[openssl-users] how to compile out selected ciphers

Hi All, I am trying to build openssl. As part of that I want to remove some ciphers like md4, rc5 etc. I tried ./config no-md5, no-rc5 and ./Configure no-md5, no-rc5. In both the case MD4 and RC5 directories are still getting compiled. Please can you let me know what could be going wrong.

Re: [openssl-users] Another problem with openssl x509 -req -- default_enddate

On 08/30/2017 09:22 PM, Michael Richardson wrote: Viktor Dukhovni wrote: > So indeed, you'd not be the first to consider a special-purpose > concise format. It is somewhat surprising that the applications > you're considering use X.509 certificates

Re: [openssl-users] Another problem with openssl x509 -req -- default_enddate

Viktor Dukhovni wrote: > So indeed, you'd not be the first to consider a special-purpose > concise format. It is somewhat surprising that the applications > you're considering use X.509 certificates at all, rather than just I meant to add in my previous

Re: [openssl-users] Another problem with openssl x509 -req -- default_enddate

Viktor Dukhovni wrote: > So indeed, you'd not be the first to consider a special-purpose > concise format. It is somewhat surprising that the applications > you're considering use X.509 certificates at all, rather than just > raw public keys. With

Re: [openssl-users] Another problem with openssl x509 -req -- default_enddate

Viktor Dukhovni wrote: > The openssl ca(1) program is to some extent just a demo, that meets I'd actually suggest that it be either: 1) ripped out of the source code, and turned into a seperate "application". 2) pushed internal to the source code (not

Re: [openssl-users] Another problem with openssl x509 -req -- default_enddate

On 08/30/2017 10:33 AM, Viktor Dukhovni wrote: On Wed, Aug 30, 2017 at 06:03:03AM -0400, Robert Moskowitz wrote: I woke up a little clearer head, and realized, that a truly constrained device won't even bother with DER, but just store the raw keypair. FWIW, Apple's boot firmware stores the

Re: [openssl-users] Another problem with openssl x509 -req -- default_enddate

On Wed, Aug 30, 2017 at 06:03:03AM -0400, Robert Moskowitz wrote: > I woke up a little clearer head, and realized, that a truly > constrained device won't even bother with DER, but just store the raw > keypair. FWIW, Apple's boot firmware stores the signature key as the raw RSA key bits in

[openssl-users] Internet Draft Guide to creating an EDSA PKI

I want to thank people here for their help. I welcome you to look at the 1st cut of my work, I welcome comments. I have to 'keep my fingers off of it' for a bit. Start on the CRL and OCSP parts in a week or so. Bob Forwarded Message Subject:New Version

[openssl-users] AES-CMAC digest with EVP

Hello, I have two buffers, one with a key and one with some data. The objective is to calculate the AES-CMAC of the data with this key. I managed to compute the AES-CMAC using type `EVP_aes_128_cbc()` with the low-level interface: 1. CMAC_CTX *ctx = CMAC_CTX_new() 2. CMAC_Init 3.

Re: [openssl-users] Another problem with openssl x509 -req -- default_enddate

Viktor, On 08/30/2017 12:59 AM, Viktor Dukhovni wrote: On Wed, Aug 30, 2017 at 12:17:09AM -0400, Robert Moskowitz wrote: So back to openssl ca and deal with no way to directly create a DER formatted cert. Definitely a deficiency. Not really a deficiency, as the certificates in question need