Hello,
We upgraded to openssl-0.9.7d from 0.9.6c to implement a PKI X509 certificate logon
using openssh (with Roumen's X509 patch). One of the problems we faced was the
disappearance of one of the representation for object X509-12 : "title". As the diff
below shows, there have been some chang
On Fri, Jul 02, 2004, Jack Lloyd wrote:
> On Fri, Jul 02, 2004 at 10:51:52PM +0200, Dr. Stephen Henson wrote:
>
> [...]
> > OpenSSL already supports various private key formats which only use FIPS
> > approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one
> > solution is to
On Fri, Jul 02, 2004 at 10:51:52PM +0200, Dr. Stephen Henson wrote:
[...]
> OpenSSL already supports various private key formats which only use FIPS
> approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one
> solution is to just change the behaviour of PEM_write_PrivateKey()
On Fri, Jul 02, 2004, Marquess, Steve Mr JMLFDC wrote:
>
> Two related patches I posted earlier are for a FIPS specific default
> ciphersuite (ssl_ciph.c) and SHA1 instead of MD5 for PEM passphrases
> (pem_lib.c). Any additional feedback on those would also be greatly
> appreciated; so far I've
Title: Disabling for FIPS mode, take 2
Based on the feedback from several of you, Steve Henson in particular,
I've had another try at a mechanism for disabling non-FIPS algorithms
in FIPS mode. Flag bits in the EVP_CIPHER and EVP_MD structures
indicate the suitability of the algorithm in FIPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ioannis Liverezas told me that:
> I 've studied the engine API and the zencod code and I began coding
> using zencod as an example.
> I 'm not sure if this is the way that things work, but if I 'm right,
> each time the engine needs for example
> to e
On Wed, Jun 30, 2004, Kent Yoder wrote:
> Hi,
>
>I need to set the OAEP padding parameter for some
data I need to encrypt/
> decrypt in order to send to another entity who uses this parameter.
It
> appears that inside OpenSSL, the parameter is hard coded to NULL.
(cry
Geoff Thorpe via RT told me that:
>>OK, attached is a patch against CVS mainline. For me it works in both
>>static and shared versions.
>
> Cool, I'll try to take a look in the next few days.
Getting back to this as I just finished an updated version of the
PadLock engine with support for AES192
Geoff Thorpe via RT told me that:
>>OK, attached is a patch against CVS mainline. For me it works in both
>>static and shared versions.
>
> Cool, I'll try to take a look in the next few days.
Getting back to this as I just finished an updated version of the
PadLock engine with support for AES192,
Hi,
I'm using the s_client command. It is possible to enhance this command to
take in the private cert password as an argument? This would allow
non-interactive scripts to receive the password as an argument and forward
it to the s_client command.
Cheers.
Terence T. Rajah
Sterli
I tried building the latest stable snapshot of OpenSSL 0.9.7 on
Tru64 (aka Digital UNIX, aka OSF/1) on a DEC Alpha system. Output of
"make report" is:
OpenSSL version: 0.9.7e-dev
Last change: Various fixes to s3_pkt.c so alerts are sent properly
Options: --prefix=/usr/users/lc
11 matches
Mail list logo
