Nikola Milutinovic wrote:
Andreas Hasenack wrote:On Mon, Nov 21, 2005 at 03:15:03PM +0100, Nikola Milutinovic wrote:Then there is a change in semantics of the OpenSSL API and somebody will have to dig through the docs.Just changed a build option for openssl. What didn't work (./Configure); zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared What worked: no-idea no-rc5 shared I don't know which specific option did the trick, but it was one of those that I removed.Hmm, first of all, why "no-idea, no-rc5"? You have better implementations on your system? I usually let OpenSSL be the provider of those algorithms.
Because idea and rc5 have patent issues ?
Secondly, well, I don't know about ZLib. I usually install a separate ZLib and let all others link to it dynamically. I'm not saying that ZLib coming with OpenSSL is broken, but it could be. Or it simply could be that it is a different version than the one you have system-wide and that there are some interoperability issues. Again, it should not be happening, but it is possible.
OpenSSL has no build in zlib, but uses a system provided version.
Lastly, I'm not familiar with EC, ECDH and ECSDA encryption types, but - if they worked in tests then they should have worked in a real world.
If you have nerves for another run, try to build OpenSSL just without zlib and test again. That would be my bet.My experience is that the zlib sometimes introduces a little bit of trickiness...
Could you do an openssl s_client with the broken SSL version with enabled debug ans see what happens ?
Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
