6-autoca;h=05e221b313225f23fe9986003eebcd3ba2be5ce8;hb=HEAD
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Roumen Petrov wrote:
Howard Chu via openssl-dev wrote:
In OpenSSL 1.1 on Linux (at least) libcrypto now has a dependency on
libpthread but this is not reflected in the pkgconfig file. As a result,
tools like CMake fail to detect libcrypto properly when linking against the
static library
pkgconfig
file.
For example:
https://github.com/monero-project/monero/issues/2402#issuecomment-327514216
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project
The Doctor wrote:
As of 2106-20-24 SSL_librbary_init may not be avialable in the libssl.so .
Wow, did you really come back 90 years in your TARDIS just to tell us this?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
ap getting loaded and unloaded this way a lot, and that naturally
means libssl/libcrypto go along for the ride too.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.o
Thanks, yes, works fine. I saw your commit and merged our support for it
already.
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=6bb6d5e3c6269589f5e64805bd849174d62bd3ea
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://
Stephen Henson via RT wrote:
> On Fri Jan 29 17:35:05 2016, steve wrote:
>> On Fri Jan 29 15:08:47 2016, h...@highlandsun.com wrote:
>>> Howard Chu via RT wrote:
>>>> In OpenLDAP we reference X509_NAME->bytes->data directly, we want
>>>> the
>&g
Stephen Henson via RT wrote:
> On Fri Jan 29 15:08:47 2016, h...@highlandsun.com wrote:
>> Howard Chu via RT wrote:
>>> In OpenLDAP we reference X509_NAME->bytes->data directly, we want the
>>> DER
>>> bytes which we then pass thru our own DN validator/fo
Howard Chu via RT wrote:
> In OpenLDAP we reference X509_NAME->bytes->data directly, we want the DER
> bytes which we then pass thru our own DN validator/formatter. This no longer
> works with OpenSSL 1.1 and I don't see any provided method to return the DER
> bytes. I don
Howard Chu via RT wrote:
In OpenLDAP we reference X509_NAME->bytes->data directly, we want the DER
bytes which we then pass thru our own DN validator/formatter. This no longer
works with OpenSSL 1.1 and I don't see any provided method to return the DER
bytes. I don't want a mallo
want read-only access to the bytes
already cached inside the X509_NAME structure.
The attached patch would be sufficient to meet this requirement.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Arch
Quanah Gibson-Mount wrote:
--On Thursday, January 21, 2016 5:58 PM + Howard Chu
wrote:
In OpenLDAP we reference X509_NAME->bytes->data directly, we want the DER
bytes which we then pass thru our own DN validator/formatter. This no
longer works with OpenSSL 1.1 and I don't see a
want read-only access to the bytes
already cached inside the X509_NAME structure.
for reference:
https://github.com/openldap/openldap/blob/master/libraries/libldap/tls_o.c#L448
https://github.com/openldap/openldap/blob/master/libraries/libldap/tls_o.c#L475
--
-- Howard Chu
CTO, Symas
to bump the ctx refcount twice, in SSL_new. Why is
that?
https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L670
https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L681
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://hig
Viktor Dukhovni wrote:
On Tue, Apr 01, 2014 at 07:07:10PM -0700, Howard Chu wrote:
Viktor Dukhovni wrote:
I can contribute a patch, that addresses many of the issues. Things
that I'm not immediately planning to address are:
- Separate flag for wildcards in CN vs. wildcards i
ts. It's a slippery slope, don't expect to get it
right.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.
at you are trying to do?
--- On *Mon, 4/12/10, Phillip Hellewell /mailto:ssh...@gmail.com>>/* wrote:
From: Phillip Hellewell mailto:ssh...@gmail.com>>
Subject: Re: Custom user-defined BIO
To: "Howard Chu" mailto:h...@highlandsun.com>>
Cc:
stify the time it takes to respond. In
this case, define a BIO_METHOD struct with your handlers and just use it.
One example is in OpenLDAP's libldap/tls_o.c.
http://www.openldap.org/devel/cvsweb.cgi/~checkout~/libraries/libldap/tls_o.c?rev=1.16
--
-- Howard Chu
CTO, Symas Corp.
ld be an issue. Many single-threaded
programs wind up requiring the threading library on many platforms anyway
as
it may contain functions like 'clock_gettime' or 'sched_yield'. (Does
anyone
know of a platform
inside those OpenSSL API calls
that isn't expected to be called from other threads at the same time.
The API could work like a hybrid sigaction() allowing
get-and-test-and-set in one atomic operation. This will require
libpthread runtime linkage in libcrypto.
Darryl
___
hentication realms. As such they
tend to need to be configured with many trusted CAs. When you have a single
process that can take on both server and client roles simulataneously, OpenSSL
handles the situation easily. Other SSL libraries ... not so much...
--
-- Howard Chu
CTO, Symas
Howard Chu wrote:
Thor Lancelot Simon wrote:
Can I assume that any data returned when I access the DN of a peer's
certificate using OpenSSL are ASCII or UTF8? If not, how do I tell
the difference?
I think I understand that DNs not encoded as UTF8String should not
have high-bit characte
136&r2=1.137&hideattic=1&sortbydate=0&f=h
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
_
send.
Given that SMTP and POP clients wait for a 220 greeting from the server first,
this seems disqualify them from this approach.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
ate A
tls_read: want=5, got=5
: 16 03 01 00 9f
You haven't really explained enough of what you actually want to do yet, to
give anyone a clear idea of what you're really asking for.
Thanks again,
John.
2009/6/4 Howard Chu:
John Carter wrote:
Howard,
I appreciate that curren
marily interested in seeing the certificate, rather than doing
anything useful with the connection.
try "ldapsearch -ZZ -d7" ...
I'll see if anyone's interested.
John.
2009/6/3 Howard Chu:
John Carter wrote:
Hi,
Currently the s_client command supports starttls for smtp, f
already support
StartTLS...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
_
arse" can mean a lot of different things.
On Wed, Mar 18, 2009 at 4:22 PM, Vinod Chaudhary
wrote:
Hi,
I want to parse the x509 certficate in my application using the openssl API
not the command line tool.
Can anybody help me ?
--
-- Howard Chu
CTO, Symas Corp. http:/
Dr. Stephen Henson wrote:
http://www.openssl.org/support/faq.html#USER13
Doh. Thanks, works fine.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project
_int( ber, &val );
tag = ber_peek_tag( ber, &len );/* DN: Sequence */
if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
derdn.bv_val = bv.bv_val + ber_ptrlen( ber );
derdn.bv_len = len + 2;
ldap_X509dn2bv( &derdn, &dn, NULL, 0 );
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
-- Howard Chu
Chief Architect, Symas Corp. http://
ect http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
-- Howard Chu
Chief Architect, Symas
Howard Chu wrote:
> I'm seeing a lot of "bad record mac" errors when receiving a lot of
> connection requests at once. It sounds the same as this email
> http://www.redhat.com/archives/rhl-list/2005-May/msg01506.html
> which unfortunately was never replied to.
>
Howard Chu wrote:
I'm seeing a lot of "bad record mac" errors when receiving a lot of
connection requests at once. It sounds the same as this email
http://www.redhat.com/archives/rhl-list/2005-May/msg01506.html
which unfortunately was never replied to.
Surrounding the SSL_accep
mutex seems to resolve the
problem. Is that supposed to be necessary?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openl
re the RMS pipedream you've been sucking
down
with regards to the BSD license compared to the GPL. Anyone who writes
and
sings a theme song for a software license is certifyable.
Uh huh.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun
/ldap.conf related
URI ldaps://ldapserver/
#URIldap://ldapserver/
BASE dc=example,dc=com
TLS_CACERTDIR /etc/pki# <- important!
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core
NTABLESTRING :Demo CA
Can anyone bring some light into the darkness?
They are ordered sequence of unordered SET's of each element. The
order inside "SET OF" is not important, but there is exactly one
element in each SET OF. However, the order inside "SEQUENCE OF" is
im
using m68k here? I wrote a M68K asm implementation of
BigNum several years ago for my Atari TT (68030), made a 4:1 speed
increase there. Haven't touched it in ages.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com
's
on the fly. I was just thinking about the import libraries; a
gcc-compiled DLL will work with an MSVC app if it's linked with the
gcc-specific import library, and vice-versa.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunht
at
make sparcv9-solaris8
make i686-mingw
all do the right thing, whatever your toolchain setup is. It's really up
to you to do something consistent/easy to manage.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp:
The Cisco one has the
least amount of surprise in it, in my opinion.
The "Cisco" solution *is* the standard solution:
http://www.ietf.org/rfc/rfc2732.txt
It would be best to avoid any non-standard formats...
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http:/
Any suggestion?
This is how Cisco does that:
http://www.cisco.com/en/US/products/sw/iosswrel/ios_abcs_ios_the_abcs_ip_version_60900aecd800c111e.html
I assumed this was the standard format. The software I've written so far
(in OpenLDAP among other things) uses this approach.
--
-- Howard C
inal. Korn shell is
an extended one. Linux typically ships with BASH, the GNU Bourne-Again
SHell which is an extended version of the original Bourne Shell.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/h
do you collect final .lib files. Which you intended to answer:-)
A.
I presume that these questions will be fully answered in any forthcoming
patch...
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/
velop and test.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTEC
LLTOP)/lib/$$i.new; \
> > + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
> I seem to recall there is a performance hit on some platforms (HP ?)
> if the shared libs are writable.
Yes, HPUX 10.xx for sure, perhaps newer releases as well.
-- Howard Chu
Chief Archite
hile ((r > 0 || (errno == EINTR || errno == EAGAIN))
- && t.tv_usec != 0 && n < ENTROPY_NEEDED);
-
close(fd);
}
}
I removed the loop; I doubt another one or two milliseconds will make any
difference if it fails to fulfi
been set to Non-Blocking; either the driver will
honor it or it won't. There's nothing more you can do. If you read from
/dev/urandom and don't get the number of bytes you wanted, you're screwed
anyway.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland
nerations of hackers, but some of its early
design decisions remain to this day. So it goes. As someone once said, "Those
who don't understand Unix are doomed to reimplement it, badly."
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.
x27;t recall if 4.1 had select() or not.
Think about it. The fdset is a bit field. The nfds parameter tells select how
far into the field it needs to look. Each bit corresponds to one fd. If you
have fd#0, that corresponds to bit #1. This is why the number of fds is
*always* the highest
; (fixed in
> attached patch).
Ah, silly me. Thanks for catching that.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
___
> -Original Message-
> From: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]]
> In message <005201c2a53d$5f4523f0$0e01a8c0@CELLO> on Mon, 16
> Dec 2002 11:55:55 -0800, "Howard Chu" <[EMAIL PROTECTED]> said:
> hyc> Please please please fo
t;
> OK, I lied a message ago. In 0.9.8-dev's Makefile.shared, the first
> ld is actually an ld, while the second shown above is done through cc
> or gcc.
Right. The first line must use ld to create the relocatable object, the final
link can be done by cc / gcc / ld, whichever, as app
god knows how many different platform-specific and version-specific LD
flags. You can use basic, plain Jane, SVR3/BSD4.2 syntax to get over the main
hurdle, and then use the appropriate "-shared" flag for your linker of choice
after the basic object file exists.
-- Howard Chu
Chief Ar
Please please please forget about that allextract nonsense. You will*never*
get it portable to all desired platforms. Just take the lib*.a and relink it
explicitly:
mkdir tmp; cd tmp; ar x ../libcrypto.a; ld -r -o ../libcrypto.o *.o
ld -G -o libcrypto.so libcrypto.o -l
-- Howard
ither, so if you say it didn't work I believe you. But
plain old LZW definitely does not have this problem, the compressor can do
whatever it wants, and the decompressor will stay sync'd up because it
detects these reset codes.
-- Howard Chu
Chief Architect, Symas Corp.
to do this anyway,
because the ca program was double-translating some of the certificate fields
on display, turning them into garbage. (I alluded to that in this msg thread,
in fact.)
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com
t it works
without any issues.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailt
Argh... That last patch wasn't quite right. This one works a bit better.
(Note that build-shared is serialized to allow parallel builds to work.)
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
ld OpenSSL inside a
larger project and while fixing problems in other directories we do a lot of
top-level make invocations and it's annoying to have this trigger a rebuild
all the time. (Because we have dependencies on libcrypto/libssl etc.)
-- Howard Chu
Chief Architect, Symas Corp. Dir
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr. Stephen Henson
> On Fri, Aug 30, 2002, Howard Chu wrote:
> > > The output from testca is still a little dodgy, there are a
> few certificate
> > > fields that are
Damn, sent an incomplete diff for crypto/x509v3/v3_utl.c. Sorry about that.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -Original Mess
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Howard Chu
> The output from testca is still a little dodgy, there are a few certificate
> fields that are printed in ASCII that need to be translated to EBCDIC for
> appearance&
ea(int)
blowfish(ptr)
compiler: c89 -O -D_ALL_SOURCE -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
>
- t61=1;
-#endif
}
if (t61) return(V_ASN1_T61STRING);
if (ia5) return(V_ASN1_IA5STRING);
The output from testca is still a little dodgy, there are a few certificate
fields
a pain. (At this point the obvious thing to do
is just build all of OpenSSL with "-g" but the resulting objects with
embedded debug symbols are huge, 10x size at least.)
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com
om
their environment.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL
) || no_name) {
+ if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
len=a->length;
p=a->data;
(Just a slight speedup when I'm munging DNs by OID...) I hope you can commit
this for 0.9.6d/0.9.7 without too much trouble. :)
-- Howard Chu
Chie
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Joop
> On 02-04-16 10:51:31 CEST, Howard Chu wrote:
> >In LDAP, the convention is to display the DNs in the
> opposite order,
> > but the semantic meaning of the
27;s just a
matter of traversing the Name in the opposite order when parsing/printing it
out. I believe this feature already was added in OpenSSL 0.9.6, so this
whole discussion has been about a non-problem...
-- Howard Chu
Chief Architect, S
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Bell
> Howard Chu schrieb:
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Bell
&
other (non-openssl) tools to manage that encoding
> > (LDAP trees).
>
> What do you want to say with this answer? The problem has nothing to do
> with signature verification. If you use "openssl x509" or any other
> openssl command then you will see a DN. The questio
The last time I checked, dc is only a front-end for bc. It seems odd to me
that dc can work correctly if bc is broken...
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Richard Zidlicky
> On Tue, Feb 19, 2002 at 03:43:12PM -0800, Howard Chu wrote:
> > I just checked the 68060 user manual, you're right. That means the plain
> > 68000 code
ons was a poor choice, so this version avoids those instructions.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -Original Message-
> Fro
I just checked the 68060 user manual, you're right. That means the plain
68000 code is needed on the 68060. (What a crock...)
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenS
Here is a more thorough assembly implementation of bn_asm for Motorola 680x0
processors. On a 68030 the RSA/DSA test is over 4x faster than gcc -O3 code.
I am releasing this version under the terms of the OpenSSL license.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland
: "0"(n0), "1"(n1), "d"(d0) \
+ : "cc");\
+ q; \
+ })
+# define REMAINDER_IS_ALREADY_CALCULATED
# endif /* __ */
# endif /* __GNUC__ */
#endif /* NO_ASM */
-- Howard
recreate it, but I will if no one else has one. My web client with 0.9.6 is
now too slow, it cannot finish generating a key before the remote server
times out the connection. (Speed tests on 0.8.0 vs 0.9.6 are 2-3x faster,
which makes a big difference on my 32MHz 68030.)
-- Howard Chu
Chief
s, one can only
guess that the clashes are at compile-time, due to mismatched function
declarations between various header files and the library source.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
That's right. I actually used:
'-bM:SRE -bE:$*.exp -b noentry'
I had to add explicit code to the Configure script to set this since I
couldn't figure out how to embed colons in the configuration table.
-- Howard Chu
Chief Architect, Symas Corp. Director,
linker removes unreferenced objects. For
Linux the flag is "-whole-archive", for Solaris "-z allextract". Obviously
the contents of "lib/$(LIBXX).a" is assumed to be PIC code. I haven't
configured this on any other platforms recently, so I don't have th
libdl didn't appear on AIX until 4.2. Jens Uwe-Mager wrote an emulation
library for earlier AIX versions, to map the dlopen routines onto AIX's
native dynamic loading implementation.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www
hat the value you see is really
the address of an address, one is a pointer to stdout living in the DLL's
space, and the other is a pointer to stdout residing in app space. Assuming
that you have properly #include'd the compiler should have
generated the proper code to reference the impor
and similar, use the
appropriate
assignments instead:
CPPFLAGS=-I/usr/local/ssl/include; export CPPFLAGS
LDFLAGS=-L/usr/local/ssl/lib; export LDFLAGS
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
>
course correct me if I'm misremembering.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ri
matching
the given DN
patched to store the actual cert filename in the index.txt database
Howard Chu - Black GTS http://highlandsun.com
http://people.we.mediaone.net/hyc
--- ca.c2000/10/13 12:53:02 1.1
+++ ca.c2000/10/13 13:01:41
@@ -150,6 +150,7 @@
" -star
You're both correct. Since libcrypto.a was not compiled as PIC, it cannot be
shared very much. The library will have static absolute address references
that will be relocated at runtime, forcing page copies for every relocated
reference.
-- Howard Chu
Chief Architect, Symas Corp. Dire
ar r $@ $?; $(RANLIB) $@
On systems that don't need it, invoke make with RANLIB=: and the shell will
ignore it. (Combine the ar and ranlib commands one one line, as above, to
avoid
an unnecessary additional spawn of sh for the possibly unneeded ranlib
invocation...)
-- Howard Chu
Chief Architect,
lining this? What's the story on converting the
autoconf/
automake and such? How about using libtool for the build process?
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
__
approach was already suggested: do a single ranlib command
in the superior makefile, after all the subdirectories have completed.
Best is to also use a timestamp file to control when ranlib must be
performed:
libxxx.a:
(whatever rules...)
stamp-libxxx.a: libxxx.a
$(RANLIB) $?
tou
I have a number of patches against 0.9.4 supporting shared libraries on AIX,
Solaris, and NT. I plan to sync up with 0.9.5a and/or 0.9.6 in the next
couple days. Let me know if you're interested in seeing the diffs.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highlan
seem to have moved - what exactly is Steve intending
to improve in the certificate chain verification? How will it affect current
functionality?
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
> -
> -Original Message-
> From: [EMAIL PROTECTED]
> Howard Chu wrote:
> >
> > Yes, it's quite easy. This works for me in 0.9.4:
> > (char *buf; int len; values should already be set)
> > ...
> > BIO *bi = BIO_new(BIO_s_mem());
> > BUF_MEM
Yes, it's quite easy. This works for me in 0.9.4:
(char *buf; int len; values should already be set)
...
BIO *bi = BIO_new(BIO_s_mem());
BUF_MEM bf;
X509 *x;
bf.length = len;
bf.data = buf;
bf.max = bf.length;
BIO_set_mem_buf(bi, &bf, 0);
x = PEM_read_bio_X509(bi, NULL, NULL, NULL);
ot;we're hosed, this connection is
invalid" in the SSL_accept return status.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
__
OpenS
't figured out yet who's doing the wrong thing. This infinite loop may
be caused by the ldap_pvt_tls_accept that we wrap around SSL_accept. The
large number of loops even in the successful case seems to be a more general
problem.
-- Howard Chu
Chief Architect, Symas Corp.
98 matches
Mail list logo
