> On Mar 19, 2016, at 10:07 PM, Jeffrey Walton wrote:
>
> Hi Everyone,
>
> I'm working with OpenSSL 1.1.0. I think I'm seeing a hang in:
>
>../test/recipes/80-test_ssl.t . {5|6}/47
>
> It seems like its timing out, and then the tests march on with:
>
>../test/recipes/80-t
Hello,
My company is in the process of upgrading from openssl 1.0.1 to openssl
1.0.2. We noticed that when we use any version of openssl 1.0.2 we have an
extremely high increase in memory usage. Around 15 or more gigs of memory
extra are consumed.
My questions are as follows:
Are there any sett
Hi Everyone,
I'm working with OpenSSL 1.1.0. I think I'm seeing a hang in:
../test/recipes/80-test_ssl.t . {5|6}/47
It seems like its timing out, and then the tests march on with:
../test/recipes/80-test_ssl.t . ok
I tried to get a verbose output with 'make test
I’m currently working on additions to the openVMS build scripts. My goal is to
modify the scripts so that they can easily build (when requested) the libraries
in a case sensitive linkage. I have successfully created and tested the SSL
libraries built in this fashion with cUrl but with cannibaliz
> How do we configure without OPENSSL_die?
You can't. you can replace the function with something that does something
better for your needs. But the times you get there, a catastrophic error has
happened and the library cannot proceed. It would be great to fix those
things; start by picking
> On Mar 17, 2016, at 5:17 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> I’ve an extremely naïve question. I am generating ephemeral EC keys for ECDH,
> following the example in
> https://wiki.openssl.org/index.php/EVP_Key_and_Parameter_Generation
>
> But it looks like the example ends on
I’ve an extremely naïve question. I am generating ephemeral EC keys for
ECDH, following the example in
https://wiki.openssl.org/index.php/EVP_Key_and_Parameter_Generation
But it looks like the example ends on generation of the private key:
/* Generate the key */
if (!EVP_PKEY_keygen(kctx, &key)) g
openssl/crypto.h has the following:
/* die if we have to */
# if OPENSSL_API_COMPAT < 0x1010L
# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l))
# endif
void OPENSSL_die(const char *assertion, const char *file, int line);
# define OPENSSL_assert(e) \
(void)((e) ? 0 : (OPENSSL_die("assert
Answered my own question: should use EVP_PKEY_bits(pkey) instead.
--
Regards,
Uri Blumenthal
On 3/18/16, 14:57 , "openssl-users on behalf of Blumenthal, Uri - 0553 -
MITLL"
wrote:
>First, Stephen and Viktor - thank you!
>
>On 3/17/16, 19:45 , "openssl-users on behalf of Dr. Stephen Henson"
Any particular reasone why the links in these announcements
are http links and not https links?
On 16/03/2016 18:50, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.1.0 pre release 4 (beta)
===
OpenSSL - The Op
On 03/16/2016 02:52 PM, Jeffrey Walton wrote:
If I can ask as a user, if I say do this _all the time_, then
would it be easiest on you?
make depend && make clean && make
Or is there something else you would recommend?
If it were up to _me_, I'd move to a cmake build system, with clear
On Fri, Mar 18, 2016 at 06:59:36PM +, Blumenthal, Uri - 0553 - MITLL wrote:
> Answered my own question: should use EVP_PKEY_bits(pkey) instead.
That's not the right way to determine the curve id.
> >How do I determine what curve the above key is on?
For that you need to determine the EVP_PK
-Message d'origine-
De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de
Viktor Dukhovni
Envoyé : mercredi 16 mars 2016 23:40
À : openssl-users@openssl.org
Objet : Re: [openssl-users] About no-ssl2
...
> In what release?
Sorry, I forgot to mention : current relea
>The problem is the concept itself since it will require every app to have
>coded into it when a given feature was removed should it attempt to support it
>when present.
Yes.
It dates back to the very early days (when SSLeay was developed on clay
tablets), when the default was "get it all" an
Thank you again and again Matt,
Regards,
Michel.
-Message d'origine-
De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de
Matt Caswell
Envoyé : vendredi 18 mars 2016 13:08
À : openssl-users@openssl.org
Objet : Re: [openssl-users] Questions about OCB and Wrap modes
On 03/15/2016 08:38 PM, Satya Das wrote:
> Steve,
>
> How does one get a hold of the embedded signature in libcrypto.so ?
I assume you're referring to the known-good FIPS 140-2 integrity check
digest that is used for the runtime integrity check in the POST.
Several people have already tried to
Thanks,
Jason
On Fri, Mar 18, 2016 at 4:23 PM, Scott Neugroschl wrote:
> I suspect the use of std::string and c_str(). Use a std::vector
> instead.
>
>
>
> *From:* openssl-users [mailto:openssl-users-boun...@openssl.org] *On
> Behalf Of *Jason Qian
> *Sent:* Friday, March 18, 2016 1:19 PM
> *To
On Wed, Mar 16, 2016, Krzysztof Modras wrote:
> Hello,
>
> I'm new to the group, so please excuse me if I'm describing my issue
> incorrectly.
>
> I've originally posted this github issue:
> https://github.com/openssl/openssl/issues/883
>
> As it may not exactly be a openssl problem (both old a
On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote:
> IMHO, whether SSL2 is completly removed or disabled, I would have expected
> opensslconf.h to reflect the situation to applications.
In what release?
> But now, it just contains :
>
> #ifndef OPENSSL_NO_SSL3
>
> # define OPENSSL_NO_SSL
I suspect the use of std::string and c_str(). Use a std::vector instead.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jason Qian
Sent: Friday, March 18, 2016 1:19 PM
To: openssl-users@openssl.org
Subject: [openssl-users] help on des_cblock
I am new on openSSl and
On 16 March 2016 at 22:39, Viktor Dukhovni
wrote:
> On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote:
> OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable
> with OPENSSL_NO_SSL2. The "OPENSSL_NO_..." macros specify disabled
> features, not deleted code.
>
That's the maj
Hi,
IMHO, whether SSL2 is completly removed or disabled, I would have expected
opensslconf.h to reflect the situation to applications.
But now, it just contains :
#ifndef OPENSSL_NO_SSL3
# define OPENSSL_NO_SSL3
#endif
Was it really intended ?
Regards,
Michel.
--
openssl-u
> After
>
> ./configure ...
>
> I'm prompted
>
> Since you've disabled or enabled at least one algorithm, you need to
> do
> the following before building:
>
> make depend
>
> Exec'ing the 'make depend' stage returns lots of warnings,
>
>
I'm not sure w
On Wed, Mar 16, 2016 at 10:52:39PM +, Richard Moore wrote:
> On 16 March 2016 at 22:39, Viktor Dukhovni
> wrote:
>
> > On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote:
> > OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable
> > with OPENSSL_NO_SSL2. The "OPENSSL_NO_.
Oh, and I'd much prefer to stay at the EVP level, rather than invoke BIO
primitives for this task.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Blumenthal, Uri - 0553 - MITLL
Sent: Thursday, March 17, 2016 18:09
To: Viktor Dukhovni; open
Hey guys! I have a quick question that I can't seem to find the answer to
anywhere: I know how to add a "fullname" CRL distribution point extension, but
how does one add nameRelativeToCRLIssuer? The RFC says that it's a 'choice'
element in x509 CRL extensions, but when I try to replace "fullna
On Thu, Mar 17, 2016, Viktor Dukhovni wrote:
>
> > On Mar 17, 2016, at 6:32 PM, Blumenthal, Uri - 0553 - MITLL
> > wrote:
> >
> > Oh, and I'd much prefer to stay at the EVP level, rather than invoke BIO
> > primitives for this task.
>
> Well you can work with
> http://openssl.org/docs/manma
Great! Say, I want to extract the public key and make it available to another
entity or module? Possibly DER-encoded, though I'd like to learn how to do
both: extract ASN.1-encoded and raw (assuming it is possible).
Thanks!
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
Hi Farrell,
Thanks a lot for your reply.
I've actually used password of 64 characters in my program, for simplicity I've
showcased as 6 byte password in below example.
Looks like there is some other issue or some stringent check that is added in
1.0.1p as the same code works fine in 0.9.8zg v
On Wed, Mar 16, 2016 at 11:10:33PM +0100, Jakob Bohm wrote:
> Wait, are you saying that OpenSSL 1.1.0 no longer implements
> all the known SSL/TLS versions (some of which are disabled by
> default because of security)?
>
> That would mean it is no longer a full featured TLS and SSL
> toolkit?
We
> On Mar 18, 2016, at 2:14 AM, Tekale, Sharad wrote:
>
> Thanks a lot for your reply.
>
> I've actually used password of 64 characters in my program, for simplicity
> I've showcased as 6 byte password in below example.
>
> Looks like there is some other issue or some stringent check that is
First, Stephen and Viktor - thank you!
On 3/17/16, 19:45 , "openssl-users on behalf of Dr. Stephen Henson"
wrote:
>On Thu, Mar 17, 2016, Viktor Dukhovni wrote:
>>
>>Well you can work with
>>http://openssl.org/docs/manmaster/crypto/EC_KEY_key2buf.html
>> to extract EC public key octets.
>
>That'
Hello,
I'm new to the group, so please excuse me if I'm describing my issue
incorrectly.
I've originally posted this github issue:
https://github.com/openssl/openssl/issues/883
As it may not exactly be a openssl problem (both old and new behaviour meet
the specification?), I will try to reformul
I am new on openSSl and run into a issue need some help.
In our application, the client and server perform a Diffie Hellman Key
exchange and then encrypt the data The client is written in C++(using
openSSL), and server is in java.
Most of time, it is running correctly, but occasionally the se
34 matches
Mail list logo
