Looks like a bug in the compiler tool-chain. Consider rolling back to
something stable. If you're willing, you might want to scan the gcc bug
database in case this is a known issue, and perhaps report it if it
isn't? It might also be some system library the tool-chain is linked
against, who kno
Hi Mark,
Mark Laubach wrote:
> Hi David,
>
> Thanks and yes, these are the conundrums I'm curious about:
> 1) why does the process get hung on __read_nocancel (), when the
> connection is set to non-blocking, and only under heavy congestion?,
> and 2) if the connection did turn blocking, why aren
On Thursday 02 April 2009 11:24:56 Dr. Stephen Henson wrote:
> On Thu, Apr 02, 2009, Geoff Thorpe wrote:
> > On Wednesday 01 April 2009 16:34:35 Rene Hollan wrote:
> > > This is an April Fools' joke, right?
> >
> > It's April 2, so I can reply now.
&
openssl.org on behalf of Geoff Thorpe
> Sent: Wed 4/1/2009 12:11 PM
> To: openssl-users@openssl.org
> Subject: Re: OpenSSL 1.0.0 beta 1 released
>
> On Wednesday 01 April 2009 09:05:05 Thomas J. Hruska wrote:
> > The problem is that I was under the distinct impression 0.9.9 was
>
On Wednesday 01 April 2009 09:05:05 Thomas J. Hruska wrote:
> The problem is that I was under the distinct impression 0.9.9 was the
> next release and 1.0.0 was a pipe dream a few years down the road (at
> least).
The choice of a 1.0 release is to clearly mark the fact that openssl is
shifting to
On Tuesday 31 March 2009 23:16:10 Shasi Thati wrote:
> Hi,
>
> I have a question regarding the openssl speed command. When I use this
> command to test the crypto offload engine performance what is the
> right command to use?
>
> Is it
>
> openssl speed -evp aes-128-cbc -engine xx -elapsed
>
>
On Friday 12 December 2008 01:07:04 Madhusudan Bhat wrote:
> Hi Geoff,
>
> I appreciate your reply. Currently, I dont have any engine supported
> at the openssl side. I have crypto driver at the kernel side, which
> registered with the kernel for the hashing and encryption algos.
>
> >From the open
On Thursday 11 December 2008 12:44:24 Madhusudan Bhat wrote:
> Hi All,
>
> I am having a issue when using digest command from openssl. When I
> issue digest command md5 from openssl, kernel side it will never
> receive IOCTL - CIOCGSESSION with sop->mac getting set, also it wont
> receive IOCTL - C
On Friday 21 November 2008 14:50:41 Sander Temme wrote:
[snip]
> I would suggest a
> documentation fix, like so:
>
> Index: engines/e_chil.c
> ===
> RCS file: /home/openssl/cvs/openssl/engines/e_chil.c,v
> retrieving revision 1.9
> dif
On Friday 21 November 2008 14:41:08 Max Pala wrote:
> Hi Sander,
>
> I debugged the init process and it seems that you were right. The
> disable_mutex_callbacks is set to 1 at e_chil.c:578. Definitely it
> is due to initialization, at this point...
>
> ... looked into that, and... et voilas! Found
On Friday 21 November 2008 11:07:19 Max Pala wrote:
> P.S.: As this code is basically the same for every application, what
> about integrating a nice OPENSSL_init_pthread() function that will
> initiate all the static locks and the dynamic functions ? That would
> save *a lot of time* to many peopl
On Friday 21 November 2008 03:01:33 Massimiliano Pala wrote:
> Hi David,
>
> that is really nice.. although.. after I gave it a try... it does not
> really work :(
>
> Actually, it seems that the dynamic functions are never called... :(
>
> Investigating...
The attached example seems to work. I pu
On Thursday 20 November 2008 20:57:10 Max Pala wrote:
> it seems that I am missing the usage of the set of obscure functions:
>
> CRYPTO_set_dynlock_create_callback()
> CRYPTO_set_dynlock_lock_callback()
> CRYPTO_set_dynlock_destroy_callback()
>
> but I have no idea how to initial
On Wednesday 19 November 2008 15:14:21 Jan Klod wrote:
> On Wednesday 19 November 2008 21:02:06 Geoff Thorpe wrote:
> > If neither Michael (Ludvig) nor Andy (Polyakov) respond in the next
> > day or so, I'll try to take a look at (and understand) the state of
> &g
On Wednesday 19 November 2008 14:09:06 Jan Klod wrote:
> On Wednesday 19 November 2008 19:40:06 Michael S. Zick wrote:
> > On Wed November 19 2008, Jan Klod wrote:
> > > On Wednesday 19 November 2008 19:28:51 Michael S. Zick wrote:
> > > > That simplifies things, try 0.9.8i
> > > > http://gentoo-po
On Thursday 16 October 2008 12:32:01 Евгений wrote:
> Could I commit my patch to openssl source code to fix bug that I
> found?
No, but you're welcome to post details of the bug plus any fixes you have
to propose. There is also a request tracker where you could describe the
bug and your patch (w
Responding to openssl-users which is the place for this sort of
discussion, the openssl-dev list is for development of openssl itself
(rather than using openssl or developing external code that uses it).
It appears your system (or your PATH) doesn't include the "make" binary.
Compiling source c
On Monday 06 October 2008 11:19:08 Michael S. Zick wrote:
> A more likely possibility -
> All of the crypto-locks on the physical facilities will not work,
> nor any of the access cards - nobody will be able to get in.
> Meaning the world will be effectively, totally disarmed.
Or even better: "eff
On Thursday 02 October 2008 06:40:53 Sanjith Chungath wrote:
> I am getting thousands of UMRs and finally one segmentation error and
> a core dump while trying to create a keystore. Am using 0.9.8g.
> Everything works fine without purify. I also tried rebuilding openssl
> with PURIFY" compiler opti
On Wednesday 03 September 2008 11:46:29 Ger Hobbelt wrote:
> On Wed, Sep 3, 2008 at 5:03 PM, Manuel Sahm <[EMAIL PROTECTED]> wrote:
> >I want to make my network connection encrypted/secure using ssh.
>
> Please note that SSH is not SSL: SSH is a protocol on top of SSL.
> Since you're talking about
On Thursday 17 July 2008 12:26:33 Bruce Stephens wrote:
> Geoff Thorpe <[EMAIL PROTECTED]> writes:
>
> [...]
>
> > Has this ever been (in recent history) an issue within a given
> > release branch? Ie. has 0.9.8(n+1) ever broken apps that were
> > running ok
On Wednesday 16 July 2008 14:56:26 Kenneth Goldman wrote:
> [EMAIL PROTECTED] wrote on 07/16/2008 10:08:31 AM:
> > 2) using static builds has a benefit: you know exactly what your
> > application is going to get SSL-wise: you will be sure it is installed
> > on the target system because you brought
Did you try building with an up-to-date CVS snapshot?
ftp://ftp.openssl.org/snapshot/
I don't know if you were using some already-released package version, but if
so, then you would miss any fixes since then. (Ie. we don't rerelease 0.9.8x
when bugs are found, we release 0.9.8y instead...)
And
On Friday 30 May 2008 07:39:08 [EMAIL PROTECTED] wrote:
> I personally don't like the idea of generating keys that people will
> try, or using a weak/known key with small probability, but in this
> case I think it's so small that simply scanning for and banning such
> keys is good enough.
>
> I was
On Tue, 2008-04-08 at 10:04 -0500, Ion Scerbatiuc wrote:
> Thank you for your reply!
You're welcome :-)
> I didn't find any refferences to CRYPTO_set_add_lock_callback() in
> openssl man pages nor the meaning of this functions/callbacks.
Ahh, well once you start to understand this stuff better,
On Tue, 2008-04-08 at 03:35 -0500, Ion Scerbatiuc wrote:
> Hello!
> I wrote a multithreaded server using OpenSSL v 0.9.7a (running on a RH
> Enterprise Linux 2.6.9-55.0.2.ELsmp).
> The problem is my server is crashing at random times (it could stay
> alive for 24 hours or can crash within 4 hours).
Hello again,
I replied to this already on the openssl-dev list, although
openssl-users is the more appropriate of the two lists. Please don't
cross-post though. Thanks.
Cheers,
Geoff
On Wed, 2008-03-26 at 17:07 -0400, Azam Syed wrote:
> I loaded openssl 0.9.8g and when I complie Nagios plugin it
On Mon, 2008-03-24 at 17:38 -0400, Amit Sharma wrote:
> I have an application that creates a bunch of SSL connections during
> its life. For each of these connections, I have to store “application
> data” in an SSL object (in my case this is SSL_client object). The
> trouble is that the memory all
On Mon, 2008-03-10 at 17:23 -0600, Bryan Sutula wrote:
> My questions:
> 1. What I understand from this is that OpenSSL can be thread safe.
> In order for it to be safely used in multi-threaded
> applications, it needs:
> A. to be built with multi-threaded versions
Hi John,
> I have a question around the area of the Hardware device support that is
> used by the various Engines in OpenSSL. In the 0.9.8.a tree there are
> files for engines like Attala, uBSec, CryptoSwift etc. This is the area
> in OpenSSL is what I am currently interested in understanding.
>
ance or worse, refuses to be enlightened
by it, just makes this fscking aggravating to boot.
Discuss, question, reflect - by all means. But deranged evangalism should
stay confined to the privacy of your own home (or nearest foreign policy
think-tank).
Sincerely,
An
ll times.
'struct_ref' represents references to the structure itself, whether it's
enabled or not. 'funct_ref' represents 'enabled' references - so the
engine is initialised if and only if funct_ref>=1.
Hope that helps,
Geoff
--
Geoff
e of ENGINE_set_default_RSA() though if you want to know if it
succeeded.
BTW, your application needs to call ENGINE_cleanup() when closing down, as
this releases any/all internal references. Eg. ENGINE_set_default_RSA()
causes an intern
or something like that, than "make clean &&
make". Then if you still get the problem, the core-dump will provide a
more useful backtrace.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Même ceux qui se sentent pas des nôtr
er post that the "/dev/crypto" engine might
work on Free/OpenBSD if the kernel has a built-in driver, but that might
only provide access to cipher/hash functionality - I doubt public-key
crypto stuff goes through /dev/crypto. I should check, but I don't recall
seeing this get adde
ng ought to be able to convince
openssl to find libubsec.so. Whether the result will be
version-compatible is another issue, but you might be lucky.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Greedy Genghis George, Guru of God and Guns.
e
issue.
Salut,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Greedy Genghis George, Guru of God and Guns.
__
OpenSSL Project http://www.openssl.org
User Support Mail
make use of the
> Hardware Mod exp rather than software Mod exp.
Take a look at the "atalla" engine implementation as an example. In CVS
snapshots, it's in engines/e_atalla.c, and in 0.9.7 it's in
crypto/engine/hw_atalla.c.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http:
r a response while you sift through the s_server
output.
Good luck,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
__
OpenSSL Project http://www.openssl.org
User Suppo
tion uses
your ENGINE for it to be able to hook all the private key work to the
appropriate CryptoAPI token. (You could put in a placebo key-file to
satisfy any applications that don't support the ENGINE_load_private_key(
ith RSA_METHOD). If you provide a
non-NULL engine, it'll try to use that ENGINE's RSA_METHOD implementation
- however it'll also make sure to verify the implementation is
initialised, bump the reference count for use by
t down into the protocol more deeply, try
Eric's 'ssldump' tool.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
__
OpenSSL Project http://www.openssl.org
User
; printf("BF-CBC key len = %d\n", EVP_CIPHER_key_length(cipher));
> }
Try defining your FRED structure as const and see if that doesn't help it
crash. Anyway, the fact remains that you are better to copy the original
implementation and then manipulate you
D_SETSIZE? Or maybe some other function that
> replaces select() for programs with LOTS of descriptors?
I don't know which system you're runing, but perhaps you might have more
luck with poll(2)?
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL
otprint bloat was a problem, though it may still be
relevant for some restricted (eg. embedded) environments where disk space
(or flash memory) is limited.
Hope that helps.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
application doesn't yet support this).
Hope that helps - take a little time to surf the code is my advice, you'll
probably start to get a feel for how it's all hooked up. You might also
search the mail archives for previous dicussions of some of these issues
whe
functionality was created to do precisely what you're asking for, and
this hooks off a callback provided by the engine implementation that
should allow it to provide hardware-specific key-loading support. If it
only calls PEM functions, then it is not written to handle HSM keys.
rather heavily on what "hardware key" means. If the
corresponding ENGINE supports it, you should use
ENGINE_load_private_key().
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
___
Wine - even to the point that (in theory)
you should be able to switch between dynamic linking with any mixture of
Wine and/or MS versions of DLLs (except ntdll and kernel, for what should
be fairly obvious reasons).
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geofftho
I shared libraries do "equivalent" jobs, and
performance of applications should be more or less comparable in most
cases (with only a few exceptions heavily favouring one platform or the
other). The main thing to remember w.r.t. any performance fears is the
acronym; "W
> I've contacted the maintainer. He didn't find references in the code
> nor heard about it.
A grep on "Sun" or "SUN" would have turned this up easy, or are you
dealing with an older version?
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.
endently.
>
> Does it compress to one bit, or two?
It compresses to zero bits, as you can easily demonstrate using an
inductive proof.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
___
og rings and other
non-openssl mail lists exist for this sort of merriment, so please take
it there.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
OpenSSL Project
Hi,
On September 8, 2003 12:38 pm, Dr. Stephen Henson wrote:
> On Mon, Sep 08, 2003, Geoff Thorpe wrote:
[snip]
> > CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
> > sess->references++;
> > CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
> >
> > Oh, and than
s reused later under threading
circumstances, then wrap it with the appropriate locking;
CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
sess->references++;
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
Oh, and thanks for making me look at this - I've just realised the locking
in ssl/ss
t it. There are not many situations where
SSL/TLS servers (particular web-servers) ask for client authentication.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
OpenSSL Project
go back and pick up all the image files too). As I say, the question is
more how you identify/index SSL sessions in a satisfactory way (and with
suitable granularity) so that you get the maximum performance pay-off
from resumes, but without creating mistaken identities for any server
that matc
/TLS, can only hold water if you define it to. But that takes you
outside any reasonable definition that matters to anyone else.
Anyway like Brian, that's all I have to say on this, for whatever it's
worth.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geofftho
le to MITM attacks viz-a-viz the
application itself, the transport used, and the differences between what
it *should* consider trusted compared to what it *accepts* as
trustworthy. At the SSL/TLS level, this is not MITM, it is simply
communicating (and authenticating) with the
a sensible definition of MITM towards
conclusions, and another working from an tautological conclusion
backwards towards an unreasonable definition of MITM.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
_
nitisation discussions are
probably easy to pick up if you hit the archives.
> I also notice that SHA1_Update is called from
> ssleay_rand_bytes (md_rand.c, line 468) where
> an ifdef for PURIFY has been added, indic
about this if
> it is explained in the manual :)
As someone who now has an excellent working familiarity with the API
behaviour, I am sure any patches ("diff -u" format) you were to
contribute in this direction would be most warmly welcomed :-)
Cheers,
Geoff
--
Ge
em though? Are you able to do
away with the internal cache, or are you committed to having sane
interaction between internal and external caching? Note also that this
is all IMHO, there may be others who consider the internal/external
caching semantics to be fine as they are.
Cheers,
Geoff
--
Geo
&t1,dsa->g,&u1,
> dsa->pub_key,&u2,
> dsa->p,ctx,mont))
> goto err;
[snip]
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
___
ords, you should be ok. If you're in any doubt, please do the
following;
# ./config -f<...> -W<...> [etc - whatever flags you want]
# make
# make tests
If you want to see the consequences of your actions in terms of
performance of, for example, RSA, then run some before-and-aft
ff
- this is covered in the "NOTE" section of the man page I've referred
you to.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
OpenSSL Project
ertificates
and keys to understand what the interactions are and *why* private keys
are not transmitted in any way. I seem to recall the stunnel site having
some useful documents;
http://stunnel.mirt.net/
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
e CHANGES entry as a guide
for how to configure it - and the engines/e_gmp.c code has some other
info near the top if you're interested).
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
OpenSSL Projec
f conversion between GMP and
OpenSSL bignum formats, the GMP wrapper ENGINE resulted in significant
speed ups in RSA private key operations. I would suspect that on other
chipsets where GMP has been actively working the speed up would be more
significant still (I had reports of 3x speed
nless you use
the "-multi " switch (and it is supported on your version of openssl
and host system). Looking briefly at your sample source code, that has
the same problem. This is probably what is limiting the performance you
are seeing - try executing a few copies of your
nd if that fails on protocol troubles, retry
with SSLv2. Yes I know, bleurgh.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
OpenSSL Project http
, you won't get any compression unless both sides support it.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
OpenSSL Project http://www.openssl.org
User Support
ets way off-topic for the list ... are we agreed then
that all this discussion *is* about network I/O timouts in Apache and
*not* about any SSL/TLS vulnerabilities in OpenSSL?? If not, someone say
so please.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www
apper can hardly be relied upon - someone could easily modify it
to DoS any apache servers that it can't otherwise exploit. Ie. make the
virus tie up all the child-processes (doing the DoS connections from any
previously exploited/controlled servers). The question however is; what
*
site,
especially CVSweb (um, or whatever that replacement is called). Or
rsync'ing against the CVS repository. Things are ... *quicker* ... :-)
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
Op
uot; because it's
just a computer that can't do anything except security. Computers that
can't do anything except security are quite straightforward to create
already - eg. install an SSL/TLS (or HTTPS-forwarding) proxy on a linux
box and disable all other services.
Cheers,
Geoff
--
meout in
minutes (so it's a constant anyway) rather than 'n' growing the number
of sessions in the cache. Of course, if you don't want to thrash the
disk to hell with this example technique (because this wouldn't benefit
from kernel-caching like a single dbm file would), I'
> Unfortunately, there is no support for that card built in to OpenSSL,
> as far as I know. If I had the developpers manual for it, I could
> possibly write something and test it with you. If I had access to a
> machine with that accelerator, even better. Do you have the
> possibility to provid
're getting
occasional premature-disconnects from the peer - which would be a
reasonable assumption from the kind of "SSL3_GET_RECORD:decryption failed
or bad record mac" errors you were seeing in the log. Other than that, I
would need to know more. Threads? Platform? How did you configure? etc
r-function), but at least it'll be better
than zero documentation. Hopefully.
Failing that - take a read of engine.h (it's relatively well
self-documented) and check out the source that Frederic suggested.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
On Thu, 18 Jul 2002, du Breuil, Bernard L ERDC-ITL-NH wrote:
> It was fun. What are ipchains?
Easy: patent lawyers ...
or "Linux firewalling/filtering/NAT/etc" is another response I suppose -
please take a browse at the innumerable Linux HOWTOs and web-pages, a
simple google search should dred
es an idea about the range we are talking about).
I have a 1Ghz AMD that is in the ballpark of the speeds you mention.
[Not that anything I've just said affects the points you were making.]
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
__
help immensely.
I haven't had a chance to play with it - but you might want to try OpenCA
and see how it pans out. http://www.openca.org
Good luck,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
Pop quiz:
(1) guess the nations of the following three elected leaders;
(i) a war-mongering
Hi,
On Sat, 13 Jul 2002, Manish Ramesh Chablani wrote:
> Here is the snippet of my code which generates RSA key pair and then
> saves the public and private keys in character buffer. However the output shows
> the public key and private keys are of different sizes.. I was under the
> impre
Hi,
On Wed, 26 Jun 2002, Silvex Security Team wrote:
> I am trying to configure OpenSSH 3.4P1 using OpenSSL 0.9.6d without success
>
> # LIBS="-ldl" CPPFLAGS="-I/usr/include/openssh" ./configure
> --with-tcp-wrappers --with-ssl-dir=/usr/share/ssl/lib
>
>
>
> checking for getpagesize... yes
> ch
Hi,
On 24 Jun 2002, Shalendra Chhabra wrote:
> HI
> I fail to understand the following:
>
> In SSL 3.0, the Plaintext blocks are blocks of 2^14
> But when they are compressed it is written:
>
> Compression must be lossless and may not increase the content
> length by more than 1024 bytes.
> I ju
Hi there,
> I use openssl-engine-0.9.6.c in conjunction with a cryptoswift card.
> To test it, I did a "openssl speed -engine cswift".
> First everything seemed to work fine - astonishingly most operations
> were performed in exactly 2.99 secs - but then errors occured.
> I include the relevant l
Hi there,
> * The OpenSSL API does not offer a call to remove the private key
> information from memory as long as any TLS functionality is still
> set up.
> (-> reminder: check, whether the memory overwritten when performing
> SSL_free()/SSL_CTX_free()..)
> To be compliant with RFC2246
Hi there,
> there are two projects supporting smartcard use in openssh (that i'm
> aware of): muscle (www.linuxnet.com) and citi
> (www.citi.umich.edu/projects/smartcard). the citi code is included
> in openssh 3.0.2p1 (didn't check older versions).
>
> the muscle code uses the RSA meth attribute
Hi there,
On Friday 28 December 2001 12:49, Patrick Li wrote:
> Hi,
>
> I have implemented the SSL client and server applications and I will be
> using them to conduct SSL sessions. Since I have control on the client
> and the server, I want to find a cipher which offers strong encryption
> but
Hi there,
I have no idea what it is that is bothering Oracle 8i about your cert(s) so
I can simply make guesses here ...
On Tuesday 20 November 2001 02:32, viswanath wrote:
> Here are the differences found
>
>MY CERT|VERISIGN
>
> 1) 1024-bit
On Tuesday 20 November 2001 00:20, viswanath wrote:
> But the self signed certificate that has been generated contains the
> following
>
> X509v3 Basic Constraints:
> CA:TRUE
> X509v3 Key Usage:
> Certificate Sign, CRL Sign
> Netscape Cert Type:
> S
On Monday 09 July 2001 13:52, Steven A. Bade wrote:
> OK Stupid question Where can one find SWAMP???
There's a downloadable tarball at;
http://www.geoffthorpe.net/crypto/
However, expect a heavily revamped version soon ...
Cheers,
Geoff
__
Hi there,
On Wed, 19 Sep 2001, Tom Biggs wrote:
> I've got a nearly rhetorical question, but I thought I'd toss
> it into the ring anyway.
>
> I'm wondering how much overlap there might be between _all_ of
> the modulus values used across all OpenSSL modular exponentiation
> calls. If there is
Hi,
On Tue, 18 Sep 2001, Tom Biggs wrote:
> OK, so I'm not very maths-literate...
>
> I was just wondering what the odds are of a modular exponentiation
> returning a result of zero in any OpenSSL usage of the modexp.
>
> It seems like odds are very much against it, but is it still
> possible?
On Fri, 14 Sep 2001, Xeno Campanoli wrote:
> The PC Doctor wrote:
> >
>
> This is innappropriate for this group. I resent it, and I am against
> it.
I resent this too. Rather than using an OpenSSL mailing list for drumming
up nationalistic emotions under the guise of compassion, could you p
On Thu, 12 Jul 2001, Gary Fletcher wrote:
> Does Open SSL work on win2000 running Apache???
"work" is a relative word, and relative to win2000, yes OpenSSL works. Whether
anything "works" in win2000 relative to proper systems is anyone's guess.
Cheers,
Geoff
PS: OK, ":-)", just in case you we
On Wed, 25 Apr 2001 [EMAIL PROTECTED] wrote:
> > And we've stated that binary compatibility doesn't exist
> > either. Given those two
> > things, you'd think that OS distributions wouldn't build
> > everything based on
> > OpenSSL as shared libraries wouldn't you ... funny what
> > people will
Hey there,
I know the original poster already has his code working, but well ... I had
already begun this reply so I'll just press on anyway! This may be of use to
others now (or in the future) if they're trying to implement custom RSA_METHODs
and/or ENGINEs.
On Sun, 25 Mar 2001, Dr S N Henson w
Hi there,
Before I reply - why the cross-posting? There's been a lot of cross-posting
between mod_ssl-users and openssl-users - are there good reasons for it? I can
only assume that subjects fit for both lists at the same time probably involve
people who are on both lists anyway ...
On Wed, 14 F
1 - 100 of 133 matches
Mail list logo
