Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-17 Thread Richard Levitte
In message <20160117131603.ga10...@roeckx.be> on Sun, 17 Jan 2016 14:16:04 +0100, Kurt Roeckx said: kurt> On Sun, Jan 17, 2016 at 01:14:14AM +0100, Richard Levitte wrote: kurt> > OPT_FLAGS would be for optimizing, do I get that right? I suggest you kurt> > have a look at

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-17 Thread Corinna Vinschen
Hi Richard, On Jan 17 01:14, Richard Levitte wrote: > In message <20160116183724.gi12...@calimero.vinschen.de> on Sat, 16 Jan 2016 > 19:37:24 +0100, Corinna Vinschen said: > > vinschen> Who had this funny idea to use the Windows definitions when > building for > vinschen>

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-17 Thread Corinna Vinschen
On Jan 17 14:56, Richard Levitte wrote: > In message <20160117131603.ga10...@roeckx.be> on Sun, 17 Jan 2016 14:16:04 > +0100, Kurt Roeckx said: > > kurt> On Sun, Jan 17, 2016 at 01:14:14AM +0100, Richard Levitte wrote: > kurt> > OPT_FLAGS would be for optimizing, do I get that

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-17 Thread Richard Levitte
In message <20160117153235.gb9...@calimero.vinschen.de> on Sun, 17 Jan 2016 16:32:35 +0100, Corinna Vinschen said: vinschen> On Jan 17 14:56, Richard Levitte wrote: vinschen> > In message <20160117131603.ga10...@roeckx.be> on Sun, 17 Jan 2016 14:16:04 +0100, Kurt Roeckx

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-17 Thread Corinna Vinschen
On Jan 17 17:30, Richard Levitte wrote: > In message <20160117153235.gb9...@calimero.vinschen.de> on Sun, 17 Jan 2016 > 16:32:35 +0100, Corinna Vinschen said: > [...] > vinschen> This is pretty non-standard. By not allowing to extend CFLAGS from > the > vinschen>

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-17 Thread Corinna Vinschen
On Jan 17 18:17, Corinna Vinschen wrote: > On Jan 17 17:30, Richard Levitte wrote: > > In message <20160117153235.gb9...@calimero.vinschen.de> on Sun, 17 Jan 2016 > > 16:32:35 +0100, Corinna Vinschen said: > > [...] > > vinschen> This is pretty non-standard. By not allowing

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-17 Thread Richard Levitte
In message <20160117171738.gb16...@calimero.vinschen.de> on Sun, 17 Jan 2016 18:17:38 +0100, Corinna Vinschen said: vinschen> On Jan 17 17:30, Richard Levitte wrote: vinschen> > In message <20160117153235.gb9...@calimero.vinschen.de> on Sun, 17 Jan 2016 16:32:35 +0100,

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-17 Thread Richard Levitte
In message <20160117172321.gd16...@calimero.vinschen.de> on Sun, 17 Jan 2016 18:23:21 +0100, Corinna Vinschen said: vinschen> Just to be clear, this does not help unless the -s option is dropped vinschen> from the linker command line. This part of my patch (or something

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-16 Thread Corinna Vinschen
On Jan 14 15:44, Richard Levitte wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > >OpenSSL version 1.1.0 pre release 2 (alpha) >=== I tried to build this for Cygwin and got some problems. First, with 1,0.2, we built the Cygwin package

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-16 Thread Kurt Roeckx
On Sat, Jan 16, 2016 at 07:42:50PM +0100, Corinna Vinschen wrote: > On Jan 16 19:37, Corinna Vinschen wrote: > > On Jan 14 15:44, Richard Levitte wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > > > >OpenSSL version 1.1.0 pre release 2 (alpha) > > >

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-16 Thread Corinna Vinschen
On Jan 16 20:01, Corinna Vinschen wrote: > On Jan 16 19:59, Kurt Roeckx wrote: > > On Sat, Jan 16, 2016 at 07:42:50PM +0100, Corinna Vinschen wrote: > > > On Jan 16 19:37, Corinna Vinschen wrote: > > > > On Jan 14 15:44, Richard Levitte wrote: > > > > > -BEGIN PGP SIGNED MESSAGE- > > > > >

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-16 Thread Corinna Vinschen
On Jan 16 19:59, Kurt Roeckx wrote: > On Sat, Jan 16, 2016 at 07:42:50PM +0100, Corinna Vinschen wrote: > > On Jan 16 19:37, Corinna Vinschen wrote: > > > On Jan 14 15:44, Richard Levitte wrote: > > > > -BEGIN PGP SIGNED MESSAGE- > > > > Hash: SHA1 > > > > > > > > > > > >OpenSSL

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-16 Thread Richard Levitte
In message <20160116183724.gi12...@calimero.vinschen.de> on Sat, 16 Jan 2016 19:37:24 +0100, Corinna Vinschen said: vinschen> Who had this funny idea to use the Windows definitions when building for vinschen> Cygwin? I'm afraid that is lost in the thin web of history ;-)

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-15 Thread Jouni Malinen
On Thu, Jan 14, 2016 at 03:35:48PM -0500, Viktor Dukhovni wrote: > Thanks for the prompt error report. If you're willing to share your > test chains, and if it is likely to be not too difficult to include > them with the OpenSSL bundled tests, that might be worth looking into. All the test case

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-14 Thread Jouni Malinen
On Thu, Jan 14, 2016 at 03:44:18PM +0100, Richard Levitte wrote: >OpenSSL version 1.1.0 pre release 2 (alpha) >OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 2 has now >been made available. For details of changes and known issues see the >release notes at: > >

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-14 Thread Viktor Dukhovni
> On Jan 14, 2016, at 11:47 AM, Jouni Malinen wrote: > > Many of the negative test cases that verify that server certificate > chain validation works by using mismatching trust roots (i.e., server > certificate is not issued by any of the trusted CA certificates) are > failing.

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-14 Thread Viktor Dukhovni
> On Jan 14, 2016, at 2:38 PM, Viktor Dukhovni > wrote: > > Thanks. That's enough info. Patch below. Or pull the master branch from github. -- Viktor. ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-14 Thread Jouni Malinen
On Thu, Jan 14, 2016 at 03:15:12PM -0500, Viktor Dukhovni wrote: > > > On Jan 14, 2016, at 2:38 PM, Viktor Dukhovni > > wrote: > > > > Thanks. That's enough info. Patch below. > > Or pull the master branch from github. Thanks! I confirmed that both the patch on

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-14 Thread Viktor Dukhovni
> On Jan 14, 2016, at 3:21 PM, Jouni Malinen wrote: > > On Thu, Jan 14, 2016 at 03:15:12PM -0500, Viktor Dukhovni wrote: >> >>> On Jan 14, 2016, at 2:38 PM, Viktor Dukhovni >>> wrote: >>> >>> Thanks. That's enough info. Patch below. >> >> Or pull

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-14 Thread Jouni Malinen
On Thu, Jan 14, 2016 at 05:39:39PM +, Viktor Dukhovni wrote: > See patch just posted, and also pushed to github. This will likely fix > the CRL issue. > > commit 311f27852a18fb9c10f0c1283b639f12eea06de2 > Author: Viktor Dukhovni > Date: Thu Jan 14

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-14 Thread Viktor Dukhovni
On Thu, Jan 14, 2016 at 06:47:49PM +0200, Jouni Malinen wrote: > Many of the negative test cases that verify that server certificate > chain validation works by using mismatching trust roots (i.e., server > certificate is not issued by any of the trusted CA certificates) are > failing. You

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-14 Thread Jouni Malinen
On Thu, Jan 14, 2016 at 12:08:06PM -0500, Viktor Dukhovni wrote: > Well I rewrote the certificate chain verification code, perhaps some more > polish is needed. Please, if possible, send the chain being verified > (the leaf and and "untrusted" certs), plus the trusted roots (clearly > marked as

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-14 Thread Viktor Dukhovni
On Thu, Jan 14, 2016 at 08:35:26PM +0200, Jouni Malinen wrote: > Anyway, the incorrect > CA and the only certificate that was configured as trusted on the client > was this one: > http://w1.fi/cgit/hostap/plain/tests/hwsim/auth_serv/ca-incorrect.pem > while the server used this certificate: > >

[openssl-dev] OpenSSL version 1.1.0 pre release 2 published

2016-01-14 Thread Richard Levitte
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.1.0 pre release 2 (alpha) === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 2 has now