You do not say what OS you are running on. Solaris 11 has a known problem with
not reporting queued data. This was fixed by SRU-28.
Regards,
John Unsworth
From: openssl-users on behalf of 路连峰
Sent: Monday, September 23, 2019 4:55 am
To: openssl-users
Subject
Thanks. So in the meantime we can remove the DEFINE macros and the pragmas (or
just the pragmas as we have done) to build the no-shared libraries.
Regards,
John.
Originalmeddelande
Från: Richard Levitte
Skickat: 16 maj 2019 08:34:06 GMT-07:00
Till: John Unsworth
Ämne: RE
Solaris - solution and possible fix
On 5/16/19 6:46 AM, John Unsworth wrote:
> In the absence of any steer from openssl gurus we will proceed by
> removing the #pragmas in safestack.h and lhash.h while we build the
> no-shared libraries on solaris. Hopefully someone will come up with a
In the absence of any steer from openssl gurus we will proceed by removing the
#pragmas in safestack.h and lhash.h while we build the no-shared libraries on
solaris. Hopefully someone will come up with a proper fix at some point.
Regards,
John
From: openssl-users On Behalf Of John
Unsworth
hat used the .h files (hard to avoid since they are basic crypto
header files) but did not link with libcrypto.so. That library was explicitly
loaded by the app, but the app would not start because of the missing symbols.
See issues 6912 and 8102.
Regards,
John.
John Unsworth |Meta-Directory
defined(__SUNPRO_C)
#pragma weak getisax
in crypto\sparcv9cap.c
so maybe that needs consideration too.
Regards,
John.
-Original Message-
From: openssl-users On Behalf Of John
Unsworth
Sent: 10 May 2019 16:23
To: openssl-users@openssl.org
Subject: RE: OpenSSL 1.1.1b tests fail on Solaris -
originated from outside of Synchronoss.
On 5/10/19 11:23 AM, John Unsworth wrote:
> This seems to be caused by the ongoing saga documented
I have this working flawlessly on S10 ... what is the issue :
jupiter # /usr/local/bin/openssl version OpenSSL 1.1.1b 26 Feb 2019
dc
nssl1.1.1.
So, in 1.1.1b I can observe that OPENSSL_sk_new_null has been defined as below
in safestack.h.
pragma weak OPENSSL_sk_new_null
Can this be related ? Am I missing anything while Configure ?
<<<<<<<<<<<<<<<
Regards,
John.
-Original Message-
Fr
Original Message-
From: John Unsworth
Sent: 09 May 2019 10:48
To: openssl-users@openssl.org
Subject: RE: OpenSSL 1.1.1b tests fail on Solaris
This is the build line for sanity test:
rm -f test/sanitytest
${LDCMD:-cc} -xarch=v9 -xstrconst -Xa -xO5 -xdepend -m64 -xcode=pic32
-xldscope=hidden
: -xarch=v9 is deprecated, use -m64 to create 64-bit programs
Does it need -lssl?
John
-Original Message-
From: openssl-users On Behalf Of John
Unsworth
Sent: 09 May 2019 10:13
To: openssl-users@openssl.org
Subject: RE: OpenSSL 1.1.1b tests fail on Solaris
CAUTION: This email originated from
1b tests fail on Solaris
CAUTION: This email originated from outside of Synchronoss.
What is the output from:
$ make V=1 TESTS=test_sanity test
Matt
On 08/05/2019 19:22, John Unsworth wrote:
> I have build OpenSSL 1.1.1b 64 bit on Solaris SunOS 5.10
> Generic_Virtual sun
I have build OpenSSL 1.1.1b 64 bit on Solaris SunOS 5.10 Generic_Virtual sun4v
sparc SUNW,T5140.
./Configure -lrt solaris64-sparcv9-cc no-shared -m64 -xcode=pic32
-xldscope=hidden
It builds fine but all the tests fail, with or without no-asm. Can anyone help
please? Here is the start of the te
On Behalf Of John
Unsworth
Sent: 07 May 2019 09:06
To: openssl-users@openssl.org
Subject: RE: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN
CAUTION: This email originated from outside of Synchronoss.
Thanks, the mutex is tied to the SSL session and used for all calls (now!).
The
Thanks, the mutex is tied to the SSL session and used for all calls (now!).
The good news is that moving SSL_get_error() into the same mutex unit as
SSL_read() has solved the problem.
Thank you for all your help and advice.
Regards,
John.
John Unsworth |Meta-Directory Engineering and Support
Testing changed code.
Regards
John
From: openssl-users on behalf of Matt
Caswell
Sent: Friday, May 3, 2019 10:16 am
To: openssl-users@openssl.org
Subject: Re: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN
CAUTION: This email originated from outsi
Subject: Re: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN
CAUTION: This email originated from outside of Synchronoss.
On Thu, May 02, 2019 at 04:10:31PM +, John Unsworth wrote:
> > Do you wait for the non-blocking connect to complete at this point?
> We connect in blocking
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: 02 May 2019 15:56
To: openssl-users@openssl.org
Subject: Re: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN
CAUTION: This email originated from outside of Synchronoss.
> On May 2, 2019, at 5:56 AM
Openssl 1.1.0h
We have implemented the workaround - if SSL_ERROR_SYSCALL and errno=EAGAIN then
treat as WANT_READ/WANT_WRITE. This (seems to) work fine. No subsequent
problems, everything continues correctly.
Regards,
John
-Original Message-
From: openssl-users On Behalf Of Matt
Caswe
sl-users@openssl.org
Subject: Re: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN
CAUTION: This email originated from outside of Synchronoss.
> On May 1, 2019, at 9:47 AM, John Unsworth
> wrote:
>
> Create a non-blocking TCP socket.
> Call SSL_new(), SSL_set_fd(), SSL_co
This is what we do:
Create a non-blocking TCP socket.
Call SSL_new(), SSL_set_fd(), SSL_connect()
Thereafter call SSL_read().
Renegotiates handled by OpenSSL.
We have only seen the error very occasionally, the vast majority of calls
return SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
The followi
This is what we do:
Create a non-blocking TCP socket.
Call SSL_new(), SSL_set_fd(), SSL_connect()
Thereafter call SSL_read().
Renegotiates handled by OpenSSL.
We have only seen the error very occasionally, the vast majority of calls
return SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
The followi
We are using OpenSSL 1.1.0h on Linux to send operations to LDAP servers. We use
SSL_read() to receive the replies on a non-blocking socket. The vast majority
of times SSL_read() returns >0, SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE as
per the spec. However we are very occasionally seeing SSL_E
st_evp V=1 test
All tests successful.
Files=1, Tests=9, 1 wallclock secs ( 0.02 usr + 0.00 sys = 0.02 CPU)
Result: PASS
Regards,
John
-Original Message-
From: openssl-users On Behalf Of John
Unsworth
Sent: 13 April 2019 15:28
To: openssl-users@openssl.org
Subject: RE: Tests fail on
of Synchronoss.
On 11/04/2019 17:43, John Unsworth wrote:
> Attached. This is with the debug build.
Hmmm, this seems to suggest failures in SHA3 and X448 code. Perhaps assembler
issues?
Try compiling with "no-asm" as a Configure option. That's not really a viable
option for prod
Synchronoss.
On 11/04/2019 15:20, John Unsworth wrote:
> test\recipes\30-test_evp.t .. Dubious, test
> returned 4 (wstat 1024, 0x400)
Can you tell us the result from :
nmake TESTS=test_evp V=1 test
Thanks
Matt
"C:\Program Files (x86)\Microsoft Visual S
, 7, 9
Non-zero exit status: 4
test\recipes\80-test_ssl_new.t(Wstat: 512 Tests: 29 Failed: 2)
Failed tests: 20, 28
Non-zero exit status: 2
Thanks,
John Unsworth
he CA files
*sometimes* stops verification working
On Tue, Sep 06, 2016 at 06:10:42PM +0000, John Unsworth wrote:
> This seems to me to be very easy to validate by just inserting a self-signed
> certificate at the front of a CAfile that works.
>
> Attached are the 3 certificate files.
&
imes* stops verification working
> On Sep 6, 2016, at 11:53 AM, John Unsworth
> wrote:
>
> I have noticed the following behaviour:
>
> 1 Create a certificate file with two CA certificates, one for the server
> being connected to (server A) and one for another server (ser
OpenSSL 1.0.2h on Windows (different versions).
I have noticed the following behaviour:
1 Create a certificate file with two CA certificates, one for the server being
connected to (server A) and one for another server (server B).
2 Whichever way the CA certificates are ordered the connect works
I have now successfully built and tested 1.0.2c on Solaris 10 with gcc 4.7.2
from unixpackages.com.
./Configure solaris-sparcv9-gcc no-shared -m32 -fPIC -fvisibility=hidden
./Configure solaris64-sparcv9-gcc no-shared -m64 -fPIC -fvisibility=hidden
Looks like Solaris Studio is buggy.
This bug sh
I have now successfully built and tested 1.0.2c on Solaris 10 with gcc 4.7.2
from unixpackages.com.
./Configure solaris-sparcv9-gcc no-shared -m32 -fPIC -fvisibility=hidden
./Configure solaris64-sparcv9-gcc no-shared -m64 -fPIC -fvisibility=hidden
Looks like Solaris Studio is buggy.
This bug sh
If I build using just
./Configure solaris-sparcv9-cc
Everything works fine. However
./Configure solaris-sparcv9-cc -xcode=pic32
Causes the problem.
John.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openss
If I build using just
./Configure solaris-sparcv9-cc
Everything works fine. However
./Configure solaris-sparcv9-cc -xcode=pic32
Causes the problem.
John.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-
Good call.
I built with just solaris-sparcv9-cc and that works fine. Adding -xcode=pic32
introduces the problems. I need that flag because I am adding the openssl
static library into my shared library.
John.
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.o
This is from 1.0.1m openssl s_client:
TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
1.0.2 make test built with asm gets this far
../util/shlib_wrap.sh ./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
Doing pcbc
Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64()
ich one is failing?
On 04/15/2015 12:26 PM, John Unsworth wrote:
Still exactly the same crash. And even if these assembly code problems can be
fixed there is still the negotiation error after compiling with no-asm.
4280581268:error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record
mac:
Bug opened.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Salz, Rich
Sent: 14 April 2015 17:41
To: openssl-users@openssl.org
Subject: Re: [openssl-users] OpenSSL 1.0.2 Solaris 32 bit build is broken
You could mail it to RT and then it will at least be logged and not
target
platform.
On 04/15/2015 09:56 AM, John Unsworth wrote:
core 'core' of 24243: ./openssl rand 64
000e9ce8 sha1_block_data_order (2ec298, 2ec2f4, 4, ffbfe018, ffbfe01c, 44) + 8
00226160 ssleay_rand_add (ffbfe114, 1, 20, ffbfdfec, 0, 14) + 530
00227048 RAND_poll (4, ffbfe100, f
1.0.1
source into the 1.0.2 source. Then clean, configure, compile and try again.
There were changes to this file between 1.0.1 and 1.0.2. Perhaps a bug was
introduced. I'm assuming this script generates the SHA source for your target
platform.
On 04/15/2015 09:56 AM, John Unswort
e the same stack trace when simply using the random number generator:
./openssl rand 64
What if you simply use SHA1:
./openssl sha1
On 04/14/2015 12:17 PM, John Unsworth wrote:
Is no-one interested at all about this problem? Or do I need to send it to
another place?
Regards,
John.
From: ope
1.0.2 Solaris 32 bit build is broken
On Tue, Apr 14, 2015 at 12:17 PM, John Unsworth
wrote:
> Is no-one interested at all about this problem? Or do I need to send it to
> another place?
>
Can you try with a different compiler? Is Clang available to you? (If
not, I can provide you with
Is no-one interested at all about this problem? Or do I need to send it to
another place?
Regards,
John.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
John Unsworth
Sent: 10 April 2015 14:54
To: openssl-users@openssl.org
Subject: Re: [openssl-users] OpenSSL 1.0.2
Sorry, my fault. I wasn't following the instructions which tells me to look in
the "prefix" tree and there are all the include files nicely together again.
Apologies for time wasting.
John.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
John Un
I build openssl as static libraries that are then included in applications. Up
till 1.0.2 all the include files have been in one directory so building the
applications just involved using the single include folder, which I copied from
the openssl build, and the openssl static libraries. However
I am trying to build 1.0.2 on Solaris 10 64 bit with Studio 12.4 (12.3 failed
too).
./Configure solaris64-sparcv9-cc no-shared -m64 -xcode=pic32 -xldscope=hidden
./make
cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64
dness for accidents :-)
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of John Unsworth
Sent: 22 March 2013 15:07
To: openssl-users@openssl.org
Subject: RE: SSL negotiation fails on linux with 32 bit app
Further information. I ra
[mailto:owner-openssl-us...@openssl.org] On Behalf Of John Unsworth
Sent: 22 March 2013 14:41
To: openssl-users@openssl.org
Subject: SSL negotiation fails on linux with 32 bit app
I have built a LDAP client using OpenSSL on Windows that successfully
connects to a LDAP server. The code has been ported to linux
and would appreciate any
pointers.
John Unsworth
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated Lis
02:03
To: openssl-users@openssl.org
Subject: Re: Unknown message digest algorithm sha256RSA OpenSSL 1.0.1e
On 27-02-2013 23:54, John Unsworth wrote:
> I have a Windows CA that has created a sha256RSA CA cert and server cert.
> However OpenSSL fails to validate them.
>
> C:\MetaAndDi
I have a Windows CA that has created a sha256RSA CA cert and server cert.
However OpenSSL fails to validate them.
C:\MetaAndDirectory\certs>openssl verify -verbose -CAfile win2k8r2-ca.cer
win2k8r2-server.cer
win2k8r2-server.cer: /DC=net/DC=cp/DC=macc/CN=macc-JOHN-WIN2K8R2-1-CA
error 7 at 1 depth l
50 matches
Mail list logo
