SSL_CTX *ssl_ctx = SSL_CTX_new( NULL);
Hello openssl-dev,
First of all - Big Thanks! for the OpenSSL package!
Is it possible to have in a text like this:
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
ssl_ctx = SSL_CTX_new( SSLv3_client_method() );
if( NULL == ssl_ctx )
{
printf( SSL_CTX_new() failed\n );
exit( EXIT_FAILURE );
}
a lighter method?
I do not need any networking in my project, so I'd rather prefer to
create a new SSL_CTX object with a call of SSL_CTX_new( NULL) and
populate it with other methods (if nesessary) later.
Currently it is not a possibility.
I believe such an option could sometimes save some system resources.
Is it complete lunacy?
Please comment.
--
Best regards,
Tony mailto:[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
Is there a programmer's guide to OpenSSL?
Hello openssl-dev, Is there a programmers guide besides the OReilly's Network Security with OpenSSL. Cryptography for Secure Communications. By John Viega, Matt Messier, Pravir Chandra First Edition June 2002 which is OpenSSL v0.96? -- Best regards, Tony mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RSA keys to *.p12 file: How To?
Hello openssl-dev, Is there a way to convert my old SSH-1 style RSA keys into a *.p12 file by means of OpenSSL package? I need to import my already widespread account data into an eToken, which only knows about certs (it cannot import the key directly). -- Best regards, Tony mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re[2]: [patch] make AES-cfb128-encrypt faster by uglifying it
Hello Alex, Friday, May 26, 2006, 9:50:15 AM, you wrote: AD I thought all major compilers have sort of long long, AD didn't them? I'm on QNX4 with Watcom C v10.6B which has neither int_64 nor long long. So, I'm very anxious about not being able to keep my port current after such improvements... AD After all, emulated long long is still only two integer xors as AD opposed to 8 with char. Please, invent it a bit more portable but faster still! -- Best regards, Tony. mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re[4]: [patch] make AES-cfb128-encrypt faster by uglifying it
Hello Brian, Friday, May 26, 2006, 5:55:34 PM, you wrote: BH Can't you use OpenWatcom? It's had long long for some time and BH appears to still support QNX. Indeed it knows QNX4 still. The problem is that OW is not ported to QNX4 yet (and never will, I'm afraid). So it takes to cross-compile on windows. I use this approach for simpler things, but the serious projects do not work as expected if cross-compiled... I do not know why... Thank you for the suggestion. Still, I'd like OpenSSL to be a bit more portable... Currently I'm lacking the sha512 compilable here. It'd be very sad if more and more code should be configured out to have the package done... -- Best regards, Tony.mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re[2]: [openssl.org #1191] [PATCH] Pre-Shared Key Ciphersuites for OpenSSL
Hello Mika, Please excuse me for the offtopic. I'm going to buy Nokia 6680, do you know if Nokia plans to introduce 6680i (i.e. - should I wait a bit or it's safe to buy now) and what version of Opera browser do you ship it with? -- Best regards, Anthony O.Zabelinmailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re[2]: Using bzip2 for openssl.org downloads
Instead of having a flame-war RE 7zip vs bzip vs gzip I'd rather like to hear about the greater portability - I'm on a handycaped unix clone without int64 support. Still I'd like to have sha512 ported... Tony. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL v0.9.8: DTLS and multicasting - will it work?
Hello openssl-dev, When I has asked about securing the UDP traffic - I was told to use DTLS in OpenSSL v0.9.8. The UDP traffic of mine is a multicasting stream actually. Are there any ways to secure the multicasting with DTLS? (I'm looking for UDP/multicast support in the stunnel) -- Best regards, Tony __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
GMP vs BigNum
Hello openssl-dev, Did anyone attepmpt a comparison of the speed in the GMP vs BN? Maintainer of GMP (Torbjorn Granlund) says that his tests show 2~3 times better speed with GMP. Can anyone validate this? If this is indeed the case - why OpenSSL does not use GMP? -- Best regards, Tony mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Crosscompiling v0.9.8: some tests are attempted during make
Hello openssl-dev, I want to try crosscompiling the OpenSSL v0.9.8 on windows box with OpenWATCOM v1.3 targeting for QNX4 (to have SHA-512 there). I notice that during my normal compilation (on QNX4 for QNX4) - the make attempts to run some tests in the middle of the process. I'm afraid that will fail if I crosscompile... Is it really impossible to do? Or I got scared too early? -- Best regards, Anthonymailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
v0.9.8 testsuite (ecdsatest.c): Typo?
Hello! Is it a typo I see on the line 451 of ./test/ecdsatest.c: if (signature); OPENSSL_free(signature); My compiler (Watcom C v10.6B on QNX4) barks at me for the Meaningless use of expression... Tony. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
v0.9.8 cosmetic fixes for portability (QNX4 and Watcom C v10.6B)
Hello openssl-dev, Unless I do the following I get the Meaningless use of exression from the compiler: diff -ru openssl-0.9.8/crypto/bn/bn_recp.c openssl-0.9.8-QNX/crypto/bn/bn_recp.c --- openssl-0.9.8/crypto/bn/bn_recp.c 2005-04-26 22:53:13.0 +0400 +++ openssl-0.9.8-QNX4/crypto/bn/bn_recp.c 2005-07-17 22:44:12.0 +0400 @@ -204,8 +204,10 @@ ret=1; err: BN_CTX_end(ctx); - if(dv) bn_check_top(dv); - if(rem) bn_check_top(rem); + if(dv) + bn_check_top(dv); + if(rem) + bn_check_top(rem); return(ret); } diff -ru openssl-0.9.8/crypto/bn/bn_sqr.c openssl-0.9.8-QNX/crypto/bn/bn_sqr.c --- openssl-0.9.8/crypto/bn/bn_sqr.c2004-03-17 20:36:54.0 +0300 +++ openssl-0.9.8-QNX4/crypto/bn/bn_sqr.c2005-07-17 22:43:40.0 +0400 @@ -148,8 +148,10 @@ if (rr != r) BN_copy(r,rr); ret = 1; err: - if(rr) bn_check_top(rr); - if(tmp) bn_check_top(tmp); + if(rr) + bn_check_top(rr); + if(tmp) + bn_check_top(tmp); BN_CTX_end(ctx); return(ret); } With these (and SHA-512 disabled) - OpenSSL v0.9.8 gets compiled and works OK on QNX4 - many thanks to Mr. Timonin (http://timonin.home.mindspring.com/) for his excellent patches! -- Best regards, Anthony mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
SHA-512 and long long - does SHA-512 depend on it?
Hello openssl-dev, Does SHA-512 depend on int64 support in the tool-chain? If so, are there any plans to make in a bit more portable? Thank you in advance. -- Best regards, Anthony mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re[2]: SHA-512 and long long - does SHA-512 depend on it?
AP As support for platforms narrower than 32-bit is discontinued... Do I face the prospect of not being able to update at all (past some 0.9.9)?! As the more code in the OpenSSL gets updated - the more I'll disable in ./configure? Quite sad... AP How wide-spread the target platform? It is QNX4. Not as usual as windoze, but still very popular for robotics... AP Is SHA512 really required in the context and/or does it really AP worth it? To ensure the interoperability with modern clients on other platforms (SSH.com, OpenSSH) - yes. AP These are kind of question behind reasoning behind not AP really. :( -- Best regards, Anthony mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re[2]: SHA-512 and long long - does SHA-512 depend on it?
Hello Andy, Friday, July 15, 2005, 9:32:10 PM, you wrote: AP Once again, platforms *narrower* than 32-bits are discontinued, in other AP words 16-bit one[s]. Is your platform 16-bit? I find it hard to believe:-) Oh! Yes, now I see the point - *NARROWER*! QNX4 is 32bit OS. The only problem is in the tool-chain (Watcom C v10.6B does not support int64)... AP As far as I understand there is gcc for QNX, so why not use it as more AP feature-rich compiler? I'm afraid it becomes an off-topic here... gcc v2.8 or something, roumors are it is quite buggy... And stale... :( AP Meanwhile ask your vendor to implement long long support :-) :) Indeed! :)) :( OK. Thank you! -- Best regards, Anthonymailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
SSL and UDP traffic
Hello openssl-dev, I need to secure the UDP traffic. I've googled a product called ZeeBeeDee (http://www.winton.org.uk/zebedee/index.html) but it looks kind of stalled... Is there any chance to use the OpenSSL (current or some future version) for securing and tunnelling the UDP traffic? What I need actually is to capture some multicasting stream on a LAN, protect it and deliver it to a host outside of the corporate firewall. Over there I'd like the target machine to not notice anything strange about that stream and be able to join the group as if it were on the corporate LAN... What are the ways to tunnel traffic besides the stunnel (which is TCP-only) and zeebeedee? -- Best regards, Anthonymailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
What is no-hw option?
Hello openssl-dev, What is no-hw in the Configure? Is it hardware? Where can I read on all other options as well? (And no-asm in particular) -- Best regards, Anthony mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
