Re: Undefined reference to 'FIPS_text_start()'

2012-11-26 Thread Santhosh Kokala
I have seen Dr. Stephen's reply in this thread http://www.mail-archive.com/openssl-users@openssl.org/msg63620.html, that fipsld can be modified as long as it follows rules in the security policy. On 11/26/12 4:30 PM, "Santhosh Kokala" wrote: >Thanks Dr. Stephen and Andy for helping me resolve th

Re: Undefined reference to 'FIPS_text_start()'

2012-11-26 Thread Santhosh Kokala
Thanks Dr. Stephen and Andy for helping me resolve this issue. I modified fipsld script to use gcc for compiling fips_premain.c and it worked. On 11/25/12 1:42 PM, "Andy Polyakov" wrote: >Santhosh Kokala wrote: >> I would really appreciate, if someone helps me with this issue. > >Why not just th

Add WEB cipher suite selector

2012-11-26 Thread Florian Weimer
The attached patch adds a "WEB" entry to the cipher list selection. The idea is that applications can just use that and get a reasonable set of cipher suites, offering a trade-off between security and interoperability. These cipher suites are all certificate-based, so that applications send a

Possible race condition for pkey

2012-11-26 Thread Thomas Eckert
Hi guys, I'm trying to find the source of a deadlock issue concerning apache (2.2.22 with APR-1.4.6) and openssl-1.0.0j. From what I can see I have the exact same situation as in https://issues.apache.org/bugzilla/show_bug.cgi?id=53870 but the patch referenced there (http://cvs.openssl.org/ch

signature verification failed

2012-11-26 Thread bjeanjot
I have hundred of files that have been signed (using BEID) and verified successfully. Nevertheless, I have 1 file that failed on verification (only one) and I do not know why. I even tried to verify it using public tools like 'cryptonit' or 'openssl' But it failed with the following message open

Patch for DJGPP (head)

2012-11-26 Thread Doug Kaufman
The latest tarball for head failed to compile for DJGPP because an include file from the WATT32 distribution (tcp.h), required in the DJGPP build, defines "byte" as "unsigned char". This patch renames "byte" to "byte_ssl" in ssl/ssl_rsa.c to avoid the problem. Otherwise the DJGPP compilation went f