Building openssl-1.0.2k on openstep42 on black and white

Started by rooprob, May 15, 2017, 08:42:41 am

Previous topic - Next topic

rooprob

Almost success!
I'm writing this as an effort to rubber duck any thoughts to myself before putting this away.

I've been on a quest to update a few packages: Something like this:

openstep 4.2 on NeXTStation Turbo.
openstep 4.2 on virtualbox on an i7

So far..
    openssl 1.0.2k (gets TLS1.2)
    curl-7.54
    stunnel 4.57
    zlib-1.2.11


Ancillary extras
    - snprintf-2.1 for vsnprinf and family
    - putenv/getenv
    - tcsetattr/getattr
    - dirname
    - uname

So, the good:

$ uname -a
OPENSTEP os42comp1 4.2 NeXT Mach 4.2: Tue Jan 26 11:21:50 PST 1999; root(rcbuilder):Objects/mk-183.34.4.obj~2/RELEASE_I386 I386 Intel 486

$ openssl version
OpenSSL 1.0.2k  26 Jan 2017

$ stunnel -version
stunnel 4.57 on i386-next-openstep4 platform
Compiled/running with OpenSSL 1.0.2k  26 Jan 2017
Threading:FORK Sockets:SELECT,IPv4 SSL:ENGINE,OCSP,FIPS

$ curl --version
curl 7.54.0 (i386-next-openstep4) libcurl/7.54.0 OpenSSL/1.0.2k zlib/1.2.11
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy

$ openssl s_client -connect openssl.org:443 -CAfile /usr/local/etc/ssl/certs/cacert.pem

subject=/OU=Domain Control Validated/CN=*.openssl.org
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3094 bytes and written 433 bytes

SSL-Session:
   Protocol  : TLSv1.2
   Cipher    : ECDHE-RSA-AES256-GCM-SHA384
   Session-ID: C3B8451A5991DBAC0FAA17DE9F55DE05A8476BC0ED3261E63456B67E1CFD6798
   Session-ID-ctx:
   Master-Key: 3D0425708B074E5931F7EBF4FD4F0249F681F109E6BE486E93DCCA7A82CE747F3E96637C5E2A3CD7C3F9922911343ED6


Yay. Onto the NeXT Station.  

$ uname -a
OPENSTEP next 4.2 NeXT Mach 4.2: Tue Jan 26 11:23:59 PST 1999; root(rcbuilder):Objects/mk-183.34.4.obj~2/RELEASE_M68K MC680x0 68040

$ openssl version
OpenSSL 1.0.2k  26 Jan 2017

$ stunnel -version
stunnel 4.57 on m68k-next-openstep4 platform
Compiled/running with OpenSSL 1.0.2k  26 Jan 2017
Threading:FORK Sockets:SELECT,IPv

Now the problem: While the NeXT engages with the TLS service, it throws out a

verify error:num=7:certificate signature failure
84633024:error:04091064:rsa routines:INT_RSA_VERIFY:algorithm mismatch:rsa_sign.c:263:
84633024:error:1408D07B:SSL routines:ssl3_get_key_exchange:bad signature:s3_clnt.c:2032:



Weirdly, it passes it's test suite (a good hour run of it)! I haven't looked too closely for tests particular to rsa though.

So works on i386, but not on the venerable m68k :(    Stunnel is sad. Self generated certs don't validate.  I messed up something inside openssl.


subject=/OU=Domain Control Validated/CN=*.openssl.org
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2827 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
   Protocol  : TLSv1.2
   Cipher    : 0000
   Session-ID:
   Session-ID-ctx:
   Master-Key:



PS black system has been rock solid, compiling away for days without a system fault or burning out a cap.
:O2: r12 400 mapleleaf :Indigo2IMP: r10 195 IRIS :SlabMonoTurbo: NeXT
New Zealand

rooprob

Hmm... The I replaced the old openssl-098za package and stunnel 4.25 packages back (noticing the openssl package also contains zlib 1.2.8.

stunnel is back working again, so I can pick up my mail.

openssl command line fails various cert operations - which write and read files - with the same error I was getting with my new 1.0.2k build :(

First question I have to rule out is : Does the openssl-0.9.8 package listed here actually work on anyone's m68k NeXT machine?

https://drive.google.com/drive/u/0/folders/0B0gDYBETjc4WN083TUFGWkZHWUk

By "work", I mean can you generate a self-signed certificate in separate commands as shown here, taken from this SO post:

http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl

# separately
openssl req -new > cert.csr
openssl rsa -in privkey.pem -out key.pem
openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001
Signature did not match the certificate request

it should say
openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001
Signature ok
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
Getting Private key


The one liner works (all versions, all platforms), which encourages me the openssl library is ok, just not the bits which writes, or probably "reads" key matterial from disk on the m68k box, which is big endian after all.  

# in a single command
openssl req -x509 -newkey rsa:2048 -keyout self-signed-key.pem -out self-signed-cert.pem -days 365
:O2: r12 400 mapleleaf :Indigo2IMP: r10 195 IRIS :SlabMonoTurbo: NeXT
New Zealand

rooprob

A small incremental update for my personal work log:  openssl-1.0.2l buit on egcs-2.91.66.

This is important to me because it's the first build I'm doing with a slightly more modern compiler, which includes the m68k cross compile.   In my earlier post, I found I could build on x86 fine, but that the build wouldn't work correctly on m68k.  With the cross compiler working, I can iterate faster on a i7 virtualbox OS42 deploy than on my blackbox. Fingers crossed I can get the blackbox running TLS1.2 real soon now.


me@os42comp1:~ $ gcc --version
egcs-2.91.66
me@os42comp1:~ $ hostinfo
Mach kernel version:
        NeXT Mach 4.2: Tue Jan 26 11:21:50 PST 1999; root(rcbuilder):Objects/mk-183.34.4.obj~2/RELEASE_I386

Kernel configured for a single processor only.
1 processor is physically available.
Processor type: I386 (Intel 486)
Processor active: 0
Primary memory available: 128.00 megabytes.
Default processor set: 45 tasks, 93 threads, 1 processors
Load average: 0.04, Mach factor: 0.95

me@os42comp1:~ $ openssl version
OpenSSL 1.0.2l  25 May 2017
me@os42comp1:~ $ echo  | openssl s_client -connect www.ssllabs.com:443  -CAfile /usr/local/etc/ssl/certs/cacert.pem -tls1_2
CONNECTED(00000003)
depth=3 C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority
verify return:1
depth=2 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
verify return:1
depth=0 C = US, ST = California, L = Redwood City, O = "Qualys, Inc.", CN = ssllabs.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Redwood City/O=Qualys, Inc./CN=ssllabs.com
  i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
  i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
2 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
  i:/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIEUNNZ8DANBgkqhkiG9w0BAQsFADCBujELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVz
dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNTAyMjIxMjE2NDFa
Fw0xODA1MjIyMzAwMDJaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
bmlhMRUwEwYDVQQHEwxSZWR3b29kIENpdHkxFTATBgNVBAoTDFF1YWx5cywgSW5j
LjEUMBIGA1UEAxMLc3NsbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCvqE2iGcksUERogopamWy4z/3FuVZUq5JXuFVOTvuoG5Vpq7s/HLTI
MD1V0mNpOIwRvz38oxioxZnKEBqKP0MCpkudDY/qm4FM59wwGgZ3Hmg7B4ncW/b2
m8drnMWeHAFomrfYAOWQYLNkjcd6lWnsGE80VIPnTasOlbiTN6MhherFcTXixonJ
lcplU8Q03ewYG2Gw/0ilGNf087pSS0MAeR2NZtbzZsX09D0InOfmMtMH7+3RMvxO
ACmdrpDGIKAqYmjzfDeGOtv7Xm7Rb27WLBf08gFyYgICw5b/oNyBhy9ghPRno/VN
odpT488xLrE0DY5I+YGn5PVGv7xkVGGVAgMBAAGjggGOMIIBijALBgNVHQ8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMGA1UdHwQsMCowKKAm
oCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxay5jcmwwSwYDVR0gBEQw
QjA2BgpghkgBhvpsCgEFMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVz
dC5uZXQvcnBhMAgGBmeBDAECAjBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGG
F2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlh
LmVudHJ1c3QubmV0L2wxay1jaGFpbjI1Ni5jZXIwJQYDVR0RBB4wHIILc3NsbGFi
cy5jb22CDSouc3NsbGFicy5jb20wHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+n
YMYKTL8wHQYDVR0OBBYEFLj8+Lbi3jpOau/zmnm3TSQhbhJiMAkGA1UdEwQCMAAw
DQYJKoZIhvcNAQELBQADggEBAKqkMEMLXD1KZK5b6r7szq/Y7HevB4uhjzbnl73L
iqBLOri1CtIT/dRcc2LQYRsf7t3RZSWa7uMy/J/DCsXPVeXQUQZ6/dKlJw3M9tct
YcxYq9Hva35pHVLb4x775yjXFgNiLWuJN4ZNis0AxYffKWXNpgIAPU4yVO2LTEI5
3ms8L/x9Fq9d8jMPYQRe+NP28sy8+PZpGbUzZ4AV5Kym60q3B4nQxuE21Tgrwmqa
7rR6zvqzFyAYNT/QYO4OgjrhzbI7ORX055laVh8kv2DrH4YOulKQKC+2HX/+e4WF
zhFqtJc5U1Va7L1iotMeMDL60o13BBnKZlsPQJeECjl9ZGQ=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Redwood City/O=Qualys, Inc./CN=ssllabs.com
issuer=/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4414 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
   Protocol  : TLSv1.2
   Cipher    : ECDHE-RSA-AES128-GCM-SHA256
   Session-ID: 41A00F894E9819D95E887F3BEBCB7352B7A8F89D691B7DE93EECB386711CE54F
   Session-ID-ctx:
   Master-Key: 3A7011D9BDF9374CDEE974BA4CEAE43A6639207D3949FB94EE66640CC9B5E1BD6CEF0229DB12D3FD47B62964FA88B4D7
   Key-Arg   : None
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   Start Time: 1508284442
   Timeout   : 7200 (sec)
   Verify return code: 0 (ok)
---
DONE
:O2: r12 400 mapleleaf :Indigo2IMP: r10 195 IRIS :SlabMonoTurbo: NeXT
New Zealand

rooprob

Grr. Still not happy on the blackbox..

Doesn't seem to like one of the certificates in the chain.


$ hostinfo
Mach kernel version:
        NeXT Mach 4.2: Tue Jan 26 11:23:59 PST 1999; root(rcbuilder):Objects/mk-183.34.4.obj~2/RELEASE_M68K

Kernel configured for a single processor only.
1 processor is physically available.
Processor type: MC680x0 (68040)
Processor speed: 33 MHz
Processor active: 0
System type: 4
Board revision: 0xf
Primary memory available: 128.00 megabytes.
Default processor set: 44 tasks, 76 threads, 1 processors
Load average: 0.00, Mach factor: 0.99

$ openssl version
OpenSSL 1.0.2l  25 May 2017

$  echo  | openssl s_client -connect www.ssllabs.com:443  -CAfile /usr/local/etc/ssl/certs/cacert.pem -tls1_2
CONNECTED(00000003)
depth=3 C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority
verify return:1
depth=2 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
verify error:num=7:certificate signature failure
84633024:error:04091064:rsa routines:INT_RSA_VERIFY:algorithm mismatch:rsa_sign.c:263:
84633024:error:1408D07B:SSL routines:ssl3_get_key_exchange:bad signature:s3_clnt.c:2038:
---
Certificate chain
0 s:/C=US/ST=California/L=Redwood City/O=Qualys, Inc./CN=ssllabs.com
  i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
  i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
2 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
  i:/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIEUNNZ8DANBgkqhkiG9w0BAQsFADCBujELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVz
dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNTAyMjIxMjE2NDFa
Fw0xODA1MjIyMzAwMDJaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
bmlhMRUwEwYDVQQHEwxSZWR3b29kIENpdHkxFTATBgNVBAoTDFF1YWx5cywgSW5j
LjEUMBIGA1UEAxMLc3NsbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCvqE2iGcksUERogopamWy4z/3FuVZUq5JXuFVOTvuoG5Vpq7s/HLTI
MD1V0mNpOIwRvz38oxioxZnKEBqKP0MCpkudDY/qm4FM59wwGgZ3Hmg7B4ncW/b2
m8drnMWeHAFomrfYAOWQYLNkjcd6lWnsGE80VIPnTasOlbiTN6MhherFcTXixonJ
lcplU8Q03ewYG2Gw/0ilGNf087pSS0MAeR2NZtbzZsX09D0InOfmMtMH7+3RMvxO
ACmdrpDGIKAqYmjzfDeGOtv7Xm7Rb27WLBf08gFyYgICw5b/oNyBhy9ghPRno/VN
odpT488xLrE0DY5I+YGn5PVGv7xkVGGVAgMBAAGjggGOMIIBijALBgNVHQ8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMGA1UdHwQsMCowKKAm
oCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxay5jcmwwSwYDVR0gBEQw
QjA2BgpghkgBhvpsCgEFMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVz
dC5uZXQvcnBhMAgGBmeBDAECAjBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGG
F2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlh
LmVudHJ1c3QubmV0L2wxay1jaGFpbjI1Ni5jZXIwJQYDVR0RBB4wHIILc3NsbGFi
cy5jb22CDSouc3NsbGFicy5jb20wHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+n
YMYKTL8wHQYDVR0OBBYEFLj8+Lbi3jpOau/zmnm3TSQhbhJiMAkGA1UdEwQCMAAw
DQYJKoZIhvcNAQELBQADggEBAKqkMEMLXD1KZK5b6r7szq/Y7HevB4uhjzbnl73L
iqBLOri1CtIT/dRcc2LQYRsf7t3RZSWa7uMy/J/DCsXPVeXQUQZ6/dKlJw3M9tct
YcxYq9Hva35pHVLb4x775yjXFgNiLWuJN4ZNis0AxYffKWXNpgIAPU4yVO2LTEI5
3ms8L/x9Fq9d8jMPYQRe+NP28sy8+PZpGbUzZ4AV5Kym60q3B4nQxuE21Tgrwmqa
7rR6zvqzFyAYNT/QYO4OgjrhzbI7ORX055laVh8kv2DrH4YOulKQKC+2HX/+e4WF
zhFqtJc5U1Va7L1iotMeMDL60o13BBnKZlsPQJeECjl9ZGQ=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Redwood City/O=Qualys, Inc./CN=ssllabs.com
issuer=/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4354 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
   Protocol  : TLSv1.2
   Cipher    : 0000
   Session-ID: 6EECB136D6502B57238C6D3CC52BB499005F0DA3C86E2134CC95162A8182A770
   Session-ID-ctx:
   Master-Key:
   Key-Arg   : None
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   Start Time: 1508404053
   Timeout   : 7200 (sec)
   Verify return code: 7 (certificate signature failure)
---

:O2: r12 400 mapleleaf :Indigo2IMP: r10 195 IRIS :SlabMonoTurbo: NeXT
New Zealand

oneNeXT

Hi ,

did you make any progress with new release of openSSL ?

What do you think of axTLS ?

rooprob

Hi
No progress :(

It works on OS4 on my virtualbox in i386, just not in m68k.
Tried stock compiler and egcs. I guess it's a subtle bug at this point but debugging native taxes my patience (so slow).

Have wolfssl on my todo list, as it claims OpenSSL compat and c89 code.
Will fire up soon and see.

If you have hardware and can try, share and we can debug.

Cheers
:O2: r12 400 mapleleaf :Indigo2IMP: r10 195 IRIS :SlabMonoTurbo: NeXT
New Zealand

t-rexky

Just for kicks, have you tried my m68k gcc-3.4.6 port?  If the bug is compiler driven then maybe it will help?

rooprob

Hey T-rexky.

I do have gcc-3.4.6-ns1.Ns.tar.gz in my archive, so I should give that a spin.
I have tried with egcs-m68k.1.1.2.3.NI.b.tar  which did get me through a tricky define expansion, but that, sadly wasn't it.  It's feels like it could be file handling, or actual RSA, but I'm not there yet.

I have to tackle this from first principles. I've gone back to basics with Stevens UNIX Network Programming. I have limited time, so it's definitely a put down and pickup task. But it's got me into the time long forgotten - the mid 90s and the 4.3 vs 4.4 world. An "applied filling in the blanks", from the first time round.
:O2: r12 400 mapleleaf :Indigo2IMP: r10 195 IRIS :SlabMonoTurbo: NeXT
New Zealand

rooprob

Tried and failed to recreate T-rexky's skills and get a fully working TLSv1.x supporting openssl on black hardware.

Whilst writing this, I just reminded myself that it *did* work on virtualbox (aka white hardware), just not against the black cpu.

Never give up!
:O2: r12 400 mapleleaf :Indigo2IMP: r10 195 IRIS :SlabMonoTurbo: NeXT
New Zealand

rooprob

I think I'm ruling out file I/O, since this test doesn't write anything to disk.

These demo programs focusing on pure crypto side of things, validating internal structures. Looks like RSA is the odd one out. HMAC seems to be OK.

https://github.com/rooprob/OS42ssl
:O2: r12 400 mapleleaf :Indigo2IMP: r10 195 IRIS :SlabMonoTurbo: NeXT
New Zealand