>From make test
signed content DER format, RSA key: OK
signed detached content DER format, RSA key: OK
signed content test streaming BER format, RSA: OK
signed content DER format, DSA key: OK
signed detached content DER format, DSA key: OK
signed detached content DER format, add RSA signer: OK
sig
I am rather good on theory of x509 certs, but quite short on practice of
making them. The few times I did, I used templates, but this time
around I am trying better to understand what is being created. Oh, I am
creating a mailserver (postfix) cert.
I am looking at a couple templets. The one
>From: owner-openssl-us...@openssl.org On Behalf Of David Hinkle
>Sent: Wednesday, 19 December, 2012 14:07
>I have a system where I want to selectively man in the middle
>some SSL connections. My proxy server currently has the capability
>to man in the middle all connections using openssl, or
I have a system where I want to selectively man in the middle some SSL
connections. My proxy server currently has the capability to man in the
middle all connections using openssl, or simply extract the server names
from the client hellos.
What I'd like to do is use my code to parse the client h
Wow... That is certainly a very unfortunate limitation... Thank you for
clarifying... Bill
On Dec 19, 2012, at 6:40 AM, Steve Marquess wrote:
> On 12/19/2012 05:21 AM, Bill Durant wrote:
>> Hello Jeffrey:
>>
>> Thank you for the response.
>>
>> So FIPS mode enable is supported on non-SSE2 proc
On 12/19/2012 05:21 AM, Bill Durant wrote:
> Hello Jeffrey:
>
> Thank you for the response.
>
> So FIPS mode enable is supported on non-SSE2 processors *only* with a
> fipscanister that is built with the "no-asm" option?
Correct. That's an unfortunate limitation of the requirements of the
valid
Where did you get the hex version of the point?
It does not look correct, its the wrong length.
For the curve you picked, The field size is 21 bytes.
The hex should be 04|x|y which would be 43 bytes, so string
should be 86 bytes with a leading 04.
On 12/13/2012 12:23 AM, jeetendra gangele wrote:
Hello Jeffrey:
Thank you for the response.
So FIPS mode enable is supported on non-SSE2 processors *only* with a
fipscanister that is built with the "no-asm" option?
Thanks,
Bill
On Dec 19, 2012, at 1:13 AM, Jeffrey Walton wrote:
> On Tue, Dec 18, 2012 at 11:15 PM, Bill Durant wrote:
>> Is i
On Tue, Dec 18, 2012 at 11:15 PM, Bill Durant wrote:
> Is it not possible to build a FIPS-capable OpenSSL with assembly language
> optimization enabled in the fipscanister that works under non-SSE2 capable
> processors?
>
> On SUSE Linux Enterprise Server 10, I have built the fipscanister with
