Re: [openssl-users] Fwd: Re: command passwd
>libcrypto.a and libcrypto.so are files which are built by linux-compiler? but somewhere has to be the source code for them ? The files in the crypto directory are compiled to build the libraries. I think you will find some intro material on building C software useful. This is probably not a good place to find that info. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Fwd: Re: command passwd
This is tricky to dig for the source code. I guess I would need the source code for libcrypto.a and for libcrypto.so, but so they are not part of openssl-package ... libcrypto.a and libcrypto.so are files which are built by linux-compiler? but somewhere has to be the source code for them ? Am Mi, 18. Jul, 2018 um 7:30 P. M. schrieb Salz, Rich via openssl-users : where is file "libcrypto" ? In which directory of OpenSSL-1.1.1pre8 ? It is not distributed. It is a library built as part of the compile process. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Appropriate use of SSL_CTX_set_cipher_list()
On Wed, Jul 18, 2018 at 03:24:31PM -0500, Ryan Beethe wrote: > For a safe client application, should you explicitly set the cipher list > explicitly, rather than trust the default cipher list that comes from > the package manager's libssl? I would say that the answer to that depends on another question: do you regularly review the package manager's default cipher list, and have reason to trust it? -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to compile OpenSSL 1.0.x with versioned symbols ?
On 19/07/18 07:08, pratyush parimal wrote: > Hi all, > > Are people familiar with how to get symbols versioned with versions > like "OPENSSL_1.0.x" in the libcrypto.so after compiling it > yourselves? OpenSSL as sourced from the OpenSSL project does not support this in 1.0.x. > Problem is, on execution my application complains that: "OPENSSL_1.0.2 > not found". Performing "objdump -T" on the OpenSSL 1.0.2k libcrypto.so > on the CentOS machine, I see some symbols versioned with the version > number "OPENSSL_1.0.2" within the library. But these seem to be > missing in the libcrypto.so which I built using the instructions > above. Any idea how to get those symbols in ? Or how to get around > this issue? Vendors often patch OpenSSL with their own system specific changes. I know Debian did this to add symbol versioning for 1.0.x. It seems CentOS does too. > Digging deeper I noticed that OpenSSL 1.1.0h (for example) does not > have this problem. In fact, as part of the build process, it seems to > generate two map files: ssl.map and crypto.map, which get passed as > --version-script=ssl.map and --version-script=crypto.map sometime to > the compiler. I also noticed that in that version of OpenSSL, there's > a script called util/mkdef.pl which generates those map files. Yes, this was a new feature we added to 1.1.0. > > OpenSSL 1.0.2k for example, does not seem to generate those map files > as part of the build process. Any idea how to generate them? I saw an > example of how CentOS seems to be putting versioned symbols in using a > patch > (https://git.centos.org/blob/rpms!openssl.git/5fee79a733e7bcfa468ae8f400bad40a1002c8c5/SOURCES!openssl-1.0.1e-version.patch), > but if someone could explain how to do that for any OpenSSL version, > it would be very helpful. You could try applying the CentOS patch to your own sources - but there is no official way to do this. Alternatively you could try building from the CentOS provided sources. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] How to compile OpenSSL 1.0.x with versioned symbols ?
Hi all, Are people familiar with how to get symbols versioned with versions like "OPENSSL_1.0.x" in the libcrypto.so after compiling it yourselves? I have an application which was compiled and dynamically linked against OpenSSL 1.0.2k on a CentOS 6.7 machine. I'm trying to run it on a system where I've built and installed OpenSSL 1.0.2k myself. For compilation, I followed the instructions on the wiki page: https://wiki.openssl.org/index.php/Compilation_and_Installation? , i.e. I did: ./Configure ... make depend make make install Problem is, on execution my application complains that: "OPENSSL_1.0.2 not found". Performing "objdump -T" on the OpenSSL 1.0.2k libcrypto.so on the CentOS machine, I see some symbols versioned with the version number "OPENSSL_1.0.2" within the library. But these seem to be missing in the libcrypto.so which I built using the instructions above. Any idea how to get those symbols in ? Or how to get around this issue? Digging deeper I noticed that OpenSSL 1.1.0h (for example) does not have this problem. In fact, as part of the build process, it seems to generate two map files: ssl.map and crypto.map, which get passed as --version-script=ssl.map and --version-script=crypto.map sometime to the compiler. I also noticed that in that version of OpenSSL, there's a script called util/mkdef.pl which generates those map files. OpenSSL 1.0.2k for example, does not seem to generate those map files as part of the build process. Any idea how to generate them? I saw an example of how CentOS seems to be putting versioned symbols in using a patch (https://git.centos.org/blob/rpms!openssl.git/5fee79a733e7bcfa468ae8f400bad40a1002c8c5/SOURCES!openssl-1.0.1e-version.patch), but if someone could explain how to do that for any OpenSSL version, it would be very helpful. Thanks in advance! Pratyush. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
