Hi,
Can following behaviour be confirmed as expected?
OpenSSL verify test (test_verify) fails
Env-
c_rehash run using Cygwin. Run c_rehash on /path/to/certs/demo
Cmd -
openssl verify -CApath ../certs/demo ../certs/demo/*.pem
Cause -
Symbolic links (from hash.0 to file.pem) created by c_rehas
CVE-2014-3570 is fixed in 0.9.8ze. Does the BN_sqr implementation in FIPS
Object Module 1.* also need to be fixed?
If I run 0.9.8ze on FIPS mode with using FIPS Object Module 1.x, am I
vulnerable to the CVE-2014-3570 attacks?
___
openssl-users mailing li
On Fri, Jan 30, 2015 at 09:46:46PM +, Salz, Rich wrote:
> > So it look like only direct use of BIO_gethostbyname can cause issues and
> > openssl does not rely on obsolete gethostbyname if it can use alternate
> > getaddrinfo.
> >
> > I would be happy to receive any comment on that.
>
> Okay
> So it look like only direct use of BIO_gethostbyname can cause issues and
> openssl does not rely on obsolete gethostbyname if it can use alternate
> getaddrinfo.
>
> I would be happy to receive any comment on that.
Okay: I agree with your review...
__
Hi,
I was wondering if openssl a vector of exploitation of Qualys Security
Advisory CVE-2015-0235 - GHOST: glibc gethostbyname ?
reference and test code here
http://www.openwall.com/lists/oss-security/2015/01/27/9
Here my quick study gethostbyname can be found only in b_sock.c used by
stru
29.01.2015, 20:18, "Dr. Stephen Henson" :
> On Tue, Jan 27, 2015, Serj wrote:
>> Ok. But is there any documentation how to set intermediate certificates for
>> my SSL connections? Maybe I want to support these broken sites...
>
> You can add intermediate certificates to the trusted store: they'l
All,
Please let me know if my below mentioned usage of PKCS7_sign()+adding
signer info is wrong and how.
Really appreciate your response.
cheers and regards
Srinivas
On 1/29/15, Srinivas Rao wrote:
> OpenSSL experts,
>
> Here the intention is to get the signed data (raw signature obtained
> by
Hi All,
I am getting segfault while using i2d_X509_SIG() in FIPS mode.
(gdb) bt
#0 0x01f95045 in __memcpy_ssse3_rep () from /lib/libc.so.6
#1 0x00466837 in asn1_ex_i2c () from /usr/local/cm/lib/libcrypto.so.1.0.1
#2 0x00466a36 in asn1_i2d_ex_primitive () from
/usr/local/cm/lib/libcrypto.so.1.0.