ct (because it was the right key) or not
(because it was the wrong key). Take into account a pipe with a 10MB
file, I'm sure you see where that takes us.
The solution in that bug report seems sane, even though unfortunate.
--
Richard Levitte levi...@openssl.org
OpenSSL Project
Hi,
I'm curious. Why exactly do you want to change the shared library
version?
That being said, this is not a good idea. I hope I explained why well
enough in the thread with the subject "OpenSSL 1.0.2h generates
libss.so.1.0.0 instead of libssl.so.1.0.2" started by you on
openssl-dev. For
nfusing,
so from OpenSSL version 1.1.0 and up, the shared library version
retains the two first digits of the OpenSSL version only, which
reflects our intent that for any versions x.y.z where x.y stays the
same, ABI backward compatibility will be maintained.
Cheers,
Richard
--
Richard Levitte
I just tested on two systems, Debian [unstable] and FreeBSD 8.4, and
in both cases, that test goes through with no trouble at all.
Could you tell us your exact configuration? If I recall correctly,
you have your own hacked configuration, right?
Cheers,
Richard
In message
The only way is to use raw lines for your platform, something like
this for Unix:
OVERRIDES=foo.o
BEGINRAW[Makefile(unix)]
foo.o: foo.c
$(CC) $(CFLAGS) -O3 -c -o $@ $<
ENDRAW[Makefile(unix)]
The reason for this is that as soon as you want to add compiler
specific flags,
In message <20161022.012155.944333974616925164.levi...@openssl.org> on Sat, 22
Oct 2016 01:21:55 +0200 (CEST), Richard Levitte <levi...@openssl.org> said:
levitte> In message
<21c4f180c97a4da6b716f852ac4d4...@usma1ex-dag1mb1.msg.corp.akamai.com> on Fri,
21 Oct 2016 23:14:
right. Awright, I'll
do the kill.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Actually, -lefence comes from much further back in time. If you look
at the configuration strings in Configure in version 1.0.2, you'll
find debug-linux-elf, with that dreaded -lefence. Back in that
version, ./config treats -d by prefixing the desired target with
'debug-', so 'debug-linux-elf'
ump. I think this is definitely a bug.
>
> How to reproduce:
>
> $ openssl prime ''
> Segmentation fault (core dumped)
>
> I haven't included any strace output but this can be reproduced by you
> as well.
>
>
> Kind regards,
--
Richard Levitte
levi...@openssl.org
ks:
> > I just saw this today at a customer install that a user uploaded a
> > PCSK10 request with extra newlines, anything based on Crypt::PKCS10
> > is
> > happy with it but openssl crashes when it tries to sign.
>
> See https://github.com/openxpki/openxpki/issues/437
--
R
On Mon Sep 26 14:34:17 2016, rs...@akamai.com wrote:
> We have a fix waiting for internal review; see GitHub issue 1546.
That's not related to this issue.
Cheers,
Richard
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4686
Please
> | make[2]: *** [eng_cryptodev.o] Error 1
>
>
> Kind regards,
> Jan-Markus Pumpanen
>
>
> Please note: This e-mail may contain confidential information
> intended solely for the addressee. If you have received this
> e-mail in error, please do not discl
nd BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX,
EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX,
X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE,
X509_LOOKUP, X509_LOOKUP_METHOD
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project
Fix in place in master, OpenSSL_1_1_0-stable and OpenSSL_1_0_2-stable
Closing ticket.
Cheers,
Richard
On Fri Sep 02 14:57:41 2016, rs...@akamai.com wrote:
> Yeah, something like that for 1.0.2; simpler for 1.1.0. I'll do it.
>
--
Richard Levitte
levi...@openssl.org
--
Ticket here
have a closer look at this and the other commands in the next few days.
Cheers,
Richard
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4677
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://
> > > > OpenSSL 1.1.0 25 Aug 2016
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
> > > > UZ8kfkzdGoYTQ
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password
> > > >
35inz1"
> >
> >
> > So looks good. One suggestion is to re-order the help output so it's
> > in declining "best to worst" 6 -> 5 -> 1 -> apr1 -> des), but that's
> > minor.
> >
> >
> > Cheers,
> > Brian
> >
> >
t; > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > > > > OpenSSL 1.1.0 25 Aug 2016
> > > > >
> > > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > > > > OpenSSL 1.1.0 25 Aug 2016
> > > > >
enssl-1.1.0\apps>.\openssl passwd -1 password
> > >
> > >
> > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password
> > >
> > >
> > > (To show that MD5 wasn't compiled out):
> > >
> > > D:\Download\OpenSSL\o
load\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
> > Usage: passwd [options]
> > Valid options are:
> > -help Display this summary
> > -in infile Pead passwords from file
> > -noverify Never verify when reading password from terminal
> > -quiet No
ings
> -table Format output as table
> -reverse Switch table columns
> -salt val Use provided salt
> -stdin Read passwords from stdin
> -apr1 MD5-based password algorithm, Apache variant
> -1 MD5-based password algorithm
> -crypt Standard Unix password algorithm (default)
--
Rich
from file
> -noverify Never verify when reading password from terminal
> -quiet No warnings
> -table Format output as table
> -reverse Switch table columns
> -salt val Use provided salt
> -stdin Read passwords from stdin
> -apr1 MD5-based password algorithm, Apache variant
&g
put it in openssl.pc please?
>
> (Of course, something as fundamental as engine_pkcs11 shouldn't be
> external anyway, but that's a different story...)
>
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4130
Please log in as guest with pass
SD to full blown ISO 8601.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
lz>
rsalz> Both mean the same thing, from Feb 10 for 30 days.
rsalz>
rsalz> Comments?
It's not a huge step to support full blown ISO 8601 (which has a few
more alternatives to specify time intervals *). I like the idea.
Cheers,
Richard
(*) https://en.wikipedia.org/wiki/ISO_8601
--
> opening the news log. https://www.openssl.org/news/newslog.html
> Thanks.
> Tal.
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4672
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscr
I think it makes more sense to extend the new SSL test framework...
Cheers
Richard
Bill Cox skrev: (5 september 2016 19:14:22 CEST)
>I wrote a simple change to custom extensions so that they can be
>negotiated
>on resume, which is needed by token binding. I put the
ichard
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
d that file and use the first n
bytes from it when verifying each file you give it. That's why you get correct
verification on the first file but not the others.
The solution to this is to enhance dgst so it loudly refuses to sign or verify
more than one file.
Cheers,
Richard
--
Richard Levitte
the title 'OpenSSL'
To sum it up, I don't think we have a problem here. Closing this ticket.
Cheers,
Richard
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668
Please log in as guest with password guest if prompted
--
openssl-dev mailing li
toss in a -L argument there as well if your libidn
isn't in a standard location)
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
; However, do you have an idea about: why crypto/ppccap.c seems
> sensitive to optimization ?
>
> Thanks/Regards,
>
> Tony Reix
> http://www.bullfreeware.com
>
>
>
>
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4667
P
gram' is not recognized as an internal or external command,
> > >
> > > operable program or batch file.
> > >
> > >
> > >
> > > I've fixed the problem, by modifying line #2394 in Configure and adding
> > > double quotes around
; operable program or batch file.
> >
> >
> >
> > I've fixed the problem, by modifying line #2394 in Configure and adding
> > double quotes around $config{perl}.
> >
> >
> >
> > my $cmd = "\"$config{perl}\" \"-I.\" \&q
"\"$config{perl}\" \"-I.\" \"-Mconfigdata\" \"$dofile\"
> -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\"";
>
--
Richard Levitte
levi...@openssl.org
--
Ticket her
n target
information.
This should be quite easy to implement, and we can also continue to use
whatever additional Configure arguments as compiler or linker flags to be used
*in addition* to the initial value (that comes from the config target
information, or if we decide to implement
In message
IF EXIST ssleay32.lib SET LIBSSL_NAME=ssleay32
And then make sure to use $(LIBCRYPTO_NAME) and $(LIBSSL_NAME) in
MakefileBuild.vc?
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe:
_pthread.c
> > > >> @@ -109,7 +109,7 @@
> > > >>
> > > >> int CRYPTO_atomic_add(int *val, int amount, int *ret,
> > > >> CRYPTO_RWLOCK
> > > >> *lock)
> > > >> {
> > > >> -#ifdef __ATOMIC
eads_pthread.c
> > >> +++ ./crypto/threads_pthread.c
> > >> @@ -109,7 +109,7 @@
> > >>
> > >> int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK
> > >> *lock)
> > >> {
> > >> -#ifdef __ATOMIC_RELAXED
> > >
d new OIDs with new build system?
There's a manual step to update the corresponding C files: make update
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
IC_RELAXED);
> >> #else
> >> if (!CRYPTO_THREAD_write_lock(lock))
> >>
> >>
> >> With this patch,
> >> % ./Configure solaris-x86-cc
> >> % make
> >> % make test
> >> passes.
> >>
> >> % ./Configure solaris6
msvc/build=release,cpu=x86,label=windows/458/changes'
> > >
> > > Full build log:
> > >
> > > http://ci.kicad-pcb.org/job/windows-openssl-
> > > msvc/build=release,cpu=x86,label=windows/458/consoleFull
> > >
> > > Simon
> >
>
: fatal error LNK1120: 5 unresolved externals
matt> > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
Studio 12.0\VC\BIN\link.EXE"' : return code '0x460'
matt> > Stop.
matt>
matt> Yes. It needs this to be merged:
matt>
matt> https://github.com
:12:58 2016, beld...@gmail.com wrote:
> > Dear Richard,
> >
> > Thank you, it works.
> >
> > On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RT
> > <r...@openssl.org>
> > wrote:
> >
> > > The issue isn't with the pre-created key,
gt; > in the build directory.
> > >
> > > When I execute the command
> > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req
> > > -x509
> > -key
> > > rsa2048.pem -keyform PEM -out cert.pem
> > >
> > > in the build direc
ey rsa:2048 -keyout key.pem -out req.pem -nodes
>
> works ok.
>
> What's done wrong by me?
>
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
re talking about the version 1.0.2 series, then the
procedure is approximately the same. There, you have to look up this
line in Makefile.org:
SDIRS= \
... and add helloworld to its values.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http:
; msvc/build=release,cpu=x86,label=windows/458/changes'
> >
> > Full build log:
> >
> > http://ci.kicad-pcb.org/job/windows-openssl-
> > msvc/build=release,cpu=x86,label=windows/458/consoleFull
> >
> > Simon
>
>
> --
> Richard Levitte
> levi...@o
ob/windows-openssl-
> msvc/build=release,cpu=x86,label=windows/458/changes'
>
> Full build log:
>
> http://ci.kicad-pcb.org/job/windows-openssl-
> msvc/build=release,cpu=x86,label=windows/458/consoleFull
>
> Simon
--
Richard Levitte
levi...@openssl.org
--
Ticket here: ht
> ./config -fuse-ld=gold
Jeff, please respond.
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4609
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
;
> With this patch,
> % ./Configure solaris-x86-cc
> % make
> % make test
> passes.
>
> % ./Configure solaris64-x86_64-cc
> % make
> passes but
> % make test
> stops.
> This is another problem, which seems to be the same as bug #4641.
>
>
> Regards,
>
>
In message <20160804190843.ga19...@x2.esmtp.org> on Thu, 4 Aug 2016 12:08:43
-0700, Claus Assmann <ca+ssl-...@esmtp.org> said:
ca+ssl-dev> On Thu, Aug 04, 2016, Richard Levitte wrote:
ca+ssl-dev>
ca+ssl-dev> > I suppose this depends on what shell is being used. I've
at
There are several places like this in the Makefile.
I suppose this depends on what shell is being used. I've attached a
fix (apply with 'patch -p1 < unix-Makefile.tmpl.patch'), would you
mind trying it out?
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Proje
In message <20160803142331.gd2...@nikhef.nl> on Wed, 3 Aug 2016 16:23:31 +0200,
Mischa Salle <msa...@nikhef.nl> said:
msalle> On Wed, Aug 03, 2016 at 03:41:55PM +0200, Richard Levitte wrote:
msalle> > msalle> By the way, even for RFC proxies I still have the prob
In message <20160803.154155.2198714958292922881.levi...@openssl.org> on Wed, 03
Aug 2016 15:41:55 +0200 (CEST), Richard Levitte <levi...@openssl.org> said:
levitte> In message <20160803131344.gb2...@nikhef.nl> on Wed, 3 Aug 2016
15:13:44 +0200, Mischa Salle <msa...@
In message <20160803131344.gb2...@nikhef.nl> on Wed, 3 Aug 2016 15:13:44 +0200,
Mischa Salle <msa...@nikhef.nl> said:
msalle> Hi Richard,
msalle>
msalle> apologies for the delayed answer, I was caught up in work...
msalle>
msalle> On Tue, Jul 26, 2016 at 05:50:14PM +
On Mon Aug 01 16:50:21 2016, matt wrote:
> On Mon Jul 25 08:49:27 2016, matt wrote:
> > Ping Jeff?
>
> Ping again?
>
> Matt
It's worth mentioning that time is getting short, next beta in a few days,
final in 3 weeks.
--
Richard Levitte
levi...@openssl.org
, DH
> > keys where situation is similar.
> >
>
> Do you have some examples of how this affects other structures? For
> RSA/DSA/DH
> keys the fields are NULL initially unless I've missed something.
Can this ticket be closed?
--
Richard Levitte
levi...@openssl.org
--
Ticket he
e a renewed walking the
msalle> chain is typically done upon reaching the last cert.
Like I said, please check what OpenSSL does. There was a bug, so I
perfectly understand why you needed to override that check. I've
fixed what I found. If you find a bug in that mechanism, we're
interested!
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
depth);
void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
erify_cb,
indicating which certificate in the chain the call of the callback is
about. Why one would need to tamper with them from inside the
verify_cb function escapes me...
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
As for everything else that has been discussed here, which also touches on
external methods of verification via the verification callback, I would say
it's out of scope for this ticket. I am interested in these talks, but then by
direct email.
--
Richard Levitte
levi...@openssl.org
--
Ticket her
e
> that's fine
> for GT2 proxies (there's no pc path length there that I can see), it
> does need
> to be properly set for GT3 proxies.
For this, https://github.com/openssl/openssl/pull/1348
Cheers,
Richard
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/
On Mon Jul 25 12:39:43 2016, msa...@nikhef.nl wrote:
> Hi Richard,
>
> On Mon, Jul 25, 2016 at 11:46:50AM +, Richard Levitte via RT
> wrote:
> > Is that code to cope with pathlen checking bugs? That's what it looks
> > to me. In
> > that case, it might no lon
?
The following note from CHANGES answers most of your question:
*) The INSTALL_PREFIX Makefile variable has been renamed to
DESTDIR. That makes for less confusion on what this variable
is for. Also, the configuration option --install_prefix is
removed.
[Richard Levitte]
The
On Mon Jul 25 11:32:17 2016, msa...@nikhef.nl wrote:
> On Sat, Jul 23, 2016 at 09:44:18AM +0000, Richard Levitte via RT
> wrote:
> > To get current_cert, it's X509_STORE_CTX_get_current_cert().
> > To get current_issuer, it's X509_STORE_CTX_get0_current_issuer()
>
> Hi R
the ENGINE itself will work perfectly, both in the
source EC_KEY and the new one.
So there's no actual reason not to have const there. It does,
however, mean that we need to add const in a few more places. Now
many at all, actually, it took me 5 minutes. PR coming tomorrow.
Cheers,
Rich
rid/voms/blob/master/src/sslutils/sslutils.c
> and many other places for verifying the proxy chain or is there a
> better/other solution for that?
>
> Best wishes,
> Mischa
>
> On Fri, Jul 22, 2016 at 03:26:26PM +, Richard Levitte via RT
> wrote:
> > In addition
ssl/statem/statem_clnt.c:2466: error: 'SSL_SESSION' has no member named
> > 'srp_username'
> > ssl/statem/statem_clnt.c:2466: error: 'SSL' has no member named
> > 'srp_ctx'
> > ssl/statem/statem_clnt.c:2467: error: 'SSL_SESSION' has no member named
> > 'srp_username'
ember named
> 'srp_ctx'
> ssl/statem/statem_clnt.c:2467: error: 'SSL_SESSION' has no member named
> 'srp_username'
> make[2]: *** [ssl/statem/statem_clnt.o] Error 1
>
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.14 (GNU/Linux)
>
> iEYEAREKAAYFAleP41cACgkQL6
On Fri Jul 22 12:52:18 2016, rs...@akamai.com wrote:
> And now, with subject clearly stated, I think we should not do this.
After some discussion, we decided to abandon this line of thought and get back
to accessors as off RT4602.
Closing this ticket.
--
Richard Levitte
levi...@openssl.
r verifying the proxy chain or is there a
> better/other solution for that?
>
> Best wishes,
> Mischa
>
> On Fri, Jul 22, 2016 at 03:26:26PM +, Richard Levitte via RT
> wrote:
> > In addition to github PR 1294, there's now also PR 1339 which adds
> > the function to set the EXFLAG_
being asked for. Perhaps not exactly
(the setters are for X509_STORE only), but should be workable.
(writing this from my mobile, sorry for the lack of github links)
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest
n discussions around accessor functions, and
https://github.com/openssl/openssl/pull/1294 covers quite a lot
(please have a look! I get way too few comments), and what's primarly
needed outside of that is a way to set the EXFLAG_PROXY flag on a X509*.
Correct? For function names, I'm thinking that some
not, please tell me and
> I'll take
> you off this ticket.
>
> --
> Richard Levitte
> levi...@openssl.org
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4622
Please log in as guest with password guest if prompted
--
openss
on this issue in
RT4602. Guys, I hope it was ok to add you. If not, please tell me and I'll take
you off this ticket.
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4622
Please log in as guest with password guest if prompted
--
openssl-dev mailing
On Fri Jul 22 07:38:25 2016, mattias.ell...@physics.uu.se wrote:
> tor 2016-07-21 klockan 09:51 + skrev Richard Levitte via RT:
> > On Thu Jul 21 08:18:30 2016, mattias.ell...@physics.uu.se wrote:
> > >
> > > ons 2016-07-20 klockan 15:14 + s
On Thu Jul 21 08:18:30 2016, mattias.ell...@physics.uu.se wrote:
> ons 2016-07-20 klockan 15:14 + skrev Richard Levitte via RT:
> > On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote:
> > >
> > > I guess having a more restrictive accessor that only sets
s like the thing to do here.
> >
> > I've pushed a branched on github that at least does some of the
> > things. See github #1330.
>
> Likewise for the CRYPTO_THREAD_run_once() issue, in
> https://github.com/openssl/openssl/pull/1332
All now merged into master branch. Closin
On Wed Jul 20 16:58:20 2016, janj...@nikhef.nl wrote:
> Hi Richard,
>
> On 20/07/16 17:14, Richard Levitte via RT wrote:
> > On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote:
> >> I guess having a more restrictive accessor that only sets the
> >&g
ral.
So let me ask this in a different manner, does OpenSSL 1.1 still not set the
EXFLAG_PROXY flag correctly? In what situations does that happen? That may be
worth a bug report of its own.
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=
und_openssl_certchain_bug() in the hunk around line 1306)
https://github.com/openssl/openssl/pull/1294 currently provides a setter for
get_issuer in X509_STORE.
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest with pass
doctor> *** Error code 1
doctor>
doctor> Please fix
Already done, you will notice in tomorrow's snapshot.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.o
github that at least does some of the
> things. See github #1330.
Likewise for the CRYPTO_THREAD_run_once() issue, in
https://github.com/openssl/openssl/pull/1332
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4614
Please log in as g
t
> gets passed
> by reference to the init routine
Never mind that, I wasn't thinking straight...
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4614
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
On Tue Jul 19 15:36:04 2016, levitte wrote:
> To be noted is that we never check the value CRYPTO_THREAD_run_once()
> returns... Should we make it __owur?
I spoke too fast. We do... just not always.
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/
On Tue Jul 19 15:26:58 2016, matt wrote:
>
>
> On 19/07/16 16:23, Richard Levitte via RT wrote:
> > On Mon Jul 11 16:20:29 2016, k...@roeckx.be wrote:
> >> Hi,
> >>
> >> When trying to check what happens if we simulate malloc()
> >> returning NU
), but
since at least pthread_once() takes a function returning void (and thereby
doesn't care about any returned value), it seems like our hands are forced
anyway.
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4614
Please log in as guest with p
On Mon Jul 11 17:48:06 2016, rs...@akamai.com wrote:
> Previously we've changed return-types from void to int. If there's
> still time, that seems like the thing to do here.
I agree.
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4614
On Tue Jul 19 14:01:17 2016, matt wrote:
>
>
> On 19/07/16 14:41, Richard Levitte via RT wrote:
> > Hi Jeff,
> >
> > I'm going to assume that a newer checkout of the master branch won't
> > change
> > much, so if you please, try this command and send mack
exit status: 1
> ../test/recipes/40-test_rehash.t (Wstat: 256 Tests: 5 Failed: 1)
> Failed test: 4
> Non-zero exit status: 1
> Files=80, Tests=422, 44 wallclock secs ( 0.34 usr 0.11 sys + 25.08
> cusr 2.64 csys = 28.17 CPU)
> Result: FAIL
> Failed 2/80 test programs. 2/422 subtests failed.
> Makefile:130: recipe for target 'tests' failed
> make: *** [tests] Error 255
>
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
CRLs once one CRL for given hash value is
> > > loaded,
> > > hash_dir lookup method checks only for certificates with sequence
> > > number
> > > greater than that of the already cached CRL.
> >
> > Since, the sequence number has changed from
in my case) openssl should have done a lookup and based on the
> latest sequence number should have given me an error stating Client
> Certificate has been revoked.
>
> Just to let you know, I have tested revoked certificates with the CRL and
> it works fine. So no problem with that.
t; man podchecker
rsalz>
rsalz> Find-doc-nits calls podchecker and saw no complaint.
perl util/find-doc-nits.pl -s
(I don't know what -s is for, but apparently, podchecker isn't run
unless you use that option)
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://ww
to take a
temporary shallow copy of the input EC_KEY and modify the copy instead.
Relevant commits are:
b8a7bd83e68405fdf595077973035ac6fe24cb97 (master branch)
427b22646d4642809f67352513590549650b916f (1.0.2 branch)
Closing this ticket.
Cheers,
Richard
--
Richard Levitte
levi...@openssl.org
--
Tick
hers with a blank line.
rsalz>
rsalz> Time to add something to find-doc-nits, perhaps.
man podchecker
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
o is passed in B.
... and I'm pretty sure that no pod processor knows what to do with
the '=over' argument "The BIO the callback is attached to is passed in
B.", hence the error message.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www
es involved in the call of those functions. In the
proxy certificate case, EXFLAG_PROXY will be set for a certificate any time the
proxyCertInfo is found among its extensions.
To be blunt, I would much rather see a bug report that shows when that cache
isn't being built properly, and possibly a fix for it.
Che
On Fri Jul 08 09:33:01 2016, noloa...@gmail.com wrote:
> Hmmm... If I want to use ld.gold as my linker, the easiest path is to
> set LD=ld.gold. It makes perfect sense to some
Did it work for you when doing this?
./config -fuse-ld=gold
--
Richard Levitte
levi...@openssl.org
--
Ticke
101 - 200 of 3003 matches
Mail list logo