Re: OpenSSL-3.+ how to configure [random]?

unsubscribe Get Outlook for iOS From: openssl-users on behalf of Dr Paul Dale Sent: Wednesday, November 10, 2021 2:20:03 PM To: openssl-users@openssl.org Subject: Re: OpenSSL-3.+ how to configure [random]? I'm pretty sure the underlying

Re: Goodbye

I see a lot of slippery slope fallacy in this thread. A small verbiage change that hurts almost no one but increases inclusivity in an open source project shouldn't be controversial to anyone but those who have an ax to grind. On Fri, Jul 3, 2020, 8:51 AM Salz, Rich via openssl-users < openssl-use

Re: BIO_read fails when performing DTLS handshake

Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Matthew Sent: Friday, August 30, 2019 23:06 Welcome to the list. When posting, please remember to tell us what version of OpenSSL you're using, and what platform you're on. Since you&

BIO_read fails when performing DTLS handshake

Hello everyone! This is my first "post" to the mailing list. I have been working on an OSSL wrapper for C# for several months, and am currently implementing the DTLS portion. I've succeeded in establishing a DTLS session with cookie exchange, sending and receiving data, and gracefully closing

Caching CRL/Cert verification

verified. How does one cache that the signature of a certificate/CRL is valid so that the verification process is not repeated? -- Matthew

Re: [openssl-users] Building an application with OpenSSL and FIPS support.

.4346 From: openssl-users on behalf of Dr. Stephen Henson Sent: Tuesday, October 11, 2016 10:35 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Building an application with OpenSSL and FIPSsupport. On Mon, Oct 10, 2016, Matthew Heimlich wrote: > $openssl

Re: [openssl-users] Building an application with OpenSSL and FIPS support.

: openssl-users@openssl.org Subject: Re: [openssl-users] Building an application with OpenSSL and FIPS support. On Fri, Oct 07, 2016, Matthew Heimlich wrote: > Which returns > > > Attempting to set FIPS mode to 1... > Last error was: 2d06b06f > FIPS_mode_set failed: 2d06b06f

Re: [openssl-users] Building an application with OpenSSL and FIPS support.

ers on behalf of Ethan Rahn Sent: Friday, October 7, 2016 4:01 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Building an application with OpenSSL and FIPS support. Matt, What part of the selftest fails? Can you step through it with a debugger? Cheers, Ethan On Fri, Oc

[openssl-users] Building an application with OpenSSL and FIPS support.

I'm on RHEL7. I've got a very simple encryption/decryption program that works fine without FIPS support enabled, but fails when it is: #include #include #include #include void handleErrors(void) { ERR_print_errors_fp(stderr); abort(); } int encrypt(unsigned char *plaintext, int

Re: [openssl-users] self-signed certificate won't work in my app but works with s_client

atal error (signature failure etc). Matthew On 1 July 2016 at 05:34, Carl Heyendal wrote: > I am working with the example apps in the "Networking Security with > OpenSSL" book and up until now have been able to get client/server examples > 1,2,3 to work. But now I'm trying to c

Re: [openssl-users] How to encode text request of 'req -text -noout''s output?

/crypto/asn1/t_req.c). The code of this routine will demonstrate how to extract the fields you need. Matthew On 21 June 2016 at 20:16, eu...@openmailbox.org wrote: > Hi, > > If I get a text version of a request(e.g. use the command "openssl req > -noout -text -in ca.csr"), ho

[openssl-users] Help with OpenSSL running on OSX

a link to documentation on how it works. regards Matthew ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: How to determine when data is finished on an SSL socket

chunk (there can be several) begins with a length in hex. A zero length chunk terminates the grouping and the trailer is terminated with a CRLF. 3. Otherwise when the connection is closed. Read the RFC for all the gory details. On 11 January 2014 23:45, M. V. wrote: > Hi Matthew, >

Re: How to determine when data is finished on an SSL socket

Sockets (SSL or otherwise) are layer-3 objects while content is a layer-7 object. To get an accurate end-of-content marker, you'll need to parse the output, buts since you are using the https protocol, that's going to be easy. Essentially, parse out the "Content-Length" header and read that many

Re: KDF algorithms

ere's not much to it. Matthew On 3 July 2013 18:28, Aaron wrote: > Hi All, > > I am working on a product using Certicom KDF function. In fact, we > use HU_KDF_IEEE_KDF1_SHA1 and HU_KDF_ANSI_SHA256 only. > > The function hu_KDFDerive() has an argument specifying which KDF

Re: [openssl-users] Re: having a lot of troubles trying to get AES-NI working

On Sat, Mar 16, 2013 at 01:16:23AM -0400, Ewen Chan wrote: > Okay then, here's another one of my infamous dumb questions. > > If that's the case, then why do we need the AES-NI instruction set? It's far from the first accelerated instruction set of dubious utility. ;) Marketing... etc. Actually

Re: [openssl-users] Re: having a lot of troubles trying to get AES-NI working

. It's an extremely powerful CPU. If this isn't screaming fast enough, use GCM instead of CBC, and enjoy the multicore awesome thereof. ;) As fast at it is, 10 GBE will still do 1280 MiB / sec. But it should fill up

Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC

dmraid or other technique, which has AES-NI support in-kernel, to avoid userspace overhead which will be considerable with such throughput goals? Matthew. __ OpenSSL Project http://www.openssl.org

Re: Does CSR need to be signed with matching private key?

The Certification Request has a signature field generated by running the RSA sign operation against the fields in the request. This signature is used to perform an RSA verify using the public key in the request. The signature must be valid for most CAs to accept the request. The cryptographic te

Re: application/x-x509-ca-ra-cert (SCEP Enrollment)

nything that doesn't look like base64). Yeah, that works also. But the output is harder to read than that of dumpasn1. Matthew. __ OpenSSL Project http://www.openssl.org User Sup

Re: application/x-x509-ca-ra-cert (SCEP Enrollment)

Use the dumpasn1 utility on it, it's in almost every Linux distro, or from its website: http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c Matthew. On Wed, Feb 20, 2013 at 07:54:00PM +, Santhosh Kokala wrote: > Hi All, > I am unable to identify the certificate format that I rece

Re: Failed SSL/HTTP connections via Apache(2.4.3)SSL when going from 1.0.1c to 1.0.1e

and see what's really happening. Matthew. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org

Re: x509 certificate conforming to RFC 3739

#x27;s not working for you and what you tried already. Regards, Matthew. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.

Re: Creating certification requests with no CN and SAN only

On Thu, Feb 14, 2013 at 11:55:59AM -0800, Matthew Hall wrote: > I used this configuration file: > > [req] > default_bits = 4096 > prompt = no > encrypt_key= no > default_md = sha256 > distinguished_name = dn > req_extensions

Re: Creating certification requests with no CN and SAN only

rtificate Request Is it possible something's wrong with my version of OpenSSL, or did I miss something in the steps you provided? > Viktor. Thank you very much for taking a second look at all of this for me. It really

Re: [openssl-users] Re: Creating certification requests with no CN and SAN only

nting the CA. So this time it's me rejecting CN and requiring use of SAN for everything that wants to get my CA to issue them a certificate. > Erwann ABALEA Matthew. __ OpenSSL Project http://

Re: Creating certification requests with no CN and SAN only

I am sure at least some would sign it because RFC 5280 PKIX standard was written by the CAs themselves and they are the ones deprecating CN in favor of SAN. -- Sent from my mobile device. Viktor Dukhovni wrote: >On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor Dukhovni wrote: > >> You'll natu

Creating certification requests with no CN and SAN only

this part of the RFC is supported at all, and if it is supported, how I should be invoking the command to get the expected behavior. If it's documented already, and I missed it, I apologize in advance. Thanks, Matthew Hall command: openssl req \ -new -config test-no-cn.cnf -newkey rsa:4

req insists on a config file now?

It looks like there's been a recent change that's causing 'req' to insist on a config file, presumably for reading the OID info from. Is there a way to get the interactive mode back? > openssl genrsa -out server.key 2048 WARNING: can't open config file: /usr/local/openssl/openssl.cnf Generatin

ike v2 windows 2008 r2 certificate

We are trying to set up of VPN tunnel using IKE v2 between a windows 2008 VPN server and a linux machine running strongswan. We are trying to do this using machine certificates. We are using a Windows 2008 r2 private certificate authority. I am not sure how to generate the CSR in openssl for

EC GF(2^m)

Hello I am just looking for a simple question to be answered, and cannot find a place to really have a discussion about it. Part of the ECE GF(2^m) algorithms have a patent on them. I am wondering if it is ok to use these algorithms in a software suite that will be distributed to paying custom

RE: slow https conenctions

environment with no direct internet access (proxy only) so this request failed and made a 15 second pause on every connection. regards Matthew J Fletcher ** Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK A company registered

RE: slow https conenctions

extra network lookups. Are there any more SSL diagnostics i can enable to try and pinpoint the problem ? regards Matthew J Fletcher ** Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK A company registered in England

RE: slow https conenctions

uff around. Does anyone how how i would establish if there was a DNS related delay ? some tool that could test DNS and name lookup speeds ? i am a software guy trying to use SVN not a network guy regards Matthew J Fletcher > -Original Message- > From: Alan Buxey

slow https conenctions

d0 b0 d8 ...U..F. | [Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0070: c4 ff 41 d0 c1 b8 75 9e-8a f2 c3 79 e7 0e 60 6e ..A...uy..`n | [Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867): +------

Re: Socket left in CLOSE_WAIT state...

ot;do_ms" thing would run for hours using up 100% of the core it was running on and just never seem to finish. Ended up killing it and posting on the mailing list instead. Just FYI. -- Matthew Allen http://www.memecode.com _

Socket left in CLOSE_WAIT state...

BIO_new_ssl_connect failed.\n"); if (Ssl) { SSL_shutdown(Ssl); SSL_free(Ssl); } /* At this point I expect the socket should have disappeared, but it's still there hanging around in CLOSE_WAIT..

RE: FIPS linked as a shared library

to run fixups after application-code memory allocation. > As you've found, the image in-core *must* match the original image > in-core when the signature was generated, and the linker changes the > pointers of where things are located when it has to. > > -Kyle H > > On M

FIPS linked as a shared library

Hello, I have generated the fipscanister.o and all associated files as described in the user guide. All the checks ran ok. I have created an application using the fipscanister.o which works fine. When I create the shared library the run time check called when FIPS_mode_set() is called fails. I

Declined: OWASP Hartford: February 2009 (Open Web Application Security Project)

BEGIN:VCALENDAR PRODID:-//Microsoft Corporation//Outlook 11.0 MIMEDIR//EN VERSION:2.0 METHOD:REPLY BEGIN:VEVENT ORGANIZER:MAILTO:openssl-users@openssl.org DTSTART:20090210T22Z DTEND:20090211T00Z LOCATION:The Hartford\, Tower Building: Atrium Conference Room TRANSP:OPAQUE SEQUENCE:1 UID:0400

Unable to display server certificate if certificate verification fails

a certificate chain to be determined." In the same way, the s_client program should display the certificate even if an error occurs. This would allow verification that the server certificate is the expected certificate. Regards, -- Matthew Franglen Software Developer Semantico, Floor 1, 21-23

sslv3 Disabling weak ciphers

Hello, I've been disabling weak ciphers for PCI compliance and have succefully disabled them for sslv2: [EMAIL PROTECTED] # openssl s_client -connect IP:443 -ssl2 -cipher EXP-RC4-MD5 CONNECTED(0003) write:errno=104 But for sslv3 it comes up as which fails my compliance audit CONNECTED(00

Solaris x86 32-bit - OpenSSL Installation issue

#x27; EX_LIBS='-lsocket -lnsl -ldl' CPUID_OBJ='x86cpuid-elf.o' BN_ASM='bn86-elf.o co86-elf.o' DES_ENC='dx86-elf.o yx86-elf.o' AES_ASM_OBJ='ax86-elf.o'BF_ENC='bx86-elf.o' CAST_ENC='c_enc.o' RC4_ENC='rx86-elf.o rc4

OpenSSL server and thread pools

I'm playing around with OpenSSL development and was curious about how to do thread pools with an OpenSSL server. I've implemented the client/server in the book"Network Security with OpenSSL", and can successfully send data back and forth. The way the code works is by spawning a new thread when a co

RE: SSL_shutdown

> Library->BIO_free_all(Bio); > //if (Library->SSL_shutdown(Ssl) == 0) > // Library->SSL_shutdown(Ssl); > // Library->SSL_free(Ssl); // Do I need this or not? (doesn't help > the TCP socket issue) > > Would be my best guess. Thats working

SSL_shutdown

the whole file if you want, but I doubt I can post it all here on the list. (Maybe as an attachment?) Can anybody point me in the right direction? Regards -- Matthew Allen __ OpenSSL Project

Platform issue?

I'm writing a fairly simple program to do a HTTP transaction over SSL using openssl-0.9.8b.  I compiled the libraries specifically for each platform I was working on (Fedora Core 4 and Solaris 8).  Everything was working fine. I compiled openssl-0.9.8b and my simple program for HP-UX 11i.  No prob

Re: sigsegv in BN_BLINDING_free 0.9.8a

> > I am experiencing a SIGSEGV in BN_BLINDING_free because mt_blinding > > appears to be 0x11 instead of a pointer to some memory. > > We had an identical issue reported here: > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193633 > which is somehow caused by the use of Zimbra binaries. T

sigsegv in BN_BLINDING_free 0.9.8a

If this needs to go to the dev list, let me know. I am experiencing a SIGSEGV in BN_BLINDING_free because mt_blinding appears to be 0x11 instead of a pointer to some memory. I saw a reference to a similar problem back in 2003 [1], but I did not see a resolution to it. Any input would be greatly

Re: unable to free PROXY_CERT_INFO_EXTENSION

;t think I should have to call PROXY_CERT_INFO_EXTENSION_free. Thanks, Matt Rodriguez On Mon, Dec 05, 2005, Matthew Rodriguez DSD staff wrote: Dr. Stephen Henson wrote: have you tried lh_free()? In fact you don't need an LHASH for this type of extension in the way you use it

Re: unable to free PROXY_CERT_INFO_EXTENSION

Dr. Stephen Henson wrote: On Mon, Dec 05, 2005, Matthew Rodriguez DSD staff wrote: I'll have to step through these 2 cases more carefully. I see that X509_EXTENSION_free and PROXY_CERT_INFO_EXTENSION_free both go through the ASN1_item free, and ASN1_item_combine_free but somewhere

Re: unable to free PROXY_CERT_INFO_EXTENSION

Richard Levitte - VMS Whacker wrote: In message <[EMAIL PROTECTED]> on Fri, 02 Dec 2005 12:09:14 -0800, Matthew Rodriguez DSD staff <[EMAIL PROTECTED]> said: MKRodriguez> I can't seem to get rid of a memory leak when I create a MKRodriguez> proxyCertInfo extens

unable to free PROXY_CERT_INFO_EXTENSION

I can't seem to get rid of a memory leak when I create a proxyCertInfo extension. I've tried calling X509_EXTENSION_free, and then X509_EXT_cleanup. I don't think I need to do that because it is not a custom extension, I'm using openssl-0.9.8a. Here's what I've discovered so far. The X509_EXTE

make install fails on openssl-0.9.8a

I ran the config script with this option. ./config -d --prefix=/home/portnoy/dsd/Linux/openssl/openssl-0.9.8a -shared When I tried to run make install this happened. making install in engines... make[1]: Entering directory `/home/portnoy/shared/src/openssl/openssl-0.9.8a/engines' installing 4

Re: about the BN prime generator

named BN_generate_rsa_prime or something. Thanks for the help, Matt Raibert On Fri, 29 Jul 2005, Michael Sierchio wrote: Nils Larsch wrote: Matthew Julius Raibert wrote: I'm working on a project for which I need to generate big primes. Along the way I noticed that when

about the BN prime generator

I'm working on a project for which I need to generate big primes. Along the way I noticed that when I run BN_generate_prime() it seems to always set the two most significant bits to one. In other words, if I ask for a thousand 16 bit primes, I get a thousand primes that lie between hex C000

RE: Question about Certificate Revokation lists using openssl ....

Thanks. I will take a look at it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francois noel Sent: Monday, May 09, 2005 9:34 AM To: openssl-users@openssl.org Subject: Re: Question about Certificate Revokation lists using openssl Matthew McHugh

Question about Certificate Revokation lists using openssl ....

Hello all,   Is there a tool that I can use to manage CRL's?  I am looking at starting my own CA for my company, but we need to revoke certificates before they expire.  I think this can be done via the command line, but I was wondering if there is an open source tool out there that can do t

Re: proxy certificate support in openssl 0.9.8

Matthew Rodriguez DSD staff wrote: Richard Levitte - VMS Whacker wrote: In message <[EMAIL PROTECTED]> on Tue, 15 Mar 2005 14:36:57 -0800, Matt Rodriguez <[EMAIL PROTECTED]> said: MKRodriguez> I've looking at the tests in the snapshots for 0.9.8. I MKRodriguez> am tr

Re: proxy certificate support in openssl 0.9.8

Richard Levitte - VMS Whacker wrote: In message <[EMAIL PROTECTED]> on Tue, 15 Mar 2005 14:36:57 -0800, Matt Rodriguez <[EMAIL PROTECTED]> said: MKRodriguez> I've looking at the tests in the snapshots for 0.9.8. I MKRodriguez> am trying to figure out what functionality regarding MKRodriguez> proxy

Unknown openssl error in my apache logfiles ...

Hello, I have an https Apache website that proxies to an IIS webserver. The site is secure with openssl (mod_ssl) version OpenSSL 0.9.7d. I am getting the following errors in my weblogs: [Wed Mar 2 14:55:37 2005] [error] OpenSSL: error:0D0680A8:asn1 encoding routine s:ASN1_CHECK_TLEN:wrong tag

Ok to mix openssl.0.9.7d & 0.9.7e in same Apache server?

Hello, I am using a pre-made LAMPP construct (apachefriends.org's XAMPP/LAMPP) with: $ openssl version OpenSSL 0.9.7d 17 Mar 2004 However, I build Subversion and OpenLDAP (and possibly some other) modules/apps (in part to ingrate via Apache modules) using an alternative openssl build/source/libr

Newbie Qs: Simple SSL setup 2 secure comm (& other things)?

Hello, I'm looking for the least-intrusive for a user (as in a web-browser client user) to access a "secure" server in order to fulfill these goals: 1) Establish secure communication between web server and web client (so that a 3rd party can not, among other things, steal login/password and other

Question about setting a umask for sftp received files

Hello,   I am trying to set the umask of data received via sftp.  I am running OpenSSH version 3.9p1 using OpenSSL 0.9.7d.  I am running on solaris 8.  This setting normally is set via /etc/default/login, but that doesn't get read via sftp.  Is this doable with this version of sftp?     Plea

Apache/Apache2 and OpenSSL

it will not give me a pass-phrase dialog. And it simply refuses connections on port 443. (oh yeah... i also checked and disabled the firewall and I have the virtual server binding to _default_) I am all out of ideas. It simply will not come up. Help! :-) Thanks in advance... -- Matthew

RE: SSL Shutdown questions

. The first call to SSL_shutdown returns 0, I would expect this to return some error code if the peer has shutdown the socket already. The second call to SSL_shutdown blocks. The question is how can I tell if the SSL socket has been closed? Thanks for any help, Matthew -Original

SSL Shutdown questions

I assume) <-- Recieve RST Am I doing the right thing or should I only call SSL_shutdown once the socket has shutdown? If I am doing the right thing then why might the socket be being reset? Thanks for any advice, Matthew

Itermittent problems with TLS conenctions.

decrypt encrypted alert messages? Running ssldump -k -d works for application data but doesn't seem to do anything to the alert messages. Any help or insights into this would be greatly appriciated! Matthew __ Op

2 questions

L_CTX_free() to free resources associated with the "context", but are there any other freeing functions I should know about? Thanks in advance for your help. -- Matthew Fleming, MD Associate Professor Dept. of Dermatology Medical College of Wisconsin E-

Re: Converting own CA certificate to pkcs12

On Thu, 21 Nov 2002, mikecross wrote: > Seems to me that you problem is that you didn't supply > password. > PKCS12 format stores Private + Public key pair > encrypted with password. Why would I want to store all this in a pcks12 file that I want to give to clients/other people to import into the

Converting own CA certificate to pkcs12

I'm trying to find out how to take my ca.crt file (signed by my own CA self) and convert it to pkcs12 format for importation into Mozilla, so that Mozilla will recognize anything else signed by me as 'OK'. Converting it to DER format was easy: openssl x509 -in ca.crt -out ca.der -outform DER I'

RE: Compiler Recomendations Solaris 8

Recomendations Solaris 8 Sorry - I meant to get the package for openssl! (not for gcc...) -Original Message- From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy@;hp.com] Sent: Donnerstag, 31. Oktober 2002 17:20 To: '[EMAIL PROTECTED]' Subject: RE: Compiler Recomendations

RE: Compiler Recomendations Solaris 8

To: [EMAIL PROTECTED] Subject: RE: Compiler Recomendations Solaris 8 I don't understand - the packge is a binary so you don't need to compile. It's like RPM on linux. -Original Message----- From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:matthew.darcy@;hp.com] Sent: Donnerst

RE: Compiler Recomendations Solaris 8 (and RedHat 8 too!)

: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Theories of evolution are like buses - there'll be another one along in a minute > -Original Message- > From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) > [mailto:matthew.darcy@;hp.com] > Sent: 31 October 20

RE: REPOST AS REQUESTED: openssl 9.6g Redhat 7.3 Seg Fault ADDITIONAL INFO

am agreeing this is most likley a gcc problem, however I would welcome any feedback from more experienced ssl users. thanks, Matt. -Original Message- From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 15, 2002 5:27 PM To: '[EMAIL PROT

REPOST AS REQUESTED: openssl 9.6g Redhat 7.3 Seg Fault

> -Original Message- > From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) > Sent: Thursday, October 10, 2002 1:45 PM > To: '[EMAIL PROTECTED]' > Subject: openssl 9.6g Redhat 7.3 Seg Fault > > Hi, > > I have a redhat 7.3 server whic

RE: Seg Fault on redhat 7.3 openssl 9.6g Any update

up 10 minutes ago. RH7.3 ext2 Some more information may be helpful to help you... Regards, Edin_ DARCY,MATTHEW (HP-UnitedKingdom,ex2) wrote: > Hi, > > I am wondering if there was any update or suggestions on why my openssl 9.6g > build fails on make test > > Any suggest

Seg Fault on redhat 7.3 openssl 9.6g Any update

Hi, I am wondering if there was any update or suggestions on why my openssl 9.6g build fails on make test Any suggestions on some more debugging ??? thanks, Matt. __ OpenSSL Project http

RE: openssl 9.6g Redhat 7.3 Seg Fault

Is there any followup to this yet ? Is any more information required ? Thanks, Matt. > -Original Message- > From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) > Sent: Tuesday, October 08, 2002 1:27 PM > To: '[EMAIL PROTECTED]' > Subject: openssl

RE: openssl 9.6g Redhat 7.3 Seg Fault

ubject: RE: openssl 9.6g Redhat 7.3 Seg Fault > -Original Message- > From: DARCY,MATTHEW (HP-UnitedKingdom,ex2) > [mailto:[EMAIL PROTECTED]] > Sent: 10 October 2002 14:59 > To: '[EMAIL PROTECTED]' > Subject: RE: openssl 9.6g Redhat 7.3 Seg Fault > >

RE: openssl 9.6g Redhat 7.3 Seg Fault

, CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Theories of evolution are like buses - there'll be another one along in a minute > -Original Mess

Re: Pls. suggest some books on security

A little more practical and appropriate to this list: Network Security with OpenSSL http://safari.oreilly.com/main.asp?bookname=openssl Matt v.p.r.n.saibabu v.p.r.n.saibabu wrote: > Hi Vaidya, > > SSL and TLS by Eric Recorla > SSL and TLS Essentials by Stephen Thomas > > are two good books.

Re: nonces?

There's a good thread on webappsec list on securityfocus at the moment on this topic. Synchronicity! Matt __ OpenSSL Project http://www.openssl.org User Support Mailing List[

Re: Generating certificates and private keys

> From: Neil.Newman [mailto:[EMAIL PROTECTED]] > > When you generate the private key and the CSR does it tie > itself in to the particular server it is generated on, or are > we able to create the private key and CSR on our test server > prior to using it on the new server when it arrives

Re: mod_ssl

On Fri, Aug 02, 2002 at 12:47:33AM -0700, Mark D. Baushke wrote: > If you have a 2.0.39 server, then mod_ssl is not needed. Apache 2.0.39 > already has SSL/TLS features integrated into it already. What about mm? The mm advisory came out after apache 2.0.39 came out. Does Apache2 use mm? Matt _

RE: 101-OpenSSL question..

Simple but stupid…Why don’t you just capture packets coming into a box…on the lower levels of the osi, modify the packet and send to the higher levels of the osi.. Why do you need to use OpenSSL… Let us know .. give me some more hints..     Regards, Matthew Smith (MCSE,CNE,CCNA,CCIE

further WinCE->OpenSSL difficulties

SL content type 14 1 242 2.9710 (0.) S>CShort record Unknown SSL content type Any suggestions as to what could be causing this problem would be very much appreciated. It seems very odd that it is tooling right along and then all of a sudden -? Thanks in advance, -- Matthew Fleming, M

more inetd trouble

>>"Matthew Fleming" <[EMAIL PROTECTED]> writes: >> But what I have written is, not a standalone server program, but a >> daemon which is invoked by inetd. It seems to me that this should work >> the same as the standalone, except that the tcp_listen() and

Shared libs under Linux

much appreciated. -- Matthew Fleming -- Matthew G. Fleming, MD e-mail: [EMAIL PROTECTED] Associate Professor phone : 414.456.4072 Department of Dermatology s-mail: Dep

problems with malloc()

checked for bad values etc but nothing is wrong there. The really confusing thing is I can comment out the RSA_generate_key line and it works with no problem. My program is multi-threaded and I have implemented the 2 required functions. tia, Matt. -- Matthew Wlazlo Tuxia Labs Australia A good

WinCE->OpenSSL problem

mes (as listed in his book anyway) are different; they begin with TLS rather than SSL. If I don’t try to set the client for SSLv3 but just leave it at the default something similar happens anyway. Any suggestions would be much appreciated. Matthew Fleming, MD Associate Professor

WinCE SChannel -> OpenSSL

mes (as listed in his book anyway) are different; they begin with TLS rather than SSL. If I don’t try to set the client for SSLv3 but just leave it at the default something similar happens anyway. Any suggestions would be much appreciated. Matthew Fleming, MD Associate Professor

install of Net::SSLeay

don't know if this is the right place for this question, sorry if it isn't... i am having problems installing Net::SSLeay on my machine. I am going through a proxy server, I didn't see anything in the Readme regarding them. Anyone install the module using a proxy server? matt _

Re: infinit loop on IRIX system.

Just some more info, this also occures when compiled with -g Matt Matthew Bettencourt wrote: > > I have compiled openssl0.9.6a on an SGI IRIX64 system configured > 51 10:20 ./Configure irix64-mips4-cc --prefix=$HOME > the only mod is that I removed the -64 to generate n32 ob

infinit loop on IRIX system.

I have compiled openssl0.9.6a on an SGI IRIX64 system configured 51 10:20 ./Configure irix64-mips4-cc --prefix=$HOME the only mod is that I removed the -64 to generate n32 objects. When I use the FSSL CORBA security plugin I get stuck in an infinit loop. /vizoned1/matt/openssl-0.9.6a/cr

Re: REMOVE (off-topic)

Either that, or start enabling RBL/ORBS lookups of sender and recipient addresses on messages sent to the list. The 8 FreeBSD mailing lists that I'm on are "open" and we hardly ever get spammed. > I said it once and I'll say it again: SUBSCRIBER ONLY. Harrrumpf! > > ACroft wrote: > > > I sent th

Re: apache startssl error

> I am trying to configure apache v1.3.14 with mod_ssl v2.7.1 and OpenSSl > v0.9.6. The OS is Solaris 7. Everything compiled nicely and apache started > up fine. But with the startssl option I get these errors: > > Syntax error on line 208 of /usr/local/apache/conf/httpd.conf: > Cannot load /usr/l

Symmetric Cipher Usage Please Help

I've read the docs.  I've seen the source.  I still don't totally understand.   I'm trying to be a good doobie and use the High-level EVP_ functions for my RC4, RC2, and DES calls.  But what about setting up the key?  If I'm doing password based stuff do I need to use \ EVP_BytesToKey ?? or

caught SIGTERM, shutting down

che/1.3.12 (Unix) mod_ssl/2.6.5 OpenSSL/0.9.5a configured -- resuming normal operations Any ideas would be great! Regards Matthew ~ Web Administrator - "Wave after wave, each mightier than the first [EMAIL P

Win32 Libraries???

Anyone know of some Inprise Delphi libraries (or active X etc) for SSL ?? We need them to work on all Win95, Win98, WinNT and Win2000... Has anyone translated the OpenSSH headers to Delphi?? Regards, Matthew Clark. __ OpenSSL

  1   2   >