Hi Steve and Krzysztof,
I have not been able to reproduce the same output as openssl. Can you be
more specific how you achieved it?
So x509_name_canon generates the CANONICAL representation of the subject
name, right?
If I understand correctly, after generating the canon encoding I would only
There are ciphers listed in the output of 'openssl list-cipher-commands'
that are not listed in OBJ_sn2nid(), eg 'rmd160'. It would be Really
Nice if the list of ciphers in OBJ_sn2nid() included these aliases as
well.
http://bugs.ntp.org/show_bug.cgi?id=2463
If there is a better way to handle
Openssl behaves differently when printing subject or issuer from request
or from existing certificate in x509. If using x509 there is an extra
space after '=' character.
It can affect scripts that checks whether these fields in request and
certificate match. Moreover when printing serial, the in
In DTLS with peer authentication, cipher-spec can be changed before the
CertificateVerify message is processed leaving the connection in an
unrecoverable state. This situation happens if the CertificateVerify
message is lost or reordered
-Dan
dtls_2958.patch
Description: Binary data
Hi,
It looks like CRYPTO_set_mem_functions() of OpenSSL 1.0.1e does not work in
FIPS 2.0.5: CRYPTO_set_mem_functions() calls indirectly CRYPTO_malloc() which
sets allow_customize = 0; and so CRYPTO_set_mem_functions() does nothing
(just return 0, instead of 1).
Gdb trace with a modified _ssl