> Never ship a Shared OpenSSL library. Anyone can rebuild it to output
> the socket buffer to disk prior to encryption and replace yours.
>
> :-)
A party to an encrypted conversation can put its contents in a full-page ad
in the New York Times if they want to. There's no need to keep a
conversati
csross wrote:
I don't know what is the purpose of building openssl shared. I am building
apache with ssl statically built in. What does building a shared openssl
give me?
The ability to upgrade openssl without having to recompile anything else.
Regards,
Graham
--
smime.p7s
Description:
I am trying to port some python code to C and the python code uses some
encryption algorithms so I want to use openssl's algorithms.
python code:
hmac_md5 = HMAC.new(nlkm,ch)
rc4key = hmac_md5.digest()
rc4 = ARC4.new(rc4key)
data = rc4.encrypt(edata)
c code:
HMAC_CTX hmac;
RC4_KEY rc4;
unsign
Classification: UNCLASSIFIED
Caveats: NONE
Sorry, Kyle, you are correct. I forgot not everyone understands what I
meant by PATH in the generic sense.
Also, don't forget crle command for Solaris (9 & 10). For instance:
crle -64 -c /var/ld/ld.config -l
(i.e. crle -64 -c /var/ld/64/ld.confi
Julian wrote:
Never ship a Shared OpenSSL library. Anyone can rebuild it to output the
socket buffer to disk prior to encryption and replace yours.
If someone can do that, you've been owned already, compiling it static
won't make any practical difference.
Regards,
Graham
--
smime.p7s
Desc
Not just PATH, but also LD_LIBRARY_PATH (on Linux), DYLD_LIBRARY_PATH
(on MacOSX), or whatever the dynamic linker expects on whatever flavor
of UNIX you're actually on.
As well, if your binary is setuid, it will prevent loading libraries
from any environment-specified locations.
-Kyel H
On Thu,
On Thu, Oct 23, 2008 at 02:12:45PM -0700, Julian wrote:
> Never ship a Shared OpenSSL library. Anyone can rebuild it to output
> the socket buffer to disk prior to encryption and replace yours.
This risk model is not often realistic. If the administrator of the
machine is your adversary, you're
Never ship a Shared OpenSSL library. Anyone can rebuild it to output
the socket buffer to disk prior to encryption and replace yours.
:-)
On Oct 23, 2008, at 9:32 AM, csross wrote:
I don't know what is the purpose of building openssl shared. I am
building
apache with ssl statically built
Classification: UNCLASSIFIED
Caveats: NONE
Patrick, did you make sure that the path to your new OpenSSL libs (*.0.9.8)
was in the path before the other possible libs of openssl? Granted under
normal circumstances you may think you only have one version installed, but
DOUBLE check you don't have
I don't know what is the purpose of building openssl shared. I am building
apache with ssl statically built in. What does building a shared openssl
give me?
Thanks
--
View this message in context:
http://www.nabble.com/why-build-shared-openssl-tp20134687p20134687.html
Sent from the OpenSSL
Thank you.
I did just that, without doing the ./configure again because nothing changed
there. The server-status screen and restart now shows the correct version.
Thank you very much.
Prathima Dandapani -X (pdandapa - HCL at Cisco) wrote:
>
> If you are loading mod_ssl dynamically into Apache
Doesn't this all depend on if you linked mod_ssl.so to the static SSL (.a)
libraries or to the dynamic SSL (.so) libraries?
Please respond to openssl-users@openssl.org
Sent by:[EMAIL PROTECTED]
To: openssl-users@openssl.org
cc: (bcc: Dan Mitton/YD/RWDOE)
Subject:RE: upg
hi,
i still have the problem, but i found that on debian etch the shared
librairies are also found in: /usr/lib/i486; /usr/lib/i586;
/usr/lib/i686/cmov; that is: libcrypto.so.0.9.8 and libssl.so.0.9.8
make install will only use /usr/lib - so i don't know what to do from here.
anyone can help
Hi,
I solved the problem. Now I can verify a signed message with the following
command.
# openssl smime -verify -in veri.mg -CAfile demoCA/cacert.pem
I created my signed message (veri.msg) with the following command.
# openssl smime -sign -in veri.txt -out veri.msg -inkey
demoCA/private/cakey.
Hi Joshi,
I'd use the compiler as a front end for the linker, rather than use ld
directly.
Mark.
> -Original Message-
>
> This is how i am compiling
>
> # cc_r -c -I/usr/include/l -D_ALL_SOURCE -D_ANSI_C_SOURCE
> -D_POSIX_SOURCE -qmaxmem=16384 -qnoansialias
> -DUSE_NATIVE_DLOPEN -
15 matches
Mail list logo
