Re: TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?

On 9/25/20 8:55 AM, Viktor Dukhovni wrote: > Well, I expected you to post a working and non-workin trace for the > *same* server endpoint, with the good and bad configuration. > > Secondly, (snip) > Where's the recording of the successful transmission to port 465 (and > not say 587). you asked f

Re: TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?

On 9/25/20 12:18 AM, Viktor Dukhovni wrote: > On Thu, Sep 24, 2020 at 09:26:26PM -0700, PGNet Dev wrote: > I must lodge a complaint on wasting my time here seems your're done, then. thx anyway. > you intimated that just changing openssl.cnf makes the difference. i didn't &#

Re: TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?

On 9/24/20 9:13 PM, Viktor Dukhovni wrote: > On Thu, Sep 24, 2020 at 08:30:35PM -0700, PGNet Dev wrote: > Is that really the session you intended to capture. Interestingly phrased! The intention was to capture the tcp data 'thru' the failed event. That^^ is the data streamed

Re: TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?

On 9/24/20 7:32 PM, Viktor Dukhovni wrote: > On Thu, Sep 24, 2020 at 06:43:05PM -0700, PGNet Dev wrote: > >> Been awhile since I 'de-noised' a comms dump; I'll dust off my notes, & work >> on getting a useful/relevant PCAP file ... > > # tcpdump

Re: TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?

On 9/24/20 5:51 PM, Viktor Dukhovni wrote: >> again, the _only_ change between the two submissions is the addition of the >> "ServerPreference" option to the openssl.cnf config. > > This looks like the protocol version is no longer TLS 1.3 as a result, > and one side or the other now expects or s

Re: TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?

> I'd be tempted to drop most if not all of those settings, they're not > email-friendly. PUBLIC email non-friendly, because of still-frequent old cipher/protocol implementations? or, inherently problematic with TLS in/onr SMTP? in this case, there's nothing public ... both the dovecot and po

TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?

i've got two servers communicating over ssl. comms between them work if /etc/pki/tls/openssl.cnf includes Options = PrioritizeChaCha but fail if 'ServerPreference' (cref: Undocumented openssl.cnf options and PrioritizeChaCha https://b

Re: matching openssl's enc ciphers to php's openssl functions' ciphers: where's "chacha20-poly1305"?

On 8/13/20 3:03 PM, Thomas Dwyer III wrote: > I think you want "openssl ciphers" rather than "openssl enc -ciphers". Per > the "enc" man page: > > The enc program does not support authenticated encryption modes like > CCM and GCM, and will not support such modes in the future.

matching openssl's enc ciphers to php's openssl functions' ciphers: where's "chacha20-poly1305"?

I'm deploying a php app that makes use of php's openssl functions https://www.php.net/manual/en/ref.openssl.php atm, I've php -v PHP 7.4.8 (cli) (built: Jul 9 2020 08:57:23) ( NTS ) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 The php

Re: cipherlist with only tlsv1.3 ciphers reports error?

On 7/20/19 8:17 AM, Viktor Dukhovni wrote: On Sat, Jul 20, 2019 at 07:35:49AM -0700, PGNet Dev wrote: Checking cipherlist for just TLSv1.3 ciphers FAILs here, openssl ciphers -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-S

Re: cipherlist with only tlsv1.3 ciphers reports error?

Hi, On 7/20/19 7:28 AM, Viktor Dukhovni wrote: > On Fri, Jul 19, 2019 at 10:38:19AM -0700, PGNet Dev wrote: > >> I suspect I've misunderstood usage of TLSv1.3 @ >> >> https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ >> >> Checking ciphe

Re: cipherlist with only tlsv1.3 ciphers reports error?

>>> Configuration file difference? > >> which config file are you referring to? > > The default OpenSSL configuration file. openssl.cnf, in the directory > displayed by "openssl version -d". But I can't think offhand of anything in > the configuration file that I'd expect to have this sort of

Re: cipherlist with only tlsv1.3 ciphers reports error?

> Works for me: > $ openssl ciphers -stdname -s -V > 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384' simplifying to build defaults ./config -v \ --prefix=/usr/local/ssl-test \ --openssldir=/usr/local/ssl-test \ --libdir=lib

Re: cipherlist with only tlsv1.3 ciphers reports error?

> Works for me: heh. of COURSE it does! sanity check here, openssl ciphers -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384' Error in cipher list 140042399306176:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher

cipherlist with only tlsv1.3 ciphers reports error?

I suspect I've misunderstood usage of TLSv1.3 @ https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ Checking cipherlist for just TLSv1.3 ciphers FAILs here, openssl ciphers -stdname -s -V 'TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384'

Re: Error building app on RHEL 7 with openssl 1.1.1

On 7/18/19 3:37 PM, Mark Richter wrote:> I use: > > ./config --prefix=/opt/openssl1.1 --openssldir=/opt/openssl1.1 --libdir=lib no-shared zlib-dynamic just fyi, the options were simply referring to the linking issue, not an inclusive list; hence the ellipsis > I'm pretty sure I can't just us

Re: Error building app on RHEL 7 with openssl 1.1.1

On 7/18/19 1:34 PM, Mark Richter wrote: This is probably along the same lines as other questions I have hasked. I built the 1.1.1 libraries and installed them in /opt/openssl1.1, then modified the Makefile to include the right –I and -L flags, but I get this error: haven't backtracked throug

webserver+openssl 1.1.1c failing to use CHACHA20 ciphers, and fails to launch at all if just TLSv1.3 cipherlist is specified?

I run nginx 1.17.1 + openssl 1.1.1c on linux. I typically configure recommended defaults for SSL usage, and it "just works", with ssllabs reporting my sites as healthy with an "A+", fwiw. Now, I'm currently working setting up a local-only server, attempting to get it to use TLSv1.3/CHACHA20 onl

Re: [openssl-users] TLS 1.3 and the release

I'm just dealing with trying to get openssl 1.1.0 to get installed on Ubuntu bionic. Yes, there is a package, but all the other packages depend upon 1.0.x and many things are linking against 1.0.x rather than 1.1, when both are installed... I don't know why they build stuff against 1.0.x rat

Re: [openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

On 6/4/17 4:51 PM, Jeffrey Walton wrote: but the process STARTS with an apparently non-fatal error ... Using configuration from /home/sec/newCA/openssl.cnf Can't open root/database.attr for reading, No such file or directory 140013244086016:error:02001002:system libra

[openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

I've a new, local CA for (primary) local, self-signed, elliptical cert issuance & use. I've built/installed, openssl version OpenSSL 1.1.0f 25 May 2017 I've created a ROOT crt & key, & and an INTERMEDIATE key & csr. On exec of signing the INTERMEDIATE key with the ROOT

Re: [openssl-users] OpenSSL and RPATH's

On 5/31/17 3:16 AM, Wouter Verhelst wrote: > On 30-05-17 18:12, PGNet Dev wrote: > [...] >> with lots of apps still not at all v110 >> compatible, or at best broken in their attempts, having local builds of >> both v110x and v102x is extremely useful -- and RPATH

Re: [openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?

On 5/30/17 9:01 AM, Jakob Bohm wrote: Actually, in my testing of earlier 1.0.x releases, sha256 etc. are only missing from the help message, they are actually there, also as commands. On 5/30/17 9:14 AM, Salz, Rich wrote: >> Then I've misunderstood the presence of the "-DSHA256_ASM" flag. >> >>

Re: [openssl-users] OpenSSL and RPATH's

The only reason why you would ever want to use RPATH with OpenSSL is because you need to install a particular old version of libssl (or libcrypto) that has the same SONAME as the system-default, but where you don't want to use that system-default one -- but why would you want to do that? Security

Re: [openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?

On 5/30/17 8:25 AM, Salz, Rich wrote: The results are both functional, but the v102l build is missing sha{224|256|384|512} digests Right; those digests are not in 1.0.2 Then I've misunderstood the presence of the "-DSHA256_ASM" flag. What's it specifically used for? -- openssl-users mailing

[openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?

I'm building separate local instances of latest Openssl v1.1.0 & v1.0.2 on linux64, to keep not-yet-v110-compliant apps happy. The results are both functional, but the v102l build is missing sha{224|256|384|512} digests v 1.0.2l /usr/local/openssl10/bin/openssl version O

[openssl-users] [SOLVED?] Re: openssl 1.0.2h pkcs12 export fails @ "digital envelope routines:EVP_PBE_CipherInit:unknown cipher"

Reading @ https://www.openssl.org/docs/manmaster/apps/pkcs12.html "By default the private key is encrypted using triple DES and the certificate using 40 bit RC2." which clearly implies, with RC2 disabled (it is), that'll cause a problem in default config. Adding the options

[openssl-users] openssl 1.0.2h pkcs12 export fails @ "digital envelope routines:EVP_PBE_CipherInit:unknown cipher"

I'm setting up a new, local CA. The local openssl instance is openssl version OpenSSL 1.0.2h 3 May 2016 config'd/built with ... no-comp no-zlib no-zlib-dynamic \ enable-ec_nistp_64_gcc_128 \ enable-rfc3779 \ enable-ecdsa \

Re: [openssl-users] [THREAD CLOSED]

On 04/04/2016 07:08 PM, Jakob Bohm wrote: On 05/04/2016 02:57, PGNet Dev wrote: Sorry to post this here, but you failed to provide any address of said SPAM-L, nor yourself. Try again. http://bfy.tw/565B Troll! I didn't ask what things in the entire world were historically named &q

Re: [openssl-users] [THREAD CLOSED]

Sorry to post this here, but you failed to provide any address of said SPAM-L, nor yourself. Try again. http://bfy.tw/565B -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Fwd: CONGRATULATION____REF#87670

Is there nowhere else this interminable thread can be taken? Some of us actually subscribe to this list to actually follow *openssl* use & issues. Take it up with the list admins directly? On 04/04/2016 05:39 PM, Jakob Bohm wrote: On 05/04/2016 01:47, Johann v. Preußen wrote: '/No one (until

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

On 03/16/2016 02:52 PM, Jeffrey Walton wrote: If I can ask as a user, if I say do this _all the time_, then would it be easiest on you? make depend && make clean && make Or is there something else you would recommend? If it were up to _me_, I'd move to a cmake build system, with clear

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

On 03/14/2016 08:58 AM, PGNet Dev wrote: On 03/14/2016 08:26 AM, PGNet Dev wrote: Which I currently attempt to do, but get the reported errors about not finding the stddef.h include etc. Here, https://rt.openssl.org/Ticket/Display.html?id=4169&user=guest&pass=guest it sim

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

On 03/14/2016 08:26 AM, PGNet Dev wrote: Which I currently attempt to do, but get the reported errors about not finding the stddef.h include etc. Specifically, cd test rm -rf * wget https://www.openssl.org/source/openssl-1.0.2g.tar.gz tar zxvf openssl-1.0.2g.tar.gz cd openssl-1.0.2g

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

On 03/14/2016 08:24 AM, lists wrote: Did you mean "./config ..."? yep. Must use it, (1) https://wiki.openssl.org/index.php/Compilation_and_Installation Dependencies If you are prompted to run make depend, then you must do so. Which I currently attempt to do, but get th

Re: [openssl-users] openssl 1.0.2g build fails with 'no-comp' or 'no-comp no-bio' configure options?

My read of "no-comp Disables compression independent of zlib. OPENSSL_NO_COMP will be defined in the OpenSSL headers." is that this disables compression methods OTHER than zlib. Is the intent, instead, that it disables ALL compression, REGARDLESS of the presence/setting of zlib? This

Re: [openssl-users] openssl 1.0.2g build linking to wrong libs -- 'system' instead of 'own'. How to correct?

On 03/10/2016 11:07 AM, Jeffrey Walton wrote: What's the correct config+build procedure for ending up with self-consistent linking? https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs Didn't realize that I'd need to rpath a package within its own build. Appears libss

Re: [openssl-users] openssl 1.0.2g build fails with 'no-comp' or 'no-comp no-bio' configure options?

On 03/10/2016 10:19 AM, PGNetwork Dev wrote: ./config no-comp ... subsequent 'make' fails make ... enc.c:(.text+0x1253): undefined reference to `BIO_f_zlib' Adding one or both of no-zlib no-zlib-dynamic should handle that. My read of "no-com

[openssl-users] openssl 1.0.2g build linking to wrong libs -- 'system' instead of 'own'. How to correct?

I'm building 1.0.2g on linux64. I'm trying to get a self-consistent build, linked to the right libs. Building cd ./openssl-1.0.2g ./config \ --openssldir=/home/dev/ssl --libdir=lib64 \ threads shared zlib -D_GNU_SOURCE -DPURIFY -DTERMIO \ -Wa,--noexecs

[openssl-users] openssl 1.0.2g build fails with 'no-comp' or 'no-comp no-bio' configure options?

I'm building openssl 1.0.2g on linux64 With my usual ./config ... I end up with a successful build/install openssl version OpenSSL 1.0.2g 1 Mar 2016 If I add ./config no-comp ... subsequent 'make' fails make ...

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

Actually, the actual admonition is more emphatic I'm prompted Since you've disabled or enabled at least one algorithm, you need to do the following before building: make depend " Configured for linux-x86_64. *** Because of configuration changes, you MUST do the following bef

[openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

I'm building openssl 1.0.2g on linux64. After ./configure ... I'm prompted Since you've disabled or enabled at least one algorithm, you need to do the following before building: make depend Exec'ing the 'make depend' stage returns lots of warnings,

Re: getting both "OCSP Response Status: successful" and an "Response Verify Failure" error ?

On Wed, Mar 24, 2010 at 4:46 AM, Dr. Stephen Henson wrote: > The path of the responder certificate has to be validated so you need to pass > the root CA using the -CAfile or -CApath command line arguments. adding -CAfile did the trick -- adding it to BOTH the server-launch cmd, AND the client-que

getting both "OCSP Response Status: successful" and an "Response Verify Failure" error ?

testing an ocsp query to a local openssl ocsp 'server', openssl ocsp \ -issuer /svr/demoCA/certs/CA/CA.cert.pem \ -cert /svr/demoCA/certs/domains/testdomain.cert.pem \ -url http://localhost: \ -resp_text i get what seems to be a "successful" response of "good" CertStatus, OCSP Response D

Re: what are the minimal KeyUsage requirements for an OCSP-only, single-purpose cert?

On Tue, Mar 23, 2010 at 5:41 PM, Dr. Stephen Henson wrote: > If you aren't sorry you did you might be the first person who isn't. Just > warning you... noted. > It's a deprecated extension from long ago. Best leave it out all together. didn't realize. do now, http://www.openssl.org/docs/app

Re: what are the minimal KeyUsage requirements for an OCSP-only, single-purpose cert?

On Tue, Mar 23, 2010 at 4:54 PM, Patrick Patterson wrote: >> where "OCSP.cert.pem" is a single-purpose cert, only for the OCSP responder. >> > I hope you realize that there are MANY warnings against doing this for > other than test purposes - for one thing, the server will fall over and > die if i

Re: what are the minimal KeyUsage requirements for an OCSP-only, single-purpose cert?

hi, On Tue, Mar 23, 2010 at 4:56 PM, Dr. Stephen Henson wrote: >> Which, if any/all, of the "Digital Signature, Non Repudiation, Key >> Encipherment" KeyUsage specifications are required, if this cert will >> be used ONLY for/by the OCSP responder daemon? >> > > Well Key Encipherment is not requi

what are the minimal KeyUsage requirements for an OCSP-only, single-purpose cert?

I'm planning to run openssl ocsp in server mode, openssl ocsp \ -index /svr/demoCA/index.txt \ -port \ -CA /svr/demoCA/certs/CA/CA.cert.pem \ -rsigner /svr/demoCA/crl/OCSP.cert.pem \ -rkey /svr/demoCA/crl/OCSP.privkey.pem \ -text -out /var/log/ocsp.log where "OCSP.cert.pem" is a singl

fatal, browser-specific "ssl_error_handshake_unexpected_alert" error. openssl, mod_ssl, or apache?

hi, i'm seeing a browser-specific ssl error that i'm not clear is due to openssl, mod_ssl, or apache? or my own config ... ? hoping someone here might spare a look at my info/speculations below & comment. i've installed apache2-2.2.11-10.1 apache2-worker-2.2.11-10.1 from openSU

Re: which algorithms are enabled by default with fips?

On Sun, Jan 11, 2009 at 3:42 PM, Steve Marquess wrote: > Long story short, OpenSSH really needs some source mods to gracefully invoke > and run in FIPS mode. Hrm ... I'd have thought that openssh would be amoong the 1st/best @ compliance. > Several people, myself included, have created patches >

Re: which algorithms are enabled by default with fips?

Hi Steve, On Sun, Jan 11, 2009 at 10:14 AM, Steve Marquess wrote: > Here you are presumably using a "FIPS compatible" standard OpenSSL > distribution, i.e. 0.9.8j. yes, openssl version OpenSSL 0.9.8j-fips 07 Jan 2009 > The "fips" option means "find and reference the ... ... Clear & thoroug

which algorithms are enabled by default with fips?

With the addition of fips object to the 'mix' of available build options, is openssl configure with ./Configure ... enable-rc5 enable-mdc2 fips (iiuc, CHANGES' stmt that 'idea' *is* enabled by default still holds?) sufficient to enable _all_ available algorithms, with the option to disable

Re: openssl 098j + fips 1.2 fails @ 'make test', but only for target 'linux-generic32'

On Sun, Jan 11, 2009 at 7:11 AM, Steve Marquess wrote: > As an uncontrolled document the User Guide can contain "extraneous" detail and > can be amended as often as necessary, and I try hard to keep it as technically > complete and accurate as possible. So yes, the Security Policy is the > formal

Re: openssl 098j + fips 1.2 fails @ 'make test', but only for target 'linux-generic32'

On Fri, Jan 9, 2009 at 8:18 AM, Dr. Stephen Henson wrote: > So either use a box supporting SSE2 or use a pure C build (no-asm) which > will have poorer performance. config with, ./Configure shared --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ linux-generic32 no-asm threads zlib \ enable-

Re: openssl 098j + fips 1.2 fails @ 'make test', but only for target 'linux-generic32'

and, just for reference, per guidance above, finally, uname -a Linux dt.loc 2.6.27.7-9-default #1 SMP 2008-12-04 18:10:04 +0100 i686 i686 i386 GNU/Linux openssl version OpenSSL 0.9.8j-fips 07 Jan 2009 thanks! __ OpenSSL Pro

Re: openssl 098j + fips 1.2 fails @ 'make test', but only for target 'linux-generic32'

On Fri, Jan 9, 2009 at 3:29 PM, Kyle Hamilton wrote: > If you read it, you too will see this. :) Actually, I HAD already read section 4.2.1 of the UserGuide for *v1.2*, "4.2.1Building the FIPS Object Module from Source The specification of any other options on the command line, such as ./config

Re: openssl 098j + fips 1.2 fails @ 'make test', but only for target 'linux-generic32'

Kyle, On Fri, Jan 9, 2009 at 2:37 PM, Kyle Hamilton wrote: > Delete the directory, untar it fresh, and reconfigure with that config line. ok, > rm -rf openssl-fips-1.2 > tar zxf openssl-fips-1.2.tar.gz > cd openssl-fips-1.2/ Directory: /usr/local/src/openssl/openssl-fips-1.2 > ./config fips

Re: openssl 098j + fips 1.2 fails @ 'make test', but only for target 'linux-generic32'

per advice, ./config fipscanisterbuild no-asm completes without error, but, now, make fails @, ... /usr/bin/ranlib ../libssl.a || echo Never mind. make[1]: Leaving directory `/usr/local/src/openssl/openssl-fips-1.2/ssl' make[1]: Entering directory `/usr/local/src/openssl/openssl-fips-1.2'

Re: openssl 098j + fips 1.2 fails @ 'make test', but only for target 'linux-generic32'

My mistake. That's for "fipscanisterbuild". Trying now ... __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager

Re: openssl 098j + fips 1.2 fails @ 'make test', but only for target 'linux-generic32'

On Fri, Jan 9, 2009 at 12:25 PM, Kyle Hamilton wrote: > In the fips-1.2 configuration step, use > ./config fipscanisterbuild no-asm As I had alread noted above, I did. > So either use a box supporting SSE2 or use a pure C build (no-asm) which > will have poorer performance. config with, ./Co

Re: openssl 098j + fips 1.2 fails @ 'make test', but only for target 'linux-generic32'

Hi Stephen, On Fri, Jan 9, 2009 at 8:18 AM, Dr. Stephen Henson wrote: > You can get the answer with "openssl errstr" or by checking the source file > referenced. Noted. Thanks. > So either use a box supporting SSE2 or use a pure C build (no-asm) which > will have poorer performance. I have no

openssl 098j + fips 1.2 fails @ 'make test', but only for target 'linux-generic32'

I've managed to build/install openssl 098j+fips12 on (1) a PPC mac, running OSX 10.5.6 uname -a Darwin mac 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh (2) a shared, Debian host, uname -a Linux cobra 2.6.24.5-ser

Re: Repeating crashes @ fips 1.2 'make' on OSX

On Thu, Jan 8, 2009 at 7:58 AM, Dr. Stephen Henson wrote: > If you want to move the validated module elsewhere afterwards you can do > provided you keep to the permission requirements of the security policy. > > Once you've installed the validated module you can then use OpenSSL 0.9.8j to > build

Re: Repeating crashes @ fips 1.2 'make' on OSX

As a test, ignoring the UserGuide's admonition about user-config options to FIPS build, with a TARGET = "darwin-ppc-cc", this, ./config --prefix=/usr/local/ssl-fips fipscanisterbuild make make install installs FIPS as directed in "/usr/local/ssl-fips". Then, building openssl 098j, mv /usr/i

Re: Repeating crashes @ fips 1.2 'make' on OSX

Hi, On Thu, Jan 8, 2009 at 12:42 AM, Kyle Hamilton wrote: > Which version of Xcode do you have installed? XCode v3.1.2, build 1149 > Which version of gcc are you using (3.x or 4.x)? gcc version 4.2.1 (Apple Inc. build 5566) > On Wed, Jan 7, 2009 at 12:41 PM, PGNet wrote: On T

Repeating crashes @ fips 1.2 'make' on OSX

I'm building fips 1.2 on OSX, uname -a Darwin pb.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh Config, cd /usr/local/src/openssl-fips-1.2 ./config fipscanisterbuild completes without an apparent hitch.