[openssl-users] unsubscribe

-Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of mclellan, dave Sent: Friday, January 23, 2015 6:17 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes failure on AIX, warning on all

Re: [openssl-users] Using FIPS mode and modifying apps

> On Jan 26, 2015, at 6:21 PM, jone...@teksavvy.com wrote: > > On Fri, 16 Jan 2015 10:16:48 -0500 > Steve Marquess wrote: > >> On 01/15/2015 05:52 AM, Marcus Meissner wrote: > >>> On Linux usually triggered by /proc/sys/crypto/fips_enabled >>> containing "1" or the environment variable >>> OPE

Re: [openssl-users] Using FIPS mode and modifying apps

On Fri, 16 Jan 2015 10:16:48 -0500 Steve Marquess wrote: > On 01/15/2015 05:52 AM, Marcus Meissner wrote: >> On Linux usually triggered by /proc/sys/crypto/fips_enabled >> containing "1" or the environment variable >> OPENSSL_FORCE_FIPS_MODE=1 (at least for the certs done by SUSE and >> Redhat,

Re: [openssl-users] Hostname validation

On 26/01/2015 19:50, Viktor Dukhovni wrote: On Mon, Jan 26, 2015 at 06:58:14PM +0100, pl wrote: On 26/01/2015 16:16, Viktor Dukhovni wrote: On Mon, Jan 26, 2015 at 03:10:57PM +, Viktor Dukhovni wrote: On Mon, Jan 26, 2015 at 01:07:54PM +0300, Serj wrote: Thank you for answer. So, your

Re: [openssl-users] Hostname validation

On Mon, Jan 26, 2015 at 06:58:14PM +0100, pl wrote: > On 26/01/2015 16:16, Viktor Dukhovni wrote: > >On Mon, Jan 26, 2015 at 03:10:57PM +, Viktor Dukhovni wrote: > > > >>On Mon, Jan 26, 2015 at 01:07:54PM +0300, Serj wrote: > >> > >>>Thank you for answer. > >>> > >>>So, your recomendation is t

Re: [openssl-users] Hostname validation

On 26/01/2015 16:16, Viktor Dukhovni wrote: On Mon, Jan 26, 2015 at 03:10:57PM +, Viktor Dukhovni wrote: On Mon, Jan 26, 2015 at 01:07:54PM +0300, Serj wrote: Thank you for answer. So, your recomendation is to use X509_check_host rather than code from wiki? Yes, definitely, provided of

Re: [openssl-users] Hostname validation

On Mon, Jan 26, 2015 at 03:10:57PM +, Viktor Dukhovni wrote: > On Mon, Jan 26, 2015 at 01:07:54PM +0300, Serj wrote: > > > Thank you for answer. > > > > So, your recomendation is to use X509_check_host rather than code from wiki? > > Yes, definitely, provided of course you're linking with O

Re: [openssl-users] Hostname validation

On Mon, Jan 26, 2015 at 01:07:54PM +0300, Serj wrote: > Thank you for answer. > > So, your recomendation is to use X509_check_host rather than code from wiki? Yes, definitely, provided of course you're linking with OpenSSL 1.0.2 or later. -- Viktor.

Re: [openssl-users] Hostname validation

Hi, Thank you for answer. So, your recomendation is to use X509_check_host rather than code from wiki? 25.01.2015, 20:59, "Viktor Dukhovni" : > On Sun, Jan 25, 2015 at 07:43:14PM +0300, Serj wrote: > Starting with 1.0.2, you can also ask OpenSSL to automatically > perform hostname checks during

Re: [openssl-users] Hostname validation

25.01.2015, 20:59, "Viktor Dukhovni" : >  On Sun, Jan 25, 2015 at 07:43:14PM +0300, Serj wrote: >>   What is the best way to make hostname validation? >> >>   1. http://wiki.openssl.org/index.php/Hostname_validation >>   2. X509_check_host that was added in OpenSSL 1.1.0. >  The X509_check_host()