Re: Unknown CA error

Hi, Just thank you - is an understatement, I completely admired with your prompt response. Based on your reply, I realized device was having a certificate that is not matching a common root certificate with my server root certificate (issuer was found to be different when observed the details of it

RE: a question about openssl sessions

(kept HTML because otherwise too much status lost, but my Outlook tends to screw up formatting when editting HTML; sorry for any glitches) _ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Stéphane Charette Sent: Saturday, 21 April, 2012 04:1

Re: Please tell me about encryption API of OpenSSL 1.0.1

On 23/04/12 13:16, MauMau wrote: Apart from that, let me go back to my original question 4 in my first mail. Q4: Do I have to call EVP_EncryptInit_ex/EVP_DecryptInit_ex for each block/record? I'm concerned about the overhead of those functions. For exa

Re: Upgrading OPENSSL

Thanks Luke appreciate the feedback!! Brad Finkeldei Luke Carpenter Sent by: owner-openssl-us...@openssl.org 04/24/2012 02:36 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: Upgrading OPENSSL I would not advise attempting that, Apache is co

Re: Upgrading OPENSSL

I would not advise attempting that, Apache is compiled against a version of OpenSSL, and simply swapping out the binaries Indiana-Jones style will probably land you with a segfault >From a preliminary search, it looks like you will need to re-compile the Apache module mod_ssl against a later versi

Upgrading OPENSSL

I have installed Apache HTTP Server with OpenSSL 0.9.8t (MSI Installer) >From the Apache.org Site. Here is the file I downloaded and installed: httpd-2.2.22-win32-x86-openssl-0.9.8t.msi I want to upgrade OpenSSL on that machine without having to upgrade Apache too. How do I do that? step by

Re: Newbie Question here...

On 4/24/2012 6:19 PM, bfinkel...@aaamissouri.com wrote: I have installed Win32 Binary including OpenSSL 0.9.8t (MSI Installer): httpd-2.2.22-win32-x86-openssl-0.9.8t.msi on my windows server. I want

Newbie Question here...

I have installed Win32 Binary including OpenSSL 0.9.8t (MSI Installer): httpd-2.2.22-win32-x86-openssl-0.9.8t.msi on my windows server. I want to upgrade JUST openSSL that's bundled with this install to the latest PCI compliant version. I want to go to OpenSSL 0.9.8u or possibly w.How c

RE: OpenSSL 1.0.1a

Hello... I am using AIX 5.3 with gcc 4.3.5. Few months ago, I had no problem with OpenSSL 1.0.1. Recently, I downloaded 1.0.1a then compiled but got error message... Here is what I did: # ./Configure aix-gcc (no problem) # make . . gcc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -pthread

"SSLv3 bad record mac" with Ruby OpenSSL

Hi, I am attempting to implement the STARTTLS extension (RFC 3207) for SMTP in Ruby, and I'm not getting very far because, if I'm perfectly honest, I don't know my way around OpenSSL, nor SSL itself. My aim is to allow a SMTP to open a standard TCP socket, send "STARTTLS", the server and client i

RE: FIPS OM 2.0 in application shared library?

Hi Dr. Steve. Thank you very much. In our static case, we are using fipsld to link libcrypto and fipscanister with our objects. It seems successful, and produces a loadable shared library. But the self-test of FIPS_mode_set() is unable to match the signature. So we will keep experiment

Re: FIPS OM 2.0 in application shared library?

On Mon, Apr 23, 2012, dave.mclel...@emc.com wrote: > Hi. We are experimenting with the FIPS 2.0 Object Module RC1 and the recent > GA of OpenSSL 1.0.1. We have a successful FIPS-capable build of OpenSSL and > we've verified it with the openssl CLI with OPENSSL_FIPS=1 set. Our > experiments

FIPS OM 2.0 in application shared library?

Hi. We are experimenting with the FIPS 2.0 Object Module RC1 and the recent GA of OpenSSL 1.0.1. We have a successful FIPS-capable build of OpenSSL and we've verified it with the openssl CLI with OPENSSL_FIPS=1 set. Our experiments are currently limited to Linux X86_64, and we are not using