data structures won't properly handle a simultaneous read on
one thread and write from a different thread.
cjs
--
Curt Sampson +81 90 7737 2974
It is easier to write an incorrect program than understand a correct one.
--Alan Perlis,
a different thread writing, that's two threads concurrently
using one connection.
And "underneath the covers," as it were, both threads may be both
reading and writing, since a read or write to an OpenSSL handle can
translate to both reads and writes on the underlying
y, the AuthorityKeyIdentifier
extension, and suchlike?
Also, you'll get more replies if you post a fresh message to the list
when you have a fresh question, rather than replying to a mesasge deep
in an unrelated topic chain that people might be ignoring.
cjs
--
Curt Sampson +81 9
application as well, and
as well as similarly long-running connections, I'm wondering what, if
anything, I need to do about re-seeding OpenSSL's PRNG. How long is
it safe to leave it running in a moderately busy system (several TLS
connections per second), and is that even the metric
since I can
verify the certs themselves after receipt to have the actual public key
I'm looking for, and be signed correctly and all of that. Any thoughts?
cjs
--
Curt Sampson +81 90 7737 2974
It is easier to write an incorrect program than understand a correct o
need to give an OpenSSL
function (outside of trivial accessors) an X509*?
Also, is there any documentation on how memory management for this sort
of stuff is working in general in the OpenSSL library? The code is
heavily macro-driven and I'm finding it rather confusing.
cjs
--
Curt Sa
gt; valuable feedback.
It depends on what you put in the certificate. OpenSSL 0.9.7a certainly
capable of producing RFC-5280-compliant certificates, but you can also
easily produce non-compliant certificates as well.
cjs
--
Curt Sampson +81 90 7737 2974
Then I ducked into Burger K
On 2012-05-23 13:26 +0900 (Wed), Curt Sampson wrote:
> The application I'm concerned with
Oh, one more thing I forgot about the application: we're using our own
means of certificate and CRL distrubution and storage, so in generally
we have DER representations of this stuff in m
dation of documents and things like
that.
cjs
--
Curt Sampson +81 90 7737 2974
Then I ducked into Burger King to scarf down a whopper with 45 pieces of
bacon on it! Oh, oh!--JayDogg
__
OpenSSL Project
over OpenSSL for embedded systems. That said,
I've only looked at it, not used it.
cjs
--
Curt Sampson +81 90 7737 2974
Then I ducked into Burger King to scarf down a whopper with 45 pieces of
bacon on it
should
feel free to jump in and correct me if I've gone wrong somewhere.)
cjs
--
Curt Sampson +81 90 7737 2974
Measuring programming progress by lines of code is like measuring
aircraft building progress by weight. --Bill Gates
__
nameopt show_type" on it. :-)]
cjs
--
Curt Sampson +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out how t
ucture, or PKIX) and
RFC 2818 (HTTP Over TLS).
(Anybody, please feel free to correct me if I'm wrong, but this is
basically what I've gotten from many hours of study on this over the
last few months in preparation for setting up my own PKI.)
cjs
--
Curt Sampson +81 90 7737
rience
which is well documented; if you want a real challange read up on the
NetBSD issues and try a conversion yourself.
cjs
--
Curt Sampson +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
m
if you're
doing something where you want to read encrypted data at a later date
(e.g., S/MIME e-mail messages), tossing the keypair you need to read
this these is kind of a bad idea
cjs
--
Curt Sampson +81 90 7737 2974
http://www.starling-software.com/
I have
need one, but I wanted to
know how I would go about assigning an ID should I move that direction.
Thanks again for your help.
cjs
--
Curt Sampson +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telep
agement Private
Enterprise Codes", but I gather that others use this for pretty much
anything where they need a unique OID.)
[1]: http://www.iana.org/assignments/enterprise-numbers
cjs
--
Curt Sampson +81 90 7737 2974
http://www.starling-software.com/
I have always wi
be signed by the "master CA" rather than a
"client CA."
cjs
--
Curt Sampson +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no lo
curity implications.
cjs
--
Curt Sampson +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out how to use my
telephone. --Bjarne Stro
e (or
that the GPU is sufficiently faster than the CPU for RC4-MD5).
cjs
--
Curt Sampson +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figu
ng against your own
> private CA only (so a Comodo incident will not affect it).
Yes, my PKI is entirely private, with no connection to any other PKI.
The certificates aren't even compatible.
cjs
--
Curt Sampson +81 90 7737 2974
http://www.starling-software.com/
on my system, so we may just be dropping authentication of our data
entirely. I'd be interested in ideas about how to avoid doing this.
cjs
--
Curt Sampson +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my tele
ny thoughts on either approach, or other approaches
I should consider?
And while we're at it, can someone point me to a reference on the OIDs
used for the various field names (CN etc.) used within distinguished
names? This didn't really seem to be mentioned in the X.501 spec.
cj
23 matches
Mail list logo
