Ciphers: disabling

2013-01-09 Thread Serhiy Ivanov
Tried to turn off one cipher via: #!/bin/bash make clean ./config -no-CAMELLIA-128-CBC make depend make But still cannot turn it off (as i see output of openssl list-cipher-algorithms or even ./apps/openssl list-cipher-algorithms for new compiled client). I don't see way to really turn off

Re: Ciphers: disabling

2013-01-09 Thread Jeffrey Walton
On Wed, Jan 9, 2013 at 7:02 AM, Serhiy Ivanov serhiy.i.iva...@globallogic.com wrote: Tried to turn off one cipher via: #!/bin/bash make clean ./config -no-CAMELLIA-128-CBC make depend make Try make dclean Jeff __ OpenSSL

Cert in DNS (DANE, DNSSEC) and OpenSSL

2013-01-09 Thread Bry8 Star
(reposting this on users list) Hi, When can we expect an OpenSSL release, that will support DANE protocol to verify SSL/TLS certificates (which are added/kept in the DNS RR) using DNSSEC protocols ? Thanks, -- Bright Star (Bry8 Star / Bry8Star). signature.asc Description: OpenPGP digital

Re: openssl RPM package

2013-01-09 Thread Bry8 Star
I am (still) looking for an OpenSSL 1.0.1c rpm or srpm / src.rpm for CentOS 6.3 (32bit). If same version with fips module were downloadable, that would have been great as well. From Walter H., received on 2013-01-08 8:47 PM: Hello, is there an openssl RPM package with version 0.9.8 or

Re: Cert in DNS (DANE, DNSSEC) and OpenSSL

2013-01-09 Thread Jakob Bohm
On 1/9/2013 2:46 PM, Bry8 Star wrote: (reposting this on users list) Hi, When can we expect an OpenSSL release, that will support DANE protocol to verify SSL/TLS certificates (which are added/kept in the DNS RR) using DNSSEC protocols ? Is there an RFC for DANE, or is it still an experimental

Re: References to NSS libraries

2013-01-09 Thread Jakob Bohm
On 1/8/2013 7:59 PM, Jeffrey Walton wrote: On Tue, Jan 8, 2013 at 1:14 PM, Carson Gaspar car...@taltos.org wrote: On 1/8/13 9:52 AM, Jeffrey Walton wrote: That seems like a really odd requirement. Is there any reading on the topic? man nsswitch.conf Generally, I prefer static linking in

Re: References to NSS libraries

2013-01-09 Thread Jeffrey Walton
On Wed, Jan 9, 2013 at 10:42 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 1/8/2013 7:59 PM, Jeffrey Walton wrote: On Tue, Jan 8, 2013 at 1:14 PM, Carson Gaspar car...@taltos.org wrote: On 1/8/13 9:52 AM, Jeffrey Walton wrote: ... OT: Do you think the tools will ever catch up? Autoconf

Re: openssl RPM package

2013-01-09 Thread Florian Weimer
On 01/09/2013 02:55 PM, Bry8 Star wrote: I am (still) looking for an OpenSSL 1.0.1c rpm or srpm / src.rpm for CentOS 6.3 (32bit). The Fedora 18 SRPM builds fine on RHEL 6.3, at least. I haven't checked the result. Replacing such a central system component is always a bit tricky. --

Re: openssl RPM package

2013-01-09 Thread Bry8 Star
THANKS. At first (or initially) i want to install the v1.0.1c as a second (2nd) openssl in the system, so it does not replace the existing openssl and start to create conflicts/fails with other base/core components. And initially want to (at least) start creating/managing cert with it manually,

RE: Ciphers: disabling

2013-01-09 Thread Jeremy Farrell
From: Serhiy Ivanov [mailto:serhiy.i.iva...@globallogic.com] Sent: Wednesday, January 09, 2013 12:03 PM Tried to turn off one cipher via: #!/bin/bash make clean ./config -no-CAMELLIA-128-CBC make depend make But still cannot turn it off (as i see output of openssl

Compile 0.9.8x for 64bit is missing _SHA* symbols

2013-01-09 Thread Ribhi Kamal
Hi all, I've compiled openssl 0.9.8x on windows 7 using VS2010 pro using the following steps: perl Configure VC-WIN64A --prefix=%LIB_OUT% CALL ms\do_win64a nmake -f ms\ntdll.mak nmake -f ms\ntdll.mak test nmake -f ms\ntdll.mak install Unfortunately the resulting libraries do not have any of the

Fwd: How to remove certificate from X509_STORE?

2013-01-09 Thread Srivardhan Hebbar
Hi, X509_STORE_add_cert() would add a certificate to the list of trusted certificates in the ctx. What is the way to remove a certificate from this trusted store? Am not finding any function to remove the certificate. Can anyone of you suggest a way to remove the certificate from this trusted

Cut openssl

2013-01-09 Thread Serhiy Ivanov
As i see from demos (even such supposed to be tiny one as easy-tls or bio/sconect) all files created are too big (my requirement are =100kb for binary and =300kb more for all memory includding heap). Is it possible to cut opensll in next ways: 1) use onle a few cypher algorithms and do not even

EVP_aes_256_gcm - Retrieving the MAC value

2013-01-09 Thread Roar Lien
Hi, This is an API question on using OpenSSL and AES GCM. I am successfully able to perform encryption / decryption and I am also able to detect errors in the mac value. The code I am using for this is below. I want to retrieve the mac value to my own buffer, in addition to just doing the