FIPS object module
From what I saw in OpenSSL site and the user guide, the FIPS object module is only compatible with OpenSSL 0.9.8, not 1.0. Is that still valid? Does that mean if I cannot use that module to work with OpenSSL 1.0? The FIPS 140 certification number 1051 is for source code module and from what I understand it has to be build without any changes. If we need to build it in 64-bit mode, does the build script support that? How about building it on Windows? Does it also have batch file to build on Windows and for 64-bit, too? Any help is appreciated. Alex
Is it a bug in the 'openssl verify' command?
I was using the 'openssl verify' command on a corrupted pem file. Although I got the correct response from the console saying it could not load the certificate, the process terminated with exit code 0, i.e. regardless of whether the 'openssl verify' command succeeds or not, it always exits 0. Further debugging into the source code of 'verify.c', I found the following code: int MAIN(int argc, char **argv) ) { ENGINE *e = NULL; int i,ret=1, badarg = 0; . . if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e); else for (i=0; i 0) { fprintf(stdout,"OK\n"); ret=1; } . } The 'MAIN' function does not check the return value of check(), therefore it always returns 0. Is this a bug? People can use 'openssl' command in a script and relies on the correct return value to proceed. This problem can lead to incorrect script execution. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Is it a bug in the 'openssl verify' command?
I was using the 'openssl verify' command on a corrupted pem file. Although I got the correct response from the console saying it could not load the certificate, the process terminated with exit code 0, i.e. regardless of whether the 'openssl verify' command succeeds or not, it always exits 0. Further debugging into the source code of 'verify.c', I found the following code: int MAIN(int argc, char **argv) ) { ENGINE *e = NULL; int i,ret=1, badarg = 0; . . if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e); else for (i=0; i 0) { fprintf(stdout,"OK\n"); ret=1; } . } The 'MAIN' function does not check the return value of check(), therefore it always returns 0. Is this a bug? People can use 'openssl' command in a script and relies on the correct return value to proceed. This problem can lead to incorrect script execution. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org