On 27/11/2015 8:26 AM, Jan Danielsson wrote:
> On 26/11/15 20:18, Matt Loah wrote:
>> While the public key in the context of OpenSSL Elliptic Curves algorithm is
>> stored as a EC_POINT pointer... and the private key as a BIGNUM pointer...
>> which functions (or which kind of them) should be called
On 24/11/2015 4:09 AM, Jakob Bohm wrote:
> But they care very much if Cisco AnyConnect (or any other
> OpenSSL using program they may need) stops working or
> becomes insecure because the OpenSSL team is breaking
> stuff just because it is not needed in their own handful
> of example uses.
The Ope
On 31/08/2014 3:02 PM, Lewis G Rosenthal wrote:
> Rich, what needs to be done to see that OS/2 does not get removed from HEAD?
Can someone provide an OS/2 build environment for team members?
Thanks,
Tim.
__
OpenSSL Project
On 8/06/2014 8:18 PM, Mounir IDRASSI wrote:
> On 6/8/2014 1:46 AM, Jeffrey Walton wrote:
>> OK, does the library provide the CRT solver (I don't believe so, but I
>> thought I would ask).
> Few years ago, I needed such solver to convert from RSA SFM format
> (n,e,d) to CRT representation. Obviously
On 8/06/2014 8:25 AM, Jeffrey Walton wrote:
> I've got n,e,d and loaded them into a RSA*. When I call RSA_check_key,
> I get an 0x407b093 error:
>
> $ openssl errstr 0x407b093
> error:0407B093:rsa routines:RSA_check_key:value missing
>
> How do I instruct he library to solve for the missing
I've also added these into the wiki at
http://wiki.openssl.org/index.php/SECADV_20140605 - so that others
looking back through the issues can find a handy reference to the
additional information from various locations - the link at
http://wiki.openssl.org/index.php/Security_Advisories basically not
On 30/04/2014 6:05 AM, Walter H. wrote:
> On 29.04.2014 21:38, d...@deadhat.com wrote:
>>
>> This all seems unecessarily complex. Make the serial number a 256 bit or
>> greater true random number. There will be no collisions.
> the serial number has maximum length ..., 256 bit is quite too big ..
>
On 30/04/2014 4:23 AM, Blibbet wrote:
> The TianoCore.org project maintains a patch of OpenSSL (0.9x, not 1.x).
> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
>
>
> BTW, it's a shame that OpenSSL doesn't integrate that patch, and have
> some UEFI-target
On 29/04/2014 5:38 PM, Stephan Mühlstrasser wrote:
> ... or is the EBCDIC port essentially dead?
Bug reports on EBCDIC with patches are definitely interesting as there
is an active community of OpenSSL z/OS users - at the very least the
other users will benefit from any work you have already done.
I've put up an example of how the OpenSSL msg_callback capability can be
used in an application to detect (and to block the connection by forcing
a close of the connection) independent of the OpenSSL library code.
The preferred approach is always to upgrade to a patched release - but
if you are un
On 11/04/2014 12:58 AM, Viktor Dukhovni wrote:
> guru@hein:~/openssl-1.0.1f/apps> (sleep 3 ; echo B ; sleep 3) | ./openssl
> s_client -connect www.openssl.org:443
If you are using s_client for testing then you should add the -msg
option and see what is being sent.
Responding to a correctly forme
On 11/04/2014 10:38 PM, Steven Kneizys wrote:
> The same issue when I tried to port over to windows,
> the ssl3_write_bytes is not exposed in the library. There doesn't
> seem to be an easy workaround that I can see.
The work around is trivial if you wanted to do that.
Change to use the SSL_get_
> In the example of building the openssl FIPS *capable* distribution, it
> seems one should take the distribution from the official
> openssl.org/source website and validate it using PGP. However,
> FreeBSD ships openssl distribution within its source tree.
You must follow the instructions contai
> Also, gnutls-client works correctly and lists the entire CA chain, which
would also seem to indicate the server is supplying them.
Connecting with openssl s_client as per the command you provided is not showing
the certificate chain.
openssl s_client -verify 10 -CAfile /etc/ssl/certs/Thawt
On 17/08/2010 7:03 PM, BISHT, SEEMANT (SEEMANT) wrote:
Can you please tell me how to compile openssl library in 64-bit type? As when
compiling the openssl, and checking
If it was a linux intel based setup if would be:
./Configure linux-x86_64
or
./Configure linux-generic64
However given you
On 13/08/2010 5:12 AM, Dave Thompson wrote:
I'm not sure why they even used an HMAC in the Policy.
Probably the 'priests' just liked it. It doesn't add anything.
Any actual security comes from having the digest, *or* HMAC,
protected by a different means than the subject data.
And unfortunately h
On 5/06/2010 12:56 AM, Fares Gianluca wrote:
Hi all,
I’m try to figure out why my X509_REQ signature is always not verified.
I’m using openssl-1.0.0 and gclib.dll provided by gemalto.
It is helpful to actually provide a complete working example rather than just a
subset. However in this case t
Bruce Stephens wrote:
"Dr. Stephen Henson" writes:
[...]
Didn't realise anyone was using CFB for that.
Note - there is now a Debian bug logged too for encfs which appears to be
impacted by this change.
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571810
I've forwarded your email
Mike Brennan wrote:
> The process's memory footprint increases linerally with connections,
> and this linear growth is quite constant. As David reports, memory seems
> to be allocated in multiples of 4K, but the linear memory growth is
> around 136 bytes per connection. I've confirmed this up to
Dr. Stephen Henson wrote:
hello OpenSSL community.We use OpenSSL 0.9.8d on many platforms,
including z/Linux 64-bit. We are using client certificate
authentication at the server.
Sounds like a compiler bug or a bug in the OpenSSL bignum library triggered on
that platform. Does OpenSSL pas
Martin Kaiser wrote:
Hi Jerry,
Thus wrote Jerry Wang (jerry...@gmail.com):
Does OpenSSL have a function for getting the common name from a X509
certificate?
how about something like
X509 *cert;
X509_NAME *subjectName;
char subjectCn[256];
subjectName = X509_get_subject_name(cert);
X50
rp...@shopsite.com wrote:
Did OpenSSL version 0.9.6b support SSL3/TLS1? If not, what version of
OpenSSL contained support for SSL3/TLS1.
I'm assuming you mean SSL3.1/TLS1 (as that is the right version to use) and in
which case the answer is that every release of OpenSSL has contained TLS1 supp
[EMAIL PROTECTED] wrote:
Sir,
How do I check to see what version of Open SSL that I have on my
system? I am trying to answer the attached vulnerability.
If you have the executable for the superapp then use:
openssl version -a
If you don't then you can
strings path-to-library | grep '
Raymond Zhou wrote:
Hi there,
I was trying to load a function from openSSL libeay32.dll using
LoadLibrary and GetProcAddress, the function is the following:
BIO* BIO_new_fp(File*, int).
You'll need to at least change File* to FILE * - C is case sensitive.
Tim.
__
Sanjith Chungath wrote:
I am getting thousands of UMRs and finally one segmentation error and a
core dump while trying to create a keystore. Am using 0.9.8g. Everything
works fine without purify. I also tried rebuilding openssl with PURIFY"
compiler option. But that also didnt help me.
Compi
joshi chandran wrote:
when i am using make CC=fipsld FIPSLD_CC=gcc , i am getting error message
> gcc: unrecognized option `-qnostdinc'
> gcc: unrecognized option `-qnolm'
Those are xlc options - i.e. the IBM compiler.
Perhaps
make CC=fipsld FIPSLD_CC=xlc
might be a better option. Look
joshi chandran wrote:
Can u please tell me what FIPS_set_mode() returns
when i am using it will the FIPS_set_mode(1), returns 1 and
also when using FIPS_set_mode(1), returns 1
FIPS_mode_set() returns 1 on success and 0 on failure.
FIPS_mode() returns the current mode.
Tim.
PGP.sig
Descriptio
David Schwartz wrote:
Is this correct for openssl 0.9.8 using FIPS?
test SSL protocol
test ssl3 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
1: zlib compression
SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
1 handshakes of 256 bytes done
gmake[1]:
Clark J. Wang wrote:
Hi list:
I'm new to OpenSSL and have a problem when trying BIGNUM usage. The
function ERR_get_error() returned 0 when BN_hex2bn() failed:
The error stack is used for errors which are useful to return to the caller and
isn't used much in 'leaf nodes' (i.e. things which ar
parvathy wrote:
I am working with openssl 0.9.8g. I can able to
communicate with all https servers except one server.
Try
openssl s_client -bugs -state -debug -connect hostname:port
on an unchanged OpenSSL build and send that output.
If you are required to provide a client certificate for t
Bond, Ann Marie wrote:
I’ve downloaded the latest version of the OpenSSL source code here
http://www.openssl.org/source/ but I can’t seem to download the
associated PGP signature to verify the download. It shows up as an
empty file. When I click on the link, there’s nothing there.
The files
pbirk wrote:
I'm trying to use IO-Socket-SSL-1.13_5, Net-SSLeay 1.32 and OpenSSL 0.9.7j.
I have the Perl module coded the following way.
Try connecting with
openssl s_client -state -debug -connect hostname:port and see what details
are returned in the server certificate - that will at
Matthias Barmeier wrote:
Hi,
ok, sorry for not understanding what happens. The call
OpenSSL_add_all_algorithms() was missing.
After adding it everything seems to work perfect.
Shouldn't this be mentioned on the man page of the PEM functions ?
It is not PEM specific - it applies to anything t
Diffenderfer, Randy wrote:
Folks,
Am trying to sort out "mysterious" TLS setup failures within sendmail.
Are there any runtime symbols I can twiddle to cause the library to be
more forthcoming about what it's doing? Have wandered through sendmail
and he pretty much treats the openssl calls
Travis wrote:
Has anyone seen this error:
error:140D5042:SSL routines:SSL3_CTRL:called a function you should not call
I am trying to troubleshoot and could use some help urgently.
Thank you in advance for your help.
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED is the error and in ssl3_ctrl that occurs
Gatfield, Geoffrey wrote:
> I’m testing with Fips 1.2 and FIPS 1.1.2 and I am having a problem switching
> between FIPS-mode and non FIPS-mode. I can enable FIPS mode initially using
> FIPS_mode_set(1) but after that if it’s disabled (with FIPS_mode_set(0)) then
> re-enabled the library fails with
John T. Cox wrote:
So, I went back and put in the ERR_print_errors and got this:
19239:error:0906B072:lib(9):func(107):reason(114):pem_lib.c:481:
The online manual page describes what each field is. But, I cannot find
any documentation that explains what the error code (19239) or reason
strin
** file cpfp_ssl.c: line 2752
Error verifying signature on issued certificate:
8134:error:0D0C50A1:lib(13):func(197):reason(161):a_verify.c:141:
After looking into "a_verify.c" line 141, this corresponds to the
following error:
ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM
The way to figure out th
38 matches
Mail list logo
