Customer are started asking me for this fix . So i need to release an
immediate release of openssl with this fix . Not sure whether they are using
DTLS . If any customer ask for the fix , i need to release the fix
immediately (business policy).
The patch which i have applied is this(for openssl 9.
DES_ecb_encrypt encrypts as single DES, 56-bit key, in a block mode
which has been deemed completely insecure.
-Kyle H
On Wed, Jun 3, 2009 at 12:46 PM, Michael Kurecka wrote:
> Does the method DES_ecb_encrypt encrypt as Triple or Single DES
___
There are also strict rules regarding the certificate validation
process, which openssl will let you entirely
"pre-empt" and completely take over the validation process. All we
would be asking for would be a
callback that lets us "extend" the functionality of openssl regarding
cert extensi
The thing is, RFC3280 states...
Implementors are warned that the X.500 standards community has
developed a series of extensibility rules. These rules determine
when an ASN.1 definition can be changed without assigning a new
object identifier (OID). For example, at least two extension
I agree that there should probably be a callback for extensions not
recognized and supported by OpenSSL...the callback
could return a failure code that openssl would look at, and if it is
set to an "error" then openssl would run it's normal failure return
path (up the call stack).
If the c
On 2009.06.04 at 09:04:11 +1000, Brad Mitchell wrote:
>
> The reason we use command-line utilities to verify is for transparency.
> Data could be used in the courts for example and having that "hey.. go
> download openssl and verify it yourself" is a lot better than.. here is a
> util we wrote to
On 2009.06.04 at 08:13:05 +0800, jazeltq wrote:
> >I'm afraid that it is not a good code to study ecc.
> >
> >Implementation, which is currently in OpenSSL is full of obscure
> >performance hacks and is not well-documented.
> Yse, it's a problem . May be it will be relief afer my paper finish
The ts command is to create requests, sign requests and verify timestamps
according to RFC3161. So the exercise I was trying to demonstrate at work
was to create a certificate for the purpose of timeStamping (critical
extension timeStamping on the cert) to sign digests into a token.
The verify
在2009-06-03,"Victor B. Wagner" 写道:
>On 2009.06.03 at 08:23:52 +0800, jazeltq wrote:
>
>> >file ec_lcl.h, which present in the OpenSSL sources, but not included in
>> which directory include file ec_lcl.h, is it in the ec directory ?but in
>> my sources i can't find it.
>
>It is in crypto/
On Wed, Jun 03, 2009 at 10:24:47PM +0100, David Woodhouse wrote:
> On Wed, 2009-06-03 at 15:02 -0400, Victor Duchovni wrote:
> > with SSL_CTX_use_certificate_chain_file() the entire trust chain is
> > loaded from the provided file bottom-up order. The first certificate
> > is the leaf and must mat
On Wed, 2009-06-03 at 15:02 -0400, Victor Duchovni wrote:
> with SSL_CTX_use_certificate_chain_file() the entire trust chain is
> loaded from the provided file bottom-up order. The first certificate
> is the leaf and must match the private key provided.
Ah, right. Most files I've encountered have
We are currently using OpenSSL 0.9.8j and have a question related to
X509_LOOKUP_ctrl and X509_LOOKUP_load_file.
Basically, we are using one of the above functions to add the files to the
LOOKUP, however, under some conditions, it is required to remove the file.
Would there be any document or f
Does the method DES_ecb_encrypt encrypt as Triple or Single DES
On Wed, Jun 03, 2009 at 07:27:00PM +0100, David Woodhouse wrote:
> On Tue, 2009-06-02 at 21:39 -0400, Victor Duchovni wrote:
> > The CAfile is for verification, not for sending alon the trust chain
> > of a given certificate.
>
> OpenSSL currently _does_ use the CAfile for sending along the trus
On Tue, 2009-06-02 at 21:39 -0400, Victor Duchovni wrote:
> The CAfile is for verification, not for sending alon the trust chain
> of a given certificate.
OpenSSL currently _does_ use the CAfile for sending along the trust
chain of its client certificate. It's buggy, but it tries :)
> DO NOT app
Hi Brad,
I guess I'm going to have the same problem (Microsoft CA generating
certs I have to verify with OpenSSL). I wasn't aware of the "ts"
command, but I'm assuming that I can always verify MS-CA certificates
if I do this programatically, using the openssl api. I will have to
verify
Joe Friedeggs writes:
> I'm pretty much a noob when it comes to SSL, so any help would be
> greatly appreciated. I just installed Openldap running TLS with self
> signed certs. Everything *seems* to be working fine (LDAP logs show
> TLS encryption), but when I run the s_client from the LDAP (Li
I'm pretty much a noob when it comes to SSL, so any help would be greatly
appreciated. I just installed Openldap running TLS with self signed certs.
Everything *seems* to be working fine (LDAP logs show TLS encryption), but when
I run the s_client from the LDAP (Linux) client, I only see ONLY
On 2009.06.03 at 08:23:52 +0800, jazeltq wrote:
> >file ec_lcl.h, which present in the OpenSSL sources, but not included in
> which directory include file ec_lcl.h, is it in the ec directory ?but in my
> sources i can't find it.
It is in crypto/ec.
Which version of OpenSSL are you using? In
For anyone that cares.
I ran:
certutil -showreg policy
which gave me the registry entry for cert policies:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\L
UCINDA ROOT CA\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy
I modified the multi-
20 matches
Mail list logo
