On 11/14/2012 04:21 PM, mclellan, dave wrote:
> Thanks for that clarification. It's not so cut and dry, I see.
>
> About this: "... and don't even bother to build fipscanister.o"... Then on
> what grounds could they claim FIPS compliance?
There is a common confusion between "FIPS compliant"
On Wed, Nov 14, 2012 at 4:21 PM, mclellan, dave wrote:
> Thanks for that clarification. It's not so cut and dry, I see.
>
> About this: "... and don't even bother to build fipscanister.o"... Then on
> what grounds could they claim FIPS compliance?
Exactly ;)
And the more important question: ho
Thanks for that clarification. It's not so cut and dry, I see.
About this: "... and don't even bother to build fipscanister.o"... Then on what
grounds could they claim FIPS compliance?
Dave
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl
On Wed, Nov 14, 2012 at 3:25 PM, mclellan, dave wrote:
> ...
> We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
> and I’d like to test out this set of assumptions (or maybe they are
> ‘assertions’)
>
> - In the context of OpenSSL, FIPS compliance is all about a
[If this is posted a 2nd time, my apologies, I believe my subscription was
broken]
We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
and I'd like to test out this set of assumptions (or maybe they are
'assertions')
- In the context of OpenSSL, FIPS complian
On 14 nov. 2012, at 19:58, "Dr. Stephen Henson" wrote:
> On Wed, Nov 14, 2012, Dirk-Willem van Gulik wrote:
>
>> Folks,
>>
>> Have a CA (created by certtool, validates in openssl as self signed just
>> fine) and a server cert (created with certtool, signed with certool) which
>> des NOT vali
In addition to Mr Henson answer, your CA certificate doesn't have any
keyUsage extension, depending on the toolkit it may not be considered a
valid CA.
Your countryName AVA is wrong, too. It must be only 2 characters long,
"NL" in your case.
--
Erwann ABALEA
-
yuppiexpédidétritus: cadavres
On Wed, Nov 14, 2012, Dirk-Willem van Gulik wrote:
> Folks,
>
> Have a CA (created by certtool, validates in openssl as self signed just
> fine) and a server cert (created with certtool, signed with certool) which
> des NOT validate in openssl.
>
> However the signature (when extracted with op
On 11/14/2012 04:15 AM, Fredrik Jansson wrote:
> Hi!
>
> I have compiled the 2.0.2 FIPS module, when I
> call FIPS_module_version_text() it returns "FIPS 2.0.1 validated test
> module 12 Jun 2012".
>
> It seems a bit odd that it says "2.0.1" and "test", does this indicate
> that I have made a mis
On 14 nov. 2012, at 18:42, Dirk-Willem van Gulik wrote:
> Have a CA (created by certtool, validates in openssl as self signed just
> fine) and a server cert (created with certtool, signed with certool) which
> des NOT validate in openssl.
>
> However the signature (when extracted with openssl
On Wed, Nov 14, 2012 at 12:32 PM, Nou Dadoun wrote:
> Hi folks,
>
> We have several projects that use openssl in both FIPS-mode and
> non-FIPS-mode; one of the projects that we have that does not use FIPS-mode
> is one that uses the Boost ASIO library in which we can reach done into the
> opens
Hi folks,
We have several projects that use openssl in both FIPS-mode and non-FIPS-mode;
one of the projects that we have that does not use FIPS-mode is one that uses
the Boost ASIO library in which we can reach done into the openssl properties
to get properties and operations that aren't provi
Folks,
Have a CA (created by certtool, validates in openssl as self signed just fine)
and a server cert (created with certtool, signed with certool) which des NOT
validate in openssl.
However the signature (when extracted with openssl its asn1parse; openssl its
rsautl and openssl its sha256) l
(Top posting to keep this thread consistent)
Hi,
As for encrypting/decrypting a file via stdin/stdout, the openssl.exe
program can already do that (it is almost the default behavior for those
commands that encrypt/decrypt things, you may need to add the "-passin"
option to indicate if the passwo
On 11/13/2012 11:24 PM, Pierre DELAAGE wrote:
If we would have to have deep understanding of the various codes we are
using everyday (I am myself a programmer, and openssl WCE contributor),
we would not have enough time to work, to produce anything.
Anyway understanding "what the code is SUPPOSE
I would hope that one of us could provide you something given a week or so...
very busy with work currently but I'm sure I could do something in time.
Carl
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of John Zavgren [j...@zavgren.com]
Sent: 14 November 201
Leon:
I suggest that you write a program that uses file descriptors for IO? I'd
write it in C.
On Mon, Oct 22, 2012 at 5:51 AM, Funnell, Leon wrote:
> We have Windows application which passes data to OpenSSL.exe to encrypt as
> a Windows command, then scrapes the encrypted data back from the out
Carl,
Thanks for your reply. I would love to have a service which I could
call, unfortunately my Windows development skills don't stretch that far
as I am an infrastructure person with some basic VBscripting skills.
Do you (or another member of this list as CC'ed) have something that
could
18 matches
Mail list logo