[openssl-users] Openssl 1.0.2k compilation issues
Hi, Am trying to upgrade openssl 1.0.1p to 1.0.2k and the compilation breaks with the below error and am using Ubuntu 10.04.1 In file included from req.c:84: comp.h:28: error: redefinition of typedef 'COMP_METHOD' ../../Build/target/usr/include/openssl/ossl_typ.h:181: error: previous declaration of 'COMP_METHOD' was here Am very new to this work and will be of great help if you can give me pointers in resolving the above issue. Awaiting for reply. Thanks in advance, Hema -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Does CVE-2016-7055 only impact x86_64 platform ?
The text says Broadwell-specific So it only affects *some* x86_64 platforms. -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz From: Sandeep Umesh [mailto:sanum...@in.ibm.com] Sent: Monday, January 30, 2017 2:14 AM To: openssl-users@openssl.org Subject: [openssl-users] Does CVE-2016-7055 only impact x86_64 platform ? Hi Can you please clarify if CVE-2016-7055 only impact x86_64 platform ? What about other platforms listed in crypto/bn/asm/ folder which has Montgomery multiplication procedure, is it impacted ? Thanks Regards Sandeep -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Compilation of openssl 1.0.2k breaks
Hi, Am trying to upgrade openssl 1.0.1p to 1.0.2k and the compilation breaks with the below error and am using Ubuntu 10.04.1 In file included from req.c:84: comp.h:28: error: redefinition of typedef 'COMP_METHOD' ../../Build/target/usr/include/openssl/ossl_typ.h:181: error: previous declaration of 'COMP_METHOD' was here Am very new to this work and will be of great help if you can give me pointers in resolving the above issue. Awaiting for reply. Thanks in advance, Hema -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] 'No client certificate CA names sent'
On Tue, Jan 31, 2017 at 08:07:16AM -0700, russellb...@gmail.com wrote: > It was on the client side. I'm running sendmail as a client > to relay mail that originates on my computer through gmail. Gmail's SMTP server, correctly, does not suggest any preferred client CAs. > When I > request a certificate from gmail I get that message in the return > (along with a certificate). It may not matter. Not only does it not matter, it is expected and best practice. > When I send mail through gmail, sendmail reports > 'verify=FAIL'. I hoped to make that not happen. Completely unrelated to the preferred client CA list. Sendmail's TLS support is fairly anaemic, you should probably just ignore this. While it is possible to "verify" the certificate, that's pointless unless you also configure secure matching of the MX hostname against the certificate. Absent DNSSEC (which gmail does not currently support) you'd need to define custom policy for gmail that insists on their current MX hostnames or some fuzzy match thereof. This is much too much work. https://tools.ietf.org/html/rfc7672#section-1.3 For now, opportunistic unauthenticated TLS will do and is what what most SMTP email uses: https://tools.ietf.org/html/rfc7435#section-1.3 https://www.google.com/transparencyreport/saferemail/ > Quoth Mr Viktor Dukhovni: > > > 'https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_client_CA_list.html > > That's the same as the man page I already have. > > 'Just pass a NULL stack.' > > Is there an app with which I can do this or do I have to write > a program? Not that I can't do that. None of this is applicable on the client side. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] 'No client certificate CA names sent'
Quoth Mr Benjamin Kaduk: 'That's generally the default server behavior when no CAs are configured for that purpose. But, (1) I thought you were looking at the client side, and (2) how to configure the server depends on what software is used on the server, so there's not much more to say right now.' It was on the client side. I'm running sendmail as a client to relay mail that originates on my computer through gmail. When I request a certificate from gmail I get that message in the return (along with a certificate). It may not matter. It doesn't keep me from sending mail through gmail. I just wanted to understand it. When I send mail through gmail, sendmail reports 'verify=FAIL'. I hoped to make that not happen. Quoth Mr Viktor Dukhovni: 'https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_client_CA_list.html That's the same as the man page I already have. 'Just pass a NULL stack.' Is there an app with which I can do this or do I have to write a program? Not that I can't do that. russell bell -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FW: problem with missing STDINT.H file
On 30/01/17 20:44, Carter, James M. (MSFC-ES34) wrote: > > > > > The attached text file is a snippet from attempting to install > openssl-1.1.0c on a Solaris 8 machine. As can be seen, failed when > could not be found. Do you have inttypes.h instead? As Jeff pointed out in another email this is for uint32_t and similar types. These get included from e_os2.h as follows: # if defined(OPENSSL_SYS_UEFI) typedef INT8 int8_t; typedef UINT8 uint8_t; typedef INT16 int16_t; typedef UINT16 uint16_t; typedef INT32 int32_t; typedef UINT32 uint32_t; typedef INT64 int64_t; typedef UINT64 uint64_t; # define PRIu64 "%Lu" # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ defined(__osf__) || defined(__sgi) || defined(__hpux) || \ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) # include # elif defined(_MSC_VER) && _MSC_VER<=1500 /* * minimally required typdefs for systems not supporting inttypes.h or * stdint.h: currently just older VC++ */ typedef signed char int8_t; typedef unsigned char uint8_t; typedef short int16_t; typedef unsigned short uint16_t; typedef int int32_t; typedef unsigned int uint32_t; typedef __int64 int64_t; typedef unsigned __int64 uint64_t; # else # include # endif As you can see we test for various things and then we either include inttypes.h or stdint.h (or do some platform specific things for UEFI and MS). If you have inttypes.h then a tweak to the above tests might be sufficient to get it going. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users