On 5/2/2018 8:30 AM, Tomas Mraz wrote:
On Wed, 2018-05-02 at 08:19 -0400, Edward Diener wrote:
The latest documentation for OPENSSL_VERSION_NUMBER at
https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_VERSION_NUMBER.h
tml
says that it is 9 hex digits, with the last nibble being a status
The latest documentation for OPENSSL_VERSION_NUMBER at
https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_VERSION_NUMBER.html
says that it is 9 hex digits, with the last nibble being a status
identifier, while every use I have seen of it in header files treats it
as 8 hex digits. Can anybody
14:42, Edward Diener wrote:
When calling EVP_EncryptUpdate with some plaintext to be encrypted the
parameter for the plaintext is a pointer to a non-const array of
unsigned char, as in the function prototype:
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl
When calling EVP_EncryptUpdate with some plaintext to be encrypted the
parameter for the plaintext is a pointer to a non-const array of
unsigned char, as in the function prototype:
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
S
David Schwartz wrote:
Edward Diener wrote:
Perhaps your seeing this shows why I was at least nominally concerned
about the MySQL client having its own public key-private key
certificates. I have tried to find out what actual use the client's
public key-private key has in MySQL, from eithe
Michael S. Zick wrote:
On Thu January 1 2009, Edward Diener wrote:
Perhaps your seeing this shows why I was at least nominally concerned
about the MySQL client having its own public key-private key
certificates. I have tried to find out what actual use the client's
public key-private ke
David Schwartz wrote:
I can understand your summary quite clearly.
Great.
Suppose the server encrypts data it sends to the client and the client
needs to decrypt that data. This is the case when my client SELECTs data
from the MySQL database. Does this need a different sequence than the
seque
Scott Gifford wrote:
Edward Diener writes:
[...]
[...]
For what books do I look to specifically understand how these
certificates work with public key-private key pairs ? SSL books ?
Cryptography public key-private key books ?
For a general understanding of cryptography, I learned from
David Schwartz wrote:
Edward Diener wrote:
In this last case I do not understand how the client can encrypt data
going to the server if it has no private key of its own.
Your question is kind of puzzling. Why would the client needs its own
private key in order to encrypt data going to the
Victor Duchovni wrote:
On Mon, Dec 29, 2008 at 12:55:14AM -0500, Edward Diener wrote:
My assumptions from what I could glean from the certificates distributed
is that the CA-cert.pem is the same for client and server, while the
server-cert.pem is a public key corresponding to the private
Ger Hobbelt wrote:
On Fri, Dec 26, 2008 at 7:28 PM, Edward Diener wrote:
I appreciate all the information you presented which I have snipped out
in giving my response below.
Money may be less of an issue than ease of use. This is a commercial
application which however needs good security
Michael S. Zick wrote:
On Fri December 26 2008, Edward Diener wrote:
By 'dongle' do you mean a hardware 'dongle'. If it is a software dongle
you need to spell out for me what you mean.
There are a lot of devices being marketed for this purpose, but as
an example that it
Kyle Hamilton wrote:
First: I have suggested such, in the message where I stated that many
hotels don't allow connections on port 3306 (which is MySQL's standard
data port). Create a proxy that sits on a webserver, using XML-RPC to
accept requests from the client. Perform whatever logic checki
a "security theater".
Let me try my hand at explaining this, based on your original scenario
description:
On Wed, Dec 24, 2008 at 1:54 PM, Edward Diener wrote:
In a client application communicating with a MySQL server, I am using
SSL to encrypt/decrypt data sent to and from the data
Michael S. Zick wrote:
On Fri December 26 2008, Edward Diener wrote:
Kyle Hamilton wrote:
If your company hires a security consultant, s/he will state the same thing.
Thanks for your help but right now I am the programmer and "security
consultant", and therefore I must come up wit
David Schwartz wrote:
Kyle Hamilton wrote:
If your company hires a security consultant, s/he will state the
same thing.
-Kyle H
The fundamental problem is this:
You have one door. Every customer must walk through it. However, you don't want
a customer to run amuck once he gets through the
son as a "security consultant" to deal with server side
security issues.
-Kyle H
On Thu, Dec 25, 2008 at 6:49 PM, Victor Duchovni
wrote:
On Wed, Dec 24, 2008 at 10:06:59PM -0500, Edward Diener wrote:
It sounds like you are trying to implement DRM with an application that is
runni
Victor Duchovni wrote:
On Wed, Dec 24, 2008 at 03:59:13PM -0500, Edward Diener wrote:
I am working for an employer who will be selling a product to end users.
The risk model is that my employer feels it would be bad if a hacker
were able to easily understand where the client certs reside in
Michael S. Zick wrote:
On Wed December 24 2008, Edward Diener wrote:
Michael S. Zick wrote:
On Wed December 24 2008, Edward Diener wrote:
In a client application communicating with a MySQL server, I am using
SSL to encrypt/decrypt data sent to and from the database. This requires
me to have
Kyle Hamilton wrote:
On Wed, Dec 24, 2008 at 1:27 PM, Edward Diener wrote:
Kyle Hamilton wrote:
If you're on Windows, it does make sense to include the PEMs for the
CA (and chain) in the application directory. (See, for example, the
software distribution of Second Life, which has its o
ns, especially about the ACLs, which can fairly
easily be manipulated by the installation program.
-Kyle H
On Wed, Dec 24, 2008 at 4:54 AM, Edward Diener wrote:
In a client application communicating with a MySQL server, I am using
SSL to encrypt/decrypt data sent to and from the database. This
Michael S. Zick wrote:
On Wed December 24 2008, Edward Diener wrote:
In a client application communicating with a MySQL server, I am using
SSL to encrypt/decrypt data sent to and from the database. This requires
me to have the PEMs for the CA, client key, and client certificate
distributed as
In a client application communicating with a MySQL server, I am using
SSL to encrypt/decrypt data sent to and from the database. This requires
me to have the PEMs for the CA, client key, and client certificate
distributed as part of the application. Of course these certificates
will not work excep
John T. Cox wrote:
I do not know if it does or not. But, as an experienced programmer, I
can guarantee that even if it does not today, one day someone will do
something that will cause it to need it and you will start to get
failures that will take weeks to track down. Why can't people just do
Bobby Krupczak wrote:
Hi!
The ORA Network Security with OpenSSL documents the few
stubs you need
to in order for openssl to work with pthreads as well as windows
threads. You can even download the example code from the net.
What is the link for the above ?
http://www.oreilly.com/catalog/op
Bobby Krupczak wrote:
Hi!
We are using only the OpenSSL cryptographic functionality, the EVP and HMAC
functions, in a multi-threaded application. Do we need to do anything to
ensure thread safety ? The documentation mentions
CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() but we ar
We are using only the OpenSSL cryptographic functionality, the EVP and
HMAC functions, in a multi-threaded application. Do we need to do
anything to ensure thread safety ? The documentation mentions
CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() but we are
not calling these function
27 matches
Mail list logo
