On Wed, Nov 04, 2009 at 02:26:47PM -0600, Doug Bailey wrote:
> > > Are there any glaring flaws in this approach?
> >
> > Generally it is a bad idea to hard-wire data-encryption keys.
> > Standard
> > practice is burn-in a "key-encryption-key" (KEK), and each encrypted
> > object uses a random uni
- "Victor Duchovni" wrote:
> On Wed, Nov 04, 2009 at 10:33:02AM -0600, Doug Bailey wrote:
>
> > I would like to use this capability so that an authenticated program
> on the
> > microprocessor is used to decrypt an image that is downloaded to my
> system. Due
> > to code space and size limi
We were getting the no certificate returned error when signing the cert with
the notAfter field (this was in a PostgreSQL context, if it matters).
The -verify command reported:
error 14 at 0 depth lookup:format error in certificate's notAfter field
re-signing the cert with the -days x option
On Wed, Nov 04, 2009 at 10:33:02AM -0600, Doug Bailey wrote:
> I would like to use this capability so that an authenticated program on the
> microprocessor is used to decrypt an image that is downloaded to my system.
> Due
> to code space and size limitations, my first thought is to use an AES
I have a system where I have a microprocessor that has the ability to hold data
in PROM memory that is only accessible when the program running it has been
authenticated. (This is done using ECDSA.)
I would like to use this capability so that an authenticated program on the
microprocessor is used
Hi,
I need a little help with Certificate Revocation Lists.
I did setup client certificates filtering with apache and it seem to work fine
so far (used a tutorial on http://www.adone.info/?p=4, down right now).
I have a "CA" that is signing a "CA SSL".
Then, the "CA SSL" is signing the clients ce
Hi Guys,
I came across a case where ERR_get_erro() returns 0 whereas I expect it to
return some valid error code. The case is when an invalid certificate file is
passed to SSL_CTX_load_verify_locations().
You may want to refer to the following url:
http://rt.openssl.org/Ticket/Display.html?id=1
On Wed November 4 2009, Lou Picciano wrote:
> OpenSSL Friends:
>
> We're looking at implementing hardware acceleration for our OpenSSL
> environment. Hardware would probably be PCI bus x86, though SPARC is not out
> of the question...
>
> Does anyone have any strong opinions, recommendations,
On Tue, Nov 3, 2009 at 11:12 PM, Dave Thompson
wrote:
> To be clear: s_client with -sessout to a file, followed by s_client
> with -sessin from the same file (to the same server instance) works?
> And -sessin to a different server instance is ignored but doesn't fault?
>
Both cases work fine.
U
On Wed, Nov 4, 2009 at 08:24, jj Zhu wrote:
> gcc -static /usr/lib/libssl.a /usr/lib/libcrypto.a error.o wrapsock.o
> wrapunix.o driverUtility.o driver.o -o driver
> I get these compile errors:
> driver.o: In function `logout':
> driver.c:(.text+0x16e): undefined reference to `SSL_libra
It goes well when dynamic linking, using command like this:
gcc -lssl error.o wrapsock.o wrapunix.o driverUtility.o driver.o -o
driver
then I want to link openssl lib statically so I do not need to install
openssl when I run my application on another linux platform,but after I
change th
On Tue, Nov 03, 2009, Adam Rosenstein wrote:
> I definitely get better results with the latest snapshot. However I still
> don't get my "0 depth lookup:certificate revoked" but instead get a "0 depth
> lookup:CRL path validation error"
>
> Looking at the differences between my application logic
Hi,
On Wed, Apr 29, 2009 at 9:41 PM, Dr. Stephen Henson wrote:
> On Wed, Apr 29, 2009, Randy Turner wrote:
>
>>
>> Just for my own edification, from this thread, it sounds like OpenSSL
>> doesn't support password-protected
>> PKCS#7 bundlesis this interpreation correct?
>>
>
> No. It supports
13 matches
Mail list logo
