[openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom The rsa command fails strangely when attempting to use both -passin fd: and -passout fd: together. My code was openssl rsa -passin fd:5 -des3 -passout fd:7 and it was reencoding the key with a bad passphrase. Changing to use the

[openssl.org #11] [PATCH] pkcs#11 engine for openssl-0.9.7b

Contribution to openssl: pkcs#11 engine for openssl 0.9.7b [EMAIL PROTECTED] Bull TrustWay R&D __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTEC

[openssl.org #11] [PATCH] pkcs#11 engine for openssl-engine-0.9.6j

Contribution to openssl: pkcs#11 engine for openssl-engine 0.9.6j [EMAIL PROTECTED] Bull TrustWay R&D __ OpenSSL Project http://www.openssl.org Development Mailing List [EMA

Re: [openssl.org #643] Possible bug in -passin[out] fd:intargument form to openssl rsa

In message <[EMAIL PROTECTED]> on Wed, 11 Jun 2003 09:21:49 +0200 (METDST), "Charles B Cranston via RT" <[EMAIL PROTECTED]> said: rt> rt> Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom rt> rt> The rsa command fails strangely when attempting to use rt> both -passin fd: and -pass

Re: [openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

In message <[EMAIL PROTECTED]> on Wed, 11 Jun 2003 09:21:49 +0200 (METDST), "Charles B Cranston via RT" <[EMAIL PROTECTED]> said: rt> rt> Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom rt> rt> The rsa command fails strangely when attempting to use rt> both -passin fd: and -pas

Re: Blinding breaks engines?

up first in case there are > other bugs or behavioural problems lurking that might have required the > memset in the first place. Should be in CVS shortly, and so the next > nightly snapshots too. I've done some minimal manual testing of openssl-0.9.7-stable-SNAP-20030611 using ub

Re: [openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

In message <[EMAIL PROTECTED]> on Wed, 11 Jun 2003 09:21:49 +0200 (METDST), I ("Charles B Cranston via RT" <[EMAIL PROTECTED]>) said: > Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom > The rsa command fails strangely when attempting to use > both -passin fd: and -passout fd: toge

Re: pkcs#11 engine for openssl newbie question

Hi, I used the joined shell to generate key pair on my crypto hardware, a CSR, and make a self-signed certificate. Regards Afchine Madjlessi - Original Message - From: "Gilad Finkelstein" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 11, 2003 4:21 PM Subject: pkcs#11 en

OpenSSL0.9.7b communication problem with IE6.0

Hi All, (B (BI run SSL test server of OpenSSL0.9.7b by following command (B (Bopenssl s_server -www -cipher "ALL:!RC4:@STRENGH" (B (BI tried to browse this server by IE6.0. (BHowever IE6.0 shows error "cannot display page ". (B (BI capture packets of this commucation. (BServerHello was co

Re: OpenSSL0.9.7b communication problem with IE6.0

On Wed, Jun 11, 2003 at 11:53:04PM +0900, [EMAIL PROTECTED] wrote: > I run SSL test server of OpenSSL0.9.7b by following command > > openssl s_server -www -cipher "ALL:!RC4:@STRENGH" > > I tried to browse this server by IE6.0. > However IE6.0 shows error "cannot display page ". > > I capture pac

Re: OpenSSL0.9.7b communication problem with IE6.0

Thank you!! Your suggestion is correct. I could solve this problem. IE6.0 displayed following page with 3DES cipher-suite. //Mas -- s_server -cipher ALL:!RC4:@STRENGTH -www -bugs Ciphers supported in s_server binary TLSv1/SSLv3:EDH-RSA-DES-CBC3-SHA TLSv1/SSLv3:EDH-DSS-DES-CBC3-

[openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

[EMAIL PROTECTED] - Wed Jun 11 09:21:46 2003]: > Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom > > The rsa command fails strangely when attempting to use > both -passin fd: and -passout fd: together. My code was > > openssl rsa -passin fd:5 -des3 -passout fd:7 > > and it was

[openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

I just committed a change, which will appear in tomorrow's snapshots. Thanks for the report. Ticket resolved. [levitte - Wed Jun 11 20:16:02 2003]: > [EMAIL PROTECTED] - Wed Jun 11 09:21:46 2003]: > > > Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom > > > > The rsa command fa

[openssl.org #634] [PATCH] bogus links to des_modes.7

Patch applied and committed. Thank you. Ticket resolved. [EMAIL PROTECTED] - Sun Jun 1 16:35:09 2003]: > I've noticed that openssl installs the man page des_modes.7 and makes > three links to it called Modes.7, of.7, and DES.7 (because the title is > "Modes of DES"). > > To fix this, I have

Re: [openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

Richard Levitte via RT wrote: > I've figured it out. The problem only occurs when the first passphrase > is longer than the second. In your example, you will see that the > output key (tpk.pem) really is protected with the passphrase > "baaa" (5 bs followed by 7 as). Thanks, I would NEVE

[openssl.org #633] Request

I've no idea. I think you should ask in the Apache mailing lists, not here. I'm resolving this ticket. [EMAIL PROTECTED] - Fri May 30 09:17:48 2003]: > hi, > For Apache version 2.0.42 (web server) which version > of openssl is compatible > Please kindly help me on this > > from > athma > > _

[openssl.org #629] Custom error handling

I've implemented ERR_set_mark() and ERR_pop_to_mark(), which can be used for similar functionality. I'll look into ERR_disable() and ERR_enable() as well, but that requires quite a lot more work. If the implemented functions are enough for you for now, I'll resolve this ticket. [EMAIL PROTECTED

[openssl.org #624] [BUG] SMIME decrypt fails when encrypted file size is 9383 bytes

Is this resolved? [steve - Tue Jun 3 02:00:41 2003]: > I've tried this on the latest 0.9.7-stable version and it fails with a > base64 decoding error. > > The cause is that the base64 BIO is rather broken as I discovered when > I > attempted to run some exhaustive non-blocking I/O tests on it

[openssl.org #617] bug in x509_trs.c (openssl-0.9.7b)

[EMAIL PROTECTED] - Fri May 16 12:54:13 2003]: > Hi All, > > The X509_TRUST_OBJECT_SIGN, which is defined in crypto/x509/x509.h, is not > included in the trstandard table defined in crypto/x509/x509_trs.c. The > number of trust options and the number of entries and their order in this > table sh

[openssl.org #617] bug in x509_trs.c (openssl-0.9.7b)

I've added ean entry for X509_TRUST_OBJECT_SIGN in trstandard[]. Please test tomorrow's snapshot. [EMAIL PROTECTED] - Fri May 16 12:54:13 2003]: > Hi All, > > The X509_TRUST_OBJECT_SIGN, which is defined in crypto/x509/x509.h, is >not > included in the trstandard table defined in crypto/x5

Re: [openssl.org #629] Custom error handling

Ok. Is there a new release soon? I would like to have it implemented (ERR_disable/ERR_enable) by next release, I have no problem doing it, just want to know if I have time to do it. Frédéric Giudicelli http://www.newpki.org - Original Message - From: "Richard Levitte via RT" <[EMAIL PRO

Re: [openssl.org #629] Custom error handling

In message <[EMAIL PROTECTED]> on Wed, 11 Jun 2003 23:52:17 +0200, Frédéric Giudicelli <[EMAIL PROTECTED]> said: groups> Ok. groups> Is there a new release soon? I would like to have it implemented groups> (ERR_disable/ERR_enable) by next release, I have no problem doing it, just groups> want to

Re: [openssl.org #629] Custom error handling

Ok, I'll wait for you to tell me when the update on the error handling will be done, I'll take it from there. Frédéric Giudicelli http://www.newpki.org - Original Message - From: "Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thurs

Re: [openssl.org #629] Custom error handling

In message <[EMAIL PROTECTED]> on Thu, 12 Jun 2003 00:22:28 +0200, Frédéric Giudicelli <[EMAIL PROTECTED]> said: groups> Ok, I'll wait for you to tell me when the update on the error groups> handling will be done, I'll take it from there. If you mean to ask for when the new functions ERR_set_mar

Re: [PATCH] NetWare Support for OpenSSL 0.9.7

In message <[EMAIL PROTECTED]> on Wed, 11 Jun 2003 10:43:03 -0600, "Verdon Walker" <[EMAIL PROTECTED]> said: VWalker> I have also applied the patch to the latest 0.9.8 development VWalker> snapshot. It applies (with the exception of changes to VWalker> "hw_aep.c" which does not exist in the 0.9.8

[openssl.org #595] DSO with global symbols

Patch applied and committed to 0.9.8-dev. Thanks. Ticket resolved. -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [

[openssl.org #595] Status Changed to: resolved

//www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=595 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager

[openssl.org #595] Ticket Resolved

According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. __ OpenSSL Project http://www.openssl.org Development Mailing

[openssl.org #593] hw_zencod.h typo

Patch applied and committed. Thanks. Ticket resolved. [EMAIL PROTECTED] - Thu Apr 24 18:41:01 2003]: > managment -> management > > i diffed against openssl-0.9.7a. > jmc. > > --- demos/engines/zencod/hw_zencod.h Tue Aug 13 14:26:40 2002 > +++ hw_zencod.h.new Thu Apr 24 13:

[openssl.org #592] Problems building OpenSSL with SunOS 5.5.1

I fixed this a while ago. Ticket resolved. [EMAIL PROTECTED] - Tue Apr 22 13:02:44 2003]: > Hi *, > > I have just tried to build openssl-SNAP-20030421 on > a Solaris box and got an error (see below). Note: > this error does not occur in 0.9.7. > > Regards, > Nils > > > OpenSSL self-test rep

[openssl.org #585] build fixes for openssl-0.9.7b on SunOS-4

I've addressed all three concerns with small changes. Please try tomorrow's 0.9.7 snapshot, and report a bug report if you find them. Ticket resolved. [EMAIL PROTECTED] - Thu Apr 17 19:20:13 2003]: > Hi, > > sorry, another issue, that seems not to be cleanly handled > (for more info about pla

[openssl.org #584] typo in openssl-0.9.6g

Corrected. Thanks. Ticket resolved. [EMAIL PROTECTED] - Thu Apr 17 19:18:35 2003]: > Hi! > > openssl-0.9.6g/bugs/SSLv3:non-self-sighed CA which does not have it's > CA in netscape, and the > openssl-0.9.6g/doc/ssl/SSL_CTX_set_options.pod:non-self-sighed CA > which does not have it's CA in net

[openssl.org #11] Fw: trustway pkcs11 engine for openssl

I've added the two latest contributions to http://www.openssl.org/contrib/. -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #11] Fw: trustway pkcs11 engine for openssl

And oh, it might be interesting to port this to use the new STORE type in 0.9.8-dev, which supports key generation... [levitte - Thu Jun 12 03:27:57 2003]: > I've added the two latest contributions to > http://www.openssl.org/contrib/. -- Richard Levitte [EMAIL PROTECTED]

Should I search OCSP response signer in X509_STORE ?

(B (B (B (BHi,all (B  (BI am studying the verifying of the OCSP response in Openssl v0.9.7b. (BI find in the ocsp_find_signer() in ocsp_vfy.c , there is no search in the (BX509 STORE for the signer certificate of the ocsp response. (B(there is comment says  /* Maybe lookup from store if