headers
Allan Miller | 1 Oct 2002 03:23

Dereferencing NULL in ssl3_shutdown

Hi -

Our code has been working pretty well with the 0.9.6c release
(Windows DLL).  I recently upgraded to the 0.9.6g release and
started getting an intermittent processor fault.  Using the address
and register dump, I discovered that the problem is on line 1242
of s3_lib.c, in ssl3_shutdown.  In the statement

 else if (s->s3->alert_dispatch)

it turns out that s->s3 is NULL, so this causes the fault.

I'm sorry I don't have more information.  Our code runs on remote
systems so it's not all that easy to try to reproduce the problem.
However, the code is very well instrumented (it traps and logs its
own faults, which is how I got this much), so the next step would be
to build the OpenSSL DLLs taking out frame-pointer optimization,
so that I could get the stack trace.  Before going too far, though, I
wanted to check if this was something really obvious, especially
combined with the fact that it must have to do with a change in
going from 0.9.6c to 0.9.6g.  Not being familiar with the code, I
can't really tell.

If it makes any difference, we currently only use OpenSSL as a client,
not as a server.

I did search the mailing list archive to try to find an answer before
posting, so if I missed something, I apologize in advance.

Thanks!
(Continue reading)

Permalink | Reply | 0 comments |
headers
Lutz Jaenicke | 1 Oct 2002 09:05
Picon

Re: ZLIB Compression method

On Mon, Sep 30, 2002 at 05:50:46PM -0500, Kenneth R. Robinette wrote:
> Once you make the SSL_COMP_add_compression_method() call to turn on 
> zlib compression, how do you turn it off?  It appears that if you 
> have OpenSSL static linked, once you turn it on, the only way to get 
> rid of it is to exit the application.  From what I can tell, none of 
> the normal cleanup operations removes it and I cannot find any 
> funtion that turns it off.

No. As far as I know there is no method to turn if off again.
It is recommended to not use this functionality in its current state.

Best regards,
	Lutz
--

-- 
Lutz Jaenicke                             Lutz.Jaenicke <at> aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
Permalink | Reply | 0 comments |
headers
Richard Levitte - VMS Whacker | 1 Oct 2002 09:31
Picon
Picon
Favicon

Re: [openssl.org #189] Kerberos Ciphersuite IDs

In message <rt-189-1881.13.5884194074147 <at> openssl.org> on Mon, 30 Sep 2002 18:55:16 +0200 (METDST),
"Andreas Sterbenz via RT" <rt <at> openssl.org> said:

rt> 
rt> Any chance of making progress on this?
rt> 
rt> As a reminder, the issue is that the Kerberos ciphersuites in OpenSSL do 
rt> not use the IDs defined in RFC2712, which obviously has negative effects 
rt> on interoperability.

I'm catching up on my mail.  I'll be back in the ticket database on
thursday, I hope...

--

-- 
Richard Levitte   \ Spannvägen 38, II \ LeViMS <at> stacken.kth.se
Redakteur <at> Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- poei <at> bofh.se
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
Permalink | Reply | 0 comments |
headers
Richard Levitte - VMS Whacker via RT | 1 Oct 2002 09:33
Picon
Favicon

Re: [openssl.org #189] Kerberos Ciphersuite IDs


In message <rt-189-1881.13.5884194074147 <at> openssl.org> on Mon, 30 Sep 2002 18:55:16 +0200 (METDST),
"Andreas Sterbenz via RT" <rt <at> openssl.org> said:

rt> 
rt> Any chance of making progress on this?
rt> 
rt> As a reminder, the issue is that the Kerberos ciphersuites in OpenSSL do 
rt> not use the IDs defined in RFC2712, which obviously has negative effects 
rt> on interoperability.

I'm catching up on my mail.  I'll be back in the ticket database on
thursday, I hope...

--

-- 
Richard Levitte   \ Spannvägen 38, II \ LeViMS <at> stacken.kth.se
Redakteur <at> Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- poei <at> bofh.se
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michael Bell | 1 Oct 2002 10:18
Picon

Unique DNs

Hi,

there are several problems with the uniqueness of DNs. Therefore I want
to start programming an option to deactivate such checks. Before I start
I want to be sure to have a complete overview about the sourcecode. So
my question is, is there any code which depends on the uniqueness of DNs
in the index.txt except of ca.c?

Best regards

Michael
--

-- 
-------------------------------------------------------------------
Michael Bell                   Email (private): michael.bell <at> web.de
Rechenzentrum - Datacenter     Email:  michael.bell <at> rz.hu-berlin.de
Humboldt-University of Berlin  Tel.: +49 (0)30-2093 2482
Unter den Linden 6             Fax:  +49 (0)30-2093 2959
10099 Berlin
Germany                                       http://www.openca.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
Permalink | Reply | 4 comments |
headers
Michael Bell | 1 Oct 2002 15:19
Picon

Patch for Win2000 Smartcardlogin

Hi,

last two months we tested the patches for Win2000 smartcardlogin. I
think they are now ready for publishing. 

Which version of OpenSSL should I use if I prepare some diffs (diff -u)?
I used openssl-0.9.7-betas until now but I think it is better to build
the diffs with openssl-SNAP-20020930 etc. because they are for the
HEAD-branch.

Should I send the patches to openssl-dev or rt?

Best regards

Michael
--

-- 
-------------------------------------------------------------------
Michael Bell                   Email (private): michael.bell <at> web.de
Rechenzentrum - Datacenter     Email:  michael.bell <at> rz.hu-berlin.de
Humboldt-University of Berlin  Tel.: +49 (0)30-2093 2482
Unter den Linden 6             Fax:  +49 (0)30-2093 2959
10099 Berlin
Germany                                       http://www.openca.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
Permalink | Reply | 5 comments |
headers
Lynn Gazis | 1 Oct 2002 18:47

RE: Help

Your Sun Workshop C compiler is being managed by a FlexLM license server; in
order to execute it needs to first check out a license from this license
server.  Your system is configured such that the license server is expected
to be running on a computer named "gulf".  Either the license server is not
running on that computer, and needs to be restarted for some reason, or else
you are, for some reason, having trouble reaching "gulf" over the network.
Check your network connection; check whether the license server is running.
To check whether the license server is running on "gulf", you can use the
command

ps -e | grep lmgrd

The license server files are usually installed under /opt/SUNWste, along
with some relevant man pages.

If you need more assistance, you may want to contact Sun.  Or else ask on
openssl-users, rather than on openssl-dev, since openssl-dev is really
intended more for the discussion of the development of OpenSSL itself.

Lynn Gazis

-----Original Message-----
From: Reddy Prem-MGIA2040 [mailto:MGIA2040 <at> motorola.com]
Sent: Monday, September 30, 2002 1:02 PM
To: 'openssl-dev <at> openssl.org'
Subject: Help

Hi 

Can any one help out with this error.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michel Labarre | 1 Oct 2002 18:24
Picon

Re: Help

On Monday 30 September 2002 22:02, Reddy Prem-MGIA2040 wrote:

You can use gcc to do that! That's works fine. (with x80 series too in 32 bits 
mode).

> Hi
>
> Can any one help out with this error.
>
> # make
>
> + rm -f libcrypto.so.0
>
> + rm -f libcrypto.so
>
> + rm -f libcrypto.so.0.9.6
>
> + rm -f libssl.so.0
>
> + rm -f libssl.so
>
> + rm -f libssl.so.0.9.6
>
> making all in crypto...
>
> cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
> -xtc
>
>
> License Error : Cannot find the license server (gulf)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dr. Stephen Henson | 2 Oct 2002 00:48
Picon
Favicon

Re: Unique DNs

On Tue, Oct 01, 2002, Michael Bell wrote:

> Hi,
> 
> there are several problems with the uniqueness of DNs. Therefore I want
> to start programming an option to deactivate such checks. Before I start
> I want to be sure to have a complete overview about the sourcecode. So
> my question is, is there any code which depends on the uniqueness of DNs
> in the index.txt except of ca.c?
> 

The main problem AFAICS is the TXT db indexing which is only in ca.c

Steve.
--
Dr. Stephen Henson      steve <at> openssl.org            
OpenSSL Project         http://www.openssl.org/~steve/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
Permalink | Reply | 3 comments |
headers
Dr. Stephen Henson | 2 Oct 2002 00:46
Picon
Favicon

Re: Patch for Win2000 Smartcardlogin

On Tue, Oct 01, 2002, Michael Bell wrote:

> Hi,
> 
> last two months we tested the patches for Win2000 smartcardlogin. I
> think they are now ready for publishing. 
> 
> Which version of OpenSSL should I use if I prepare some diffs (diff -u)?
> I used openssl-0.9.7-betas until now but I think it is better to build
> the diffs with openssl-SNAP-20020930 etc. because they are for the
> HEAD-branch.
> 
> Should I send the patches to openssl-dev or rt?

I've got some prototype code that allows arbitrary structures to be added to
extensions, from the config file.

It should allow the Win2000 smartcardlogin extensions to be added and just
about anything else.

Steve.
--
Dr. Stephen Henson      steve <at> openssl.org            
OpenSSL Project         http://www.openssl.org/~steve/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
(Continue reading)

Permalink | Reply | 4 comments |

Gmane