On 11/22/16 2:37 PM, David Woodhouse wrote:
On Tue, 2016-11-22 at 18:29 +, Salz, Rich wrote:
And the locale / character set issue is not relevant here. ASN.1 is
binary, PEM is ASCII.
PEM should be ASCII; in practice it is not necessarily ASCII. There are
several products that produce
> On Mar 11, 2016, at 9:25 AM, H.Merijn Brand via RT wrote:
>
> https://github.com/openssl/openssl/issues/806
>
> Let me take HP-UX 11.11/PA2 as an example.
> Up to and including 1.0.1r, I just unpacked from the
> distributes .tar.gz and ran
>
> $ ./Configure zlib zlib-dynamic no-asm hpux64-pa
> On Mar 7, 2016, at 5:01 AM, Ben Laurie wrote:
>
> On 7 March 2016 at 09:59, Andy Polyakov wrote:
>> Hmm. So why do I see this on my macbook?
>>
>> $ arch
>> i386
>
> Try "uname -m"
This is not reliable. Because it must have changed recently, it used to
> -Original Message-
> From: owner-openssl-...@openssl.org [mailto:owner-openssl-
> d...@openssl.org] On Behalf Of Andy Polyakov
> Sent: Wednesday, September 19, 2012 4:52 PM
> To: openssl-dev@openssl.org
> Subject: Re: winrt random
>
> > I've been porting openssl to run on winrt(metro).
>
> -Original Message-
> From: owner-openssl-...@openssl.org [mailto:owner-openssl-
> d...@openssl.org] On Behalf Of JTrades52
> Sent: Friday, July 13, 2012 11:57 AM
> To: openssl-dev@openssl.org
> Subject: Compile OpenSSL 64-bit Windows 7
>
>
> I'm working on Windows 7 (64bit) using to com
That's a rather old statement. The latest draft of SP 800-131
(http://csrc.nist.gov/publications/drafts/800-131/draft-sp800-131_spd-june2010.pdf)
is a _lot_ more relaxed, and even the early draft referenced at the page below
did not require any changes that would require TLS v1.2. Applications
First, you need to follow the Security Policy exactly. While you can end up
with a module that reports itself as being FIPS validated without following
the policy, you cannot claim that it is the FIPS validated module if you
don't follow the security policy. The fipscanisterbuild needs to be done
The CRL identifies certificates by serial number only; the issuer is
implied. You cannot have a CRL that revokes certificates from more than one
issuing certificate. The only parameter from a certificate to determine if
it is revoked is the serial number. However, it's important to note that a
ce
I'm not convinced this is a problem with making a normal FIPS build,
though. A while back, I compiled openssl-fips-1.2 following the
security policy, then compiled openssl-0.9.8j to make use of the fips
canister built from openssl-fips-1.2 (again, following the security
policy). This was all on S
