> From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
> Sent: Tuesday, 19 February, 2013 07:20
> On Tue, Feb 19, 2013, Eisenacher, Patrick wrote:
>
Aside: the original of that message shows as empty (no text)
in my Outlook. I can look at headers and they seem reasonable
(text/
On Mon, Feb 18, 2013 at 2:38 PM, Jeffrey Walton wrote:
> Hi All,
>
> $ uname -a
> Linux ubuntu-12-x64 3.2.0-37-generic #58-Ubuntu SMP Thu Jan 24
> 15:28:10 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
>
> Any ideas?
>
> jeffrey@ubuntu-12-x64:~/openssl-1.0.1e$ ./Configure linux-generic64
> -no-hw -no-en
On Tue, 2013-02-19 at 16:48 +, Viktor Dukhovni wrote:
> On Tue, Feb 19, 2013 at 03:57:00AM -0500, Nick wrote:
>
> > I see EVP_EncodeUpdate adds a newline char after every 64 chars of
> > output (presumably to wrap the output). Can this be disabled?
>
> No, but the EVP_EncodeBlock() function
On Tue, 2013-02-19 at 11:26 -0800, Glenn Smith wrote:
> Ok, I admit I'm a newbie and has probably been answered 1000s of times -
> although I haven't found the answer.
>
> I'm trying to do something simple. I'm trying to convert a simple string
> using AES-256 and the Windows WinCRYPT api and hav
On Tue, Feb 19, 2013, Pankaj Chordiya wrote:
> Hi
>
>I am using following sequence of x509 calls to generate self signed
> certificate from existing original certificate in DER format.
>
>
>X509 *cert;
>X509 *orig_cert;
>
>orig_cert = d2i_X509_fp("orignal_cert.der", NULL);
>
On 02/19/2013 01:25 PM, Rickard Binnare wrote:
> Hi!
>
> Regarding the FIPS_selftest method. I am a little bit confused regarding
> this method, according to the documentation UserGuide-2.0.pdf section
> 2.6.1 it should be possible to call this method. The UserGuide clearly
> states “/A power-up s
Ok, I admit I'm a newbie and has probably been answered 1000s of times -
although I haven't found the answer.
I'm trying to do something simple. I'm trying to convert a simple string
using AES-256 and the Windows WinCRYPT api and have the output be something
I can then decrypt with OpenSSL on a L
Hi
I am using following sequence of x509 calls to generate self signed
certificate from existing original certificate in DER format.
X509 *cert;
X509 *orig_cert;
orig_cert = d2i_X509_fp("orignal_cert.der", NULL);
cert = d2i_X509_fp("orignal_cert.der", NULL);
/* Set Issuer
Hi!
Regarding the FIPS_selftest method. I am a little bit confused regarding
this method, according to the documentation UserGuide-2.0.pdf section 2.6.1
it should be possible to call this method. The UserGuide clearly states “*A
power-up self-test is performed automatically by the FIPS_mode_set()
On Tue, Feb 19, 2013 at 03:57:00AM -0500, Nick wrote:
> I see EVP_EncodeUpdate adds a newline char after every 64 chars of
> output (presumably to wrap the output). Can this be disabled?
No, but the EVP_EncodeBlock() function does not generate any newlines.
You must pass it a multiple of 3-bytes
Mr. Salz -
You bring up excellent points!
I must admit that since this is a personal server sitting in my home
(albeit used by my wife for consulting work of hers), I do allow for
contradictory goals to exist. Part of my desire is to avoid *known*
security vulnerabilities. As to the unknown ones
For anyone who happens to bump up against this, we found that it was because we
unintentionally were linking in the 64-bit fipscanister.lib into a 32-bit
application. The default on a 64-bit version of Windows is a 64-bit library.
We rebuilt as a 32-bit library and it resolved the problem.
T
> Since my goal is a running system with no known security vulnerabilities ...
> I have a habit of wanting to use the 'latest everything' as I check versions
> of software on my server once every few weeks.
These two items contradict each other. If you want a secure system, you should
only upgr
On Tue, Feb 19, 2013, Jeremy Harris wrote:
> On 18/02/2013 22:32, Dr. Stephen Henson wrote:
> >>That's fine except that we're using SSL_CTX_set_verify() callback already
> >>and the docs say it and SSL_CTX_set_cert_verify_callback() should not
> >>be mixed.
> >>
> >
> >That explanation could be cl
On Tue, Feb 19, 2013, Joel Bion wrote:
> Thank you all for your kind help. I noticed the lack of the trace option
> with 1.0.1e. Is there some way for me to check out a copy of 1.0.2
> development, to see if it exhibits the same problem - and if it does, to
> capture a trace?
>
Any 1.0.2 snapsho
Thank you all for your kind help. I noticed the lack of the trace option
with 1.0.1e. Is there some way for me to check out a copy of 1.0.2
development, to see if it exhibits the same problem - and if it does, to
capture a trace?
I have not been able to progress much on this, because of other
resp
On 18/02/2013 22:32, Dr. Stephen Henson wrote:
That's fine except that we're using SSL_CTX_set_verify() callback already
and the docs say it and SSL_CTX_set_cert_verify_callback() should not
be mixed.
That explanation could be clearer. In this case it's fine to mix the two.
OK, thankyou. No
On Tue, Feb 19, 2013, Eisenacher, Patrick wrote:
>
> Additionally, try invoke s_client with the -trace and -state options to get
> more human readable output. But as Dave has already pointed out, your
> client's write to the socket fails, because the underlying connection was
> closed down and yo
> -Original Message-
> From: Dave Thompson
>
> > From: owner-openssl-us...@openssl.org On Behalf Of Joel Bion
> > Sent: Monday, 18 February, 2013 13:57
>
> > The issue I have been reporting has never been on the client
> > side, as the
> > problem is seen when connecting into a server tha
On Mon, February 18, 2013 3:04 am, Eisenacher, Patrick wrote:
> Hi Joel,
>
>
> Looks like your client doesn't trust the server's root CA certificate.
> Try to invoke s_client with either the -CApath or the -CAfile option.
>
>
Thanks for your note.
The issue I have been reporting has never been o
I see EVP_EncodeUpdate adds a newline char after every 64 chars of
output (presumably to wrap the output). Can this be disabled?
Nick
__
OpenSSL Project http://www.openssl.org
User Support Maili
21 matches
Mail list logo
