[openssl-users] OpenSSL 'verify' command and c_ rehash script on Cygwin

2015-01-30 Thread Deepak
Hi, Can following behaviour be confirmed as expected? OpenSSL verify test (test_verify) fails Env- c_rehash run using Cygwin. Run c_rehash on /path/to/certs/demo Cmd - openssl verify -CApath ../certs/demo ../certs/demo/*.pem Cause - Symbolic links (from hash.0 to file.pem) created by c_rehas

[openssl-users] Is CVE-2014-3570 fixed in FIPS Object Module 1.* (1.1.2, 1.2, 1.2.2 ...)

2015-01-30 Thread Susumu Sai
CVE-2014-3570 is fixed in 0.9.8ze. Does the BN_sqr implementation in FIPS Object Module 1.* also need to be fixed? If I run 0.9.8ze on FIPS mode with using FIPS Object Module 1.x, am I vulnerable to the CVE-2014-3570 attacks? ___ openssl-users mailing li

Re: [openssl-users] Is openssl a vector of exploit for Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname ?

2015-01-30 Thread Viktor Dukhovni
On Fri, Jan 30, 2015 at 09:46:46PM +, Salz, Rich wrote: > > So it look like only direct use of BIO_gethostbyname can cause issues and > > openssl does not rely on obsolete gethostbyname if it can use alternate > > getaddrinfo. > > > > I would be happy to receive any comment on that. > > Okay

Re: [openssl-users] Is openssl a vector of exploit for Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname ?

2015-01-30 Thread Salz, Rich
> So it look like only direct use of BIO_gethostbyname can cause issues and > openssl does not rely on obsolete gethostbyname if it can use alternate > getaddrinfo. > > I would be happy to receive any comment on that. Okay: I agree with your review... __

[openssl-users] Is openssl a vector of exploit for Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname ?

2015-01-30 Thread pl
Hi, I was wondering if openssl a vector of exploitation of Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname ? reference and test code here http://www.openwall.com/lists/oss-security/2015/01/27/9 Here my quick study gethostbyname can be found only in b_sock.c used by stru

Re: [openssl-users] Intermediate certificates

2015-01-30 Thread Serj
29.01.2015, 20:18, "Dr. Stephen Henson" : > On Tue, Jan 27, 2015, Serj wrote: >>  Ok. But is there any documentation how to set intermediate certificates for >> my SSL connections? Maybe I want to support these broken sites... > > You can add intermediate certificates to the trusted store: they'l

[openssl-users] Wrong usage of PKCS7_add_signature()??

2015-01-30 Thread Srinivas Rao
All, Please let me know if my below mentioned usage of PKCS7_sign()+adding signer info is wrong and how. Really appreciate your response. cheers and regards Srinivas On 1/29/15, Srinivas Rao wrote: > OpenSSL experts, > > Here the intention is to get the signed data (raw signature obtained > by

[openssl-users] i2d_X509_SIG() in FIPS mode

2015-01-30 Thread Gayathri Manoj
Hi All, I am getting segfault while using i2d_X509_SIG() in FIPS mode. (gdb) bt #0 0x01f95045 in __memcpy_ssse3_rep () from /lib/libc.so.6 #1 0x00466837 in asn1_ex_i2c () from /usr/local/cm/lib/libcrypto.so.1.0.1 #2 0x00466a36 in asn1_i2d_ex_primitive () from /usr/local/cm/lib/libcrypto.so.1.0.