Hi Richard,
Richard Levitte wrote:
Hi,
I've some ponderings that I need to bounce a bit with you all.
Some have talked about replace the X509_LOOKUP_METHOD
X.509 lookup method could return certificate , revocation list or
EVP_KEY (structure x509_object_st).
Unfortunately functionality of
Rich Salz via RT wrote:
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
Resolved?
Hmm, how to implement X.509 lookup method with 1.1+ API?
Regards,
Roumen Petrov
--
openssl-dev mailing list
Hi Richard,
Richard Levitte wrote:
In message<20161206.223057.237264374331072901.levi...@openssl.org> on Tue, 06 Dec
2016 22:30:57 +0100 (CET), Richard Levitte said:
levitte> [SNIP]
The easiest was actually to rewrite PEM_read_bio_PrivateKey()
entirely, so it solely
HI Richard,
Richard Levitte wrote:
In message<58472e4f.3010...@roumenpetrov.info> on Tue, 06 Dec 2016 23:31:59 +0200,
Roumen Petrov<open...@roumenpetrov.info> said:
openssl> Hi Richard,
openssl>
[SNIP]
openssl> > Check. My STORE branch is made to support that
Hi Richard,
Richard Levitte wrote:
[SNIP]
James.Bottomley>1. We agreed that usability is greatly enhanced if openssl
simply loads
James.Bottomley> a key when presented with the file/uri etc. without the
user having
James.Bottomley> to specify what the format of a key is
Salz, Rich wrote:
[SNIP]
I posted yesterday, what's your config. I standard config/make does
not do this for me.
For instance:
CONFIGURE_ARGS=--prefix=... -DOPENSSL_NO_BUF_FREELISTS shared no-ssl2
no-ssl3 zlib-dynamic enable-gost enable-unit-test linux-x86_64
Roumen
--
openssl-dev mailing
means that the key_id is actually a bio
pointer.
I'm not sure that is good idea to pass pointers between loadable
modules. It could be used if there is no alternative. In this case URN
format for could inform engine how to load key.
[SNIP]
Regadrs,
Roumen Petrov
--
openssl-dev mailing list
This is an enhancement request.
OpenSSL 1.1 hides details of structures used to load X.509 certificates,
in particular - x509_lookup_method_st , x509_lookup_st and x509_object_st.
This impact non OpenSSL projects as external application has to
duplicated those structures.
Request is OpenSSL do
Stephen Henson via RT wrote:
> On Sat Jun 25 22:09:59 2016, open...@roumenpetrov.info wrote:
>> Above is reason the request to remove const from return argument of get0
>> methods.
> We had a discussion about this and the preference was to have get methods
> retain const for various reasons.
>
>
d. Windows modification is similar.
Roumen
>From a7e0111eea1ef51d62a673e8511e9017945c2780 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Sat, 21 May 2016 10:29:51 +0300
Subject: [PATCH 2/2] make templates: prepend path to source headers
---
Configurations
n argument of get0
methods.
The issue is not only for ECDSA but also for DSA_SIG and RSA, DSA, DH
keys where situation is similar.
Regards,
Roumen Petrov
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4590
Please log in as guest with password guest if prompted
--
openssl-d
Salz, Rich wrote:
Can you look at https://github.com/openssl/openssl/pull/1044 [SNIP ]
I pushed a new version that adds your feedback.
10x, it's fine by me.
Roumen
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi Rich,
Salz, Rich wrote:
Can you look at https://github.com/openssl/openssl/pull/1044 and see if it
addresses the issues?
Yes.
May be with some definitions for backward compatibility. I mean for
renamed pre 1.1 functions - with inserted ..._CTX into name of :
-
Hi Rich,
Scope of my request is "use of a lookup method".
Salz, Rich wrote:
You need
(1)
I test port to current openssl code with following definitions
X509_OBJECT_new() and X509_OBJECT_get0_X509_CRL. :
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index ff64821..8547b0d
blic part between get0 and
set0 key methods.
For protocol "0009-sshkey.c-opaque-DSA-structure.patch" is practical
sample of an upgrade to 1.1 API. RSA is similar.
Cheers,
Richard
Roumen
>From 57d17bdf3ef9975b6f09a597557843943909b5b9 Mon Sep 17 00:00:00 2001
From: Roumen Petr
umen
>From 32b59c4406581d9e0418ba9b61a1abe2044468ff Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Sat, 16 Apr 2016 19:10:19 +0300
Subject: [PATCH 4/4] remove defines X509_STORE_set_verify_... as context is
now opaque
---
include/openssl/x509_vfy.h | 3 ---
1 file changed, 3
Hi Openssl developers,
Recent modification to X509... structures prevent external
implementation of X509_LOOKUP_METHOD.
Main issue that 1.1beta5 is not usable. A lot of X509... structures are
now opaque, but there is no access neither memory management functions.
I hop that soon will be
Hi,
Currently access to engine member is available for some keys:
$ grep -r get0_engine include/
include/openssl/dh.h:ENGINE *DH_get0_engine(DH *d);
include/openssl/dsa.h:ENGINE *DSA_get0_engine(DSA *d);
include/openssl/rsa.h:ENGINE *RSA_get0_engine(RSA *r);
Please add function for EC_KEY.
If
Hi
With current master "corrupted double-linked list" disappear but error
still exist, see below
Roumen Petrov wrote:
[SNIP]
Stack trace
*** Error in '/apps/openssl': corrupted double-linked list:
0x006de730 ***
^C
Program received signal SIGINT, Interrupt.
0x7f
Hi,
Please see attached file
0003-build-with-defined-ENGINE_REF_COUNT_DEBUG.patch .
If ENGINE_REF_COUNT_DEBUG is defined build fail. Proposed patch resolve
issue.
Regards,
Roumen
>From 3db4a9eb01f6caf1c59c50d8f6a3f6ec73cc71df Mon Sep 17 00:00:00 2001
From: Roumen Petrov &l
Hello ,
Issue 4436 report only ECDSA_SIG_get0 but DSA is the same.
Perhaps DSA_SIG_get0 could use constant signature pointer.
Stephen Henson via RT wrote:
Fixed now. Closing ticket.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available
Hi Matt,
Matt Caswell wrote:
Hi Roumen
On 10/03/16 22:21, Roumen Petrov wrote:
Hello,
With new thread model in some configurations openssl hands on unload of
engine.
I just pushed commit 773fd0bad4 to master which should hopefully resolve
this issue.
It seems to me hang is resolved after
xit () from /lib64/libc.so.6
#11 0x0041cf5d in main (argc=, argv=out>) at apps/openssl.c:361
(gdb)
My build is based on commit 603358de576217812cb3d752e97c78e476cdc879
-plus remaining modifications from issue "#4207 engine key format in 1.1"
Regards,
Roumen Petrov
Roumen Petr
Hello ,
It seems to me unified build system work quite well with simultaneous
build jobs.
I would like to report a minor issue - I have to run make 3 times until
all decencies are resolved. Second make rebuild about 450 items. Third
time only speed is rebuild.
The build is in a clean source
Brad House wrote:
It appears OpenSSL 1.0.2g introduced a regression when attempting to run
'make test' on a fips-enabled build on linux. When compiling without FIPS, the
tests pass as expected. However, with fips turned on, "make test" fails
when trying to use ssl2 it appears. Running 'make
It is expected DH_free(DH_new()); to leaks memory. Usually XXX method
initialize "extra data".
Sample code is without code that clear library, at least
CRYPTO_cleanup_all_ex_data is missing.
Roumen
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2363
Please log in as guest
Hello,
I just finish tests with new initialization methods. Memory detection
tool report a number of memory leaks.
Startup code is:
OPENSSL_init_crypto(
OPENSSL_INIT_ENGINE_ALL_BUILTIN |
OPENSSL_INIT_ADD_ALL_CIPHERS |
OPENSSL_INIT_ADD_ALL_DIGESTS |
Hello,
The current master branch does not create shared libraries. Attached
patch restore build with gnu tools.
Regards,
Roumen Petrov
>From 2c3d122965a0a6a0b8b2ae3188b7c16658e5a57a Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Tue, 23 Feb 2016
d=4320
Please log in as guest with password guest if prompted
>From b359b5caf689583b247d825892ccd6dd42474de1 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Thu, 18 Feb 2016 23:26:43 +0200
Subject: [PATCH 4/4] #4320 OpenSSL 1.1.0-pre3: "unabl
Hello,
OPENSSL_config with NULL argument crash in master branch.
Please find attached file with proposed patch.
Regards,
Roumen
>From f6eee9281567e47ae23383c527845cc4a897d195 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Fri, 12 Feb 2016 22:18:59 +020
Hello,
Function argument is pointer to ENGINE - please find attached patch
Regards,
Roumen Petrov
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4312
Please log in as guest with password guest if prompted
>From 2f2e1f210ec3c8452ecd041604fd14071a4b59ca Mon Sep 17 00:00:00 2
Richard Levitte wrote:
That patch just got merged into master, commit
80926502986a97eed53afe1d85fc074e40829547
10x
It seems to me #4296 is second report.
Cheers,
Richard
In message <56b718f3.9070...@roumenpetrov.info> on Sun, 07 Feb 2016 12:14:11 +0200,
Roumen Petrov
Hello,
With master branch my ssh ocsp tests start to fail again.
The program code call BIO_new_connect("127.0.01") and then parsing of
'name' crash.
Please find attached proposed patch.
Roumen
>From 65f29abcce374e3ceddc93f2854493f1839eb305 Mon Sep 17 00:00:00 2001
From: Roumen
Also patches for commands:
- pkey : "0017-pkey-cmd-restore-keys-from-engine.patch"
- req : "0018-req-cmd-restore-keys-from-engine.patch"
>From 0ea1c0b9b600977e93efed4545166ec4ae245bc9 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: S
ibes flag EC_FLAG_FIPS_CHECKED but this flags is not used
in fips enabled openssl build. It seems to me is enough to set flag
ECDSA_FLAG_FIPS_METHOD to allow ECDSA method to work in fips mode.
Regards,
Roumen Petrov
>From 4e2150fb50fc07e1edd38938f3d3c32e8438 Mon Sep 17 00:00:
Salz, Rich via RT wrote:
> Tweaked, sigh.
> ; ./util/opensslwrap.sh engine - dynamic -pre
> engine: Cannot mix flags and engine names.
> engine: Use -help for summary.
> exit 1
>
If engine name cannot be at any position then please keep it as is. i.e.
at last position. In this
Salz, Rich via RT wrote:
> Please see this:
>
> https://github.com/openssl/openssl/compare/master...richsalz:rt4194?expand=1
>
It should fail with openssl engine - dynamic -pre
SO_PATH:/lib/libfoo.so
Help string looks good.
Roumen
___
Salz, Rich via RT wrote:
> So you're saying just close this ticket?
>
No. My request is to restore flexible engine command line and optionally
help string.
I only disagree with proposed partial correction for command line.
___
openssl-dev mailing list
Rich Salz via RT wrote:
> [SNIP]
> out = dup_bio_out(FORMAT_TEXT);
> - prog = opt_init(argc, argv, engine_options);
> if (!engines || !pre_cmds || !post_cmds)
> goto end;
> + while ((argv1 = argv[1]) != NULL && *argv1 != '-') {
> + sk_OPENSSL_STRING_push(engines, *argv1);
> + argc--;
> + argv++;
>
1
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Sun, 15 Nov 2015 11:00:00 +0200
Subject: [PATCH 03/15] dgst cmd: restore keys from engine
---
apps/dgst.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/apps/dgst.c b/apps/dgst.c
index fb09a45..24
first is engine name then commands.
Just search in internet for samples - expect some recent openssl
tutorial almost all other samples use name before options.
Request is only for engine. It is not for speed command for example.
This is reason to call issue regression.
Regards,
Roumen
al API and just
> use the standard crypto_ex_data stuff. Want to make a more complete patch as
> a github pull request? :) Otherwise I'll get to it soon.
>
>From 07ad1979667aeb2ba99a8ed88f679fb684b8cf1c Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date
eth);
pkey_rsa->engine = eng;
ENGINE_up_ref(eng);
Let me know how to proceed with this request.
Roumen Petrov
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
patch" - note that index
CRYPTO_EX_INDEX is with gap in numbering but I would like patch to be
minimal.
I would like to request external applications to be able to change
method - see attached patch "0009-access-EC_KEY-method-property.patch".
Regards,
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
current:
X509_CERT_PAIR_it 35341_1_0 NOEXIST::FUNCTION:
X509_CERT_PAIR_it 35341_1_0 NOEXIST::FUNCTION:
Proposed patch removes duplicates.
Regards,
Roumen Petrov
>From 992be79410a3c909f4b1d2f492423aaf2c8a8454 Mon Sep 17 00:00
:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Thu, 3 Dec 2015 23:43:24 +0200
Subject: [PATCH 01/15] __STDC_VERSION__ is not defined for c89 compilers
---
include/openssl/e_os2.h | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/openssl/e_os2.
options. This is regression introduced by new common "
option-parsing".
Also new summary lack information for engine name as command line argument.
Regards,
Roumen Petrov
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl
Hello,
After modification OPENSSL_strlcpy is declared twice.
Regards,
Roumen
>From 5f5b81e162eae025dcc40a7074a973621c7dac33 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Mon, 21 Dec 2015 18:45:06 +0200
Subject: [PATCH 02/15] redundant rede
Dr. Stephen Henson wrote:
On Sat, Oct 17, 2015, Roumen Petrov wrote:
Hello,
After embed some attributes OCSP in master stop to work.
The current status is the client comment report "Cert Status:
unknown" and "Nonce Verify error" for X.509 certificates used in my
ssh reg
nown version to work is
"47c9a1b5096be684c18335137284f0dfcefd12d6 : embed support for ASN1_STRING"
(optionally with "Appease gcc's Wmaybe-uninitialized" if build fail due
to pedantic compiler flags).
First regression is from "af170194a88d6127d447bea826845c23ca192727 :
embed OCSP_CERTID&q
structure, may require own set of "get"-methods
It seems to me for attributes name, flags and depth access is complete.
Please finish declaration of X509_VERIFY_PARAM as opaque structure with
definition of "get"-methods.
Regards,
Roumen Petrov
__
Mike Frysinger via RT wrote:
atm, the windres code in openssl is only usable via the cross-compile prefix
option unlike all the other build tools. So add support for the standard $RC
/ $WINDRES env vars as well.
---
[SNIP]
else{
s/^CC=.*$/CC= $cc/;
in script.
[SNIP]
OPENSSL_NO_STORE
Also removing the code?
Regards,
Roumen Petrov
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
set of flags as 'separator' is required.
Pages x509 and X509_NAME_print_ex could be updated to detail that
'separator' flag is required.
Regards,
Roumen Petrov
__
OpenSSL Project http
Rich Salz via RT wrote:
SO_REUSEADDR is done.
It is not activated in ocsp.c .
The rest is fixed in 1.+
[SNIP]
__
OpenSSL Project http://www.openssl.org
Development Mailing List
lookup:unable to get local issuer certificate
2
===
There is extra error with code 20. This may break external applications
with custom verification callback.
For historic reasons exit code of openssl verify command is not used and
to me this is not so important.
Regards,
Roumen Petrov
cannot be executed as makefile lack suffix for dependent
executables . Please find attached proposed fix
0001-use-EXE_EXT-in-dependecies.patch.gz .
Regards,
Roumen Petrov
0001-use-EXE_EXT-in-dependecies.patch.gz
Description: GNU Zip compressed data
0002-use-ULL-for-GCC-instead-MSC-specific
Hello,
According the current version scheme 1.0.2 retain binary compatibility.
In this case is expected external application linked 1.0.1 to work with
1.0.2 without modification.
It seems to me now FIPS build retain binary but lost functional
compatibility. For instance EVP_dss1 could be
Hi,
FIPS enabled build fail at same line.
Brad House wrote:
It appears there is a major regression with OpenSSL 1.0.1d over
1.0.1c. I've narrowed it down to setting a custom cipher
list I think as if I do not set a cipher list, the issue does
not occur.
I have reproduced the issue with the
Stephen Henson via RT wrote:
I've finally had time to look into this. Please see if this fixes the issue:
May be is not related, but this engine lack call of
ENGINE_register_pkey_asn1_meths . It seems to me without this
registration initialization is different . If engine configuration is
Stephen Henson via RT wrote:
I've finally had time to look into this. Please see if this fixes the issue:
May be is not related, but this engine lack call of
ENGINE_register_pkey_asn1_meths . It seems to me without this
registration initialization is different . If engine configuration is
Hello OpenSSL developers.
I could not understand *Check-in [22619]* Reduce version skew in
openssl 1.0.1 stable branch. May be this version adds some useful
improvements but FIPS build(compile) is broken. I wonder what is policy
to update 1.0.1 stable branch.
After remove of #include
Dr. Stephen Henson wrote:
On Wed, Apr 18, 2012, Erik Tkal wrote:
Any takers? Should I be able to build a FIPS-capable OpenSSL and have some of
the implementation be provided via an ENGINE (e.g. let's say I have a hardware
module to perform AES) but some by the OpenSSL FIPS canister? Or is
Leandro Santiago via RT wrote:
I'm trying to compile openssl 1.0.1 (but I also tested the 1.0.0) on
mingw-w64 (gcc 4.7), but I'm having errors.
I tested in three configurations: Ubuntu 11.04 32-bit, Kubuntu 11.10
64-bit and Windows 7 32-bit having the same errors.
The command line I used was:
Leandro Santiago via RT wrote:
I'm trying to compile openssl 1.0.1 (but I also tested the 1.0.0) on
mingw-w64 (gcc 4.7), but I'm having errors.
I tested in three configurations: Ubuntu 11.04 32-bit, Kubuntu 11.10
64-bit and Windows 7 32-bit having the same errors.
The command line I used
Kevin Vargo via RT wrote:
Some minor updates to the openssl.spec: wrapping ifarch around the various lib
dirs to get the right files in the right places.
See attached diff
Configure script and spec are not consistent regarding multilib. It
seems to me spec file should use libdir script
Kevin Vargo via RT wrote:
Some minor updates to the openssl.spec: wrapping ifarch around the various
lib dirs to get the right files in the right places.
See attached diff
Configure script and spec are not consistent regarding multilib. It
seems to me spec file should use libdir script
for ssh related numbers but obejct.txt could be
updated to list more. As example on page http://www.imc.org
/ietf-pkix/pkix-oid.asn last extended key usage is with number 29.
Regards,
Roumen Petrov
__
OpenSSL Project
Hi Dmitry,
Dmitry Belyavsky wrote:
Greetings!
What is the correct way to get the ENGINESDIR value It is defined in
opensslconf.h but it is not enough to include opensslconf.h to get it
defined.
Why engine directory for openssl configuration is so important ?
Engine installation may depend
the build GCC 4.6.1 warn user for
bad cast and that application will terminate it code is reached.
I note this on 64-bit platform with gcc 4.5.2 and as Steve suggest I
switch to 0.9.8x fips build.
Regards,
Roumen Petrov
the build GCC 4.6.1 warn user for
bad cast and that application will terminate it code is reached.
I note this on 64-bit platform with gcc 4.5.2 and as Steve suggest I
switch to 0.9.8x fips build.
Regards,
Roumen Petrov
Dr. Stephen Henson wrote:
[SNIP]
Should be fixed now, see:
http://cvs.openssl.org/chngview?cn=22124
to make OpenSSL understand both formats when verifying and:
http://cvs.openssl.org/chngview?cn=22126
to use the same format as older versions of OpenSSL when creating signatures.
10x . I confirm
Dr. Stephen Henson wrote:
On Wed, Feb 01, 2012, Roumen Petrov wrote:
[SNIP]
Looking into this there is a long standing incompatibility between
various functions that use mdc2 for signatures. Since SSLeay the
function RSA_sign() using mdc2 as an argument uses a DigestInfo
structure whereas
be
verified only with 1.0.1 and verification fail with earlier version.
Issue with certificates apply to CRLs
Regards,
Roumen Petrov
P.S. high level log with test case failure:
=== entering .../origin+x509-7.1x-0.9.8t/...
... testing with OpenSSL 0.9.8t 18 Jan 2012 ...
testid_rsa-rsa_mdc2.crt
One of recent changes is Add DTLS-SRTP negotiation from RFC 5764.
After update build fail for HEAD . The simple solution is to move
function declarations from srtp.h to tls1.h
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
int SSL_set_tlsext_use_srtp(SSL *ctx,
Hi,
One of the changes is past week is to not enable ... sorry I remove
diffs files and I cannot remember exact change (file, date, etc)...
Result is that now regression test in head fail with :
...:error:04075070:rsa routines:RSA_sign:digest too big for rsa
key:rsa_sign.c:119:
Nick Lewis via RT wrote:
Roumen
Thank you for looking at the patch
[SNIP]
+ if (issuer_num (issuer_num x_num))
Please find a corrected version below
Best Regards
Nick
[SNIP]
With update version i confirm that regression test of a software now
pass with OpenSSL HEAD
Nick Lewis via RT wrote:
Roumen
Thank you for looking at the patch
[SNIP]
+ if (issuer_num (issuer_num x_num))
Please find a corrected version below
Best Regards
Nick
[SNIP]
With update version i confirm that regression test of a software now
pass with OpenSSL HEAD
Dmitry Belyavsky wrote:
Greetings!
On Thu, Sep 22, 2011 at 3:00 AM, Roumen Petrov
open...@roumenpetrov.info wrote:
[SNIP]
What is result if register__gost methotds are moved from bind to init ?
Double-free occurs too.
The
openssl speed -engine gost -evp gost89
is successful
Hi Dmitry,
Dmitry Belyavsky wrote:
Greetings!
During the 1.x version the current scheme of
algorithms providing through engines was implemented.
Debugging our (Cryptocom LTD) engines, I’ve found some troubles in the
way it works, please tell me
where I’m mistaken.
Openssl is configured with
Nick Lewis via RT wrote:
The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not work
correctly for some combinations of ctx-chain, x and issuer. For example when
the cert x is in the chain at a location other than the top, a path loop is
incorrectly declared. Also if the
Nick Lewis via RT wrote:
The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not
work correctly for some combinations of ctx-chain, x and issuer. For example
when the cert x is in the chain at a location other than the top, a path loop
is incorrectly declared. Also if the
Marc Wäckerlin via RT wrote:
Hi OpenSSL
I managed to Cross Compile OpenSSL on Linux so that I can develop OpenSSL
applications that run on Windows entireliy inside a Linux build environment.
It even builds the executables and the DLLs on Linux.
Please add my changes to the official Configure
Marc Wäckerlin via RT wrote:
Hi OpenSSL
I managed to Cross Compile OpenSSL on Linux so that I can develop OpenSSL
applications that run on Windows entireliy inside a Linux build environment.
It even builds the executables and the DLLs on Linux.
Please add my changes to the official
Darryl Miles wrote:
[SNIP]
Tried using:
ms\mingw32.bat
[SNIP]
Try with ./Configure mingw .
Roumen
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Darryl Miles wrote:
Roumen Petrov wrote:
[SNIP]
I have tried using perl Configure mingw ... manually but I have not
been able to find a combination that works to produce a usable
Makefile that mingw32-make.exe (a version of GNU Make) can use.
May be issue is to find working version of mingw
Andrey Kulikov via RT wrote:
Hello,
Please find file attached: server_cert_from_engine4.patch
This is a patch to allow loading server SSL certificate by ENGINE.
[SNIP]
After applying this patch s_server will accept -certform ENGINE option.
This patch supplied by Stonesoft Corporation,
Andrey Kulikov via RT wrote:
Hello,
Please find file attached: server_cert_from_engine4.patch
This is a patch to allow loading server SSL certificate by ENGINE.
[SNIP]
After applying this patch s_server will accept -certform ENGINE option.
This patch supplied by Stonesoft Corporation, who
Obsolete code prevent dsa command to use keys stored into engine.
The attached patch remove open of input file and left all to load_xxx
functions.
See for reference rsa command that work fine.
Roumen
Index: apps/dsa.c
===
RCS file:
See attached file with patch for openssl dsa command: print
-pubin/-pubout options.
Also -engine flags is moved at same position as for rsa command.
Roumen
Index: apps/dsa.c
===
RCS file:
Dr. Stephen Henson wrote:
[snip]
I've updated the sources so they are now avaiable outside FIPS mode.
Steve.
10x solved, please close.
Roumen
__
OpenSSL Project http://www.openssl.org
The mingw cross-build of current HEAD(2011-01-31) fail :
WARNING: mkdef.pl doesn't know the following algorithms:
NEXTPROTONEG
Creating library file: libcrypto.dll.a
Cannot export FIPS_dh_free: symbol not defined
.
Cannot export RSA_X931_generate_key_ex: symbol not defined
collect2:
Stephen Henson via RT wrote:
[open...@roumenpetrov.info - Thu Feb 03 16:36:58 2011]:
The mingw cross-build of current HEAD(2011-01-31) fail :
WARNING: mkdef.pl doesn't know the following algorithms:
NEXTPROTONEG
Creating library file: libcrypto.dll.a
Cannot export FIPS_dh_free: symbol
Guenter via RT wrote:
Hi,
it seems that all native MingW32 versions (tested with MingW32 4.50)
lack of stuff to compile e_capi.c:
[SNIP]
make[1]: *** [e_capi.o] Error 1
make[1]: Leaving directory `/d/openssl-1.0.0b/engines'
Therefore I've added some more define tests to OpenSSL 1.0.0b
Guenter via RT wrote:
Hi,
it seems that all native MingW32 versions (tested with MingW32 4.50)
lack of stuff to compile e_capi.c:
[SNIP]
make[1]: *** [e_capi.o] Error 1
make[1]: Leaving directory `/d/openssl-1.0.0b/engines'
Therefore I've added some more define tests to OpenSSL 1.0.0b
M.-A. Lemburg via RT wrote:
An application that only includes openssl/ssl.h from OpenSSL
1.0.0 and doesn't use winsock.h will run into problems on Windows,
since the dtls1.h header file includes the winsock.h header file long
after the ossl_typ.h header file was loaded.
What about to define
M.-A. Lemburg via RT wrote:
An application that only includes openssl/ssl.h from OpenSSL
1.0.0 and doesn't use winsock.h will run into problems on Windows,
since the dtls1.h header file includes the winsock.h header file long
after the ossl_typ.h header file was loaded.
What about to define
Hello all,
Check-in [19505] and [19557] cryptlib.c: allow application to override
OPENSSL_isservice adds call for GetProcAddress with argument name of
function that start with underscore.
The function OPENSSL_isservice is specific for windows platforms and on
those platforms in not well
Ray Satiro wrote:
Third time's the charm, hopefully...
--
Without this patch the make will error with Pick one target type from and a
list of assembler types.
mingw32-make: *** [tmp\x86cpuid.asm] Error 1
--
I had to make some changes to compile OpenSSL 1.0.0 (3/29/10) using MinGW. The
William A. Rowe Jr. wrote:
On 3/16/2010 4:53 PM, Kees Dekker wrote:
* I saw a lot of NT4 code.
What NT4 code? You must be referring to _WIN32_WINNT macro
sometimes set
to 0x400. It does not denote NT4-specific code, it denotes
that NT4 is
required *minimum*. Meaning that it targets *all*
1 - 100 of 156 matches
Mail list logo