response verification, we are used the CA Designated
>> Responder (Authorized Responder). meaning that the issuer of serial
>> 0x500c8bd was the same issuer of the OCSP Signing response (ABC CA3 DEV).
>> However, my testing shows that this only affects the "response verification
Hello,
I was researching how expired CRLs affect revocation checking via openssl.
* TEST #1: *The first test was to find out what status is returned when i
verify a certificate against the CRL:
[dan@canttouchthis PKI]$ openssl verify -CAfile CAS/cabundle.pem -CRLfile
CRLS/ABC-expired.crl
?
-Bryan
On May 7, 2015, at 10:59 AM, John Foley fol...@cisco.com wrote:
Not sure.
Are you using blocking or non-blocking IO?
Have you tried SSL_MODE_AUTO_RETRY?
Do you notice a different return value from SSL_read() after a zero byte read
compared to other errors
You can private message me the patch and I can benchmark it for you. Please
let me know what release version or hash on git that it will cleanly apply. Do
you know what release this will be going in?
-Bryan
On May 1, 2015, at 6:49 AM, Salz, Rich rs...@akamai.com wrote:
Lock #1
I will just grab master then. Will this change be in the next 1.0.2 release?
-Bryan
On May 8, 2015, at 10:12 AM, Salz, Rich rs...@akamai.com wrote:
You can private message me the patch and I can benchmark it for you.
Please let me know what release version or hash on git
Do you know if there is a way from preventing a call to SSL_get_error() after
getting a 0 byte read from SSL_read()? This is the main issue I am facing with
the OpenSSL error locking right now.
-Bryan
On May 1, 2015, at 6:49 AM, Salz, Rich rs...@akamai.com wrote:
Lock #1
pair, data must be written into
or retrieved out of the BIO before being able to continue.
Thank you...
-Bryan
On May 1, 2015, at 5:34 AM, John Foley fol...@cisco.com wrote:
Lock #1 is CRYPTO_LOCK_ERR, which I believe is used for logging errors. It
appears your application
=0b732440636ab4e9eaedf237a5674bdc790c3e73;hp=2fae4820d7bab301340368e6be22445476d8d948;hb=d41e96f;hpb=ba1d6f7c9394c5efadb68cf9cf06f9b90f267b09
-Bryan
On Apr 30, 2015, at 3:52 PM, Bryan Call bc...@apache.org wrote:
This is for Apache Traffic Server and we have no knobs for turning on/off
FIPS. I am thinking about always
:50.932] Server {0x7f1e45b25700} ERROR: contention for lock -
total contention: 1200 waiting: 5 file: err.c line: 446 type: 1
[Apr 30 22:46:52.001] Server {0x7f1e45721700} ERROR: contention for lock -
total contention: 100 waiting: 0 file: rand_lib.c line: 212 type: 19
-Bryan
On Apr 29
Can I safely assume that if I call FIPS_mode_set(0) and get a successful return
value then I don’t need to lock when there are callbacks for type 39 and 40
locks (for OpenSSL 1.0.1 and 1.0.2)?
-Bryan
On Apr 28, 2015, at 10:22 AM, John Foley fol...@cisco.com wrote:
In the context
What do you mean by “FIPS POST has completed”?
-Bryan
On Apr 24, 2015, at 4:17 PM, John Foley fol...@cisco.com wrote:
Some of the algorithms still invoke the FIPS flavor of the algorithm even
when FIPS is disabled. For example, this code is from EVP_DigestUpdate().
int
) contention for lock - total
contention: 1350 waiting: 1 file:
/SourceCache/OpenSSL098/OpenSSL098-52.20.2/src/crypto/err/err_def.c line: 343
type: 1
-Bryan
On Apr 23, 2015, at 4:46 PM, John Foley fol...@cisco.com
mailto:fol...@cisco.com wrote:
Looking at your call stack, it appears you're
();
if (mode) {
FIPS_mode_set(0);
Debug(ssl, FIPS_mode: %d, mode);
}
#endif
[Apr 24 21:43:45.860] Server {0x7f7628146800} DEBUG: (ssl) FIPS_mode: 0
-Bryan
On Apr 24, 2015, at 10:56 AM, John Foley fol...@cisco.com
mailto:fol...@cisco.com wrote:
When you create
::process_event(Event*, int) ()
#21 0x00758c84 in EThread::execute() ()
#22 0x00757cf8 in spawn_thread_internal(void*) ()
#23 0x7f1fbaae49d1 in start_thread () from /lib64/libpthread.so.0
#24 0x0030ff0e88fd in clone () from /lib64/libc.so.6
-Bryan
2010/8/12 홍성일 remip...@gmail.com:
Hi.
Umm.. I'm so sorry .. I can't speak English Well.!!
I want to build libosslfips.dll (Windows) in openssl-0.9.8o or
openssl-fips-1.2
But This is build(link) error (LNK2001)!!
In UserGuide-1.2 (http://www.openssl.org/docs/fips/UserGuide-1.2.pdf)
ask.
Thanks
Bryan
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord
I see a fips directory in 0.9.8o. If I'm building OpenSSL with FIPS
on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile?
__
OpenSSL Project http://www.openssl.org
User Support
On Tue, Aug 3, 2010 at 13:17, William A. Rowe Jr. wr...@rowe-clan.net wrote:
On 8/3/2010 10:05 AM, Bryan wrote:
I see a fips directory in 0.9.8o. If I'm building OpenSSL with FIPS
on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile?
This is well documented in the FIPS user
Hi everyone. Sorry for the long email, I am kinda a noob to SSL certs.
I am trying to develop a client application that will use SSL to encrypt LDAP
traffic so that a customer can use his/her LDAP server as a means of logging
into my client application. This client application will reside on
On Thu, Jul 29, 2010 at 13:08, Steve Marquess
marqu...@opensslfoundation.com wrote:
Bryan wrote:
I am almost done here... I was able to symlink the headers to get past
the opensslv header files, but the build process fails because openssl
didn't build libcypto. The problem is that when
I am almost done here... I was able to symlink the headers to get past
the opensslv header files, but the build process fails because openssl
didn't build libcypto. The problem is that when building openssl with
fips, it doesn't not appear to build libcrypto, and changing anything
in the
Hi everyone, I am a noob when it comes to SSL and I have an easy question but I
don't have the time to look up the answer myself.
I am trying to write an LDAP client. I need this client to use SSL as well. I
am using the openldap server and C libraries. Here is what the openldap web
page
-
From: owner-openssl-us...@openssl.org on behalf of Bryan Boone
Sent: Mon 7/26/2010 12:55 PM
To: openssl-users@openssl.org
Subject: Simple question about SSL certs
Hi everyone, I am a noob when it comes to SSL and I have an easy question but I
don't have the time to look up the answer myself.
I
SUPPORTS the use of client
certs because the LDAP server might. That does not mean you have to use them
unless the LDAP server is configured to require them.
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Bryan Boone
Sent: Mon 7/26/2010 2:09 PM
To: openssl-users
On Thu, Jul 22, 2010 at 17:18, Kevin Layer la...@franz.com wrote:
I searched the archives and didn't see anything like this.
I can build on 32-bit XP with no problems.
set ASM=ml64 /c /Cp /Cx /Zi
perl crypto\md5\asm\md5-x86_64.pl tmp32dll\md5-x86_64.asm
Use of uninitialized
the 8.0 SDK... and
if that is the case, then we can deal with that... below is the
output of the openssl build, with attempting to add FIPS support.
I appreciate any help... thank you...
Regards,
Bryan
Here is the output:
bbr...@iava-dev-0% perl Configure VC-WIN32 no-asm fips
--with-fipslibdir
On Wed, Jul 21, 2010 at 10:33, Jakob Bohm jb-open...@wisemo.com wrote:
On 21-07-2010 16:18, Bryan wrote:
I am trying to build openssl 0.9.8o with the fips-1.2 source. I'm
building it using cygwin as the interface, since I am trying to script
this into an installation process.
When building
On Wed, Jul 21, 2010 at 13:19, Jakob Bohm jb-open...@wisemo.com wrote:
On 21-07-2010 18:26, Bryan wrote:
On Wed, Jul 21, 2010 at 10:33, Jakob Bohmjb-open...@wisemo.com wrote:
On 19-07-2010 16:18, Bryan wrote:
I am trying to build openssl 0.9.8o with the fips-1.2 source. I'm
building
libraries do this.) How about
SSL_load_error_strings()? ERR_load_BIO_strings()?
Thanks for any help on these questions.
Bryan Sutula
__
OpenSSL Project http://www.openssl.org
User Support
Given the recent issue with OpenSSH, and the nature of OpenSSL,
I was surprised not to find checksums for the source tarballs.
Maybe that's something that should be made available?
I'm not on the list, so please cc: any replies.
--
Bryan Medsker
[EMAIL PROTECTED
Warning
Unable to process data:
multipart/mixed; boundary=_=_NextPart_000_01C17D12.47E1D3B0
Warning
Unable to process data:
multipart/mixed; boundary=_=_NextPart_000_01C17D12.80C768C0
it would certainly beat the P3 Mhz/Mhz.
Anyone care to comment on this?
If you use GCC, the IA-64 target *IS* an optimizing compiler that can
re-order instruction for EPIC. Or weren't you aware of the whole
concept of EPIC, compiler-based optimization?
-- TheBS
--
Bryan TheBS Smith mailto
an _air-cooled_ 1.2GHz Alpha as early as 1997. I
had a 500MHz Alpha in 1996, back when Intel only had its 200MHz Pentium
Pro. The thing was 5x as floating point, well worth the cost.
-- TheBS
--
Bryan TheBS Smith mailto:[EMAIL PROTECTED]chat:thebs413
Engineer AbsoluteValue Systems, Inc
a separate crypto library that generated the signature, and I want to use
OpenSSL to package it in PKCS7.
Thanks,
Bryan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
answer, but it did compile after that and I'm up
and running OSU's webserver (ver 3.9) using it.
-Bryan
Programmer/Webmaster
New Mexico Military Institute http://www.nmmi.cc.nm.us
101 W College Blvd, Roswell NM 88201-5173 (505) 624-8110
mailto:[EMAIL PROTECTED
s OK to do? I noticed many other
programs had similar lines, but only this one is tripping me up. Any more
ideas? I appreciate all input and help.
Thanks,
Bryan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, April 05,
s OK to do? I noticed many other
programs had similar lines, but only this one is tripping me up. Any more
ideas? I appreciate all input and help.
Thanks,
Bryan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, April 05,
Not possible currently but will appear in v.18 which should be out very
soon...
Bryan
- Original Message -
From: "Stephen DiRose" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 05, 2001 5:05 PM
Subject: How to use a proxy with Net:SSLeay
Hey folks,
Does an
Check the archives on the [EMAIL PROTECTED] list - I recently posted a
patch for Net::SSL which adds support for SSL proxies. The normal
Crypt::SSLeay package doesn't support it.
Bryan
- Original Message -
From: "Clarke, Barbara P, HRSVC" [EMAIL PROTECTED]
To: [EMAIL PROTE
rrno.h:25: linux/errno.h: No such file or directory
make[1]: *** [cryptlib.o] Error 1
make[1]: Leaving directory `/tmp/openssl-0.9.6/crypto'
make: *** [all] Error 1
Can anyone point me in the right direction? I've tried doing a
./config -no-asm, but that didn't seem to work any better.
Than
On Sat, 24 Jul 1999 [EMAIL PROTECTED] wrote:
Thirdly, you could download any one of a number of open-source encryption
products which will encrypt the data with the public key of the recipient,
thus making it available only to whoever has the private key. Start at the
PGP site for that sort
42 matches
Mail list logo