[openssl.org #2669] make test failure
[bhaskarv...@gmail.com - Tue Jan 03 12:47:57 2012]: Sir, am getting test failed when i tried to install openssl package in my system for redhat RHEL5.4. I choosed #./configure zlib-dynamic shared then build was successful. #make but error is in testing the build. #make test zlib 3085945484:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:186:filename(libz.so): libz.so: cannot open shared object file: No such file or directory 3085945484:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 3085945484:error:29064065:lib(41):BIO_ZLIB_NEW:zlib not supported:c_zlib.c:478: 3086949004:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:186:filename(libz.so): libz.so: cannot open shared object file: No such file or directory 3086949004:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 3086949004:error:29064065:lib(41):BIO_ZLIB_NEW:zlib not supported:c_zlib.c:478: cmp: EOF on ./p.zlib.clear make[1]: *** [test_enc] Error 1 make[1]: Leaving directory `/usr/openssl-1.0.0e/test' make: *** [tests] Error 2 Well that is complaining that it can't load the zlib shared library. Do you have it installed on your system? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 1.0.1 beta 1 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1 Beta 1 OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ OpenSSL is currently in a release cycle. The first beta is now released. The beta release is available for download via HTTP and FTP from the following master locations (the various FTP mirrors you can find under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The file names of the beta are: o openssl-1.0.1-beta1.tar.gz Size: 4445727 MD5 checksum: 2501e8caf6724c5ad747ac0d6df00c3d SHA1 checksum: a97fd63356a787e9ddc9f157ce4b964459a41f40 The checksums were calculated using the following command: openssl md5 openssl-1.0.1-beta1.tar.gz openssl sha1 openssl-1.0.1-beta1.tar.gz Please download and test them as soon as possible. This new OpenSSL version incorporates 52 documented changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES). Also check the latest snapshots at ftp://ftp.openssl.org/snapshot/ or CVS (see http://www.openssl.org/source/repos.html) to avoid reporting previously fixed bugs. Reports and patches should be sent to openssl-b...@openssl.org. Discussions around the development of OpenSSL should be sent to openssl-dev@openssl.org. Anything else should go to openssl-us...@openssl.org. The best way, at least on Unix, to create a report is to do the following after configuration: make report That will do a few basic checks of the compiler and bc, then build and run the tests. The result will appear on screen and in the file testlog. Please read the report before sending it to us. There may be problems that we can't solve for you, like missing programs. Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Ulf Möller Lutz JänickeNils Larsch -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTwMMMKLSm3vylcdZAQIx4Qf8DULWe5abAiYw1s7Eu1bcC84ffEbtxvo7 qdnz1PWs2RXYFl47jH+B8BA45cJp4WylDhk3KLgkOpEKJk0xHkmPc0Al3vCzRcFg +XzSyQ6lrUrw3b8s3hL8wA91brRF7LLrnmv/0KArh7Mmh5GilSwSHlrLCC/NL9vG 0rEmURWAMTfDpcRd3wlC7Jh3Uev5N9pjFMWorZcIlX/rCBy9xwTnulO6MmU9Vr03 2WHu5ZEeqdoFraryCGRFBMhb0IV7BKus5X/wTQl1amA3cTL8tUV6yCyg5FwCdL/e GHKa/KA9He3/M6Ab4RjBlE6Hduy2ui1rR6f9g5+ZSWhsP8aXqxCmPg== =tftU -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[BUG] OpenSSL 1.0.1 beta 1 released (on VMS FAILED)
Hello, I have tested the OpenSSL 1.0.1 beta 1 release on OpenVMS Alpha and IA64 and the build fails with the following error: Compiling The mem_dbg.c File. (LIBRARY,LIB) #include stdint.h .^ %CC-F-NOINCLFILEF, Cannot find file stdint.h specified in #include directive. at line number 72 in file USRDSK:[ZAY.WORK.OPENSSL-101-BETA1.INCLUDE.OPENSSL]BIO.H;1 Compiling The cversion.c File. (LIBRARY,LIB) #include stdint.h .^ %CC-F-NOINCLFILEF, Cannot find file stdint.h specified in #include directive. at line number 72 in file USRDSK:[ZAY.WORK.OPENSSL-101-BETA1.INCLUDE.OPENSSL]BIO.H;1 Compiling The ex_data.c File. (LIBRARY,LIB) ... hundreds of times. The problem is that VMS does not have stdint.h at all. Please read more about in http://h71000.www7.hp.com/portability/portingguidelines.html For example: - 4.1.1. int64_t and uint64_t In UNIX or Linux, int64_t and uint64_t data types are defined in the stdint.h, sys.h or types.h header files. However, in OpenVMS, these data types are defined in the inttypes.h header file. Hence, the header file inttypes.h must be included when porting to OpenVMS systems. -- ... also I have noticed that the [openssl.org #2652] [PATCH] OpenSSL 1.0.1 OpenVMS issues is not included - and the build will fail for that reason as well... as well as the [openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX is not addressed at all. Seems, it has arrived the time for Richard to start the merging work. Thank you. Regards, Z -Original Message- From: OpenSSL [mailto:open...@master.openssl.org] Sent: den 3 januari 2012 15:18 To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Subject: OpenSSL 1.0.1 beta 1 released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1 Beta 1 OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ OpenSSL is currently in a release cycle. The first beta is now released. The beta release is available for download via HTTP and FTP from the following master locations (the various FTP mirrors you can find under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The file names of the beta are: o openssl-1.0.1-beta1.tar.gz Size: 4445727 MD5 checksum: 2501e8caf6724c5ad747ac0d6df00c3d SHA1 checksum: a97fd63356a787e9ddc9f157ce4b964459a41f40 The checksums were calculated using the following command: openssl md5 openssl-1.0.1-beta1.tar.gz openssl sha1 openssl-1.0.1-beta1.tar.gz Please download and test them as soon as possible. This new OpenSSL version incorporates 52 documented changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES). Also check the latest snapshots at ftp://ftp.openssl.org/snapshot/ or CVS (see http://www.openssl.org/source/repos.html) to avoid reporting previously fixed bugs. Reports and patches should be sent to openssl-b...@openssl.org. Discussions around the development of OpenSSL should be sent to openssl-dev@openssl.org. Anything else should go to openssl-us...@openssl.org. The best way, at least on Unix, to create a report is to do the following after configuration: make report That will do a few basic checks of the compiler and bc, then build and run the tests. The result will appear on screen and in the file testlog. Please read the report before sending it to us. There may be problems that we can't solve for you, like missing programs. Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Ulf Möller Lutz JänickeNils Larsch -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTwMMMKLSm3vylcdZAQIx4Qf8DULWe5abAiYw1s7Eu1bcC84ffEbtxvo7 qdnz1PWs2RXYFl47jH+B8BA45cJp4WylDhk3KLgkOpEKJk0xHkmPc0Al3vCzRcFg +XzSyQ6lrUrw3b8s3hL8wA91brRF7LLrnmv/0KArh7Mmh5GilSwSHlrLCC/NL9vG 0rEmURWAMTfDpcRd3wlC7Jh3Uev5N9pjFMWorZcIlX/rCBy9xwTnulO6MmU9Vr03 2WHu5ZEeqdoFraryCGRFBMhb0IV7BKus5X/wTQl1amA3cTL8tUV6yCyg5FwCdL/e GHKa/KA9He3/M6Ab4RjBlE6Hduy2ui1rR6f9g5+ZSWhsP8aXqxCmPg== =tftU -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
crypto/objects/obj_xref.h
I was testing OpenSSL_1_0_1-stable today and got this . making all in crypto/objects... /usr/bin/perl objxref.pl obj_mac.num obj_xref.txt obj_xref.h UX:sh (sh): ERROR: obj_xref.h: Cannot create . It looks like there is a autogenerated file in CVS. Those of us that build from a read-only source tree would appreciate it being removed. Thanks. -- Tim RiceMultitalents t...@multitalents.net __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: crypto/objects/obj_xref.h
On Tue, Jan 03, 2012, Tim Rice wrote: I was testing OpenSSL_1_0_1-stable today and got this . making all in crypto/objects... /usr/bin/perl objxref.pl obj_mac.num obj_xref.txt obj_xref.h UX:sh (sh): ERROR: obj_xref.h: Cannot create . It looks like there is a autogenerated file in CVS. Those of us that build from a read-only source tree would appreciate it being removed. It's not that easy as that file is not autogenerated on all platforms. If the date is updated in CVS it should not be autogenerated again. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: crypto/objects/obj_xref.h
On Tue, 3 Jan 2012, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, Tim Rice wrote: I was testing OpenSSL_1_0_1-stable today and got this . making all in crypto/objects... /usr/bin/perl objxref.pl obj_mac.num obj_xref.txt obj_xref.h UX:sh (sh): ERROR: obj_xref.h: Cannot create . It looks like there is a autogenerated file in CVS. Those of us that build from a read-only source tree would appreciate it being removed. It's not that easy as that file is not autogenerated on all platforms. So I'm discovering as I start testing on my Solaris 10 box. OK, I'll update my build script to make r/w copies of the generated files. Hmm, consistent comments might be helpful in searching them out . tim@server01-UnixWare 119% grep GENER crypto/objects/*.h crypto/objects/obj_dat.h:/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the crypto/objects/obj_mac.h:/* THIS FILE IS GENERATED FROM objects.txt by objects.p l via the crypto/objects/obj_xref.h:/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ . If the date is updated in CVS it should not be autogenerated again. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Tim RiceMultitalents t...@multitalents.net __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL FIPS Module 2.0 status update
The FIPS 140-2 validation effort for the OpenSSL FIPS Object Module 2.0 has reached an important milestone; we are now in the final phase of this effort. The formal submission prepared by the test lab has been sent to the CMVP. At this point we can only wait for their review and action. Our best estimate of the time this action will take is approximately two months, though please note we have no control over that process and little visibility into any changes in status over time. The corresponding source distribution is: http://opensslfoundation.com/testing/validation-2.0/source/openssl-fips-2.0rc1.tar.gz Note some additional cosmetic changes will be made prior to the formal validation award. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Thunderbird Issue
Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
1.0.0 / 1.0.1 binary compatability
I notice the shared library names (and SONAME) are 1.0.0 on the OpenSSL 1.0.1 libraries. I'd just like verification that this is intentional and we can expect binaries built against the 1.0.0 shared libs to run fine using the 1.0.1 shared libs. Thanks. -- Tim RiceMultitalents t...@multitalents.net __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: 1.0.0 / 1.0.1 binary compatability
On Tue, Jan 03, 2012 at 11:23:34AM -0800, Tim Rice wrote: I notice the shared library names (and SONAME) are 1.0.0 on the OpenSSL 1.0.1 libraries. 1.0.0? That seems wrong. The shared library major number should probably stay the same, but the minor number increase - unless the intention is that binaries built against the *1.0.1* shared libs be often run with the 1.0.0 shared libs. Thor __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Thunderbird Issue
On Tue, Jan 03, 2012, The Doctor wrote: Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. I can confirm I can reproduce the problem. Looking into it. Temporary workaround is to use no-heartbeats as a configuration option. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: 1.0.0 / 1.0.1 binary compatability
On 2012-01-03, at 11:59, Thor Lancelot Simon wrote: On Tue, Jan 03, 2012 at 11:23:34AM -0800, Tim Rice wrote: I notice the shared library names (and SONAME) are 1.0.0 on the OpenSSL 1.0.1 libraries. 1.0.0? That seems wrong. The shared library major number should probably stay the same, but the minor number increase - unless the intention is that binaries built against the *1.0.1* shared libs be often run with the 1.0.0 shared libs. That sort of config would cause it to NEVER load the 1.0.1 libraries, always looking for a filename involving 1.0.0 Logically, depending on where the API is stable/constant, the SONAME maybe should be 1.0, with soft links from the libXX.so.1.0 - libXX.so.1.0.1 .. I'm referring to the old design where the filename/SONAME/softlink was used/intended to allow some backward compatibility or bring in a shim. I know we all know that, I'm mentioning it for the backing logic to my comment. Tim, what platform are you on? Is this behaviour common cross-target or only Tim's platform? Allan
Re: 1.0.0 / 1.0.1 binary compatability
On Tue, 3 Jan 2012, Allan Clark wrote: Logically, depending on where the API is stable/constant, the SONAME maybe should be 1.0, with soft links from the libXX.so.1.0 - libXX.so.1.0.1 .. I'm referring to the old design where the filename/SONAME/softlink was used/intended to allow some backward compatibility or bring in a shim. I know we all know that, I'm mentioning it for the backing logic to my comment. Tim, what platform are you on? Is this behaviour common cross-target or only Tim's platform? I've only tried UnixWare, Solaris, OpenServer 5, OSX Lion so far. All are 1.0.0 hence my post. -- Tim RiceMultitalents(707) 456-1146 t...@multitalents.net (707) 887-1469 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Thunderbird Issue
On Tue, Jan 03, 2012, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, The Doctor wrote: Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. I can confirm I can reproduce the problem. Looking into it. Temporary workaround is to use no-heartbeats as a configuration option. Should be fixed now, thanks for the report. Please try tomorrows snapshot or apply this patch: http://cvs.openssl.org/chngview?cn=21914 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
BUG: openssl-1.0.1-beta1 bug - TLS 1.2 connection failure
s_client and s_server fail to establish connection with TLS 1.2. Valid self-signed CA certificate, and valid client and server certificates are used (attached). With unpatched openssl-1.0.1-beta1 the following is observed (failure case): Server: openssl s_server -Verify 3 -cert server.pem -key server.pem -CAfile root.pem -tls1_2 verify depth is 3, must return a certificate Loading 'screen' into random state - done Using default temp DH parameters Using default temp ECDH parameters ACCEPT depth=1 C = US, ST = Georgia, L = Atlanta, O = CableLabs, CN = CableLabs verify return:1 depth=0 C = US, ST = georgia, O = SEB Client, CN = SEB Client verify return:1 ERROR 3248:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size:.\ssl\s 3_both.c:504: shutting down SSL CONNECTION CLOSED Client: C:\OpenSSL-beta1\binopenssl s_client -verify 3 -cert client.pem -key client.pem -CAfile root.pem -tls1_2 verify depth is 3 Loading 'screen' into random state - done CONNECTED(074C) depth=1 C = US, ST = Georgia, L = Atlanta, O = CableLabs, CN = CableLabs verify return:1 depth=0 C = US, ST = georgia, O = SEB Server, CN = SEB Server verify return:1 4520:error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter:. \ssl\s3_pkt.c:1240:SSL alert number 47 4520:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:.\ssl\s3_pkt.c:592: --- Certificate chain 0 s:/C=US/ST=georgia/O=SEB Server/CN=SEB Server i:/C=US/ST=Georgia/L=Atlanta/O=CableLabs/CN=CableLabs 1 s:/C=US/ST=Georgia/L=Atlanta/O=CableLabs/CN=CableLabs i:/C=US/ST=Georgia/L=Atlanta/O=CableLabs/CN=CableLabs --- Server certificate -BEGIN CERTIFICATE- MIIFFjCCAv4CAQEwDQYJKoZIhvcNAQEFBQAwWTELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB0dlb3JnaWExEDAOBgNVBAcMB0F0bGFudGExEjAQBgNVBAoMCUNhYmxlTGFi czESMBAGA1UEAwwJQ2FibGVMYWJzMB4XDTExMTIxMTAxNDc1N1oXDTEyMTIxMDAx NDc1N1owSTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB2dlb3JnaWExEzARBgNVBAoM ClNFQiBTZXJ2ZXIxEzARBgNVBAMMClNFQiBTZXJ2ZXIwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQC3R+ZrwVJdYcTdKdmp+FVyrSPIKBPZLioQlMzxJF0Y cjtx7CkQHoSYZuyjXWlQuPUJFpC2TcvoqIhHXT7pYj7cTO6HO7WrnEn08A25PSZy u1SyexMwh1RFq6XPvMxxmwqrxvTnOZufzm2GuDNXCi/Q5+UwBEHUAjW8pEdBBJ6d ARRsZcw//FvFAgYzYTl9LwUtiUJkpiV+6+NQt0zlswFRC/DuFGOEEuBFiWLL8ByH 9Pb/EexSmOXg5A5tyEm5mCL8wY5cvIjv59pwJmIoKKONmfaTRFp3gsTjHQByL5XO 5/0HPggC0crTl48FE1AZQm0XYwEl/UlFIJhPFGQVP2p69uv3KFh1Vmjt5kfKQegp gEkAxK4V1bbN1sYItqCeq8Tr3r88HAwNbPvoKPS6PFJ0HllFeI5YCa/3b2uGanVt T35YPORBrCn+oShT1DDx4I905SpaRjCJR0/4m+N61wWUg/m88jZXOA6iN96ZjhVo cqtJ2RHVC4+i61dW1umxD0x0YMJhZ90qQksKggE4Nn/BrdeaUQluFSCOwF+TOPV7 BI7woEoVSaV7sz7HrGcZdyKHC5bTWbxJ/2jqSBCpEXEbIKiIRnKN77IJUw4wjkPS +z0k8QzyIcD5xjgTQ6oTaVWtTbvyEdHQ3aQDdynWK2F6koLo/FXv/TzyaxWdTwuD OwIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQAEumNsXwqL6qE8ATfkfXMcTnp8M8ZP wZPtUHD6SV5008BzuNuv2m+ll4PLR+/KklRplGqdhDqTJyaMiIotBnfYaInuecOU ny9jiy+Vm45sjBsle873/YVURJRnFqoTmSmXUpO3nzqyPBII2M0EpqP0TNS6HBZ2 j2h+JOadWsXNEY4bsWsiqFeargY4KHN5nhVH1LImtBOo3dmFgcfud966cO2Wyew1 jqEJfjvGyeBRAAd3HRw9vIc+GqBWCy1qDo6nxix7bONZ4z3H+/kl/bEfX/uDU22E dxNFPD3DHseUBA9lixSyxX3/taVCqbIVWS8TEGf0duZf7wesl6PhYUKv3kSGqETG OzkoVBPbTc1++Vs82PcfRdyHS9ufGedcHvfTbmKcHWLTLNWlF7LD7d/ithhzPabN 6SoavVoPtxrVTZ624PRFtQeRIAtzir9UiV04aTfxaFHlWZvyYaArozFnFnrnDlMx RdWJynQwcCAhzXR0ZPqEnXuOZPBNNbtCpK9AHEZ6p3uor1txM+q+aEVOrv3UNiVM 0H/KZMrT3SfgIFPtK1bv5bktNTRcVyP5mBZd+rm4naf+6iMGphNPDm1AiyKDZOQ/ VYN1H0ZYrpgod+Yj8bpfC40K8qZAoW52bDySx2HP2AhOWtiP2odAXtz9Zj3wPXyq v4HRq29nUu4iZg== -END CERTIFICATE- subject=/C=US/ST=georgia/O=SEB Server/CN=SEB Server issuer=/C=US/ST=Georgia/L=Atlanta/O=CableLabs/CN=CableLabs --- Acceptable client certificate CA names /C=US/ST=Georgia/L=Atlanta/O=CableLabs/CN=CableLabs --- SSL handshake has read 3472 bytes and written 3305 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: Master-Key: 3048AFCEC78B3F2BAF7FE12FB013D67C26B0B1B1217ADA51DEC011AB7F840AAB0F4AD2612B9683C2438C61ED85D8 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1325605698 Timeout : 7200 (sec) Verify return code: 0 (ok) --- With patched (patch attached) openssl-1.0.1-beta1 the following is observed (success case): Server: C:\OpenSSL-beta1\binopenssl s_server -Verify 3 -cert server.pem -key server.pem -CAfile root.pem -tls1_2 verify depth is 3, must return a certificate Loading 'screen' into random state - done Using default temp DH parameters Using default temp ECDH parameters ACCEPT depth=1 C = US, ST = Georgia, L = Atlanta, O = CableLabs, CN = CableLabs verify return:1 depth=0 C = US, ST = georgia, O = SEB Client, CN = SEB Client verify return:1 -BEGIN SSL SESSION PARAMETERS- MIIFcwIBAQICAwMEAsAwBAAEMN1ImeAVRqVnfVsFSjv9MvJeXahDnsFhhYSNG4L5
Re: BUG: openssl-1.0.1-beta1 bug - TLS 1.2 connection failure
On Tue, Jan 03, 2012, Jean Cyr wrote: s_client and s_server fail to establish connection with TLS 1.2. Valid self-signed CA certificate, and valid client and server certificates are used (attached). With unpatched openssl-1.0.1-beta1 the following is observed (failure case): Server: openssl s_server -Verify 3 -cert server.pem -key server.pem -CAfile root.pem -tls1_2 verify depth is 3, must return a certificate Loading 'screen' into random state - done Using default temp DH parameters Using default temp ECDH parameters ACCEPT depth=1 C = US, ST = Georgia, L = Atlanta, O = CableLabs, CN = CableLabs verify return:1 depth=0 C = US, ST = georgia, O = SEB Client, CN = SEB Client verify return:1 ERROR 3248:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size:.\ssl\s 3_both.c:504: shutting down SSL CONNECTION CLOSED Client: That's the 4096 bit key which causes that issue. In TLS v1.2 an extra couple of bytes are needed. In ssl/s3_srvr.c in ssl3_get_cert_verify() try changing the figure 514 to 516. If that works I'll commit it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Thunderbird Issue
On Tue, Jan 03, 2012 at 09:36:24PM +0100, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, The Doctor wrote: Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. I can confirm I can reproduce the problem. Looking into it. Temporary workaround is to use no-heartbeats as a configuration option. Please explain whaty you are saying. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Thunderbird Issue
On Tue, Jan 03, 2012 at 06:08:54PM -0700, The Doctor wrote: On Tue, Jan 03, 2012 at 09:36:24PM +0100, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, The Doctor wrote: Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. I can confirm I can reproduce the problem. Looking into it. Temporary workaround is to use no-heartbeats as a configuration option. Please explain whaty you are saying. Nwever mind. I caught the explanation. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal InternationalThis is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
_POSIX_C_SOURCE
Some things came up attempting to build on OpenServer 5 . gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c ui_openssl.c In file included from /usr/include/posix/signal.h:35, from /usr/include/signal.h:11, from ui_openssl.c:128: /usr/include/sys/signal.h:175: parse error before `siginfo_t' *** Error code 1 (bu21) *** Error code 1 (bu21) *** Error code 1 (bu21) . Same problem with apps/apps.c It comes from #ifndef _POSIX_C_SOURCE #define _POSIX_C_SOURCE 2 #endif The comments in apps/apps.c indicate it is needed for VMS and the comments in crypto/ui/ui_openssl.c say it is needed for gcc -ansi. Was it VMS users using gcc -ansi? Can we restrict the _POSIX_C_SOURCE define to VMS? -- Tim RiceMultitalents t...@multitalents.net __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: BUG: openssl-1.0.1-beta1 bug - TLS 1.2 connection failure
Yes, 516 instead of 514 does the trick. -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, January 03, 2012 7:51 PM To: openssl-dev@openssl.org Subject: Re: BUG: openssl-1.0.1-beta1 bug - TLS 1.2 connection failure On Tue, Jan 03, 2012, Jean Cyr wrote: s_client and s_server fail to establish connection with TLS 1.2. Valid self-signed CA certificate, and valid client and server certificates are used (attached). With unpatched openssl-1.0.1-beta1 the following is observed (failure case): Server: openssl s_server -Verify 3 -cert server.pem -key server.pem -CAfile root.pem -tls1_2 verify depth is 3, must return a certificate Loading 'screen' into random state - done Using default temp DH parameters Using default temp ECDH parameters ACCEPT depth=1 C = US, ST = Georgia, L = Atlanta, O = CableLabs, CN = CableLabs verify return:1 depth=0 C = US, ST = georgia, O = SEB Client, CN = SEB Client verify return:1 ERROR 3248:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size:.\ssl\s 3_both.c:504: shutting down SSL CONNECTION CLOSED Client: That's the 4096 bit key which causes that issue. In TLS v1.2 an extra couple of bytes are needed. In ssl/s3_srvr.c in ssl3_get_cert_verify() try changing the figure 514 to 516. If that works I'll commit it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: _POSIX_C_SOURCE
On 04.01.2012 03:16, Tim Rice wrote: Some things came up attempting to build on OpenServer 5 . gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c ui_openssl.c In file included from /usr/include/posix/signal.h:35, from /usr/include/signal.h:11, from ui_openssl.c:128: /usr/include/sys/signal.h:175: parse error before `siginfo_t' *** Error code 1 (bu21) *** Error code 1 (bu21) *** Error code 1 (bu21) . Same problem with apps/apps.c It comes from #ifndef _POSIX_C_SOURCE #define _POSIX_C_SOURCE 2 #endif The comments in apps/apps.c indicate it is needed for VMS and the comments in crypto/ui/ui_openssl.c say it is needed for gcc -ansi. Was it VMS users using gcc -ansi? Can we restrict the _POSIX_C_SOURCE define to VMS? Yes, please. See also my remarks from 3 weeks ago at http://www.mail-archive.com/openssl-dev@openssl.org/msg29964.html Regards, Rainer __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2669] make test failure
yes i have installed zlib in my system. On 1/3/12, Stephen Henson via RT r...@openssl.org wrote: [bhaskarv...@gmail.com - Tue Jan 03 12:47:57 2012]: Sir, am getting test failed when i tried to install openssl package in my system for redhat RHEL5.4. I choosed #./configure zlib-dynamic shared then build was successful. #make but error is in testing the build. #make test zlib 3085945484:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:186:filename(libz.so): libz.so: cannot open shared object file: No such file or directory 3085945484:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 3085945484:error:29064065:lib(41):BIO_ZLIB_NEW:zlib not supported:c_zlib.c:478: 3086949004:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:186:filename(libz.so): libz.so: cannot open shared object file: No such file or directory 3086949004:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 3086949004:error:29064065:lib(41):BIO_ZLIB_NEW:zlib not supported:c_zlib.c:478: cmp: EOF on ./p.zlib.clear make[1]: *** [test_enc] Error 1 make[1]: Leaving directory `/usr/openssl-1.0.0e/test' make: *** [tests] Error 2 Well that is complaining that it can't load the zlib shared library. Do you have it installed on your system? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Thunderbird Issue
On Tue, Jan 03, 2012 at 11:16:36PM +0100, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, The Doctor wrote: Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. I can confirm I can reproduce the problem. Looking into it. Temporary workaround is to use no-heartbeats as a configuration option. Should be fixed now, thanks for the report. Please try tomorrows snapshot or apply this patch: http://cvs.openssl.org/chngview?cn=21914 Steve. Error log reports Jan 3 22:21:19 gallifrey doctor[42]: exim[13062]: 2012-01-03 22:21:19 TLS error on connection from vg138.ntf.els4.ticketmaster.com [209.104.37.138] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:29:22 gallifrey doctor[42]: exim[16704]: 2012-01-03 22:29:22 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:31:32 gallifrey doctor[42]: exim[16960]: 2012-01-03 22:31:32 TLS error on connection from vg198.ntf.els4.ticketmaster.com [209.104.37.198] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:34:55 gallifrey doctor[42]: exim[17753]: 2012-01-03 22:34:55 TLS error on connection from peebles.dataspaces.com [216.176.58.138] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:36:07 gallifrey doctor[42]: exim[18025]: 2012-01-03 22:36:07 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:41:41 gallifrey doctor[42]: exim[18935]: 2012-01-03 22:41:41 TLS error on connection from vg94.ntf.els4.ticketmaster.com [209.104.37.94] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:44:53 gallifrey doctor[42]: exim[18861]: 2012-01-03 22:44:53 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): timed out Jan 3 22:52:58 gallifrey doctor[42]: exim[185]: 2012-01-03 22:52:58 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired Jan 3 22:53:18 gallifrey doctor[42]: exim[217]: 2012-01-03 22:53:18 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired Jan 3 22:55:03 gallifrey doctor[42]: exim[447]: 2012-01-03 22:55:03 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error::lib(0):func(0):reason(0) -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Thunderbird Issue
On Tue, Jan 03, 2012 at 10:57:42PM -0700, The Doctor wrote: On Tue, Jan 03, 2012 at 11:16:36PM +0100, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, Dr. Stephen Henson wrote: On Tue, Jan 03, 2012, The Doctor wrote: Finally got Openssl 1.0.1 daily working However, Mozilla Thunderbird is choking saying SSL received a malformed Server Hello handshake message. (Error code: ssl_error_rx_malformed_server_hello) No such problem in Outlook Express. I can confirm I can reproduce the problem. Looking into it. Temporary workaround is to use no-heartbeats as a configuration option. Should be fixed now, thanks for the report. Please try tomorrows snapshot or apply this patch: http://cvs.openssl.org/chngview?cn=21914 Steve. Error log reports Jan 3 22:21:19 gallifrey doctor[42]: exim[13062]: 2012-01-03 22:21:19 TLS error on connection from vg138.ntf.els4.ticketmaster.com [209.104.37.138] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:29:22 gallifrey doctor[42]: exim[16704]: 2012-01-03 22:29:22 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:31:32 gallifrey doctor[42]: exim[16960]: 2012-01-03 22:31:32 TLS error on connection from vg198.ntf.els4.ticketmaster.com [209.104.37.198] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:34:55 gallifrey doctor[42]: exim[17753]: 2012-01-03 22:34:55 TLS error on connection from peebles.dataspaces.com [216.176.58.138] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:36:07 gallifrey doctor[42]: exim[18025]: 2012-01-03 22:36:07 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): error::lib(0):func(0):reason(0) Jan 3 22:41:41 gallifrey doctor[42]: exim[18935]: 2012-01-03 22:41:41 TLS error on connection from vg94.ntf.els4.ticketmaster.com [209.104.37.94] (SSL_accept): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jan 3 22:44:53 gallifrey doctor[42]: exim[18861]: 2012-01-03 22:44:53 TLS error on connection from st.dwins.com [211.78.81.129] (SSL_accept): timed out Jan 3 22:52:58 gallifrey doctor[42]: exim[185]: 2012-01-03 22:52:58 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired Jan 3 22:53:18 gallifrey doctor[42]: exim[217]: 2012-01-03 22:53:18 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired Jan 3 22:55:03 gallifrey doctor[42]: exim[447]: 2012-01-03 22:55:03 TLS error on connection from s010600226b4f684c.ed.shawcable.net [68.149.51.98] (SSL_accept): error::lib(0):func(0):reason(0) ITs working. Thunderbird has to accept the next Exim cert. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal InternationalThis is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 1.0.1 test results
Here are a few test results. Built from 03 Jan 2012 OpenSSL_1_0_1-stable CVS - OpenServer 5 Would not build. See other posts for details - UnixWare 7.1.4 w/ MP4 ALL TESTS SUCCESSFUL. OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.1-beta1 03 Jan 2012 built on: Tue Jan 3 17:43:52 PST 2012 platform: unixware-7 options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: cc -Kpic -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -Kthread -DDSO_DLFCN -DHAVE_DLFCN_H -Kpentium_pro -D__i386__ -O -DFILIO_H -Kalloca -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: /usr/local/ssl - Solaris 10 sparc 32 bit build ALL TESTS SUCCESSFUL. OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.1-beta1 03 Jan 2012 built on: Tue Jan 3 17:48:01 PST 2012 platform: solaris-sparcv9-cc options: bn(64,32) rc4(ptr,char) des(ptr,risc1,16,long) idea(int) blowfish(ptr) compiler: cc -KPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM OPENSSLDIR: /usr/local/ssl - Solaris 10 sparc 64 bit build ALL TESTS SUCCESSFUL. OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.1-beta1 03 Jan 2012 built on: Tue Jan 3 20:55:33 PST 2012 platform: solaris64-sparcv9-cc options: bn(64,32) rc4(ptr,char) des(ptr,risc1,16,int) blowfish(ptr) compiler: cc -KPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM OPENSSLDIR: /usr/local/ssl - Solaris 8 sparc 32 bit build ALL TESTS SUCCESSFUL. make[1]: Leaving directory `/usr/local/src/libs/openssl-1.0.1-cvs/test' OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.1-beta1 03 Jan 2012 built on: date not available platform: information not available options: bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: information not available OPENSSLDIR: /usr/local/ssl - Solaris 8 sparc 64 bit build ALL TESTS SUCCESSFUL. make[1]: Leaving directory `/usr/local/src/libs/openssl-1.0.1-cvs/test' OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.1-beta1 03 Jan 2012 built on: Tue Jan 3 22:25:05 PST 2012 platform: solaris64-sparcv9-gcc options: bn(64,32) rc4(ptr,char) des(ptr,risc1,16,int) blowfish(ptr) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM OPENSSLDIR: /usr/local/ssl - OpenSolaris ALL TESTS SUCCESSFUL. OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.1-beta1 03 Jan 2012 built on: Tue Jan 3 17:45:29 PST 2012 platform: solaris64-x86_64-gcc options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -O3 -Wall -DL_ENDIAN -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: /usr/local/ssl - OSX Lion ALL TESTS SUCCESSFUL. OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.1-beta1 03 Jan 2012 built on: Tue Jan 3 17:44:38 PST 2012 platform: darwin-i386-cc options: bn(64,32) rc4(8x,mmx) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: cc -fPIC -fno-common -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: /usr/local/ssl - OpenServer 6 ALL TESTS SUCCESSFUL. OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.1-beta1 03 Jan 2012 built on: Tue Jan 3 17:46:44 PST 2012 platform: unixware-7 options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: cc -Kpic -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -Kthread -DDSO_DLFCN -DHAVE_DLFCN_H -Kpentium_pro -D__i386__ -O -DFILIO_H -Kalloca -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT