Thank you very much.I appreciate your extra effort.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Wednesday, May 09, 2012 6:38 AM
To: openssl-users@openssl.org
Subject: Re: FAILED:unable to get
Hi Dr. Steve: can I get clarification on your note about the '...link
algorithm has changed...'?
Does this refer to the hash computed over a certificate which is needed when
using SSL_CTX_load_verify_locations(pCtx, NULL, path_to_verify_directory)?
I discovered (and resolved) this in testing
Hi Dr. Steve. Thank you very much.
In our static case, we are using fipsld to link libcrypto and fipscanister with
our objects. It seems successful, and produces a loadable shared library.
But the self-test of FIPS_mode_set() is unable to match the signature.
So we will keep experiment
Hi. We are experimenting with the FIPS 2.0 Object Module RC1 and the recent
GA of OpenSSL 1.0.1. We have a successful FIPS-capable build of OpenSSL and
we've verified it with the openssl CLI with OPENSSL_FIPS=1 set. Our
experiments are currently limited to Linux X86_64, and we are not using
We build on z/OS. I have some notes on what I've had to do, but what kinds of
errors are you seeing, and what version of OpenSSL?
The most recent version we built on z/OS is 0.9.8R.
+-+-+-+-+-+-+
Dave McLellan, Symmetrix Software Engineering
EMC Corporation, 176 South St, Hopkinton MA
Mai
In the draft User Guide for the FIPS Object Module 2.0, the official validated
platforms are shown as Linux and Windows, 32- and 64-bit architectures, with or
without assembler optimizations. The draft Security Policy mentions only
Android 2.2 and HP-UX 11i in section 2: Tested Configurations,
Thanks very much. That helps a little. it's also in the Makefile very
clearly.
And why not use "1.0.1", like the "0.9.8" stream used?
Thanks again.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jeremy Farrell
Sent: Friday, March 23, 2012 5:01 PM
I'm seeing "1.0.0" used in the library (.so) names for crypto and ssl versions.
I expected to see 1.0.1, consistent with the 0.9.X stream, where the version
number agrees with version in the library name (as referenced in the link of
the openssl executable for example).
Can someone help me un
I'm noticing the version number of the SSL and crypto libraries are showing
1.0.0, but I expected 1.0.1. I can see the statement SHLIB_MINOR in the
Makefile that sets it, and it seems on purpose, but I want to make sure.
Snippet from Makefile at the top level, beginning at line 7, through line
Hi Jeff.DOH! I was staring right into the face of two bits on, and didn't
even see it. thanks.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Tuesday, November 01, 2011 8:02 AM
To: openssl-users
I'm looking into the use of SSL_get_shutdown to possibly avoid unnecessary
calls to SSL_shutdown. I noticed that SSL_get_shutdown() returns a 3
sometimes, but I can't find a symbol that tells what that means. In ssl.h I
see:
1=SSL_SENT_SHUTDOWN and
2=SSL_RECEIVED_SHUTDOWN.
No explanation fo
I believe there is a call to get the raw socket after you accept, but I'm not
sure what it is.
In our server, we do all the raw setup first, and then negotiate a secure
session after we know the client is capable. We don't use BIOs but there
should be a way to get the socket FD either . Di
Hi Dhoti. Neither of those questions relate specifically to OpenSSL, since
these are part of the fundamental networking behaviors.
1) Look at the system function setsockopt() for how to set the reuse-address
behavior. You must call this function after creating the socket, but before
call
We are trying to build OpenSSL 0.9.8r on z/OS 1.10 system. We haven't built
Openssl on z/OS for a long time, and have rebuilt and environment to do it.
Configure is successful, but any use of make (depend, for example) fails with
FSUM7332 syntax error: got (, expecting Newline
Anyone have a
Hi. I'm looking for experiences in the community with dynamic loading and
lookup of crypto/SSL entry points when multiple versions of the libraries might
be loaded into the process space.
Background is too detailed to start with, so I'll watch for takers and
interested parties, so as not to c
I'm looking for information about compatibility topics relating to OpenSSL
0.9.8 stream and the 1.0.0 stream.
The context is:
Ø Proprietary Client/server application, clear text protocol had SSL layered
over it
Ø Many Unix platforms, Many windows platforms, z/OS and z/Linux
Ø Very deep cro
We use OpenSSL in a highly multi-threaded application and don't have problems.
There are some locking callbacks that you should be using. Look up these:
CRYPTO_set_id_callback();
CRYPTO_set_locking_callback();
CRYPTO_set_dynlock_create_callback();
CRYPTO_set_dynlock_lock_callback()
I second that. Absolutely that is a great way to learn about OpenSSL. It's
old but it's how lots of people learn. Very friendly to a new SSL person.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of John R Pierce
Sent: M
18 matches
Mail list logo
