On Fri, May 13, 2011, Todd Goyen wrote:
> Can someone provide a brief explanation of the fips_premain.c functionality?
>
> I used it over a year ago and am a little hazy on the details.
>
> 1) A checksum of the executable was performed during the first compile step
> of fipsld
> 2) That checksu
On Sat, May 14, 2011, Paul Koster wrote:
> I'm looking using OpenSSL to realize "The CMS [...] allows multiple
> encapsulations; one encapsulation envelope can be nested inside another."
> from RFC5652. In particular it's the objective to have an 'enveloped-data'
> encapsulating (encrypted) 'diges
On Sun, May 15, 2011 at 1:55 AM, Larry Bugbee wrote:
>
>
> It is a matter of trust. If your server is serving a very small group that
> will trust your self-signed cert, then fine. If however your server is to
> be visited by a large number of people most of which won't know you, they
> would l
On May 14, 2011, at 11:54 AM, Zico wrote:
> Do we "actually" need a third party to make our certificate? I mean, we can
> generate self-certified certificates, right? So, will my production machine
> not run if I don't use CAcert.org or GoDaddy or Verisign?
It is a matter of trust. If your se
I'm looking using OpenSSL to realize "The CMS [...] allows multiple
encapsulations; one encapsulation envelope can be nested inside another."
from RFC5652. In particular it's the objective to have an 'enveloped-data'
encapsulating (encrypted) 'digested-data' (encapsulating 'data').
Am I right that
On Sat, May 14, 2011 at 8:06 AM, Dave Thompson wrote:
>
> The latter, as long as you transfer the private key from your machine
> to the server along with the certificate from the CA.
>
> You do need to keep *both* machines (keygen and server) secure
> and also the transfer process. It's usually a
Can someone provide a brief explanation of the fips_premain.c functionality?
I used it over a year ago and am a little hazy on the details.
1) A checksum of the executable was performed during the first compile step of
fipsld
2) That checksum was inserted into the binary during the second compil
On Sat, May 14, 2011 at 12:55:44PM +0400, A.B.COKO/\OB wrote:
> > For example:
> > subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
> > will produce an error but the equivalent form:
> > subjectAltName=@subject_alt_section
> > [subject_alt_section]
> > subjectAltName=URI:ldap://somehost.co
Dear ladies/gentlemen,
I'd like to clear up the situation with the feature described in manual
http://openssl.org/docs/apps/x509v3_config.htm (attached below).
I tried even that same example from the manual, with 2 different versions
of open ssl (0.9.7 linux, 1.0.0 windows) -- in both cases this
