On 27-02-2013 23:54, John Unsworth wrote:
I have a Windows CA that has created a sha256RSA CA cert and server cert.
However OpenSSL fails to validate them.
C:\MetaAndDirectory\certsopenssl verify -verbose -CAfile win2k8r2-ca.cer
win2k8r2-server.cer
win2k8r2-server.cer:
On 18-01-2013 20:26, Jeffrey Walton wrote:
On Fri, Jan 18, 2013 at 11:01 AM, Memmott, Lester
lester.memm...@landesk.com wrote:
All modern Versions of Microsoft's C Runtime are thread safe. That occurred
around Visual Studio 6.0 (circa 2000 or so).
From
On 30-12-2012 21:01, Jeffrey Walton wrote:
Hi All,
While working on Apple with Mac OS X and iOS, I found I needed to
patch OpenSSL 1.0.1c's Makefile.
Makefile.org has the following line, and it was copied directly into
Makefile by Configure:
MAKEDEPPROG=makedepend
When the Configure
On 30-12-2012 21:34, Jeffrey Walton wrote:
On Sun, Dec 30, 2012 at 3:20 PM, jb-open...@wisemo.com wrote:
On 30-12-2012 21:01, Jeffrey Walton wrote:
Hi All,
While working on Apple with Mac OS X and iOS, I found I needed to
patch OpenSSL 1.0.1c's Makefile.
Makefile.org has the following line,
On 31-12-2012 00:14, jb-open...@wisemo.com wrote:
On 30-12-2012 21:34, Jeffrey Walton wrote:
On Sun, Dec 30, 2012 at 3:20 PM, jb-open...@wisemo.com wrote:
On 30-12-2012 21:01, Jeffrey Walton wrote:
Hi All,
While working on Apple with Mac OS X and iOS, I found I needed to
patch OpenSSL
On 16-11-2012 19:57, Jeffrey Walton wrote:
Hi Jacob,
On Fri, Nov 16, 2012 at 1:22 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 11/16/2012 3:36 AM, Jeffrey Walton wrote:
...
Headless servers, entropy starvation, and rollbacks are a concern in
modern environments. OpenSSL and other entropy
On 02-11-2012 21:46, Jeffrey Walton wrote:
On Fri, Nov 2, 2012 at 4:30 PM, Jakob Bohm jb-open...@wisemo.com wrote:
(continuing TOFU posting to keep the thread somewhat consistent)
Given some of the mathematical restrictions on parameters needed to
keep DSA and ECDSA safe from attackers, I
On 24-09-2012 22:34, Alex Chen wrote:
I remember seeing somewhere that OpenSSL supports Intel AES instruction set.
If so, which release is that and what flag is needed to enable it.
Does the 'no-asm' flag in 'Configure' disable the use of these instructions?
Please start a new thread for your
On 18-08-2012 17:06, Jeffrey Walton wrote:
On Fri, Aug 17, 2012 at 5:19 PM, Cassie Helms cassie.he...@hp.com wrote:
Actually, my real question was, where can I see a list of bugs that are
already reported for openssl, so I can anticipate certain openssl
functions failing? I wish I could
On 19-08-2012 15:05, CharlesTSR wrote:
On Sat, Aug 18, 2012, Charles Mills wrote:
snip
There is no prompt option but you can use the $ENV syntax to expand an
environment variable and use that on the command line.
Thanks.
I apologize -- I freely admit I have not RTFM. Where IS the top level
Use the 3rd option suggested by McAfee, it is better than their first
two options.
The 3rd option is to configure the ciphersuite used by the server to
not include any Diffie-Hellman key exchanges until your choice of
distribution includes OpenSSL 1.0.1 with the new FIPS module.
On
On 20-06-2012 22:06, Gerald L Collins wrote:
John,
Your Openssl package should have a manifest file with the same name
as the executable with a .manifest extension. I.E. openssl.exe would
have openssl.exe.manifest . In that manifest file it tells you what
version of libraries it is
Of cause you shouldn't write your own OCSP code. OCSP is already part of
the OpenSSL library and the file apps/ocsp.c shows how to use it.
Alexander Konyagin's patch from 12 days ago doesn't seem to have been
reviewed or commented by anybody else, so I am not sure if it is because
he also
On 13-05-2012 04:09, Web Developer wrote:
Hey guys,
I need to generate random data (for keys, IVs etc.) but I can't seem
to find the right way to do it.
Here is the background -
I am developing my server in c/c++ on windows using visual studio and
am using the openssl1.0.1c library.
I was
On 30-04-2012 17:40, Roberto Corrado wrote:
Good evening, I have a some problem with openssl {v,w} and cpu via
Nehemiah, the version t work fine.
root@gatto:/tmp# gdb -c core /usr/bin/openssl
GNU gdb (GDB) 7.4
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3
On 26-04-2012 15:05, Thomas J. Hruska wrote:
On 4/26/2012 5:10 AM, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1b released
===
Heads up warning: This archive under 7-Zip 9.20 (latest
stable) displays a There
(Adding some supplemental information I found after sending)
On 27-04-2012 01:36, jb-open...@wisemo.com wrote:
On 26-04-2012 15:05, Thomas J. Hruska wrote:
On 4/26/2012 5:10 AM, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1b released
On 06-04-2012 01:12, Jeffrey Walton wrote:
On Thu, Apr 5, 2012 at 6:58 PM, Jeffrey Waltonnoloa...@gmail.com wrote:
On Thu, Apr 5, 2012 at 6:06 PM, Jakob Bohmjb-open...@wisemo.com wrote:
On 4/5/2012 9:01 PM, Jeffrey Walton wrote:
[SNIP]
The following list of permission bits are most (not
General hint:
seg-faults in malloc(), free(), realloc() etc. are usually caused by earlier
corruption of the heap. Looking at the stack at the time of crash is
rarely successful.
A better hint is to link to a special debug variant of malloc(), which is
specifically designed to report the exact
Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld
specific
option to do this in manually written Makefiles.
My replies below are about how to achieve this without GNU specific options
and without having to edit the Configure and Makefiles. These answers do
not apply to
It could be that (undetailed) step obtain parameters from hardware
and/or other
indirect hardware calls caused by your OpenSSL calls makes the hardware
think the
key is now spent and can/must be deleted.
Hardware crypto is often designed to protect keys much more strictly
than software
On 08-12-2011 19:46, Gaiseric Vandal wrote:
I am using Openssl 1.0.0a (on Solaris 10) as a basic CA. I use this
to sign SSL certificates for various internal servers (web, e-mail
etc.) I recently used the openssl ca command to renew the CA's
machine own public certificate. The
For authenticated encryption speed on a typical general purpose processor
(such as Atom), I would suggest AES-128 in GCM (Galois Counter Mode),
this does one 12-round AES per 16 bytes, plus one extra per message, with
no additional hashing algorithm use.
I don't know if that mode is in TLS, or
On 01-10-2011 04:14, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Friday, 30 September, 2011 13:27
On 9/30/2011 5:04 PM, michael lush wrote:
On Fri, Sep 30, 2011 at 3:07 PM, Jakob
Bohmjb-open...@wisemo.com wrote:
snip
Linkable shared libraries
Because the attributes mentioned are only meaningful if covered by the
digital signature on the certificate, it cannot change in any format
conversion
that keeps the certificate valid.
The true format of certificates is binary BER encoded X.509.
A .cer file is simply that structure directly.
On 01-09-2011 21:51, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Thursday, 01 September, 2011 13:44
req_extensions will put the names in a CSR (signing request)
file when running the req command.
x509_extensions will put the names in the actual
26 matches
Mail list logo