Dan Kegel wrote:
I'm adding SSL support to my app, and am finding it
tedious, partly because of having to figure out how
OpenSSL supports nonblocking sockets.
demo/state_machine/state_machine.c is better than nothing,
but it waves its hands a fair bit,
Which bits are hand-wavy?
and
"Reddie, Steven" wrote:
I've been doing this outside of work. I'll post some patches soon (within
the next week if I get the time). The biggest problem with Windows CE is
that there's no C runtime library,
You have to be kidding!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Steve Quirk wrote:
The currently shipping OS X (public beta) comes with 0.9.5a installed.
One can make the assumption that Apple plans on taking care of
compatibility/support going forward.
I haven't tried it, but installing 0.9.6 should be straightforward.
('configure make')
As it
Robert Sandilands wrote:
I think I have completed incorporating Rijndael into OpenSSL upto
integration with the EVP... functions. How would you prefer to receive
the changes I made? diff -c??
diff -u, ideally.
Should I try to integrate it into the SSL code?
Let's get your stuff
SSL Porter wrote:
Is anybody porting this library to the PalmOS? I managed to get v0.9.5c to
successfully compile for the Palm but was then unable to install the
resulting prc file as it was too big.
Patches for 0.9.6 would be nice - what you might try doing is disabling
the algorithms you
I just discovered that GNU ranlib is the same as "ar s", and, what's
more, according to the man pages, once its been run once on a library it
never needs to be run again, coz ar automatically updates it. Arranging
for this to happen is a substantial boost to build speed - I guess
simply doing it
Richard Levitte - VMS Whacker wrote:
From: Ben Laurie [EMAIL PROTECTED]
ben I just discovered that GNU ranlib is the same as "ar s", and, what's
ben more, according to the man pages, once its been run once on a library it
ben never needs to be run again, coz ar automatical
Richard Levitte - VMS Whacker wrote:
From: Richard Levitte - VMS Whacker [EMAIL PROTECTED]
levitte ben obj_dat.h: objects.h objects.txt obj_mac.h
levitte ben perl obj_dat.pl objects.h obj_dat.h
levitte ben
[...]
levitte From what I can see quickly, you've got the action for obj_dat.h
Richard Levitte - VMS Whacker wrote:
From: Ben Laurie [EMAIL PROTECTED]
ben Aha. Well, this comment in obj_dat.h is a bit misleading:
ben
ben /* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
ben * following command:
ben * perl obj_dat.pl objects.h obj_dat.h
ben
Richard Levitte - VMS Whacker wrote:
From: Ben Laurie [EMAIL PROTECTED]
ben Also, why not autobuild in crypto/objects instead of requiring a make
ben update? Seems to work fine for me (though it may happen at the wrong
ben moment, currently).
I don't recall the exact discussion we had
What's the deal with this object stuff in crypto/objects? Rebuilding the
headers according to the instructions in them seems to have completely
broken, err, something, as well as deleting loads of entries.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe 2000?
Richard Levitte - VMS Whacker wrote:
From: Ben Laurie [EMAIL PROTECTED]
ben What's the deal with this object stuff in crypto/objects?
ben Rebuilding the headers according to the instructions in them
ben seems to have completely broken, err, something, as well as
ben deleting loads
Richard Levitte - VMS Whacker wrote:
I'm wondering... Currently, we run ranlib on libcrypto.a from each
Makefile.ssl through the crypto/ directory tree. And then again when
installing it. Is that really necessary? On most system I'm
compiling on, ranlib on libcrypto.a takes a noticeable
Richard Levitte - VMS Whacker wrote:
From: Ben Laurie [EMAIL PROTECTED]
ben If I rebuild obj_mac.h (and the other autobuilt one, forget the name
ben right now), then it loses lots of stuff, exactly what is readily
ben apparent by doing a cvs diff...
obj_dat.num? Anyway, obj_mac.h
Richard Levitte - VMS Whacker wrote:
From: Ben Laurie [EMAIL PROTECTED]
ben Lots of stuff internal to OpenSSL builds with the uninstalled version.
I may not understand the exact effects of using ranlib, and even more
the effects of not using it. As far as I've understood, ranlib has
Geoff Thorpe wrote:
Hi there
On Thu, 5 Oct 2000, Joseph J. Tardo wrote:
I've been playing with the ENGINE release on freebsd 3.2 attempting to add
support for new hardware.
cool, is it stuff you are able to contribute back in by any chance? :-)
[snip]
I'm about ready to
Richard Levitte - VMS Whacker wrote:
From: Rich Salz [EMAIL PROTECTED]
Subject: Re: Object identifiers and ASN.1 syntax
Date: Tue, 03 Oct 2000 14:43:05 -0400
Message-ID: [EMAIL PROTECTED]
rsalz One can see definitions like this:
rsalz
rsalz { iso standard 8571
Ben Laurie wrote:
What I'm trying to figure out is how I will best get together all the
information from reading a number of ASN.1 modules. I'm wondering for
example how "standard" is defined. Is it something like this?
standard OBJECT IDENTIFIER :
Rich Salz wrote:
One can see definitions like this:
{ iso standard 8571 abstract-syntax (2) }
The names aren't flat. To find out the number for "standard", you
ask iso. To find out the number of abstract-syntax, you ask the entity
that maintains "8571" (you might have to ask
Ulf Moeller wrote:
On Tue, Oct 03, 2000, Tom Biggs wrote:
I have so many questions, but this one is most pressing -
Is there a reasonable upper limit on the size in bits of a BN?
For various HW reasons we were hoping we could cap BNs
at 4096 bits for ModExp functions and the like.
Splash is something I wrote a while back, after inspiration struck
during the opening plenary of ApacheCon 2000 (in Orlando). I've been
meaning to release it for ages, but I've been held back by the lack of a
good testbed.
For some strange reason, several people have converged on me desiring
[EMAIL PROTECTED] wrote:
I'm not really sure whether this qualifies as -dev or -users, since its
code related, but..oh well, I flipped a coin and you guys won (lost?) the
toss.
Back story:
I have a 128bit (SGC enabled) key from verisign, running under Apache
using mod_ssl and the
"Eric S. Raymond" wrote:
Uwe Zeisberger [EMAIL PROTECTED]:
So I wish, you can implement EGD Support for fetchmail
I don't know how. Can you point me at any resources?
Mutt also does use EGD to get random data.
see mutt-1.2.5/imap/imap_ssl.c in current tar-file
I've had some time to start looking at the engine code, and the first
thing I notice is that the various engines fill in the functions they
don't provide by getting hold of the "standard" engine, and copying them
across. It seems to me that this isn't very future-proof - what we
really want is
Richard Levitte - VMS Whacker wrote:
From: Jeffrey Altman [EMAIL PROTECTED]
jaltman It appears that someone decided to replace function
jaltman declarations from 0.9.5 with macros in 0.9.6.
Ah, the pletora of stack functions.
jaltman This should never be done, in fact no public APIs
[EMAIL PROTECTED] wrote:
Ben,
would you please say more details about the state_machine? such as where i can find
the package including it, and what is the package's name.
You can find it in demos/state_machine, like I said, in the latest
OpenSSL snapshot.
Cheers,
Ben.
--
Ulf Möller wrote:
We have set up a mailing list to discuss implementation and test
vectors for the Yarrow PRNG. (The subscription info is at the end of
this message, in the hope that the list software won't complain about
the s-word this time. :)
Our Yarrow implementation is available
Richard Levitte - VMS Whacker wrote:
From: amanda [EMAIL PROTECTED]
amanda The domain openssl.org now belongs to a US company (Red Hat),
amanda so you could say that the project has already moved, to
amanda "enemy" territory!
Say *what*? How about checking the facts before you blurt
[EMAIL PROTECTED] wrote:
As I keep saying, this is not my concern, it is the potential
restriction on _future_ use of OpenSSL by U.S. citizens that concerns
me.
Could you please explain this? Are you saying that new rules might say
"and if it had any US source it's doulby-illegal?" I
I've just been for a long walk, a drink in the pub, and some deep
thinking.
I've decided that, although I am correct[1], I don't care. The whole
point of all this EAR shit is to spread FUD. I'm not going to play.
OpenSSL can be subject to EAR, and if that has evil consequences in the
future,
Jeffrey Altman wrote:
Jeffrey Altman wrote:
Jeffrey Altman wrote:
Also, if you want to get something is writing from BXA itself you
can request a written opinion from them as to whether or not the
concerns of the OpenSSL developers are valid. If you have a
Rich Salz wrote:
??? Crypto export was once legal, surely? If we go back far enough, that
is.
Sure. And if you could travel back in time, you could export.
If you did something at time t0 that was legal, and the law was changed at t1
to make it illegal, then you're okay. At t1, you
Richard Levitte - VMS Whacker wrote:
From: Ian Upright [EMAIL PROTECTED]
ian-list What is the advantage of a named socket? Why not just use
ian-list an ordinary TCP/IP socket?
Port space. What random port do you want to allocate today? With
named pipes, they are represented in form
Rich Salz wrote:
but the heaviest point is that we can't seem to
get any guarantee against effects of future changes of those same
regulations.
Perhaps because the illegality of such "retroactive" actions is a fundamental
part of our legal framework? If it's legal now, it can be
Jeffrey Altman wrote:
Jeffrey Altman wrote:
Also, if you want to get something is writing from BXA itself you
can request a written opinion from them as to whether or not the
concerns of the OpenSSL developers are valid. If you have a written
letter from BXA stating that
Geoff Thorpe wrote:
Hi Bill,
I thought the build and test environments were just "supposed to work". It
seems to me that they should. If nothing else, you might consider
distributing OpenSSL with sample random data for the purpose of testing.
Putting some junk in the RANDFILE file
--
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe 2000? http://apachecon.com/
Hi -
I put together an RPM spec file for OpenSSL. Perhaps you might include
it in the next distribution, for those who want an easy build option.
--
-bwb
Richard Levitte - VMS Whacker wrote:
From: Ben Laurie [EMAIL PROTECTED]
Just for everyone's info, that spec file will not work with the
snapshots since last friday, because the shared library building part
has been changed in an incompatible way.
Since I deal with RedHat anyway
Geoff Thorpe wrote:
On Fri, 30 Jun 2000, Ben Laurie wrote:
The point about using the user time is that it works when the machine is
loaded. I agree about hardware accelerators - my thought when testing
the Atalla is that we should provide two figures, a real-time and a
user-time one
Richard Levitte - VMS Whacker wrote:
I wonder, why is struct tms prefered in apps/speed.c? The reason I
ask is that it doesn't give accurate time, especially hardware
accelerators (see the BRANCH_engine branch) are used (user time
becomes *really* short then :-)). What exactly do we want
Tom Sedge wrote:
Hi there,
Please ignore me if you're tired of WTLS requests ;-)
I notice WTLS support in OpenSSL has been discussed once or twice.
I saw that Ben Laurie intended to look into the issues last November.
Have any conclusions been reached?
Nope - but your thoughts
Dr Stephen Henson wrote:
Anyway can you give more specific details of the problem you've hit?
I'm told it doesn't work properly with IE5...
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe 2000? http://apachecon.com/
Jean-Marc Desperrier wrote:
Ben Laurie wrote:
The bug is in MS - they are encoding a top-bit-set number without
inserting a leading zero, so OpenSSL (correctly) sees it as negative.
The output of openssl x509 is not very explicit.
It probably should fail, instead of diplaying
Tom Zerucha wrote:
I had SSLeay 0.9's crypto portion ported (basically PilotSSLeay plus
more algorithms). This using gcc.
It required a lot of patches so is not a clean set of just compiler
options or such, and didn't do SSL since I am using it for OpenPGP.
OpenSSL 0.9.1c worked more
Oi! This has nothing to do with OpenSSL development - take it elsewhere.
Cheers,
Ben.
[EMAIL PROTECTED] wrote:
Angelo -
Thank you for your reply! Yes, I did try it with nslookup, and the addresses
resolve normally. I thoroughly checked the DNS aspect using 'snoop.' What I
found is
This should not be posted to -dev.
Cheers,
Ben.
Tatsuya Yoshida wrote:
Hello:
I am testing CRL check behaviors using apache_1.3.12 plus mod_ssl-2.6.4
plus openssl-0.9.5a.
I have tested three CRLs issued by three different CAs: Windows2000
Enterprise CA,CMS4.1 and another CA.
Although
Phillip Porch wrote:
Ben, after some trial and error and help from Richard Levitte in getting
on the right track, I found the problem that kept openssl (current
cvs) from compiling with the native compiler.
The problem is with the crypto/evp/evp_locl.h file
#define
Richard Levitte - VMS Whacker wrote:
From: Ben Laurie [EMAIL PROTECTED]
ben Interesting ... that code has not actually changed in living memory (OK,
ben I added a "const" two lines before), so it is curious that it suddenly
ben causes a problem. Anyway, I tot
Dr Stephen Henson wrote:
Ben Laurie wrote:
Interesting ... that code has not actually changed in living memory (OK,
I added a "const" two lines before), so it is curious that it suddenly
causes a problem. Anyway, I totally agree that the ## is not needed.
Erm I create
Richard Levitte - VMS Whacker wrote:
I just found a very intricate little bug in a project I work with:
ASN1_UTCTIME_print() wouldn't be declared, even if I included bio.h
before asn1.h (in asn1.h, a check is done on the existence of
HEADER_BIO_H to declare that function, among others). I
I've been asked to integrate another hardware accelerator ... this one
does symmetric ciphers, too ... one of its features is that it works
better if given more than one block at a time. The obvious way to handle
this is to modify the EVP_CIPHER to include a blocking factor (or chunk
size or
Ben Laurie wrote:
I've been asked to integrate another hardware accelerator ... this one
does symmetric ciphers, too ... one of its features is that it works
better if given more than one block at a time. The obvious way to handle
this is to modify the EVP_CIPHER to include a blocking
Trevor Dimond wrote:
OK.
a) this was not meant to be a trick question! OpenSSL has a CA function that
signs certificates and CRL's with a soft token typically held on the host
where OpenSSL is running. What I would like to do is to secure the token on
a Hardware Security Module (HSM)
Bodo Moeller wrote:
Function ssl2_read, formerly known as SSL2_read and (via a #define in
0.6.6b) also as SSL_read, in file ssl/s2_pkt.c contains the following
confusing code and comment:
/* If a 0 byte packet was sent, return 0, otherwise
* we play havoc
Denny Lee wrote:
Hi there,
Is there a relatively easy way for me to obtain the SSL session ID via
Perl/CGI ? I wanted to refer to that session id to help me validate the
user that is logging into the web site. Any help will be greatly
appreciated - including being told that I don't
OK! A _real_ legal opinion!
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER: http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe? http://ApacheCon.Com/
On Wed, 15 March 2000, Ben Laurie wrote:
The claim is that should OpenSSL (a UK/German/ex
Rajeev Chawla wrote:
Hi,
I am writing a non-blocking server using openssl 0.9.5.
I noticed that this version added support for a hardware
accelerator - compaq's atalla card. I am interested
in using this accelerator with my non-blocking server.
However, I see a problem - it breaks the
Jack Kabat wrote:
Steve,
We have been expanding capabilities of our ASN.1 parser as our needs grow.
Considerable enhancements and support for much broader ASN.1 constructs have
been added. We are in the process of packaging this and making an updated
version available for anyone
Bodo Moeller wrote:
Ben Laurie [EMAIL PROTECTED]:
I'm pretty damn confident it won't break the release, being as it is all
new code. It may not work itself, but it shouldn't touch anything that
exists already! OK, its barely possible it might cause compile problems.
It would
Tom Schaefer wrote:
OK, SO NOW YOU GOT US HOOKED. WE LIKE FREE SOFTWARE. WE LIKE IT WHEN
IT WORKS. WE LIKE YOUR SOFTWARE WHEN IT WORKS.
But it's damn frustrating when we post a query to your lists and no
one from your development group responds to the problems we're having
and no one
I know I shouldn't have left this until now, but I'd quite like to
commit this change I've accidentally left lying around, which allows a
certificate age check:
Index: apps/x509.c
===
RCS file: /e/openssl/cvs/openssl/apps/x509.c,v
Richard Levitte - VMS Whacker wrote:
ben I know I shouldn't have left this until now, but I'd quite like to
ben commit this change I've accidentally left lying around, which allows a
ben certificate age check:
I can't tell you what to do, but I'd prefer if you didn't before the
release.
Dr Stephen Henson wrote:
Ben Laurie wrote:
Richard Levitte - VMS Whacker wrote:
ben I know I shouldn't have left this until now, but I'd quite like to
ben commit this change I've accidentally left lying around, which allows a
ben certificate age check:
I can't tell you
Ulf Möller wrote:
On Sun, Feb 27, 2000 at 06:37:57PM +0100, Richard Levitte - VMS Whacker wrote:
I can't tell you what to do, but I'd prefer if you didn't before the
release. Your call.
Me too. Or else delay the release for a day or two so it can be tested
on all those compilers.
Dr Stephen Henson wrote:
Ben Laurie wrote:
Richard Levitte - VMS Whacker wrote:
ben I know I shouldn't have left this until now, but I'd quite like to
ben commit this change I've accidentally left lying around, which allows a
ben certificate age check:
I can't tell you
Dr Stephen Henson wrote:
Jean-Marc Desperrier wrote:
There's a problem with this solution. If you need another ASN1_STRING
equivalent STACK_OF such as ASN1_IA5STRING you get a conflict because
the structure STACK_ASN1_STRING gets declared twice.
If IA5STRING used a typedef instead of a
Yoram Meroz wrote:
Since moving from the 02-20 to the 02-21 snapshots, I've been consistently
unable to connect to www.apache-ssl.org or www.rsasecurity.com .
www.verisign.com and www.buy.com work fine. Since I am one of very few
working with the mac build, I'd like some confirmation as to
[EMAIL PROTECTED] wrote:
People wrote
It would be really nice to take advantage of Apache's multiple virtual
domain capability in conjunction with SSL and have a certificate that
didn't cause a 'Certificate Name Check' dialog to pop up on every
connection for domains other than the
[EMAIL PROTECTED] wrote:
Add support for Compaq Atalla crypto accelerator.
Now this is looking rather interesting - but wich
of their crypto accelerators is it - there seems to
be several at http://www.tandem.com/iBase.asp?PAGE=iAtalla
It should be any, but the one I tested on was an
"Hellan,Kim KHE" wrote:
Officially I don't think so.
But check out http://www.columbia.edu/~ariel/ssleay/...
which is the most comprehensive documentation I have found so far.
Actually, Ulf, Bodo and Steve have been doing great work on docco
lately. Check the latest snapshots.
Cheers,
This code is used to calculate an offset from UTC:
offset=((str[1]-'0')*10+(str[2]-'0'))*60;
offset+=(str[3]-'0')*10+(str[4]-'0');
if (*str == '-')
offset= -offset;
which, unless I'm losing it, calculates the offset in
Dr Stephen Henson wrote:
Is there any circumstances where the environment isn't safe? I believe
extra privs are normally needed to read another users processes
environment.
ps on Linux shows environments, but not being a Linux expert, I couldn't
say how that access is controlled.
Cheers,
Ulf Möller wrote:
What are those casts good for? Free() should take a void* argument anyway.
Yep. Another evil cast to seek out and destroy.
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
Y19100 no-prize winner!
Ulf Möller wrote:
BN_mod_mult_montgomery() first does a full multiplication, then a
Montgomery reduction. Would the speedup for RSA etc be significant
if we changed that?
I think you are misinterpreting the code!
Hm, I haven't read the paper cited in the source, but if you have
Ulf Möller wrote:
BN_mod_mult_montgomery() first does a full multiplication, then a
Montgomery reduction. Would the speedup for RSA etc be significant
if we changed that?
I think you are misinterpreting the code!
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER!
Richard Levitte - VMS Whacker wrote:
4. Have the caller tuck the parameter in a union that will represent
function pointers as well as other pointers, and pass that union
by value.
5. Have the caller tuck the parameter in a union that will represent
function pointers as
Richard Levitte - VMS Whacker wrote:
The easiest way to avoid the conversions noted above is to have a
union like this:
union foo {
void *simple;
int (*fn)();
};
and use it internally. You put whatever char * you want to convert to
a
"Salz, Rich" wrote:
Why pass a reference? C has been able to passreturn aggregate types since
v7 :)
Good point.
only way to do this validly is to make the functions
actually take a foo* as their argument, surely?
Yes you must do that.
I'll bet in most cases you can make the foo
Bodo Moeller wrote:
Lutz Jaenicke [EMAIL PROTECTED]:
[...]
This patch enhances the SSL/TLS cipher mechanism to correctly handle
the TLS 56bit ciphers. Without this patch the 56bit ciphers can be enabled,
but the sorting is wrong (visible in client mode, since the first cipher
the
Dr Stephen Henson wrote:
Ben Laurie wrote:
Dr Stephen Henson wrote:
Christian Buysschaert wrote:
Hello Bertie,
Thanks for providing this patch!
I've been testing it but have been unsuccessful in getting it
to work. I'll provide my setup here perhaps
Richard Levitte - VMS Whacker wrote:
rene.eberhard It't also easy to use C++ objects in a C code.
Oh? How so? Is that portable?
Yes. But boring...
extern "C" {
void *newThing()
{
return new Thing;
}
void thingMethod(void *thing_,int x)
{
Thing
Matthias Loepfe wrote:
Hi again,
Does really NOBODY has anything to say about the following? Shouldn't the server
try to always choose the best available cipher?
Why is DES-CBC3-SHA better than RC4-MD5?
Cheers,
Ben.
regards
Matthias
Matthias Loepfe wrote:
Hi
I have
Creed Millman wrote:
What if each country's government were to act as CAs? To me this seems the
most logical solution. They already issue passports, driver's licenses,
etc., - why not digital certificates? This would also tie in well with
Massimiliano Pala's vision: "Indeed I see
Massimiliano Pala wrote:
Erik Aronesty wrote:
After the Verisign acquisition of Thawte, there remain few signing authorities who
will perform services for a
reasonable fee.
Maybe the OpenSSL group should launch a new not-for-profit application
verification and certificate signing
"HONG,ONON (HP-Cupertino,ex1)" wrote:
Mark, Steve Barbar,
Attached is Joanne's email regarding the administrative issues of
cyptography for secure Apache.
I'll wager you didn't mean to send this to the OpenSSL list, but since
you did, I'd note that Joanne does not appear to be addressing
ciate any bug report, comment etc.
- This patch should be included into the OpenSSL source for the
next release.
For details, please check the appended README.
This patch was partly inspired by Ben Laurie in private communication.
How's the procedure to integrate such a pa
"BIXBY,MARK (HP-Cupertino,ex1)" wrote:
Hi openssl-dev,
I've successfully ported openssl-0.9.4 to the HP MPE/iX OS. See attached
for my diffs.
Please let me know if the patch is acceptable or if you'd like me to rework
anything.
Sigh. I guess I have to ask this. Are you from the US?
Dr Stephen Henson wrote:
Ben Laurie wrote:
Just noticed:
make test ends with:
test sslv3 with server authentication
server authentication
depth=1 error=24 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA
(1024 bit)
ERROR in CLIENT
26942:error:14090086:SSL
Geoff Thorpe wrote:
As a side note (again, I'll elaborate if anyone gives a hoot) there are
some cool ways to avoid (or lessen) candidate bias whether using
sequential or arithmetic sequences that still allow you to do fast
low-prime sieves on large blocks rather than one at a time.
Clifford Heath wrote:
Clifford Heath wrote:
You simply need to increase the number of rounds of primality testing,
say, double it. That doubles the cost, and each extra round approximately
halves the chance of getting a non-prime.
No, adding one round halves the chance.
Isn't
Geoff Thorpe wrote:
There's a couple of people on this list who are also involved rather
heavily with Apache ... how do the licenses stand up to "code-sharing" of
that sort ... and if the answer is "badly", is there an alternative we
could pull in rather than leaving this as-is or having to
Geoff Thorpe wrote:
Hi there,
On Fri, 26 Nov 1999, Mark Shuttleworth wrote:
Hi all
We have a customer project that requires the rapid generation of RSA
keys and figure OpenSSL would be good.
Is there any documentation on how to maximize the security of the key
generation in
"Rene G. Eberhard" wrote:
Mark
Hiya
I don't really understand the math, but it seems to me that it finds
prime candidates then tests them for primeness. Is there a way to make
it test even more rigorously?
As much as I know RSA p and q are not strong primes.
In rsa_gen.c where
Clifford Heath wrote:
Mark Shuttleworth wrote:
I don't really understand the math, but it seems to me that it finds
prime candidates then tests them for primeness. Is there a way to make
it test even more rigorously?
And Ben Laurie answered:
In short, probably. But that tends
[EMAIL PROTECTED] wrote:
Well, it cannot do that for you.
X509_NAME_ENTRY_free() receives the pointer and has write access to change
the place to which the pointer is pointing, it however cannot manipulate
the pointer itself, which is defined in the calling function.
This would only
Chris Ridd wrote:
Hi,
The DN string returned from the X509_NAME_oneline function has a
peculiar and non-standard format. (And undocumented too.)
I have some diffs which will turn it into the RFC 1779 format, as a
compile time option.
Would they be of any interest? Or should there be
Richard Levitte - VMS Whacker wrote:
From: [EMAIL PROTECTED] (Bodo Moeller)
Bodo_Moeller Proposal: Turn SOME_STRUCTURE_init into a macro that
Bodo_Moeller calls SOME_STRUCTURE_init_internal with the same
Bodo_Moeller arguments plus an additional one that contains the
Bodo_Moeller version
Holger Reif wrote:
Sean Walker schrieb:
We are writing both client and server applications
and so have complete control over the design. What would be a good means
of generating a "session based" key?
Perhaps you should ask for a better definition of "session based" first.
I believe
Massimiliano Pala wrote:
Hi all,
I am in search of the following references. Does anybody know where them can
be found?
ISO/IEC 8824-1:1995: Information technology - Abstract Syntax
Notation One (ASN.1) -- Specification of basic notation. 1995
Haha. Prepare to be
"Wade L. Scholine" wrote:
-Original Message-
From: Roger Bodén [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 11, 1999 8:27 AM
To: [EMAIL PROTECTED]
Subject: SSL Cipher Suites
Hello,
Is there a complete list of the SSLv3/TLSv1 cipher suites openssl
supports?
401 - 500 of 636 matches
Mail list logo