verify problem in 0.9.8-beta2

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

verify problem in 0.9.8-beta2

GOTOU Yuuzou
Hi,

I tried 0.9.8-beta2 and found X509_verify_cert doesn't reject
expired certificates. I think the result of check_cert_time
should be assined to "ok".

# check_crl_time in check_crl seems same. But I didn't test it.

--
gotoyuzo

--- openssl-0.9.8-beta2/crypto/x509/x509_vfy.c~ 2005-05-11 12:45:35.000000000 +0900
+++ openssl-0.9.8-beta2/crypto/x509/x509_vfy.c 2005-05-27 21:15:20.000000000 +0900
@@ -777,6 +777,6 @@ static int check_crl(X509_STORE_CTX *ctx
  }
 
- if (!check_crl_time(ctx, crl, 1))
- goto err;
+ ok = check_crl_time(ctx, crl, 1);
+ if (!ok) goto err;
 
  ok = 1;
@@ -1007,6 +1007,6 @@ static int internal_verify(X509_STORE_CT
  xs->valid = 1;
 
- if (!check_cert_time(ctx, xs))
- goto end;
+ ok=check_cert_time(ctx, xs);
+ if (!ok) goto end;
 
  /* The last error (if any) is still in the error value */


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: verify problem in 0.9.8-beta2

Dr. Stephen Henson
On Fri, May 27, 2005, GOTOU Yuuzou wrote:

> Hi,
>
> I tried 0.9.8-beta2 and found X509_verify_cert doesn't reject
> expired certificates. I think the result of check_cert_time
> should be assined to "ok".
>
> # check_crl_time in check_crl seems same. But I didn't test it.

Thanks, I've just committed a fix.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

openssl 0.9.8-beta2 for x64 successfully compiled statically but problems with DLLs

Majzik Matyas
Hi!

I have successfully compiled OpenSSL 0.9.8-beta2 using the new platform SDK
which
includes 64 bit compiler for AMD 64 and EM64T processors on windows x64.
After the compile the tests are successful and even my 64 bit applications
worked properly and fast :))  (Of course I had to use do_ms or do_nt instead
of do_masm because the 64 bit assemler failed on those asm routines) However
during compilation I get warning about size_t to int and long conversations:
possible loss of data. This is because size_t and even SOCKET is 64 bit wide
in this environment.
Should I care about this? Or it is enough that tests are all successful.

I had to modify nt.mak and and ntdll.mak:

I had to remove /WX and /G5 flags from the compiler directives.
I had to remove /machine:I386 flag from linker directives.
I had to add bufferoverflowU.lib to the libs to enable runtime checks.

However it is impossible to create a dynamic link library. When I want to
compile using
ntdll.mak I get the following:
        link /nologo /subsystem:console /opt:ref /dll bufferoverflowU.lib
/out:o
ut32dll\libeay32.dll /def:ms/LIBEAY32.def
@C:\DOCUME~1\openssldev\LOCALS~1\Temp\nm10.tmp
ms/LIBEAY32.def(7) : warning LNK4017: DESCRIPTION statement not supported
for th
e target platform; ignored
   Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp
bss_fd.obj : error LNK2019: unresolved external symbol OPENSSL_UplinkTable
refer
enced in function fd_free
bss_file.obj : error LNK2001: unresolved external symbol OPENSSL_UplinkTable
b_dump.obj : error LNK2001: unresolved external symbol OPENSSL_UplinkTable
out32dll\libeay32.dll : fatal error LNK1120: 1 unresolved externals
NMAKE : fatal error U1077: 'link' : return code '0x460'
Stop.


I also tried to compile 0.9.7g using the 64 bit compiler and it was
successful but using FILE * type routines in this compilation always result
in a crash. Even with /MD and /MT flags properly used.

But beta2 statically linked working flawlessly and absolutely perfectly on
Windows X64 edition using a 64 bit compiler. Great! Can you help compiling
to create dlls?


Matyas Majzik
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: openssl 0.9.8-beta2 for x64 successfully compiled statically but problems with DLLs

Andy Polyakov
> However during compilation I get warning about size_t to
> int and long conversations: possible loss of data. This is because
> size_t and even SOCKET is 64 bit wide in this environment.
> Should I care about this?

Not about SOCKET, because even though it's declared a pointer-type, it's
safe to cast it to 32-bit, because it represents an offset in a table
[where it's impossible to exceed the 32-bit limit]. As for rest I was
planning to go through it prior some interim beta...

> Or it is enough that tests are all successful.

Formally not [unless you can do is link your app with /largeaddressware:no].

> ... : error LNK2001: unresolved external symbol OPENSSL_UplinkTable

perl ms/uplink.pl win64a > uplink.asm
ml64 -c uplink.asm
add it to APP_EX_OBJ in ntdll.mak file.

This however was never actually tested, AMD64 part of uplink.pl was
written "blindly." A.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]