Hi ,I am trying to build a non-bsafe version of Openssl. Could anyone just tell me the exact steps I need to follow to do so? From what I understand, Bsafe is now part of Openssl. Which option would help me build Openssl which does not use the Bsafe libraries? Any help is appreciated.
Thanks in a
Hi,
Can I call SSL_library_init multiple times in my code under different
threads? From the documented return values, I conclude that it should
be possible. Can some one confirm it?
Thanks
JB
On Sun, Feb 26, 2006, Dr. Stephen Henson wrote:
> On Sun, Feb 26, 2006, Erwann ABALEA wrote:
>
> > The CA has the possibility to change the name of the issued
> > certificate, by adding a random element (a kind of serial number), but
> > this isn't usually well percieved (the customer always asks
On Sun, Feb 26, 2006, Erwann ABALEA wrote:
> Bonjour,
>
> Hodie IV Kal. Mar. MMVI est, Dr. Stephen Henson scripsit:
> [... about serial numbers ...]
> > Some CAs choose consecutive values, other what look like random values of
> > hashes.
> >
> > One commercial reason for not using consecutive v
On 2/25/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
The preferred interface to all ciphers is EVP.
The reason I am not using the EVP interface was to save space.
Currently OpenSSL is already making my end product way too large so I'm
trying to minimize the code dependancies.
128 bits is fi
Bonjour,
Hodie IV Kal. Mar. MMVI est, Dr. Stephen Henson scripsit:
[... about serial numbers ...]
> Some CAs choose consecutive values, other what look like random values of
> hashes.
>
> One commercial reason for not using consecutive values is that competitors can
> work out how many certificat
On So, 26 Feb 2006, Dr. Stephen Henson wrote:
[example snipped]
> The fairly large random value for serial numbers is designed to avoid that
> situation but still allow the more knowledgeable user to override that.
>
> If you are sure the issuer name and serial number will be unique then you can
Bonjour,
Hodie IV Kal. Mar. MMVI est, Kyle Hamilton scripsit:
[...]
> Can you give me a pointer to the several standards that reflect and
> enforce the issuer name + serial number uniqueness? A more
The X.509 says it all.
>From this standard, a CA is a name (not a key, really a name). That
allo
On Sun, Feb 26, 2006, Georg Lohrer wrote:
>
> As I have hopefully understood setting the serial number of a CA to a
> distinct number like 1 is good practice. From a technical point of view any
> number should as good as another as long as they are unique (as you mentioned
> in your post to Kyle)
On Sun, Feb 26, 2006, Kyle Hamilton wrote:
> On 2/25/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
>
> >
> > It is the combination of issuer name + serial number which must be unique in
> > general: that's enforced by several standards.
> >
> > Certain pieces of software assumes that issuer n
OpenSSL does implement the IDEA algorithm, though, which is still
patented. Thus, it's a very valid question, what the patent status of
each algorithm is, and what the best way to build a noninfringing
version is.
RSA and Diffie-Hellmann are both expired. RC2 and RC4 weren't ever
patented, but R
On 2/25/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
> On Sat, Feb 25, 2006, Kyle Hamilton wrote:
>
> > "serialNumber: A unique positive integer." At least I think.
> >
>
> The type of serialNumber that should be accepted doesn't place any limits on
> the sign.
>
> RFC3280 places restrictions
12 matches
Mail list logo
