Hi,
I am developing an application that needs to perform certificate
verification asynchronously (specifically, the CRL queries are performed
asynchronously).
I am using non-blocking BIOs that read/write packets from/to
application-provided buffers.
Can I somehow use SSL_set_verify and trick
Would you please confirm to the list the name of the Python module, the
download site for it and the version you are currently working with.
This just helps up provide assistance to this same question in future.
Please read up on this recent thread. I do not know anything about
Python
I got the icc problem resolved by writing shell script.
Building static libraries get stuck at following point ( I guess the object
limit of qar is hit)
qar -cuv ../../libcrypto.a a_object.o a_bitstr.o a_utctm.o a_gentm.o
a_time.oa_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o
Yup, I had to do a couple of fixes to the GNU utilities to get around
size limitations, for example when the size limit to ADDBNDDIRE (not
qar) is reached, then to split the request and make multiple calls.
G.
From: owner-openssl-us...@openssl.org
Long info because I fear the Python module maybe misunderstanding what
SSL_shutdown() actually does and why it exists. Which in turn mean that
users of the Python module also misuse it (sandcastles in the sand and
all that).
Antoine Pitrou wrote:
While testing Python's SSL support with
On Tue, 6 Apr 2010 21:17:01 +0200
Dr. Stephen Henson st...@openssl.org wrote:
Well that actual manual page is rather old and it still talks about
PRNG initialisation which dates from the time OpenSSL didn't handle
that automatically on many platforms.
So are you saying there is no need to
On Wed, Apr 07, 2010, Sad Clouds wrote:
On Tue, 6 Apr 2010 21:17:01 +0200
Dr. Stephen Henson st...@openssl.org wrote:
Well that actual manual page is rather old and it still talks about
PRNG initialisation which dates from the time OpenSSL didn't handle
that automatically on many
it appears that this function only handles char*, how should unicode strings be
handled?
thanks,
sean
_
Hotmail is redefining busy with tools for the New Busy. Get more from your
ok my bad, the question was wrong.
here is the real question I have, when I use the routine X509_NAME_print_ex,
how can I convert the output to be in unicode format? the result I get
currently is just char*.
From: swan...@hotmail.com
To: openssl-users@openssl.org
Subject: does
On Fri, 2010-04-02 at 15:57 -0400, Victor Duchovni wrote:
The performance of the 1.0.0 AES algorithm as reported by openssl speed,
appears to be much lower with block sizes of 16, 64 and 256 bytes than
with previous releases. Larger block sizes of 1024 and 8192 bytes show
good performance. Is
Hello Michael,
[...]
$HOME = . # [active directorey, from which I call openssl]
You better check that one - it may have been a typo here, but *nix systems
__never__ specify the current working directory as the $HOME directory.
*nix and nearly all other single tree file system OS have an
Hello Michael,
[...]
$HOME = . # [active directorey, from which I call openssl]
You better check that one - it may have been a typo here, but *nix systems
__never__ specify the current working directory as the $HOME directory.
*nix and nearly all other single tree file system OS have an
Hi,
I took the source of Openssl 1.0.0 and tried building it after running
perl Configure no-idea no-rc5 no-mdc2 no-md2 no-krb5 no-tlsext VC-WIN32
The build fails with the following link errors.
SSLEAY32.def : error LNK2001: unresolved external symbol
SSL_set_session_secret_cb
SSLEAY32.def :
Hi,
I made the following changes in ssl.h (have indicated the changes with a
comment //added this)
#ifndef OPENSSL_NO_TLSEXT //added this
/* TLS extensions functions */
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
int SSL_set_session_ticket_ext_cb(SSL *s,
Hi,
Does any version of openssl crypto library ( one for RNG) has complaint with
the requirement of NIST SP800-90?
Plz let me know. I couldnt get any info on this from docs.
-Nikitha
Hi All,
I'm a novice user to openssl libraries. Could you plz point me to the
source/test suite available for known answer test of FIPS 140-2 level 2
complaint Diffie-Hellman module?
Thanks,
Nikitha
While we are on the subject of Unicode, there are other areas of OpenSSL that
need Unicode support added, in particular handling of paths and filenames on
UTF16-based filesystems that require wchar_t* parameters. For instance, on
Windows, OpenSSL cannot load certificate files/directories that
Is it possible to build a FIPS capable Openssl for AMD64?
You can build the fipscanister for AMD64, but then attempting to build
OpenSSL 0.9.8n fails.
cl /Fotmp32dll\fips_standalone_sha1.obj -Iinc32 -Itmp32dll /MD
/Ox /O2 /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32
On Wed, Apr 07, 2010, Kaila, Ashish wrote:
Hi,
I made the following changes in ssl.h (have indicated the changes with a
comment //added this)
#ifndef OPENSSL_NO_TLSEXT //added this
/* TLS extensions functions */
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
On Wed, Apr 07, 2010 at 06:58:05PM +0100, David Woodhouse wrote:
As you can see, the results all got much faster once I got back in time
to about mid-2007. Using 'git-bisect' I was able to find the offending
commit which had caused the performance degradation:
Why is there code that will not compile still in the tarball?
Granted your makefiles don't try to build it - so why's it there?
Look at pkcs7/bio_ber.c:bio_ber_get_header
This function clearly doesn't compile (missing semicolon after 'unsigned
long length'). Looks like its been like that for
I am trying to build the newly-released openssl (1.0.0) in a basic
MinGW environment.
I have tried both the automatic MinGW installer, which installs gcc
3.4.5 (fairly old), and a manual install of the current (not
proposed) gcc, version 4.4.0.
The first error is 3 missing definitions in
One more definition is required in wincrypt.h:
sh-3.1$ diff wincrypt.h~ wincrypt.h
1323a1324,1325
BOOL WINAPI CryptEnumProvidersA( DWORD, DWORD *, DWORD, DWORD *,
LPSTR, DWORD *) ;
After that...
ALL TESTS SUCCESSFUL.
make[1]: Leaving directory
Hi,
I am using openssl from within neon, itself used from within
Subversion. During an svnsync, I receive the following error
message:
svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL
error: parse tlsext (https://xxx.org)
If I am right, this message comes from
On Wed, Apr 07, 2010, Florent Georges wrote:
Hi,
I am using openssl from within neon, itself used from within
Subversion. During an svnsync, I receive the following error
message:
svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL
error: parse tlsext
On Wed, 2010-04-07 at 16:00 -0400, Victor Duchovni wrote:
Can someone confirm that what we are seeing is a work-around for DJB's
cache timing attack on AES? If so, I would guess that the timing attack
is believed to be impractical for large blocks, so the fast path is used
only for
Dr. Stephen Henson wrote:
Thanks for your fast response!
That looks like it is only part of the actual error code.
That's all I have. I guess either Subversion or Neon truncates
the error message.
I suspect it is because the server doesn't support secure
renegotiation. You can check
On Wed, Apr 07, 2010, Florent Georges wrote:
Dr. Stephen Henson wrote:
Thanks for your fast response!
That looks like it is only part of the actual error code.
That's all I have. I guess either Subversion or Neon truncates
the error message.
I suspect it is because the server
28 matches
Mail list logo
