Re: Elliptic Curve Cryptography in OpenSSL
Deryck Henson wrote: Any ideas on the implementation of ECC into the OpenSSL releases any time soon? If so, when? Thanks, hmm, there's some ecc crypto in 0.9.8-dev. Nils __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Request Tracker - 403 Forbidden
Hi folks, I cannot reach the Request Tracker as listed on the support page ... http://www.aet.tu-cottbus.de/rt2/ returns 403 Forbidden, without even asking for credentials. Is it just me, or something happened with this location? Thanks, Gyorgy __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: [CVS] OpenSSL: openssl/crypto/ cryptlib.c
Hi Richard, Is that a generic Itanium routine or is that specifically for 32-bit? The only reason I ask is that we compile for both 32 and 64-bit address pointers when putting together our VMS kit. Thanks, Kevin. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Levitte Sent: Thursday, April 21, 2005 5:10 AM To: [EMAIL PROTECTED] Subject: [CVS] OpenSSL: openssl/crypto/ cryptlib.c OpenSSL CVS Repository http://cvs.openssl.org/ Server: cvs.openssl.org Name: Richard Levitte Root: /e/openssl/cvs Email: [EMAIL PROTECTED] Module: openssl Date: 21-Apr-2005 11:10:19 Branch: HEAD Handle: 2005042110101900 Modified files: openssl/crypto cryptlib.c Log: Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where util/libeay.num is important when building shared libraries, like VMS. Summary: RevisionChanges Path 1.58+2 -0 openssl/crypto/cryptlib.c patch -p0 '@@ .' Index: openssl/crypto/cryptlib.c $ cvs diff -u -r1.57 -r1.58 cryptlib.c --- openssl/crypto/cryptlib.c 13 Apr 2005 15:41:11 - 1.57 +++ openssl/crypto/cryptlib.c 21 Apr 2005 09:10:19 - 1.58 @@ -569,6 +569,8 @@ } #endif +#else +unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } #endif #if !defined(OPENSSL_CPUID_SETUP) void OPENSSL_cpuid_setup(void) {} @@ . __ OpenSSL Project http://www.openssl.org CVS Repository Commit List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Request Tracker - 403 Forbidden
On Fri, Apr 22, 2005 at 12:56:27PM +0200, Gyorgy Camaszotisz wrote: Hi folks, I cannot reach the Request Tracker as listed on the support page ... http://www.aet.tu-cottbus.de/rt2/ returns 403 Forbidden, without even asking for credentials. Is it just me, or something happened with this location? We had a hard disk problem that seems to be resolved now. Please excuse any inconvenience, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl ca: generate subjectAltName from config
Hello, is there a special reason that openssl ca has only functionality to copy the emailAddress from the subject name to the subjectAltName extension ? Or would something like the attached patch acceptable ? This patch extends the syntax of the subjectAltName entry of the config file section with the extensions in the way that the flags copy and move are recognized for all names. Additionally it allows to specify the name entry type in the subject name that is moved/copied. for example: In my local openssl.cnf I have the entry: subjectAltName = DNS:copy:commonName,DNS:mydyndnsorgdomain.dyndns.org An issued certificate gets 2 subjectAltNames: 1. a copy of the common name (inserted as dnsDomain name) 2. the general dnsDomain name mydyndnsorgdomain.dyndns.org. This allows me to access the host with the external and the internal host name without the accessing program generating an error message about a mismatching domain name. Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many Index: crypto/x509v3/v3_alt.c === RCS file: /cvs/openssl/crypto/x509v3/v3_alt.c,v retrieving revision 1.33 diff -u -r1.33 v3_alt.c --- crypto/x509v3/v3_alt.c 27 Dec 2003 14:40:01 - 1.33 +++ crypto/x509v3/v3_alt.c 22 Apr 2005 13:52:11 - @@ -63,7 +63,9 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); +static int copy_name(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + GENERAL_NAMES *gens, + const char *type, const char *field, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); @@ -304,6 +306,7 @@ { GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; + const char *value; int i; if(!(gens = sk_GENERAL_NAME_new_null())) { X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); @@ -311,17 +314,23 @@ } for(i = 0; i sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if(!name_cmp(cnf-name, email) cnf-value - !strcmp(cnf-value, copy)) { - if(!copy_email(ctx, gens, 0)) goto err; - } else if(!name_cmp(cnf-name, email) cnf-value - !strcmp(cnf-value, move)) { - if(!copy_email(ctx, gens, 1)) goto err; - } else { - GENERAL_NAME *gen; - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - sk_GENERAL_NAME_push(gens, gen); + if (cnf-value cnf-value[0]) { + if (!name_cmp(cnf-value,copy)) { +value = cnf-value+4; +if (value[0] == '.' || value[0] == ':')value++; +if(!copy_name(method,ctx,gens,cnf-name,value,0)) + goto err; + } else if (!name_cmp(cnf-value,move)) { +value = cnf-value+4; +if (value[0] == '.') value++; +if(!copy_name(method,ctx,gens,cnf-name,value,1)) + goto err; + } else { +GENERAL_NAME *gen; +if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; +sk_GENERAL_NAME_push(gens, gen); + } } } return gens; @@ -330,44 +339,76 @@ return NULL; } -/* Copy any email addresses in a certificate or request to +/* Copy any fields of given type in a certificate or request to * GENERAL_NAMES */ -static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) +static int copy_name(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + GENERAL_NAMES *gens, + const char *type, const char *field, int move_p) { X509_NAME *nm; - ASN1_IA5STRING *email = NULL; X509_NAME_ENTRY *ne; - GENERAL_NAME *gen = NULL; + CONF_VALUEcv = { NULL,(char*)type,NULL }; + GENERAL_NAME *gen = NULL; + unsigned char*str = NULL; + int nid = 0; + int len; int i; if(ctx-flags == CTX_TEST) return 1; - if(!ctx || (!ctx-subject_cert !ctx-subject_req)) { +if(!ctx || (!ctx-subject_cert !ctx-subject_req)) { X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); goto err; } - /* Find the subject name */ +/* get the type of name entry to operate on in the DN */ + if (field field[0]) { + nid = OBJ_txt2nid(field); + if (!nid) { + X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_INVALID_EXTENSION_STRING); + goto err; + } + } + if (!nid) { + if (!name_cmp(type, email)) nid = NID_pkcs9_emailAddress; +#if 0 + else if(!name_cmp(type, URI )) nid = NID_commonName; + else if(!name_cmp(name, DNS )) nid = NID_commonName; + else if(!name_cmp(name, RID )) nid = NID_commonName; + else if(!name_cmp(name, IP )) nid = NID_commonName; +#endif + else nid = NID_commonName; + } +if (!nid) { + X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_INVALID_OBJECT_IDENTIFIER ); + goto err; +} +/* Find the subject name */ if(ctx-subject_cert) nm =
Re: [CVS] OpenSSL: openssl/apps/ engine.c s_server.c
Nils Larsch wrote: OpenSSL CVS Repository http://cvs.openssl.org/ Server: cvs.openssl.org Name: Nils Larsch Root: /e/openssl/cvs Email: [EMAIL PROTECTED] Module: openssl Date: 08-Apr-2005 00:48:33 Branch: HEAD Handle: 2005040723483300 Modified files: openssl/appsengine.c s_server.c Log: const fixes Summary: RevisionChanges Path 1.28+1 -1 openssl/apps/engine.c 1.92+3 -3 openssl/apps/s_server.c patch -p0 '@@ .' Index: openssl/apps/engine.c $ cvs diff -u -r1.27 -r1.28 engine.c --- openssl/apps/engine.c 5 Apr 2005 19:11:18 - 1.27 +++ openssl/apps/engine.c 7 Apr 2005 22:48:33 - 1.28 @@ -344,7 +344,7 @@ int MAIN(int argc, char **argv) { int ret=1,i; - char **pp; + const char **pp; int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; ENGINE *e; STACK *engines = sk_new_null(); @@ . patch -p0 '@@ .' Index: openssl/apps/s_server.c $ cvs diff -u -r1.91 -r1.92 s_server.c --- openssl/apps/s_server.c 5 Apr 2005 19:11:18 - 1.91 +++ openssl/apps/s_server.c 7 Apr 2005 22:48:33 - 1.92 @@ -180,7 +180,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len); #ifndef OPENSSL_NO_DH -static DH *load_dh_param(char *dhfile); +static DH *load_dh_param(const char *dhfile); static DH *get_dh512(void); #endif @@ -1465,12 +1465,12 @@ } #ifndef OPENSSL_NO_DH -static DH *load_dh_param(char *dhfile) +static DH *load_dh_param(const char *dhfile) { DH *ret=NULL; BIO *bio; - if ((bio=BIO_new_file(dhfile,r)) == NULL) + if ((bio=BIO_new_file((char *)dhfile,r)) == NULL) Gah! Don't do this - clearly this parameter is also const. Fix that instead. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]