--On Friday, January 11, 2002 3:23 PM +0100 Lutz Jaenicke
<[EMAIL PROTECTED]> wrote:
>> Just switched from 0.9.6 to 0.9.6c on Win32. The same server code worked
>> fine when it came to re-using SSL sessions with 0.9.6. Now, with 0.9.6c,
>> it's no longer capable of re-using. I'm linking dynam
I believe (as this question has been asked before) that FIPS-140 is also
machine/OS specific and would have to performed for every new
version. The fact is, FIPS-140 compliance as it stands now makes little
sense for openssl. It is really proving to be a challenege for a company i
know developing
It depends on what you need. All you know in that case is that the
certificate you have is one of the you do not know how many
certificates signed by the CA. If all you are doing is providing
blind authorization to all members of a group, that is enough.
However, if you are doing pretty much an
On Mon, Jan 07, 2002 at 02:34:02PM -0600, robert wrote:
> Can anyone explain how to use SSL_CTX_set_default_passwd_cb(). The callback takes 4
>params. How and what initialized those params?
http://www.openssl.org/docs/ssl/SSL_CTX_set_default_passwd_cb.html
Lutz
--
Lutz Jaenicke
On Thu, 10 Jan 2002, Carlos mario Ospina Anzola wrote:
> Anybody knows if openssl is FIPS 140-2 compliant?
>
> I want to use it at work, but the law request a cryptographic module that
> should be FIPS 140-2 compliant.
OpenSSL is free software in development, and to obtain a FIPS validation,
som
On Thu, Jan 10, 2002 at 03:14:40PM -0700, Dave Bauch wrote:
> I get undefined symbols errors (dlclose,dlsym & slopen) when linking my application
>with engine-9.6c (or a). The same application links fine with 9.6a "normal". Am I
>missing something. Thanks for the great resource.
These are th
On Thu, Jan 10, 2002 at 05:51:53PM -0500, Rob Beckers wrote:
> Just switched from 0.9.6 to 0.9.6c on Win32. The same server code worked
> fine when it came to re-using SSL sessions with 0.9.6. Now, with 0.9.6c,
> it's no longer capable of re-using. I'm linking dynamically to the lib
> DLLs and
Title: Thread safety using OpenSSL
Hi,
Just a question about thread safety:
Your FAQ states that OpenSSL is thread-safe with limititations: (... an SSL connection may not concurrently be used by multiple threads).
Does this mean you cannot have one thread reading from the ssl session whil
Hello,
I have some problem with my Apache+mod_ssl+mod_perl+mod_php. I
compiled everything, no rpm installation.
I have problem when when I use an authorization
My server configuration:
OpenSSL 0.9.6b
Linux RedHat kernel 2.4.14
gcc version 2.
I get undefined symbols errors (dlclose,dlsym &
slopen) when linking my application with engine-9.6c (or a). The same
application links fine with 9.6a "normal". Am I missing something.
Thanks for the great resource.
Thank your reply and patience =o)
- this *something* is the public key within the certificate.
As I see it, the information is already present through the correlation
between the public and private key.
As of yet there has been no response to this point: Is it not
true that although I may conn
If the DNS is not present as CN, the certificate simply states that the
CA (that I trust) did issue the private key to corresponding to the
public key contained within the certificate. And since the private key
is needed for signing and decryption, is this not security enough for
data transfer?
On Mon, Jan 07, 2002 at 07:50:38PM +0100, Richard Koenning wrote:
> At 18:58 07.01.2002 +0100, you wrote:
> >1) Non-blocking SSL_accept()
> >
> You have to call SSL_accept() repeatedly until it completes successfully or
> delivers an error other than SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
>
Hello,
Anybody knows if openssl is FIPS 140-2 compliant?
I want to use it at work, but the law request a cryptographic module that
should be FIPS 140-2 compliant.
Thanks in advance
Ing. Carlos Mario Ospina Anzola
Administrador del Sistema
Oficial de Seguridad
CERTICAMARA S.A.
I am afraid I still do not quite understand, perhaps because we are
talking about different scenarios. In my case I am also the CA. I
therefor have absolute trust in the privatekey/certificate issued to
both A and B - I do not need to proove to e.g. verisign that I control a
given URL.
Note that
Using the nothrow form of new maybe an idea.
> -Original Message-
> From: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]]
> Sent: 10 January 2002 14:51
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: CRYPTO_malloc_init()
>
>
> From: [EMAIL PROTECTED] (robert)
>
> rob
RFC 2616 describes HTTP/1.1, which is probably more than he needs. HTTP/1.1
is significantly more work to implement than 1.0 (it requires supporting the
chunked transfer-encoding, for example). HTTP/1.0 (RFC 1945) is often a
better choice for little HTTP-based applications.
It wasn't clear to m
Please cc: me an any responses, as I am not subscribed to this list.
openssl appears to require clock synchronization between servers in
order to fully authenticate. Why is this so, and is there any way
to get around it for certain instances?
Thank you in advance for any help.
--adam
___
> Also, do OpenSSL automatically renegotiate symmetric keys every X
> minutes (or Y bytes)?
Automatically via the SSL_BIO (providing you specify time or byte thresholds) or
manually via SSL_renegotiate.
__
OpenSSL Project
Yes, but that also means that there is no security benefit in storing a
DNS name/IP address within the certificate. It is simply redundant, no?
/Jan
On Thu, 2002-01-10 at 15:09, Neff Robert A wrote:
> No, you misunderstand the handshake. B cannot be impersonated by C
> because C does not have
Please excuse this slightly off-topic posting.
People have wondered what I've done over the last 14 months and why
further development on mod_ssl and my engagement in the OpenSSL
and Apache projects had to be slowed down in this time. Most of my
contributions were moved to the silent background.
Hi,
is there a possibility to propagate the (values for) requested
extensions by the CSR to the resulting cert, without
mentioning them in the extension section of the config file
(as long as copy_extensions doesnt work in production
releases)?
Gerd
---
22 matches
Mail list logo
