Re: [openssl-dev] openssl enc changed behaviour between 1.1.0 and earlear

ct (because it was the right key) or not (because it was the wrong key). Take into account a pipe with a 10MB file, I'm sure you see where that takes us. The solution in that bug report seems sane, even though unfortunate. -- Richard Levitte levi...@openssl.org OpenSSL Project

Re: [openssl-dev] After building 1.0.2h , ldd output shows current version as 1.0.0. How to CHange this , Why is this so ?

Hi, I'm curious. Why exactly do you want to change the shared library version? That being said, this is not a good idea. I hope I explained why well enough in the thread with the subject "OpenSSL 1.0.2h generates libss.so.1.0.0 instead of libssl.so.1.0.2" started by you on openssl-dev. For

Re: [openssl-dev] OpenSSL 1.0.2h generates libss.so.1.0.0 instead of libssl.so.1.0.2

nfusing, so from OpenSSL version 1.1.0 and up, the shared library version retains the two first digits of the OpenSSL version only, which reflects our intent that for any versions x.y.z where x.y stays the same, ABI backward compatibility will be maintained. Cheers, Richard -- Richard Levitte

Re: [openssl-dev] Still seeing test failure in openssl 1.0.2 SNAPHOT 20161031

I just tested on two systems, Debian [unstable] and FreeBSD 8.4, and in both cases, that test goes through with no trouble at all. Could you tell us your exact configuration? If I recall correctly, you have your own hacked configuration, right? Cheers, Richard In message

Re: [openssl-dev] per-file or -module flags in build.info?

The only way is to use raw lines for your platform, something like this for Unix: OVERRIDES=foo.o BEGINRAW[Makefile(unix)] foo.o: foo.c $(CC) $(CFLAGS) -O3 -c -o $@ $< ENDRAW[Makefile(unix)] The reason for this is that as soon as you want to add compiler specific flags,

Re: [openssl-dev] Why is libefence needed for 32-bit debug (linux-elf) builds?

In message <20161022.012155.944333974616925164.levi...@openssl.org> on Sat, 22 Oct 2016 01:21:55 +0200 (CEST), Richard Levitte <levi...@openssl.org> said: levitte> In message <21c4f180c97a4da6b716f852ac4d4...@usma1ex-dag1mb1.msg.corp.akamai.com> on Fri, 21 Oct 2016 23:14:

Re: [openssl-dev] Why is libefence needed for 32-bit debug (linux-elf) builds?

right. Awright, I'll do the kill. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Why is libefence needed for 32-bit debug (linux-elf) builds?

Actually, -lefence comes from much further back in time. If you look at the configuration strings in Configure in version 1.0.2, you'll find debug-linux-elf, with that dreaded -lefence. Back in that version, ./config treats -d by prefixing the desired target with 'debug-', so 'debug-linux-elf'

[openssl-dev] [openssl.org #4699] Bug in OpenSSL 1.0.2j-fips 26 Sep 2016 or maybe affects all

ump. I think this is definitely a bug. > > How to reproduce: > > $ openssl prime '' > Segmentation fault (core dumped) > > I haven't included any strace output but this can be reproduced by you > as well. > > > Kind regards, -- Richard Levitte levi...@openssl.org

[openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

ks: > > I just saw this today at a customer install that a user uploaded a > > PCSK10 request with extra newlines, anything based on Crypt::PKCS10 > > is > > happy with it but openssl crashes when it tries to sign. > > See https://github.com/openxpki/openxpki/issues/437 -- R

[openssl-dev] [openssl.org #4686] [BUG] Failure to compile if HAVE_CRYPTODEV is defined in OpenSSL 1.0.2i

On Mon Sep 26 14:34:17 2016, rs...@akamai.com wrote: > We have a fix waiting for internal review; see GitHub issue 1546. That's not related to this issue. Cheers, Richard -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4686 Please

[openssl-dev] [openssl.org #4686] [BUG] Failure to compile if HAVE_CRYPTODEV is defined in OpenSSL 1.0.2i

> | make[2]: *** [eng_cryptodev.o] Error 1 > > > Kind regards, > Jan-Markus Pumpanen > > > Please note: This e-mail may contain confidential information > intended solely for the addressee. If you have received this > e-mail in error, please do not discl

Re: [openssl-dev] Definitions for some structures are strangely missing from 'evp.h' or other header files in OpenSSL 1.1.0a

nd BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX, X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, X509_LOOKUP_METHOD Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project

[openssl-dev] [openssl.org #4669] Enhancement request: let dgst support multiple files

Fix in place in master, OpenSSL_1_1_0-stable and OpenSSL_1_0_2-stable Closing ticket. Cheers, Richard On Fri Sep 02 14:57:41 2016, rs...@akamai.com wrote: > Yeah, something like that for 1.0.2; simpler for 1.1.0. I'll do it. > -- Richard Levitte levi...@openssl.org -- Ticket here

[openssl-dev] [openssl.org #4677] Options after parameters are ignored in OpenSSL 1.1.0

have a closer look at this and the other commands in the next few days. Cheers, Richard -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4677 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

> > > > OpenSSL 1.1.0 25 Aug 2016 > > > > > > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password > > > > UZ8kfkzdGoYTQ > > > > > > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password > > > >

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

35inz1" > > > > > > So looks good. One suggestion is to re-order the help output so it's > > in declining "best to worst" 6 -> 5 -> 1 -> apr1 -> des), but that's > > minor. > > > > > > Cheers, > > Brian > > > >

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

t; > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version > > > > > OpenSSL 1.1.0 25 Aug 2016 > > > > > > > > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version > > > > > OpenSSL 1.1.0 25 Aug 2016 > > > > >

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

enssl-1.1.0\apps>.\openssl passwd -1 password > > > > > > > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password > > > > > > > > > (To show that MD5 wasn't compiled out): > > > > > > D:\Download\OpenSSL\o

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

load\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help > > Usage: passwd [options] > > Valid options are: > > -help Display this summary > > -in infile Pead passwords from file > > -noverify Never verify when reading password from terminal > > -quiet No

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

ings > -table Format output as table > -reverse Switch table columns > -salt val Use provided salt > -stdin Read passwords from stdin > -apr1 MD5-based password algorithm, Apache variant > -1 MD5-based password algorithm > -crypt Standard Unix password algorithm (default) -- Rich

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

from file > -noverify Never verify when reading password from terminal > -quiet No warnings > -table Format output as table > -reverse Switch table columns > -salt val Use provided salt > -stdin Read passwords from stdin > -apr1 MD5-based password algorithm, Apache variant &g

[openssl-dev] [openssl.org #4130] Provide enginesdir in pkgconfig file

put it in openssl.pc please? > > (Of course, something as fundamental as engine_pkcs11 shouldn't be > external anyway, but that's a different story...) > -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4130 Please log in as guest with pass

Re: [openssl-dev] dates, times, durations in next release (commands)

SD to full blown ISO 8601. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] dates, times, durations in next release (commands)

lz> rsalz> Both mean the same thing, from Feb 10 for 30 days. rsalz> rsalz> Comments? It's not a huge step to support full blown ISO 8601 (which has a few more alternatives to specify time intervals *). I like the idea. Cheers, Richard (*) https://en.wikipedia.org/wiki/ISO_8601 --

[openssl-dev] [openssl.org #4672] BUG: NEWSLOG - an error occurred while processing this directive

> opening the news log. https://www.openssl.org/news/newslog.html > Thanks. > Tal. -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4672 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscr

Re: [openssl-dev] Enhancing ssltest_old.c?

I think it makes more sense to extend the new SSL test framework... Cheers Richard Bill Cox skrev: (5 september 2016 19:14:22 CEST) >I wrote a simple change to custom extensions so that they can be >negotiated >on resume, which is needed by token binding. I put the

[openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

ichard -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4669] Enhancement request: let dgst support multiple files

d that file and use the first n bytes from it when verifying each file you give it. That's why you get correct verification on the first file but not the others. The solution to this is to enhance dgst so it loudly refuses to sign or verify more than one file. Cheers, Richard -- Richard Levitte

[openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

the title 'OpenSSL' To sum it up, I don't think we have a problem here. Closing this ticket. Cheers, Richard -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668 Please log in as guest with password guest if prompted -- openssl-dev mailing li

Re: [openssl-dev] Linking with extra library

toss in a -L argument there as well if your libidn isn't in a standard location) Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4667] Issue with OpenSSL v1.1.0 on AIX with XLC and GCC and -O

; However, do you have an idea about: why crypto/ppccap.c seems > sensitive to optimization ? > > Thanks/Regards, > > Tony Reix > http://www.bullfreeware.com > > > > -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4667 P

[openssl-dev] [openssl.org #4665] Bug with OpenSSL 1.1.0 when path to Perl contains spaces

gram' is not recognized as an internal or external command, > > > > > > operable program or batch file. > > > > > > > > > > > > I've fixed the problem, by modifying line #2394 in Configure and adding > > > double quotes around

[openssl-dev] [openssl.org #4665] Bug with OpenSSL 1.1.0 when path to Perl contains spaces

; operable program or batch file. > > > > > > > > I've fixed the problem, by modifying line #2394 in Configure and adding > > double quotes around $config{perl}. > > > > > > > > my $cmd = "\"$config{perl}\" \"-I.\" \&q

[openssl-dev] [openssl.org #4665] Bug with OpenSSL 1.1.0 when path to Perl contains spaces

"\"$config{perl}\" \"-I.\" \"-Mconfigdata\" \"$dofile\" > -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\""; > -- Richard Levitte levi...@openssl.org -- Ticket her

[openssl-dev] [openssl.org #4664] Enhancement: better handling of CFLAGS and LDFLAGS

n target information. This should be quite easy to implement, and we can also continue to use whatever additional Configure arguments as compiler or linker flags to be used *in addition* to the initial value (that comes from the config target information, or if we decide to implement

Re: [openssl-dev] Building VC-WIN32 with VS2012 and above breaks older CPU compatability

In message

Re: [openssl-dev] Lib names on Windows changed in OpenSSL 1.1.0

IF EXIST ssleay32.lib SET LIBSSL_NAME=ssleay32 And then make sure to use $(LIBCRYPTO_NAME) and $(LIBSSL_NAME) in MakefileBuild.vc? Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4642] [openssl-1.1.0-pre6] make failes with solaris-x86-cc & solaris64-x86_64-cc

_pthread.c > > > >> @@ -109,7 +109,7 @@ > > > >> > > > >> int CRYPTO_atomic_add(int *val, int amount, int *ret, > > > >> CRYPTO_RWLOCK > > > >> *lock) > > > >> { > > > >> -#ifdef __ATOMIC

[openssl-dev] [openssl.org #4642] [openssl-1.1.0-pre6] make failes with solaris-x86-cc & solaris64-x86_64-cc

eads_pthread.c > > >> +++ ./crypto/threads_pthread.c > > >> @@ -109,7 +109,7 @@ > > >> > > >> int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK > > >> *lock) > > >> { > > >> -#ifdef __ATOMIC_RELAXED > > >

Re: [openssl-dev] object.txt

d new OIDs with new build system? There's a manual step to update the corresponding C files: make update Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4642] [openssl-1.1.0-pre6] make failes with solaris-x86-cc & solaris64-x86_64-cc

IC_RELAXED); > >> #else > >> if (!CRYPTO_THREAD_write_lock(lock)) > >> > >> > >> With this patch, > >> % ./Configure solaris-x86-cc > >> % make > >> % make test > >> passes. > >> > >> % ./Configure solaris6

[openssl-dev] [openssl.org #4653] [1.0.2] fails to compile on VC-WIN32

msvc/build=release,cpu=x86,label=windows/458/changes' > > > > > > Full build log: > > > > > > http://ci.kicad-pcb.org/job/windows-openssl- > > > msvc/build=release,cpu=x86,label=windows/458/consoleFull > > > > > > Simon > > >

Re: [openssl-dev] OpenSSL_1_0_2-stable Windows build

: fatal error LNK1120: 5 unresolved externals matt> > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\link.EXE"' : return code '0x460' matt> > Stop. matt> matt> Yes. It needs this to be merged: matt> matt> https://github.com

[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

:12:58 2016, beld...@gmail.com wrote: > > Dear Richard, > > > > Thank you, it works. > > > > On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RT > > <r...@openssl.org> > > wrote: > > > > > The issue isn't with the pre-created key,

[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

gt; > in the build directory. > > > > > > When I execute the command > > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req > > > -x509 > > -key > > > rsa2048.pem -keyform PEM -out cert.pem > > > > > > in the build direc

[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

ey rsa:2048 -keyout key.pem -out req.pem -nodes > > works ok. > > What's done wrong by me? > -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Crypto Module Config

re talking about the version 1.0.2 series, then the procedure is approximately the same. There, you have to look up this line in Makefile.org: SDIRS= \ ... and add helloworld to its values. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http:

[openssl-dev] [openssl.org #4653] [1.0.2] fails to compile on VC-WIN32

; msvc/build=release,cpu=x86,label=windows/458/changes' > > > > Full build log: > > > > http://ci.kicad-pcb.org/job/windows-openssl- > > msvc/build=release,cpu=x86,label=windows/458/consoleFull > > > > Simon > > > -- > Richard Levitte > levi...@o

[openssl-dev] [openssl.org #4653] [1.0.2] fails to compile on VC-WIN32

ob/windows-openssl- > msvc/build=release,cpu=x86,label=windows/458/changes' > > Full build log: > > http://ci.kicad-pcb.org/job/windows-openssl- > msvc/build=release,cpu=x86,label=windows/458/consoleFull > > Simon -- Richard Levitte levi...@openssl.org -- Ticket here: ht

[openssl-dev] [openssl.org #4609] Configure does not honor requests for ld.gold

> ./config -fuse-ld=gold Jeff, please respond. -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4609 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4642] [openssl-1.1.0-pre6] make failes with solaris-x86-cc & solaris64-x86_64-cc

; > With this patch, > % ./Configure solaris-x86-cc > % make > % make test > passes. > > % ./Configure solaris64-x86_64-cc > % make > passes but > % make test > stops. > This is another problem, which seems to be the same as bug #4641. > > > Regards, > >

Re: [openssl-dev] 1.1.0 pre release 6: Installing manpages error: tr

In message <20160804190843.ga19...@x2.esmtp.org> on Thu, 4 Aug 2016 12:08:43 -0700, Claus Assmann <ca+ssl-...@esmtp.org> said: ca+ssl-dev> On Thu, Aug 04, 2016, Richard Levitte wrote: ca+ssl-dev> ca+ssl-dev> > I suppose this depends on what shell is being used. I've at

Re: [openssl-dev] 1.1.0 pre release 6: Installing manpages error: tr

There are several places like this in the Makefile. I suppose this depends on what shell is being used. I've attached a fix (apply with 'patch -p1 < unix-Makefile.tmpl.patch'), would you mind trying it out? Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Proje

Re: [openssl-dev] [openssl.org #4602] Missing accessors

In message <20160803142331.gd2...@nikhef.nl> on Wed, 3 Aug 2016 16:23:31 +0200, Mischa Salle <msa...@nikhef.nl> said: msalle> On Wed, Aug 03, 2016 at 03:41:55PM +0200, Richard Levitte wrote: msalle> > msalle> By the way, even for RFC proxies I still have the prob

Re: [openssl-dev] [openssl.org #4602] Missing accessors

In message <20160803.154155.2198714958292922881.levi...@openssl.org> on Wed, 03 Aug 2016 15:41:55 +0200 (CEST), Richard Levitte <levi...@openssl.org> said: levitte> In message <20160803131344.gb2...@nikhef.nl> on Wed, 3 Aug 2016 15:13:44 +0200, Mischa Salle <msa...@

Re: [openssl-dev] [openssl.org #4602] Missing accessors

In message <20160803131344.gb2...@nikhef.nl> on Wed, 3 Aug 2016 15:13:44 +0200, Mischa Salle <msa...@nikhef.nl> said: msalle> Hi Richard, msalle> msalle> apologies for the delayed answer, I was caught up in work... msalle> msalle> On Tue, Jul 26, 2016 at 05:50:14PM +

[openssl-dev] [openssl.org #4584] Self test failures under X32

On Mon Aug 01 16:50:21 2016, matt wrote: > On Mon Jul 25 08:49:27 2016, matt wrote: > > Ping Jeff? > > Ping again? > > Matt It's worth mentioning that time is getting short, next beta in a few days, final in 3 weeks. -- Richard Levitte levi...@openssl.org

[openssl-dev] [openssl.org #4590] accessors without const return arguments

, DH > > keys where situation is similar. > > > > Do you have some examples of how this affects other structures? For > RSA/DSA/DH > keys the fields are NULL initially unless I've missed something. Can this ticket be closed? -- Richard Levitte levi...@openssl.org -- Ticket he

Re: [openssl-dev] [openssl.org #4602] Missing accessors

e a renewed walking the msalle> chain is typically done upon reaching the last cert. Like I said, please check what OpenSSL does. There was a bug, so I perfectly understand why you needed to override that check. I've fixed what I found. If you find a bug in that mechanism, we're interested! -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4602] Missing accessors

depth); void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4602] Missing accessors

erify_cb, indicating which certificate in the chain the call of the callback is about. Why one would need to tamper with them from inside the verify_cb function escapes me... Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ --

[openssl-dev] [openssl.org #4602] Missing accessors

As for everything else that has been discussed here, which also touches on external methods of verification via the verification callback, I would say it's out of scope for this ticket. I am interested in these talks, but then by direct email. -- Richard Levitte levi...@openssl.org -- Ticket her

[openssl-dev] [openssl.org #4602] Missing accessors

e > that's fine > for GT2 proxies (there's no pc path length there that I can see), it > does need > to be properly set for GT3 proxies. For this, https://github.com/openssl/openssl/pull/1348 Cheers, Richard -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/

[openssl-dev] [openssl.org #4602] Missing accessors

On Mon Jul 25 12:39:43 2016, msa...@nikhef.nl wrote: > Hi Richard, > > On Mon, Jul 25, 2016 at 11:46:50AM +, Richard Levitte via RT > wrote: > > Is that code to cope with pathlen checking bugs? That's what it looks > > to me. In > > that case, it might no lon

Re: [openssl-dev] Cross-compiling, --install_prefix deprecated

? The following note from CHANGES answers most of your question: *) The INSTALL_PREFIX Makefile variable has been renamed to DESTDIR. That makes for less confusion on what this variable is for. Also, the configuration option --install_prefix is removed. [Richard Levitte] The

[openssl-dev] [openssl.org #4602] Missing accessors

On Mon Jul 25 11:32:17 2016, msa...@nikhef.nl wrote: > On Sat, Jul 23, 2016 at 09:44:18AM +0000, Richard Levitte via RT > wrote: > > To get current_cert, it's X509_STORE_CTX_get_current_cert(). > > To get current_issuer, it's X509_STORE_CTX_get0_current_issuer() > > Hi R

Re: [openssl-dev] Missing const EC_KEY *EC_KEY_dup(EC_KEY *src);

the ENGINE itself will work perfectly, both in the source EC_KEY and the new one. So there's no actual reason not to have const there. It does, however, mean that we need to add const in a few more places. Now many at all, actually, it took me 5 minutes. PR coming tomorrow. Cheers, Rich

[openssl-dev] [openssl.org #4602] Missing accessors

rid/voms/blob/master/src/sslutils/sslutils.c > and many other places for verifying the proxy chain or is there a > better/other solution for that? > > Best wishes, > Mischa > > On Fri, Jul 22, 2016 at 03:26:26PM +, Richard Levitte via RT > wrote: > > In addition

[openssl-dev] [openssl.org #4619] compile errors with no-srp

ssl/statem/statem_clnt.c:2466: error: 'SSL_SESSION' has no member named > > 'srp_username' > > ssl/statem/statem_clnt.c:2466: error: 'SSL' has no member named > > 'srp_ctx' > > ssl/statem/statem_clnt.c:2467: error: 'SSL_SESSION' has no member named > > 'srp_username'

[openssl-dev] [openssl.org #4619] compile errors with no-srp

ember named > 'srp_ctx' > ssl/statem/statem_clnt.c:2467: error: 'SSL_SESSION' has no member named > 'srp_username' > make[2]: *** [ssl/statem/statem_clnt.o] Error 1 > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.14 (GNU/Linux) > > iEYEAREKAAYFAleP41cACgkQL6

[openssl-dev] [openssl.org #4622] OpenSSL doesn't recognise pre-rfc3820 proxy certs

On Fri Jul 22 12:52:18 2016, rs...@akamai.com wrote: > And now, with subject clearly stated, I think we should not do this. After some discussion, we decided to abandon this line of thought and get back to accessors as off RT4602. Closing this ticket. -- Richard Levitte levi...@openssl.

[openssl-dev] [openssl.org #4602] Missing accessors

r verifying the proxy chain or is there a > better/other solution for that? > > Best wishes, > Mischa > > On Fri, Jul 22, 2016 at 03:26:26PM +, Richard Levitte via RT > wrote: > > In addition to github PR 1294, there's now also PR 1339 which adds > > the function to set the EXFLAG_

[openssl-dev] [openssl.org #4602] Missing accessors

being asked for. Perhaps not exactly (the setters are for X509_STORE only), but should be workable. (writing this from my mobile, sorry for the lack of github links) -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602 Please log in as guest

Re: [openssl-dev] [openssl.org #4622] OpenSSL doesn't recognise pre-rfc3820 proxy certs

n discussions around accessor functions, and https://github.com/openssl/openssl/pull/1294 covers quite a lot (please have a look! I get way too few comments), and what's primarly needed outside of that is a way to set the EXFLAG_PROXY flag on a X509*. Correct? For function names, I'm thinking that some

[openssl-dev] [openssl.org #4622] OpenSSL doesn't recognise pre-rfc3820 proxy certs

not, please tell me and > I'll take > you off this ticket. > > -- > Richard Levitte > levi...@openssl.org -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4622 Please log in as guest with password guest if prompted -- openss

[openssl-dev] [openssl.org #4622]

on this issue in RT4602. Guys, I hope it was ok to add you. If not, please tell me and I'll take you off this ticket. -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4622 Please log in as guest with password guest if prompted -- openssl-dev mailing

[openssl-dev] [openssl.org #4602] Missing accessors

On Fri Jul 22 07:38:25 2016, mattias.ell...@physics.uu.se wrote: > tor 2016-07-21 klockan 09:51 + skrev Richard Levitte via RT: > > On Thu Jul 21 08:18:30 2016, mattias.ell...@physics.uu.se wrote: > > > > > > ons 2016-07-20 klockan 15:14 + s

[openssl-dev] [openssl.org #4602] Missing accessors

On Thu Jul 21 08:18:30 2016, mattias.ell...@physics.uu.se wrote: > ons 2016-07-20 klockan 15:14 + skrev Richard Levitte via RT: > > On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote: > > > > > > I guess having a more restrictive accessor that only sets

[openssl-dev] [openssl.org #4614] pthread_once and malloc failures

s like the thing to do here. > > > > I've pushed a branched on github that at least does some of the > > things. See github #1330. > > Likewise for the CRYPTO_THREAD_run_once() issue, in > https://github.com/openssl/openssl/pull/1332 All now merged into master branch. Closin

[openssl-dev] [openssl.org #4602] Missing accessors

On Wed Jul 20 16:58:20 2016, janj...@nikhef.nl wrote: > Hi Richard, > > On 20/07/16 17:14, Richard Levitte via RT wrote: > > On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote: > >> I guess having a more restrictive accessor that only sets the > >&g

[openssl-dev] [openssl.org #4602] Missing accessors

ral. So let me ask this in a different manner, does OpenSSL 1.1 still not set the EXFLAG_PROXY flag correctly? In what situations does that happen? That may be worth a bug report of its own. -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=

[openssl-dev] [openssl.org #4602] Missing accessors

und_openssl_certchain_bug() in the hunk around line 1306) https://github.com/openssl/openssl/pull/1294 currently provides a setter for get_issuer in X509_STORE. -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602 Please log in as guest with pass

Re: [openssl-dev] openssl-SNAP-20160720

doctor> *** Error code 1 doctor> doctor> Please fix Already done, you will notice in tomorrow's snapshot. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.o

[openssl-dev] [openssl.org #4614] pthread_once and malloc failures

github that at least does some of the > things. See github #1330. Likewise for the CRYPTO_THREAD_run_once() issue, in https://github.com/openssl/openssl/pull/1332 -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4614 Please log in as g

[openssl-dev] [openssl.org #4614] pthread_once and malloc failures

t > gets passed > by reference to the init routine Never mind that, I wasn't thinking straight... -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4614 Please log in as guest with password guest if prompted -- openssl-dev mailing list

[openssl-dev] [openssl.org #4614] pthread_once and malloc failures

On Tue Jul 19 15:36:04 2016, levitte wrote: > To be noted is that we never check the value CRYPTO_THREAD_run_once() > returns... Should we make it __owur? I spoke too fast. We do... just not always. -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/

[openssl-dev] [openssl.org #4614] pthread_once and malloc failures

On Tue Jul 19 15:26:58 2016, matt wrote: > > > On 19/07/16 16:23, Richard Levitte via RT wrote: > > On Mon Jul 11 16:20:29 2016, k...@roeckx.be wrote: > >> Hi, > >> > >> When trying to check what happens if we simulate malloc() > >> returning NU

[openssl-dev] [openssl.org #4614] pthread_once and malloc failures

), but since at least pthread_once() takes a function returning void (and thereby doesn't care about any returned value), it seems like our hands are forced anyway. -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4614 Please log in as guest with p

[openssl-dev] [openssl.org #4614] pthread_once and malloc failures

On Mon Jul 11 17:48:06 2016, rs...@akamai.com wrote: > Previously we've changed return-types from void to int. If there's > still time, that seems like the thing to do here. I agree. -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4614

[openssl-dev] [openssl.org #4584] Self test failures under X32

On Tue Jul 19 14:01:17 2016, matt wrote: > > > On 19/07/16 14:41, Richard Levitte via RT wrote: > > Hi Jeff, > > > > I'm going to assume that a newer checkout of the master branch won't > > change > > much, so if you please, try this command and send mack

[openssl-dev] [openssl.org #4584] Self test failures under X32

exit status: 1 > ../test/recipes/40-test_rehash.t (Wstat: 256 Tests: 5 Failed: 1) > Failed test: 4 > Non-zero exit status: 1 > Files=80, Tests=422, 44 wallclock secs ( 0.34 usr 0.11 sys + 25.08 > cusr 2.64 csys = 28.17 CPU) > Result: FAIL > Failed 2/80 test programs. 2/422 subtests failed. > Makefile:130: recipe for target 'tests' failed > make: *** [tests] Error 255 > -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4615] Cache utility behaving strange with X509_LOOKUP_add_dir

CRLs once one CRL for given hash value is > > > loaded, > > > hash_dir lookup method checks only for certificates with sequence > > > number > > > greater than that of the already cached CRL. > > > > Since, the sequence number has changed from

[openssl-dev] [openssl.org #4615] Cache utility behaving strange with X509_LOOKUP_add_dir

in my case) openssl should have done a lookup and based on the > latest sequence number should have given me an error stating Client > Certificate has been revoked. > > Just to let you know, I have tested revoked certificates with the CRL and > it works fine. So no problem with that.

Re: [openssl-dev] Error is a pod file

t; man podchecker rsalz> rsalz> Find-doc-nits calls podchecker and saw no complaint. perl util/find-doc-nits.pl -s (I don't know what -s is for, but apparently, podchecker isn't run unless you use that option) -- Richard Levitte levi...@openssl.org OpenSSL Project http://ww

[openssl-dev] [openssl.org #4611] PKCS12_create() not thread-safe for ECDSA

to take a temporary shallow copy of the input EC_KEY and modify the copy instead. Relevant commits are: b8a7bd83e68405fdf595077973035ac6fe24cb97 (master branch) 427b22646d4642809f67352513590549650b916f (1.0.2 branch) Closing this ticket. Cheers, Richard -- Richard Levitte levi...@openssl.org -- Tick

Re: [openssl-dev] Error is a pod file

hers with a blank line. rsalz> rsalz> Time to add something to find-doc-nits, perhaps. man podchecker -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Error is a pod file

o is passed in B. ... and I'm pretty sure that no pod processor knows what to do with the '=over' argument "The BIO the callback is attached to is passed in B.", hence the error message. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www

[openssl-dev] [openssl.org #4602] Missing accessors

es involved in the call of those functions. In the proxy certificate case, EXFLAG_PROXY will be set for a certificate any time the proxyCertInfo is found among its extensions. To be blunt, I would much rather see a bug report that shows when that cache isn't being built properly, and possibly a fix for it. Che

[openssl-dev] [openssl.org #4609] Configure does not honor requests for ld.gold

On Fri Jul 08 09:33:01 2016, noloa...@gmail.com wrote: > Hmmm... If I want to use ld.gold as my linker, the easiest path is to > set LD=ld.gold. It makes perfect sense to some Did it work for you when doing this? ./config -fuse-ld=gold -- Richard Levitte levi...@openssl.org -- Ticke

<    1   2   3   4   5   6   7   8   9   10   >