Re: Error building OpenSSL-1.1.1g

[Sergio NNX]

It is so easy to build OpenSSL using MinGW/MSYS!

Just type: ./Configure mingw64 ... 
  make all

[cid:244b0963-a277-473a-95fe-9419d8ef84d0]

How much experience do you have building apps from source on Windows? VS didn't 
work, MinGW didn't work either!
We are more than happy to assist you.

Have fun.


From: openssl-users  on behalf of Matt 
Caswell 
Sent: Friday, 26 June 2020 11:30 PM
To: openssl-users@openssl.org 
Subject: Re: Error building OpenSSL-1.1.1g



On 26/06/2020 14:27, mhkelley2...@gmail.com wrote:
> Matt,
>
> Thanks for your suggestion ...
>
>>>
>>> 2. Has anyone succeeded building OpenSSL for use in a Windows
>>> 10 environment *without* need for visual studio?
>>
>> You can do this using the MinGW compilers and the MSys2 shell. Note the
>> MinGW compilers target *native* windows. So although you use Msys2 to
>> build it, the resulting binaries are fully native.
>
> That was one of the first things I tried.  After exploring a few rabbit 
> holes, I gave up and downloaded Visual Studio..
>
> Here is how far I got  I have been unable to even figure out where this error 
> comes from ...
>
> --
> $ where perl
> C:\Perl64\bin\perl.exe
> $ perl Configure mingw --prefix=$PREFIX
> **
> This perl implementation doesn't produce Unix like paths (with forward slash
> directory separators).  Please use an implementation that matches your
> building platform.
>
> This Perl version: 5.24.3 for MSWin32-x64-multi-thread
> **

For msys2 based builds you must use the msys2 provided perl version, not
a native perl. Make sure msys2 has the perl package installed and remove
this one from your path.

Maybe we should add an FAQ section of common faults and how to fix them.

Matt




> Configuring OpenSSL version 1.1.1g (0x1010107fL) for mingw
> Using os-specific seed configuration
> --
>
>
> -Original Message-
> From: openssl-users  On Behalf Of Matt 
> Caswell
> Sent: Friday, June 26, 2020 3:04 AM
> To: openssl-users@openssl.org
> Subject: Re: Error building OpenSSL-1.1.1g
>
>
>
> On 26/06/2020 00:47, mhkelley2...@gmail.com wrote:
>> 1. How do I figure out whether OpenSSL is trying to build the 32- or 64-bit 
>> version and which options, or environmental variables, or specific PATH 
>> elements do I need to pay attention to in order to accomplish that?
>
> My windows environment died on my recently, so I can't check the actual
> output. IIRC just typing "cl" at the command line should give you
> details about the compiler being used and whether it is for 32 or 64 bits.
>
> Visual Studio has a number of "developer command prompts" available with
> it. If you start one of those it should have all the right environment
> variables set up for you. There should be different command prompts for
> 32 bit vs 64 bit.
>
> https://docs.microsoft.com/en-us/dotnet/framework/tools/developer-command-prompt-for-vs
>
> Alternatively there is the vcvarsall.bat script which comes with VS that
> enables you to setup all the environment variables - you can specify as
> an argument to script whether you are targeting 32 bit or 64 bit.
>
> https://stackoverflow.com/questions/43372235/vcvarsall-bat-for-visual-studio-2017
>
> As well as the VS tools environment variables you will need to make sure
> both Perl (e.g. Strawberry Perl) and NASM are installed and are on your
> %PATH%.
>
>
>>
>> 2. Has anyone succeeded building OpenSSL for use in a Windows 10 environment 
>> *without* need for visual studio?
>
> You can do this using the MinGW compilers and the MSys2 shell. Note the
> MinGW compilers target *native* windows. So although you use Msys2 to
> build it, the resulting binaries are fully native.
>
>
> There are details in the newly rewritten instructions for Windows:
>
> https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/NOTES.WIN
>
> Matt
>
>
>>
>> I'd really appreciate any useful information or pointers to such.
>>
>> Thanks.
>>
>>
>> -Original Message-
>> From: openssl-users  On Behalf Of Matt 
>> Caswell
>> Sent: Thursday, June 25, 2020 2:03 PM
>> To: openssl-users@openssl.org
>> Subject: Re: Error building OpenSSL-1.1.1g
>>
>>
>>
>> On 25/06/2020 20:20, mhkelley2...@gmail.com wrote:
>>> Thanks! That helped, but I have two follow-ups.
>>>
>>> 1) To whom would I suggest minor changes to the available installation
>>> instructions to help avoid future such misunderstandings?
>>
>> You can raise on issue on Github. Or even better raise a PR with your
>> suggested changes. However, as it so happens the Windows instructions
>> have very recently been significantly updated - so some of your
>> suggestions may already have been included:
>>
>> 

Re: OpenSSL version 3.0.0-alpha1 published

[Sergio NNX]

  *   Windows 10 x64

  *   GCC 8.3.0 x86_64

$ openssl version -a

OpenSSL 3.0.0-alpha1 "23 Apr 2020" (Library: OpenSSL 3.0.0-alpha1 "23 Apr 2020")
built on: Fri Apr 24 18:14:53 2020 UTC
platform: mingw64
options:  bn(64,64)
compiler: /mingw/bin/gcc.exe -m64 -DWINVER=0x0501 -D_WIN32_WINNT=0x0501 
-D_WIN32_IE=0x0501 -D__PTW32_STATIC_LIB -D__PTW32_CLEANUP_C -m64 -O2 -pipe 
-mms-bitfields -fno-builtin -march=core2 -mtune=core2 -DL_ENDIAN 
-DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DUNICODE -D_UNICODE 
-DWIN32_LEAN_AND_MEAN -D_MT -DZLIB -DNDEBUG -I/mingw/x86_64-pc-mingw32/include 
-I/mingw/x86_64-pc-mingw32/include/directx -I/mingw/include
OPENSSLDIR: "C:/OpenSSL"
ENGINESDIR: "C:/MinGW/lib/engines-3"
MODULESDIR: "C:/MinGW/lib/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0x7ffaf3bfffeb:0x29c67af


Some issued found:

on.obj crypto/cversion.c
In file included from include/openssl/macros.h:11,
 from include/openssl/opensslconf.h:14,
 from include/openssl/macros.h:10,
 from include/openssl/crypto.h:15,
 from include/internal/cryptlib.h:23,
 from crypto/cversion.c:10:
crypto/cversion.c: In function 'OpenSSL_version':
include/openssl/opensslv.h:91:54: error: expected ';' before numeric constant
 # define OPENSSL_VERSION_TEXT "OpenSSL 3.0.0-alpha1 "23 Apr 2020""
  ^~
crypto/cversion.c:50:16: note: in expansion of macro 'OPENSSL_VERSION_TEXT'
 return OPENSSL_VERSION_TEXT;
^~~~
make[1]: *** [crypto/libcrypto-lib-cversion.obj] Error 1
make[1]: Leaving directory `/src/openssl-3.0.0-alpha1'
make: *** [build_sw] Error 2




From: openssl-users  on behalf of OpenSSL 

Sent: Friday, 24 April 2020 12:29 AM
To: openssl-proj...@openssl.org ; OpenSSL User 
Support ML ; OpenSSL Announce ML 

Subject: OpenSSL version 3.0.0-alpha1 published

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


   OpenSSL version 3.0 alpha 1 released
   

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   OpenSSL 3.0 is currently in alpha.

   OpenSSL 3.0 alpha 1 has now been made available.

   Note: This OpenSSL pre-release has been provided for testing ONLY.
   It should NOT be used for security critical purposes.

   Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well
   as known issues are available on the OpenSSL Wiki, here:

https://wiki.openssl.org/index.php/OpenSSL_3.0

   The alpha release is available for download via HTTPS and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

 * https://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-3.0.0-alpha1.tar.gz
  Size: 9530120
  SHA1 checksum:  4db145d3d9c9d7bfaa7b2a1fe1670f7a3781bb06
  SHA256 checksum:  
9d5be9122194ad1d649254de5e72afd329252f134791389d0cef627b18ed9a57

   The checksums were calculated using the following commands:

openssl sha1 openssl-3.0.0-alpha1.tar.gz
openssl sha256 openssl-3.0.0-alpha1.tar.gz

   Please download and check this $LABEL release as soon as possible.
   To report a bug, open an issue on GitHub:

https://github.com/openssl/openssl/issues

   Please check the release notes and mailing lists to avoid duplicate
   reports of known issues. (Of course, the source is also available
   on GitHub.)

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6hpQcACgkQ2cTSbQ5g
RJHvtggAp7XIxm/00amD4TijQhJqMmGsj0RXqwAeSd0gWDQCf78GX4zMIW/tTgvk
I3Mb67DsOR5gdPZN5TigyqRaXSIAzfb8ZT4Gs9lo/j8RUi5AmzT2RYexbRv6bF6E
cQ0OabM3rk4qi4njTi/YD9YihO6/pv7tWZkkfPsN547bfm7p7fwCrEHw02En5IW8
hyFhkpKfA3c8MEa96yLwjhkYRTAzUmxus/mNID+Ja3/VTCmHjd1c57SHFPq9noll
Wqzhs3jEhluZKHpwmSSA0KQh1ph0kh6fnKLEn3Oge5dYV3P+JrFCRfDEMsI1Nb/F
hIr11rxXNxtBRKUSlOUyJATZn0sV6g==
=uRpM
-END PGP SIGNATURE-

Re: Issue generating certificate for a Samba AD - index.txt

[Sergio NNX]

We have been creating certificates (Root CA, intermediate, end user, smartcard 
login, etc) for ages.
We have set up our own PKI infrastructure using openssl command line tool.
If you email us the details/extensions you need your certificates to have, we 
can generate some test certs for you.

How familiar are you with OpenSSL?

Regards.


From: openssl-users  on behalf of Lionel 
Monchecourt 
Sent: Thursday, 19 March 2020 8:27 AM
To: openssl-users@openssl.org 
Subject: Issue generating certificate for a Samba AD - index.txt


Hi , trying to generate a certify using



openssl copenssl ca -config /etc/ssl/user-openssl.cnf -in dc-req.pem -out 
dc-cert.pem



I get the following :



Using configuration from /etc/ssl/user-openssl.cnf

Enter pass phrase for ./private/cakey.pem:

139946396877888:error:02001002:system library:fopen:No such file or 
directory:../crypto/bio/bss_file.c:69:fopen('./index.txt','r')

139946396877888:error:2006D080:BIO routines:BIO_new_file:no such 
file:../crypto/bio/bss_file.c:76:



I found a post saying that you just need to create the index.txt file,but it 
leads to “no result “

Another post was saying to insert  in the file “unique_subject = no”

Nothing at all ( putting yes or no ), as attempts…

Any insights ?

Thx



[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]
  Virus-free. 
www.avast.com

Re: Question about handshake error

[Sergio NNX]

It seems to work fine here!


[cid:e41cb622-8559-442b-9b65-76043c2c4b27]


[cid:a3ae8ac2-646c-41c8-9842-4f9bde0aaf71]





From: openssl-users  on behalf of Matt 
Caswell 
Sent: Wednesday, 11 March 2020 4:25 AM
To: Niki Dinsey ; openssl-users@openssl.org 

Subject: Re: Question about handshake error



On 10/03/2020 17:05, Niki Dinsey wrote:
> Hi there, I have an issue I can't seem to work out the answer to.
>
> Server: thankqcrm.accessacloud.com 
>
> root@willis:~# openssl version
> OpenSSL 1.1.1d  10 Sep 2019
> root@willis:~# openssl s_client -connect thankqcrm.accessacloud.com:443
> 

Running the exact same openssl version from my machine, and using the
exact same s_client options as you, I get a successful connection.

Some possibilities of what might be going wrong:

1) Is it possible there is some middlebox betwen you and the target
server that is causing a problem for you on your network? Can you try
connecting from s_client from a machine outside your corporate network?

or

2) I have sometimes seen load balancers do strange things - where
different machines in the cluster are configured differently to each
other. This can mean different people see different results - or even if
you run the same test at different times you see different results. This
could explain why it works in 1.1.0 and not 1.1.1 (i.e. it actually is
equally broken - but sometimes you hit the "right" server, and sometimes
you hit the "wrong" server). You might want to try from a different
machine and see if the same thing happens, and/or repeat the tests
periodically (in the hope of hitting different servers in the cluster).

or

3) Possibly there is some local problem with your s_client build. Does
it work ok for other sites?


Matt


> CONNECTED(0004)
> 140151269360768:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
> handshake failure:../ssl/record/rec_layer_s3.c:1544:SSL alert number 40
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 318 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
>
> Works on OpenSSL 1.1.0:
>
> root@host:~# openssl version
> OpenSSL 1.1.0l  10 Sep 2019
> root@host:~# openssl s_client -connect thankqcrm.accessacloud.com:443
> 
> CONNECTED(0003)
> depth=2 C = US, O = DigiCert Inc, OU = 
> www.digicert.com
> , CN = DigiCert Global Root CA
> verify return:1
> depth=1 C = US, O = DigiCert Inc, OU = 
> www.digicert.com
> , CN = Thawte RSA CA 2018
> verify return:1
> depth=0 CN = *.accessacloud.com 
> verify return:1
> ---
> Certificate chain
>  0 s:/CN=*.accessacloud.com 
>i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Thawte
>  RSA CA 2018
>  1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Thawte
>  RSA CA 2018
>i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
>  Global Root CA
>  2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
>  Global Root CA
>i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
>  Global Root CA
>  3 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
>  Global Root CA
>i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
>  Global Root CA
> ---
> Server certificate
> -BEGIN CERTIFICATE-
> ...
> -END CERTIFICATE-
> subject=/CN=*.accessacloud.com 
> issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Thawte
>  RSA CA 2018
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 4999 bytes and written 494 bytes
> Verification: OK
> ---
> New, TLSv1.2, Cipher is AES128-GCM-SHA256
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
> Protocol  : TLSv1.2
> Cipher: AES128-GCM-SHA256
> Session-ID:
> 05326CD4A0D128684EA530A59504BA8D02E99746AC2E40D0DA8B9B0E18F20CF0
> Session-ID-ctx:
> Master-Key:
> B423C27867FFB6A021458D860CC8A5A6D947628A8216B5F8DD8D1CF3058545398185B94F772B3A816A15D1442FFF1822
> PSK identity: None
> PSK identity hint: None
> SRP username: None
> TLS session ticket lifetime hint: 14400 (seconds)
> TLS session ticket:
>  - e5 7b cf ea bc 3d 6b 9a-59 ec 40 63 01 19 52 6c
> .{...=k...@c..rl
> 0010 - 72 

Re: Problems adding specific extensions to signed certificates

[Sergio NNX]

This is the basics of OpenSSL!

You would like to add extensions to a CSR or the problem arises when signing it?

You create a CSR (without extension file) and then you can check/inspect 
whether or not it shows the extension(s) you need/want. After that, you can 
sign the CSR.



> Ok. I'm not really a Linux guy, but I guess that means to do a "man 5 
> x509v3_config"?
I believe this odd issue has nothing to do with Linux, Mac and/or Windows.

> OK, so I read "man 5 x509v3_config", and it's still not clear to me how I get 
> my extensions added to a req.
Which part is not clear?


> Obviously I'm missing something basic. Can anyone point out what I am doing 
> wrong?
Indeed you are!

We use Windows, the latest OpenSSL version and only one .cnf file. No issues at 
all.

First, you create a CSR file with the extensions you need/want.
(openssl req -new -config user.cnf -key user.key -out user.csr)

Then, you sign the CSR
(openssl ca -notext -config user.cnf -in user.csr -passin .)

That's it.

You could email me your (complete) .cnf file with all the extensions you need 
and I can run the above commands locally to see whether or not there is 
something wrong/incomplete with your .cnf file.


>>> user.cnf

...
...
[ req_distinguished_name ]
0.domainComponent = localhost
countryName = GB
stateOrProvinceName = London
localityName = Westminster
title = Mr
description = End User Certificate
commonName = testuser
emailAddress = supp...@winradius.eu
userId = testuser
organizationalUnitName = IT Department
serialNumber = 1234-2020-GB

...
...

[ user_cert ]
basicConstraints = critical,CA:false,pathlen:0
keyUsage = critical,keyEncipherment
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
nsCertType = client
extendedKeyUsage = emailProtection
crlDistributionPoints = @crl_dp
authorityInfoAccess = caIssuers;URI:http://localhost/rootca.der
certificatePolicies = ia5org,@policy
...
...


From: openssl-users  on behalf of Michael 
Leone 
Sent: Saturday, 8 February 2020 2:01 AM
To: openssl-users@openssl.org 
Subject: Re: Problems adding specific extensions to signed certificates

On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni
 wrote:
>
> On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote:
>
> > Oh, I can add extensions by signing and using the -extfile option, and
> > specifying a file with the specific options I want to give the
> > certificate. But I don't want to have to use an addon file, I want to
> > add parameters to all signed certificates.
>
> The documentation of x509(1) which you're using with "-req" as a
> mini-CA, states explicitly:
>
>-extfile filename
>File containing certificate extensions to use. If not specified
>then no extensions are added to the certificate.
>
>-extensions section
>The section to add certificate extensions from. If this option is
>not specified then the extensions should either be contained in the
>unnamed (default) section or the default section should contain a
>variable called "extensions" which contains the section to use. See
>the x509v3_config(5) manual page for details of the extension
>section format.

OK, so I read "man 5 x509v3_config", and it's still not clear to me
how I get my extensions added to a req.
I am following thsi example page from RedHat

 https://access.redhat.com/solutions/28965

So what is the secret I am missing? The way I am reading it, in the "[
req ]", section I need to add

x509_extensions  = usr_cert # Desired extensions section

and in "[ usr_cert ]", I have added the "KeyUsage" and
"ExtendedKeyUsage" values I want.

which I have done, and which is not giving me what I want.

Obviously I'm missing something basic. Can anyone point out what I am
doing wrong?

The example page shows signing using a separate extensions file, which
I can do, and have done, and that gives me those extensions. But why
doesn't it work without that extension file??

Re: OpenSSL compilation errors in Windows

[Sergio NNX]

Ciao.

I haven't had a chance to compile the exact OpenSSL version using g++ compiler 
as stated by the user/poster.

If this user is using a modified or altered version of OpenSSL provided source 
code, is there support available? Don't get me wrong, I don't mind helping out 
but .

I'll try to compile OpenSSL source code this evening and I'll post my findings 
here.

Regards.

Sergio.


From: openssl-users  on behalf of Dr. 
Matthias St. Pierre 
Sent: Tuesday, 1 October 2019 12:28 AM
To: Nagalakshmi V J ; Michael Mueller 

Cc: openssl-users@openssl.org ; Umamaheswari 
Nagarajan 
Subject: AW: OpenSSL compilation errors in Windows


> OpenSSL code is compiling without any issues. When it is used from our 
> product code and while compiling using C++ compiler, the issue is seen.



As I wrote previously, the error you posted was caused  by the fact that you 
are compiling Ansi C (a.k.a ISO/IEC 9899:1990, a.k.a C90) source code

using a C++ compiler. While C permits a cast from ‘void *’ to ‘anytype *’, C++ 
doesn’t allow it without an explicit cast.



Only the *public* OpenSSL headers are guaranteed to be includable by a C++ 
compiler (they contain the necessary ` extern “C” ` blocks, etc.),

not the internal headers. Including *internal* headers is neither supported nor 
possible with a C++ compiler. And as Matt Caswell already told you,

there are no compatibility guarantees for those headers.



Matthias

Re: Using (not building) openssl with mingw on Windows 10

[Sergio NNX]

> "c:/program files/mingw/bin/gcc.exe" -D_MT -DTPM_WINDOWS -I.  -shared -o
> libibmtss.dll tssfile.o tsscryptoh.o tsscrypto.o tssprintcmd.o tss.o
> tssproperties.o tssmarshal.o tssauth.o tssutils.o tsssocket.o tssdev.o
> tsstransmit.o tssresponsecode.o tssccattributes.o tssprint.o Unmarshal.o
> CommandAttributeData.o tss20.o tssauth20.o Commands.o ntc2lib.o tssntc.o
> -Wl,--out-implib,libibmtss.a "c:/program
> files/openssl64/lib/libcrypto.lib" "c:/program files/MinGW/lib/libws2_32.a"

> tsscrypto.o: In function `TSS_Crypto_Init':
> c:\Users\KennethGoldman\tpm2\utils/tsscrypto.c:109: undefined reference
> to `OPENSSL_init_crypto'
> tsscrypto.o: In function `TSS_Hash_GetMd':
> c:\Users\KennethGoldman\tpm2\utils/tsscrypto.c:133: undefined reference
> to `EVP_get_digestbyname'
> ...
> continues for all OpenSSL function names


It seems to work fine here:

/mingw/bin/gcc.exe -DTPM_WINDOWS -D_MT -L. -shared -Wl,--no-undefined 
-Wl,--out-implib,libibmtss.dll.a -o libibmtss-1.1.dll \
tssfile.o tsscryptoh.o tsscrypto.o tssprintcmd.o tss.o 
tssproperties.o tssmarshal.o tssauth.o tssutils.o tsssocket.o tssdev.o 
tsstransmit.o tssresponsecode.o tssccattributes.o tssprint.o Unmarshal.o 
CommandAttributeData.o tss12.o tssauth12.o tssmarshal12.o Unmarshal12.o 
Commands12.o tssccattributes12.o CommandAttributeData12.o tss20.o tssauth20.o 
Commands.o ntc2lib.o tssntc.o -lcrypto -lz -lcrypt32 -lws2_32


Sorry to pollute this list! You will soon find out why!

Out of curiosity, we downloaded ibmtss1331.tar.gz and tried to build it from 
source (first time ever).

We have been using MSYS/MinGW for quite some time and we build (from source) 
and deploy large projects (with many dependencies) on a regular basis.
We tried to do the same with this project (ibmtss).
Then, on a MSYS console window we typed: make -f makefile.mak under 
'ibmtss1331\utils' folder.

Find some snippets of 'makefile.mak' file:

* CC = "c:/program files/mingw/bin/gcc.exe"

   * -I"c:/program files/MinGW/include" \
   * -I"c:/program files/openssl/include" \

* LNLIBS =  "c:/program files/openssl/lib/mingw/libeay32.a" \
 "c:/program files/openssl/lib/mingw/ssleay32.a" \
 "c:/program files/MinGW/lib/libws2_32.a"

  * imaextend.exe: imaextend.o imalib.o $(LIBTSS)
 $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o imalib.o $(LNLIBS) 
$(LIBTSS)


As you can imagine, there are dozens of compilation errors, such as:

$ make -f makefile.mak all
"c:/program files/mingw/bin/gcc.exe" -DTPM_WINDOWS -I. -I"c:/program 
files/MinGW/include" -I"c:/program files/openssl/include"  -Wall -W 
-Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wformat=2 
-Wold-style-definition -ggdb -O0 -c -DTPM_TPM20 tssfile.c
/bin/sh: c:/program files/mingw/bin/gcc.exe: No such file or directory
make: *** [tssfile.o] Error 127

cc1.exe: warning: unrecognized command line option '-Wno-self-assign'

Some runtime errors or 'mistakes', such as:

$ powerup.exe -v
TSS_Socket_Open: Opening localhost:2322-mssim
TSS_Socket_Open: Error on connect to localhost:2322
TSS_Socket_Open: client connect: error 0 No error
powerup: failed, rc 000b0008
TSS_RC_NO_CONNECTION - Failure connecting to lower layer

None of the executables provide some sort of version info and/or dependencies 
info (e.g. OpenSSL version)

It is impossible to figure out how tests can be run! We tried: make -f 
makefile.mak check and make -f makefile.mak test and we got:

make: *** No rule to make target `check'.  Stop.

make: *** No rule to make target `test'.  Stop.

Trying to build from source a 'cousin' project (ibmtpm1332), taken from the 
same repository,  we came across things like this (we use MinGW x64):

#elif TPM_POSIX && !defined _LP64
#define  RADIX_BITS 32

#elif TPM_POSIX &&  defined _LP64
#define  RADIX_BITS64

#elif TPM_WINDOWS
#define  RADIX_BITS 32

#else
#error "RADIX_BITS is not set"

#endif

But then you get:

In file included from BnValues.h:271:0,
 from Global.h:83,
 from Tpm.h:71,
 from AlgorithmCap.c:67:
TpmToOsslMath.h:83:4: error: #error "Ossl library is using different radix"
#  error "Ossl library is using different radix"
   ^
make: *** [AlgorithmCap.o] Error 1

On the one hand, we are preparing a comprehensive patch as a contribution to 
the ibmtss/tpm project(s).
On the other hand, we refuse to believe that IBM is 'fostering' these practices 
and quality in 2019! We have decided to contact IBM to report and discuss this 
matter.

To my mind, we can conclude that OpenSSL project has nothing to do with the 
issue reported here. Sorry again!

Re: Using (not building) openssl with mingw on Windows 10

[Sergio NNX]

>> I've been happily using the Shining Light 32-bit binaries with both
>> openssl 1.0 and 1.1 and mingw.

a) Where can we download OpenSSL binaries (x64) for Windows built with MinGW?
[ https://slproweb.com/products/Win32OpenSSL.html ]

b) D:\Temp-Apps\OpenSSL-Win64\bin>openssl version -a

OpenSSL 1.1.1b  26 Feb 2019
built on: Wed Feb 27 02:30:51 2019 UTC
platform: VC-WIN64A
options:  bn(64,64) rc4(16x,int) des(long) idea(int) blowfish(ptr)
compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo 
/O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM 
-DPADLOCK_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ 
-D_WINSOCK_DEPRECATED_NO_WARNINGS
OPENSSLDIR: "C:\Program Files\Common Files\SSL"
ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"
Seeding source: os-specific

 + Paths seem to be hardcoded

c) D:\Temp-Apps\OpenSSL-Win64\bin>openssl engine capi -v -t -post 
list_containers
6840:error:25078067:DSO support routines:win32_load:could not load the 
shared library:crypto\dso\dso_win32.c:107:filename(C:\Program 
Files\OpenSSL\lib\engines-1_1\capi.dll)
6840:error:25070067:DSO support routines:DSO_load:could not load the shared 
library:crypto\dso\dso_lib.c:162:
6840:error:260B6084:engine routines:dynamic_load:dso not 
found:crypto\engine\eng_dyn.c:414:
6840:error:2606A074:engine routines:ENGINE_by_id:no such 
engine:crypto\engine\eng_list.c:334:id=capi

d) Unable to find any .a file within the installation folder 
(D:\Temp-Apps\OpenSSL-Win64)

>> On a new machine, I tried the 64-bit binaries.  However, they're
>> missing the openssl/lib/mingw directory where the .a files resided.

> Getting back to this:

> I tried mingw linking against these

> "c:/program files/openssl64/lib/libcrypto.lib"
> "c:/program files/openssl64/lib/libssl.lib"

> but the gcc linker failed to find the openssl functions.

> Anyone have any ideas?

We have been using OpenSSL for Windows (x64) built with MinGW for a long time.

> openssl.exe version -a

OpenSSL 1.1.1a  20 Nov 2018
built on: Sat Feb 23 14:32:38 2019 UTC
platform: mingw64
options:  bn(64,64) rc4(16x,int) des(long) idea(int) blowfish(ptr)
compiler: gcc.exe -m64 -DWINVER=0x0501 -D_WIN32_WINNT=0x0501 
-D_WIN32_IE=0x0501 -DPTW32_STATIC_LIB -D__CLEANUP_C -m64 -O2 -pipe 
-mms-bitfields -fno-builtin -march=core2 -mtune=core2 -DL_ENDIAN -DOPENSSL_PIC 
-DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM 
-DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM 
-DPOLY1305_ASM -DWINVER=0x0501 -D_WIN32_WINNT=0x0501 -D_WIN32_IE=0x0501 
-DPTW32_STATIC_LIB -D__CLEANUP_C -DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN 
-DOPENSSL_SSL_CLIENT_ENGINE_AUTO=capi -DOPENSSL_CAPIENG_DIALOG -m64 -pipe 
-mms-bitfields -fno-builtin -march=core2 -mtune=core2 -D_MT -DZLIB -DNDEBUG 
-I/mingw/include
OPENSSLDIR: "\OpenSSL"
ENGINESDIR: "\OpenSSL\lib\engines-1_1"
Seeding source: os-specific

> openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
(padlock) VIA PadLock (no-RNG, no-ACE)
(capi) CryptoAPI ENGINE

@Ken: this seems to be a quite old thread, but if you need either the include 
files or the .a files
  or both, we could email them to you.

Regards.

Re: [openssl-users] File signing/encrypting upgrade from 1.0.2 to 1.1.0

[Sergio NNX]

> The code comiles just fine

Unfortunately, it does NOT compile fine on my system (and I guess the same 
occurs on several others!)


Can you fix all these various issues and post an updated zip file so I can test 
it again?


Cheers.





> A few points/questions:
>
>
> - Why cmake?

Well, this is part of a larger software bundle, so a build environment
is needed. And I like cmake. :)

> - I does not build/compile at all.
>
> - Why is this line here: #include  ? I get a
> compilation error! 

It's in there because it was documented to use it on windows. I manually
copied the file to the appropriate place after compiling/installing
openssl, but if it is not needed anymore, I can remove the line.

> - Why are we adding these libraries: odbc32 advapi32 ?

Again, larger bundle, I forgot to remove them for that small excerpt,
they're not needed here. (but don't change anything, too)..

> CMake Error at CMakeLists.txt:9 (find_package):
>   By not providing "FindOpenSSLSyn.cmake" in CMAKE_MODULE_PATH this
> project has asked CMake to find a package configuration file provided
> by "OpenSSLSyn", but CMake did not find one.

And, again: that should have read OpenSSL instead of OpenSSLSyn, and
the libs should read OpenSSL::Crypto. I have to use a special finder
to get the includes/libs to compile, but that's only a compile/link
issue...

Best regards, Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
openssl-users Info Page
mta.openssl.org
This mailing list is for discussion among those using the OpenSSL software. To 
see the collection of prior postings to the list, visit the openssl-users 
Archives


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] File signing/encrypting upgrade from 1.0.2 to 1.1.0

[Sergio NNX]

I've just built it (manually) on Windows and I don't see any error messages.


A few points/questions:


- Why cmake?

- I does not build/compile at all.

- Why is this line here: #include  ? I get a compilation 
error! 

- Why are we adding these libraries: odbc32 advapi32 ?



CMake Error at CMakeLists.txt:9 (find_package):
  By not providing "FindOpenSSLSyn.cmake" in CMAKE_MODULE_PATH this project
  has asked CMake to find a package configuration file provided by
  "OpenSSLSyn", but CMake did not find one.

  Could not find a package configuration file provided by "OpenSSLSyn"
  (requested version 1.1.0) with any of the following names:

OpenSSLSynConfig.cmake
opensslsyn-config.cmake

  Add the installation prefix of "OpenSSLSyn" to CMAKE_PREFIX_PATH or set
  "OpenSSLSyn_DIR" to a directory containing one of the above files.  If
  "OpenSSLSyn" provides a separate development package or SDK, be sure it has
  been installed.


-- Configuring incomplete, errors occurred!




From: openssl-users  on behalf of Jan 
Kohnert 
Sent: Saturday, 24 March 2018 5:25 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] File signing/encrypting upgrade from 1.0.2 to 1.1.0

Hi again,

Am Fri, 23 Mar 2018 18:03:17 +0100
schrieb Jan Kohnert :

> I'm using the openssl-libs for signing/encrypting files in PKCS#7
> format. When trying to upgrade from 1.0.2 to 1.1.0 the code stops
> working properly: Files are generated, but the formating is broken.
> When trying to decrypt the generated files, I get:
>
> Error in encoding
> 6252:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
> long:crypto\asn1\asn1_lib.c:91:

I just compiled the code on Linux (with the small changes to let it
compile and link), and it works for 1.1.0g, so it seems to be a
Windows-specific problem (I can reproduce that in 32 and 64bit Win).
Bug?

Best regards, Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
openssl-users Info Page
mta.openssl.org
This mailing list is for discussion among those using the OpenSSL software. To 
see the collection of prior postings to the list, visit the openssl-users 
Archives


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 回复： crash in `sha1_block_data_order_avx`

[Sergio NNX]

> Dear all, very appreciate your reply! We have double check the implementation 
> of related > functions, and confirm that the input params for the function
> int rsa_public_encrypt(const uint8_t *rsa_input, const int input_len, uint8_t 
> *enc_out,
> uint8_t *public_key, const int key_len)
> are all stack variables(say rsa_input, enc_out and public_key), so there 
> should have no
> problems with alloc;






Several days ago we emailed you regarding this issue. Never got a response.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Windows Compile Fails

[Sergio NNX]

 I'm new to building OpenSSL with Windows. I'm trying to build OpenSSL
 1.0.2c for Windows, but get a linking error

 My goal is to obtain a static library(ies) and associated header files
 that I can use to compile my application that uses OpenSSL on Windows.
 Where can I obtain these pre-built binaries?

 What is the magic incantation to get Visual Studio to statically link the 
 OpenSSL libraries?
 The OpenSSL libraries have to be built as static libraries.

Dear Jay,

We have been building OpenSSL on Windows, both statically and dynamically, for 
some time now without issues. We don't use Visual Studio though. The question 
is: does OpenSSL have to be built using Visual Studio only? If the answer is 
'no', we could render some assistance. Just let us know.

Cheers.

Sergio.   ___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

RE: FIPS in 1.0.1 windows 7 64 bit compile / link problems

[Sergio NNX]

More than happy to help you Dirk, but we use MinGW here and it works ok. You 
could check the versions (OpenSSL version and FIPS version).

Sergio.

 Date: Mon, 2 Jul 2012 18:05:54 +0200
 From: noadsple...@web.de
 To: openssl-users@openssl.org
 Subject: FIPS in 1.0.1 windows 7 64 bit compile / link problems
 
 Anybody able to help me (problem posted below some days ago)?
 
 Thanks a lot
 Dirk
 
 On 27.06.2012 14:42, Dirk Menstermann wrote:
  Hello,
 
  I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005
  (command line prompt) using the build target debug-VC-WIN64A and option 
  no-asm.
 
  Compilation of the fipscanister.lib was easy.
 
  The problem begun when I tried to build the containing openssl:
 
  1) openssl-1.0.1c: Here it worked but there are few oddities:
  * there isn't a fips.h include file
  * the library does only export FIPS_mode and FIPS_mode_set and not all 
  other
  FIPS related functions like FIPS_corrupt_aes or FIPS_rng_stick
 
  But nevertheless it seems that the library is working and can be put into 
  FIPS
  state (I verified that other ciphers will be sent in the ssl client hello)
 
  2) openssl-SNAP-20120627:
  * while building the fips_auth.c could not be copied (seems that the 
  step to
  generate it from fips_auth.in is missing).
  * after manually putting the file to the desired destination (not sure 
  it this
  is correct) I got following linking error...
 
   cl /Fotmp32dll.dbg\fips_standalone_sha1.obj -Iinc32 -Itmp32dll.dbg 
  /MDd
  /Od -DDEBUG -D_DEBUG -DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -Zi 
  -nologo -DO
  PENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE 
  -D_CR
  T_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
  -DOPENSSL_BN_ASM
  _MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
  -DAE
  S_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
  -DOPENSSL_USE_APPLINK
  -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS 
  -DOPENSSL
  _NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll.dbg/lib -D_WINDLL  -c 
  .\fip
  s\sha\fips_standalone_sha1.c
  fips_standalone_sha1.c
  link /nologo /subsystem:console /opt:ref /debug 
  /out:out32dll.dbg\fips_s
  tandalone_sha1.exe @C:\Users\dm\AppData\Local\Temp\nm6310.tmp
  fips_standalone_sha1.obj : error LNK2019: unresolved external symbol 
  SHA1_Update
   referenced in function main
  fips_standalone_sha1.obj : error LNK2019: unresolved external symbol 
  SHA1_Final
  referenced in function hmac_init
  fips_standalone_sha1.obj : error LNK2019: unresolved external symbol 
  SHA1_Init r
  eferenced in function hmac_init
  out32dll.dbg\fips_standalone_sha1.exe : fatal error LNK1120: 3 unresolved 
  extern
  als
  NMAKE : fatal error U1077: 'c:\Program Files (x86)\Microsoft Visual Studio 
  9.0\
  VC\BIN\amd64\link.EXE' : return code '0x460'
  Stop.
 
 
 
  Can anybody help me? With which versions is it supposed to work (win 7 64 
  bit)
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
  

RE: Using certificate and private key from Windows cert store with OpenSSL

[Sergio NNX]

Ciao Andrejs.

I don't know much about the source code you posted previously but if you build 
OpenSSL with the 'enable-capieng' option you'll be able to access every single 
store and all the certs stored in Windows.

I hope it helps.

Sergio.


 Date: Mon, 31 Oct 2011 09:44:11 +0100
 From: jb-open...@wisemo.com
 To: openssl-users@openssl.org
 Subject: Re: Using certificate and private key from Windows cert store with 
 OpenSSL
 
 In that case look for the CryptoAPI engine for openssl, not sure of its 
 official name though.
 
 On 10/29/2011 8:21 AM, Andrejs Štrumfs wrote:
  Duh... I was sure these were the needed parts. Now, I tried to call 
  CryptExportKey with PRIVATEKEYBLOB flag, and of course it returned error, 
  because the certificate was imported to store without Mark as Exportable 
  option. But there has to be way to use certificate and private key somehow 
  with OpenSSL? I'm really beginner with this certificate thing, maybe I just 
  don't understand something? :)
 
  Simple, really:
 
  You have not set the private part of the private key (d, p, q, dmp1,
  dmq1, iqmp).
 
  You need to export the private key from CryptoAPI too, and convert that
  blob, not the public key blob.
 
  Alternatively, I have heard rumors of a CryptoAPI engine plug in for
  OpenSSL which will let OpenSSL directly use the keys and certificates
  stored by Windows.
 
 
  On 10/28/2011 9:48 AM, Andrejs Štrumfs wrote:
  Hi!
 
  I am trying to make a program, that uses some Web Services in Delphi
  XE. To connect to the Web Services, i have to use self signed (hope
  this is correct term) certificate, which is stored in Windows cert
  store. So, i open the cert store with CertOpenSystemStore, get cert
  with CertFindCertificateInStore and set it with
  SSL_CTX_use_certificate. No problem with this. Then i get the public
  key blob with CryptExportKey and make up a private key like this:
  function PrivKeyBlob2RSA(const AKeyBlob: PByte; const ALength:
  Integer; const ASSLCtx: PSSL_CTX): IdSSLOpenSSLHeaders.PEVP_PKEY; var
  modulus: PByte;
  bh: PBLOBHEADER;
  rp: PRSAPUBKEY;
  rsa_modlen: DWORD;
  rsa_modulus: PAnsiChar;
  rkey: PRSA;
  begin
  bh := PBLOBHEADER(AKeyBlob);
  Assert(bh^.bType = PUBLICKEYBLOB);
  rp := PRSAPUBKEY(AKeyBlob + 8);
  Assert(rp.magic = $31415352);
  rsa_modulus := PAnsiChar(Integer(Pointer(rp))+12);
  rkey := RSA_new_method(ASSLCtx.client_cert_engine);
  rkey^.References := 1;
  rkey^.e := BN_new;
  rkey^.n := BN_new;
  BN_set_word(rkey^.e, rp^.pubexp);
  rsa_modlen := (rp^.bitlen div 8) + 1;
  modulus := AllocMem(rsa_modlen);
  CopyMemory(modulus, rsa_modulus, rsa_modlen);
  RevBuffer(modulus, rsa_modlen);
  BN_bin2bn(modulus, rsa_modlen, rkey^.n);
  Result := EVP_PKEY_new;
  EVP_PKEY_assign_RSA(Result, PAnsiChar(rkey)); end;
 
  and set it up with SSL_CTX_use_PrivateKey and
  SSL_CTX_check_private_key. Also, no problem so far. But then, when data
  transfer begins, i get access violation in libeay32.dll - Access
  violation at address 09881C5F in module 'libeay32.dll'. Read of address
  . If i load the key from .pem file, everything is fine.
  The libeay32.dll version is 1.0.0.5. Tried with version 0.9.something
  too - got the same error, just different address.
  Below is the RSA structure i get in PrivKeyBlob2RSA:
 
  pad0
  version  0
  meth   $898030C
  engine nil
  n  $A62D508
  e  $A62D4D8
  d  nil
  p  nil
  q  nil
  dmp1   nil
  dmq1   nil
  iqmp   nil
  ex_data (nil, -1163005939 {$BAADF00D}) references  1
  flags  6
  _method_mod_n   nil
  _method_mod_p   nil
  _method_mod_q   nil
  bignum_data nil {#0}
  blindingnil
  mt_blinding nil
 
  I checked the n and e bignums, and they are CORRECT, and everything
  else looks ok. The error happens when calling function ssl_read. I
  can't see what i am doing wrong, please help :) Thanks
 
  Andrejs
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-users@openssl.org
  Automated List Manager   majord...@openssl.org
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-users@openssl.org
  Automated List Manager   majord...@openssl.org
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
  

RE: Using certificate and private key from Windows cert store with OpenSSL

[Sergio NNX]

Ciao.

I use MinGW to build OpenSSL and it has always worked very well.

Steps: a)  perl Configure mingw shared enable-capieng --prefix=/mingw 
--openssldir=C:/OpenSSL

  b) make

After a while, you'll have openssl.exe and a couple of DLLs. At this stage, 
you'll be able to access Windows Certificate store.

If you're using Windows boxes, I can send you my copy of OpenSSL for you to 
test.

I hope it helps.

Sergio. 


 From: ml.vladimbe...@gmail.com
 To: openssl-users@openssl.org
 Subject: Re: Using certificate and private key from Windows cert store with 
 OpenSSL
 Date: Mon, 31 Oct 2011 21:40:44 +0400
 
 Sergio, how to set this option building OpenSSL? I didn't find any 
 suggestions in documentation. And can you give a link to the documentation 
 on the site openssl.org where there are functions of API to work with 
 Windows CERT Stores?
 
 
 From: Sergio NNX
 Sent: Monday, October 31, 2011 1:02 PM
 To: openssl-users@openssl.org
 Subject: RE: Using certificate and private key from Windows cert store with 
 OpenSSL
 Ciao Andrejs.
 
 I don't know much about the source code you posted previously but if you 
 build OpenSSL with the 'enable-capieng' option you'll be able to access 
 every single store and all the certs stored in Windows.
 
 I hope it helps.
 
 Sergio.
 
 
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
  

RE: getting the input not from command line

[Sergio NNX]

Ciao.

If you use 'prompt = no' in openssl.conf, then it won't ask anything. I'm using 
it and it works ok!

Cheers.

Sergio.

 Date: Wed, 19 Oct 2011 22:25:57 +0530
 Subject: Re: getting the input not from command line
 From: pkr...@gmail.com
 To: openssl-users@openssl.org
 
 Thanks jakob,
 I am able to do it. now i have another problem.
 
 The below command generate a signed certificate. but to generate it
 ask for the user permission.
 what i want is it will directly generate the certificate with out
 asking the user permission. please find the command below.
 
 openssl ca -in requests/garexWEB.CSR -cert ../CA/garexCA.CRT -keyfile
 ../CA/garexCA.KEY -out certificates/garexWEB.CRT
 
 is there any way to do it.
 
 Regards Prabhu
 
 On Wed, Oct 19, 2011 at 9:26 PM, Jakob Bohm jb-open...@wisemo.com wrote:
  There is almost an example on the documentation page for the req utility.
 
  I have not used it myself, but it seems this would be a typical example:
 
  -subj /DC=org/DC=OpenSSL/DC=users/CN=John Doe
 
  On 10/19/2011 5:32 PM, prabhu kalyan rout wrote:
 
  Hi jakob,
  Thanks for you help.
 
  Can you please give me one example of the -subj option.
 
  Thanks  Regards
  Prabhu
 
  On Wed, Oct 19, 2011 at 7:46 PM, Jakob Bohmjb-open...@wisemo.com  wrote:
 
  Use the option -subj and adjust other settings in openssl.cnf to make
  things
  easier.
 
  On 10/19/2011 2:43 PM, prabhu kalyan rout wrote:
 
  Hi,
  As per my project requirement i should configure the openssl req
  command in such a way that it will not ask the user information from
  prompt.
  Is there any way so that i can directly pass the information in the
  command line or through a file.
 
  kindly help
 
  Regards Prabhu
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-users@openssl.org
  Automated List Manager   majord...@openssl.org
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-users@openssl.org
  Automated List Manager   majord...@openssl.org
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-users@openssl.org
  Automated List Manager   majord...@openssl.org
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-users@openssl.org
  Automated List Manager   majord...@openssl.org
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org