This patch fixes a small typo in 0.9.[89]*
Martin
--
<[EMAIL PROTECTED]>| Fujitsu Siemens
http://www.fujitsu-siemens.com/imprint.html | 81730 Munich, Germany
Index: crypto/x509/x509_txt.c
===
RCS file: /home/cvs/Open
Hello everyone,
I have a problem with openssl-0.9.7k and 0.9.7l;
I am not using FIPS (and the default also is to disable it).
On some platforms, I build the static libs only, and not the shared libs.
At least on these platforms I had problems when doing "make install"
in the to-level directory, be
On Tue, Jul 05, 2005 at 05:45:09PM +0200, Martin Kraemer wrote:
> If that is so, then how can the following happen (with a recent
> openssl-dev):
Oops - it can because here, the "critical" flag is missing. Sorry.
Martin
--
<[EMAIL PROTECTED]> | Fujitsu S
0 2005 GMT
Subject: C=XY, O=BTG Development CA (3), OU=Basic CA, CN=Martin
Kraemer/[EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:...:29
t:my.pem: OK
sslserver:my.pem: OK
nssslserver:my.pem: OK
smimesign:my.pem: OK
smimeencrypt:my.pem: OK
crlsign:my.pem: /C=GB/O=Defer Test/OU=basic/CN=Martin Kraemer/[EMAIL PROTECTED]
error 26 at 0 depth lookup:unsupported certificate purpose
OK
any:my.pem: OK
ocsphelper:my.pem: OK
For the case of
When creating a certificate using an openssl CA, I specify the x509v3
extension basicConstraints = critical,CA:FALSE.
Looking at the generated certificate using
% openssl x509 -noout -text -purpose -in nonca.pem
...
X509v3 Basic Constraints: critical
CA:FALSE <
There's a typo in the names for the shared object libraries under
linux/390 which leads to libraries
libcrypto.so.0,9.6
instead of
libcrypto.so.0.9.6
being built.
Martin
--- openssl-0.9.6l/#Configure~ 2003-11-11 16:49:33.0 +0100
+++ openssl-0.9.6l/Configure2003-11-11 16:49:33.
There's a typo in the names for the shared object libraries under
linux/390 which leads to libraries
libcrypto.so.0,9.6
instead of
libcrypto.so.0.9.6
being built.
Martin
--- openssl-0.9.6l/#Configure~ 2003-11-11 16:49:33.0 +0100
+++ openssl-0.9.6l/Configure2003-11-11 16:49:33.0
In 0.9.7c, I noticed that the standard "make install" creates
a self-referencing EVP_BytesToKey.3 -> EVP_BytesToKey.3 symlink
loop in the target's man/man3/ directory. The following patch
fixes the erroneous symlink creation, but does not attempt
to find the real cause for it.
--snip--
--- openssl
On Mon, Mar 03, 2003 at 05:34:20PM +0100, Richard Levitte - VMS Whacker wrote:
> I'm surprised by how little seems to need changed. Is that really
> possible? I imagined the EBCDIC issue was a much bugger can of worms.
The majority of the EBCDIC changes are already in the code, and run
in produc
> I vote for including the patch into mainstream OpenSSL. I repeat the
> ('@'-fixed) Howard Chu EBCDIC patch in this mail because the version
> from http://www.openldap.org/faq/index.cgi?file=745 does not
> apply cleanly (HTML-escapes present).
Oops - I fell into the same trap (HTML-frontends for
e IBM OS/390 and Fujitsu-Siemens BS2000(OSD/POSIX)
EBCDIC versions.
Thank you,
Martin Kraemer
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
--- ./crypto/asn1/a_print.c.origMon Mar 3 11:41:37 2003
+++
I had to test a couple of proxy servers lately which had problems passing
CONNECT connections. I was missing a tool "like s_client but using a
proxy", so I added a quick hack to s_client. This patch adds a switch
$ openssl s_client -proxy myproxy:8080 -connect remoteserver:443
-
I had to test a couple of proxy servers lately which had problems passing
CONNECT connections. I was missing a tool "like s_client but using a
proxy", so I added a quick hack to s_client. This patch adds a switch
$ openssl s_client -proxy myproxy:8080 -connect remoteserver:443
--
When trying to compile apache+mod_ssl against a recent snapshot of
openssl-0.9.8-dev (?), I get compile errors because the #define for
NID_uniqueIdentifier
is no longer present. It used to be both in objects.h and in obj_mac.h
(and is referenced in ssl_engine_vars.c):
cscope:
0 ssl_engine_var
I just built what I extracted from CVS, and "openssl version" said:
OpenSSL 0.9.8-dev 24 Sep 2000
Isn't it time to update the old "24 Sep 2000" now that a "major" release
is forthcoming?
Just my EUR .02
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX:
When incoking "./config no-idea" and compiling, I get this:
gcc -DMONOLITH -I.. -I../include -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5
-DOPENSSL_NO_IDEA -DOPENSSL_NO_THREAD -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3
-m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c version.c
In
I recompiled Apache-1.3.22 with mod_ssl-2.8.5 and OpenSSL-0.9.7-dev
today. Alas, I always get a core dump if I enable mod_ssl (as a DSO).
I traced it to the following point:
$ gdb sbin/httpd
(gdb) b ap_init_modules
(gdb) r -X -DSSL
...
(gdb) b ssl_engine_init.c:397
Breakpoint 2 at 0x
There's a typo in speed.c which creates a core dump if (for any reason)
no rsa verify operation was performed.
--snip--
--- apps/speed.c.orig Fri Mar 16 11:18:34 2001
+++ apps/speed.cFri Mar 16 11:09:27 2001
@@ -1207,7 +1207,7 @@
{
BIO_pri
A minor nit: the "openssl passwd" command always exits
with exit code 1. That should probably be 0 if no errors
occurred.
Martin
__
OpenSSL Project http://www.openssl.org
Development Mailing Lis
Hi,
I am trying to add support for a hardware engine which is tied to the
pkcs#11 api. In the ENGINE structure (and the RSA, DSA, DH methods) I
find pointers to functions implementing the modular exponentiation, and
the chinese remainder theorem. Also, the existing engines bring their
own copy of
Here's the set of EBCDIC patches again which make openssl-0.9.5a and
openssl-0.9.6-dev work better: X509v3 attributes were handled incorrectly
and caused errors in a_mbstr.c when using the "openssl x509" and "req"
commands.
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
Fon: +49-89-636
Hi,
When accessing the CVS tree of openssl, I noticed that many files have
the "binary" attribute (cvs rcs -kb) which means they are not treated
like text files. On unix, that does not change the handling at all, on
Windoze, it makes the \r at the line ends disappear (i.e., makes text
files very
Here are some more patches which fix the external representation of
x509v3 stuff on EBCDIC machines (esp. hex strings).
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-41143 | 81730 Munich, Germany
--- openssl-0.9.5a/crypto/x509v3/v3
Hi again,
Here are some fixes for EBCDIC systems. The "string correctness" test
routines in asn1/a_mbstr.c were not prepared for EBCDIC yet.
Also, I *think* I also fixed a bug in req.c which didn't convert
a line read from the user (at least, Ralf's mkcert.sh and an Apache+mod_ssl
server work fin
Here's the code for the missing file ebcdic.c, with the Apache copyright
removed (I'm the original author, and have consulted the IBM porter who
added the IBM-1047 EBCDIC table).
Also, a conversion error in SSLv3 ASN1 decoding is fixed.
Martin
--
<[EMAIL PROTECTED]> | Fujitsu
Hi,
After a long pause of silence let me bring up the EBCDIC topic again.
In May, I posted the patches for EBCDIC machines which were supposed
to work on Siemens' BS2000 machines (and were prepared to run on other
EBCDIC based platforms, mainly IBM's).
In the file ebcdic.c, however, I had left t
The appended patch adds EBCDIC support (as well as BS2000/OSD-POSIX support)
to OpenSSL-0.9.2b. Sorry that I didn't update the patch to 0.9.3 yet, but so
many things have changed that I didn't find the time to update yet.
However, the patch works as follows:
@) First of all: this is a WIP versio
Here's another nit which has to do with a compiler bug which is
widespread among the compilers derived from SGI's cc. It's an optimizer
bug which occurs when redundant constants are used in arithmetic
expressions (c = a & 0x;) The compiler switch IRIX_CC_BUG
tries to circumvent these. The
Here's a small change for SIEMENS' SINIXS and ReliantUNIX platforms:
a) it uses the current CDS compiler
b) it identifies ReliantUNIX systems correctly
c) it uses the name "siemens" rather than "sni" (SNI is the former
Siemens CS daughter which is now part of the main company)
Martin
--
I tried to Cc this to <[EMAIL PROTECTED]>, but it bounced.
I'll re-try with <[EMAIL PROTECTED]>.
You don't happen to use sendmail, do you?
Martin
--
<[EMAIL PROTECTED]> |Siemens Information and
Phone: +49-89-636-46021 |Communication Products
FAX: +49-89-
I tried to Cc this to <[EMAIL PROTECTED]>, but it bounced.
I'll re-try with <[EMAIL PROTECTED]>.
You don't happen to use sendmail, do you?
Martin
--
<[EMAIL PROTECTED]> |Siemens Information and
Phone: +49-89-636-46021 |Communication Products
FAX: +49-89
Perl 5.0pl3 chokes on the "foreach my $dirname" construct in lines
27 and 48 of mklink.pl
Martin
--
<[EMAIL PROTECTED]> |Siemens Information and
Phone: +49-89-636-46021 |Communication Products
FAX: +49-89-636-47816 |81730 Munic
The Rev. 1.65 patch broke Configure. 1.64 was okay.
Martin
--
<[EMAIL PROTECTED]> |Siemens Information and
Phone: +49-89-636-46021 |Communication Products
FAX: +49-89-636-47816 |81730 Munich, Germany
__
When compiling OpenSSL (current) and defining SIXTY_FOUR_BIT, the
preprocessor define BN_ULLONG is undefined (see comment in file
include/bn.h line 119). That results in an error when compiling
crypto/bn/bn_div.c:
bn_div.c 215: [error]: CFE1020 Identifier "BN_ULLONG" not defined
etc.
Why is B
I get warnings when compiling a recent snapshot:
cc -I.. -I../../include -KPIC -g -DSNI -DTERMIOS -DB_ENDIAN -c
v3_conf.c -o v3_conf.o
../../include/x509.h 259: [warning]: CFE1381 extra ";" ignored
DECLARE_STACK_OF(X509_ATTRIBUTE);
^
x509v3.h 227: [warn
>> performance has dropped by a factor of 2.5 ... 4!!!
>
> Did you use the same compiler flags for both builds?
Yes, of course!
Martin
--
<[EMAIL PROTECTED]> |Siemens Information and
Phone: +49-89-636-46021 |Communication Products
FAX: +49-89-636-47816
Hello,
On one of my machines, the results of comparing SSLeay-0.9.0b against
OpenSSL-0.9.2b are disappointing:
(have a look at the md5, hmac, sha1, rmd160, rc5/32 and cast
result lines in the following tables:
performance has dropped by a factor of 2.5 ... 4!!!
Is there any recent modification w
Hi,
Without proposing a complete "british english to american english"
change, I still suggest that the typo in the following BIO modules be
fixed (from BIO_R_UNINITALISED to BIO_R_UNINITIALISED -- note
the 'I' after the 'T'). In order to not break backward compatibility,
the #define BIO_R_UNINIT
Hi,
Without proposing a complete "british english to american english" change,
I still suggest that the typo in the following BIO modules be fixed
(from BIO_R_UNINITALISED to BIO_R_UNINITIALISED -- note the 'I' after
the 'T'). In order to not break backward compatibility, the #define
for BIO_R_UN
40 matches
Mail list logo