Brant Thomsen wrote:
The C++ compiler in Microsoft's Visual Studio 2005 (and later) makes time_t
a 64-bit number when compiling 32-bit code. Older compilers, such as Visual
C++ 6.0, make time_t a 32-bit number, which would cause year 2038 issues.
I'd very much like to see TAI64 adopted where o
I've been trying to build OpenSSL 0.9.8h for WIN64A.
I have Visual Studio 2005, SP1 and the Server 2008 SDK (6.1) on 32 bit
Windows XP.
I run:
perl Configure VC-WIN64A
ms\do_win64a
nmake -f ms\ntdll.mak
I get a ton of errors from ms\uptable.asm. For
I am trying to establish a connection from a openldap/openssl client to Oracle
Internet Directory. I know this isn't much to go on but will at least begin the
conversation. I am getting the following error on the client. I am able to
connect to 443 but unable to connect to 636.
With the follo
Hi Victor,
PKI Handshakes are always the cause of worry when it comes to performance
but now I am facing problems even with the normal encryption. The data size
is around 2k. Woud you suggest using RC4-MD5?
On Thu, Jun 5, 2008 at 9:12 PM, Victor Duchovni <
[EMAIL PROTECTED]> wrote:
> On Thu, Jun
> Changing this is would involve including independent date
> routines which don't
> have this restriction. I did start on this some time ago but other higher
> priority tasks (e.g. paid ones!) took over.
I've got 64-bit date/time routines that are good out to 2270 that work fine
on 32-bit archit
On Thu, Jun 05, 2008 at 08:20:31PM -0700, Ace wrote:
> I know that DHE-RSA-AES256-SHA is more secure than RC4-SHA
The DHE part especially, as it yields forward-secrecy. So far, RC4
with fully random keys has held up reasonably well.
> but it needs
> more computation power and RC4-MD5 is fas
Hi,
I know that DHE-RSA-AES256-SHA is more secure than RC4-SHA but it needs
more computation power and RC4-MD5 is faster. I saw the mixed response on
RC4-MD5 usage. OpenSSL lists it as medium strength cipher but I found that
many people have listed attacks on this, possible in an hour. What i
On Thu, Jun 05, 2008 at 10:47:10PM -0400, Gumbie wrote:
> How would I enforcing decent pass phrase on private key? Or can I?
At what point in the key's lifecycle would you like to do that?
--
Viktor.
__
OpenSSL Project
How would I enforcing decent pass phrase on private key? Or can I?
smime.p7s
Description: S/MIME cryptographic signature
It would be nice if we could easily specify the epoch for
certificate expiration.
--
_jsn
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@op
On Thu, 2008-06-05 at 22:32 +0200, Dr. Stephen Henson wrote:
> Changing this is would involve including independent date routines
> which don't
> have this restriction. I did start on this some time ago but other
> higher
> priority tasks (e.g. paid ones!) took over.
>
Right. From a quick perusa
It's a Linux 2.6.21 based system.
I think the issue comes into play here in x509.c:
x509_gmtime_adj(X509_get_notAfter(x),(long),60*60*24*days);
where days is an int and X509_gmtime_adj has it's second parameter
defined as a long.
and I believe int's and longs are 32 bits on this machine.
Thank
The C++ compiler in Microsoft's Visual Studio 2005 (and later) makes time_t
a 64-bit number when compiling 32-bit code. Older compilers, such as Visual
C++ 6.0, make time_t a 32-bit number, which would cause year 2038 issues.
Brant Thomsen
-Original Message-
From: [EMAIL PROTECTED]
[mail
What OS did you have this problem on? I use Openssl 0.9.7m on Windows to
generate
certificates, and I was able to generate certs beyond 2038 with no problem. I
did not
experience a problem until I tried to generate one that lasted beyond 2106,
when the
entire 32-bit number overflows. So Wind
On Thu, 2008-06-05 at 15:33 -0400, Leonard F. Elia wrote:
> In fact, it is probably bigger
> than Y2K because it will involve changes to most flavors of the Unix
> operating system. It is neither trivially solved, nor an unknown
> problem.
>
I understand the issue, and like I said I was hoping
On Thu, Jun 05, 2008, Chris Kottaridis wrote:
> When trying to make a certificate for 30 years seems you run into the
> 2038 date limitation. Seems the code converts date to a signed int in
> seconds since 1970 and now that we are within 30 years of the 2038 limit
> we get hit by it. Using a date
Hi,
> This problem is much bigger than OpenSSL. In fact, it is probably bigger
> than Y2K because it will involve changes to most flavors of the Unix
> operating system. It is neither trivially solved, nor an unknown problem.
move to 64bit - thats the only way to go beyond 2038 from the
unix ep
This problem is much bigger than OpenSSL. In fact, it is probably bigger
than Y2K because it will involve changes to most flavors of the Unix
operating system. It is neither trivially solved, nor an unknown problem.
Chris Kottaridis wrote:
Is there a plan to circumvent the limit, as opposed t
Is there a plan to circumvent the limit, as opposed to just saying stay
within 2038 ?
Afaik, the only current solution is to switch to 64bit openssl.
-Eljas Alakulppi
__
OpenSSL Project http://www
On Thu, Jun 05, 2008 at 01:23:05PM -0600, Chris Kottaridis wrote:
> >seriously 30 year certificate?
>
> That was my initial response, but that's what a customer wants.
>
> I was hoping to be retired before I had to worry about this limit. It
> does seem to be something that people want to do and
>seriously 30 year certificate?
That was my initial response, but that's what a customer wants.
I was hoping to be retired before I had to worry about this limit. It
does seem to be something that people want to do and I was just
wondering if there was a plan in place to fix it. In checking the w
One of the certificates from VeriSign that comes with Firefox is issued in 1996
and it lasts until 2028. That's 30+ years.
- Original Message
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: openssl-users@openssl.org
Sent: Thursday, June 5, 2008 8:22:09 PM
Subject: Re: 2038 date limit
Hi,
> When trying to make a certificate for 30 years seems you run into the
> 2038 date limitation. Seems the code converts date to a signed int in
> seconds since 1970 and now that we are within 30 years of the 2038 limit
> we get hit by it. Using a date of (30 * 365) from now:
thats the same dat
When trying to make a certificate for 30 years seems you run into the
2038 date limitation. Seems the code converts date to a signed int in
seconds since 1970 and now that we are within 30 years of the 2038 limit
we get hit by it. Using a date of (30 * 365) from now:
notBefore=Mar25 19:33:38 2008
David,
Thanks for your prompt reply, again.
David Schwartz wrote:
ERR_get_error() returned 67596407
ERR_error_string() returned error:04077077:rsa routines:RSA_verify:wrong
signature length
ERR_get_error() returned 218910726
ERR_error_string() returned error:0D0C5006:asn1 encoding
routines:ASN
Hello to all..
I'm able to build the openssl 0.9.8g on windows 2003 using VC++ version 7 and
the ms\do_ms build..I'm also able to build Apache 2.2.8 with the
openssl dlls included...However, the service will not start, and I am
getting a weird error in the event viewer
26 matches
Mail list logo
