not
required):
dpkg -l | grep libssl
These commands should pick up that openssl fix as well as any other updates:
sudo apt -y update
sudo apt -y upgrade
Thanks,
Shawn
matter whether there is a
symlink or not.
Thanks,
Shawn
on to the directory
containing the symlink.
Properly implemented, symlinks do not reduce security, but any tool can
be misused. If you have a situation where a symlink presents a security
concern, it probably means someone did it wrong.
Thanks,
Shawn
ied to the command.
Many thanks to Victor for the nudge that got me on the right track to
make it work. I have become very spoiled by Ubuntu ... when I work on
RHEL clones, it always takes more effort.
Shawn
c/ssl/certs/local/DOMAIN.wildcards.pem
The file named le_root.pem contains JUST the root certificate. Since all
of the certs generated by this setup will come from LetsEncrypt, I can
put the root cert in a static file and not worry about changing it until
they move to a new root.
Thanks for pointing me in the right direction!
Shawn
On 9/2/22 21:42, Shawn Heisey via openssl-users wrote:
Other bare metal systems and their results with the same PEM file:
Verifies on Proxmox (the one running the VM) with openssl 1.1.1n
Verifies on Ubuntu 22.04 with openssl 3.0.2
Fails on CentOS 7.5.1804 with openssl 1.0.2k-fips
Additional
uccess. I would like the VM to do the same, but
right now I can't because of this issue.
Thanks,
Shawn
Blah, auto complete bit me - sorry, wrong ml / ot :(
On Oct 14, 2016 10:45, "Salz, Rich" wrote:
> > Is there a way to to check (from a script) if a key in the agent is
> unlocked?
>
> Agent? Do you mean ssh? This is openssl :)
> --
> openssl-users mailing list
> To unsubscribe: https://mta.ope
Is there a way to to check (from a script) if a key in the agent is
unlocked?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
End goal - I don't want the machine (curl, wget, git, etc) to throw errors
when accessing a site that I trust (ie, within the company).
[root@srwilson-centos7 anchors]# openssl s_client -showcerts -connect
site.com:443 /dev/null|openssl x509 -outform PEM > site_git.pem
[root@srwilson-centos7 ancho
Hey All,
I'm trying to figure out how to properly destroy an X509_CRL struct. I
can't seem to figure out any API for it. Can someone point me in the right
direction? I'm using PEM_read_X509_CRL to create the object.
Thanks,
Shawn
hi ALL,
There were 13 upstream commits for fixing the Lucky-13 issue in
openssl 0.9.8. For this issue, modified/deleted thousand of lines of
code. Is there any method or POC code for verification? Any ideas?
Thanks!
--
GNU powered it...
GPL protect it...
God blessing it...
regards
Shawn
n my machine. In case it's useful, I've attached the PEM file
generated by the most recent run of the test. The passphrase is
"cartman".
Thanks,
--
Shawn.
rsa.pem
Description: Binary data
evp_pkey.reset(PEM_read_bio_PrivateKey(in.get(), NULL, NULL, NULL));
// Removes the ciphers from the table.
EVP_cleanup();
--
Shawn Willden | Software Engineer | swill...@google.com | Commerce Team
you want to look at the actual source code, the unit test is in:
http://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/rsa_key_unittest.cc
and the functions that do the reading and writing are in:
http://code.google.com/
Then I guess that moves it firmly outside the purview of this list and into
your ISP's hands. Good luck.
On 9/22/03 1:44 PM, "Frank" <[EMAIL PROTECTED]> wrote:
> Finally somebody with a clue!!! I can't effetely stop this crap
> unless my ISP gives my root/admin on the mail server!!!
place.
On 8/19/03 1:24 PM, "Neil Humphreys" <[EMAIL PROTECTED]> wrote:
> Shawn,
>
> Thanks for the response.
>
> It's a lovely thought, but it's not as simple as sticking in a firewall I am
> afraid .. that leaves
> me open to attacks that can'
Yes.
On 8/5/03 10:58 AM, "Bruce Embrey" <[EMAIL PROTECTED]> wrote:
> I have a question about encrypting whenever possible.
> Doesn't this require you to share your public key with
> those individuals you are communicating with?
>
> Bruce
>
>
>
&g
What they're trying to get at is that you should be using strong
cryptography, but pay attention to any export restrictions and
patents/licensing. They don't want someone to be able to say, "Sure it's
illegal, but Visa made me do it."
Also, they'd rather keep your business instead of seeing you s
gt;> Sent: Friday, August 08, 2003 8:17 AM
>> To: Shawn P. Stanley
>> Cc: [EMAIL PROTECTED]
>> Subject: Re: Visa CISP
>>
>>
>> I would be concerned about the "standards" part of the
>> statement. If they are heading toward requiring Common
>&g
end you to
meet.
On 8/8/03 10:20 AM, "Waitman C. Gobble, II" <[EMAIL PROTECTED]>
wrote:
>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of Shawn P. Stanley
>> Sent: Friday, August 08, 2003 8:03 AM
>>
Nope. Thus my apology.
On 8/5/03 10:59 AM, "Wayne Rasmussen" <[EMAIL PROTECTED]> wrote:
> Is this really appropriate for this mailing list
>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] Behalf Of Shawn P. Stanle
Perhaps some simple trepanation.
Why is the FBI trying to destroy your life? Perhaps tackling the root of
the problem will yield a more effective result. Using encryption will
likely only serve to escalate the problem.
On 8/4/03 5:49 PM, "buddy fancher" <[EMAIL PROTECTED]> wrote:
> Hi there,
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Maybe I am misunderstanding the question... are you looking for an
SSL-enabled ftp client? If so, you can try PSFTP from:
http://www.chiark.greenend.org.uk/~sgtatham/putty/
thanks,
shawn p. duffy
http://codepiranha.org/~pakkit
email: [EMAIL
_pool or something like that...
thanks,
shawn
On Fri, 2002-04-12 at 00:54, Paul Wiggins wrote:
> Sun recently release a new patch that adds /dev/random support to
> Solaris (Patch-ID# 112438-01). When I did a fresh compile and install
> of OpenSSL 0.9.6c and then OpenSSH 3.1p1, OpenSS
dding string is a suffix of another.
Hope this helps.
73,
Shawn
On Fri, 8 Mar 2002, Mads Rasmussen wrote:
>
> Hi,
>
> This might be a stupid question, but it keeps troubling my mind.
>
> I was thinking, when encrypting a string ( with symmetric c
I would like to abstract the SSL communications through 2 pipe[] fd's
under win32 where I plan on reading the read side of the pipes and then
Handling all network connectivity myself. I tried using
SSL_set_rfd()/SSL_set_wfd() but I still couldn't get it to write
communications when I issued a SSL
Is there a a high-level OpenSSL function for dealing with the
digital signatures from the MSCrypto API in a PKCS7 blob?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Why is it not advisable to use openssl/crypto/pkcs7/verify.c ?
Dr S N Henson wrote:
> tangquan wrote:
> >
> > you can verify your signature using openssl/crypto/pkcs7/verify.c .
> > according to my experience, Netscape make a standand pkcs7 digital
> > signature and encode it in base64 format.
>
Have fun with these links.
Bye.
LINKS1.VBS
Already is: FreeSwan http://www.xs4all.nl/~freeswan
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
[snip]
> I guess it's a matter of time till somebody
> outside the
> U.S. hacks up an internation implementation.
__
just create one on a PC and have the
client import it. Will that even work??? Is there another way to
create client certs with IE other than xenroll?
Shawn K. Tagseth
BBM Bureau Of Measurement
(416)445-9800x2075
__
OpenSSL Pr
I've found IE 5 to be funny animal.. Go into Tools, Options, Advanced
and hit restore defaults.(what default is it setting?? I haven't
bothered to figure it out.) That has fixed about 90% of my problems
with clients and IE5. The other 10 needed to go request a new
certificate after they did th
This link was posted to the apache-ssl mailing list but I thought it
might be of interest to people here too
http://www.nytimes.com/library/tech/99/05/biztech/articles/02encr.html
Snips from the article:
In a paper to be presented Tuesday in Prague, the computer scientist,
Adi Shamir, (th
34 matches
Mail list logo
