I am sorry that I was not clear.
I am saying that if there are people who depend and want no-stdio and NO_FP_API
to be kept in the OpenSSL source, then they need to feed their patches, just to
make those things work, back to OpenSSL.
My mind is not made up. I am asking for people who want us t
On Wed, Sep 03, 2014 at 04:34:05PM -0700, Andy Schmidt wrote:
> The problem is that the API call sequence generates different S/MIME
> and/or PKCS7 output between 1.0.1h and 1.0.1i. The attached files are
> generated from the same API call sequence, JohnHancock.smime.h with
> 1.0.1h and JohnHancoc
On Wed, Sep 3, 2014 at 4:21 PM, Jens Maus wrote:
> Am 03.09.2014 um 21:33 schrieb Salz, Rich :
>
> >> +1 for keeping the features (I use AmiSSL ;) )
> >
> > It doesn’t build. Unless that is addressed, it is highly likely that I
> will remove it from the tree after 1.0.2
>
> Well, then why are yo
Great, thank you!
The problem is that the API call sequence generates different S/MIME
and/or PKCS7 output between 1.0.1h and 1.0.1i. The attached files are
generated from the same API call sequence, JohnHancock.smime.h with
1.0.1h and JohnHancock.smime.i with 1.0.1i. The h version S/MIME does
not
Am 03.09.2014 um 21:33 schrieb Salz, Rich :
>> +1 for keeping the features (I use AmiSSL ;) )
>
> It doesn’t build. Unless that is addressed, it is highly likely that I will
> remove it from the tree after 1.0.2
Well, then why are you asking for opinions in first place if your decision is
alr
On Wed, Sep 03, 2014 at 02:01:35PM -0700, Andy Schmidt wrote:
> openssl smime -in JohnHancock.smime -pk7out
Decoding the pkcs7 data with asn1parse results in:
0:d=0 hl=4 l=4594 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT:pkcs7-signedData
15:d=1 hl=4 l=45
I have found some change in the behavior of the OpenSSL 1.0.1 crypto
library between releases h and i regarding the internal handling of
PKCS7 and X509 structures. Attached is a S/MIME signed message
generated by C calls to the OpenSSL 1.0.1i API. If I take this output
and then on the command line
> +1 for keeping the features (I use AmiSSL ;) )
It doesn’t build. Unless that is addressed, it is highly likely that I will
remove it from the tree after 1.0.2
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
+1 for keeping the features (I use AmiSSL ;) )
alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
What you could also consider doing is to look at list of cipher suites
that you advertise during handshake and try to restrict it a bit.
I had same problem with F5 BIG-IP after migration OpenSSL 1.0.0 ->
1.0.1k (it seems there was many ciphers added between those to versions
which makes). Then I
What config flags to you use? What changes have you made? It doesn't build
for me.
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
__
OpenSSL Project
Reading the OpenSSL source code in an effort to learn how the SSL and TLS
protocols work is not a good idea. OpenSSL is an implementation, not a tutorial.
I suggest you get an actual description of how SSL/TLS works, such as Eric
Rescorla's book SSL and TLS.
(I believe Rich already suggested yo
We are using these options for an AmigaOS-based port of OpenSSL (which we call
AmiSSL) which can be found here:
http://sourceforge.net/projects/amissl/
In fact, we use these two options because file pointers are substantially
handled differently on AmigaOS and we use no-stdio because we build A
Reminder.
-- Forwarded message --
From: md intekhab shaukat
Date: Thu, Aug 28, 2014 at 3:56 PM
Subject: Client Key Exchange Message
To: openssl-users@openssl.org
Hi,
I am a Master student and as case study regarding OpenSSL, I have to find
out what all information are being sen
These configuration options do not build. I started to try and fix them, but
after fixing the first few problems, things got really sticky.
We hear that OpenSSL on embedded devices is important. Is anyone using this,
willing to share their fixes, and help maintain it? If not, it will be removed
On 01/09/2014 16:17, AUser ZUser wrote:
Hello
Can someone please help me with the following question.
I have a code signing certicate in my X509 store "LocalMachine\My" which I can
use for signing PowerShell scripts for example
Set-AuthenticodeSignature ./MyScript.ps1 -certificate ( gci
cert
16 matches
Mail list logo
