On Thu, May 29, 2008 at 2:40 PM, Mounir IDRASSI
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> This is a bug that has been reported on openssl-dev. It's due to a bug in
> the file x86ms.pl responsible for the generation of MASM assembly code. To
> be corrected, the line 273 of this file containing "$extra" s
I complie 0.9.8h today and attempted to run onwin32 machine,
but I have bug:
openssl pkcs12 -export -in MyCert.pem -inkey MyKey.pem -out MyCert.p12
Loading 'screen' into random state - done
Enter pass phrase for MyKey.pem:
Enter Export Password:
Verifying - Enter Export Password:
O
Hi,
The only thing I see in your code is that, inside the while block, you are
not setting the CA variable to the next element of the list Gl_listeCA.
Thus, at the second loop you will always get an error when calling
X509_STORE_add_cert because CA->x509 is pointing to the same certificate
as in t
Sorry for the double ;-)
Hello,
I getting crazy !
In one application I insert CA certificates and CRLs in the X509_STORE.
This store is included in the SSL_CTX. No problem. The certificate
verification process during handshake runs like a charm.
In a second application, I create an X509_STORE a
Hello,
I getting crazy !
In one application I insert CA certificates and CRLs in the X509_STORE.
This store is included in the SSL_CTX. No problem. The certificate
verification process during handshake runs like a charm.
In a second application, I create an X509_STORE and try to insert my CA
Hi,
This is a bug that has been reported on openssl-dev. It's due to a bug in
the file x86ms.pl responsible for the generation of MASM assembly code. To
be corrected, the line 273 of this file containing "$extra" should be
removed.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
___
Only against random attacks of course, if all attackers first check these
keys, then removing them strengthens the algorithm against (non-random)
brute-force attack. This said, the effort of explicitly avoiding these
is probably wasted (unless one suspects one has a identically weak RNG).
--
On Wed, May 28, 2008 at 02:23:44PM -0500, [EMAIL PROTECTED] wrote:
> On Tue, May 27, 2008 at 03:23:27PM -0500, [EMAIL PROTECTED] wrote:
> > So a developer at my company is having a problem.
> >
> > When our business partner signs a data object using Bouncy Castle
> > (PKCS#7 CMS), outputs PEM, an
Discard, while originally the problem was with a moving buffer, the
later trouble I had were my own bugs (SMTP CRLF line break algorithm had
problems).
Ales
__
OpenSSL Project http://www.openssl.
On Thu, May 29, 2008 at 09:48:38AM +0200, Steffen DETTMER wrote:
> On the other hand, someone else could assume that all potentially
> weak keys are regenerated and the concerned (boxes,
> systems, admins, security professionals, ...) now are more
> sensitive, carefully exchanged all keys against,
Hello,
we are currently programming on an integration of OpenSSL into our
existing Socket architecture. We have a problem with non-blocking
connections.
In our test scenario we coded a simple server and client that shall
communicate encrypted via SSL. But for now we simply use an unencrypted
"Soc
vinni rathore a écrit :
>
> hi,
>
> i am stuck with the error "Unable to get local issuer certificate" and
> then "SSL3_GET_CLIENT_CERTIFICATE: peer certificate not return".
>
> I have created my own certificates using Openssl.exe . I have created
> CACert.pem which is self signed CA certificate
Hi vinni,
As a hint i will reformulate how i understand your problem
The server cannot accept the client certificate because it cannot check
that the certificate have been issued by a trusted CA.
This arise because the CA certificate is not available so the questios are
1) Is the CA ce
hi,
i am stuck with the error "Unable to get local issuer certificate" and then
"SSL3_GET_CLIENT_CERTIFICATE: peer certificate not return".
I have created my own certificates using Openssl.exe . I have created
CACert.pem which is self signed CA certificate and then two other
certificates one is C
I've found out that it's related to how SSL_Write() expects the same
buffer pointer after an SSL_ERROR_WANT_WRITE occurs.
I also found out that this can be avoided by issuing a SSL_ctrl() which
I tried, but now I get corrupted data from certain point.
How EXACTLY is SSL_Write in non-blocking
Hi all,
Steps to reproduce:
1. Download and unpack openssl-0.9.8h.tar.gz
2. Open Visual Studio 2005 Command Prompt
3. ms\do_masm.bat
4. nmake -f ms\ntdll.mak
Gives error:
ml /Cp /coff /c /Cx /Focrypto\sha\asm\s1_win32.obj
.\crypto\sha\asm\s1_win32.asm
Microsoft (R) Macro Assembler Versi
* Victor Duchovni wrote on Wed, May 28, 2008 at 21:10 -0400:
> > > Only against random attacks of course, if all attackers
> > > first check these keys, then removing them strengthens the
> > > algorithm against (non-random) brute-force attack. This
> > > said, the effort of explicitly avoiding the
Hello,
We're performing PCI audit security scan on our machines and this one
vulnerability keeps coming back on our apache 2.2 server. I followed the
solution is provided and changed the line ssl/ssl.h (0x0FFFL ->
0x0FFFL^SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG and also added the
entire
On Tue, May 27, 2008 at 03:23:27PM -0500, [EMAIL PROTECTED] wrote:
> So a developer at my company is having a problem.
>
> When our business partner signs a data object using Bouncy Castle
> (PKCS#7 CMS), outputs PEM, and we use OpenSSL and read it in, that
> works fine, but when we try to get the
On Wed, May 28, 2008 at 6:47 PM, Deane Sloan <[EMAIL PROTECTED]> wrote:
> To tie this off - is it fair to say that the impact of say 2048bit RSA
> SSL(etc) using a private key in the affected range is a valid
> consideration/concern, however in combination with the likelihood
> stated, the overall
On Wed, May 28, 2008 at 12:24 PM, Silvia <[EMAIL PROTECTED]> wrote:
> Hi,
> I'm trying to test some algorithm with openssl comman line and oprofile.
> Then, to separate the time used for the real cryptographic operation from
> the time used for I/O operation, I need to know which library is used to
21 matches
Mail list logo
