openssl / web Goto Github PK
View Code? Open in Web Editor NEWwww.openssl.org
www.openssl.org
If you go to the FIPS wiki page it states that a new FIPS module will be available with the OpenSSL 1.1 series . However, this is most definitely not the case, as the OpenSSL project has stated that the new FIPS module will instead be usable only with OpenSSL 3.0 and later.
A new validation effort is to develop and validate a new open source based cryptographic module was announced in July 2016[5]. This new module will be usable with OpenSSL release 1.1. It will provisionally be called OpenSSL FIPS Object Module 3.0.
Hi,
I’m trying to use the “OpenSSLBitcode” framework from Cocoapods,
I’ve been using OpenSSL-Universal for a while, but I now require Bitcode support for may app.
When I run “pod install” I get a "404 Not Found” error back as follows:
$ pod install
Analyzing dependencies
Downloading dependencies
Installing OpenSSLBitcode (1.0.217)
[!] Error installing OpenSSLBitcode
[!] /opt/local/bin/curl -f -L -o /var/folders/2z/lt84ktj14c107snw07w_6jz80000gn/T/d20200410-10182-rzp56r/file.tgz https://openssl.org/source/openssl-1.0.2q.tar.gz --create-dirs --netrc-optional --retry 2
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 338 100 338 0 0 338 0 0:00:01 --:--:-- 0:00:01 1522
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 404 Not Found
My Podfile contains the following fragment:
target ‘MyTargetApp' do
pod 'OpenSSLBitcode'
end
Am I doing something wrong, or is this a problem at your end?
Thanks in advance.
Update sponsors page to list current sponsors and sync the donations and acks page to better match reality.
sponsors.diff.txt
https://www.openssl.org/source/mirror.html
AT ftp://gd.tuwien.ac.at/infosys/security/openssl/, CA http://openssl.skazkaforyou.com/ are no longer available. I found two unavailable mirror sites.
Matt reported: We also need to fix the script so that it doesn't leave trailing whitespace at the end of a line. MITRE seem to strip it before they merge our changes. So if you then later regen the json for
some minor update it shows loads of changes...
The sitemap.txt
file includes mention of roadmap.html
and roadmap_2015-2016.html
under policies, neither of which exists. The sitemap is available from the website at the bottom of the pages.
All the entries in the sitemap should be verified I suspect.
For example, there's no mention of TLS 1.3, and I believe there are a few other ones missing as well. We might want to mentioned SM2, SM3, SM4, ...
This page
https://www.openssl.org/news/changelog.html
contains this text
"This is the changelog for the master branch, the one that is currently
in active development. The plain-text / markdown version of this
document is available here:"
and a link to:
https://www.openssl.org/news/changelog.md
However, the 'changelog.md' page returns a "Page Not Found."
Should we have a FAQ about the opaque data structure stuff?
openssl/openssl#11914 added "Fully Pluggable TLSv1.3 Key Exchange" to libssl
@mattcaswell this seems like quite a significant new feature for libssl (I am pretty excited about it and its potential!): should we add a CHANGES and a NEWS entry for it?
Yes - it should have that. I'd actually like to blog about it at some point with some kind of tutorial type approach to explain how to use it.
Originally posted by @mattcaswell in openssl/openssl#11914 (comment)
This is a reminder for @mattcaswell , further down when we are approaching the release, as it is a great idea!
If should probably mention that the 1.0.2 FOM is based an and unsupported release, and that 3.0 will have an integrated crypto module, and perhaps little else about 1.0.2
This two links below have <link rel="canonical" href="https://www.openssl.org/">
, rather than the actual URL.
https://www.openssl.org/docs/OpenSSLStrategicArchitecture.html
https://www.openssl.org/docs/OpenSSL300Design.html
(from openssl/openssl#6803)
The very first CSS rule in /inc/screen.css
has the style font: inherit
. This suppresses the effect of all B<>
perldoc tags that we insert painstakingly into the man pages' source.
In the latest blog entry, there are several links that are probably not rendered as intended, for example:
to name only a few of these fragments, cited verbatim.
During submission of the first chunks of our CMP contribution I learned that there are some (implicit) coding-style rules that are not (yet) part of the official coding guideline at https://www.openssl.org/policies/codingstyle.html. In particular:
&&
and ||
operators should not be given at the end of lines but at the beginning of the following line, with and extra indentation of 4 spaces.Are there further such implicit rules to be followed?
Please update that Coding Style document accordingly.
Meanwhile we found that there is automated tool support for (re-)indenting source files:
the indent
configuration file util\indent.pro
, which is used by the util/openssl-format-source
script.
Apparently this tool has not been used on many of the OpenSSL source files.
It this tool recommended to use, at least for new source files?
If so, also util\indent.pro
should be updated to reflect all coding style rules, also those that are so far implicit.
In particular, the above rule on &&
and ||
is not reflected there. Would it be possible to state it as an indent
rule, and if so, how to do it?
Something is wrong with formatting here: https://www.openssl.org/news/openssl-1.1.1-notes.inc that is affecting the HTML version: https://www.openssl.org/news/openssl-1.1.1-notes.html
The text version has the updates correctly appearing in the 1.1.0 notes file: https://www.openssl.org/news/cl110.txt
I'm not sure how to submit a pull request for this problem because the source files do not appear to be in this repository.
https://www.openssl.org/docs/manmaster/ leads to a broken page at the moment.
| Name | Last modified | Size | Description
-- | -- | -- | -- | --
| Parent Directory | | - |
| man1/ | 2020-09-26 12:05 | - |
| man3/ | 2020-09-26 12:05 | - |
| man5/ | 2020-09-26 12:05 | - |
| man7/ | 2020-09-26 12:05 | - |
Links like https://www.openssl.org/docs/manmaster/man3/SSL_read.html leads to
Page Not Found
Sorry, but the link you gave does not exist.
To get the latest news about OpenSSL, download the source, and so on, please see the sidebar or the buttons at the top of every page. For more information about the team and community around the project, or to start making your own contributions, start with the community page.
You are here: Home
Sitemap
https://www.openssl.org/docs/man1.1.1/ works fine.
This repo currently has none 😢
The source archive https://www.openssl.org/source/old should list versions from new to old.
Originally posted by @mspncp in #231 (comment)
We have .well-known/security.txt in git and it's even in /var/www but it appears as a 404 at https://openssl.org/.well-known/security.txt even before Akamai. I don't have access to the Apache logs to figure out why.
Currently, the old policies (as web pages) coexist with the new policies in the general and technical policies repos.
This needs to be rectified.
How manual is the process of updating the website? Are there any pain points that can be automated? Roughly how often does it occur?
Matt reported:
bin/vulnxml2json.py -i news/vulnerabilities.xml -c CVE-2019-1551
Traceback (most recent call last):
File "bin/vulnxml2json.py", line 42, in <module>
response = urllib.urlopen(options.schema)
File "/usr/lib/python2.7/urllib.py", line 87, in urlopen
return opener.open(url)
File "/usr/lib/python2.7/urllib.py", line 215, in open
return getattr(self, name)(url)
File "/usr/lib/python2.7/urllib.py", line 445, in open_https
h.endheaders(data)
File "/usr/lib/python2.7/httplib.py", line 1065, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 892, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 854, in send
self.connect()
File "/usr/lib/python2.7/httplib.py", line 1290, in connect
server_hostname=server_hostname)
File "/usr/lib/python2.7/ssl.py", line 369, in wrap_socket
_context=self)
File "/usr/lib/python2.7/ssl.py", line 599, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
IOError: [Errno socket error] [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:727)
This is on Ubuntu with an up to date CA-certs file. The workaround is to download the schema manually and add it to the command line, the script should catch this error and give the details on how to do that
The manual 'index' pages such as https://www.openssl.org/docs/man1.1.1/man1/, just do the equivalent of a directory listing, showing filename and meta-data. As suggested by Jakob Bohm on the openssl-users mailing list:
Consider at least including the one-line manpage summaries on the index
pages (the ones displayed by the apropos command on POSIX systems).
https://www.openssl.org is up though. The reason why I'd like to submit this issue is that some of my dependencies in an iOS project point at openssl.org without www.
Is this an issue or should I start transitioning my dependencies (cocoapods) towards www domain name? :)
The downloads page at https://www.openssl.org/source/ says:
PGP keys for the signatures are available from the OMC page. Current members that sign releases include Richard Levitte, Stephen Henson and Matt Caswell.
However, there is no listing for Stephen Henson on the OMC page at https://www.openssl.org/community/omc.html. I'm guessing he no longer signs releases.
Hi,
ten days ago I added OpenSSL 3.0.0-alpha14 to CPython's pre-commit CI. Our CI just broke because
https://www.openssl.org/source/openssl-3.0.0-alpha14.tar.gz has been deleted and GH purged our build caches. I haven't had time to update Python 3.8 and 3.9 feature branches.
Please keep older alphas around for a little while longer.
Thanks!
As discussed in openssl/openssl#18015:
The URL of the coding guidelines recently changed
from https://www.openssl.org/policies/codingstyle.htm
https://www.openssl.org/policies/codingstyle.html
to https://www.openssl.org/policies/technical/coding-style.html.
Many search engines and likely also various external web pages still point to the old location.
So some forward pointer, ideally an automatic redirect or rewrite rule should be placed there.
alexgaynor@penguin ~> http head 'https://www.openssl.org/source/openssl-1.1.1-latest.tar.gz'
HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Cache-Control: max-age=172793
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 31 Mar 2020 13:15:08 GMT
Expires: Thu, 02 Apr 2020 13:15:01 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Moved from openssl/openssl#2264
We get asked how to enable weak ciphers. The FAQ should talk about the compiling flags and the @SECLEVEL thing.
https://www.openssl.org/docs/faq.html#toc
In the following sentence:
"You can finder pointers to binary distributions in https://www.openssl.org/community/binaries.html . "
s/finder/find
According to https://datatracker.ietf.org/doc/draft-foudil-securitytxt/?include_text=1 a few changes need to be made to the security.txt This is currently in the .well-known directory. If changed, it will have to be re-signed.
Contact: mailto:[email protected]
Contact: https://www.openssl.org/community/#securityreports
Canonical: https://www.openssl.org/.well-known/security.txt
Encryption: https://www.openssl.org/news/openssl-security.asc
Acknowledgement: https://www.openssl.org/news/vulnerabilities.html
Policy: https://www.openssl.org/policies/secpolicy.html
Signature: https://www.openssl.org/.well-known/security.txt.asc
I am not making a PR since I can't re-sign the document. :)
According to 4.1 , perhaps a redirect-permanent from /security.txt to the well-known version is worthwhile as well.
Navigating to this page there are no links to old 3.0 alpha releases:
https://www.openssl.org/source/old/
However, the releases do exist if you happen to know the right location:
https://www.openssl.org/source/old/3.0/
bin/mk-sitemap
needs to be modified to allow exclusions of some well chosen patterns.
Those patterns should be possible to give through a make
variable. to allow the process that builds our web site to exclude things that are local to that build process.
Don't just link to the github repo - render the markdown for the policies on the website.
inc/head.shtml, which is included by just about every file on the site, has these lines
<script src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
<script>!window.jQuery && document.write(unescape('%3Cscript src="./inc/libs/jquery-3.5.1.min.js"%3E%3C/script%3E'))</script>
You should replace them with this single line:
<script src="/inc/libs/jquery-3.5.1.min.js"></script>
This will use the cached script and not go to a central site to download a file that is, well, already on your site. :)
ping @levitte
I see that on a pull request we cross build for various platforms. I'm wondering if any of those qualify for our primary or secondary platform list. That all seem to be using Ubuntu.
I have access to all official ports of Debian and am willing to support them. That's currently: amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el and s390x. I most likely have access or can get access to all unofficial ports too.
https://www.openssl.org/docs/standards.html page still refers to RFC 2898 for version 2.0.
Clearly not critical but worth updating.
Hello OpenSSL folks,
While navigating through old content I found that the certificate for rt.openssl.org expired almost a month ago.
Issued On Friday, January 1, 2021 at 10:37:23 PM
Expires On Thursday, April 1, 2021 at 11:37:23 PM
I appreciate if you could take a look at it.
Thanks
While doing a larger OpenSSL usability study, we found out that many online man pages that are linked from relevant Stack Overflow threads are inaccessible, since they miss a redirect (which is a pity!).
Specifically, many pages link to commands in this way:
which has a redirect for
However, in the manmaster
section, the subsections are no longer apps
/ssl
/crypto
but man1
/man3
/man5
/man7
.
Sure, it may not seem that important, but half of the man page links from various internet tutorials our participants (~70 people) wanted to use got them a 404 on OpenSSL pages. Fixing would only require a handful of redirects.
These rewrites would be needed (order matters, since the structure changed):
From | To |
---|---|
/docs/manmaster/apps/config.html | /docs/manmaster/man5/config.html |
/docs/manmaster/apps/x509v3_config.html | /docs/manmaster/man5/x509v3_config.html |
/docs/manmaster/crypto/bio.html | /docs/manmaster/man7/bio.html |
/docs/manmaster/crypto/crypto.html | /docs/manmaster/man7/crypto.html |
/docs/manmaster/crypto/ct.html | /docs/manmaster/man7/ct.html |
/docs/manmaster/crypto/des_modes.html | /docs/manmaster/man7/des_modes.html |
/docs/manmaster/crypto/evp.html | /docs/manmaster/man7/evp.html |
/docs/manmaster/ssl/ssl.html | /docs/manmaster/man7/ssl.html |
/docs/manmaster/crypto/x509.html | /docs/manmaster/man7/x509.html |
/docs/manmaster/apps/* | /docs/manmaster/man1/* |
/docs/manmaster/ssl/* | /docs/manmaster/man3/* |
/docs/manmaster/crypto/* | /docs/manmaster/man3/* |
Of the overview manuals (man7
), I couldn't find the counterparts of Ed25519.html
, RSA-PSS.html
, X25519.html
and ossl_store.html
, but I suspect these were newly written when moving to the manX
system.
Another possibility is to redirect things like /docs/apps/rsa.html
to a particular version of OpenSSL (e.g. /docs/man1.1.0/apps/rsa.html
). This would now require the apps
/ssl
/crypto
to manX
translation, but I think it would be unwise to bind on a particular API version.
In the paragraph committers.html, L92ff there are email links to [email protected] and [email protected]. Are these still correct? I don't know whether openssl-team still exists, but openssl-dev was certainly abandoned. Which are the correct replacements? openssl-project is not open to other OpenSSL contributors.
Also the github handles @openssl/team and @openssl/dev seem to be outdated.
Because our web production is divided into multiple directories (/docs
and /blog
are separated from the rest of our web), it should be available as a script separated from openssl/web.git, and should also be made to handle two extra arguments:
/var/www/openssl
, which misses out on anything /docs or /blog)In addition to GOST, there's also a TPM engine available at https://sourceforge.net/projects/trousers/files/OpenSSL%20TPM%20Engine/
For instance, consider:
https://www.openssl.org/blog/blog/2016/10/24/f2f-roadmap/
On the right hand side, "Recent Posts" starts with "OpenSSL and Threads", which is currently the most recent blog entry. Thus, the navigation works exactly as expected.
In contrast, please consider:
https://www.openssl.org/blog/blog/2017/02/13/bylaws/
On the right hand side, "Recent Posts" starts with "Project Bylaws", which is no longer the most recent entry.
In complete analogy, please contrast:
https://www.openssl.org/blog/blog/2016/07/20/fips/
with:
https://www.openssl.org/news/changelog.html
Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
Changes between 1.1.1a and 1.1.1b [xx XXX xxxx]
Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
Changes between 1.1.0h and 1.1.0i [xx XXX xxxx]
1.1.1c and d are missing, and the timestamps are missing.
This affects the "source" part of the website. From a posting to CFRG, https://mailarchive.ietf.org/arch/msg/cfrg/qLTveWOdTJcLn4HP3ev-vrj05Vg/:
I can confirm that I have abandoned all OCB patents
and placed into the public domain all OCB-related IP of mine.
While I have been telling people this for quite some time, I don't
think I ever made a proper announcement to the CFRG or on the
OCB webpage. Consider that done.
I hope people will use the scheme to do positive things.
phil
It would be very appreciated if you would provide an easy to find direct link to the release-notes from the page with the downloads, to the changelog/release-notes for that particular release. Perhaps right next to the download link?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.