growing buffers to 34K + 4K, which is a
saving of 44K per connection for the typical case.
The patches are available here:
http://bazaar.launchpad.net/~nagendra/openssl-patches/trunk/files
__
OpenSSL Project
send mail once the patches have been accepted,
most likely within the following week.
nagendra
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev
diff -u -r1.5 pqueue.c
--- crypto/pqueue/pqueue.c 7 Jun 2005 22:21:14 - 1.5
+++ crypto/pqueue/pqueue.c 20 Dec 2005 01:48:27 -
@@ -184,7 +184,7 @@
}
/* check the one last node */
- if ( memcpy(next-priority, prio64be,8) ==0)
+ if (
OpenSSL 0.9.7d 17 Mar 2004
$ openssl ciphers 'RSA+DSS+AES+3DES+SHA1'
AES256-SHA:AES128-SHA:DES-CBC3-SHA
Did the cipherspec format change between 0.9.7 and 0.9.8?
Thanks,
nagendra
__
OpenSSL Project
It turns out that the Version field was omitted from the
HelloVerify message in the internet draft. The document
will be corrected.
nagendra
* nagendra modadugu [EMAIL PROTECTED] [2005-06-08 17:09:40 -0700]:
I think you might have found a bug in the draft document. I'll get back
to you
neutral pq
approcode shortly:-)
That works for me. Though, I'll add that neither pqueue nor DTLS do
anything heavy with PQ_64BIT--the performance gain for the few
platforms that do need the specialized code will be minimal.
nagendra
I think you might have found a bug in the draft document. I'll get back
to you soon. Thanks,
nagendra
* Tigran Gevorgyan via RT [EMAIL PROTECTED] [2005-06-08 22:00:58 +0200]:
Hello,
I apologize if this message appears multiple times.
This is a proposed patch for openssl-0.9.8-beta
I was able to replicate the bug and have attached an
incremental patch--mutual auth should work now. Let me know
how it goes. Thanks,
nagendra
* Prashant Kumar [EMAIL PROTECTED] [2005-05-09 14:03:21 -0700]:
Hello Nagendra,
I tried your DTLS patch with Openssl9.7g on a vxworks platform
Ah, I see. The reason pqueue uses 64-bit integers as the priority
type is that record sequence numbers are 64-bits. I can easily change
the code to make use of a pair of 32-bit integers (given that this
really isn't performance critical code).
nagendra
* Richard Levitte - VMS Whacker [EMAIL
sessions use the same file descriptor for
network I/O.
2) after data is read from the network, data is
passed to the appropriate DTLS session (based on remote
IP address port number) through a mem BIO.
nagendra
/~nagendra/projects/dtls/
I am in the process of putting together an FAQ, so any
questions/comments you may have will be much appreciated.
Thanks,
nagendra
__
OpenSSL Project http://www.openssl.org
Please try again now. It should be available again.
Thanks for looking into it, works now.
nagendra
__
OpenSSL Project http://www.openssl.org
Development Mailing List
I've been trying to access the OpenSSL CVS repository for the
past couple of days (including odd hours), with no success:
$ rsync rsync://dev.openssl.org/openssl-cvs
@ERROR: max connections (20) reached - try again later
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
Is rsync access to the OpenSSL repository unavailable?
$ rsync://dev.openssl.org/
rsync: failed to connect to dev.openssl.org: Connection refused
rsync error: error in socket IO (code 10) at
/SourceCache/rsync/rsync-14/rsync/clientserver.c(93)
In function ssl3_send_client_verify(), the state
is never switched to SSL3_ST_CW_CERT_VRFY_B after
the handshake message is serialized.
It's a fairly minor bug:
*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
l2n3(n,d);
s-init_num=(int)n+4;
In function ssl3_send_certificate_request(), the state
is never switched to SSL3_ST_SW_CERT_REQ_B after
the handshake message is serialized.
It's a fairly minor bug, with a simple fix:
#ifdef NETSCAPE_HANG_BUG
p=(unsigned char *)s-init_buf-data + s-init_num;
/*
Ian Goldberg did some work as part of TopGun
(this is a rather outdated port though):
http://www.isaac.cs.berkeley.edu/pilot/
Also, Palm OS 5.0 is supposed to ship with an
SSL library.
nagendra
* mohanraj venkatesh kumar [EMAIL PROTECTED] [2002-11-27 16:27:54 +]:
Dear Sir,
Iam
I've looked around the web and openssl-dev archives, but am unable to find
information about SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and the related
Microsoft bug that results in jumbo SSL records.
Does anyone have pointers / information about this bug ? Thanks.
nagendra
.
Apache sends all the CA's listed in ca-bundle.crt, which exceeds the 8K
limit and causes the client to barf:
28537:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message
size:s3_both.c:418:
Nagendra Modadugu
[EMAIL PROTECTED
tion should be since there is a name collision here. Does
anyone use the old X509 req format? If it is not used, then the header
file can be updated to map PKCS7 to the iis generated header.
On Sat, 30 Sep 2000, Dr S N Henson wrote:
nagendra wrote:
Hi,
We're generating a CSR
the request.
Does anyone know why IIS generates a PKCS#7 request rather than PKCS#10?
At any rate, openssl should know how to parse PKCS#7 requests created by
IIS. Can anyone shed some light on the problem? Thanks,
Nagendra
EVP_(Encrypt|Decrypt)Init to be called in between. This is wasteful, so I
have modified EVP_EncryptFinal and EVP_DecryptFinal to reset the value of
ctx-buf_len to zero.
Nagendra
diff -urN openssl-0.9.5a/crypto/evp/evp_enc.c openssl-0.9.5a-work/crypto/evp/evp_enc.c
--- openssl-0.9.5a/crypto/evp
depending on
whether the method is client or server. Also client_hello from s2_clnt.c
and s3_clnt hello only attempt a session resume if the
SSL_SESS_CACHE_CLIENT is set.
nagendra
diff -urN openssl-0.9.5a/ssl/s2_clnt.c openssl-0.9.5a-work/ssl/s2_clnt.c
--- openssl-0.9.5a/ssl/s2_clnt.cThu Feb
23 matches
Mail list logo
