[openssl-dev] [openssl.org #3752] Patch to fix thread ID support from FIPS module

commit a43cfd7 pushed to 1.0.2 stable, will show up in next release. thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3752 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways

Looks like I was wrong, the 2 internal certificates that reproduce the issue do in fact share the key (only a 3rd, even newer certificate has a different key). So, key reuse is an essential part of this problem - however, I can now reproduce it with a trust store containing no expired

Re: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways

Yes, it should not crash. But without more information it is hard/impossible to debug. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4580 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways

Hi, It seems that having the same key isn't actually a prerequisite, I actually have a pair of certificates in hand with the same issuer but different keys that reproduce this order-dependent behavior. (I'm currently in talks with our IT department for clearance to submit these certs as a

[openssl-dev] [openssl.org #4581] [1.0.2] Running tests in parallel results in failure

Like Rich says, our build system in 1.0.2 doesn't support parallell building or testing. For upcoming 1.1.0, the build system has been remade from the ground up, with parallell building in mind. Parallell testing hasn't been tested there either, though... it might work, it might not. However, the

Re: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways

Having a mix of experied and unexpired certificates in the trust store for the same issuer/key seems to be undefined. I am not sure this is a bug. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4580 Please log in as guest with password guest if prompted -- openssl-dev mailing

Re: [openssl-dev] [openssl.org #4581] [1.0.2] Running tests in parallel results in failure

This is not supported. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4581 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4581] [1.0.2] Running tests in parallel results in failure

This is not supported. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4581] [1.0.2] Running tests in parallel results in failure

Dear OpenSSL folks, downloading the latest 1.0.1t release [1], building it, and running the tests in parallel I get the failure below. I am able to reproduce this, with the branch.*OpenSSL_1_0_2-stable* [2], but not with the branch *master*. With `-j1` and `-j2` the failure is

Re: [openssl-dev] BUG - FIPS capable OpenSSL fails to build on Linux PPC64

On Tue, Jun 21, 2016 at 12:39:35PM +0300, Cristi Fati wrote: > Hi all, > > I am trying to build a FIPS (2.0.12) capable OpenSSL (1.0.2h) on PPC64 > Linux (tried RH5 and SLES12), but it fails. FWIW, The openssl packages on SLES 12 have received FIPS certificate for x86_64 While we have not

[openssl-dev] BUG - FIPS capable OpenSSL fails to build on Linux PPC64

Hi all, I am trying to build a FIPS (2.0.12) capable OpenSSL (1.0.2h) on PPC64 Linux (tried RH5 and SLES12), but it fails. Here's the config command and output for *openssl-fips*: *./config no-asm* Operating system: *ppc64-whatever-linux2* WARNING! If you wish to build 64-bit library, then you

Re: [openssl-dev] [openssl.org #4398] BUG / 1.0.2g breaks CURL extension

In the meantime i use 1.0.2h which works good so far. Thank you. 2016-06-20 22:47 GMT+02:00 Rich Salz via RT : > We believe this is fixed by the commit that viktor pointed out. Is this not > true? What are folks asking OpenSSL to do? > > -- > Ticket here: