Re: OpenSSL compression

Marcin, There was recently a discussion about this topic on the openssl-dev mailing list. Try the following URL to retrieve the archived messages. http://marc.theaimsgroup.com/?l=openssl-devw=2r=1s=OpenSSL+and+compressio n+using+ZLIBq=b == Greg Stark [EMAIL PROTECTED]

Re: OpenSSL and compression using ZLIB

I believe that RFC2248 requires this behavior. == Greg Stark [EMAIL PROTECTED] == - Original Message - From: Le Saux, Eric [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 12, 2002 1:13 PM Subject: RE: OpenSSL and compression using

Re: RSA_NO_PADDING

Ryan, -1 doesn't tell us much, does it? Try printing out the error stack with ERR_print_errs_fp(stdout) (http://www.openssl.org/docs/crypto/ERR_print_errors.html#). Are you careful to ensure that the integer pointed to by *from is your modulus? Thanks, == Greg Stark

Re: Re: Safely cancel the key generation?

Legal? I'm not sure what you mean. It certainly can be done within the terms of the OpenSSL license. == Greg Stark [EMAIL PROTECTED] == - Original Message - From: Ray Yang [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 08, 2002

Re: Memory leak

Check the archives. There used to be some known but harmless memory leaks, and maybe a few less than obvious calls (like ERR_free_strings(), ERR_remove_state(0), EVP_cleanup()) you need to make to free some memory that gets magically allocated. == Greg Stark [EMAIL

Re: win32 compile

wincrypt.h comes with the Microsoft VC 6 compiler. == Greg Stark [EMAIL PROTECTED] == - Original Message - From: William Johnston [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 01, 2002 4:31 PM Subject: Re: win32 compile

Re: Question on combining encryption with authentication

True, but if you just want a packet or record format you might look at sections 6.2 and 6.3 of RFC 2246. == Greg Stark [EMAIL PROTECTED] == - Original Message - From: Lutz Jaenicke [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January

Re: installing,compiling openssl for usage in VC ++ 6

Larry, You're correct, all you would normally need is the libraries and the headers to develop your own projects. However, the OpenSSL project does not provide already-built binaries, so you have to build your own. The build process is a bit complex, as it is for almost any project such

Re: your mail

:) == Greg Stark [EMAIL PROTECTED] == - Original Message - From: Michael Sierchio [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 05, 2001 7:59 PM Subject: Re: your mail Gregory Stark wrote: A certificate can have multiple

Re: your mail

A certificate can have multiple common names; many applications support this. You need to be comfortable using the openssl configuration file syntax; here is a short snippet of one showing multiple common names: . . . [ req ] default_bits = 1024 default_keyfile = server_priv.pem default_md =

Re: Problems with pop3s on Outlook Express

As can be seen from your post, the certficate being sent does NOT have pop.commerce.uk.net as the common name (CN) of the Subject: the CN is 'localhost'. It appears to be some kind of canned test certificate and private key, but I'm not familiar enough with UW-IMAP to know if it comes with such

Re: memory allocated by SSL_CTX_new]

This was a known bug in 0.9.6b; I don't know if it is fixed in the current snapshot. Since the amount of memory leaked is small and fixed, correcting the bug was deemed to be low priority. As far as I know, there is no way to free up the memory other than adding your own code to the openssl

Re: RSA key generation: can exponent lengths be specified?

Hmm... 160-bit public exponent ... that is a little strange. It sounds like the requirement for a (relatively weak) Diffie-Hellman exponent, not an RSA exponent. I know of no weaknesses with using any of the small RSA encrypt exponents (such as 3, 17, 65537), as long as the random padding of

Re: memory leaks

There are still a few memory leaks that can't be cleaned up without modifying openssl. It is only a few bytes, but they're real. Tee development team has said they are aware of it (check the archives) but it is a relatively low priority item. == Greg Stark [EMAIL PROTECTED]

Re:

From the BIO_f_cipher() man page: BIO_flush() on an encryption BIO that is being written through is used to signal that no more data is to be encrypted: this is used to flush and possibly pad the final block through the BIO. . ... . NOTES When encrypting BIO_flush() must be called to flush the

Re: Client Authentication??

Al, I'm afraid that while you are technically correct, you might leave the wrong impression. Although, it is true that there is little to *prevent* a user from handing out his private key, there is also no reason for users to do this and applications do not generally make it easy. Also, in this

No Subject

Does anyone know of a commercial CA that will sign with DSA a certificate containing a DH public key? A similar question would be does there exist a commercial CA that will sign PGP DSA/ElGamal public keys? How about a CA that will sign with RSA a certificate containing a DH public key? Greg

Re: OpenSSL and Mac OS and export fun

Rich, Was I there? ;) Greg Stark - Original Message - From: "Rich Salz" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, November 20, 1999 11:56 PM Subject: Re: OpenSSL and Mac OS and export fun | I'm no expert but what you are suggesting sounds like "crypto with a |

Re: What US companies need to know about RSA

I would like to add one more piece to this puzzle. There is one large set of potential U.S. users that can use RSA royalty-free; the U.S. federal government. Here are two references. From the RSA FAQ, section 6.3.1 http://www.rsasecurity.com/rsalabs/faq/6-3-1.html The U.S.