[openssl.org #353] 0.9.7 B5 testssl with no-dh fails
These tests within testssl still fail with 0.9.7 Beta 5 if OPENSSL_NO_DH is included in the Configure options, when make tests is run. Suggested fix is attached (though this may be auto-created). Chris Brook ### if ../apps/openssl no-dh; then echo skipping anonymous DH tests else echo test tls1 with 1024bit anonymous DH, multiple handshakes $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 fi if ../apps/openssl no-rsa; then echo skipping RSA tests else echo test tls1 with 1024bit RSA, no DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 if ../apps/openssl no-dh; then echo skipping RSA 1024bit DHE tests else echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 fi fi ## __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [openssl.org #353] 0.9.7 B4 testssl with no-dh fails
Whoops! I sent a bad suggested fix for this. This should be better. Chris Brook ### if ../apps/openssl no-dh; then echo skipping anonymous DH tests else echo test tls1 with 1024bit anonymous DH, multiple handshakes $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 fi if ../apps/openssl no-rsa; then echo skipping RSA tests else echo test tls1 with 1024bit RSA, no DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 if ../apps/openssl no-dh; then echo skipping RSA 1024bit DHE tests else echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 fi fi ## __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [openssl.org #353] 0.9.7 B4 testssl with no-dh fails
I played around with the testssl script in the tests directory and the following change seems to take care of the no-dh issue so that the tests run to completion. This is the last section of the script: ### if ../apps/openssl no-dh; then echo skipping anonymous DH tests else echo test tls1 with 1024bit anonymous DH, multiple handshakes $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 fi if ../apps/openssl no-rsa; then echo skipping RSA tests else echo test tls1 with 1024bit RSA, no DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 fi if ../apps/openssl no-dh; then echo skipping 1024bit DHE tests else echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 fi ## Chris Brook -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Brook via RT Sent: Wednesday, November 20, 2002 3:36 PM Cc: [EMAIL PROTECTED] Subject: [openssl.org #353] 0.9.7 B4 testssl with no-dh fails I have compiled OpenSSL 0.9.7 Beta 4 with the NO-DH option. The compilation is fine but ssltest fails when trying to run the -dhe1024* tests. A fix was added in Beta 3 to handle the -dhe1024 -dhe1024dsa parameters when NO-DH was used but ssltest still tries to run and fails with: ERROR in CLIENT 22172:error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available:s3_clnt.c:569: It would seem that the DH tests should be skipped altogether if the NO-DH option is used, rather than trying to run and failing. The result is that make test does not complete. Chris Brook __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #357] Shared in 0.9.7 B4
Has something changed in the make process in beta 4 regarding shared libraries? I am building OpenSSL with the same shell script on my Solaris (see below), using Workshop/Forte 6, as I did with Beta 3 versions and now I get unreferenced symbols: dlclose, dlsym, dlopen, etc. I can get around it by including -ldl in my app makefiles but I never had to in the past. I have shared in my Configure command line and this, as usual, produces libcrypto.a and libcrypto.so. I only use libcrypto.a when building my apps, so why is it suddenly needing the dso/dl stuff? My last B3 build was the 20021025 snapshot. My app makefiles have not changed. My Configure command line is: ../Configure threads shared no-asm no-hw no-ripemd no-idea no-bf no-cast no-dh no -mdc2 no-rc2 no-rc5 debug-solaris-sparcv9-cc Any advice much appreciated. Chris Brook __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #353] 0.9.7 B4 testssl with no-dh fails
I have compiled OpenSSL 0.9.7 Beta 4 with the NO-DH option. The compilation is fine but ssltest fails when trying to run the -dhe1024* tests. A fix was added in Beta 3 to handle the -dhe1024 -dhe1024dsa parameters when NO-DH was used but ssltest still tries to run and fails with: ERROR in CLIENT 22172:error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available:s3_clnt.c:569: It would seem that the DH tests should be skipped altogether if the NO-DH option is used, rather than trying to run and failing. The result is that make test does not complete. Chris Brook __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]