Seems to be the second case. Code check on master:
In app/req.c:1561 the call
if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
(unsigned char *)buf, -1)) {
works through crypto/x509/x509_att.c:313
if ((len == -1) && !(attrtype & MBSTRING_FLAG))
{
if (!
RSA key generation is time-nondeterministic. The reason why is because
candidate prime pairs (generated from the random number generator) must
both past primality and relative primality tests. If the tests fail,
both are supposed to be discarded and the generation go back to step 1.
If you're un
On Thu, Jul 03, 2014 at 08:34:16PM +0200, Jakob Bohm wrote:
> >>For X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS:
> >>Is that the "leftmost" rule? I.e., a wildcard must be at the leftmost label?
> >
> >No, it is exactly what is described. When the bit is clear such partial
> >wildcards are allowed.
>
>
On Thu, Jul 3, 2014 at 3:35 PM, Viktor Dukhovni
wrote:
> On Thu, Jul 03, 2014 at 12:28:20PM -0400, Jeffrey Walton wrote:
> ...
>> Does the entire RFC 6125 apply for hostname matching? If so, two points:
>>
>> (1) X509_check_host(3)'s description only references tRFC 6125
>> for IDNs p
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Jakob Bohm
> Sent: Thursday, 03 July, 2014 12:22
>
> On 7/3/2014 5:50 PM, Steven Kinney wrote:
> > I enter the following command, as instructed by Cisco:
> >
> > req -new -config c:\openssl\share\opens
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Jakob Bohm
> Sent: Thursday, 03 July, 2014 12:11
>
> The previous posters claims about initializing all variables is
> equally possible in C90. However his dead-code elimination
> assumption will prob
On Thu, Jul 03, 2014 at 12:28:20PM -0400, Jeffrey Walton wrote:
> Right, but what is the baseline behavior with (and without) wild cards
> in a certificate's DNS name?
The opposite of each flag bit. Wildcards are supported, match only
in the left-most label, but may match a part of that label wi
Try with empty challenge:
see
http://luke.breuer.com/time/item/Generating_an_SSL_certificate_on_Windows_without_IIS/634.aspx
On 03/07/2014 20:52, Michael Sierchio wrote:
> My Windoze knowledge is hazy, and from the distant past, but if you're
> running this in a CMD window, you may simply need t
My Windoze knowledge is hazy, and from the distant past, but if you're
running this in a CMD window, you may simply need to increase the
available memory from the default for that process.
- M
On Thu, Jul 3, 2014 at 11:43 AM, Steven Kinney
wrote:
> No. Running on my Dell laptop.
>
>
> Sent on th
No. Running on my Dell laptop.
Sent on the new Sprint Network from my Samsung Galaxy S®4.
Original message
From: Jakob Bohm
Date:07/03/2014 1:23 PM (GMT-06:00)
To: openssl-users@openssl.org
Subject: Re: help with error
On 7/3/2014 5:50 PM, Steven Kinney wrote:
> I enter the f
On 7/3/2014 1:22 PM, Viktor Dukhovni wrote:
On Thu, Jul 03, 2014 at 12:35:23AM -0400, Jeffrey Walton wrote:
I guess what I am asking: what is the default behavior. Its not clear
from the basic description.
For each flag bit, the opposite behaviour to that obtained by
setting the bit is the d
On 7/3/2014 5:50 PM, Steven Kinney wrote:
I enter the following command, as instructed by Cisco:
req -new -config c:\openssl\share\openssl.cnf -newkey rsa:1024 -nodes
-keyout mykey.pem -out myreq.pem
And I get the following error:
Please enter the following 'extra' attributes
to be sent with
On 7/3/2014 2:25 PM, Salz, Rich wrote:
Would the project consider moving to C99
Yes, we are. We're trying to figure out platform and toolchain issues.
(Platform is the operating system and hardware, and toolchain is like gcc or
clang, for those who don't know.)
I think moving to c99 is an
I enter the following command, as instructed by Cisco:
req -new -config c:\openssl\share\openssl.cnf -newkey rsa:1024 -nodes -keyout
mykey.pem -out myreq.pem
And I get the following error:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge passwor
Hi Viktor,
Great work on the API.
I have a few additional questions. My apologies if you are on the
beach enjoying yourself.
>> I guess what I am asking: what is the default behavior. Its not clear
>> from the basic description.
>
> For each flag bit, the opposite behaviour to that obtained by
>
Hi Benny,
Thanks for the usefull info.
I built and installed the Haveged daemon on my embedded board.
Run it with: ./haveged -w 1028
I checked with command cat /proc/sys/kernel/random/entropy_avail that the
available entropy jumps from 128 before running the daemon to >1028 after.
But un
Hi
Occassionally my application is hangin forever.
The following are the traces from dump file suggest the hang occurring in
libeay32.dll(version 0.9.8.4).
Please can you let me know if this is something known issue
FAULTING_IP:
+0
` ?? ???
EXCEPTION_RECORD: fff
> Would the project consider moving to C99
Yes, we are. We're trying to figure out platform and toolchain issues.
(Platform is the operating system and hardware, and toolchain is like gcc or
clang, for those who don't know.)
I think moving to c99 is an obvious thing to do :)
/r$
--
On Thu, Jul 03, 2014 at 12:35:23AM -0400, Jeffrey Walton wrote:
>
> I guess what I am asking: what is the default behavior. Its not clear
> from the basic description.
For each flag bit, the opposite behaviour to that obtained by
setting the bit is the default when the bit is zero.
> *
> Fo
On Thu, Jul 03, 2014 at 12:46:05AM -0700, phildoch wrote:
> I tested the generation of a certificate with a keypair RSA 4096 bit on two
> different platforms.
>
> The openssl command I used is:
> /openssl req -newkey rsa:4096 -keyout clientKey.pem -out clientReq.pem/
>
> There was a huge differ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am 03.07.2014 09:46, schrieb phildoch:
> I tested the generation of a certificate with a keypair RSA 4096
> bit on two different platforms.
>
> The openssl command I used is: /openssl req -newkey rsa:4096
> -keyout clientKey.pem -out clientReq.
I tested the generation of a certificate with a keypair RSA 4096 bit on two
different platforms.
The openssl command I used is:
/openssl req -newkey rsa:4096 -keyout clientKey.pem -out clientReq.pem/
There was a huge difference in the time it took on each one of the
platforms. On a first Linux
22 matches
Mail list logo
