Re: donation - Nokia, our first Platinum Sponsor

2014-04-30 Thread Luis Rocha
Wow - congrats! Good and positive outcomes of Hearbleed : ) On Thu, May 1, 2014 at 12:52 AM, Steve Marquess < marqu...@opensslfoundation.com> wrote: > It is my great pleasure to announce that Nokia > (http://company.nokia.com/en), formerly Nokia Solutions and Networks > (NSN), has signed on as t

donation - Nokia, our first Platinum Sponsor

2014-04-30 Thread Steve Marquess
It is my great pleasure to announce that Nokia (http://company.nokia.com/en), formerly Nokia Solutions and Networks (NSN), has signed on as the first ever Platinum Sponsor of OpenSSL. Their press release: http://nsn.com/news-events/press-room/press-releases/nsn-makes-largest-donation-to-date-dir

Re: Question about rationale for function X509_check_akid()

2014-04-30 Thread Viktor Dukhovni
On Wed, Apr 30, 2014 at 03:44:51PM +0200, Stephan M?hlstrasser wrote: > Shouldn't it only return X509_V_OK if at least one of the three tests "Check > key ids (if present)", "Check serial number" and "Check issuer name" > actually was performed? Don't know about the CRL code path, but the same fu

Question about rationale for function X509_check_akid()

2014-04-30 Thread Stephan Mühlstrasser
I'm using a verify callback function set via X509_STORE_set_verify_cb_func() to customize the behavior of X509_verify_cert(). For example errors related to the fact that no complete chain to a trusted root can be built are ignored, in order to still allow validation of other properties of signi

donation thank you - Hitomi Kimura

2014-04-30 Thread Steve Marquess
I would like to publicly thank Hitomi Kimura for his recent personal donation of US$500 to the OpenSSL project. He notes that he is a long time OpenSSL user and that for his job as an information security engineer in Japan he has distributed tens of thousands of client certificates. -Steve M. --

Re: Windows CE (VC-CE) Compilation problem !

2014-04-30 Thread Geoffrey Coram
I use wcecompat with OpenSSL for WinCE 2.11; I haven't tried building for a later version of WinCE, and I use an older compiler. There's some basic problem with your build; it looks like something as basic as using a C compiler to compile C++ and getting tripped up on new syntax. Are you able

Re: Re: TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)

2014-04-30 Thread zyf01...@gmail.com
I have tryed, it works well. So ,what wrong with my appliction? zyf01...@gmail.com  From: Jeffrey WaltonDate: 2014-04-30 15:27To: OpenSSL Users ListSubject: Re: TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version) On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com wr

Re: Re: TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)

2014-04-30 Thread zyf01...@gmail.com
On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com wrote: > This time the client hello and server hello is done,but when client key > exchange the server reply Alert (Level: Fatal, Description: Protocol > Version).Shows bellow, what wrong with this? And I kown this alert means > the client is not

Re: Increment certificate serial numbers randomly

2014-04-30 Thread Mat Arge
Some standards (like the CA/Browser Forum guidelines) request a certain amount of entropy (like 20 bits) to be contained within the serial number. Is there some sort of best-practice for incorporating this small amount of real random data into a larger unique serial number? cheers Mat On Tuesd

Re: TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)

2014-04-30 Thread Jeffrey Walton
On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com wrote: > This time the client hello and server hello is done,but when client key > exchange the server reply Alert (Level: Fatal, Description: Protocol > Version).Shows bellow, what wrong with this? And I kown this alert means > the client is not

Re: Increment certificate serial numbers randomly

2014-04-30 Thread Walter H.
On 29.04.2014 22:32, Tim Hudson wrote: On 30/04/2014 6:05 AM, Walter H. wrote: On 29.04.2014 21:38, d...@deadhat.com wrote: This all seems unecessarily complex. Make the serial number a 256 bit or greater true random number. There will be no collisions. the serial

TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)

2014-04-30 Thread zyf01...@gmail.com
This time the client hello and server hello is done,but when client key exchange the server reply Alert (Level: Fatal, Description: Protocol Version).Shows bellow, what wrong with this? And I kown this alert means the client is not using the same protocol, but why client hello ,and server