tual decision to use
libmcrypt, libcrypto or any other library would probably be
up to the maintainer of that lower system layer.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion me
On 20/06/2018 23:07, Viktor Dukhovni wrote:
On Jun 20, 2018, at 3:44 PM, Jakob Bohm wrote:
I believe there is a fundamental concern, impossible to handle sanely
at the CA policy level, that a CA may reasonably have certificate
hierarchies targeting people with different maximum security
or otherwise become viable.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedde
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
dstone 4
Thus your 1.1.0 build runs on NT6.02 but not NT6.01, possibly due to
references to NT6.02-only APIs
Any suggestion on getting this to work on Windows 7?
Has anyone else encountered this issue?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transform
nSSL 0.9.8 forwarded those calls to the
old FIPS validated implementation or just left the non-FIPS implementation
available by accident.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussi
" of an algorithm according to
table
2 in this doc:
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-57pt1r4.pdf
<https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-57pt1r4.pdf>
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wis
locally.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl
opy out of various less-than-predictable hardware and OS states is
what *all* non-hardware entropy gatherers ultimately do, from the Linux
kernel's /dev/random mechanisms to haveged to what-have-you.
Regards,
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej
are.
Also note that unless a special setting is included (I forget where),
the openssl ca database will be in a different (older) format that
only remembers the most recently issued certificate for a given
subject distinguished name.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A
should you set up a way to use SSLv3 on your web server.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
anium processors (supported only
on Windows Server 2008 and 2008 R2, with some historic support on old
versions of Windows Server 2003 and Windows XP).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This p
IO interface if the
application already has its own library for that (as many, but not all,
network applications are likely to anyway).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion
rocess dedicated to doing
encryption/decryption, thus completely shielding the keys (long term and
short term) from any vulnerabilities in the data handling process.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13
/share/ca-certificates/
are trusted unconditionally, no questions asked. Due to bugs, you may
have to run the command twice, with the same selections.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
:
First allocate an empty STACK_OF X509 certificates
Then loop over your in-memory CA certificates, passing each to d2i_X509,
then adding the resulting X509 object to the stack.
Finally pass that stack as the CA collection to an appropriate SSL_CTX
function.
Enjoy
Jakob
--
Jakob Bohm, CIO
pted private key could be kept without decrypting the private
key, the password for the private key is still needed to encrypt
the certificates with the same password.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 3
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
://mta.openssl.org/mailman/listinfo/openssl-users
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management fo
the normal memcmp() is wrong
because it will reply quicker if the first byte(s) are wrong than
if they are right). The OpenSSL provides the a function
CRYPTO_memcmp() that is good for this job.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg
cannot use SSL_CTX_set_tmp_dh as this api is used for ephemeral Diffie
Hellman key exchange.
Please let me know where I am going wrong. I need to enable static DH in my
application.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søbor
iles (similar to GNU "cp --preserve=timestamps" ).
This sometimes confuses build systems that assume file timestamps
get updated when a file is copied into a build directory.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, De
der of occurrence and direction of
transmission)?
Can you see what the "packets" are?
For example, are they TLS alert messages?
Are they TLS HelloRequest messages?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmar
keyout server.key
-out server.pem -subj /CN=computer.example.com/O=test/C=US
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo -
On 19/12/2017 02:10, Colony.three via openssl-users wrote:
On 18/12/2017 22:35, Colony.three via openssl-users wrote:
PS, Jakob I'm getting on your email: "This email has failed its
domain's authentication requirements. It may be spoofed or improperly
forwarded!"
The reason
e the full headers, so I can debug?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for P
if other things go wrong first, upgrade when ready as
a defense in depth.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo
nSSL users will be in the same legal situation,
and lawyers opinions on patent matters are frequently found by courts
to be wrong anyway.
Saying "in the distribution and website" is also quite vague and
thus another example of a non-answer.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. ht
e absurd.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-us
invocation
of the regular OpenSSL ECC code in other scenarios, if so when and which.
- Does CC/BB demand or not an additional patent license for use of the
regular OpenSSL ECC code for curves and or algorithms not standardized
in the NIST FIPS documents?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A
ntents daily or weekly (overwriting the old parameters only after
the new ones are ready). The exim mail server does this if you
follow the instructions.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13
s is still OpenSSL that the world has
known and loved for 20 years, or just some expensive imitation.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and m
and those are used in the CE procedure).
Regression testing is desired as I have done some fairly extensive
patching to make the library code build for the targets.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 3
Cert_Class_1_VA.pem .
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
ST=California,
C=US/emailAddress=charl...@mcn.org, O=CZAGENT_Nov2017
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
While we’re at it, why doesn’t my –days 3650 seem to have any effect?
Thanks!
/Charles /
Enjoy
J
ructures
is internal to the inline implementation, not part of the interface.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remot
like it is debug output. Did you by any chance
configure or run curl with options to print lots of debug traces?
Perhaps such an option is causing something to print each trusted CA cert
as it is loaded into memory or checked.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://ww
from my host machine)
Please clarify:
- Is it being output to the network or to the terminal window where
curl is used?
- Is it being output as shown (Base64 text with ending "=" signs and
a newline after each cert) or is it being output in another form
that you just describe
Identifier,
maskGenAlgorithm mgf1SHA512Identifier,
saltLength 20,
trailerField 1 }
-- Note: The saltLength should be 64, not 20, for
-- rSSASSA-PSS-SHA512-param, see RFC4055 section 3.1
Enjoy
Jakob
--
Jakob Bohm, CI
, contrary to what would
have been best security practice without this firmware bug.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo
.
The x25519 public key has no certificate, it is randomly
generated for each connection and signed with the RSA key
from the certificate.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion
att
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mail
e appropriate level
in the
> API so that we support it for the connections. Kindly provide
your comments.
You can set the security level via the cipher string using the special
cipher string command "@SECLEVEL". For example to set all default
ciphersuites at secu
On 09/10/2017 16:43, Thomas J. Hruska wrote:
On 10/9/2017 7:29 AM, Jakob Bohm wrote:
I suggest you find a good authoritative source for your claim
that select() should not be used with blocking sockets.
http://man7.org/linux/man-pages/man2/select.2.html
Section BUGS:
"Under Linux, s
sockets.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users
nother
algorithm that isn't used by many people yet to a FIPS module that is only
used by the OpenSSL 1.0.x library that they are trying to discontinue.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This
the engine code doesn't need to know or care about where that is.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Se
feature.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users
clearing SSL_MODE_SEND_FALLBACK_SCSV (in a program),
or (not) using the -fallback_scsv option to s_client?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
ES(128)
Mac=SHA1
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
Enc=AESGCM(256) Mac=AEAD
but, after SSL_CTX_set_cipher_list(ctx,
"RSA:ALL:!COMPLEMENTOFDEFAULT:!eNULL") in my application, it
didn't work, the first choice is still ECDHE-RSA-AES256-GCM-SHA
central non-https OCSP responders is one
of the few attacks that will reveal this without wiretapping the
actual connection.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion messa
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users
before 1.0.2 initial
release.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
rejects all such certificate chains.
Why?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
Also nice would be index.txt in SQL.
Bob
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for P
make install
Now debug the program in openssl-1.something-x86_64/bin/openssl
(Sorry, I don't know how to tell XCode to debug a program already
compiled with the XCode command line clang)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søbo
On 07/09/2017 07:58, "Georg Höllrigl" wrote:
*Gesendet:* Mittwoch, 06. September 2017 um 18:06 Uhr
*Von:* "Jakob Bohm" <jb-open...@wisemo.com>
*An:* openssl-users@openssl.org
*Betreff:* Re: [openssl-users] openssl -check
On 06/09/2017 16:18, "Georg Höllrigl&qu
"ecu" (has crl and ocsp, plus different
settings again), etc. etc.
Very different certificate purposes should ideally have their own
SubCA's that can be managed differently, and have the CA cert
restricted.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisem
joy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users ma
r is 367 days, divide equally among 12 months, restart about 20
days before spring equinox, use a historic rounding rule represented
by Y. Of cause with Roman numerals, they would have used (month - 2)).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29
de are run.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-
prevent use of DER for a file, it can be converted
on the fly, storing the converted file in RAM (using tmpfs or similar).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message
between code size (to do the conversion) and data size (to store the
certificate).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo
e to find the one that has ENV in
it. I DO have an example of one such to use...
Given all these problems with the Distinguished Name prompting
mechanism, just add the -subject option to the req command line
(using appropriate environment variables in the shell script).
Enjoy
Jakob
--
Jakob Bohm, CI
t FOREMAIL=m...@example.com
export FORUSER="Moe Madman"
export CERTFN=moe
openssl req -config /etc/cacfg/ca2017-mail.conf -newkey rsa:3072 -keyout
${CERTFN}.key -out ${CERTFN}.csr
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860
r
program).
I would recommend to also implement traditional CRLs, since for
smaller CAs
it is a better solution for browsers and servers that support it.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 3
On 14/08/2017 21:38, Robert Moskowitz wrote:
On 08/14/2017 03:28 PM, Jakob Bohm wrote:
On 14/08/2017 20:55, Robert Moskowitz wrote:
On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote:
➢ Is there anyway to display the basic ASN.1 structure here so I can
see
what was stored
. However it requires that
you convert from Base64 to binary before calling it.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo
On 02/08/2017 09:47, Jeffrey Walton wrote:
On Wed, Aug 2, 2017 at 12:38 AM, Jakob Bohm <jb-open...@wisemo.com> wrote:
On 02/08/2017 04:21, Jeffrey Walton wrote:
I'm trying to extract the low-order byte or word from a BIGNUM in
OpenSSL 1.1. We were told to use BN_bn2binpad, but its not
you *all* the bytes
in the number in a buffer of you own. You can then extract the
bytes from there.
If you care mostly about the least significant bytes, using
BN_bn2lebinpad may be easier than BN_bn2binpad, as the least
significant bytes will be first, not last, in the result.
Enjoy
Jakob
--
Jako
joy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users ma
there is no default other than what the application
(in this case OpenVPN) sets.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote
the resulting
program/dll to make sure there are no other C runtime differences
causing trouble.
P.S.
I kind of wonder what in the fips canister uses wcsstr(), but since
that cannot be changed while retaining the FIPS validation status,
that's just curiousness.
Enjoy
Jakob
--
Jakob Bohm, CIO, P
OpenSSL version loaded elsewhere in the process?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Mana
in depth. Of cause
adding this in OpenSSL itself would have to be configurable for
situations partially outside the public trust environment, such
as talking to IoT devices with old crypto libraries and
rechecking/decrypting S/MIME mails received years ago.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo
On 12/07/2017 07:23, Viktor Dukhovni wrote:
On Wed, Jul 12, 2017 at 02:02:31AM +0200, Jakob Bohm wrote:
I don't think a state is really needed for this, if the callback
simply checks if the certificate is in the loaded trust collection,
and/or if it is self-signed (depending
the certificate is in the loaded trust collection,
and/or if it is self-signed (depending on the application's chosen
root CA trust model).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussio
) for the different versions are not on the same
machines, only the compiled binaries.
For this simplified scenario (only one set of headers etc. per system),
self-compiled OpenSSL simply goes in /usr/local with no use of Rpath.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https
On 08/06/2017 20:26, Ludwig, Mark wrote:
From: Jakob Bohm, Thursday, June 08, 2017 12:32 PM
On 08/06/2017 18:48, Baojun Wang wrote:
Also on Windows (64-bit), openssl produces libssl-1_1-x64.dll as well
as libcrypto-1_1-x64.dll, this could be painful for application who
has to specify openssl
bit, Itanium, AMD x86_64, 64 bit ARM).
Microsoft did some crazy experiments with a directory scheme
called SxS for versioned DLLs, its badly done and should be
avoided if possible.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.
5 SomeCity, ST=SomeState, C=US)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones an
hole point of the versioned .so file names.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for P
r the 102l build. Is there an additional,
specific flag required to enable the higher bit-depth digests for v102l that I've missed.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion mess
compiled against version 1.0.1t headers), then you may also need a
special SO name or RPATH to link locally compiled software against the
latest 1.0.x release, rather than 1.0.1 .
RPATH support is nice for corner cases, but it should not be the
default, ever.
Enjoy
Jakob
--
Jakob Bohm, CIO
. And the LetsEncrypt code is open source.
I think he wants the server side, and maybe not for DV certs.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
openssl cms/gpgsm compute the sha256sum differently in the detached case.
Is there a hidden flag to make either tool behave like the other?
Look at the documentation of the openssl cms "-inform SMIME",
"-outform SMIME" and "-binary" options.
Enjoy
Jakob
--
Jakob
3 ECDH-ECDSA-DES-CBC3-SHA
192.18 ECDHE-RSA-DES-CBC3-SHA
192.8 ECDHE-ECDSA-DES-CBC3-SHA
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and
that N processes, and understand why this should be a FAQ.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
the branch you're adminning from.
(*) Of course, there *are* other techniques to work around the problem,
but.)
Not as much "defeat", as setting the relevant option by adding the
following command during CA (and SubCA) setup:
echo "unique_subject = no" > ${CADIR}/db/index.a
sing a key based on a
password.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones an
I specify this username and password when using
SSL_connect()?
You don't. That stuff is at the protocol level about TLS/SSL.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussio
related function as a list of untrusted additional certificates,
which the certificate verification code can search for needed
intermediate certificates.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
e abort flag.
Similarly if the protocol is waiting for a handshake record from the
other end,
it would continue that wait, then abort just before processing either a
received
handshake or a protocol error (such as lost connection).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.w
: To make the "SSL_shutdown" call "just work"
from an application perspective, and to minimize security exposure
after the call has been made (e.g. in case some application level
code decides the other end is probably malicious).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseM
nsmissions.
In other words, returning appropriate errors/alerts to the other end
according to the handshake step.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-bindi
rrent TLS versions handle padding and IV management, not
issues with CBC itself.
Also note that GCM is very much a "marginal" design, operating at the
very edge of what is safe to do and furthermore putting all the
cryptographic "eggs" in one basket (AES and GF-2^n arithmetic).
w do i use the available openssl source code
which is present in C language to implement the OCSP responder function.
Please help me with this as i am very new to openssl and OCSP concepts.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søbor
is approach
I feel like verifying the signature would be a big challenge. Any
ideas on how I can tackle these problems?
--
Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10
<tel:+4531131610>
This mess
penSSL is doing.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedd
On 21/03/2017 16:06, Steve Marquess wrote:
On 03/21/2017 10:17 AM, Jakob Bohm wrote:
On 21/03/2017 14:02, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of William A Rowe Jr
Sent: Monday, March 20, 2017 20:59
To: openssl-users@openssl.org
Subject
201 - 300 of 1144 matches
Mail list logo