Now I don't think its possible. I am statically linking application with
object module and library and if you have observed fipsld, first time its
compiling and linking the application without any preprocessor symbol. At
that time fips_premain.c observes that no HMAC defined and generates the 40
ch
On Wed, Mar 09, 2011, Collins, Jerry wrote:
> Stephan,
> Maybe I'm confused, and it's been two years since I dealt with this,
> but I thought the libeayfips32.lib was built as part of the fips build,
> not as a follow on step. Also, the libeay32.lib that is built by the
> ms\do_fips no-asm do
Stephan,
Maybe I'm confused, and it's been two years since I dealt with this,
but I thought the libeayfips32.lib was built as part of the fips build,
not as a follow on step. Also, the libeay32.lib that is built by the
ms\do_fips no-asm doesn't give me an option of whether to build a DLL or
st
On Wed, Mar 09, 2011, raghib nasri wrote:
> Thanks Stephen
> I have modified fipsld to compile only fips_premain.c with gcc and my rest
> of the application is still using g++ for compilation and linking. But I am
> not able to sort out exactly how to modify the part that will result in
> embeddin
Thanks Stephen
I have modified fipsld to compile only fips_premain.c with gcc and my rest
of the application is still using g++ for compilation and linking. But I am
not able to sort out exactly how to modify the part that will result in
embedding signature of exact 40 characters, in case I want to
On Wed, Mar 09, 2011, Ralph Holz wrote:
>
> Sorry again, but this is somewhat confusing. Your words seem to imply that
> the correctness of the chain leading up to the root CA is indeed evaluated
> (else why bother about the CA cert?). Yet the docs say about -purpose:
> "Without this option no ch
add to previous post, I 'd like to know what is the best format for storing
item in map. Item is here a struct which encapsulated certificate object (
as shown in previous message ).
I think about DER format ... is it a good idea ?
2011/3/9 ikuzar
>
>
> 2011/3/9 Dave Thompson
>
> > From:
You can create your own certificate store under local machine, or use an
existent one.
See http://msdn.microsoft.com/en-us/library/aa388136(v=vs.85).aspx for
details about where store are located and access right.
I can suppose userA and userB as affiliated to the same group users.
Da: owne
Hi,
> > No it just means that most certificates could (in theory) be use as SSL
> > > server
> > > certificates. If you had appropriate extensions restrictions (e.g.
> extended
> > > key usage or the deprecated netscape certificate type) you'd notice the
> > > difference.
> > >
> >
> > Thanks for
Hi,
Do you mean i should install client certificate into trusted root
certificate?
// Harshvir
On Wed, Mar 9, 2011 at 5:05 AM, Francesco Petruzzi <
francesco.petru...@innovery.it> wrote:
> If your service uses “my” in order to retrieve certificate it only reads
> its certificate (service lau
On Wed, Mar 09, 2011, Ralph Holz wrote:
> Hi Steve,
>
> On 9 March 2011 13:03, Dr. Stephen Henson wrote:
>
> > > Am I correct in surveying that openssl verify uses a default of
> > "sslserver"
> > > for -purpose?
> > >
> >
> > No it just means that most certificates could (in theory) be use as
Hi,
I've got an interrogation on .so file !
I'm compiling the 0.9.8r file of openssl using the config command with
those "threads shared zlib-dynamic" options ... All is going fine
My question is :
Why i'm not finding the version in the openssl/lib/libcrypto.so.0.9.8
when i'm using the
Hi Steve,
On 9 March 2011 13:03, Dr. Stephen Henson wrote:
> > Am I correct in surveying that openssl verify uses a default of
> "sslserver"
> > for -purpose?
> >
>
> No it just means that most certificates could (in theory) be use as SSL
> server
> certificates. If you had appropriate extension
On Tue, Mar 08, 2011, Collins, Jerry wrote:
> Hello,
> My company recently decided to upgrade to the latest FIPS release
> 1.2.2. I've read the Security and User Manual. According to them, the
> only command we can give is ms\do_fips no-asm.
>
Well for Vista you'd be better with ms\do_fips
On Wed, Mar 09, 2011, Ralph Holz wrote:
> Good day,
>
> The following is a question re: openssl verify.
>
> In the openssl docs, I have found that "no chain verification is done if the
> option "-purpose is not set". I just checked with a few test cases (certs
> from HTTPs server, chain length a
2011/3/9 Dave Thompson
> > From: owner-openssl-us...@openssl.org On Behalf Of ikuzar
> > Sent: Tuesday, 08 March, 2011 13:02
>
> > I am going to explain below what I HAVE TO do :
> > a) I have to store certificates in a map which is a shared memory.
> > ( I have to do this
If your service uses my in order to retrieve certificate it only reads
its certificate (service launcher UserA), you can save certificate for
LocalMachine but your service must
use local machine store to retrieve certificate and not my (personal)
store.
Da: owner-openssl-us...@openssl.o
Good day,
The following is a question re: openssl verify.
In the openssl docs, I have found that "no chain verification is done if the
option "-purpose is not set". I just checked with a few test cases (certs
from HTTPs server, chain length at least 3) and found that the output of
verify seems to
18 matches
Mail list logo
