On Fri, Nov 7, 2008 at 3:56 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
> There should be some means of determining how much entropy is actually
> in the information obtained from the EGD. The return values should
> reflect the number of bits stirred in, with 0 being "we haven't gotten
> anythin
hi all,
I'm currently working on OpenVPN which I found out that it uses openssl
for its encryption. So I looked into openssl source code and found a file
eng_padlock.c So my currently my openssl (version 0.9.8g) does support
padlock AES function. Im not sure how to activate it from openvpn
Yang Wang wrote:
> Hi,
>
> I am looking for a solution to add X509v3 Subject Alternative Name into the
> cert with openssl. The subject Alternative Name I need to add is in the
> format of
>
> Other Name:
> Principal [EMAIL PROTECTED]
>
> Can any one show me how to achieve it? I really appreciat
Posting a solution to this issue just in case it helps others with the same
issue. The problem was solved by setting the socket to be non-blocking and
then looping when the error is "SSL wants a read first". I try limit the
number of loops to 10 before I give up. It takes 2 times in the loop
There should be some means of determining how much entropy is actually
in the information obtained from the EGD. The return values should
reflect the number of bits stirred in, with 0 being "we haven't gotten
anything yet". Pass this up to the client library, and the client
library should pass th
Hi,
I am looking for a solution to add X509v3 Subject Alternative Name into the
cert with openssl. The subject Alternative Name I need to add is in the
format of
Other Name:
Principal [EMAIL PROTECTED]
Can any one show me how to achieve it? I really appreciate your help.
Thanks,
Yang
First of all: heed David's [Schwartz] advice, especially in his last email.
This stuff is /not/ meant to fix broken designs but only to be used
when you absolutely have to:
what you can use, when you need to detect clients crashing or networks
failing, is add a 'heartbeat' (as was mentioned befo
On Fri, Nov 7, 2008 at 9:38 AM, David Schwartz <[EMAIL PROTECTED]> wrote:
>
> Sounds like the interface is badly thought out. Perhaps the best
> "reasonable
> compromise", short of changing the interface, is to set a limit (maybe 3
> seconds or so) to how long RANG_egd can block (this would mean i
Ben Sandee wrote:
> On Thu, Nov 6, 2008 at 9:11 PM, David Schwartz <[EMAIL PROTECTED]>
wrote:
>> > There needs to be a call to fcntl(fd,F_SETFL,O_NONBLOCK) just after
>> > the socket() call and error status check.
>> That will just waste CPU. The code will spin in each loop
>> "while (!success)
On November 7, 2008 06:08:19 am Aravinda babu wrote:
> Hi all,
>
> First of all thanks for all of your suggestions and information.I got a
> clear idea of how to do the required thing.
> I forgot to mention one thing.
>
> We are making one library for certificate management which will be used by
>
I will be out of the office starting 30.10.2008 and will not return until
09.11.2008.
I will respond to your message when I return. If you have urgent need
please contact [EMAIL PROTECTED]
-
DISCLAIMER
This email and any files tr
Hello Normand,
so here is the tricky part of openssl's command line.
You create your key file with genrsa and the passout option. Now you could
think that your keyfile is encrypted but it isnt. You have to configure the
encryption algorithm:
-desencrypt the generated key with DES
On Thu, Nov 06, 2008, BiGNoRm6969 wrote:
>
> Hi, here is my problem:
>
> I first created a private RSA key with the argument -passout pass:123456
> After that I create the certificate with this the argument -passin: 123456
>
> In my code I do that:
>
> static char keyfile[] = "C:/MyKeyFile.
Hi,
I would like to know if there is any reason why the patch provided by
wpasupplicant to enable EAP-FAST has not been included in openssl? Or are there
any plans to include this functionailty soon?
Thanks!
Regards,
Adrian Quek
_
One line in my reply went other places. It was this: [*] starred items
are not called in your code.
On Fri, Nov 7, 2008 at 12:59 AM, Ger Hobbelt <[EMAIL PROTECTED]> wrote:
> Specifically, check the code to construct public key carrying
> certificates in, for instance, x509/mkcert.c, demos/selfsign
This is not a sure thing, but from a quick scan of your code, it looks
like you are constructing an incomplete certificate in memory, which
might hurt you further down the road, i.e. when transmitting the cert,
which is then checked by the other party.
Specifically, check the code to construct pub
Hi, here is my problem:
I first created a private RSA key with the argument -passout pass:123456
After that I create the certificate with this the argument -passin: 123456
In my code I do that:
static char keyfile[] = "C:/MyKeyFile.pem";
FILE* fp = fopen( keyfile, "r");
pem_password_cb* pem_
On Fri, Nov 07, 2008, Roger No-Spam wrote:
>
> Furthermore, there seems to be FIPS changes required in openssl outside the
> FIPS module. This is my conclusion after having studied the FIPS_098_TEST_8
> branch in openssl's cvs server. When are these changes scheduled to be
> merged into the main
Hi all,
First of all thanks for all of your suggestions and information.I got a
clear idea of how to do the required thing.
I forgot to mention one thing.
We are making one library for certificate management which will be used by
different applications.In that library we have one API which will v
Hi,We have included openssl in our product, a proprietary OS and development
environment. Customers have requested that we include the FIPS validated
version of openssl. We have included the openssl 0.9.8 base line and I am now
trying to clarify what the implications are of including the 0.9.8
20 matches
Mail list logo
