RE: OpenSSL 1.0.0 beta5 release v. VMS
Hello, I have tested OPENSSL-100-STABLE-SNAP-20100128 and the build went well. But the tests still fail: 1. the rootssl issue, that worked well after changing to your patch 2. The tests fails and ends with seed related issue. Do yo8 have any idea how to solve this? There is a .rnd file in the current directory and even setting the RANDFILE environment variable did not help. Certificate is to be certified until Jan 28 15:27:12 2011 GMT (365 days) Sign the certificate? [y/n]:2071080376:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:USRDSK:[ZA Y.WORK.OPENSSL-100-STABLE-SNAP-20100128.CRYPTO.RAND]MD_RAND.C;1:519:You need to read the OpenSSL FAQ, http://www.openssl.o rg/support/faq.html 2071080376:error:04088003:rsa routines:RSA_setup_blinding:BN lib:USRDSK:[ZAY.WORK.OPENSSL-100-STABLE-SNAP-20100128.CRYPTO. RSA]RSA_LIB.C;1:426: 2071080376:error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal error:USRDSK:[ZAY.WORK.OPENSSL-100-STABLE-SNAP-201 00128.CRYPTO.RSA]RSA_EAY.C;1:403: 2071080376:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:USRDSK:[ZAY.WORK.OPENSSL-100-STABLE-SNAP-20100128. CRYPTO.ASN1]A_SIGN.C;1:279: 3. the recently fixed testtsa.com has the same problem. @testtsa.com Setting up TSA test directory... Creating CA for TSA tests... Creating a new CA for the TSA tests... unable to load 'random state' This means that the random number generator has not been seeded with much random data. Generating a 1024 bit RSA private key Error Generating Key 2071080376:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:USRDSK:[ZAY.WORK.OPENSSL-100-STABLE-SN AP-20100128.CRYPTO.RAND]MD_RAND.C;1:519:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html 2071080376:error:04081003:rsa routines:RSA_BUILTIN_KEYGEN:BN lib:USRDSK:[ZAY.WORK.OPENSSL-100-STABLE-SNAP-20100128.CRYPTO. RSA]RSA_GEN.C;1:208: Do you have any suggestion? Thank you. Regards, Z -Original Message- From: Steven M. Schweda [mailto:s...@antinode.info] Sent: den 29 januari 2010 05:55 To: openssl-dev@openssl.org Subject: Re: OpenSSL 1.0.0 beta5 release v. VMS From: Richard Levitte rich...@levitte.org In the mean time, I believe the latest snapshot has all my changes to date, which includes most if not all the patches I've seen from you in the latest few days... Worked for me, please try it out. @ INSTALL.COM [dir] from openssl-1.0.0-stable-SNAP-20100127.tar.gz failed for me. Early on, when crypto/install.com was trying to copy header files: [...] %COPY-S-COPIED, ALP$DKA100:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0-stable-SNAP-2 0100127.crypto]opensslv.h;1 copied to WRK_SSLROOT:[INCLUDE]opensslv.h;1 (8 blocks) %COPY-E-OPENIN, error opening ALP$DKA100:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0 -stable-SNAP-20100127.crypto]OPENSSLCONF.H; as input -RMS-E-FNF, file not found [...] And that seems to abort the procedure. With the beta5 kit, it found that file: [...] %COPY-S-COPIED, ALP$DKA0:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0-beta5.crypto]op ensslv.h;1 copied to WRK_SSLROOT:[INCLUDE]opensslv.h;1 (8 blocks) %COPY-S-COPIED, ALP$DKA0:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0-beta5.crypto]op ensslconf.h;1 copied to WRK_SSLROOT:[INCLUDE]opensslconf.h;1 (12 blocks) [...] The beta5 kit included that file (VMSTAR listing): -rw-r--r-- 0/0 5960 Jan 20 09:09:10 2010 openssl-1.0.0-beta5/crypto/op ensslconf.h But I don't see it in the SNAP kit. There seems to be a generated file, [.crypto.ALPHA]OPENSSLCONF.H. Is that what we should be copying to to the destination include directory? P.S.: I'm subscribed to the openssl-dev list, so direct e-mail is redundant. SMS. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0 beta5 release v. VMS
In message 10012822544299_20205...@antinode.info on Thu, 28 Jan 2010 22:54:43 -0600 (CST), Steven M. Schweda s...@antinode.info said: sms From: Richard Levitte rich...@levitte.org sms sms In the mean time, I believe the latest snapshot has all my changes to sms date, which includes most if not all the patches I've seen from you in sms the latest few days... Worked for me, please try it out. sms sms@ INSTALL.COM [dir] from openssl-1.0.0-stable-SNAP-20100127.tar.gz sms failed for me. Early on, when crypto/install.com was trying to copy sms header files: sms sms [...] sms %COPY-S-COPIED, ALP$DKA100:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0-stable-SNAP-2 sms 0100127.crypto]opensslv.h;1 sms copied to WRK_SSLROOT:[INCLUDE]opensslv.h;1 (8 blocks) sms %COPY-E-OPENIN, error opening ALP$DKA100:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0 sms -stable-SNAP-20100127.crypto]OPENSSLCONF.H; as input sms -RMS-E-FNF, file not found sms [...] sms sms And that seems to abort the procedure. sms smsWith the beta5 kit, it found that file: sms sms [...] sms %COPY-S-COPIED, ALP$DKA0:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0-beta5.crypto]op sms ensslv.h;1 sms copied to WRK_SSLROOT:[INCLUDE]opensslv.h;1 (8 blocks) sms %COPY-S-COPIED, ALP$DKA0:[UTILITY.SOURCE.OPENSSL.openssl-1^.0^.0-beta5.crypto]op sms ensslconf.h;1 sms copied to WRK_SSLROOT:[INCLUDE]opensslconf.h;1 (12 blocks) sms [...] sms smsThe beta5 kit included that file (VMSTAR listing): sms sms -rw-r--r-- 0/0 5960 Jan 20 09:09:10 2010 openssl-1.0.0-beta5/crypto/op sms ensslconf.h sms sms But I don't see it in the SNAP kit. There seems to be a generated sms file, [.crypto.ALPHA]OPENSSLCONF.H. Is that what we should be copying sms to to the destination include directory? Yes. crypto/install.com wasn't in sync with what makevms.com does. I'm changing that now, and will try it out in a few minutes. The snapshot shouldn't contain any opensslconf.h, as it should be generated on Unix as well... Why there is one is beyond my comprehension for now. I'll see it I can get some time to investigate that. smsP.S.: I'm subscribed to the openssl-dev list, so direct e-mail is sms redundant. Noted ;-) Cheers, Richard -- Richard Levitte rich...@levitte.org http://richard.levitte.org/ Life is a tremendous celebration - and I'm invited! -- from a friend's blog, translated from Swedish __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: X509 V1 tag
On Fri, Jan 29, 2010, karthik.chama...@infineon.com wrote: Hi, I am trying to parse a verisign certificate in Openssl. But, this fails because of a check in openssl. If the tag is set to -1, then it is set to Universal as below. /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ if(tag == -1) { tag = V_IFX_TLS_ASN1_SEQUENCE; aclass = V_ASN1_UNIVERSAL; } When the certificate is parsed, in ASN1_get_object, it checks whether it is V_ASN1_PRIMITIVE_TAG. It is not and so it fails. I would like to know how to proceed with this. It sounds like you haven't got a certificate but an certificate that has an IMPLICIT tag on it. If you write an appopriate ASN1 module that is handled automatically. This is an openssl-users question btw. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
TLS v1.1
Hi All, Does anyone in openssl-dev know of any plans to add TLS v1.1 support to OpenSSL in the near future? If so do you know when and how might I get in touch? Kind regards, Brandt
Re: TLS v1.1
On Fri, Jan 29, 2010, Brandt Springman wrote: Does anyone in openssl-dev know of any plans to add TLS v1.1 support to OpenSSL in the near future? If so do you know when and how might I get in touch? TLS v1.1 is already supported in an experimental state in OpenSSL 1.1.0-dev. Since 1.0.0 is in beta and feature freeze it wont be added to there. It will be backported to 1.0.1 when that is released. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Stability of Beta 5 of OpenSSL 1.0.0
Hi, Would any one let me know some feedback on stability of Beta 5 of OpenSSL 1.0.0? Thanks Suryya
Re: Stability of Beta 5 of OpenSSL 1.0.0
On Jan 29, 2010, at 9:05 AM, Suryya Kumar Jana wrote: Would any one let me know some feedback on stability of Beta 5 of OpenSSL 1.0.0? Just follow the list, and see what folks post. Also, what is your own experience? S. -- san...@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: Stability of Beta 5 of OpenSSL 1.0.0
On Fri, Jan 29, 2010, Suryya Kumar Jana wrote: Hi, Would any one let me know some feedback on stability of Beta 5 of OpenSSL 1.0.0? If you mean should I deploy it? then it depends. If it is for SSL/TLS you should be aware that the renegotiation specification is (still!) being discussed and while OpenSSL implements the current draft the details may change. So you could end up with broken non-interoperable clients or servers. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Get root certificates from System Store of Windows
If you're going to send a patch, please send it to r...@openssl.org. That gets the patch into the request tracker, and gets it into the (relatively) formal review process. -Kyle H On Thu, Jan 28, 2010 at 4:54 PM, NARUSE, Yui nar...@airemix.jp wrote: How about my previous patch, which lookup Windows' store with CryptoAPI. http://www.mail-archive.com/openssl-dev@openssl.org/msg27023.html thanks, -- NARUSE, Yui nar...@airemix.jp __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Stability of Beta 5 of OpenSSL 1.0.0
I am new to this. Would like to start with latest SSL stable version as well as most features in :). Thanks Suryya On Fri, Jan 29, 2010 at 11:19 PM, Sander Temme san...@temme.net wrote: On Jan 29, 2010, at 9:05 AM, Suryya Kumar Jana wrote: Would any one let me know some feedback on stability of Beta 5 of OpenSSL 1.0.0? Just follow the list, and see what folks post. Also, what is your own experience? S. -- san...@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: Stability of Beta 5 of OpenSSL 1.0.0
Thanks Steve. On Fri, Jan 29, 2010 at 11:29 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Fri, Jan 29, 2010, Suryya Kumar Jana wrote: Hi, Would any one let me know some feedback on stability of Beta 5 of OpenSSL 1.0.0? If you mean should I deploy it? then it depends. If it is for SSL/TLS you should be aware that the renegotiation specification is (still!) being discussed and while OpenSSL implements the current draft the details may change. So you could end up with broken non-interoperable clients or servers. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org