Marcin,
There was recently a discussion about this topic on the openssl-dev
mailing list. Try the following URL to retrieve the archived messages.
http://marc.theaimsgroup.com/?l=openssl-devw=2r=1s=OpenSSL+and+compressio
n+using+ZLIBq=b
==
Greg Stark
[EMAIL PROTECTED]
I believe that RFC2248 requires this behavior.
==
Greg Stark
[EMAIL PROTECTED]
==
- Original Message -
From: Le Saux, Eric [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 12, 2002 1:13 PM
Subject: RE: OpenSSL and compression using
Ryan,
-1 doesn't tell us much, does it? Try printing out the error stack with
ERR_print_errs_fp(stdout)
(http://www.openssl.org/docs/crypto/ERR_print_errors.html#). Are you careful
to ensure that the integer pointed to by *from is your modulus?
Thanks,
==
Greg Stark
Legal? I'm not sure what you mean. It certainly can be done within the terms
of the OpenSSL license.
==
Greg Stark
[EMAIL PROTECTED]
==
- Original Message -
From: Ray Yang [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, February 08, 2002
Check the archives. There used to be some known but harmless memory leaks,
and maybe a few less than obvious calls (like ERR_free_strings(),
ERR_remove_state(0), EVP_cleanup()) you need to make to free some memory
that gets magically allocated.
==
Greg Stark
[EMAIL
wincrypt.h comes with the Microsoft VC 6 compiler.
==
Greg Stark
[EMAIL PROTECTED]
==
- Original Message -
From: William Johnston [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, February 01, 2002 4:31 PM
Subject: Re: win32 compile
True, but if you just want a packet or record format you might look at
sections 6.2 and 6.3 of RFC 2246.
==
Greg Stark
[EMAIL PROTECTED]
==
- Original Message -
From: Lutz Jaenicke [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, January
Larry,
You're correct, all you would normally need is the libraries and the
headers to develop your own projects. However, the OpenSSL project does not
provide already-built binaries, so you have to build your own.
The build process is a bit complex, as it is for almost any project such
:)
==
Greg Stark
[EMAIL PROTECTED]
==
- Original Message -
From: Michael Sierchio [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 05, 2001 7:59 PM
Subject: Re: your mail
Gregory Stark wrote:
A certificate can have multiple
A certificate can have multiple common names; many applications support
this. You need to be comfortable using the openssl configuration file
syntax; here is a short snippet of one showing multiple common names:
.
.
.
[ req ]
default_bits = 1024
default_keyfile = server_priv.pem
default_md =
As can be seen from your post, the certficate being sent does NOT have
pop.commerce.uk.net as the common name (CN) of the Subject: the CN is
'localhost'.
It appears to be some kind of canned test certificate and private key, but
I'm not familiar enough with UW-IMAP to know if it comes with such
This was a known bug in 0.9.6b; I don't know if it is fixed in the current
snapshot. Since the amount of memory leaked is small and fixed, correcting
the bug was deemed to be low priority. As far as I know, there is no way to
free up the memory other than adding your own code to the openssl
Hmm... 160-bit public exponent ... that is a little strange. It sounds like
the requirement for a (relatively weak) Diffie-Hellman exponent, not an RSA
exponent. I know of no weaknesses with using any of the small RSA encrypt
exponents (such as
3, 17, 65537), as long as the random padding of
There are still a few memory leaks that can't be cleaned up without
modifying openssl. It is only a few bytes, but they're real. Tee development
team has said they are aware of it (check the archives) but it is a
relatively low priority item.
==
Greg Stark
[EMAIL PROTECTED]
From the BIO_f_cipher() man page:
BIO_flush() on an encryption BIO that is being written through is used to
signal that no more data is to be encrypted: this is used to flush and
possibly pad the final block through the BIO.
.
...
.
NOTES
When encrypting BIO_flush() must be called to flush the
Al,
I'm afraid that while you are technically correct, you might leave the wrong
impression. Although, it is true that there is little to *prevent* a user
from handing out his private key, there is also no reason for users to do
this and applications do not generally make it easy. Also, in this
Does anyone know of a commercial CA that will sign
with DSA a certificate containing a DH public key?
A similar question would be does there exist a commercial
CA that will sign PGP DSA/ElGamal public keys?
How about a CA that will sign with RSA a certificate
containing a DH public key?
Greg
Rich,
Was I there? ;)
Greg Stark
- Original Message -
From: "Rich Salz" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, November 20, 1999 11:56 PM
Subject: Re: OpenSSL and Mac OS and export fun
| I'm no expert but what you are suggesting sounds like "crypto with a
|
I would like to add one more piece to this puzzle. There is one
large set of potential U.S. users that can use RSA royalty-free; the
U.S. federal government.
Here are two references.
From the RSA FAQ, section 6.3.1
http://www.rsasecurity.com/rsalabs/faq/6-3-1.html
The U.S.
19 matches
Mail list logo