Hello I can see a call to OBJ_bsearch_pmeth() in openssl source. By I could
not find the definition of OBJ_bsearch_pmeth(). I greped the entire source.
Can somebody help me to find the definition ?
./openssl-1.0.1d/crypto/evp/pmeth_lib.c:ret = OBJ_bsearch_pmeth(&t,
standard_methods,
> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni
> Sent: Friday, 10 May, 2013 12:20
> On Fri, May 10, 2013 at 11:26:35AM -0400, Ken Goldman wrote:
>
> > >a) get the der encoded value of tbsCertificate field
> > >b) hash it
> > >c) apply pkcs1 padding and sign it
> > >d) put th
On Fri, May 10, 2013 at 01:00:21PM -0600, Salz, Rich wrote:
> What is the difference between SSL_CTX_SET_cipher_list and
> SSL_CTX_set_preferred_cipher_list?
Which version of OpenSSL has the "preferred" version? I don't see
this in "master".
> When and why would I use the preferred version?
> I
On Fri, May 10, 2013, Salz, Rich wrote:
> Would there be any interest (and support) from the dev team for patches that
> completely remove SSLv2 API's?
>
What would the difference be between this and the no-ssl2 switch to Configure?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core develope
Would there be any interest (and support) from the dev team for patches that
completely remove SSLv2 API's?
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
What is the difference between SSL_CTX_SET_cipher_list and
SSL_CTX_set_preferred_cipher_list ? When and why would I use the preferred
version? I promise to turn any answers I got into a POD manpage for future
inclusion :)
And why is there an SSL_set_cipher_list function, but the (misnamed?)
S
The answer to your question is yes, RSA blinding is turned on by default.
To verify that blinding is turned on by default, run this test:
Run the following code after calling RSA_blinding_off(*RSA). Then, comment
out RSA_blinding_off() and run it again. The output from this test verifies
that RS
Cristian Thiago Moecke
writes:
> You have two ways to follow.
>
> 1) To use an HSM to sign, the "official" way to do it is to use an
> openssl engine. If your HSM does not provide an openssl engine, it
> probably does provide a PKCS#11 module, and you can use the pkcs11
> engine to load it and
Hello
I have build OpenSSL 1.0.1e with fips 2.0.3
eistre:/ # openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
when I use 'wget' with https I run in Illegal instruction
I start with gdb and it comes
Verbindungsaufbau zu eisler.nettworks.org
(eisler.nettworks.org)|139.20.200.42|:443... verbun
Must non-CA, self-signed certificates have the "keyCertSign" bit set in the
keyUsage extension to be "valid?"
If I don't have the bit set and execute the following command:
openssl verify -check_ss_sig -CAfile ./my-ss-cert.pem ./my-ss-cert.pem
I get the following error:
error 20 at 0 depth look
On Fri, May 10, 2013 at 11:26:35AM -0400, Ken Goldman wrote:
> >a) get the der encoded value of tbsCertificate field
> >b) hash it
> >c) apply pkcs1 padding and sign it
> >d) put the signature on asn1 form
> >e) add NIDs and other parameters to the cert_info field you identified.
> >I spent a lot
> 2) In some situations that is not possible (e.g. you need it to be
>> signed on a different remote system). And I just had the same need this
>> week, but for Certificate Requests. There are a lot of small
>> non-documented things to do in this case but basically you need to:
>> a) get the der e
On 5/10/2013 6:17 AM, Krzysztof Konopko wrote:
This could also be handled by some sort of engine that would work in two
modes:
* generate an intermediate result (hash) that can be processed (signed)
I'm looking for advice on how to do that.
at the remote site (how to get it there securely is
On 5/10/2013 5:37 AM, Cristian Thiago Moecke wrote:
You have two ways to follow.
1) To use an HSM to sign, the "official" way to do it is to use an
openssl engine. If your HSM does not provide an openssl engine, it
probably does provide a PKCS#11 module, and you can use the pkcs11
engine to loa
Hello
I have build OpenSSL 1.0.1e with fips 2.0.3
eistre:/ # openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
when I use 'wget' with https I run in Illegal instruction
I start with gdb and it comes
Verbindungsaufbau zu eisler.nettworks.org
(eisler.nettworks.org)|139.20.200.42|:443... verbun
2013/5/10 Cristian Thiago Moecke
> You have two ways to follow.
>
> 2) In some situations that is not possible (e.g. you need it to be signed
> on a different remote system). And I just had the same need this week, but
> for Certificate Requests. There are a lot of small non-documented things to
You have two ways to follow.
1) To use an HSM to sign, the "official" way to do it is to use an openssl
engine. If your HSM does not provide an openssl engine, it probably does
provide a PKCS#11 module, and you can use the pkcs11 engine to load it and
use it.
2) In some situations that is not po
17 matches
Mail list logo
