WinCE is no longer supported.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3498
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi,
>> About random numbers generation, see that (still open) discussion and
>> suggestions...:
>> https://www.mail-archive.com/openssl-dev@openssl.org/msg36812.html
>
> But that's only relevant for standard windows desktop and neither for
> WCE nor for windows phone, isn't it? At le
dnesday, November 12, 2014 07:02
To: openssl-dev@openssl.org
Subject: Re: AW: [openssl.org #3598] Windows Phone & OpenSSL.
Le 12 nov. 2014 à 14:41, "stefan.n...@t-online.de" a
écrit :
Hello,
I think that my patched version for WCE should work for windows phone :
https:
: Re: AW: [openssl.org #3598] Windows Phone & OpenSSL.
Le 12 nov. 2014 à 14:41, "stefan.n...@t-online.de" a
écrit :
> Hello,
>
>> I think that my patched version for WCE should work for windows phone :
>> https://www.mail-archive.com/openssl-dev@opens
Le 12 nov. 2014 à 14:41, "stefan.n...@t-online.de" a
écrit :
> Hello,
>
>> I think that my patched version for WCE should work for windows phone :
>> https://www.mail-archive.com/openssl-dev@openssl.org/msg35958.html
>
> Mostly (probably) yes, however (see my patch), I don't think th
Hello,
> I think that my patched version for WCE should work for windows phone :
> https://www.mail-archive.com/openssl-dev@openssl.org/msg35958.html
Mostly (probably) yes, however (see my patch), I don't think the random
number generation used for WCE works for Windows Phone and I reall
Confirmed. This one compiles without a warning.
Thanks -- Matthias Kraft
-Ursprüngliche Nachricht-
Von: Kurt Roeckx via RT [mailto:r...@openssl.org]
Gesendet: Freitag, 7. November 2014 21:55
An: Kraft, Matthias
Cc: openssl-dev@openssl.org
Betreff: Re: [openssl.org #3593] [BUG] 0.9.8 head
Hi,
> This is fixed post-1.0.2, where the message says "any supported digest"
> See https://github.com/akamai/openssl/tree/rsalz-monolith for a preview.
Sorry to say something you apparently don't want to hear (for completely
understandable reasons), but as much as I appreciate getti
Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
> -Original Message-
> From: owner-openssl-...@openssl.org [mailto:owner-openssl-
> d...@openssl.org] On Behalf Of Pierre DELAAGE
> Sent: Thursday, August 21, 2014 6:05 AM
> To: openssl-dev@openssl.org
>
Hi all,
I just wanted to state the fact, that we maintain openssl for os/2 also
on a seperate svn, as we did include some fixes which are not in the
openssl trunk.
We would like to have them in the trunk, but we always thought no one
could even look at them.
And of course removing all os/2 stu
Hi,
> There are 70 files that have OS2 in them, for a total of 130 instances.
Strange. Here, I obtain:
> grep -r OS2 * | wc -l
52
> grep -r OS2 * | sed "s/\([^:]*\)\:.*/\1/" | uniq | wc -l
22
i.e. 22 files with a total of 52 instances.
Did I miss something, or did you happen to count the
Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
> -Original Message-
> From: owner-openssl-...@openssl.org [mailto:owner-openssl-
> d...@openssl.org] On Behalf Of Pierre DELAAGE
> Sent: Thursday, August 21, 2014 6:05 AM
> To: openssl-dev@openssl.org
>
Dear All,
At least for WCE, I can say that with this patch:
https://www.mail-archive.com/openssl-dev@openssl.org/msg35958.html
which is W32 compatible and NOT WCE specific,
and consists of only one typedef (which is highly clarifying the code
ALSO for win32) and one CAST error (cast error that S
> Does anyone want to speak up for the requirement that we continue to support
> BEOS (apparently B/1 and R5?), OS/2, or pre-Windows MSDOS?
Which timeframe do we look at? E.g. if 1.0.2 is released this year and it's
successor
where OS/2 support is removed maybe 2-3 years later (say beginning
On Wed, Jun 04, 2014 at 09:14:18AM +1000, Peter Waltenberg wrote:
>
> This is NOT the Linux kernel, the Linux kernel is directly funded by
> several of the larger companies, they have employees contributing directly
> on the kernel, with access to internal hardware resources.
Yes, and I'm saying
shhooks than the obvious, export
compliance is the obvious problem, but there are other issues, trust for
example.
Peter
From: "Theodore Ts'o"
To: openssl-dev@openssl.org
Date: 04/06/2014 12:18 AM
Subject:Re: AW: Which platforms will be supported in t
I don't disagree (or I certainly don't disagree completely) with anything
that has been said so far. But I think it's easy to assign disproportionate
angst to this or that problem.
For example, and that's all this is, but one of the most serious issues I
think we have in the openssl code is that m
> especially Stephen Henson, who has kept it together in much the same way as
> Keith Richards did the Stones.
With no disrespect intended to either man, I have to say that this is an
analogy that never would have occurred to me in a million years.
/r$
--
Principal Security Engineer
On Tue, Jun 3, 2014 at 7:10 AM, Theodore Ts'o wrote:
> There's a very simple solution to that problem, especially since we
> now have the support and attention of many hardware companies. The
> rule should be very simple. If a company doesn't contribute either
> (a) exclusive, dedicated hardwar
On Tue, Jun 03, 2014 at 02:22:07PM +1000, Peter Waltenberg wrote:
>
> One of the uglier problems is that unless you can build/test on all the
> platforms on each change you'll almost certainly break platforms
> unexpectedly - that lack of hardware has been one of the long term problems
> and it's
Ts'o"
To: openssl-dev@openssl.org
Date: 03/06/2014 12:55 PM
Subject:Re: AW: Which platforms will be supported in the future on
which platforms will be removed?
Sent by:owner-openssl-...@openssl.org
On Tue, Jun 03, 2014 at 12:20:17PM +1000, Peter Walte
On Tue, Jun 03, 2014 at 12:20:17PM +1000, Peter Waltenberg wrote:
> (c) EBCDIC.
>
> z/OS is still alive. I'll concede that one is weird and hard to get hold
> of, but it has a lot of users still.
z/OS supports ASCII, and UTF-8, and has its own conversion routines
built into the system. So it's
7;live' platform.
Peter
From: "Theodore Ts'o"
To: openssl-dev@openssl.org
Date: 03/06/2014 12:01 PM
Subject:Re: AW: Which platforms will be supported in the future on
which platforms will be removed?
Sent by:owner-openssl-...@openssl.o
On Tue, Jun 03, 2014 at 11:22:58AM +1000, Peter Waltenberg wrote:
>
> I won't argue that sometimes legacy support makes the code hard to read,
> but in itself I don't think it's causing bugs.
The OpenBSD people are right here. If it's hard to read, then we
don't have many eyeballs on the code.
eodore Ts'o"
To: openssl-dev@openssl.org
Date: 03/06/2014 02:30 AM
Subject:Re: AW: Which platforms will be supported in the future on
which platforms will be removed?
Sent by:owner-openssl-...@openssl.org
On Mon, Jun 02, 2014 at 03:38:22PM +0200, stefan.
On Mon, Jun 02, 2014 at 03:38:22PM +0200, stefan.n...@t-online.de wrote:
> * How much do you gain by removing support for the platform?
>
> Is there any relevant amount of code, that is really NT/2000/XP specific
> and unneeded for newer Windows releases? Breaking the support for
> the ancient pla
Hi,
> > Which platforms are deprecaded an could/should be removed in the
> > sourcecode?
> > MS-DOS?
> > Windows 16 Bit?
> > OS/2?
> > Windows 95/98/ME?
> > Windows NT/2000/XP?
>
> Necessary criteria for a platform to be included in the first list would be:
> * Currency, i.e. a platfo
Hi,
> I just noted that the latest openssl 1.0.2 beta1 version was released
> before the heartbleed bug became public and is thus vulnerable.
(snipp)
> Can the openssl devs create a new beta2 version that includes the
> heartbleed fix?
Quoting from the security advisory (see
https://www
misbehave, I'll deal with it if and when the tests for 'erasure' fail - and be able to be sure I've 'fixed' the feature.Peter-owner-openssl-...@openssl.org wrote: -To: openssl-dev@openssl.orgFrom: Vladimir Zatsepin Sent by: owner-openssl-...@openssl.orgDate: 04/
Hi,
Personally I use this function
void* secure_memset(void *ptr, unsigned char c, size_t size)
{
unsigned char *tmp = (unsigned char *) ptr;
if(!tmp)
return NULL;
while(size > 0)
{
*tmp++ = c;
size--;
}
return ptr;
}
It is not too fa
On 4/15/14 10:33 AM, stefan.n...@t-online.de wrote:
Hi,
I have "checked" the current source code of 'crpyto/mem.c' and I'm a
little bit suprised that no memset()-calls are made before the free_*()
functions are entered. I think a "zeroing" of the previous used memory
is a good solut
Hi,
> I have "checked" the current source code of 'crpyto/mem.c' and I'm a
> little bit suprised that no memset()-calls are made before the free_*()
> functions are entered. I think a "zeroing" of the previous used memory
> is a good solutions to beware for accessing old memory content.
> You're still playing "my security level is bigger than yours".
> There is no benefit in excluding RC4-SHA1 from the default list.
> When servers support stronger algorithms, those will be negotiated.
But that is only true as long as there is no new attack which succesfully
downgrades the cipher
Hi,
the fix works!
Thanks
Carsten
-Ursprüngliche Nachricht-
Von: Andy Polyakov via RT [mailto:r...@openssl.org]
Gesendet: Donnerstag, 3. Oktober 2013 10:52
An: Lührs, Carsten
Cc: openssl-dev@openssl.org
Betreff: Re: [openssl.org #3130] Bug report: Compilation of 1.0.2 fails on
Solaris
The problem is the used perl version, asm/../../perlasm/sparcv9_modes.pl does
not work with perl 5.8 but it does with 5.10, so a require 5.10 should be
included.
-Ursprüngliche Nachricht-
Von: The default queue via RT [mailto:r...@openssl.org]
Gesendet: Mittwoch, 18. September 2013 15:4
Hi,
thank you, this solves the problem. But why does SSL_library_init() not load
all algorithms? Are there any export restrictions?
Thanks,
Dominic
Dominic Wollner
Dipl.-Inf. (FH)
Development & Research Linux
IGEL Technology - The world’s mos
>> how come it's not required in all other perlasm modules?
> errors do also occure in other perlasm modules, but i'am running this
> configure command without asm support which avoids calling other
> perlasm modules?
>
> perl Configure debug-VC-WIN64A no-asm --prefix=x64/debug
>
> I have two pe
Thank you for your quick response.
> how come it's not required in all other perlasm modules?
errors do also occure in other perlasm modules, but i'am running this configure
command without asm support
which avoids calling other perlasm modules?
perl Configure debug-VC-WIN64A no-asm --prefix=x6
Dear Frank,
thank you for the information. I am working for a German IT security
company, which implemented a rich set of tools for the nPA or ePass,
respectively. I am currently writing a set of totally free tools to decode
and display CV certificates (CVCA, DVCA, and Authentication Terminal).
T
Greetings,
I forgot to list the version. Version is 0.9.8l
- Matthias Meixner
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Aut
Do you have an estimation when a stable version of 0.9.8 will be released?
Thomas
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Auftrag von Nils Larsch
> Gesendet: Dienstag, 8. März 2005 10:32
> An: openssl-dev@openssl.org
> Betreff: Re: The breaking of
Hi All
I am very sorry but it seems that I made a big mistake - I was testing a
file which had been played around with by someone unknown to myself and
for some reason the correct free() routines had been replaced. I am
sorry for any inconvenience - please close this case.
Regards
Mark Butcher
For an official statement you may ask the BSI (GISA, German Information
Security Agency) for that topic. They support the use of open-source
software in the gouvernment and administration an may be can tell something
more about vulnerabilities of that kind.
Best regards
Thomas Beckmann
> -U
> There is more reliable way. For example.
>
> h = GetProcessWindowStation();
> if (h==NULL) fatal error; /* or return "runs as service" */
> if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,NULL,&len) ||
> GetLastError() != ERROR_INSUFFICIENT_BUFFER)
>fatal error; /* or return "runs a
Hi,
someone asked for a function to determine if a Win32 exe is running
as a NT service?
Use svccheck.c and svccheck.h, just call:
if (IsService(EXENAME_SERVICES,EXENAME_WINLOGON,SYSTEM_SID))
{
...
}
If you are running your service on a different account than the well
known SYSTEM_SID, which is
--Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Jeffrey Altman
Gesendet: Samstag, 9. August 2003 17:48
An: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Betreff: Re: AW: BUG: CreateToolhelp32Snapshot, check if running as NT
service
Ingo:
Thanks for the fun
At 11:28 11/08/03 +0200, you wrote:
>Hi,
>
>to make things clear, how to check if a Win32 exe is currently running
>as a NT service:
>1.) Check if the SID (security ID) of the current process is "S-1-5-18",
>i.e. the so called LOCALSYSTEM account. This changes if you configure
>your service (in the
Ingo:
In other words, this test cannot work in all cases based upon the
knowledge of the OpenSSL developers because the account under which the
program executes is determined by the local system administrator OR the
application developer.
All three of these tests would fail for my use of OpenS
> to make things clear, how to check if a Win32 exe is currently running
> as a NT service:
> 1.) Check if the SID (security ID) of the current process is "S-1-5-18",
> i.e. the so called LOCALSYSTEM account. This changes if you configure
> your service (in the services control panel) to run on a d
chricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Richard Levitte -
VMS Whacker
Gesendet: Sonntag, 10. August 2003 11:39
An: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Betreff: Re: AW: AW: BUG: CreateToolhelp32Snapshot, check if running as
NT service
In message <[EMAIL PR
In message <[EMAIL PROTECTED]> on Sun, 10 Aug 2003 02:25:38 +0200, "Ingo A. Kubbilun"
<[EMAIL PROTECTED]> said:
ingo> Jeff:
ingo>
ingo> In fact, it is sufficient to call the supplied function as described in
ingo> my last mail: IsService(EXENAME_SERVICES,EXENAME_WINLOGON,SYSTEM_SID)
ingo> The th
Ingo:
Thanks for the function. Can you provide a complete blackbox solution
that is simply
BOOL IsService(void)
Please keep in mind that within the RAND_poll() function we have no
input from the application as to the service name, logon session or
account. All of that information would n
Hi,
sorry, forgot two 'strupr' calls. Please use attached versions.
Rgs, Ingo.
svccheck.zip
Description: Zip compressed data
On Mon, 13 Jan 2003, Megele, Martin wrote:
> > On Fri, 10 Jan 2003, Tim Rice wrote:
> > > On Fri, 10 Jan 2003, Megele, Martin via RT wrote:
> > >
> > > > Undefined first referenced
> > > > symbol in file
> > > > strcasecmp
> On Fri, 10 Jan 2003, Tim Rice wrote:
> > On Fri, 10 Jan 2003, Megele, Martin via RT wrote:
> >
> > > Undefined first referenced
> > > symbol in file
> > > strcasecmp ca.o
> >
> > Try adding -lresolv
> >
> > > ftime
> -Urspr> üngliche Nachricht-
> Von: Lutz Jaenicke via RT [SMTP:[EMAIL PROTECTED]]
> Gesendet am: Donnerstag, 14. November 2002 12:15
> An: Giessmann, Ernstg
> Cc: [EMAIL PROTECTED]
> Betreff: [openssl.org #333] x509.pod
>
>
> [[EMAIL PROTECTED] - Thu Nov 14 11:47:20 2002]:
>
Im using OpenSSL Version 0.9.6.d. The lines which are allready in
check_pem() returns 1 if you are Loading a "CERTIFICATE" (PEM_STRING_X509)
for "TRUSTED CERTIFICATE".
In the "normal" pem_read funktion the requested type is set to "CERTIFICATE"
in file pem_all.c
IMPLEMENT_PEM_rw(X509, X509, PEM
Hi all,
you can get past this problem by linking your application statically
and using something like the LD-mapfile feature of Sun's ld to declare
all symbols local but the one's needed to interface with iPlanet.
harvey
> -Ursprungliche Nachricht-
> Von: Steven Bade [mailto:[EMAIL PROT
Hi,
this message indicates that no valid cc license was found.
Use gcc instead or obtain a valid license from Compaq.
Cheers
harvey
> -Ursprüngliche Nachricht-
> Von: Erwann ABALEA [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 5. April 2002 08:20
> An: [EMAIL PROTECTED]
> Bet
Yes, it is. Look in demos/maurice and read doc.
Regards, Vadim Tarassov.
-Ursprüngliche Nachricht-
Von: Valery [mailto:[EMAIL PROTECTED]]
Gesendet am: Montag, 25. März 2002 08:59
An: [EMAIL PROTECTED]
Betreff: Encrypt Decrypt please, help!
Hello, All!
I faced the following problem.
1.
Coronel Persk wrote:
>
> Ive heard that putting these two files into one reduces its security to
> zero since Im sending my private key together. Is that true?
>
Including your *CA certificate* private key does indeed reduce the CA
security to zero.
However if you want mozilla to be able to us
sorry if these questions seem to dump.
Thanks again.
Wiliian Persk
>From: Tarassov Vadim <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>Subject: AW: AW:
>Date: Fri, 18 Jan 2002 12:50:47 +0100
>
>Ha
t;No".
Regards, Vadim Tarassov.
-Ursprüngliche Nachricht-
Von: Coronel Persk [mailto:[EMAIL PROTECTED]]
Gesendet am: Freitag, 18. Januar 2002 12:00
An: [EMAIL PROTECTED]
Betreff: Re: AW:
I´ve heard that putting these two files into one reduces its security to
zero since I´m se
CTED]'" <[EMAIL PROTECTED]>
>Subject: AW:
>Date: Thu, 17 Jan 2002 15:42:59 +0100
>
>Hallo Willian
>
>if you don't have anything against using PKCS12, try to collect your DER
>encrypted certificates into PKCS12 keystore. The way it could work
>1) using opens
Hallo Willian
if you don't have anything against using PKCS12, try to collect your DER encrypted
certificates into PKCS12 keystore. The way it could work
1) using openssl convert DER to PEM (use openssl x509 help to get info on required
args).
2) cut files you got in previous step into one si
"Steven A. Bade" wrote:
>
> I believe recently 2 individuals posted something about having
> implemented PKCS#11 support for some level of tokens.
We have had PKCS#11 support with SSLeay and OpenSSL since 1998.
as part of the Globus Project(tm) http://www.globus.org
The RSA structure was ext
Hi Douglas,
Thanks for this - I will start looking through this shortly. Can I ask if you've
given thought to licensing issues - can this code be released in OpenSSL under
the OpenSSL licensing (with no additional restrictions? If not, I suspect we'd
have to work out a way to late-bind everything
As part of the Globus project, we added support for PKCS#11 to OPenSSL. We have used
the Windows DLLs provided with the IButton, GemPlus, and Schlumber. We also
tested the Lintronic SDK on Solaris. Should work with the IButton on unix as well.
The GSI implements a GSSAPI on top of SSL. Certifica
> Which version of OpenSSL and what errors do you get? If you follow the
> instructions in INSTALL.W32 it should work without any problems. Unless
> something nasty has been introduced with Win2K :-(
OpenSSL compiles fine with VC6.0 under W2k.
Michael
___
[EMAIL PROTECTED] wrote:
>
> Ok, I guess we figured it out. First: the encoding used by verisign and openssl
> is correct. Second: The SEQUENCE tag will even be missing if more than one
> GeneralName is encoded in the distributionPointName.fullName. At least it is
> using the snacc ASN.1 compiler
Ok, I guess we figured it out. First: the encoding used by verisign and openssl
is correct. Second: The SEQUENCE tag will even be missing if more than one
GeneralName is encoded in the distributionPointName.fullName. At least it is
using the snacc ASN.1 compiler. From the specs we deduce that the
[EMAIL PROTECTED] wrote:
>
> Rich is right. A recursive trial-and-error is the way to go. It should be
> combined with extension checking.
>
> It´s sad that Openssl discards keyusage restrictions and other extensions, as
> they are definitely not there for being discarded.
>
[description of ex
Rich is right. A recursive trial-and-error is the way to go. It should be
combined with extension checking.
It´s sad that Openssl discards keyusage restrictions and other extensions, as
they are definitely not there for being discarded.
If KeyUsage would be obeyed during certificate verification
> As such, I would like to isolate all of the
> extraneous Unix include files and IO. I
> would also like to pare down as much of the
> code as possible to shrink the object size.
Look in the mail archives (use www.openssl.org for directions) for a
thread about "Small Footprint" a couple of wee
74 matches
Mail list logo