X509_get_ext_d2i : makes a copy that needs to be freed, or not?

I'm retrieving the Subject Alternate Name, by NID using X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL). Of course, for NID_subject_alt_name, it returns a GENERAL_NAMES pointer. Is this an alias, or does it need to get freed with sk_GENERAL_NAMES_free() when I'm done with it?

Re: Question regarding OpenSSL Security Advisory

Hi, I had some questions about the latest security advisory. I understand that this applies to multi-threaded application while using ssl sessions. If the application is written thread safe using CRYPTO_set_locking_callback functions will the vulnerability still apply ? If the ssl code calls th

RE: How to get the Serial Number

> From: owner-openssl-us...@openssl.org On Behalf Of bhaarat pachori > Sent: Saturday, 13 November, 2010 08:23 > Actually I am trying to get the Serial number of the der encoded certificate > > AOL_Member_CA.der. For the better understanding I am attaching my code

Re: OpenSSL 1.0.0b testssl fails

On Tue, Nov 16, 2010 at 11:36:50PM +0100, Mounir IDRASSI wrote: > Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under > Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error. > > I don't see anything OS specific in the changes introduced in t1_lib.c or > s3_srvr.c. Could

Openssl 1.0.0b make test fails

I have now tried building Openssl 1.0.0b with and without -shared and on SuSE 11.3 as well as two CentOS 5.5 systems. All fail at the same point. I verified the MD5 and SHA1 checksums? Any ideas? Carter Browne CBCS cbro...@cbcs-usa.com __

Re: OpenSSL 1.0.0b testssl fails

On Tue, Nov 16, 2010, Mounir IDRASSI wrote: > Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under > Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error. > > I don't see anything OS specific in the changes introduced in t1_lib.c or > s3_srvr.c. Could it be a gcc bug? >

Re: OpenSSL 1.0.0b testssl fails

Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error. I don't see anything OS specific in the changes introduced in t1_lib.c or s3_srvr.c. Could it be a gcc bug? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/16/

Re: OpenSSL 1.0.0b testssl fails

On Tue, Nov 16, 2010, Victor Duchovni wrote: > On Tue, Nov 16, 2010 at 03:48:13PM -0500, Victor Duchovni wrote: > > > > > Anyone know why I am seeing the below errors: > > > > ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert > > ../apps/server2.pem -no_dhe -num 10 -f -time > > Availabl

Re: OpenSSL 1.0.0b testssl fails

On Tue, Nov 16, 2010 at 03:48:13PM -0500, Victor Duchovni wrote: > > Anyone know why I am seeing the below errors: > > ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem > -no_dhe -num 10 -f -time > Available compression methods: > NONE > DONE via BIO pair: TLSv1, ci

Re: OpenSSL 1.0.0b released

Make test fails here too RHEL 5.5 64bit, 12gb mem, 8 core xeon Lee included: rsa test tls1 with 1024bit RSA, no DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA ERROR in SERVER 46958729697248:error:140

Re: OpenSSL 1.0.0b testssl fails

On Tue, Nov 16, 2010, Victor Duchovni wrote: > > Anyone know why I am seeing the below errors: > > ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem > -no_dhe -num 10 -f -time > Available compression methods: > NONE > DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECD

OpenSSL 1.0.0b testssl fails

Anyone know why I am seeing the below errors: ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA ERROR in SERVER 182902820544:e

building openssl libs in a build farm

Greetings, I was hoping to solicit users' feedback on how OpenSSL is getting built for distributed environments. How are you guys building the code stack? Do you use the shipped ./config --prefix=xx --install-prefix=xx and resultant Makefile without modification? We ran into an issue building Op

Re: OpenSSL 1.0.0b released

Make test fails with Openssl 1.0.0b. Configure option: make -shared Attached is the CPU information. The same code tested without issues on VC 2008. Operating system is CentOS 5.5 with all current patches applied. Carter Carter Browne CBCS cbro...@cbcs-usa.com test BN_add test BN_sub test B

OpenSSL 0.9.8p released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8p released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8p of our open source

OpenSSL Security Advisory

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [16 November 2010] TLS extension parsing race condition. = A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer ove

OpenSSL 1.0.0b released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0b released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0b of our open source

Verify p7m countersignatures

Hi all, I'm trying to successfully analyze and verify a p7m file with countersignatures with OpenSSL 0.9.8o I didn't find the right place\point where the pkcs7_verify function analyzes the unauthenticated attributes for countersignatures so I started to write the countersignatures verify function o