Massimiliano Pala wrote:
>
> Hi all,
>
> I've been using the openssl-SNAP-20010126 and I found this strange
> behaviour - possible bug(?) - in crl generation/parsing.
>
> Let me know if this has been fixed in current SNAPs...
>
> Using the "ca -gencrl" command I issued the attached CRL, and
Richard Levitte - VMS Whacker wrote:
>
> I would rather think that one should stress the need for exact time if
> any verification will be done correctly.
It's already mandantory for some PKIs.
> It's pretty tough for
> winblows users, because they are often not educated on this, but if
> it's
Hi all,
I've been using the openssl-SNAP-20010126 and I found this strange
behaviour - possible bug(?) - in crl generation/parsing.
Let me know if this has been fixed in current SNAPs...
Using the "ca -gencrl" command I issued the attached CRL, and when
trying to load it ( openssl crl <13299_cr
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> writes:
>From: [EMAIL PROTECTED] (Peter Gutmann)
>pgut001> Given that (statistically speaking) the client will be a
>pgut001> Windoze box with a time which is more or less random, the use
>pgut001> of absolute timestamps doesn't add much, it woul
On Fri, Feb 09, 2001, Bodo Moeller wrote:
> So maybe we should have just one parameter, 'range'. The loop for
> implementing 'minimum' is easier to implement in the application than
> the addition for implementing 'offset' (BN_cmp() does not require error
> handling, BN_add() does). Even with t
On Thu, Feb 08, 2001 at 08:10:57PM +0100, Richard Levitte - VMS Whacker wrote:
> "Florian Oelmaier" <[EMAIL PROTECTED]>:
I read the RFC very carefully. There is no sentence like "if the client
sends a nonce-extension, the server SHALL reply to it". [...]
>>>
On Fri, Feb 09, 2001 at 05:05:14PM +0100, Ulf Moeller wrote:
>> What about a combined version of BN_rand_range (see below)? Then
>> dsa_ossl.c needs just this:
>>
>> /* Get random k */
>> if (!BN_rand_range(&k, BN_value_one(), dsa->q, NULL)) goto err;
> That's better, but it makes fo
It can be very dangerous to do this
File crypto.h
#define Malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
#define Realloc(addr,num) \
CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
#define Remalloc(addr,num) \
CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LI
On Fri, Feb 09, 2001, Bodo Moeller wrote:
> What about a combined version of BN_rand_range (see below)? Then
> dsa_ossl.c needs just this:
>
> /* Get random k */
> if (!BN_rand_range(&k, BN_value_one(), dsa->q, NULL)) goto err;
That's better, but it makes for a quite confusing inte
Corinne Dive-Reclus wrote:
> So far, the current ENGINE seems good to me. Your choice to hook
> only asymmetric operations seems reasonnable for a SSL implementation.
OpenSSL is not an SSL implementation. That's one of the many things it
does. If your hardware does other stuff, then ideal
Hi
The member 'reference' of X509_STORE is not considered in
X509_STORE_free nor SSL_CTX_set_cert_store ( I assume it is
ignored everywhere if the free function doesn't check it).
Is it possible to fix it???
TIA
Dror
__
O
Hi devs,
in function policy_section() if first policy qualifier is UserNotice memory
isn't allocate for *pol->qualifiers*.
If first is CPS all is OK.
Martin
__
OpenSSL Project http://www.openssl.o
On Fri, Feb 09, 2001 at 12:12:42AM +, Dr S N Henson wrote:
> I realise this is an old thread but it has some interesting implications
> wrt server security policies and the MS SGC bug...
>
> Lutz Jaenicke wrote:
> > - An OpenSSL server (and probably most other servers) will strictly follow th
From: [EMAIL PROTECTED] (Peter Gutmann)
pgut001> Given that (statistically speaking) the client will be a
pgut001> Windoze box with a time which is more or less random, the use
pgut001> of absolute timestamps doesn't add much, it would have been
pgut001> better to use nonces+relative times ("The
14 matches
Mail list logo
