: No such file or directory
$ ldd /usr/local/bin/openssl
libssl.so.1.1 => not found
libcrypto.so.1.1 => not found
This behavior differs from the one for version 1.1.0b, where everything
works fine. Is this changed behavior intended?
Thank you!
--
SY, Dmitry Belyavsky
--
opens
notifications from the openssl
> github project to notice them? that's really suboptimal
>
Totally agree.
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
ct to to discuss the cipher and uses.
>
> With Regards,
> Bill
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
n situation
when an application becomes unsupported on a specific version of platform
(e.g. stale version of Android/iOS).
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Dear Kurt,
On Tue, Nov 28, 2017 at 3:25 PM, Kurt Roeckx <k...@roeckx.be> wrote:
> On Mon, Nov 27, 2017 at 07:56:00PM +0300, Dmitry Belyavsky wrote:
> > Here is the link to the draft:
> > https://datatracker.ietf.org/doc/draft-belyavskiy-
> certificate-limitation-policy/
&
enough.
Any feedback is welcome.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hello,
On Fri, Nov 17, 2017 at 2:21 PM, Richard Levitte
wrote:
> Ah, sorry, I didn't read the output properly.
>
> Regarding the STV_PROTECTED warnings, I don't know at all... I did a
> bit of a search and saw that this has been discussed before, a little
> more than a
e away gcc's complaint
> about '-pthread'... I cannot say if that'll fix the rest, I don't
> know Solaris enough.
>
> Cheers,
> Richard
>
> In message <CADqLbzKeQXGaFWGGAz5GyrQP9XGEwjfj2fVTkLN9sRNReJ+kVw@mail.
> gmail.com> on Fri, 17 Nov 2017 11:08:34 +0300, Dmitry Belyavsk
sl
collect2: ld returned 1 exit status
*** Error code 1
What can we do to fix it?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
aven't accepted these patches.
>
> Do you still have them available? We might make a different choice now …
>
Well, as now there are separate structures for key exchange and auth, these
patches seem to have almost no sense.
--
SY, Dmitry Belyavsky
--
openssl-dev mailing li
than s2.
It means (and have been met in practice) that X509_cmp_time() returns other
values than 1/-1.
So it seems reasonable to either update documentation or fix the behavior.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo
Hello,
What is the minimal version of the compiler to build openssl?
Is it still required C89 compatibility or C99 standard can be used?
Unfortunately, I did not find these requirements in documentation.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https
lowon.
>
>
>
> We welcome your input.
>
Will the new architecture still allow engine-defined RNG methods? It's a
critical requirement for our products.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
. In such situations we have either
hardcode number of bits for GOST algorithms or (and it seems better to me)
print the information after the key generation when we have the EVP_PKEY
object and can print the exact value.
What do you think about it?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev
with the OpenSSL team to finalize this work and submit
the patch to upstream?
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
where you can do the work locally. Once you are happy,
> push it back up to your forked Github repo, and then make a pull request
> back to the OpenSSL repo.
>
> There are lots of places you can get information on git and Github; but
> this list isn’t one of them.
> --
> -Todd
Sorry, my fault :(
On Tue, Dec 13, 2016 at 12:11 PM, Matt Caswell <m...@openssl.org> wrote:
>
>
> On 12/12/16 18:11, Dmitry Belyavsky wrote:
> > Dear Matt,
> > Shouldn't the fix also be applied to 1.1.0 branch?
>
> Err, it was?
>
> Matt
>
> >
>
Dear Matt,
Shouldn't the fix also be applied to 1.1.0 branch?
On Mon, Dec 12, 2016 at 3:44 PM, Dmitry Belyavsky <beld...@gmail.com> wrote:
> Hello Matt,
>
> https://github.com/openssl/openssl/pull/2075
>
> On Mon, Dec 12, 2016 at 3:17 PM, Matt Caswell <m...@openssl.or
Hello Matt,
https://github.com/openssl/openssl/pull/2075
On Mon, Dec 12, 2016 at 3:17 PM, Matt Caswell <m...@openssl.org> wrote:
> Could you open that as an issue in GitHub? Or even better a PR to fix it
> ;-)
>
> Thanks
>
> Matt
>
>
> On 12/12/16 12:16,
.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
ed, the documentation gets
> (a little) better, and so on.
>
>
The best solution will be providing a skeleton engine (with a skeleton
Makefile example).
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Dear Richard,
On Thu, Sep 1, 2016 at 5:39 PM, Richard Levitte <levi...@openssl.org> wrote:
> In message <CADqLbzJMH0U_851P+_oHbByyh-gBnNMmYvd7pqz45WHTz0njyw@mail.
> gmail.com> on Thu, 1 Sep 2016 16:06:54 +0300, Dmitry Belyavsky <
> beld...@gmail.com> said:
>
?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hello Richard,
Thank you for clarification!
On Tue, Aug 23, 2016 at 2:53 PM, Richard Levitte <levi...@openssl.org>
wrote:
> In message <CADqLbz+4v0zwnJTzenFtk8yYNqC4YuKinjfDY
> z2_faqhkbj...@mail.gmail.com> on Tue, 23 Aug 2016 14:00:23 +0300, Dmitry
> Belyavsky <
to add new OIDs with new build system?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
gt; > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes
> >
> > works ok.
> >
> > What's done wrong by me?
> >
>
>
> --
> Richard Levitte
> levi...@openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
> Plea
gt; > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes
> >
> > works ok.
> >
> > What's done wrong by me?
> >
>
>
> --
> Richard Levitte
> levi...@openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
> Please log in as guest with password guest if prompted
>
>
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
.
The command line
OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509
-newkey rsa:2048 -keyout key.pem -out req.pem -nodes
works ok.
What's done wrong by me?
--
SY, Dmitry Belyavsky
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
Please log in as guest with password
Thank you very much!
19 авг. 2016 г. 6:47 PM пользователь "Rich Salz via RT"
написал:
> For now we just added a comment to master, 1.0.2, 1.0.1 in the cms.pod and
> smime.pod files:
>
> Note that no revocation check is done for the recipient cert, so if that
> key has been
Thank you very much!
19 авг. 2016 г. 6:47 PM пользователь "Rich Salz via RT"
написал:
> For now we just added a comment to master, 1.0.2, 1.0.1 in the cms.pod and
> smime.pod files:
>
> Note that no revocation check is done for the recipient cert, so if that
> key has been
Nothing in this email will operate to bind 1E to any order or other
> contract.
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545
> Please log in as guest with password guest if prompted
>
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Nothing in this email will operate to bind 1E to any order or other
> contract.
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545
> Please log in as guest with password guest if prompted
>
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta
http://rt.openssl.org/Ticket/Display.html?id=4215
> Please log in as guest with password guest if prompted
>
>
Thank you for clarification!
--
SY, Dmitry Belyavsky
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4215
Please log in as guest with password guest if prompted
-
http://rt.openssl.org/Ticket/Display.html?id=4215
> Please log in as guest with password guest if prompted
>
>
Thank you for clarification!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
have any
> further questions or concerns, please respond to this message.
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4215
> Please log in as guest with password guest if prompted
>
>
--
SY, Dmitry Belyavsky
--
Ticket here: http://rt.openssl.org/Ticket/D
ion
error:crypto/conf/conf_mod.c:221:module=engines, value=engine_section,
retcode=-1
To prevent it, it seems to me that it's necessary to check
whether the value of the variable 'template' does not match the variable
'default_config_file'
as the config file specified in the default_config_file varia
ion
error:crypto/conf/conf_mod.c:221:module=engines, value=engine_section,
retcode=-1
To prevent it, it seems to me that it's necessary to check
whether the value of the variable 'template' does not match the variable
'default_config_file'
as the config file specified in the default_config_file variable
---
> Hello OpenSSL team,
>
> The GOST ciphersuites currently defined are not DTLS-capable.
>
> So it should be fixed in the ssl/s3_lib.c file.
>
> Thank you!
>
> --
> SY, Dmitry Belyavsky
>
>
> -------
---
> Hello OpenSSL team,
>
> The GOST ciphersuites currently defined are not DTLS-capable.
>
> So it should be fixed in the ssl/s3_lib.c file.
>
> Thank you!
>
> --
> SY, Dmitry Belyavsky
>
>
> -------
to the EVP_CIPHER_CTX_rand_key function in case of
decryption? It seems unnecessary for me here, but I am not sure I
understand the whole situation.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Dear John,
On Mon, Mar 21, 2016 at 2:52 PM, John Hunter <zhjw...@gmail.com> wrote:
> Hi Dmitry,
> Thank you for you quick reply.
>
> On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beld...@gmail.com>
> wrote:
> > Hello John,
> >
> > On Mo
n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html
In theory, you are able to register OID/NID via engine.
In practice when we implemented the GOST algorithms we found that sometimes
it causes memory problems.
And anyway, if you provide cipher via an engine, it just allows to use it
in so
Hello OpenSSL team,
The GOST ciphersuites currently defined are not DTLS-capable.
So it should be fixed in the ssl/s3_lib.c file.
Thank you!
--
SY, Dmitry Belyavsky
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4438
Please log in as guest with password guest if prompted
Dear Stephen,
On Fri, Mar 4, 2016 at 4:00 PM, Dr. Stephen Henson <st...@openssl.org>
wrote:
> On Fri, Mar 04, 2016, Dmitry Belyavsky wrote:
>
> > Dear Rich,
> >
> > Is it possible to add a command line option to select hash algorithm used
> > in the PRF
t; Regards,
>
>
>
> Michel.
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
23 Jan 2016 kl. 09.40.19, skrev beld...@gmail.com:
> > >> > > > > Hello,
> > >> > > > >
> > >> > > > > After making the EVP_CIPHER_CTX struct opaque I found that
> there
> > >> > > > > is a
> > >> > > > > mi
23 Jan 2016 kl. 09.40.19, skrev beld...@gmail.com:
> > >> > > > > Hello,
> > >> > > > >
> > >> > > > > After making the EVP_CIPHER_CTX struct opaque I found that
> there
> > >> > > > > is a
> > >> > > > > missin
Dear Richard,
The patch you suggested seems not to break at least self-compatibility for
the smime -enc command.
Is this enough or should I do some more tests?
Thank you!
On Fri, Feb 19, 2016 at 12:40 AM, Dmitry Belyavsky <beld...@gmail.com>
wrote:
> Dear Richard,
>
> Sorry for
t is used in GOST
> > > > > engine
> > > > > when we set the cipher parameters from the ASN1 parameters.
> > > > >
> > > > > Thank you!
> > > > >
> > > >
> > > >
> > > > --
> > >
u!
> >
>
>
> --
> Richard Levitte
> levi...@openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4267
> Please log in as guest with password guest if prompted
>
>
--
SY, Dmitry Belyavsky
--
Ticket here: http://rt.openssl.
u!
> >
>
>
> --
> Richard Levitte
> levi...@openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4267
> Please log in as guest with password guest if prompted
>
>
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Dear Rich,
> Just to emphasize one important point: Our next release is planned to be
> Beta-1, in about a month. After that, no new API's or features will be
> added to OpenSSL 1.1
>
>
If so, could you take a look at RT#4267?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-d
on for why either of these
> techniques can't be exercised in off-tree code.
>
The endianess information could be used in case of cross-compilation.
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
LY
>
> +/* Big or little endian? */
>
> +{- $config{lendian} eq "define" ? "#define" : "#undef" -}
> OPENSSL_LITTLE_ENDIAN
>
>
>
> #undef OPENSSL_UNISTD
>
> #define OPENSSL_UNISTD {- $target{unistd} -}
>
>
>
> --
f" -} I386_ONLY
>
> +/* Big or little endian? */
>
> +{- $config{lendian} eq "define" ? "#define" : "#undef" -}
> OPENSSL_LITTLE_ENDIAN
>
>
>
> #undef OPENSSL_UNISTD
>
> #define OPENSSL_UNISTD {- $target{unistd} -}
>
>
>
> --
' label work correctly?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
rated code on
> stone tablets -- used to be a little more efficient when you did that.)
>
Thank you! I was sure from the ancient times that the 'default' label
should be the last one...
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
openssl source tree can be found in the opensslconf.h file.
>
> No, but that's an excellent idea. Which #define do you need "moved" from
> an existing header file?
>
I need the L_ENDIAN #define.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubsc
Hello OpenSSL Team,
Is the endianess information available in any of installed by the 1.1.0
version *.h files?
All the other necessary for building an algorithms-providing engine outside
of the openssl source tree can be found in the opensslconf.h file.
Thank you!
--
SY, Dmitry Belyavsky
Dear Rich,
On Mon, Jan 25, 2016 at 5:06 PM, Rich Salz via RT <r...@openssl.org> wrote:
> We are working on full IPv6 support and it will appear in the next release.
>
Do you mean 1.1.0?
Thank you!
--
SY, Dmitry Belyavsky
___
openssl
Dear Rich,
On Mon, Jan 25, 2016 at 5:06 PM, Rich Salz via RT <r...@openssl.org> wrote:
> We are working on full IPv6 support and it will appear in the next release.
>
Do you mean 1.1.0?
Thank you!
--
SY, Dmitry Belyavsky
___
openssl
Hello,
After making the EVP_CIPHER_CTX struct opaque I found that there is a
missing non-const accessor to the oiv member. It is used in GOST engine
when we set the cipher parameters from the ASN1 parameters.
Thank you!
--
SY, Dmitry Belyavsky
this option to be processed as string,
not as input.
3. The 'cms' and 'smime' utilities do not accept the '-inform smime'
options. It may be a bug or not a bug (files in SMIME format are accepted)
but it is definitely an incompatibility.
Thank you!
--
SY, Dmitry Belyavsky
diff --git a/apps/req.c b
-cert or -serial
ocsp: Use -help for summary.
This command line worked well in 1.0.2.
Thank you!
--
SY, Dmitry Belyavsky
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs
have changed in 1.1.0. Is it a design decision (and I should
fix tests) or misbehavior?
Thank you!
--
SY, Dmitry Belyavsky
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
The patch is attached.
Thank you!
--
SY, Dmitry Belyavsky
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e3e4fd3..50dbbc5 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3284,7 +3284,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
SSL_GOST12_256,
SSL_TLSV1,
SSL_S
Dear Victor,
On Thu, Dec 24, 2015 at 11:02 AM, Victor Wagner <vi...@wagner.pp.ru> wrote:
> On Thu, 24 Dec 2015 10:45:37 +0300
> Dmitry Belyavsky <beld...@gmail.com> wrote:
>
>
> > >
> > > If there's a new construct whose output size depends on the inpu
providing such a
solution be acceptable?
Thank you!
--
SY, Dmitry Belyavsky
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
of functions to produce
> fixed length (input data indepdendent) results.
>
> If there's a new construct whose output size depends on the input
> data, that probably requires a new family of functions.
>
Well, the gost-mac is treated specially itself and may be it can be
simplified i
dirs] Error 1
make[1]: Leaving directory `/home/beldmit/openssl-1.0.2e/crypto'
make: *** [build_crypto] Error 1
--
SY, Dmitry Belyavsky
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/l
, what is a design policy in places when we have an enumeration of
algorithms?
I supposed that calling the implementation-provided callbacks is a right
way (or at least better then case expressions or chain of ifs)...
Thank you!
--
SY, Dmitry Belyavsky
index dcfb44f..0619507 100644
--- a/ssl
eaks
> > GOST 2012 client auth processing.
> >
>
> This should be fixed by commit aa430c7467bcb7aa0a88
>
It works.
Thank you very much!
--
SY, Dmitry Belyavsky
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
eaks
> > GOST 2012 client auth processing.
> >
>
> This should be fixed by commit aa430c7467bcb7aa0a88
>
It works.
Thank you very much!
--
SY, Dmitry Belyavsky
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
ave the openssl code with 2 variants of such processing that can be
switched by the PBE_UNICODE define.
3. We have a "Russian" variant of specification.
I am interested mostly in compatibility between the openssl implementation
and "Russian" one when the password contains ASCII or Cyrilli
es with the value 0x00.
As I understand the text herein before, there is no ultimate specification.
So I would prefer a set of options be specified by the caller with a
reasonable default value.
But as I do not have enough PKCS#12 from real-life sources, I can't predict
this default value.
Currently
ing
zero byte and passed as the P element of the PBKDF2 algorithm"
The test example was provide by the authors of specification. There are
also examples in the document. May be it will be useful.
--
SY, Dmitry Belyavsky
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
dows
system default.
But in fact the openssl being built without defining the PBE_UNICODE macros
was able to parse the test PKCS12.
Thank you!
--
SY, Dmitry Belyavsky
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
the PBE_UNICODE is undefined and locale is set to
ru_RU.utf8.
Do I miss something or this variable and corresponding #ifdef may be
eliminated?
Thank you!
--
SY, Dmitry Belyavsky
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman
e
> can
> add SSL_TLSV1 to the GOST ciphersuites but that will change the behaviour
> from
> what it was before.
>
Usage of the GOST ciphersuites with the SSLv3 protocol is not specified, so
the change should not affect the GOST-related behaviour.
So I think it will be better for cl
e
> can
> add SSL_TLSV1 to the GOST ciphersuites but that will change the behaviour
> from
> what it was before.
>
Usage of the GOST ciphersuites with the SSLv3 protocol is not specified, so
the change should not affect the GOST-related behaviour.
So I think it will be better for c
Hello!
In the commit 5e3d21fef150f020e2d33439401da8f7e311aa24 you set
the SSL_SSLV3 for the GOST ciphersuites. But the GOST ciphersuites are not
usable with SSLv3, they require TLSv1.
Could you turn the flag back for the GOST ciphersuites?
Thank you!
--
SY, Dmitry Belyavsky
eave these
options possible.
--
SY, Dmitry Belyavsky
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
or directory
The message does not match the documentation and the behavior of the
command does not match the 1.0.2 version.
--
SY, Dmitry Belyavsky
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo
('-in','r')
140737354073768:error:2006D080:BIO routines:BIO_new_file:no such
file:bss_file.c:178:
The patch I attach fixes it.
--
SY, Dmitry Belyavsky
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -138,7 +138,7 @@ int crl2pkcs7_main(int argc, char **argv)
if ((certflst == NULL
Hello,
I found that the openssl ts command in master tries to load config file
twice.
To prevent it, the lines 323-324 should be removed.
The patch is attached.
Thank you!
--
SY, Dmitry Belyavsky
index 237dd01..222ca45 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -320,8 +320,6 @@ int ts_main
; The gost engine I build is from the master.
>
> If I delete the lines
>
> engines = engine_section
> [engine_section]
>
> I get another error:
>
> dgst: Unknown digest md_gost94
> dgst: Use -help for summary.
>
> The behavior seems to be chang
error:
dgst: Unknown digest md_gost94
dgst: Use -help for summary.
The behavior seems to be changed after the commit
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a0a82324f965bbcc4faed4e1ee3fcaf81ea52166
Thank you!
--
SY, Dmitry Belyavsky
ost -md_gost94 -mac hmac -macop
> > key:123456901234567890123456789012
> >
>
> I assume this is on master? I can't reproduce this. Are you using your new
> GOST
> engine or the one currently in master?
>
Yes, it's on master. I think that I use the engine currently in
ost -md_gost94 -mac hmac -macop
> > key:123456901234567890123456789012
> >
>
> I assume this is on master? I can't reproduce this. Are you using your new
> GOST
> engine or the one currently in master?
>
Yes, it's on master. I think that I use the engine currently in
Hello!
Thank you, I can't reproduce it either. Please close the ticket.
Sorry for disturbing.
On Mon, Oct 12, 2015 at 12:39 PM, Dmitry Belyavsky via RT <r...@openssl.org>
wrote:
> Hello Matt,
>
> On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT <r...@openssl.org>
>
Hello!
Thank you, I can't reproduce it either. Please close the ticket.
Sorry for disturbing.
On Mon, Oct 12, 2015 at 12:39 PM, Dmitry Belyavsky via RT <r...@openssl.org>
wrote:
> Hello Matt,
>
> On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT <r...@openssl.org>
>
Dear Kurt,
On Sun, Oct 11, 2015 at 9:13 PM, Kurt Roeckx via RT <r...@openssl.org> wrote:
> On Sun, Oct 11, 2015 at 05:54:16PM +0000, Dmitry Belyavsky via RT wrote:
> > Hello!
> >
> > When I debug, I see that the cipher is forbidden by
> > the ssl_security_
by
the ssl_security_default_callback function because of not enough security
bits.
Is it a bug or feature?
--
SY, Dmitry Belyavsky
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs
Dear Kurt,
On Sun, Oct 11, 2015 at 9:13 PM, Kurt Roeckx via RT <r...@openssl.org> wrote:
> On Sun, Oct 11, 2015 at 05:54:16PM +0000, Dmitry Belyavsky via RT wrote:
> > Hello!
> >
> > When I debug, I see that the cipher is forbidden by
> > the ssl_security_
the
options loop.
I think this can be used in all cmdline utilities accepting algorithm name
from options.
Thank you!
--
SY, Dmitry Belyavsky
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl
of available ciphersuites. In case of
engine-provided algorithms some ciphersuites will be disabled because the
engine providing algorithms is not loaded yet.
The list of ciphersuites is not rebuilded after loading engines. So the
engine-dependent ciphersuites are not available.
--
SY, Dmitry Belyavsky
Dear Matt,
I have some questions.
On Thu, Oct 8, 2015 at 12:32 AM, Matt Caswell <m...@openssl.org> wrote:
>
>
> On 07/10/15 21:44, Dmitry Belyavsky wrote:
> > Dear Matt,
> >
> > On Wed, Oct 7, 2015 at 4:43 PM, Matt Caswell <m...@openssl.org
er(void * args)
{
...
}
static ASYNC_JOB *offload (void *args)
{
ASYNC_JOB *pjob = NULL;
int funcret;
size_t size = 0;
int ret = ASYNC_start_job(, , async_wrapper, args,
*args, size);
if (ret != ASYNC_PAUSE) return NULL;
return pjob;
}
?
Thank you!
--
SY, Dmitry Belyavsky
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
ifferent
> solution for different hardware. These patches do not provide a solution
> to that problem.
>
So I do not understand what you mean by "offload" :-(
I understand that it's an engine-dependent, but I can't imagine a
corresponding pseudo code.
--
SY, Dmitry Bel
Dear Matt,
On Thu, Oct 8, 2015 at 10:06 PM, Matt Caswell <m...@openssl.org> wrote:
>
>
> On 08/10/15 18:56, Dmitry Belyavsky wrote:
>
> > The second problem is entirely engine dependant. It will be a
> different
> > solution for different hardw
1 - 100 of 226 matches
Mail list logo