Hello!
On Mon, 4 Jul 2005, Andy Polyakov via RT wrote:
Sorry, I've forgotten to mention I use 20050627 snapshot and
./config -g shared zlib works fine.
Run ./config -t. Does it suggest any extra flags to ./Configure, such as
386? If it does, then I'd recommend to pass it down to
Hello!
On Mon, 4 Jul 2005, Andy Polyakov via RT wrote:
Sorry, I've forgotten to mention I use 20050627 snapshot and
./config -g shared zlib works fine.
Run ./config -t. Does it suggest any extra flags to ./Configure, such as
386? If it does, then I'd recommend to pass it down to
Figured couple of clarification notes are due:-)
Added files: (Branch: OpenSSL_0_9_8-stable)
openssl/ms do_win64a.bat do_win64i.bat
Modified files: (Branch: OpenSSL_0_9_8-stable)
openssl Configure e_os.h
openssl/crypto
So how to build on AMD 64 and Intel EM64T I summarize here:
1. perl Configure VC-WIN32
2. ms\do_ms
3. perl ms/uplink.pl win64a uptable.asm
4. ml64 -c uptable.asm
5. modify the mak files as above
6. nmake -f ms\ntdll.mak
I hope it helps others out.
As per today the above unsupported
Andy Polyakov writes:
As per today the above unsupported instructions have to be declared
officially invalid. This is because if built according to above, the
resulting .dll will be binary incompatible with one built according to
newly introduced supported procedure:
- perl Configure
As per today the above unsupported instructions have to be declared
officially invalid. This is because if built according to above, the
resulting .dll will be binary incompatible with one built according to
newly introduced supported procedure:
- perl Configure VC-WIN64A [or VC-WIN64I for
Hi,
newly introduced supported procedure:
- perl Configure VC-WIN64A [or VC-WIN64I for Itanium];
- ms\do_win64a [or ms\do_win64i for Itanium];
- nmake -f ms/ntdll.mak;
This applies to upcoming 0.9.8 and most likely future releases. A
This is great news. Thank you for your great work. It
Andy Polyakov writes:
Hmm, I think it would be good to create a INSTALL.W64,
I'm writing one right now. A.
Great!
Cheers,
Richard
-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte
When creating a certificate using an openssl CA, I specify the x509v3
extension basicConstraints = critical,CA:FALSE.
Looking at the generated certificate using
% openssl x509 -noout -text -purpose -in nonca.pem
...
X509v3 Basic Constraints: critical
CA:FALSE
Let's start the week off with less hostility and more productive
criticism on this topic.
If you want productivity, then provide real evidence in form of stack
backtrace at segmentation violation point, disassemble output in the
vicinity of segmentation violation point and 'info registers'
On Tue, Jul 05, 2005, Martin Kraemer wrote:
When creating a certificate using an openssl CA, I specify the x509v3
extension basicConstraints = critical,CA:FALSE.
Looking at the generated certificate using
% openssl x509 -noout -text -purpose -in nonca.pem
...
X509v3 Basic
Sorry, I've forgotten to mention I use 20050627 snapshot and
./config -g shared zlib works fine.
Run ./config -t. Does it suggest any extra flags to ./Configure, such as
386? If it does, then I'd recommend to pass it down to ./Configure when
latter is invoked manually.
Thank you, it helps.
When testing a certificate for its allowed purposes, I found:
$ for purpose in sslclient sslserver nssslserver smimesign smimeencrypt crlsign
any ocsphelper
do
echo -n ${purpose}:
openssl-0.9.8 verify -verbose -CAfile ca_chain.txt -purpose $purpose my.pem
done
sslclient:my.pem: OK
This is the second confirmed report of the same problem on the ppc8xx.
After reading my email. I must say I was the unfriendly one, I
apologize for that.
More debugging evidence to come.
-- Forwarded message --
From: Murch, Christopher [EMAIL PROTECTED]
Date: Jul 1, 2005 9:46
Since then CA checks have been made mandatory in the code even if Any
Purpose is set. So if you actually tried to use that certificate as a CA it
would be rejected.
If that is so, then how can the following happen (with a recent
openssl-dev):
% openssl version -a
OpenSSL 0.9.9-dev XX xxx
On Tue, Jul 05, 2005 at 05:45:09PM +0200, Martin Kraemer wrote:
If that is so, then how can the following happen (with a recent
openssl-dev):
Oops - it can because here, the critical flag is missing. Sorry.
Martin
--
[EMAIL PROTECTED] | Fujitsu Siemens
Fon: +49-89-636-46021,
On Tue, Jul 05, 2005, Martin Kraemer wrote:
When testing a certificate for its allowed purposes, I found:
$ for purpose in sslclient sslserver nssslserver smimesign smimeencrypt
crlsign any ocsphelper
do
echo -n ${purpose}:
openssl-0.9.8 verify -verbose -CAfile ca_chain.txt
On Tue, Jul 05, 2005, Martin Kraemer wrote:
Since then CA checks have been made mandatory in the code even if Any
Purpose is set. So if you actually tried to use that certificate as a CA it
would be rejected.
If that is so, then how can the following happen (with a recent
openssl-dev):
First pass debugging results from gdb on ppc8xx. Executing ssh-keygen
with following arguments.
(gdb) show args
Argument list to give program being debugged when it is started is
-t rsa1 -f /etc/ssh/ssh_host_key -N .
Program received signal SIGSEGV, Segmentation fault.
BN_bn2dec
I can tell you with certainty, with reference to the function
BN_bn2dec, that since lp is a pointer, and within the while loop
around bn_print.c:136 lp is being incremented. Because the test
BN_is_zero(t) is always false, you have a pointer that is going off
into the stratosphere, hence the
Hello.
I get these errors running the tests on Mandriva Linux Cooker, amd64:
$ make test_ec
[...]
testing internal curves: .
EC_GROUP_check() failed with curve secp224r1
.
EC_GROUP_check() failed with curve secp384r1
...
EC_GROUP_check() failed with curve prime256v1
I'm starting the release of 0.9.8. Hold ye' horses.
Cheers,
Richard
-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8 of our open
Let's take first call to BN_div_word for example from BN_bn2dec, the
parameter being passed to BN_div_word is (a=35, w=10) (decimal
numbers). It then calls the bn_div_words with (h=0, l=35,
d=10) if you examine the code in linux_ppc32.s it will exit
early on because h is 0. the
Let's take first call to BN_div_word for example from BN_bn2dec, the
parameter being passed to BN_div_word is (a=35, w=10) (decimal
numbers). It then calls the bn_div_words with (h=0, l=35,
d=10) if you examine the code in linux_ppc32.s it will exit
early on because h is 0. the
Okay, having actually did what Andy suggested, i.e. the one liner fix
in the assembly code, bn_div_words returns the correct results.
At this point, my conclusion is, up to openssl-0.9.8-beta6, the ppc32
bn_div_words routine generated from crypto/bn/ppc.pl is still busted.
Your solution is
Okay, having actually did what Andy suggested, i.e. the one liner fix
in the assembly code, bn_div_words returns the correct results.
Note that the final version, one committed to all relevant OpenSSL
branches since couple of days ago and one which actually made to just
released 0.9.8, is a
Hi All,
I just checked this against my own FreeBSD 4.8 system and got the exact
same segfault. This was with SNAP-20050704 I'll try FreeBSD 4.11 next.
Ted
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dmitry Belyavsky via
RT
Sent: Monday, July 04,
Would You please apply the second DIFF file in sead of the first one ?
- Original Message -
From: Stephen Henson via RT [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 05, 2005 2:14 AM
Subject: [openssl.org #1109] Ticket Resolved
According to our records, your request
I mean this one:
- Original Message -
From: Stephen Henson via RT [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 05, 2005 2:14 AM
Subject: [openssl.org #1109] Ticket Resolved
According to our records, your request has been resolved. If you have any
further questions or
I meant to apply this diff file - it's better solution ;)
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
[EMAIL PROTECTED] - Wed Jul 6 01:10:41 2005]:
Would You please apply the second DIFF file in sead of the first one ?
According to our records, your request has been resolved. If you
have any
further questions or concerns, please respond to this message.
I thought I had applied the
The one with additional config options was the first one.
The one without config options is better (according to me) and is the second
one.
Both are working.
Just the second one does not need config options.
Do You need a diff file between the latest ca.c - version 1.150 and my
second diff
I just checked. As I see there are actually 3 diff files there
(http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=1109):
1. File difference report generated by CSDiff by ComponentSoftware on
13.6.2005 Ç. 13:19 - 3.3KB
2. --- openssl-0.9.8-beta5/apps/ca.c.oldFri Apr 15 21:29:34
[EMAIL PROTECTED] - Wed Jul 6 01:40:04 2005]:
You applied the 2nd one in stead of the 3rd one. I just forgot about
the 1st
one.
What should I do now in order to apply the 3rd one?
Personally I prefer the patch that has been applied over the 3rd one.
The applied patch allow the
If You think so Ok then ;)
Let's leave it as it is. Thank You very much and once again sorry for the
inconvenience.
Best regards
Stefan
- Original Message -
From: Stephen Henson via RT [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: openssl-dev@openssl.org
Sent: Wednesday, July
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
37 matches
Mail list logo
