[openssl.org #644] [PATCH] implementation of crl numbers in openssl-0.9.7b (and cvs branch)

2003-06-13 Thread Laurent Genier via RT 

Hello,

I've already sent this mail to openssl-dev, and saw a little bit later that a request 
tracker was set up.
So, i forward it to you.


Here are 2 tars including diff files to implement CRL numbers in ca's CRL generation.
File changed are: app/ca.c, apps/openssl.cnf and crypto/x509v3/v3_int.c

--
First tar includes changes applied to the 0.9.7b branch (fully tested by myself)
--
Second one includes changes applied to the cvs version of ca.c and openssl.cnf taken 
from cvsweb.
(I've used the new save_serial() and the new rotate_serial(), much easier !!)
As i've no access to a cvs tarball, i haven't been able to test my changes.
I hope my changes will work without modifications.
--

If you have any question, suggestion or flame, don't hesitate to contact me.

I'd love to see crl numbers implemented in the next openssl release, so if it needed
more work, i'll be happy to help.  

Best regards,

Laurent Genier.

---
Email : Laurent Genier <[EMAIL PROTECTED]>
INTRINsec  Sécurité informatique
205 avenue Georges Clemenceau 92024 Nanterre Cedex - 01 41 91 77 77
Visitez notre laboratoire de veille : http://citadelle.intrinsec.com




 <>  <> 
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #644] [PATCH] implementation of crl numbers in openssl-0.9.7b (and cvs branch)

2003-06-13 Thread Stephen Henson via RT 

[EMAIL PROTECTED] - Fri Jun 13 22:27:37 2003]:

> Hello,
> 
> I've already sent this mail to openssl-dev, and saw a little bit later
> that a request tracker was set up.
> So, i forward it to you.
> 
> 
> Here are 2 tars including diff files to implement CRL numbers in ca's
> CRL generation.
> File changed are: app/ca.c, apps/openssl.cnf and
> crypto/x509v3/v3_int.c
> 
> --
> First tar includes changes applied to the 0.9.7b branch (fully tested
> by myself)
> --
> Second one includes changes applied to the cvs version of ca.c and
> openssl.cnf taken from cvsweb.
> (I've used the new save_serial() and the new rotate_serial(), much
> easier !!)
> As i've no access to a cvs tarball, i haven't been able to test my
> changes.
> I hope my changes will work without modifications.
> --
> 
> If you have any question, suggestion or flame, don't hesitate to
> contact me.
> 
> I'd love to see crl numbers implemented in the next openssl release,
> so if it needed
> more work, i'll be happy to help.
> 

Thanks for the contribution, most of the changes seem reasonable and
should certainly make it into 0.9.8.

However I think that X509_CRL_set_crlnumber() should instead convert the
BIGNUM to an ASN1_INTEGER then make use of the standard function
X509_CRL_add1_ext_i2d() passing the ASN1_INTEGER into the value
parameter. This should set the CRL number using a portable call and
avoid having to access structure internals.

Also if you do that the changes in v3_int.c are no longer needed.

Please contact me if you want more info about how to do that.

Steve.



__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #644] [PATCH] implementation of crl numbers in openssl-0.9.7b (and cvs branch)

2003-06-13 Thread Frédéric Giudicelli 
Depuis quand tu t'es remis au dev sous openssl ?
Je croyais que tu avais tout oublié du C le jour où t'es devenu DT :)

Frédéric Giudicelli
http://www.newpki.org


- Original Message - 
From: "Laurent Genier via RT" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, June 13, 2003 10:27 PM
Subject: [openssl.org #644] [PATCH] implementation of crl numbers in
openssl-0.9.7b (and cvs branch)


>
> Hello,
>
> I've already sent this mail to openssl-dev, and saw a little bit later
that a request tracker was set up.
> So, i forward it to you.
>
>
> Here are 2 tars including diff files to implement CRL numbers in ca's CRL
generation.
> File changed are: app/ca.c, apps/openssl.cnf and crypto/x509v3/v3_int.c
>
> --
> First tar includes changes applied to the 0.9.7b branch (fully tested by
myself)
> --
> Second one includes changes applied to the cvs version of ca.c and
openssl.cnf taken from cvsweb.
> (I've used the new save_serial() and the new rotate_serial(), much easier
!!)
> As i've no access to a cvs tarball, i haven't been able to test my
changes.
> I hope my changes will work without modifications.
> --
>
> If you have any question, suggestion or flame, don't hesitate to contact
me.
>
> I'd love to see crl numbers implemented in the next openssl release, so if
it needed
> more work, i'll be happy to help.
>
> Best regards,
>
> Laurent Genier.
>
> ---
> Email : Laurent Genier <[EMAIL PROTECTED]>
> INTRINsec  Sécurité informatique
> 205 avenue Georges Clemenceau 92024 Nanterre Cedex - 01 41 91 77 77
> Visitez notre laboratoire de veille : http://citadelle.intrinsec.com
>
>
>
>
>  <>  <>
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #629] Custom error handling

2003-06-13 Thread Frédéric Giudicelli 
Here are the patch (crypto/err), have been generated from
openssl-SNAP-20030612:
added: "int disabled;" to ERR_STATE and the following functions:
- ERR_disable
- ERR_enable
- ERR_force_enable (since I'm using a counter, it might be necessary)
- ERR_get_lock_status
- ERR_set_lock_status

The functions "ERR_force_enable", "ERR_get_lock_status" and
"ERR_set_lock_status" have been added for the following case of use:

...
ERR_disable();
foo1();
ERR_enable();
...

void foo1()
{
...
ERR_disable();
foo2();
ERR_enable();
...
}

void foo2() //This function absolutely needs some error feedback
{
int err_status;
...
err_status = ERR_get_lock_status();
ERR_force_enable();
ERR_print_errors_fp(stderr);
ERR_set_lock_status(err_status);
...
}

That's pretty much all I need for error disabling, nothing too fancy like
disabling errors handling for all threads contexts.

Frédéric Giudicelli
http://www.newpki.org


- Original Message - 
From: "Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, June 12, 2003 12:33 AM
Subject: Re: [openssl.org #629] Custom error handling


> In message <[EMAIL PROTECTED]> on Thu, 12 Jun 2003
00:22:28 +0200, Frédéric Giudicelli <[EMAIL PROTECTED]> said:
>
> groups> Ok, I'll wait for you to tell me when the update on the error
> groups> handling will be done, I'll take it from there.
>
> If you mean to ask for when the new functions ERR_set_mark() and
> ERR_pop_to_mark() will be committed, they already are.  They will be
> visible in tomorrow's snapshot.
>
> -- 
> Richard Levitte   \ Tunnlandsvägen 3  \ [EMAIL PROTECTED]
> [EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-8-26 52 47
> \  SWEDEN   \ or +46-708-26 53 44
> Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
> Member of the OpenSSL development team: http://www.openssl.org/
>
> Unsolicited commercial email is subject to an archival fee of $400.
> See  for more info.
>


err.h.patch
Description: Binary data


err.c.patch
Description: Binary data