the Government standard).
When the Use FIPS flag is not set, a FIPS capable OpenSSL behaves
just like a not FIPS capable OpenSSL with the same version number,
and neither may be legally used by US government employees and
contractors.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
if that EC DRBG used is compromised, so are
all the random bits.
Besides, I gave up using Intel-promoted hardware crypto when they
removed the firmware hub RNG just after convincing everybody to add
software support for it.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
an AES
channel to share the secret?
Your are wrong, see above.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote
extension in the CSR.
Is this syntax correct:?
add_ext(exts, NID_certificate_policies, 1.3.6.1);
(based on function mkreq() in file
openssl/demos/x509/openssl/demos/x509/mkreq.c)
Thanks
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
to the older version, or,
alternately, specify the older version when generating keys?
Yes, the command is openssl pkcs8 -in pkcs8file.pem -out oldformat.pem
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
-dir=/etc/pki/tls --with-ssl-engine --with-pam
--with-selinux --with-kerberos5=/usr --with-md5-passwords --with-bsd-auth
--with-ipaddr-display --with-4in6
but the still the same problem,so,what should i do?
i'm waiting your answer???thank u
- End forwarded message -
Enjoy
Jakob
--
Jakob
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
== hangs here until I control C==
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej
errors. ;-)
Find some comments inline ..
Regards Tom.
2013/8/1 Jakob Bohm jb-open...@wisemo.com mailto:jb-open...@wisemo.com
GoldBug.sf.net http://GoldBug.sf.nethttp://GoldBug.sf.net- Secure
Instant Messenger
http://goldbug.sourceforge.net/
Please evaluate the OpenSSL implemntation
Any comments
the encrypted envelope.
- Base64 encoding is not necessary, wastes bandwidth and increases
the potential for cryptanalysis against the SSL tunneling, if used.
All in all, I am not impressed.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
the well known key usage as critical ensures that any
software too old to obey the restriction cannot use the certificate
which is good.
Marking your CPS as critical limits use of the certificate to software
specially modified to recognize it.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
On 31-07-2013 11:02, Eisenacher, Patrick wrote:
-Original Message-
From: Jakob Bohm
On 30-07-2013 20:53, Walter H. wrote:
On 30.07.2013 19:51, Eisenacher, Patrick wrote:
In Boolean logic, we have the following possibilities:
- Root is trusted, so the revocation is valid, so the root
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
-DWHIRLPOOL_ASM
OPENSSLDIR: /etc/pki/tls
engines: aesni dynamic
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
On 31-07-2013 16:01, Walter H. wrote:
Eisenacher, Patrick wrote:
-Original Message-
From: Jakob Bohm
On 31-07-2013 11:02, Eisenacher, Patrick wrote:
-Original Message-
From: Jakob Bohm
On 30-07-2013 20:53, Walter H. wrote:
On 30.07.2013 19:51, Eisenacher, Patrick wrote
and only trust of the
key.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
at a company that was perhaps the apotheosis of that)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
need something to
manage expiration of keys
auto-magically.
Java Key Storage is not such a good idea, it is no safer than regular
openssl
private key files. And then there are all those Java security bugs to deal
with.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
as for a CA root cert.
- Where the protocols require/assume the CA cert to be marked with CA:TRUE,
thisshould be ignored solely for the purpose of checking for self-
revocation and self-issuance.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
sign a more precisely
dated revocation CRL and put the OCSP server in all is revoked mode.
Unfortunately, OpenSSL is broken and will apparently ignore all such
emergency messages.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark
On 6/17/2013 5:11 PM, Matt Caswell wrote:
On 17 June 2013 15:17, Jakob Bohm jb-open...@wisemo.com wrote:
IV's should always be random - you should not reuse an IV.
Using the the last block of cipher-text from a previous message as the
IV gives a predictable IV which is insecure in CBC mode
. Nobody bothers to write about that
because they think it is so obvious.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote
to not
use all the pre-issued OCSP certificates at once, hold some of them
back in case the online ones are compromised.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non
On 6/14/2013 11:12 PM, Matt Caswell wrote:
On 14 June 2013 01:55, Jakob Bohm jb-open...@wisemo.com wrote:
On 6/12/2013 11:35 PM, Matt Caswell wrote:
On 12 June 2013 21:15, Jakob Bohm jb-open...@wisemo.com wrote:
As for the DH_check_pub_key() function, checking if pubkey is in the
range
, and
the failure to provide any request indication that a client
implements anything post-RFC2560 (you could be lucky to receive
a redundant algorithm list specifying the defaults from some post
RFC6277 clients).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
On 6/12/2013 11:35 PM, Matt Caswell wrote:
On 12 June 2013 21:15, Jakob Bohm jb-open...@wisemo.com wrote:
As for the DH_check_pub_key() function, checking if pubkey is in the
range two to large prime minus 2, inclusive is an insufficient check
against accepting degenerate keys. For instance
On 6/1/2013 1:13 AM, Matt Caswell wrote:
On 31 May 2013 21:07, Matt Caswell fr...@baggins.org wrote:
On 31 May 2013 16:42, Jakob Bohm jb-open...@wisemo.com wrote:
Interesting, I don't seem to be able to find code that calls dh_check
or equivalent on received DH group parameters
() by simply passing it the option -rand YourEntropyFile.
On Fri, Jun 7, 2013 at 3:38 PM, Jakob Bohm jb-open...@wisemo.com
mailto:jb-open...@wisemo.com wrote:
On 6/6/2013 4:57 AM, srikanth chakravarthula wrote:
Hi I need help in openssl random seed genertion.
We use
command line tool, it would need new options to specify
that key source and provide access to it.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
unknown reason).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
P.S.
I am very familiar with the DH algorithm as such and I am somewhat
surprised that these sanity checks were missing in the official DH
implementation so recently (if the report is true).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
On 5/31/2013 3:41 PM, Matt Caswell wrote:
On 31 May 2013 10:58, Jakob Bohm jb-open...@wisemo.com wrote:
According to a server testing service I have tried, OpenSSL 0.9.8
fails to reject degenerate ephemeral DH keys, while OpenSSL 1.0.0
does this rejection. They do not provide a CVE number
if relocated at load time, this is much
more robust, but I am not sure if the FIPS team had the foresight to
implement this (On all modular platforms that I know, DLLs and kernel
modules are never guaranteed a specific load address, and this is made
worse if ASLR is enabled).
Enjoy
Jakob
--
Jakob Bohm
for the first way, or default to the second way.
Since you have one cert in one PEM file, the fileornull (CAfile)
approach is simplest.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion
is to artificially restrict OpenSSL to algorithms which are
currently approved for use inside the US Government.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non
++ runtime used by the command shell in this
regard.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
-whatever 21 | logger -p local4.info
This redirects both openssl stderr and stdout to stdout then pipes it
to logger which will pass it to syslog.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
MAJOR release: OpenSSL 1.1.0, currently in development.
* The release date is yet to be set.
* The current CVS Source Code State
http://www.openssl.org/source/cvs/
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45
signatures made by the thief.
The same is done if the client loses his right to the certificate
in some other way, e.g. a company employee being fired from the
job position listed in the certificate, or a server being
uninstalled.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
\
-infiles $CERTPATH/http.csr
Does the config file used by your CA say to copy the Alt names
extension from the requests?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message
in latest edition.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
of the ISO 9796 schemes.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
with unresolved reference for
___iob_func .
I am not sure what the problem is .
We have done it a number of times, I am currently repackaging our
patches for general consumption.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
Visual Studio
2005 with little or no problems, and the resulting libs link nicely with
VS2010, but I have not tested building OpenSSL itself on VS2010.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
checking for these
workaround settings, before some major products were updated.
It was quite an ordeal to apply the workarounds in some products
where detailed cipher adjustment was left as a semi-undocumented
complex config file manipulation for experts only.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
subject and public key?
A certificate request is signed by the private key so no, its not
possible.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
documents and
functionality are to be combined in various scenarios tend to
degrade into bureaucracy for bureaucracy's sake.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message
On 5/15/2013 5:26 PM, Viktor Dukhovni wrote:
On Wed, May 15, 2013 at 01:07:23PM +0200, Jakob Bohm wrote:
If the underlying choices need to be configurable, that should
generally not be via the UI, rather via a configuration file of
some sort.
This assumes your users are normal users, not SSL
and -issuer_hash_old options to x509
utility to
output hashes compatible with older versions of OpenSSL.
[Willy Weisz we...@vcpc.univie.ac.at]
For c_rehash, I think -subject_hash_old is the important one.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730
not let either side (or a man in the middle) see
what the other end has.
I am not sure what the OpenSSL user interface for using SRP is, maybe
others can answer that.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13
downloads.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
to test my server. It's a name like another.
What's the problem?
Do you evalute a book from its cover? Or try to (almost) read preface?
Don't you judge without know.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31
On 10-05-2013 21:24, Salz, Rich wrote:
Would there be any interest (and support) from the dev team for
patches that completely remove SSLv2 API’s?
/r$
Already there:
./Configure -no-ssl2
__
OpenSSL Project
)|
139.20.200.42|:443... verbunden.
Program received signal SIGILL, Illegal instruction.
[Switching to Thread 0xb733e700 (LWP 16808)]
0xb7560650 in fips_gcm_ghash_4bit_mmx () from /usr/lib/libcrypto.so.
1.0.0
(gdb)
Please can I solve that problem
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo
)
{
BN_init(Res);
BN_mul(Res,A,B,Ctx);
BN_free_clear(Res);
}
BN_CTX_free(Ctx)
}
The choice between the two styles is a matter of optimization specific
to the compiler you use and the actual variable lifetimes in you
application.
Enjoy
Jakob
--
Jakob Bohm, CIO
to set this in 1.0.1c .?
There is at least one related bug fixed in later 1.0.1 releases, try 1.0.1e
Content Type: Handshake (22)
*Version: TLS 1.2 (0x0303)*
Is this a dump of the output from your 1.0.1c with those options?, looks
like it worked anyway then...
Enjoy
Jakob
--
Jakob Bohm
mixtures of the
original pixel colors.
However because this color mapping is the same throughout the image,
the result will still greatly resemble the original, only with funky
colors.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark
.
Any takers?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
) and/or
google it.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
packet as above ..?
Use OpenSSL library version 1.0.1e or later and pass the option bits:
SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
libraries, so the OpenSSL code goes inside your own application
EXE or Application DLL.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
. I may be mistaken here. Jakobs mail clears
the confusion for me.
Thanks!
Cipher.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
.
# This option is new in Apache mod_ssl 2.2.24
SSLCompression off
if there is no config option, which functions need to be changed to support
only TLSv1.2 in FIPS mode?(If the list is not so long)
any inputs are highly appreciated.
Thanks,
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S
:
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
exit(1);
}
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
this? Any known solutions?
I did note that in 0.9.8 BN_num_bits was a function and now in 1.0.1e
it’s a macro – could it be issue!
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion
and thus most commandline utilities
is intervals of 64 characters, which is usually convenient. I observe
you've broken your lines above at 63 for some reason.)
...
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13
printf(\n);
}
Please correct me if I have gone wrong anywhere ?
Thanks
-Anil
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
) * \
sizeof(_binarycertificates_der_start[0]))
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
the file is
closed...
Kind regards,
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
encodings
you may encounter, thus making your life easier.
From: Jakob Bohm jb-open...@wisemo.com
To: openssl-users@openssl.org,
Date: 04/04/2013 11:02 PM
Subject:Re: Using openssl for AS2 [I]
On 4/4
the openssl library to
new version?
Yes it was a bug.
No, 1.0.1 to 1.0.1d contain known security holes in the SSL code and
should not be used for SSL operations, which is the reason why 1.0.1e
was released at all.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
?
Just filter the result through a simple script that removes those
headers and decodes the Content-Transfer-Encoding.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non
BIO_new_mem_buf(key,len_or_neg1);
EVP_PKEY* pkey=PEM_read_bio_PUBKEY(mem,NULL,NULL,NULL);
Or PEM_read_bio_RSA_PUBKEY to downcast to RSA*, which you can
also do separately, but EVP is generally preferable.
snip
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej
On 31-03-2013 08:49, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Thursday, 28 March, 2013 20:53
Look up the documentation of the following OpenSSL functions
(Yes this
is a bit roundabout for encoding a single string, but this is all
OpenSSL exposes
wrote:
Encrypted data is not a text string, it is an array of binary
octets. You will have to do something like base64 encode/decode
when treating it as a text string.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
the major
differences between versions 0.9.8 and 1.0.x?
Now that 0.9.8 may not live for long, planning to move to 1.0.x
versions.
Are they API compatible? Any other restrictions?
Thank You in advance.
--Gopu
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29
://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10
call:+4531131610
This message is only for its
:44 PM, Jakob Bohm wrote:
You can also read the detailed list in the file CHANGES in the OpenSSL
source code download, that file lists the changes, version by version
going back several versions. However the file in the latest 1.0.x
archive
does not list which fixes were made to 0.9.8 after work
: with -noattr or without -noattr
what went wrong?
can someone please help me?
Thanks,
Walter
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
until after manipulation
by the client.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
are from the exact same version of
OpenSSL as the libssl you are linking to.
2. The definition was recently changed so you may now need to
explicitly pass the SSL_OP_NO_TLSv1_2 flag too.
For a longer explanation, read the file CHANGES in the OpenSSL
source code.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
.
On 19-03-2013 21:41, Walter H. wrote:
Hi,
thanks for your infos
can you please tell me, where I can find your postings to this topic,
you made in the past?
On 19.03.2013 20:07, Jakob Bohm wrote:
Won't work (as you saw), this function doesn't take the actual
ContentInfo structure as input
mentioned depends on the exact text of the official OpenSSL FIPS
documents that were part of the validation of the official
FIPSCANISTER, so read them carefully.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13
message)
However this appears to run fine :
node002 $ openssl version
OpenSSL 1.0.1e 11 Feb 2013
(Just like it did under truss!)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
up doing local compiles of both OpenSSL 1.0.1e and the web server code
to get #3 right.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
the reception of the message.
This is a new behavior from version 1.0.1-e 1.0.1-d was which sending
ClientHello v3.2 are fine.
How to reproduce:
openssl s_client -connect aur.archlinux.org:443
http://aur.archlinux.org:443
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
number of CPU cycles to process a given number
of encrypted bytes, regardless of the recovered length or decryption
failures).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message
of
CertificateRequest.supported_signature_algorithms which is
compatible with the chosen client certificate.
THE RECOMMENDED BEHAVIOR is to use the strongest such element,
but without choosing something impossible.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
compatible
with the ARMv4 architecture, provided you use interworking stubs to
call from thumb code to non-thumb ARM code. This is done by setting a
few gcc options.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16
On 2/25/2013 4:26 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Friday, 22 February, 2013 05:06
On 2/21/2013 11:12 AM, Mozes, Rachel wrote:
[other reports say issue]
affects just The TLS protocol *_1.1 and 1.2_ *and the DTLS
protocol 1.0
On 2/25/2013 4:26 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Friday, 22 February, 2013 06:03
On 2/21/2013 2:29 PM, ashish2881 wrote:
I have a certificate chain in a file chain.pem .it also has root
certificate(self signed) .
How can i verify
operations available via a PKCS#11 or Microsoft
CryptoAPI driver. There is also documentation for writing your own
engine if none of the available engines are good enough.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31
attack, and specifically praises the OpenSSL
fix for being even better than their own demonstration code for
the countermeasures.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message
-CAfile root-chain.pem cert1.pem
And the second round would be
Unix: cat cert1.pem root.pem cert1-chain.pem
Windows: copy /A cert1.pem+root.pem cert1-chain.pem
Both: openssl verify -CAfile cert1-chain.pem cert2.pem
Etc.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
at
http://www.openssl.org/~bodo/tls-cbc.txt
However that document seems to be missing.
Would you mind restoring the document, even if you are not otherwise
allowing Mr. Moeller to host stuff on www.openssl.org?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
attacked with replays of
client packets, amongst other benefits.
Client random protects the client from being attacked with replays of
server packets, amongst other benefits.
Simple, really.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
701 - 800 of 1144 matches
Mail list logo
