Does anyone know if or will SSLv3/TLS renegotiation SV issue
[CVE-2009-3555] impact this OpenSSL release - openssl-0.9.7g ?
My take is that it will and I just want to search for confirmation.
I sent out to openssl-cvs and openssl-dev but seems not response.
Anyone input will be appreciated.
Hello,
I'm somewhat new to OpenSSL and a few days ago I created
a CA and created an selfsigned certificate, which is intended to
use it with apache.
After installing that CA cert to my Trusted Root Certification
Authorities, I saw two certification in my Personal Cert Store on
Windows 7.
See
testing an ocsp query to a local openssl ocsp 'server',
openssl ocsp \
-issuer /svr/demoCA/certs/CA/CA.cert.pem \
-cert /svr/demoCA/certs/domains/testdomain.cert.pem \
-url http://localhost: \
-resp_text
i get what seems to be a successful response of good CertStatus,
OCSP Response
On Tuesday 23 March 2010 18:40:58 Dr. Stephen Henson wrote:
On Tue, Mar 23, 2010, Eisenacher, Patrick wrote:
Hi Steve,
-Original Message-
From: Dr. Stephen Henson
There are two automatic trust models for OCSP responder
certificates. One is the CA key that signed the
Hello, I am having an issue compiling OpenSSL 0.9.8m on my:
vSphere powered Sun Solaris 10 x86 currently with Openssl 0.9.7d.
When running ./config I get no errors.
When running make, make test and make install I get no errors.
However, when running /usr/local/ssl/openssl version I get a return of
I guess it's a linker problem. Try ldd $openssl-bin and see against what lib
your openssl is linked. Try setting LD_LIBRARY_PATH instead
Ivan
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jones, Eric CIV SRF 1236
Sent:
On Tue, Mar 23, 2010, PGNet Dev wrote:
testing an ocsp query to a local openssl ocsp 'server',
openssl ocsp \
-issuer /svr/demoCA/certs/CA/CA.cert.pem \
-cert /svr/demoCA/certs/domains/testdomain.cert.pem \
-url http://localhost: \
-resp_text
i get what seems to be a successful
On Wed, Mar 24, 2010, Rob Stradling wrote:
On Tuesday 23 March 2010 18:40:58 Dr. Stephen Henson wrote:
On Tue, Mar 23, 2010, Eisenacher, Patrick wrote:
Hi Steve,
-Original Message-
From: Dr. Stephen Henson
There are two automatic trust models for OCSP responder
Hi,
I am using the open ssl library on the embedded MIPS platform, i have
cross compiled the openSSL source code for the my MIPS platform and i'm
using the same library to link with my application. Here i'm able to set
the device certificate in PEM format successfully using the function
Dear Users,
I'm glad to announce a new version of stunnel.
The ChangeLog entry:
Version 4.32, 2010.03.24, urgency: MEDIUM:
* New features
- New service-level libwrap option for run-time control whether
/etc/hosts.allow and /etc/hosts.deny are used for access control.
Disabling libwrap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [24 March 2010]
Record of death vulnerability in OpenSSL 0.9.8f through 0.9.8m
In TLS connections, certain incorrectly formatted records can cause an OpenSSL
On Wednesday 24 March 2010 12:01:51 you wrote:
snip
Well it would typically require giving a public responder access to a
CA key: increasing the risk of compromise especially if the private key
itself is placed on the server.
Steve, I think it's entirely unfair to label the
Hi guys,
I am still searching for the answer of batch mode on openssl pkcs12 but no luck.
Is anyone can help me a work around way to avoid
Enter Export Password:
Verifying - Enter Export Password:
Above to prompts.
Thanks
John
From:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8n released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8n of our open source
On Wed, Mar 24, 2010 at 4:46 AM, Dr. Stephen Henson st...@openssl.org wrote:
The path of the responder certificate has to be validated so you need to pass
the root CA using the -CAfile or -CApath command line arguments.
adding -CAfile did the trick -- adding it to BOTH the server-launch
cmd,
HI!
Is there an API function in OpenSSL which extracts only the DER blob of
RecipientInfos from a CMS message (needed for encrypted S/MIME message). Or
has that to be done low-level with ASN.1 parser?
Ciao, Michael.
__
OpenSSL
On Wed, Mar 24, 2010, Michael Strder wrote:
HI!
Is there an API function in OpenSSL which extracts only the DER blob of
RecipientInfos from a CMS message (needed for encrypted S/MIME message). Or
has that to be done low-level with ASN.1 parser?
No you can't extract the received encoding.
Hi guys,
I am still searching for the answer of batch mode on openssl pkcs12 but
no luck.
Is anyone can help me a work around way to avoid
Enter Export Password:
Verifying - Enter Export Password:
Above two prompts.
Thanks
John
Hi,
This issue also spurred me to think about a patch :) I don't think OpenSSL
should write a RFC 2560 noncompliant feature, however, an option would be
to provide a warning explaining the issue better than current
OCSP_basic_verify:root ca not trusted and then optionally doing the extra
steps
On Wed, Mar 24, 2010, John Chen wrote:
Hi guys,
I am still searching for the answer of batch mode on openssl pkcs12 but
no luck.
Is anyone can help me a work around way to avoid
Enter Export Password:
Verifying - Enter Export Password:
Above two prompts.
hello all,
I have some code that was initially written under windows, using win32 crypto
dll, recently i need to port this code to use openssl instead. would like to
know what are some suggested options. a couple of approaches I can see
1. rewrite the code using openssl.
2. try to wrap
Hi John,
I have already answered your question twice on the list but it seems
that you didn't receive them for an unknown reason.
Look at the link below of OpenSSL list archive to reader what I wrote :
http://marc.info/?t=12690119749r=1w=2
Have a nice day,
--
Mounir IDRASSI
IDRIX
22 matches
Mail list logo