[openssl.org #2720] openssl 1.0.1 beta2 problem
openssl doesn't build when using no-tlsext make[1]: Entering directory `/home/csm/Desktop/openssl-1.0.1-beta2/ssl' gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o d1_srtp.o d1_srtp.c d1_srtp.c: In function ‘SSL_CTX_set_tlsext_use_srtp’: d1_srtp.c:229:44: error: ‘SSL_CTX’ has no member named ‘srtp_profiles’ d1_srtp.c: In function ‘SSL_set_tlsext_use_srtp’: d1_srtp.c:234:42: error: ‘SSL’ has no member named ‘srtp_profiles’ d1_srtp.c: In function ‘SSL_get_srtp_profiles’: d1_srtp.c:242:7: error: ‘SSL’ has no member named ‘srtp_profiles’ d1_srtp.c:244:12: error: ‘SSL’ has no member named ‘srtp_profiles’ d1_srtp.c:247:11: error: ‘SSL_CTX’ has no member named ‘srtp_profiles’ d1_srtp.c:249:17: error: ‘SSL_CTX’ has no member named ‘srtp_profiles’ d1_srtp.c: In function ‘SSL_get_selected_srtp_profile’: d1_srtp.c:258:10: error: ‘SSL’ has no member named ‘srtp_profile’ d1_srtp.c: In function ‘ssl_parse_clienthello_use_srtp_ext’: d1_srtp.c:347:6: error: ‘SSL’ has no member named ‘srtp_profile’ d1_srtp.c: In function ‘ssl_add_serverhello_use_srtp_ext’: d1_srtp.c:373:7: error: ‘SSL’ has no member named ‘srtp_profile’ d1_srtp.c:379:3: error: ‘SSL’ has no member named ‘srtp_profile’ d1_srtp.c:379:3: error: ‘SSL’ has no member named ‘srtp_profile’ d1_srtp.c:379:3: warning: left-hand operand of comma expression has no effect [-Wunused-value] d1_srtp.c:379:3: warning: left-hand operand of comma expression has no effect [-Wunused-value] d1_srtp.c: In function ‘ssl_parse_serverhello_use_srtp_ext’: d1_srtp.c:422:5: error: ‘SSL’ has no member named ‘srtp_profile’ d1_srtp.c: In function ‘SSL_get_selected_srtp_profile’: d1_srtp.c:259:2: warning: control reaches end of non-void function [-Wreturn-type] d1_srtp.c: In function ‘SSL_set_tlsext_use_srtp’: d1_srtp.c:235:2: warning: control reaches end of non-void function [-Wreturn-type] d1_srtp.c: In function ‘SSL_CTX_set_tlsext_use_srtp’: d1_srtp.c:230:2: warning: control reaches end of non-void function [-Wreturn-type] make[1]: *** [d1_srtp.o] Error 1 make[1]: Leaving directory `/home/csm/Desktop/openssl-1.0.1-beta2/ssl' make: *** [build_ssl] Error 1 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2720] openssl 1.0.1 beta2 problem
[csmi...@cisco.com - Wed Feb 15 13:01:45 2012]: openssl doesn't build when using no-tlsext This isn't supported any more and should really give an error at configuration time. Even if it was supported it would have several undesirable consequences, TLS 1.2 and ECC ciphersuites wouldn't work, structures would change causing binary incompatibility and the lack of RI would reintroduce security holes. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[no subject]
On the FIPS 140 web page under Current Status it indicates that The current best estimate for final formal award of a FIPS 140-2 validation certificate is February 2012. Can someone confirm for me that windows 7 will be included?
Re: mdc2 algorithm and 0.9.8x, 1.0.0x and upcoming 1.01
On Tue, Feb 14, 2012, Roumen Petrov wrote: Dr. Stephen Henson wrote: On Wed, Feb 01, 2012, Roumen Petrov wrote: [SNIP] Looking into this there is a long standing incompatibility between various functions that use mdc2 for signatures. Since SSLeay the function RSA_sign() using mdc2 as an argument uses a DigestInfo structure whereas using EVP ends up with a different octet string format signature. It's only when the signature code was revised to use RSA_sign more extensively that this is more apparent. How widespread is use of mdc2 for signatures and certificates? mdc2 is not important for certificates as the list of certificates included in some linux distributions does not include such certificates. Should be fixed now, see: http://cvs.openssl.org/chngview?cn=22124 to make OpenSSL understand both formats when verifying and: http://cvs.openssl.org/chngview?cn=22126 to use the same format as older versions of OpenSSL when creating signatures. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2721] openssl freebsd 8.2 install, compile error
Hi, I want to compile openssl for freebsd 8.2 but MAKE program create some error which I don't know the reason of it. I use this commands. # config # make ERROR: - __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org