Found that strndup would not work.
I had to add
#if !HAVE_STRNDUP
#include stdio.h
#include string.h
#include sys/types.h
#include malloc.h
/* Find the length of STRING, but scan at most MAXLEN characters.
If no '\0' terminator is found in that many characters, return MAXLEN. */
size_t
Hi,
Our application experienced a serious performance drop in FIPS mode. The
connection per second (CPS) dropped about 50% in FIPS mode than in non-FIPS
mode.
We run the oprofile and find that there are lock contentions in FIPS mode:
FIPS oprofile system wide report
samples %app
External symbols beginning with str are reserved to the library by the C
standard (ISO 9899-1999 et seq). It's a violation of the standard to define
them outside the implementation. You should use function names in the user
namespace and if necessary use value-style macros to replace the
On 20 May 2014 06:40, The Doctor,3328-138 Ave Edmonton AB T5Y
1M4,669-2000,473-4587 doc...@doctor.nl2k.ab.ca wrote:
Found that strndup would not work.
I had to add
#if !HAVE_STRNDUP
#include stdio.h
#include string.h
#include sys/types.h
#include malloc.h
/* Find the length of STRING,
On 5/20/2014 7:24 AM, Ben Laurie wrote:
There is already a strndup replacement: BUF_strndup(). Switching to
use that would be better.
However
- if that function points to strndup, don't you still have the problem
if strndup doesn't exist?
- if that function is a reimplementation of
It's logical to me.
If the tool chain has a strndup, use it. If it doesn't, here it is.
There won't be a namespace clash if the function doesn't exist.
On 5/20/2014 8:14 AM, Michael Wojcik wrote:
External symbols beginning with str are reserved to the library by
the C standard (ISO 9899-1999
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Ken Goldman
Sent: Tuesday, 20 May, 2014 10:16
To: openssl-users@openssl.org
Subject: Re: test/heartbleed_test.c
It's logical to me.
If the tool chain has a strndup,
Hi
Is OpenSSL thread safe by default? How can I find out if a particular
OpenSSL binary had been compiled with thread support?
Thanks
Rahul
On 20 May 2014 15:42, Rahul Godbole rahulmg1...@gmail.com wrote:
Hi
Is OpenSSL thread safe by default? How can I find out if a particular
OpenSSL binary had been compiled with thread support?
http://www.openssl.org/support/faq.html#PROG1
Matt
On 20 May 2014 15:17, Ken Goldman kgold...@us.ibm.com wrote:
On 5/20/2014 7:24 AM, Ben Laurie wrote:
There is already a strndup replacement: BUF_strndup(). Switching to
use that would be better.
However
- if that function points to strndup, don't you still have the problem if
strndup
Hi,
I am new to openssl programming. My goal is trying to get a simple server
up and running. I am using OpenSSL 1.0.1e-fips 11 Feb 2013 on Centos6.5.
I am using SSL_CTX_use_certificate_chain_file() to load my server
certificate files at initialization. The PEM file is created by
concatenating
Using this cmd, from openssl's CA app:
openssl ca -revoke certs/07.pem -config ca.cnf
I am able to revoke a cert. Since I have a pass phrase attached to it, I need
to manually enter the passphrase everytime I revoke this cert (purely for
testing purposes). Trying to either leverage a windows
Looking at http://www.openssl.org/docs/apps/ca.html you can designate the
-passin option whose argument has several options including environment
variable and direct input with pass:passphrase which should be fine for your
local tests.
Cheers,
Ben
On 20 May 2014, at 17:45, Dalisay,
On Tue, May 20, 2014 at 1:04 PM, David Li dlipub...@gmail.com wrote:
Hi,
I am new to openssl programming. My goal is trying to get a simple server
up and running. I am using OpenSSL 1.0.1e-fips 11 Feb 2013 on Centos6.5.
I am using SSL_CTX_use_certificate_chain_file() to load my server
Hello,
I have some question:
http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html
What part is global, what part need be do by connexion?
On that's:
https://github.com/alphaonex86/CatchChallenger/blob/master/tools/epoll-with-buffer/main.cpp
I have edited it to try do simple echo server.
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of David Li
Sent: Tuesday, May 20, 2014 13:05
snip
I am using SSL_CTX_use_certificate_chain_file() to load my server certificate
files at initialization.
The PEM file is created by concatenating
Dustin,
Yes, I was trying SSL_CTX_use_certificate_file to see what happened and it
still crashed. The original code looks like:
if (SSL_CTX_use_certificate_chain_file(ctx, SERVER_CERT) != 1) {
}
The manpage says:
SSL_CTX_use_certificate_chain_file() loads a certificate chain
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dustin Oprea
Sent: Tuesday, May 20, 2014 14:07
On Tue, May 20, 2014 at 1:04 PM, David Li dlipub...@gmail.com wrote:
snip
The code that you cited doesn't use SSL_CTX_use_certificate_chain_file.
Dave,
Thanks for the suggestion! I took a look at the low-hanging fruit first -
my SSL ctx object. So I modified the code a little bit by checking the SSL
CTX first:
ctx = SSL_CTX_new(SSLv23_method()); // handle only SSL v2 and v3
if (!ctx) {
int_error(Error in creating SSL ctx\n);
On 20 May 2014 20:13, David Li dlipub...@gmail.com wrote:
So obviously my SSL_CTX object wasn't created properly. Now I have to
figure out what it means by library has no ciphers.
You haven't called the functions to initialise openssl.
Rich.
Rich,
I did the following calls:
OpenSSL_add_all_algorithms();
OPENSSL_init_library();
SSL_load_error_strings();
Are these enough?
On Tue, May 20, 2014 at 1:32 PM, Richard Moore richmoor...@gmail.comwrote:
On 20 May 2014 20:13, David Li dlipub...@gmail.com wrote:
So obviously my
Oh, I see,
I should have used SSL_library_init() rather than OPENSSL_init_library().
Thanks everyone! Great help!
David
On Tue, May 20, 2014 at 1:38 PM, David Li dlipub...@gmail.com wrote:
Rich,
I did the following calls:
OpenSSL_add_all_algorithms();
OPENSSL_init_library();
22 matches
Mail list logo