Hi all,
When the openssl interactive mode was still possible, you could set up an
engine and then use it as follows:
OpenSSL> engine -t dynamic -pre
SO_PATH:/usr/lib64/openssl/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib64/pkcs11/onepin-opensc-pkc
On 13 Dec 2021, at 12:15, Tomas Mraz wrote:
> One option would be for a provider to provide provider-storemgmt
> implementation to load a key from its special URI. You'd then use
> OSSL_STORE from the application to load a private key from that special
> URI.
>
> Another, rather simplistic, appr
Hi all,
The ENGINE API is deprecated in favour of the new Provider API.
What is the provider equivalent function that replaces
ENGINE_load_private_key()?
Regards,
Graham
—
Hi all,
While running code that calls X509_verify_cert(), the trusted root certificates
(“BEGIN TRUSTED CERTIFICATE”) loaded into the verification are failing
verification with “certificate rejected”:
2: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE: verify failed:
certificate rejec
Hi all,
According to the manpage at
https://www.openssl.org/docs/man1.1.0/man3/BIO_s_file.html the macro BIO_tell()
casts to int:
/opt/local/include//openssl/bio.h:# define BIO_tell(b)
(int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
What happens if the file being parsed is larger than can fit in
Hi all,
I am trying to create a "Degenerate certificates-only CMS Signed-Data” using
openssl openssl-1.1.1c (from CentOS8) as described by
https://tools.ietf.org/html/draft-gutmann-scep-15#section-3.4, and in the
process I am getting the entry "Error: Object has zero length” in the PKCS7
struc
On 04 Aug 2019, at 01:56, Viktor Dukhovni wrote:
> An RSA signature verification operation (block type 01) failed,
> typically because the public used to check the signature does
> not match the private key used to sign the data.
Thanks for confirming this.
> Is this a server-side log or a clie
Hi all,
I have a WIndows 10 system with a smartcard attached to it.
Firefox+Smartcard works great.
Edge using the smartcard to the same site returns the following:
[Fri Aug 02 13:47:43.238262 2019] [ssl:info] [pid 20742:tid 139771397486336]
SSL Library Error: error:0407006A:rsa
routines:RSA_p
On 14 Jun 2019, at 09:41, Matt Caswell wrote:
> Correct. *All* of the above calls are no-ops in 1.1.0+, e.g:
>
> # define EVP_cleanup() while(0) continue
>
> There are one or two caveats around auto-init and auto-deinit of the library.
> The documentation for it is here:
>
> https://www.opens
Hi all,
I am currently reviewing the shutdown behaviour in both httpd’s mod_ssl and
apr’s apr-crypto-openssl modules.
Am I right in understanding that from openssl v1.1.0 and upwards, all the
following calls are no longer necessary, will be called automatically atexit by
the openssl library, a
On 19 Mar 2019, at 18:00, Viktor Dukhovni wrote
:
> Well, the *standard* structure for passing around just the unsigned
> data underlying a CSR (X509_REQ), is a CertificationRequestInfo
> (X509_REQ_INFO). So if the modules are to use *standard* structures
> to communicate. The object being passe
On 19 Mar 2019, at 03:22, Viktor Dukhovni wrote:
>> On Mar 18, 2019, at 8:22 PM, Graham Leggett wrote:
>>
>> How would I decode the X509_REQ_INFO structure on the other side, turning it
>> back into X509_REQ?
>
> The function returns the DER form of the CRI, w
On 18 Mar 2019, at 22:02, Dave Coombs wrote:
>> This makes sense - however there don’t appear to be any APIs in openssl that
>> allow you to manipulate a X509_REQ_INFO structure. I can create it, and
>> encode/decode it, but there is no X509_REQ_INFO_get_subject_name() (or
>> friends) to popul
On 18 Mar 2019, at 22:27, Viktor Dukhovni wrote:
>> (Even in the 1.1 API, where they are opaque, i2d_re_X509_REQ_tbs will encode
>> a given X509_REQ's X509_REQ_INFO for you.)
>
> Yes, i2d_re_X509_REQ_tbs is the key function for constructing the
> "to be signed" (tbs) request:
>
> int i2d_re_X
On 18 Mar 2019, at 18:49, Viktor Dukhovni wrote:
> A mandatory part of the CSR is missing. It is malformed.
Some further digging shows the CSR is indeed malformed - the old openssl code
created a CSR like this:
507:d=2 hl=2 l= 1 prim: OBJECT:itu-t
while the new openssl code
On 18 Mar 2019, at 12:51, Graham Leggett wrote:
>> which has a non-zero length signature algorithm OID (l = 9). Your
>> example has "l=0" where one would expect the signature OID after
>> the extensions.
>
> How do I fix openssl to parse this as it did
On 18 Mar 2019, at 04:55, Viktor Dukhovni wrote:
> On Mon, Mar 18, 2019 at 01:06:19AM +0200, Graham Leggett wrote:
>
>> [root@localhost ~]# openssl req -in req.bin -inform der
>> unable to load X509 request
>> 139903756527504:error:0D0C40D8:asn1 encoding
>> ro
Hi all,
While porting some code across from RHEL6 (openssl-1.0.1e-42) to RHEL7
(openssl-1.0.2k-16), I am getting the failure below where previously the code
worked.
The code creates an X509_REQ, populates it, and then passes this to a module.
Before passing it to the module, the structure is c
On 24 Jul 2018, at 18:06, Viktor Dukhovni wrote:
>> Or is it correct in v1.1.0 and above to just not initialise anything at all,
>> not clean anything up at all, and expect openssl to “do the right thing”
>> when mod_ssl is unloaded?
>
> Yes. And *especially* when the code that depends on Ope
On 24 Jul 2018, at 12:15, Graham Leggett wrote:
> Over at httpd we’re struggling with crashes and instability caused by
> attempts by various independent libraries we link to, all of which in turn
> link to openssl, initialising openssl multiple times. In turn these separate
> lib
Hi all,
Over at httpd we’re struggling with crashes and instability caused by attempts
by various independent libraries we link to, all of which in turn link to
openssl, initialising openssl multiple times. In turn these separate libraries
might de-initialise openssl on shutdown expecting a re-
On 14 Nov 2017, at 12:00 PM, mahesh gs wrote:
> We have application that provide DTLS security for SCTP connections. During
> our testing we found that API "SSL_connect " fail and always returns
> SSL_ERROR_WANT_READ which causes infinite loop in the application.
Are you properly handling that
On 09 Nov 2017, at 2:57 PM, Michael Wojcik
wrote:
>> This is openssl v1.0.1f (ubuntu xenial) talking to openssl v1.0.1f (ubuntu
>> xenial), although
>> trying openssl as shipped by MacOS Sierra on the client side gives the same
>> result.
>
> At least prior to 1.1.0, to use ECC in OpenSSL the
On 09 Nov 2017, at 4:17 AM, Michael Wojcik
wrote:
>> New, (NONE), Cipher is (NONE)
>> SSL-Session:
>>Protocol : TLSv1.2
>>Cipher:
>
> Yeah. TLSv1.2, no cipher. My guess is the server is allowing the 1.2 protocol
> level but not supporting any of the 1.2 suites.
Does this def
Hi all,
I am having quite a time trying to get postgresql v9.5 to talk over SSL on
Ubuntu Xenial, running openssl v1.0.1f. Previously my setup was Ubuntu Trusty,
and this works fine.
The questions I have based on the info below:
- It is the openssl s_client side that is triggering the handshak
Hi all,
I am having a problem where an iPhone running iOS v9.3.3 is attempting to
connect to httpd+openssl on CentOS7 and suddenly failing when this used to work
in the past.
The client (iOS) seems to believe the SSL handshake is successful, and so
attempts to send some application data. The s
Hi all,
I am trying to use “openssl verify” as a sanity check to determine whether a
set of certificates are sane and valid in a script that issues (or reissues)
the certificates, and I’m struggling with the output of the “openssl verify”
command.
This is output I get while verifying three cer
On 3 Sep 2015, at 19:23, Viktor Dukhovni wrote:
> Cat those files into /dev/urandom or /dev/random. That'll mix them
> into the system's entropy pool. Then generate keys as usual from
> /dev/urandom.
I have used a deck of playing cards as a source of entropy, saved to a ram disk
on a system w
On 04 Apr 2015, at 9:46 PM, Michael Clark wrote:
> I am having an issue where the server crashes on subsequent connections
> *if* I close the connection file descriptor. See the note in
> openssl_async_echo_server.cc on line 239. If I leak a file descriptor
> and the next connection uses a new fd
Hi all,
I just tried out the most recent version of freeradius (v3.0.7), and it failed
to start up with the following message:
Thu Mar 5 11:12:33 2015 : Info: Debugger not attached
Thu Mar 5 11:12:33 2015 : Error: Refusing to start with libssl version OpenSSL
1.0.1e-fips 11 Feb 2013 0x1000105
On 22 Feb 2015, at 11:22 PM, Tinker wrote:
> I need your authoritative answer on the following question.
[snip stuff that is too long]
You are totally overthinking this.
The SSL protocol involves negotiation, during which the sender and the receiver
exchange data with each other. What this me
On 21 Feb 2015, at 12:58 PM, Serj Rakitov wrote:
> I set socket to non-blocking mode.
>
> 1. If I do SSL_read() and get result <=0 and then SSL_get_error() returns
> SSL_ERROR_WANT_WRITE what must I to do?
> Is it enough to call SSL_write(ssl,0,0) one time and then again call
> SSL_read() unti
On 28 Oct 2014, at 1:30 PM, Florian Weimer wrote:
> * Graham Leggett:
>
>> I have a need to parse the first incoming hello packet on an
>> incoming TLS connection and based on the presence (or absence) of
>> the SNI header, choose to pass the connection through to a
Hi all,
I have a need to parse the first incoming hello packet on an incoming TLS
connection and based on the presence (or absence) of the SNI header, choose to
pass the connection through to another server.
What openssl functions should I be looking at to do this?
Regards,
Graham
—
_
Hi all,
Can anyone confirm the order in which certs are returned by
SSL_get_peer_cert_chain()?
Regards,
Graham
—
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hi all,
Looking at the headers in the FIPS module of openssl, I see none of the
EVP_Encrypt* functions are available. Am I assuming correctly that no
symmetrical encryption is possible at all in FIPS mode?
Regards,
Graham
—
__
Hi all,
In the HLS protocol[1], there is the option of serving encrypted data protected
by a simple symmetrical key and AES-128. The symmetrical key is served to the
client over a secure connection, and the data is then retrieved separately over
a probably-insecure-but-cacheable connection and
On 23 Apr 2014, at 2:23 PM, Kaushal Shriyan wrote:
> I am new to SSL/TLS Certificates. Please help me understand what is the
> difference between ROOT CA Certs and Intermediate Certs or Chain Certs. I
> will appreciate if i can refer to some books or tutorials to know about
> SSL/TLS technolog
On 13 Apr 2014, at 2:04 PM, Michael Ströder wrote:
> No, it does *not* answer the question.
>
> The question was: Who is currently using it?
Just to clarify any possible confusion, whether or not a piece of software
actively uses the heartbeat makes no difference to the bug, you are still
vul
On 13 Apr 2014, at 12:25 PM, Hanno Böck wrote:
> I wasn't really sure where to ask this, but I think this list is
> appropriate.
>
> While having read so much about heartbleed, one question stays
> unanswered for me all the time:
> What's the use of this heartbeat extension? I mean not the theor
On 18 Jan 2014, at 2:25 PM, "Dr. Stephen Henson" wrote:
> Have a look at demos/x509/mkcert.c
I eventually found it was as simple as this:
*extension = X509V3_EXT_conf(NULL, NULL, (char *)name, (char *)val);
What threw me was whether it was ok to pass NULL or not (it is).
Regards,
Graham
-
On 18 Jan 2014, at 4:09 AM, Graham Leggett wrote:
> I am trying to load the name and value of an X509 extension programmatically
> via the API (in other words, the openssl.cnf file isn't being used), and I am
> struggling with openssl telling me that the tag doesn't exist.
&
Hi all,
I am trying to load the name and value of an X509 extension programmatically
via the API (in other words, the openssl.cnf file isn't being used), and I am
struggling with openssl telling me that the tag doesn't exist.
The extension I want to load has the name "keyUsage" and value
"nonR
Hi all,
In a typical client certificate scenario, you might verify that a certificate
chain is complete, not expired, and trusted by a root certificate. If you were
to choose a way to authorize the certificate over and above the check that the
cert is valid, you might store it's subject in a di
Hi all,
I have a cert, a CA cert, and N intermediate certificates, each in three
separate files. I don't know the value of N during this process.
What I need to do is combine these certs into a P12 file, but crucially I need
to give the cert and the CA cert very specific nicknames for further s
On 07 Sep 2013, at 11:26 PM, Steve Marquess
wrote:
> Note that Dual EC DRBG is *NOT* used by default and a calling
> application must specifically and deliberately enable it; that cannot be
> done accidentally. Any application which does so will hopefully be fully
> aware of the consequences (an
On 17 Aug 2013, at 06:03, Unga wrote:
> My encrypted file is with you. It is encrypted without a salt. I'm scared you
> may use a sophisticated system to decrypt it and read the sensitive info. I
> use a per file not guessable 150 character password. This password is not
> repeated, only reuse
On 19 Apr 2013, at 21:06, Felipe Gasper wrote:
>What are the big things out there that still don’t have SNI support?
>
>As far as I know:
>
> CentOS 5 (by default)
> Android 2.x
> original iPhone & iPod Touch
> IE on WinXP
>
>I’m looking for “major obstacles to deployment”. The Wik
On 16 Nov 2012, at 4:37 PM, PraveenPVS wrote:
> I need to load RSA Public key which is stored in the char buffer. I came
> across d2i_RSA_PUBKEY function to do the same (Please correct me if I am
> wrong here).
The "d2i" in the function you're trying to use means "from DER encoded to
internal",
On 16 Nov 2012, at 4:36 AM, Jeffrey Walton wrote:
> On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton wrote:
>> On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai wrote:
>>>
>>> CryptGenRandom(hCryptProv, SEED_SIZE, buf); // On Windows OS
>>> apr_generate_random_bytes(buf, SEED_SIZE); // On
On 07 Nov 2012, at 4:50 PM, Ted Byers wrote:
> Why does it need to be something in openssl?
Ideally because it needs to be as secure as openssl.
I'm after an accurate time duration between two ASN1_TIME values, that is not
dependent on local conditions, or any external libraries.
Regards,
Gra
On 07 Nov 2012, at 4:08 PM, Dirk-Willem van Gulik wrote:
> The bit of code I stole from x509/x509_vfy.c works for me.
>
> Dw.
>
>if(!(X509_CRL_get_nextUpdate(crl))
> return -1;
>
> int i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
> if (i == 0)
>
On 07 Nov 2012, at 3:57 PM, Jakob Bohm wrote:
> Look in the code that checks certificates for expiry (during certificate
> validation), it probably calls an appropriate subroutine on the expiry
> date in the X509 cert.
Already did that, the function you're referring to is called X509_cmp_time()
Hi all,
I would like to know how long a CRL has until it expires in seconds (or milli
or microseconds, don't care, I can convert), and am struggling to find a
formally supported way to do this.
What I would like to do is return the difference between a given ASN1_TIME and
the current time, or
On 27 Oct 2012, at 2:18 PM, "Stefan H. Holek" wrote:
>> I understand as per RFC2585 that the MIME type for a CRL is
>> application/pkix-crl, but I am struggling to figure out whether there is a
>> way to specify using MIME types and/or content negotiation whether the CRL
>> is PEM encoded or D
Hi all,
I understand as per RFC2585 that the MIME type for a CRL is
application/pkix-crl, but I am struggling to figure out whether there is a way
to specify using MIME types and/or content negotiation whether the CRL is PEM
encoded or DER encoded.
Is there a Content-Encoding for PEM specified
On 12 Oct 2012, at 3:59 PM, Tom Browder wrote:
> I have successfully generated SSL client certs (generated with openssl
> 1.0.1c) used by Safari, Firefox, and Chrome on Linux and Windows plus
> IE 9 on Windows, but I cannot get successful access with either Safari
> or Firefox on Mac OS X.
>
> W
On 12 Oct 2012, at 1:40 AM, "Charles Mills" wrote:
> How do you specify the name (URL) of the Web site in Firefox? Do you use
> exactly the same name as you use with the test client (and the name in the
> certificate)?
>
> Firefox is saying the certificate is for myserver but you are specifyi
On 12 Oct 2012, at 1:03 AM, Derek Cole wrote:
> I installed my_server_cert.pem as a trusted authority in firefox, however, it
> still prompts that it is an "Untrusted Connection" and has the button to add
> security exception. When I click this button, I noticed that under
> Certificate Status
Hi all,
I have some openssl code that creates a certificate based on a SPKAC, and then
attempts to send the certificate back to the browser. This works fine in
Firefox, but doesn't working in Safari, or at least it does work, except that
Safari doesn't recognise the MIME type of the certificate
On 06 May 2011, at 9:23 PM, derleader mail wrote:
Can you show us the source code. Paste it into pastebin.org.
We do non blocking SSL by accepting the socket in the normal way
(using accept, not SSL_accept), and then wrapping the socket in a BIO
like this:
BIO *sbio = BIO_new_so
On 20 Mar 2011, at 9:35 PM, Victor Duchovni wrote:
What's the obstacle to a global variable that is initialized once and
never changes? You also only need to call:
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
once, ... so there needs to be some once-only code in your
On 21 Jan 2011, at 7:20 PM, Dr. Stephen Henson wrote:
You can read the CRL into an X509_CRL stucture using d2i_X509_CRL()
or the
PEM functions using a memory BIO.
Once you have the X509_CRL structure you can add the CRL with
X509_STORE_add_crl().
When reading a CRL in a directory, is it eno
Hi all,
I am trying to load a CRL, and currently my options seem to be
choosing one of the following:
X509_STORE_add_lookup(certstore, X509_LOOKUP_hash_dir())
X509_STORE_add_lookup(certstore, X509_LOOKUP_file())
The dilemma I face is that I need to do this in a non blocking fashion
in an e
On 2010/03/20 6:55 PM, Nuno Gonçalves wrote:
Questions:
Is normal that firefox hangs when it doesn't have a valid certificate
to provide?
Openssl output looks OK?(or the error in the end is a exception?)
I am not 100% sure of the details, but I do recall a hang being a
symptom of using a clie
Hi all,
Now that I have my full error message, the problem I have is that the
verification is failing because the certificate has expired:
error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:
Verify error:certificate has expired
The error message is correct - the certifica
On 07 Mar 2010, at 12:13 AM, Graham Leggett wrote:
Can anyone tell me what function I should be using to retrieve the
error saved by ERR_add_error_data()?
After some reverse engineering, it turns out ERR_get_error_line_data()
does the trick. It was the file and line parameters that threw
Hi all,
I am currently struggling to get to the bottom of a problem verifying
a PKCS7 message, and before I can make any headway, I need access to
the error message.
The error message I am getting is this:
"error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error"
which, given
Sebastián Treu wrote:
> are thes equivalent to each others? or should I use the openssl
> toolkit? I ask this cause sha1sum results are 41 bytes long. the
> SHA-1() doc says 20bytes for output.
Check whether the binary sha1 hashes are being encoded along the way. A
common way to encode sha1 hashe
Randy Turner wrote:
> As an investor, I would rather have my coders use a product with
> documentation to "make progress"
> on the actual goals of the product, rather than reverse-engineer the
> information they're trying to look for.
Obviously, as I already stated below:
>> So would I.
Regar
Kenneth Goldman wrote:
> 1 - Reading the source is only as reliable as the skill of the reader and
> the comments in the code. I'd rather have the answers than a research
> project.
So would I. But far too often, in code of all kinds, this documentation
doesn't exist. As an investor I would far
Tim Ward wrote:
> Yes indeed. This is why I often go for commercial software in preference
> fo "free" - it took me a day and a half to get a working Visual Studio
> 2005 debug DLL built, at a cost to my client of ... er ... well ... none
> of anyone else's business really, but lots more than any
Peter Wilkes wrote:
> so we ran this with a 64 bit int and noticed that 128 bits comes out.
> can we safely ignore the other 64 bits? why are we getting 128 bits out?
Ciphers generally encrypt data in fixed-width blocks, which means you'll
end up with a final encrypted cyphertext of a multiple of
carock wrote:
Unfortunately, I'm dealing with an HP Proliant server. Specifically the iLO
interface which is a backend management device embeded in the server.
This device has it's own SSL cert from the factory. With the latest rounds
of updates from Firefox, that browser now complains "my cert
carock wrote:
Can the same process be duplicated without going commercial? I need a
certificate that doesn't use a FQDN for the common name and I haven't found
a commercial one that allows that.
Set up your own CA, and issue your own certificates to your own
requirements. The problem then boi
loody wrote:
Is there sample code or ducument I can realize how to use EVP?
On MacOSX, the normal man pages document the API for EVP*, I assume it
is the same on the other unix environments.
"apropos EVP" should get you started.
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptograp
Victor Duchovni wrote:
Because in amost all cases that's exactly the right advice.
The cryptography learning that is sufficient and desirable is from books
such as "Applied Cryptography" which cover protocols and algorithms
at a high level. Studying the implementation or creating ones own
imple
csross wrote:
I don't know what is the purpose of building openssl shared. I am building
apache with ssl statically built in. What does building a shared openssl
give me?
The ability to upgrade openssl without having to recompile anything else.
Regards,
Graham
--
smime.p7s
Description:
Julian wrote:
Never ship a Shared OpenSSL library. Anyone can rebuild it to output the
socket buffer to disk prior to encryption and replace yours.
If someone can do that, you've been owned already, compiling it static
won't make any practical difference.
Regards,
Graham
--
smime.p7s
Desc
Hi all,
I have found an anomaly in the EVP code with an ECB cipher which is
claiming to have an IV length greater than zero.
I am under the understanding that all ECB algorithms should have an IV
size of zero - is that correct?
The gdb trace is shown below - is this a potential bug or am I
[EMAIL PROTECTED] wrote:
Does openssl support RFC2898, and if so, what function should I be
looking at?
PKCS5_PBKDF2_HMAC_SHA1()
This function seems to be undocumented:
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
unsigned char *salt, int saltlen, int
Hi all,
According to the man page for EVP_BytesToKey, "Newer applications should
use more standard algorithms such as PKCS#5 v2.0 for key derivation".
Unfortunately the man page stops there, and doesn't give a clue as to
which openssl function should be used to derive a key in a compliant way
Hi all,
Is there a function in OpenSSL that is capable of listing the possible
ciphers that are supported by EVP_get_cipher_byname()?
Regards,
Graham
--
__
OpenSSL Project http://www.openssl.org
On Wed, November 21, 2007 2:39 pm, Lidia Fernández wrote:
> I have to encrypt a file in c with openssl and then i have to decrypt in
> Java.
>
> In Java i use to decrypt the algorithm
>
> Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
>
> With OpenSSL i use
>
> openssl enc -a -des
Hi all,
The SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file()
allow you to assign a key and cert respectively to an SSL_CTX.
I have been hunting for a while, and I have as yet not found the
opposite functions, to extract the cert and key from an SSL_CTX.
Am I missing somethin
Hi all,
I have a need to encrypt a block of text (a cookie) in such a way that the
contents of the cookie can be protected[1] if and when the cookie is
stolen in transit.
I would like to use EVP_EncryptInit and friends to do this, and this
function requires that I provide a key and iv to be used
Clemens Chiba said:
> I use Winsocks and OpenSSL in a client application which simulates
> HTTPS request, and it works fine as long as I don't use a proxy
> (proxy name/port same as host name/port).
>
> But if I set a proxy it does not work anymore. This is clear
> because the proxy does not know
Hi all,
While trying to install v0.9.7e of openssl on a Solaris v2.8 machine, the
build completes fine, but it bombs out during make install as below.
Google has found two other questions on mailing lists about this problem
(one on NetBSD, one on Irix) but these questions were never answered. One
Hi all,
After the make install step after compiling v0.9.6 beta 1 of OpenSSL, my
/usr/local/ssl/lib directory looked like this:
[3:22pm] root@dsnstar:/opt/local/ssl/lib# ls -al
total 15364
drwxr-xr-x 2 root other512 Sep 15 15:21 ./
drwxr-xr-x 9 root other512 Sep 15 15
Hi all,
Is it possible to compile openssl v0.9.5a as a shared library under
Solaris v2.6?
The default compilation builds static libs only. There does not seem to
be any mention of shared library support anywhere in any of the build
docs, and the standard --enable-shared doesn't work.
Any ideas?
90 matches
Mail list logo
