The new -CRL, -crl_download and -CRLform options are missing from the usage in
s_client and s_server
(I have not checked for the absence of non-crl related options from the usage)
--
Nick Lewis
nick.le...@usa.g4s.com
+44 1684 277137
www.g4stechnology.com
New Challenge House, International Drive,
- #define FORMAT_HTTP13 /* Dowload using HTTP */
+ #define FORMAT_HTTP13 /* Download using HTTP */
--
Nick Lewis
nick.le...@usa.g4s.com
+44 1684 277137
www.g4stechnology.com
New Challenge House, International Drive, Tewkesbury, Gloucestershire, GL20
8UQ, UK
Please consider
When the pkeyutl application is using the -verify option it always exits with a
value indicating an error even when verifying successfully. Please find below a
patch that addresses this issue. It also modifies a message that is confusing
when dealing with private keys.
(The line numbers for
The openssl application pkeyutl fails if the keytypes -certin and -pubin are
placed in the options list after the -inkey option. The error message does not
indicate the correct reason for the error. The -pkeyopt and -peerkey options
also have similar restrictions but the conditions are checked
With update version i confirm that regression test of a software now
pass with OpenSSL HEAD version.
I still have problem with HEAD regarding check if is for self signed.
This case is not in openssl regression tests ans cannot be reproduced
with openssl command line. Case is when callback
Please find attached below a patch that provides protection against
segmentation faults in the X509v3 extension API
Best Regards
Nick
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index 3146218..9e474c8 100755
--- a/crypto/x509v3/v3_prn.c
+++
Please find attached below a revised patch that provides further protection
against segmentation faults in the X509v3 extension API
Best Regards
Nick
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index 3146218..094861e 100755
---
Please find below a patch that permits a public key file to be produced
directly from a certificate without piping from stdout. The patch also mops up
a couple of bugs in which 'out' is not defined when needed
Nick
---
diff --git a/apps/x509.c b/apps/x509.c
Please find below a patch to add SHA256 and other types of message digest
support to the SubjectKeyidentifier. This functionality is accessed from the
config file by adding an MD name after a semi-colon e.g.
subjectKeyIdentifier=hash;sha256
Best Regards
Nick
diff --git
Please find attached below a patch that adds support for the use of sha256 in
certificate comparisons. It also addresses a problem in which sha1 comparison
was attempted as long as OPENSSL_NO_SHA was absent even when OPENSSL_NO_SHA1
was defined
Best Regards
Nick
diff --git
Roumen
Thank you for looking at the patch and reporting the problem with it. I
apologise that I did not test it properly. The path loop test in the patch
should of course be first whether the issuer is in the chain and only if it is
then whether it is lower than the cert x i.e.
+
When the req -newkey option value is of the form rsa rather than rsa:keylen
the key length of the new rsa key should be taken from the config file. However
req does not generate an rsa key of the correct length (despite displaying the
message Generating a keylen bit RSA private key that
The do_test_cipherlist(void) function in ssltest.c skips some cipher checks in
all methods after the SSLv2_method due to missing resets of the i counter.
Please find a patch below that resolves this bug and also adds support for
TLSv1_1_method and TLSv1_2_method
Best Regards
Nick
Amended patch to avoid need for -f option with -tls1_1 and -tls1_2 options
Best Regards
Nick
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index cebd4e7..1978eeb 100755
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -432,6 +432,12 @@ static void sv_usage(void)
#ifndef OPENSSL_NO_TLS1
With the 20110815 snapshot I am getting a SegFault when trying to use CMAC. The
command I used is as follows:
[root@localhost bin]# ./openssl dgst -mac cmac -macopt cipher:aes128 -macopt
key:IZEASGTBPOIZEASG -c /lorum-ipsum.txt
Segmentation fault
Valgrind reports:
==27337== Invalid read of
I think that the following patch on 20110815 should resolve the segfault and
report the correct algorithm with cmac e.g.
[root@localhost bin]# ./openssl dgst -mac cmac -macopt cipher:aes256 -macopt
key:IZEASGTBPOIZEASGTBPOIZEASGTBPOIZ -c /lorum-ipsum.txt
CMAC-AES-256-CBC(/lorum-ipsum.txt)=
16 matches
Mail list logo