e SSL_CTX is being used. The verify_callback you supplied to the
SSL object is stored into the object, but it is actually never used.
This seems to be a bug :-)
I'll have to go through this again to make sure that I did not miss
anything and then consider the best stra
to the openssl-source and test
again?
It should bring the behaviour up to the state of the documentation :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elekt
i_X509() function to transfer the contents of this array into the
X509 and load it using SSL_CTX_use_certificate().
(OpenSSL rsa does not have a -C option, so transferring it into an array
is left as an exercise to the reader :-)
Best regards,
Lutz
--
Lutz Jaenicke
on Solaris 8 this seems not to be done automatically
> > + (in contradiction to the requirements of the C standard).
> > + This made problems when used from OpenSSH.
> > + [Lutz Jaenicke]
>
> I really don't believe this! Are you sure? Have you get a
his morning to find out how to handle
the libeay.num thing "the official way".
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
n tell, i must be missing something
There is a manual page for SSL_CTX_use_certificate in my copy of OpenSSL.
A manual page for d2i_X509 does not exist, but the handling of all
d2i_* functions is similar, so you can use the description of
d2i_SSL_SESSION.
Good night,
Lutz
typos are left even in OpenSSL 0.9.6b.
Thanks, has been fixed.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 6
ial meaning, it is handled
accordingly.)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4,
On Thu, Aug 16, 2001 at 09:15:36AM -0500, Stephen Hinton wrote:
> This is the first patch I've submitted for OpenSSL. Feedback about what I
> did wrong (and what I did right) is appreciated.
Well done. Patches have just been applied.
Best regards,
Lutz
--
Lu
anybody have an idea on why this distinction is being made?
It doesn't make sense to me. (If nobody has an idea on why it should not be
public, I will make it public.)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.a
did check in the version from the wrong directory. One better
should not work on Sundays. (fixed)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechni
nsequence of all the drawbacks the actual setup has...
I will add an appropriate note tomorrow.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
e. With certificates typically having a size of 1-2kB this
would mean a chain length of ...
And it also means that 100kB are on the wire even before any payload is
handled...
> The SSLv3 specs don't set this limit, but rather allows 2^24 certificates.
> I understand the need to
6b.
Thanks, applied!
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax
On Fri, Aug 24, 2001 at 06:31:56PM -0700, Doug Kaufman wrote:
> On Fri, 24 Aug 2001, Lutz Jaenicke wrote:
>
> > On Thu, Aug 23, 2001 at 02:21:27PM -0500, Douglas E. Engert wrote:
> > > ! #if defined(MSDOS) && !defined(WIN32)
> > > !
.
This problem has been fixed in the CVS tree on August 7, 2001 and the
fix will therefore be part of the next release.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl
There exists an undocumented -Fl option (at least on 10.20).
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4,
On Sat, Aug 25, 2001 at 01:59:24PM +0200, Lutz Jaenicke wrote:
> I'll add it to the TODO list. If we change this to a dynamic limit,
> we could start with 16kB (platform independant) and then applications
> may decide at will. 16kB should be sufficient in most cases, because
>
ackported the shared
library support from 0.9.7-dev to 0.9.6x?
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaets
ical reasons?)
The time the OpenSSL team members can spend on the project is limited.
If you can supply a patch, we will strongly consider applying it :-)
Please only take care of the current development snapshot (0.9.7-dev).
The development for 0.9.6c is more or less finished and for compatibility
r
.
There are reasons, why the shlib/hpux10-cc.sh is looking somewhat
complicated (besides building with +O4=optimization at link time)...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/persone
ctor
is one indicator.
If we choose a value of 0, we mean that there may be entropy in it, but
maybe an attacker can predict the value, so we use it but do not count
it as a really unpredictable input.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cott
On Wed, Nov 14, 2001 at 10:59:57AM -0800, Michael Sierchio wrote:
> Lutz Jaenicke wrote:
>
> > The entropy parameter should tell, how much "uncertainty" is in the
> > data provided.
>
> > If we choose a value of 0, we mean that there may be entropy in it,
lled until the the reference count
>has reached 0.
Thanks, I have rephrased the corresponding paragraph.
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrote
ical API
SSL_get_peer_certificate(), SSL_get_peer_cert_chain() to obtain the
X509 objects. You can then simply write them to file using the
PEM_write_X509()/PEM_write_bio_X509() function.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.ae
eing resumed.
The OpenSSL client does set the cipher based on this returned value.
It is therefore not necessary to set the cipher in advance.
Do you have any problems due to this behaviour?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECT
y
> against the saved file. However, it still complains in
> verify_callback that peer cert by server is untrusted.
Ah! For the verification to succeed, you must capture the CA chain
including the root certificate. OpenSSL's verification routines by
now do not allow single peer cer
k(),
but I don't have a code sample. If I remember correctly I discussed this
issue publicly on this list some time ago.
I do use Konqueror at home and it does seem to support peer certificate
checking, so you may want to check out the Konqueror source.
Best regards,
Lutz
--
Lu
be changed to all lower case for consistency with
> other messages.
Will be fixed in a minute.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrot
better
suited to your needs, as it is intended for application and not for testing?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
client you are most welcome to post it to this list :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-412
On Tue, Oct 16, 2001 at 02:30:03PM +0100, Adam Back wrote:
> On Sun, Oct 14, 2001 at 06:19:30PM +0200, Lutz Jaenicke wrote:
> > [...]
> >
> > * If you have any patch to submit that will improve the behaviour of
> > s_client you are most welcome to post it to this li
time of
the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
to allow the necessary settings.
[Lutz Jaenicke]
The fix will be available in 0.9.6c (due out in the next days!?) and 0.9.7.
Nevertheless: thanks for your effort!
Best regards,
Lutz
--
Lut
k version of HP-UX, so it should be detectable...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Univer
this list. One advantage of mailing lists
is that they can be very informative and stimulating, because you
get an insight into other peoples work.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.D
an arbitrary number fixes a problem, there is a bug around that
must be fixed. Just increasing buffer allocations only hides the problem,
it does not solve it.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Co
On Thu, Dec 13, 2001 at 10:06:45AM +0100, Srikanta Nayak wrote:
> How openSSL will looks EGD ? Is there any such documentation available on net
>related to it?
http://www.openssl.org/support/faq.html#USER1
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU C
ssing, as they have already been read
by PEM_read_X509().
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Univer
_name
man ciphers (-v option)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-0304
fication) or "0" (verification failure). Only when ok is set
to 0, the return value of X509_STORE_CTX_get_error(ctx); is
significant.
If not sure, you should start without a callback function and see,
whether the certificate verification fails (it should).
Best regards,
egards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
"+O4" it during the finale link stage.
And, please patch up your compiler to the latest patchlevel. You can
download the patches for free and I really had problems at high optimization
levels that went away with the latest patchlevels.
Best regards,
Lutz
--
Lutz Jaenicke
using one of the available OpenSource RFC2487
implementations.
You can start with mine at
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls
and by having a look into my references you can check the others.
Regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTE
1:24 ws01 postfix/smtp[26638]: TLS connection established: TLSv1 with
cipher EXP1024-RC4-SHA (56/128 bits)
Oct 7 19:01:24 ws01 postfix/smtp[26638]: 4C18F82BB: to=<[EMAIL PROTECTED]>,
relay=serv01.aet.tu-cottbus.de[141.43.132.161], delay=1, status=sent (250 Ok: queued
as DBB0
On Wed, Oct 13, 1999 at 06:29:32PM +0200, Lutz Jaenicke wrote:
> > Speaking of which, now that Netscape (at least) ship a client that
> > supports the new 56/1024 bit ciphersuites, should we switch them on?
>
> Hmm, I tried them and they did work with Netscape.
> I however a
On Thu, Oct 14, 1999 at 10:32:20AM +0200, Lutz Jaenicke wrote:
> From the source code I think, part of the problem is the "exportable" check
> with SSL_IS_EXPORT (and derivatives of this macro), since there is a
> EXPORT56 check macro available, but I don't see it actuall
g into it even deeper, sigh.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplat
On Thu, Oct 14, 1999 at 10:54:12AM +0100, Ben Laurie wrote:
> Lutz Jaenicke wrote:
> SSL_IS_EXPORT checks for either, so this isn't the problem.
Ok, spend some more hours walking through ssl_ciph.c and I think by now
I do know what is going on :-)
When assembling the list of ciphers,
break binary compatibility (and this should be done
as seldom as possible), I would like to hear opinions and maybe proposals
for further improvements/enhancements.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
t stuff can download the patch at
ftp://ftp.aet.tu-cottbus.de/pub/postfix_tls/related/openssl-patch/
Best regards,
Lutz Jaenicke
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allge
.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax
e() and a lot of other
similar routines, where you of course have to take care of your pointers
yourself.
Regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
ded in CAfile are listed to the client as
available for checking. You can however influence this list using the
SSL_CTX_set_client_CA_list() call.
(From memory, hopefully I got it right :-).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Co
fig no-asm does nothing. using an updates RH 6.0 box
On my SuSE 6.2 I have:
/usr/include/asm -> ../src/linux/include/asm-i386
So the kernel sources must be installed. Probably the same is true for
RH 6.0 (even though my errno.h and bits/errno.h seem to be different
and to not require asm/er
ch was partly inspired by Ben Laurie in private communication.
Best regards,
Lutz Jaenicke
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
ook me longer to reverse engineer the old function than rewriting it...
- Then AUDIT the complete OpenSSL package itself :-) Since I write software
using the OpenSSL library and the documentation (users/API) is ... thin,
I have to go directly to the code sometimes: I don't want to have to
On Tue, Dec 14, 1999 at 01:58:17PM +0100, Ulf Möller wrote:
> On Tue, Dec 14, 1999 at 10:20:47AM +0100, Lutz Jaenicke wrote:
>
> > - There is (unfortunately) no "official" way to submit bug reports or patches
> > listed. There is openssl-bugs, which is however gate
into an endless loop.
Reproduce with "openssl s_server -cipher DEFAULT:=aRSA".
I have appended the README for the complete patch and attached the patch
itself and its PGP signature file.
Regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
n evaluation of the available
certs, because this further restricts the available certificates, see
ssl3_choose_cipher().
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
names beginning with "ADH", e.g.
"ADH-DES-CBC-SHA". The length must also be checked.
Please find attached the fixed version B.04.
Best regards,
Lutz Jaenicke
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
Hi,
in crypto/pkcs7/Makefile.ssl a "make clean" leaves over the testapps
"enc", "dec", "sign", and "verify".
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-
?? Otherwise the default should not be
+O4 or +O3 in order to avoid complaints...
Best regards,
Lutz
PS. I checked my archive, similar information was posted by "anonymous" on
Date: Mon, 8 Nov 1999 17:59:37 +0100 (CET)
Message-Id: <[EMAIL PROTECTED]>
From: Anonymous <[EMAIL PR
sult as of now: +O3 and +O4 do not work on HP-UX 10.20 (and probably
with 11.0) as of the latest snapshots, even with tons of memory.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/perso
s in SHA_ARRAY at rmd_dgst.c:295, including
your respective comment... As of now the "ccom" has spend 12 minutes
on this file, I will leave it running for some more time. Maybe it will
terminate, but I guess it won't.
Best regards,
Lutz
--
Lutz Jaenicke
_XARRAY
in "Configure" so that the mechanism is visible and documented. My experience
with "magically" obtained machinery/compiler properties are not the best
and tracing through the source and/or a "machdep.h" to find out what
alternative of the code is used dep
enssl with shared libraries. I have
extended it a bit so that I run +O4 shared libs and apps with +O3 static
libs, since the shared libs are optimized while building the libs, so the
actual linking to applications is fast. It might take some minutes more
tweaking before I can re-publish
uer before before signing.
(I just started experimenting with dNSName usage and don't feel confident
enough to already provide a patch myself).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/pe
tot+=RAND_egd(n);
tot+=RAND_load_file(n,1024L*1024L);
Hence, "tot" will yield "-1":
ws01 222: ./openssl genrsa -out somekey.pem -rand /does/not/exist
-1 semi-random bytes loaded
Generating RSA private key, 512 bit long modulus
...
Best regards,
Lutz
--
Lutz Jaeni
)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax.
-DBN_DIV2W
-DMD32_XARRAY
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044
yes, I know its old :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044
; Out of curiosity, which version of HP-UX?
10.20
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
to seed the PRNG.
Hey, OpenSSL maintainers, please put a big red sticker onto the HTML-pages
or even let an extra window pop up with this hint :-)
Otherwise I already predict the major topic in the OpenSSL mailing lists
for the next days...
Best regards,
Lutz
--
Lutz Jaeni
-DMD32_XARRAYBN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
This is the same target as in hpux-parisc-cc, but +O3 replaced with +O4.
I cannot work around it with Configure call, since the flags passed
are _prepended_ and so the +O3 in Configure would win...
Best regards,
Lu
quot; message per line, but well, I don't
do it that often. There is another warning about building shared libraries
with optimization > +O2 anyway :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbu
-> libssl.so.1
-r-xr-xr-x 1 root sys 283806 Mar 1 13:38 libssl.so.1
-r--r--r-- 1 root sys 341268 Mar 1 13:38 libssl_pic.a
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.ae
BTW, what are
> you used to, config or Configure? Note that there're new unified config
> lines, namely hpux-parisc-cc, hpux-parisc-gcc and hpux64-parisc-cc.
Ok, I have just checked hpux-parisc-cc and it does compile without problem.
Best regards,
Lutz
--
Lutz Jaenicke
On Mon, Feb 14, 2000 at 09:58:43PM +0100, Ulf Möller wrote:
> On Sun, Feb 13, 2000 at 08:27:13PM +0100, Lutz Jaenicke wrote:
>
> > tomorrow morning. I typically call Configure directly, because the "perl"
> > in the default path is perl4 and a "perl5 Config
*x)
{ return ASN1_STRING_data(x); }
Probably there was meant:
{ return M_ASN1_STRING_data(x); }
???
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotech
and s_server seem to work (next thing to try will be Postfix/TLS).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 6
querying it being quite simple.
a. Could you thing of including EGD support into the apps/?
b. Can you give recommondations on the number of bytes needed to seed
the PRNG? Consider me using EGD
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED
ed, an erronous
error is reported.
Proposed fix: change the failure condition to
if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) <= 1)
return(0);
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus h
is based on) return 0?
I tracked it down this morning, it is in x509_d2.c.
Please check for a mail in openssl-dev named
[BUG] Reading CAfile returns wrong result with more than one cert
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
quite uncomfortable with OpenSSL since the openssl.cnf file
must be changed according to the certificate you want to generate. One
can have more than one dNSName field, but then the cnf file must have the
number of dNSName fields reserved!?
Best regards,
Lutz
--
Lutz Jaenicke
e macro like
#define RAND_POOL_LENGTH 1024
to rand.h.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Unive
gt; a single byte in return to the Client Hello (same problem with OpenSSL
> 0.9.4, and with Netscape).
Hi,
I have just tried it with latest SNAPSHOT on HP-UX 10.20.
Could reproduce the problems.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU
On Wed, Feb 23, 2000 at 06:45:46PM +0100, Bodo Moeller wrote:
> On Wed, Feb 23, 2000 at 02:32:32PM +0100, Lutz Jaenicke wrote:
> > I have just tried it with latest SNAPSHOT on HP-UX 10.20.
> > Could reproduce the problems.
>
> www.rsasecurity.com does not count because th
Maybe you can include the script and makefile into shlib/ or decide to
implement a "contrib/" hierarchie.
Best regards,
Lutz
PS. And don't forget, that the basic idea is from anonymous, not mine :-)
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
Due to a misunderstanding within the OpenSSL team we ran into trouble
with our mail and mailing service still hosted at the old server
(hopefully I will be able to complete the migration to the new server
over the Christmas break).
Caused by a so
On 06/11/2014 11:10 PM, Kurt Roeckx wrote:
> I still didn't get a reply from RT, so I'm just going to forward
> this for now.
>
>
> Kurt
>
Hmm. It at least does not show up in the mail log of the system hosting
RT...
Ah, I now see why: it is addressed to r...@debian.org...
Since you attached th
On Mon, Nov 10, 2014, Piotr Sikora wrote:
> (for some reason it was never received by rt@, so resending here)
Slipped through the moderation queue, sorry. It is in RT now.
Best regards,
Lutz
--
Lutz Jaenicke jaeni...@openssl.org
OpenSSL Project http://www.openssl.
On Mon, Feb 23, 2015 at 11:53:17AM +0100, Rainer Jung wrote:
> Am 10.02.2015 um 21:30 schrieb Matt Caswell:
>
> >On 10/02/15 19:23, Rainer Jung wrote:
> >>Hello everyone,
> >>
> >>I sent a mail to r...@openssl.org 3 days ago, subject "OpenSSL 1.0.2 "make
> >>test" bus error in evp_test (Solaris 10
[[EMAIL PROTECTED] - Wed May 1 20:09:16 2002]:
> I we compile with intel icc using intels math library libimf.a, it would
> probably boost performance a lot.
>
> Intel's compiler version 6.0 is available for non commercial use.
Hmm. Should not be too difficult to create a new entry for
"Conf
[[EMAIL PROTECTED] - Wed May 1 12:20:35 2002]:
> ! echo " #define DATE \"`date`\""; \
> ! echo " #define DATE \"`LC_TIME=C date`\""; \
Is anybody aware of a platform on which this would cause trouble?
Best regards,
Lutz
I have added the missing ";" for 0.9.7-dev and -dev.
We had no reports for 0.9.6d-beta1, even though the problem seems
to be in it, too. I however don't want to break that version
just minutes before it is released.
Best regards,
Lutz
_
[[EMAIL PROTECTED] - Thu May 9 22:13:32 2002]:
> I am trying to compile on a 64 bit Suse sles7 powerpc system.
> the error message indicates
>
> -m486
>
> is an invalid compiler parameter. Anyone know the parameters I need to
give
> ./config to
> get it to work for 64 bit Suse on a powerpc???
Thanks. I have added a corresponding entry into "config".
Please check out a new snapshot for correct behaviour.
Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development M
[[EMAIL PROTECTED] - Sun May 12 22:48:56 2002]:
> JFYI, when updating our package from 0.9.6c to 0.9.6d I've noticed
> that the new shared libcrypto library doesn't work anymore. The
> openssl(1) binary wouldn't recognize any of the block ciphers. I
> tracked this down to the addition of -Wl,-
[[EMAIL PROTECTED] - Wed May 15 13:25:14 2002]:
> Hi!
>
> i use Your project in my Client-Server project.
> For example, my Server calls BIO functions to use opened socket
> for handshaking , after that init_ssl_connection and everything works
fine.
> But what will happen if i'll try to use cli
Thanks, I have fixed the problem.
I have found the missing =over 4 directly before the =back.
Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List
401 - 500 of 791 matches
Mail list logo
