On 9/30/2010 11:42 AM, Jakob Bohm wrote:
>
> In Windows XP, Microsoft introduced their own badly designed idea of
> "versioned so-names" in the form of so-called "Assemblies". Unless
> you are writing .NET code, you should really avoid that nonsense.
I expect SxS packages for openssl (and severa
On 10/13/2010 3:31 PM, Bill Durant wrote:
>
> I am interested in building the static version of the FIPS-capable OpenSSL as
> an universal
> binary.
Three builds, per spec, of the FIPS canister. No tweaks, no exceptions to
the security policy.
Then it's possible but non-trivial to integrate th
On 10/13/2010 7:22 PM, Bill Durant wrote:
>
> On Oct 13, 2010, at 5:19 PM, William A. Rowe Jr. wrote:
>> On 10/13/2010 3:31 PM, Bill Durant wrote:
>>>
>>> I am interested in building the static version of the FIPS-capable OpenSSL
>>> as an universal
>&
On 11/18/2010 10:36 AM, Dr. Stephen Henson wrote:
>
> A 1.0.0c release is planned in the next few days. We're just seeing if any
> other issues arise before the release: a couple have been fixed already.
Have any observed issues affected 0.9.8p? If so, is there a planned .8q?
___
On 11/18/2010 12:05 PM, Victor Duchovni wrote:
>
> None that are publically visible. You can check for yourself:
>
> No commits to the 0.9.8 branch after the release of 0.9.8p.
>
> http://cvs.openssl.org/chngview?cn=19996
I was aware of this. It's why I raised the question, if any of these
On 1/6/2011 12:23 PM, Garry S Ditzler wrote:
>
> Can you tell me if OpenSSL 0.9.7 is still supported?
Yes, the answer is no, it is not.
__
OpenSSL Project http://www.openssl.org
User Support Mailin
On 1/31/2011 1:07 PM, John R Pierce wrote:
> On 01/31/11 10:55 AM, Harshvir Sidhu wrote:
>> Hi,
>>Can we use OpenSSL lib with Managed C++? Thanks.
> can you call native "C" style DLL's from this 'Managed C++' (whatever that
> is) ? my
> initial google of 'Managed C++' indicates its a Micros
On 3/6/2011 3:48 PM, Tim Hudson wrote:
>> In the example of building the openssl FIPS *capable* distribution, it
>> seems one should take the distribution from the official
>> openssl.org/source website and validate it using PGP. However,
>> FreeBSD ships openssl distribution within its source tre
On 5/7/2011 7:16 AM, Justin Schoeman wrote:
>
> It does not matter which of these I try, openssl always binds to '::1:8008',
> which does
> not accept IPV4.
>> I have tried various combinations of:
>> BIO_new_accept("0.0.0.0:8008")
This syntax should have bound to all IPv4 interfaces alone,
so
On 10/4/2011 10:45 PM, Bill Durant wrote:
>
> Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows
> NT?
It's likely not possible...
> But when I run it under Windows NT, I get the following run-time error:
>
> "The procedure entry point Module32NextW could not be
On 10/5/2011 10:08 AM, Dr. Stephen Henson wrote:
> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>
>> On 10/4/2011 10:45 PM, Bill Durant wrote:
>>>
>>> But when I run it under Windows NT, I get the following run-time error:
>>>
>>> "
On 11/1/2011 8:35 PM, Bin Lu wrote:
>
> Do you have an answer for my question below? Is the fips-2.0-test code
> branched off from a
> FIPS-capable version? Which version is it based on if yes?
AIUI, fipscanister doesn't include TLS 1.2. Nor 1.0, nor SSLv3 or v2.
That's the beauty of proper de
On 1/18/2012 9:57 AM, Brooke, Simon wrote:
> Sadly, removing -fomit-frame-pointer does not work.
Isn't that the default behavior for -O3?
__
OpenSSL Project http://www.openssl.org
User Support Ma
/dev/random is your culprit... your config isn't 100% transportable between
Solaris and linux.
Sent from my Verizon Wireless 4G LTE Phone
-Original message-
From: Ruiyuan Jiang
To: "openssl-users@openssl.org"
Sent: Mon, Jan 23, 2012 23:23:51 GMT+00:00
Subject: Can't start Apache when
Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Pankaj Aggarwal
>> Sent: Tuesday, 25 August, 2009 05:06
>
>> I am using cygwin on windows xp to compile FIPS Openssl 1.2 using
> Visual studio 2005.
>
> Apparently you mean cygwin _perl_. The MS compil
William A. Rowe, Jr. wrote:
> Dave Thompson wrote:
>>> From: owner-openssl-us...@openssl.org On Behalf Of Pankaj Aggarwal
>>> Sent: Tuesday, 25 August, 2009 05:06
>>
>>> I am using cygwin on windows xp to compile FIPS Openssl 1.2 using
>>
James Baker wrote:
>
> The problem does occur with full admin privileges.
To be 100% clear, this is full admin with no UAC? UAC will drop privilege
of an app seemingly running as 'administrator'.
__
OpenSSL Project
On 1/18/2010 2:42 PM, Kyle Hamilton wrote:
> The way that the FIPS module verifies its signature is that it forces
> itself to load (via a pre-main() section) and then calculate the
> checksum of the image in-core. Probably the reason why you're running
> into issues is because of the fixup step o
On 3/30/2010 10:58 AM, Gatewood (Woody) Green wrote:
>
> I assume the 2010 limit on new validations is the impending finalization
> of 140-3.
What you are thinking of won't be designated 140-3, it's not sequential,
there is such a FIPS level already. Probably FIPS-{new}-2 or FIPS-140-2 2010
or s
On 3/31/2010 4:21 PM, Gatewood (Woody) Green wrote:
>
> Actually, no 140-3 will be successor to 140-2 which is successor to
> 140-1. The hyphenated number is a release version.
Woody, thanks for this clarification...
> You are trying to talk about FIPS 140-2, Level 3 certification in your
> exa
On 4/7/2010 12:33 PM, Ryan Pfeifle wrote:
> While we are on the subject of Unicode, there are other areas of OpenSSL
> that need Unicode support added, in particular handling of paths and
> filenames on UTF16-based filesystems that require wchar_t* parameters.
> For instance, on Windows, OpenSSL c
On 4/13/2010 4:49 PM, 芦翔 wrote:
> Dear all,
>I am trying to add the security flavor to an application. To achieve
> this objective, I wrote the codes to establish a security tunnel between
> the server and the client with VC2008. When I build the whole project,
> there are tens of similar error
On 4/15/2010 12:42 PM, Adam Grossman wrote:
> hello,
>
> i had my code running on 0.9.8e without any issues. i upgraded to
> 0.9.8n, and now when my server initiates a renegotiation with the client
> (which is either IE or Firefox), SSL_renegotiation returns a 0. i
> understand from the CHANGELO
On 6/2/2010 11:08 AM, Alona Rossen wrote:
>
> Building dynamic library on HP-UX fails despite I explicitly specify
> ‘shared’ as Configure argument:
>
> ./Configure hpux64-ia64-cc -D_REENTRANT shared
Why are you adding -D for _REENTRANT?
I did a very similar build last week, no such problems, w
On 6/2/2010 4:04 PM, Alona Rossen wrote:
> This is a suggested configuration. -D stands for preprocessor "define".
The reason I ask is that the entries in Configure should provide the
necessary defines, and if not, that is a bug. As it was 'suggested',
we'll just presume things are fine w/w-o it.
On 6/16/2010 12:10 PM, Dr. Stephen Henson wrote:
>
> Those for the bleeding egde development version are also available online too,
> see: http://www.openssl.org/docs/ the API doesn't change that much so those
> will be largely accurate for older versions of OpenSSL.
>
> The examples at the botto
On 6/17/2010 10:10 PM, Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of JC Yang
>> Sent: Wednesday, 16 June, 2010 23:53
>
>> Hi, I'm new to openssl. I've just compiled openssl with Visual C++
> 2008,
>> I've read the installation guide and added the
On 6/24/2010 4:04 AM, Deckers, Rob wrote:
>Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp
> IF EXIST out32dll\libeay32.dll.manifest mt -nologo -manifest
> out32dll\libeay32.dll.manifest -outputresource:out32dll\libeay32.dll;2
> mt: Unknown option -n
> Usage: mt
On 7/9/2010 9:05 AM, Steve Marquess wrote:
> Mark Parr wrote:
>> Use of the FIPS OpenSSL is a mandated thing and not just something that we
>> are looking to do for the fun of it. In fact, the base OpenSSL was working
>> fine using the "FIPS AES 256 encryption" in a non "FIPS Certified" mode.
>>
>
On 8/3/2010 10:05 AM, Bryan wrote:
> I see a "fips" directory in 0.9.8o. If I'm building OpenSSL with FIPS
> on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile?
This is well documented in the FIPS user guide and security policy, and
if you haven't read them in detail, what you ar
On 8/3/2010 1:17 PM, William A. Rowe Jr. wrote:
> On 8/3/2010 10:05 AM, Bryan wrote:
>> I see a "fips" directory in 0.9.8o. If I'm building OpenSSL with FIPS
>> on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile?
>
> This is well documented
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury wrote:
>
> Which means GetProcAddress is failing for symbol name
> FINGERPRINT_premain. But if I do "dumpbin /exports libeay32.dll", I
> can see the symbol FINGERPRINT_premain exported.
Quote that output line from dumpbin, exactly. Namesp
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury wrote:
> Hi,
>
> I have compiled openssl-fips and openssl in Windows CE 6. But when I
> run "fips_premain_dso.exe libeay32.dll" in target environment I get
> following error:
>
> =
>
> 217450134:error:2507606A:DSO support rou
Just FTR...
http://www.osnews.com/story/28933/Blue_Lion_new_OS_2_distribution_due_2016
Not that I'd take that as a mandate to preserve support... We are having
the same internal dialog at the ASF httpd project and coming to the same
conclusions.
On Mar 17, 2016 1:36 PM, "Salz, Rich" wrote:
> We
On Fri, Mar 17, 2017 at 12:06 PM, Michael Wojcik
wrote:
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Neptune
>> Sent: Friday, March 17, 2017 09:26
>> To: openssl-users@openssl.org
>> Subject: [openssl-users] Static FIPS Library with Address Randomization
>>
>
On Tue, Sep 11, 2018, 13:10 Kurt Roeckx wrote:
> On Tue, Sep 11, 2018 at 04:59:45PM +0200, Juan Isoza wrote:
> > Hello,
> >
> > What is the better way, for anyone running, by example, Apache or nginx
> on
> > a popular Linux districution (Ubuntu, Debian, Suse) and want support TLS
> > 1.3 ?
> >
>
Brown, Michael A wrote:
> I’m looking at an app where the app and all libs/DLLs it uses EXCEPT
> openssl use ws2_32, and openssl uses wsock32. Is this a problem or can
> the two coexist peacefully? It makes me somewhat uneasy.
Well, using winsock period makes me uneasy ;-)
Seriously - no - there'
Michael - just to rest your mind - you might want to examine both wsock32.dll
and winsock2.dll using DEPENDS.EXE.
You'll find the results are interesting :)
__
OpenSSL Project http://www.openssl.org
Because Solaris has a loop unroll optimization bug.
Apply all the latest patches to SunStudio 11 and it should work. Please
check back in to let us know.
It's a really high level bug - because it hit both sparc and x86 :)
Donny Dinh wrote:
>
> I managed to get the solaris build to work properl
Michael Durket wrote:
> There seem to be a few problems successfully building OpenSSL
> on a Sun T2000 running Solaris 10 using the Sun Studio 11
> compiler suite.
>
> I ignored those warnings and ran make which appeared to
> work. However, after doing a 'make test' I received this
> error:
>
[EMAIL PROTECTED] wrote:
>
> In the previous post, another subscriber suggested patching SunStudio 11.
> I applied all the patches I could find on SunSolve (namely, 120761-03,
> 121023-04, and 122142-03.) I'm getting the same result, so I'm really
> baffled at this point. Any suggestions would
Dudue Doo wrote:
I would like to implement a C++ program that will use openssl to encrypt
packets using AES 128 bit key.
However, the problem is that I live in the US. Does this mean that I
will be breaking the export control law if I put the program on a server
for others to download? I
Bernhard Froehlich wrote:
Dan Peacock wrote:
I've got a production site running OpenSA 1.0.4 (which uses OpenSSL
0.9.6c, Apache 1.3.27, and mod_ssl 2.8.11) and we need to upgrade it
to plug the security holes that this version has. Is there anything
that I can do to upgrade this install? Can
Jörg Eyring wrote:
Hi everybody,
we have a new platform - Macs with Intel processors.
Is there a chance to build a static library (i386 code) for linking in Xcode
2.2? A static library with ppc code has been done already. I'd like to end
up with a Universal Binary of my code.
For fun; doesn't
kadir iscmng wrote:
I downloaded and installed SFU35SEL_EN.exe (Windows Services for UNIX) software
I'll just warn you you've wandered deep, deep into uncharted waters :)
The native win32 build is the only one most folks support. Some have invested
effort and energy into getting 1.3 cygwin ru
If you want to submit and have considered by the httpd project, perhaps you
ment to submit it there?
Nice work b.t.w.
Bill
Peter Sylvester wrote:
Hello,
I just have put together the small patch for apache 2.2.0 which allows
to use the sernername extension
logic in the development snapshot i
TLSv1_server_methods() do not speak the crufty old SSLv2 garbage, you
can't connect to it using a multi-protocol handshake.
For maxiumum portability use SSLv23_server_methods()
On the client side it doesn't matter, if you want a TLSv1 connection
only, then by all means use TLSv1_client_methods()
Daniel Maag wrote:
Hi,
I am trying to compile OpenSSL V0.9.8a.
Visual Studio 2005 has several functions deprecated
(read,write,fileno).
Honestly, I don't believe that OpenSSL should waste cycles to support any
compiler that deliberate moves away from posix. Fairly certain it's MS's
goal t
Matthias wrote:
Kyle Hamilton wrote:
Did you make sure to remove %SYSTEMROOT%\system32\ssleay32.dll and
libeay32.dll? Just running the uninstaller doesn't get rid of them.
No, I forgot that. Sorry, my fault.
I now replaced those two DLLs with the ones I compiled myself.
Good news: in Relea
Matthias wrote:
I deleted all ssl-related DLLs on my system now.
When I compile OpenSSL as described in INSTALL.W32, point the include
library directory of my example program on "openssl\out32dll", recompile
my example program, copy the 2 DLLs from "openssl\out32dll" to my
example project dir
Tinnerello, Richard wrote:
Hello,
I'm having trouble building 0.9.7i on a Solaris 10 on x86 (Opteron)
machine. I configured manually with:
./Configure solaris-x86-gcc --prefix=/sci/openssl-0.9.7i no-idea no-rc5
no-mdc2 fiips
make depend is OK, but make gets this compile error:
/usr/include/s
Fabro, Loic wrote:
Hum... I remove support for IDEA (and no fPIC) and now the test is segfaulting..
make clean
make depends
?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Chandi Bernier wrote:
My point was... why on Linux did I need only libssl and to compile the
same client on Windows/MinGW requires libssl and libeay32.
Something's wrong.
You either want libssl + libcrypto, or libssl32 + libeay32.
On Linux the reason it -probably- worked is that
1. linu
William A. Rowe, Jr. wrote:
Chandi Bernier wrote:
My point was... why on Linux did I need only libssl and to compile the
same client on Windows/MinGW requires libssl and libeay32.
Something's wrong.
You either want libssl + libcrypto, or libssl32 + libeay32.
Whoops - you either
Doug Frippon wrote:
I mean instead of just writting tmp\e_os.h in your config file ( there
one probably) write down c:\openssl-0.9.8a\tmp\e_os.h
maybe mingw32 couldn't find tmp\e_os.h and need the full path to that file
Certain that \o isn't a quoted o in this context? Forward or doubled-back
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Sat, 18 Mar 2006 02:27:18 -0500, "Hector Santos"
<[EMAIL PROTECTED]> said:
ssluser> I have multiple applications using OPENSSL 0.9.7c and I'm finally
getting
ssluser> around to updating it.
ssluser>
ssluser> Can I just use
Jie Zhang wrote:
Hello everybody,
I am not able to debug into the OpenSSL library(openssl-0.9.8a) with my Microsoft
Visual C++ .net IDE.
But during my application execution, I got:
'alfssl2_server.exe': Loaded
'C:\Jie\vscode\alfssl2_work_client\Debug\ssleay32.dll', Symbols loaded.
'alfssl2
Venkata Sairam wrote:
I am also encountering the same problem. I tried adding in options as
suggested. I had modified the CFLAG and LFLAG as below.
CFLAG= /MD /Ox /O2 /Zi /Oy /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -D_CRT_SECURE_NO_D
[EMAIL PROTECTED] wrote:
I am unable to install openssl 0.9.8a as I sent earlier. Here is make
report:
Compiler: gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2
release)
EEEK! 2.91? Really?
Try a more modern compiler that understands modern assembly syntax.
___
Bill Angus wrote:
I'm having a little trouble with setting up a secure server on windows
with openssl and Apache2 + Mod_SSL.
Well, you are in the wrong place, this should be on [EMAIL PROTECTED]
Neverminding that blunder, and possibly aggrivating your good openssl user
supporters by entertaini
William A. Rowe, Jr. wrote:
Bill Angus wrote:
I'm having a little trouble with setting up a secure server on windows
with openssl and Apache2 + Mod_SSL.
The config I am attempting to use for the secure directory is as below.
listen 443
...
Why *:443? stop and consider - them&#x
Rovan, Jim (IMS) wrote:
When I attempt to follow the instructions from the "Compilation of
OpenSSL-fips-1.0 under Windows" thread (2006-03-31) to build fips
OpenSSL for Borland Builder 5, I can make it through the point where I
run "ms\do_nasm fips" to create bcb.mak for the 0.9.7 snapshot. But
Mike Ehlert wrote:
but what I'm after now is some information on any tricks to compiling
the DLL's with only the features needed for my application to reduce
their size.
Typically one links to the static library then, which of course will only
link in .obj files that are consumed. One bit of
hunter wrote:
On 5/7/06, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
Typically one links to the static library then, which of course will only
link in .obj files that are consumed. One bit of OpenSSL magic are the
seperate objects which create a (relatively) quite small binary. T
Kyle Hamilton wrote:
It will violate the FIPS security policy. That much has been stated,
but there's been no workaround that I'm aware of to select alternate
options like that.
Right, not with openssl ./config. However, some folks might want to consider
if their compiler environment can be a
I heard 'very soon now' :)
Tinnerello, Richard wrote:
Can anyone say when the openssl-fips-1.1.tar.gz distribution announced
on Saturday will be available for download? Thanks!
Richard
__
OpenSSL Project
Kendall, Jerry wrote:
Now, I have a Unix Project that runs wonderfully on Linux/Aix/Solaris…..
There are two lines of code that cause a windows exception.
PEM_write_PrivateKey(fp, NewKeyReq, Cipher, GetCode(0),strlen(GetCode(0)),
NULL, NULL);
PEM_write_X509(fp, x509_Cert);
Did you call
httpd's scripts are known to the autoconf community as gross bastardizations
of intent of autoconf, so forwared ;-) But they do illustrate verifying the
version of openssl, take a look at APACHE_CHECK_SSL_TOOLKIT in;
http://svn.apache.org/repos/asf/httpd/httpd/trunk/acinclude.m4
Matt England wr
David Schwartz wrote:
Notice the two persistent connection headers returned? And, in practice,
the connection is in fact persistent. If you were correct, the server would
ignore the "Connection" header since it "has no meaning". Try it without a
connection header and you will see the dif
Randy Turner wrote:
> I would probably consider the publishing of the openssl version on the web
> server announcment message as a security issue.
And some of us would laugh in your general direction ;-)
Exploiters don't need to know, they can just persist till they find
a known exploit.
___
Thomas J. Hruska wrote:
> Now compare that number to how many hackers know and care about the same
> information.
None. If an exploit exists, it will be exploited. You are a fool if you
expect that a hacker would rely on the reported version number to elect
one of the dozens of past exploits. T
Ryan Shon wrote:
>
> I work for nFocal, a company in
> Rochester, New York. We want to develop a variant of OpenSSL
> in which we optimize the cryptography library to run on
> a particular DSP. The other components of OpenSSL would remain
> unchanged except where needed to utilize our custom lib
Marek Marcola wrote:
> Hello,
>> I have read the advisory an I am a bit puzzled regarding the there are
>> CAs using exponent 3 in wide use comment, I have tried to check and
>> could not found any CA using this exponent, all the CA’s I have seen
>> are using 0x10001 (CA’s I have generate by OpenSS
73 matches
Mail list logo
