(start_)tls and openssl-0.9.8a
Nikola Milutinovic
Nikola.Milutinovic at ev.co.yu
Tue Nov 22 01:34:07 EST 2005
Andreas Hasenack wrote:
>On Mon, Nov 21, 2005 at 03:15:03PM +0100, Nikola Milutinovic wrote:
>
>
>>Then there is a change in semantics of the OpenSSL API and somebody will
>>have to dig through the docs.
>>
>>
>
>Just changed a build option for openssl.
>
>What didn't work (./Configure);
>zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared
>
>What worked:
>no-idea no-rc5 shared
>
>I don't know which specific option did the trick, but it was one of those
>that I removed.
>
>
Hmm, first of all, why "no-idea, no-rc5"? You have better
implementations on your system? I usually let OpenSSL be the provider of
those algorithms.
Secondly, well, I don't know about ZLib. I usually install a separate
ZLib and let all others link to it dynamically. I'm not saying that ZLib
coming with OpenSSL is broken, but it could be. Or it simply could be
that it is a different version than the one you have system-wide and
that there are some interoperability issues. Again, it should not be
happening, but it is possible.
Lastly, I'm not familiar with EC, ECDH and ECSDA encryption types, but -
if they worked in tests then they should have worked in a real world.
If you have nerves for another run, try to build OpenSSL just without
zlib and test again. That would be my bet.
Nix.
More information about the Info-cyrus
mailing list