We are active and continuing users of the z/OS port of OpenSSL, have just rebuilt 1.0.1c without heartbeats on a maintenance stream and are upgrading to 1.0.g on a future release stream. Just as example of staying current on z/OS.
We use z/OS on the server side only, and generates server certs from a Windows machine, and transfer the certs to USS using binary FTP. The server does not require a client cert since we couldn't get that working and have never had time to look into it. We don't use the openssl CLI on z/OS. We have even considered the port for Fujitsu BS2000 but don't have a business priority for it. All this to say that we sure hope that z/OS and OpenSSL continue to be real, and I'm glad to have read Tim's response. +-+-+-+-+-+-+-+-+- Dave McLellan, VMAX Software Engineering, EMC Corporation, 176 South St. Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749 Office: 508-249-1257, Mobile: 978-500-2546, dave.mclel...@emc.com +-+-+-+-+-+-+-+-+- -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Stephan Mühlstrasser Sent: Tuesday, April 29, 2014 4:48 AM To: Tim Hudson; openssl-users@openssl.org Subject: Re: State of EBCDIC support in OpenSSL Am 29.04.14 10:28, schrieb Tim Hudson: > Bug reports on EBCDIC with patches are definitely interesting as there > is an active community of OpenSSL z/OS users - at the very least the > other users will benefit from any work you have already done. I can provide bug reports, but at the moment I cannot promise that I can come up with corresponding patches as well. I did some research in the OpenSSL mailing list archives, and from that I have the impression that there's little activity from OpenSSL z/OS users over the last few years. Are there other places where you see the "active community of OpenSSL z/OS users"? > For the broader context I think you'll find the issue for handling > such platforms will usually be the typical one of regular platform access. > Checking, adjusting, and confirming patches which are platform > specific that are non-trivial basically requires access to the platform. > > One thing to consider is if you (or anyone else) is able to provide > permanent (or semi-permanent) access (via ssh) to a z/OS platform with > USS installed that places the user into a standard shell environment > with the compilers accessible. I'm sorry, but I can't help with platform access, as we only have a z/OS development system for porting our software, not even a real zSeries machine. I would expect that IBM itself should be interested in a working OpenSSL port for zSeries. We have a very old version of OpenSSL on our system that we downloaded from the IBM website in the past. This version is for example able to print out certificates correctly. Today the IBM website about open source software available for z/OS point to openssl.org for getting OpenSSL: http://www-03.ibm.com/systems/z/os/zos/features/unix/bpxa1ty1.html "The free unsupported version of OpenSSL previously offered here is no longer available. Instead, we refer you to the functionally equivalent version available from the official OpenSSL project website." If someone from IBM is reading this, please consider the request by Tim for access to a z/OS platform. Stephan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
