On 27-02-2013 23:54, John Unsworth wrote:
I have a Windows CA that has created a sha256RSA CA cert and server cert.
However OpenSSL fails to validate them.
C:\MetaAndDirectory\certs>openssl verify -verbose -CAfile win2k8r2-ca.cer
win2k8r2-server.cer
win2k8r2-server.cer: /DC=net/DC=cp/DC=macc/CN=
On 18-01-2013 20:26, Jeffrey Walton wrote:
On Fri, Jan 18, 2013 at 11:01 AM, Memmott, Lester
wrote:
All modern Versions of Microsoft's C Runtime are thread safe. That occurred
around Visual Studio 6.0 (circa 2000 or so).
>From http://msdn.microsoft.com/en-us/library/abx4dbyh.aspx: "The
singl
On 31-12-2012 00:14, jb-open...@wisemo.com wrote:
On 30-12-2012 21:34, Jeffrey Walton wrote:
On Sun, Dec 30, 2012 at 3:20 PM, wrote:
On 30-12-2012 21:01, Jeffrey Walton wrote:
Hi All,
While working on Apple with Mac OS X and iOS, I found I needed to
patch OpenSSL 1.0.1c's Makefile.
Makefil
On 30-12-2012 21:34, Jeffrey Walton wrote:
On Sun, Dec 30, 2012 at 3:20 PM, wrote:
On 30-12-2012 21:01, Jeffrey Walton wrote:
Hi All,
While working on Apple with Mac OS X and iOS, I found I needed to
patch OpenSSL 1.0.1c's Makefile.
Makefile.org has the following line, and it was copied dir
On 30-12-2012 21:01, Jeffrey Walton wrote:
Hi All,
While working on Apple with Mac OS X and iOS, I found I needed to
patch OpenSSL 1.0.1c's Makefile.
Makefile.org has the following line, and it was copied directly into
Makefile by Configure:
MAKEDEPPROG=makedepend
When the Configure targ
On 16-11-2012 19:57, Jeffrey Walton wrote:
Hi Jacob,
On Fri, Nov 16, 2012 at 1:22 PM, Jakob Bohm wrote:
On 11/16/2012 3:36 AM, Jeffrey Walton wrote:
...
Headless servers, entropy starvation, and rollbacks are a concern in
modern environments. OpenSSL and other entropy gathers, such as EDG,
don
On 02-11-2012 21:46, Jeffrey Walton wrote:
On Fri, Nov 2, 2012 at 4:30 PM, Jakob Bohm wrote:
(continuing TOFU posting to keep the thread somewhat consistent)
Given some of the mathematical restrictions on parameters needed to
keep DSA and ECDSA safe from attackers, I don't think using the same
On 24-09-2012 22:34, Alex Chen wrote:
I remember seeing somewhere that OpenSSL supports Intel AES instruction set.
If so, which release is that and what flag is needed to enable it.
Does the 'no-asm' flag in 'Configure' disable the use of these instructions?
Please start a new thread for your
On 19-08-2012 15:05, CharlesTSR wrote:
On Sat, Aug 18, 2012, Charles Mills wrote:
There is no prompt option but you can use the $ENV syntax to expand an
environment variable and use that on the command line.
Thanks.
I apologize -- I freely admit I have not RTFM. Where IS the top level
docume
On 18-08-2012 17:06, Jeffrey Walton wrote:
On Fri, Aug 17, 2012 at 5:19 PM, Cassie Helms wrote:
Actually, my real question was, where can I see a list of bugs that are
already reported for openssl, so I can anticipate certain openssl
functions failing? I wish I could contribute more to the sour
Use the 3rd option suggested by McAfee, it is better than their first
two options.
The 3rd option is to "configure the ciphersuite used by the server to
not include any Diffie-Hellman key exchanges" until your choice of
distribution includes OpenSSL 1.0.1 with the new FIPS module.
On 08-07-2
Of cause you shouldn't write your own OCSP code. OCSP is already part of
the OpenSSL library and the file apps/ocsp.c shows how to use it.
Alexander Konyagin's patch from 12 days ago doesn't seem to have been
reviewed or commented by anybody else, so I am not sure if it is because
he also posted
On 20-06-2012 22:06, Gerald L Collins wrote:
John,
Your Openssl package should have a manifest file with the same name
as the executable with a .manifest extension. I.E. openssl.exe would
have openssl.exe.manifest . In that manifest file it tells you what
version of libraries it is looki
On 13-05-2012 04:09, Web Developer wrote:
Hey guys,
I need to generate random data (for keys, IVs etc.) but I can't seem
to find the right way to do it.
Here is the background -
I am developing my server in c/c++ on windows using visual studio and
am using the openssl1.0.1c library.
I was
On 30-04-2012 17:40, Roberto Corrado wrote:
Good evening, I have a some problem with openssl {v,w} and cpu via
Nehemiah, the version t work fine.
root@gatto:/tmp# gdb -c core /usr/bin/openssl
GNU gdb (GDB) 7.4
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or
(Adding some supplemental information I found after sending)
On 27-04-2012 01:36, jb-open...@wisemo.com wrote:
On 26-04-2012 15:05, Thomas J. Hruska wrote:
On 4/26/2012 5:10 AM, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1b released
On 26-04-2012 15:05, Thomas J. Hruska wrote:
On 4/26/2012 5:10 AM, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1b released
===
Heads up warning: This archive under 7-Zip 9.20 (latest
stable) displays a "There ar
On 06-04-2012 01:12, Jeffrey Walton wrote:
On Thu, Apr 5, 2012 at 6:58 PM, Jeffrey Walton wrote:
On Thu, Apr 5, 2012 at 6:06 PM, Jakob Bohm wrote:
On 4/5/2012 9:01 PM, Jeffrey Walton wrote:
[SNIP]
The following list of permission bits are most (not all) of those that
may appear in the DACL
General hint:
seg-faults in malloc(), free(), realloc() etc. are usually caused by earlier
corruption of the heap. Looking at the stack at the time of crash is
rarely successful.
A better hint is to link to a special debug variant of malloc(), which is
specifically designed to report the exact p
Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld
specific
option to do this in manually written Makefiles.
My replies below are about how to achieve this without GNU specific options
and without having to edit the Configure and Makefiles. These answers do
not apply to Window
On 08-12-2011 19:46, Gaiseric Vandal wrote:
I am using Openssl 1.0.0a (on Solaris 10) as a basic CA. I use this
to sign SSL certificates for various internal servers (web, e-mail
etc.) I recently used the "openssl ca" command to renew the CA's
machine own public certificate. The modul
It could be that (undetailed) step "obtain parameters from hardware"
and/or other
indirect hardware calls caused by your OpenSSL calls makes the hardware
think the
key is now "spent" and can/must be deleted.
Hardware crypto is often designed to protect keys much more strictly
than software
cry
For authenticated encryption speed on a typical general purpose processor
(such as Atom), I would suggest AES-128 in GCM (Galois Counter Mode),
this does one 12-round AES per 16 bytes, plus one extra per message, with
no additional hashing algorithm use.
I don't know if that mode is in TLS, or yo
On 01-10-2011 04:14, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Friday, 30 September, 2011 13:27
On 9/30/2011 5:04 PM, michael lush wrote:
On Fri, Sep 30, 2011 at 3:07 PM, Jakob
Bohm wrote:
Linkable shared libraries "lib/libcrypto.so" and
"lib
On 01-10-2011 01:09, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of jb-open...@wisemo.com
Sent: Thursday, 29 September, 2011 18:46
Because the attributes mentioned are only meaningful if covered by the
digital signature on the certificate, it cannot change in any format
c
Because the attributes mentioned are only meaningful if covered by the
digital signature on the certificate, it cannot change in any format
conversion
that keeps the certificate valid.
The true format of certificates is binary BER encoded X.509.
A .cer file is simply that structure directly.
A
On 01-09-2011 21:51, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Thursday, 01 September, 2011 13:44
req_extensions will put the names in a CSR (signing request)
file when running the "req" command.
x509_extensions will put the names in the actual cert
27 matches
Mail list logo
