (VMS/TODO is new):

Index: INSTALL.VMS
===
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/INSTALL.VMS,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 INSTALL.VMS
--- INSTALL.VMS 1999/05/21 07:28:35 1.1.1.2
+++ INSTALL.VMS 1999/05/24 07:22:16
@@ -106,6 +106,9 @@
 subdirectories, libraries, header files, programs and startup command
 procedures.
 
+N.B.: INSTALL.COM builds a new directory structure, different from
+the directory tree where you have now build OpenSSL.
+
 In the [.VMS] subdirectory of the installation, you will find the
 following command procedures:
 
Index: makevms.com
===
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/makevms.com,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 makevms.com
--- makevms.com 1999/05/21 07:28:42 1.1.1.3
+++ makevms.com 1999/05/23 01:22:06
@@ -47,6 +47,7 @@
 $!   DECC   For DEC C.
 $!   GNUC   For GNU C.
 $!   LINK   To only link the programs from existing object files.
+$!   (not yet implemented)
 $!
 $! If you don't speficy a compiler, it will try to determine which
 $! "C" compiler to use.
@@ -669,7 +670,7 @@
 $!
 $!  Check To See If The User Entered A Valid Paramter.
 $!
-$   IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC").OR.(P4.EQS."LINK")
+$   IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC")!.OR.(P4.EQS."LINK")
 $   THEN
 $!
 $!Check To See If The User Wanted To Just LINK.
Index: VMS/TODO
===
RCS file: TODO
diff -N TODO
--- /dev/null   Mon May 24 09:05:06 1999
+++ /tmp/cvsUAAtxZ6b_   Mon May 24 09:43:14 1999
@@ -0,0 +1,18 @@
+TODO:
+=
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <[EMAIL PROTECTED]> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <[EMAIL PROTECTED]>
+1999-05-24
Index: VMS/openssl_utils.com
===
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/VMS/openssl_utils.com,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 openssl_utils.com
--- VMS/openssl_utils.com   1999/05/17 12:06:06 1.1.1.1
+++ VMS/openssl_utils.com   1999/05/23 19:37:28
@@ -24,6 +24,7 @@
 $ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
 $ X509 :== $SSLEXE:OPENSSL X509
 $ GENRSA   :== $SSLEXE:OPENSSL GENRSA
+$ GENRSA   :== $SSLEXE:OPENSSL GENDSA
 $ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
 $ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
 $ SPEED:== $SSLEXE:OPENSSL SPEED
@@ -33,3 +34,5 @@
 $ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
 $ SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
 $ CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
+$ NSEQ :== $SSLEXE:OPENSSL NSEQ
+$ PKCS12   :== $SSLEXE:OPENSSL PKCS12


Thank you.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-161 43  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]