De: owner-openssl-us...@openssl.org Para: openssl-users@openssl.org Cc: Fecha: Tue, 31 May 2011 23:08:18 -0400 Asunto: RE: Errors with certificate signing x509v1 when making test. Test failed
> > From: owner-openssl-us...@openssl.org On Behalf Of gvfb > > Sent: Tuesday, 31 May, 2011 18:17 > > > > > Now I'm trying to walk the steps over again, so I will reinstall OpenSSL, > > which is needed for the IMAP toolkit. However, when making OpenSSL > > Aside: the people here probably can't help with the IMAP and PHP > parts. But we can try to help you get OpenSSL right. > > > it did not pass the tests, and throws an error when trying to test > > the x509v1 signing utility. > > For info: the x509 utility, which covers v1 and v3 and > multiple functions not just signing. The first test cases > are of *reformatting* v1 certificate files. > > > I have some hints that point to the problem being with the > > certificates, since the make of the OpenSSL throwed numerous warnings > > about pem_all.c, pem_xaux.c and pem_x509.c being called through a > > non-compatible type, and the making of PHP and OpenSSL throwing the errors > > > I mentioned make me think the matter are the certificates. > > See below. > > > The error that make test of OpenSSL throws is: > > echo test normal x509v1 certificate > > test normal x509v1 certificate > > sh ./tx509 2>/dev/null > > testing x509 conversions > > p -> d > > make [1]: > > > > ***[test_x509] Error 1 > > make[1] : se sale del directorio > /home/gerardo/Descargas/openssl-0.9.8e/test > > make:***[tests] Error > > 1. OpenSSL 0.9.8e is over 4 years old. I don't know about Ubuntu > schedule, but I would hope they would have a newer version. > Poking around a little, I find packages.ubuntu.com/natty > has openssl-0.9.8o listed. But in case it matters, there was > a visible change in 0.9.8j Jan2009 in use of extensions, and > 0.9.8m Feb2010 and later specifically the renegotiation extension -- > which was added partly to fix a serious Apache vulnerability! > > 2. Is the source you are building from a Ubuntu/Debian package > (copied to your homedir?) or base release from www.openssl.org? > If the former, are there any indications that it has been changed > from base, and if so how, for example a patches list? > > 3. Did you do 'config' and with what result, or 'Configure' and with > what option(s)? What do you have in the first noncomment block of the > toplevel Makefile (and is it recent)? > > 4. Exactly what warnings did you get on 'make'? If they're too many, > maybe the first 10 or so? For comparison, when I did 0.9.8e in 2007 > on RedHat (config'ed as plain linux-elf with shared) with gcc 3.4.4, > I got no such warnings on the sourcefiles you name, and all tests worked. > > 5. Try running a single simple test with output visible: > cd $BUILDDIR/test > ../util/shlib_wrap.sh ../apps/openssl x509 -in testx509.pem -text > Do you get better error message(s)? Or even normal output? > >Thanks, I've got the package for shared libraries libssl0.9.8 as well as the >-dev packages which I need to compile IMAP toolkit, I'll probably use those, >unless I manage to install from source and then I will enable mod_ssl on >apache, with a simple a2enmod. I did config without changing anything on >Configure, I simply did config and apparently succesfully, it only informed it >was configured for linux - elf. The warnings I got had to do with the pem >signatures, I believe, they were sort of: pem_all.c: In function ‘PEM_read_bio_X509_REQ’:pem_all.c:141:1: warning: function called through a non-compatible typepem_all.c:141:1: note: if this code is reached, the program will abort (...compiling)pem_all.c:147:1: warning: function called through a non-compatible typepem_all.c:147:1: note: if this code is reached, the program will abort (...compiling)pem_x509.c: In function ‘PEM_read_bio_X509’:pem_x509.c:68:1: warning: function called through a non-compatible typepem_x509.c:68:1: note: if this code is reached, the program will abortpem_x509.c: In function ‘PEM_read_X509’: (same result) // this was certainly not the output of the machine, its a comment of mine :) (...compiling)pem_x509.c: In function ‘PEM_read_bio_X509’:pem_x509.c:68:1: warning: function called through a non-compatible typepem_x509.c:68:1: note: if this code is reached, the program will abortpem_x509.c: In function ‘PEM_read_X509’: (same result) pem_xaux.c: In function ‘PEM_read_bio_X509_AUX’:pem_xaux.c:68:1: warning: function called through a non-compatible typepem_xaux.c:68:1: note: if this code is reached, the program will abort (...compiling)pem_pk8.c: In function ‘PEM_read_bio_PKCS8’:pem_pk8.c:240:1: warning: function called through a non-compatible typepem_pk8.c:240:1: note: if this code is reached, the program will abort (...compiling)x_all.c: In function ‘d2i_RSA_PUBKEY_bio’:x_all.c:266:9: warning: function called through a non-compatible typex_all.c:266:9: note: if this code is reached, the program will abort (Those are not the first 10, but a collection of the warnings of which I made a text grouping them by order of appearance and by what I could understand they meant, I obviously didn't do a good work there :) As for the output test (should I do the commands inside those directories or is it supposed to be a sort of bash script) Anyway, I'm sorry to say I have deleted the directory that I used to build, so I would have to run the config and making again. I will let you know if I can manage to do the test. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org
