How to invoke Incore's cross compile aware routines?

2013-06-21 Thread Jeffrey Walton
Hi All, I'm using openssl-fips-2.0.4 and openssl-1.0.1e. I'm working in an Android environment with cross compilation. Both the FIPS Object Module and FIPS Capable library built and installed without much effort. I'm trying to build a simple command line application which statically links to the

RE: Is my process correct.: openldap using GeoTrust

2013-06-21 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of Rodney Simioni > Sent: Friday, 21 June, 2013 11:38 > Comments below. > > From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson > Sent: Thursday, June 20, 2013 6:24 PM > The wildcard.securesites.com.cert you posted 6/19 has > Issuer:

RE: Understanding PKI

2013-06-21 Thread Dave Thompson
>From: owner-openssl-us...@openssl.org On Behalf Of Rodney Simioni >Sent: Friday, 21 June, 2013 10:36 >I want to really understand certificates, pki, etc; so forgive me >if these questions are elementary. >Before creating a certificate, I need to generate the CSR on the >actual server where I a

RE: SSL/TLS protocol versions and their supported cipher suites

2013-06-21 Thread no_spam_98
I'm going to try this questions again because it seems like there are some anomalies in the OpenSSL implementation:  which cipher suites are available in which versions of SSL/TLS? Using Appendix A.5 from the TLS 1.0, 1.1, and 1.2 RFCs, it looks to me as though there are some cipher suites in T

Thread safety questions in OpenSSL 1.0.1

2013-06-21 Thread Jason Schultz
Back in November a question(and response) were posted regarding thread safety in the 1.0.1 branch of OpenSSL: http://www.mail-archive.com/openssl-users@openssl.org/msg69322.html In the response to the questions, the user states he removed the thread ID callback function and the call to CRYPTO

RE: Is my process correct.: openldap using GeoTrust

2013-06-21 Thread Rodney Simioni
Comments below. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Thursday, June 20, 2013 6:24 PM To: openssl-users@openssl.org; openldap-techni...@openldap.org Subject: RE: Is my process correct.: openldap u

RE: Understanding PKI

2013-06-21 Thread Salz, Rich
Ø I want to really understand certificates, pki, etc; so forgive me if these questions are elementary. Google around for PKI introductions. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA

Understanding PKI

2013-06-21 Thread Rodney Simioni
Hi again, sorry for being a pain. I want to really understand certificates, pki, etc; so forgive me if these questions are elementary. Please clarify: Before creating a certificate, I need to generate the CSR on the actual server where I am going to install the certificate? (reason why

Re: [openssl-users] Country Name field in CA generated by openssl is encoded as PRINTABLESTRING

2013-06-21 Thread Erwann Abalea
countryName is ALWAYS a PrintableString, and is ALWAYS 2 characters long. See X.520 for a normative definition, included in RFC5280 for information. -- Erwann ABALEA Le 20/06/2013 18:33, phildoch a écrit : Country Name field in CA generated by openssl is encoded as PRINTABLESTRING while other f