Re: Need help on self test post failure - programmatically load FIPS provider

ly load fips code, which caused the > error: > >     >/*80D1CD65667F:error:1C8000D4:Provider >     routines:SELF_TEST_post:invalid / > >     >/state:../openssl-3.0.9/providers/fips/self_test.c:262:* / > >   

Re: Need help on self test post failure - programmatically load FIPS provider

routines:OSSL_provider_init_int:self test post failure:../openssl-3.0.9/providers/fips/fipsprov.c:707:* *80D1CD65667F:error:078C0105:common libcrypto routines:provider_init:init fail:../openssl-3.0.9/crypto/provider_core.c:932:name=fips* *Error loading FIPS provider.* Code for loading fips: #include

Re: Need help on self test post failure - programmatically load FIPS provider

56:8B:09:E0:18:3A:2E:D6:CC:69:05:04:E1:11 > > > > install-status = INSTALL_SELF_TEST_KATS_RUN > > > > Then we removed the line "activate = 1" from fipsmodule.cnf file. After > > this we triggered the programatically load fips code, which caused the

Re: Need help on self test post failure - programmatically load FIPS provider

code, which caused the error: >/*80D1CD65667F:error:1C8000D4:Provider routines:SELF_TEST_post:invalid / >/state:../openssl-3.0.9/providers/fips/self_test.c:262:* / >/*80D1CD65667F:error:1C8000D8:Provider / >/routines:OSSL_provider_init_int:self test post / >/failure:.

Re: Need help on self test post failure - programmatically load FIPS provider

error:1C8000D4:Provider routines:SELF_TEST_post:invalid * >* state:../openssl-3.0.9/providers/fips/self_test.c:262:* * >* *80D1CD65667F:error:1C8000D8:Provider * >* routines:OSSL_provider_init_int:self test post * >* failure:../openssl-3.0.9/providers/fips/fipsprov.c:707:* * >* *80D1CD6566

Re: Need help on self test post failure - programmatically load FIPS provider

Provider routines:SELF_TEST_post:invalid > state:../openssl-3.0.9/providers/fips/self_test.c:262:* > *80D1CD65667F:error:1C8000D8:Provider > routines:OSSL_provider_init_int:self test post > failure:../openssl-3.0.9/providers/fips/fipsprov.c:707:* > *80D1CD65667F:error:078C010

Need help on self test post failure - programmatically load FIPS provider

routines:OSSL_provider_init_int:self test post failure:../openssl-3.0.9/providers/fips/fipsprov.c:707:* *80D1CD65667F:error:078C0105:common libcrypto routines:provider_init:init fail:../openssl-3.0.9/crypto/provider_core.c:932:name=fips* *Error loading FIPS provider.* Steps: Followed the steps @ https

New Blog Post: CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

Please see the new blog post here: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ OpenPGP_0xD9C4D26D0E604491.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature

Re: memory still reachable post calling SSL_CTX_free

On 21/06/2022 11:42, Tomas Mraz wrote: This is actually not a memory allocated by the SSL_CTX_new() itself but error string data that is global. There is no real memory leak here. You can call OPENSSL_cleanup() to explicitly de-allocate all the global data however please note that you can do

Re: memory still reachable post calling SSL_CTX_free

On Tue, 2022-06-21 at 10:33 +, Tiwari, Hari Sahaya wrote: > Hi, > I need one clarification on routine SSL_CTX_free(). I see the memory > is not freed even after calling this SSL_CTX_free(). >   > I have a simple test program, which just does SSL_CTX_new() and  > SSL_CTX_free(). >   > #include >

memory still reachable post calling SSL_CTX_free

Hi, I need one clarification on routine SSL_CTX_free(). I see the memory is not freed even after calling this SSL_CTX_free(). I have a simple test program, which just does SSL_CTX_new() and SSL_CTX_free(). #include #include int main() { const SSL_METHOD *method; SSL_CTX *ctx = NULL;

Re: New Blog Post

On 2021-11-25 15:00, Matt Caswell wrote: Please see the new blog post by Tim Hudson giving an update on the OpenSSL Project. https://www.openssl.org/blog/blog/2021/11/25/openssl-update/ Followup: While the OpenSSL leadership may think they have made things easier for algorithm developers

New Blog Post

Please see the new blog post by Tim Hudson giving an update on the OpenSSL Project. https://www.openssl.org/blog/blog/2021/11/25/openssl-update/ Matt

Re: FIPS POST induced failure in OpenSSL3.0.0 for FIPS 140-2 compliance

On 29/10/2021 16:40, Cristian Andrei Sandu wrote: Hi all, I’m currently updating an application from OpenSSL 1.0.2d to OpenSSL 3.0.0 in preparation for a FIPS 140-2 submission and I’m not sure how to approach the issue of induced failures for the power on self tests. In OpenSSL 1.0.2d we

FIPS POST induced failure in OpenSSL3.0.0 for FIPS 140-2 compliance

Hi all, I'm currently updating an application from OpenSSL 1.0.2d to OpenSSL 3.0.0 in preparation for a FIPS 140-2 submission and I'm not sure how to approach the issue of induced failures for the power on self tests. In OpenSSL 1.0.2d we used to use FIPS_post_set_callback() for this purpose, b

Blog post about Let's Encrypt root certificate expiration and OpenSSL 1.0.2

I've written a blog post to explain the situation with the old Let's Encrypt root certificate expiration which will happen on 2021-09-30 and the behavior of OpenSSL 1.0.2 with that root certificate. Please read, if interested: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRoot

Re: Blog post

On 17/06/2021 18:35, Ethan Rahn wrote: Hello Matt, Love the blog post, and of course a hearty thanks to everyone who worked on the project to get it to this point. Is the plan still to continue with the FIPS 140-2 validation instead of 140-3? Apologies for the lack of a first party source

Re: Blog post

Hello Matt, Love the blog post, and of course a hearty thanks to everyone who worked on the project to get it to this point. Is the plan still to continue with the FIPS 140-2 validation instead of 140-3? Apologies for the lack of a first party source but https://www.leidos.com/insights/fips-140

Blog post

For anyone interested I've written a blog post to accompany the 3.0 beta 1 release. You can read it here: https://www.openssl.org/blog/blog/2021/06/17/OpenSSL3.0ReleaseCandidate/ Matt

Re: Openssl-3.0.0 POST

F_TEST_new manual pages. It's easiest to run them from the command line. Pauli On 5/2/21 7:48 pm, Nagarjun J wrote: Hello, Can any one tell , how to run POST tests in openssl-3.0.0. Regards, N

Openssl-3.0.0 POST

Hello, Can any one tell , how to run POST tests in openssl-3.0.0. Regards, N

Re: Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error (first post please be kind!)

Hi Craig, On Wed, Dec 09, 2020 at 08:35:46PM +0900, Craig Henry wrote: > Hi, > > This is my first post to this list so please be kind! > > Environment - Linux Centos > SSL - 1.0.2k19-el7 > > Connection - CURL (via PHP) with public / private key auth + http basic auth &g

Re: Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error (first post please be kind!)

On 09/12/2020 11:35, Craig Henry wrote: > Hi, > > This is my first post to this list so please be kind! > > Environment - Linux Centos > SSL - 1.0.2k19-el7 > > Connection - CURL (via PHP) with public / private key auth + http basic auth > > We're

Re: Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error (first post please be kind!)

Hi, curl on RHEL-7 and Centos 7 uses NSS and not OpenSSL as the TLS backend. So this is unfortunately a wrong mailing list to ask. Tomas Mraz On Wed, 2020-12-09 at 20:35 +0900, Craig Henry wrote: > Hi, > > This is my first post to this list so please be kind! > > Environment

Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error (first post please be kind!)

Hi, This is my first post to this list so please be kind! Environment - Linux Centos SSL - 1.0.2k19-el7 Connection - CURL (via PHP) with public / private key auth + http basic auth We're having an issue where we are seeing intermittent behavior connecting to a 3rd party of the key

OpenSSL Blog Post

Please take a look at my blog post that gives an update on OpenSSL 3.0 development, FIPS and 1.0.2 EOL: https://www.openssl.org/blog/blog/2019/11/07/3.0-update/ Matt

OpenSSL blog post by APNIC

An APNIC article loosely based on the OpenSSL presentation at AusCERT earlier this year: https://blog.apnic.net/2019/10/21/openssl-3-0-accelerating-forwards/ Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic

Re: [openssl-users] Blog post on the new LTS release

>This didn't show up in my RSS client. Is the RSS feed not working, or is > it just my client? It probably sat in draft form for too long, and went out with the old date. Oops. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Blog post on the new LTS release

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Salz, Rich via openssl-users > Sent: Tuesday, May 29, 2018 11:12 > To: openssl-users; openssl-annou...@openssl.org > Subject: [openssl-users] Blog post on the new LTS release > We just posted a new

[openssl-users] Blog post on the new LTS release

We just posted a new blog entry on long-term support, the different phases, and so on. It’s here: https://www.openssl.org/blog/blog/2018/05/18/new-lts/ TL;DR is that the upcoming 1.1.1 will be our next LTS release. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mai

[openssl-users] TLSv1.3 blog post

FYI, I reposted my TLSv1.3 blog post from last year, but updated with the latest information. You can read it here: https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-dev] Blog post; changing in email, crypto policy, etc

➢ this feature sends notifications about _all_ conversations happening. For me, I get the actual comments that are posted. Don’t you? On the mailing list, you have to explicitly mark/junk conversation threads in your mail program. You would still have to do that here. I don’t understand

Re: [openssl-users] [openssl-dev] Blog post; changing in email, crypto policy, etc

You should be able to just watch the openssl repo (the eyeball/watch notice in the upper-right side) On 1/23/18, 7:00 AM, "Hubert Kario" wrote: On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote: > There’s a new blog post at > https://www.

Re: [openssl-users] [openssl-dev] Blog post; changing in email, crypto policy, etc

Hello, On Tue, Jan 23, 2018 at 3:00 PM, Hubert Kario wrote: > On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote: > > There’s a new blog post at > > https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ > > > We decided to increase our use o

[openssl-users] Blog post; changing in email, crypto policy, etc

There’s a new blog post at https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ It contains some important policy changes we decided at our meeting last month. This includes: - Closing the openssl-dev mailing list; use GitHub for issues - New mailing list openssl-project for

Re: [openssl-users] Delete a post to openssl-user mailing list

l not gain promotion points anyways by having their real names in mailing lists. -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-users-Delete-a-post-to-openssl-user-mailing-list-tp57653p57673.html Sent from the OpenSSL - User mailing list archive at

Re: [openssl-users] Delete a post to openssl-user mailing list

>> What is the security risk? > > Management ? :) There could be a perceived problem that the world now knows that "company X has problems with OpenSSL", and a competitor could even try to make mischievous use of this "information" - it happened to me once (with another technology). Death of dev

Re: [openssl-users] Delete a post to openssl-user mailing list

> What is the security risk? Management ? :) -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-users-Delete-a-post-to-openssl-user-mailing-list-tp57653p57670.html Sent from the OpenSSL - User mailing list archive at Nabble.

Re: [openssl-users] Delete a post to openssl-user mailing list

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Vollaro, John > Sent: Wednesday, April 22, 2015 09:56 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] Delete a post to openssl-user mailing list > > Can a message be removed by the

Re: [openssl-users] Delete a post to openssl-user mailing list

> Can a message be removed by the system administrator of the openssl-user > email forum? There are several places that archive openssl mailing lists. > My original post about " NULL EVP_PKEY" was flag by my company as a security > risk. That seems erroneous to me. >

Re: [openssl-users] Delete a post to openssl-user mailing list

: Can a message be removed by the system administrator of the openssl-user email forum? My original post about " NULL EVP_PKEY" was flag by my company as a security risk. The data in the post was "fake". I have been directed to remove the post if possible. -Origina

Re: [openssl-users] Delete a post to openssl-user mailing list

Can a message be removed by the system administrator of the openssl-user email forum? My original post about " NULL EVP_PKEY" was flag by my company as a security risk. The data in the post was "fake". I have been directed to remove the post if possible. -Origin

Re: [openssl-users] Delete a post to openssl-user mailing list

On Tue, Apr 21, 2015 at 09:21:47PM +, Vollaro, John wrote: > Is it possible to remove a message I posted to the openssl-user email forum? No. -- Viktor. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinf

[openssl-users] Delete a post to openssl-user mailing list

Is it possible to remove a message I posted to the openssl-user email forum? This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipien

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

> From: Michael Wojcik [mailto:michael.woj...@microfocus.com] Thanks for the detailed and thoughtful response. I only want to respond to a few of your points. > One is simply that we're seeing a lot of > OpenSSL roadmap announcements. That's good in the sense that before the > funding boost, pr

[openssl-users] Code Reformat blog post

I have posted a new blog article covering the recent reformat activity: https://www.openssl.org/blog/blog/2015/02/11/code-reformat-finished/ It's basically a review of what we did, how we did it and the problems we encountered. It also discusses the various tags that we've created in the repo, and

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Wed, Feb 11, 2015 at 12:59:22PM +0100, Hubert Kario wrote: > On Tuesday 10 February 2015 21:46:46 Viktor Dukhovni wrote: > > On Tue, Feb 10, 2015 at 09:15:36PM +, Salz, Rich wrote: > > > I would like to make the following changes in the cipher specs, in the > > > master branch, which is pla

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Salz, Rich > Sent: Wednesday, February 11, 2015 13:26 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] [openssl-dev] Proposed cipher changes for > post-1.0.2 > > > All

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Wed, Feb 11, 2015 at 03:46:54PM +, Salz, Rich wrote: > > I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it > > explicitly in DEFAULT) is a good one that maintains important backward > > compatibility while providing the desired removal of RC4 by default. There's > > no ad

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On 11/02/2015 16:46, Salz, Rich wrote: I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it explicilty in DEFAULT) is a good one that maintains important backward compatibility while providing the desired removal of RC4 by default. There's no advantage to moving RC4 to LOW. Sure

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

> All sorts of things can be done. Clearly, in the Brave New World of well- > funded OpenSSL, they'll have to be, because it's apparent that we're going to > see a lot of disruptive change made on the flimsiest of pretexts, with > objections from the user community brushed aside. That's your prerog

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Salz, Rich > Sent: Wednesday, February 11, 2015 10:47 > To: openssl-users@openssl.org; openssl-...@openssl.org > Subject: Re: [openssl-users] [openssl-dev] Proposed cipher changes for > post-1.0.2 &

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

> I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it > explicilty in DEFAULT) is a good one that maintains important backward > compatibility while providing the desired removal of RC4 by default. There's > no advantage to moving RC4 to LOW. Sure there is: it's an accurate descr

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Viktor Dukhovni > Sent: Tuesday, February 10, 2015 21:01 > To: openssl-...@openssl.org; openssl-users@openssl.org > Subject: Re: [openssl-users] [openssl-dev] Proposed cipher changes for > post-1.0.

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Wed, Feb 11, 2015 at 01:50:07AM -0500, Daniel Kahn Gillmor wrote: > > RC4 in LOW has a bit of pushback so far. My cover for it is that the > > IETF says "don't use it." So I think saying "if you want it, say so" is > > the way to go. > > I think that's the correct position. People who want

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Wed, Feb 11, 2015 at 03:30:57AM +, Salz, Rich wrote: > > By all means, don't use it, but it is not OpenSSL's choice to make by > > breaking > > the meaning of existing interfaces. > > Except that we've explicitly stated we're breaking things with this new > release. > > Those magic ciph

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

> By all means, don't use it, but it is not OpenSSL's choice to make by breaking > the meaning of existing interfaces. Except that we've explicitly stated we're breaking things with this new release. Those magic cipher keywords are point-in-time statements. And time has moved on. _

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Wed, Feb 11, 2015 at 12:22:44AM +, Salz, Rich wrote: > RC4 in LOW has a bit of pushback so far. My cover for it is that > the IETF says "don't use it." So I think saying "if you want it, > say so" is the way to go. By all means, don't use it, but it is not OpenSSL's choice to make by bre

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Tue, Feb 10, 2015 at 06:17:38PM -0500, Daniel Kahn Gillmor wrote: > On Tue 2015-02-10 16:15:36 -0500, Salz, Rich wrote: > > I would like to make the following changes in the cipher specs, in the > > master branch, which is planned for the next release after 1.0.2 > > > > Anything that uses RC4

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

> currently, this is an error: > > 0 dkg@alice:~$ openssl ciphers -v ALL:!NO-SUCH-CIPHER > bash: !NO-SUCH-CIPHER: event not found > 0 dkg@alice:~$ Yeah, but that's coming from bash, not openssl :) ; openssl ciphers -v ALL | wc 111 6758403 ; openssl ciphers -v ALL:!FOOBAR | wc 111

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Tue, Feb 10, 2015 at 09:15:36PM +, Salz, Rich wrote: > I would like to make the following changes in the cipher specs, in the master > branch, which is planned for the next release after 1.0.2 > > Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW Note, that RC4 is alre

[openssl-users] Proposed cipher changes for post-1.0.2

I would like to make the following changes in the cipher specs, in the master branch, which is planned for the next release after 1.0.2 Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW Anything that was 40-bit encryption is removed: /* Cipher 03 "EXP-RC4-MD5" removed */ /* Ci

[openssl-users] POST Integrity test/fingerprint failure on 32-bit MIPS/R3000 with openssl-fips-2.0.5

Included algorithm (D-H)..successful POST started Integrity test started Integrity test Failed Incorrectly!! ... POST Failed 2. Automatic power-up self test...Failed! - end runtime output on MIPS target Happy to provide any details to g

OpenSSL FIPS library POST fails

I am trying to build a DLL that includes the OpenSSL FIPS Object Module, and then load that DLL from my application. This is on Windows 7 64-bit using Microsoft Visual Studio v10. The DLL is built successfully and my application can load it, but when I call the FIPS_mode_set(1) function, the sel

Re: Does OpenSSL supports the HTTP POST request?

Hi I use https post with any problem you just need to format properly your https post string , and send the data Regards Luiz > > Hi, > I want to use HTTP POST request for connecting to the server..I checked > with > the available sample programs but it all supports HTTP GET. &

Re: Does OpenSSL supports the HTTP POST request?

Hi Yogesh Of course, yes ! SSL is completly independant of HTTP protocol. HTTP GET and POST methods differ in the way of passing parameters. On GET, parameter are passed in the URI as URI?param=value¶m=value&...param=value On POST, parameters are passed in the same format param=val

Does OpenSSL supports the HTTP POST request?

Hi, I want to use HTTP POST request for connecting to the server..I checked with the available sample programs but it all supports HTTP GET. So my doubt is that Is it possible to send HTTP POST message using the openSSL. If yes?then how I can achieve that? Thanks. -- View this message in

Re: FIPS 140-2 post 2010

enSSL FIPS compliant for post-2010 (with the understanding it has not been validated for compliance). if this has been discussed already, i apologize. i could not find anything on this issue, just on whether or not there will be a FIPS 140-3 validation in the future for OpenSSL. thank you very much

FIPS 140-2 post 2010

s, and the approved integrity technique specified in Section 4.6.1 of FIPS 140-2; Since the FIPS module digest is generated with SHA1, i do not know if this will automatically make this issue dead in the water. Has anyone heard of this or dealt with this, or has made OpenSSL FIPS compliant for

Re: Post-2010 future of the OpenSSL FIPS Object Module?

Michael Sierchio wrote: Forgive my ignorance, but are you a 501(c)3? Can you communicate that in a signature line so it's obvious? The OpenSSL Software Foundation (OSF) is *not* a non-profit corporation. It was created for the purpose of supporting the commercial activities of OpenSSL tea

Re: Post-2010 future of the OpenSSL FIPS Object Module?

ding of some of the CMVP transition documentation implies that may not be the case post-2010. I've heard that these transitional requirements, which are still officially in draft form, are generating some significant unfavorable feedback from industry. Changes or clarification are possib

Re: Post-2010 future of the OpenSSL FIPS Object Module?

On 2/19/2010 11:00 AM, Michael Sierchio wrote: > Steve Marquess wrote: >> In the three years since the open source based FIPS 140-2 validated >> OpenSSL FIPS Object Module became available many software vendors have >> directly or indirectly utilized it to realize substantial cost and >> schedule s

Re: Post-2010 future of the OpenSSL FIPS Object Module?

Steve Marquess wrote: > In the three years since the open source based FIPS 140-2 validated > OpenSSL FIPS Object Module became available many software vendors have > directly or indirectly utilized it to realize substantial cost and > schedule savings. We're glad to see the widespread benefits of

RE: Post-2010 future of the OpenSSL FIPS Object Module?

eyond 2010? I beleive the above to be true, this email cast some doubt, however. Thanks. > Date: Thu, 18 Feb 2010 17:27:54 -0500 > From: marqu...@opensslfoundation.com > To: openssl-users@openssl.org > Subject: Post-2010 future of the OpenSSL FIPS Object Module? > >

Post-2010 future of the OpenSSL FIPS Object Module?

. However, that situation is due to a lack of funding and not a lack of interest on our part. We will tackle a new validation with enthusiasm at the first opportunity. The purpose of this open message is twofold: First, to note that we are actively soliciting sponsors for a post-2010

Re: post-connection assertions

Dave Thompson wrote: 3. Use SSL_set_verify() and provide a callback function. This sounds promising but the callback function gets called for every certificate in the chain. How can I find out whether the certificate in question is the peer's cert and not some intermediate cert? x509storectx

RE: post-connection assertions

> From: owner-openssl-us...@openssl.org On Behalf Of Daniel Mentz > Sent: Wednesday, 02 September, 2009 08:27 > To: openssl-users@openssl.org > Subject: post-connection assertions > > I'm wondering what's the best way to check the identity of > the peer [in its cer

post-connection assertions

I'm wondering what's the best way to check the identity of the peer i.e. compare the commonName or subjectAltName included in the x509 cert with the data I expect. The book "Network Security with OpenSSL" calls this "Post-connection assertions" (page 134). I

Re: Question about one of your post

SSL_CTX_use_PrivateKey function always works (with and without the > -passin argument in the certificate request generation). My goal is to > hardcode the private key's password in the software (I can live with the > fact that someone can dissasemble the code the recover the key). > &

Re: Website correction request: only subscribers can post to openssl-users

Frank J. Iannarilli wrote: > Hi, > > On the following page: > <http://www.openssl.org/support/> > it declares that "anybody" can post to the openssl-users. > > But evidently (from my experience), that's not true; only subscribers > can. Unfortunatel

Website correction request: only subscribers can post to openssl-users

Hi, On the following page: <http://www.openssl.org/support/> it declares that "anybody" can post to the openssl-users. But evidently (from my experience), that's not true; only subscribers can. Unfortunately, browsing the website doesn't unambiguously indicate whom I

Re: Segmentation fault in SSL_read() (Re-post)

c Ion - Original Message From: Kyle Hamilton <[EMAIL PROTECTED]> To: openssl-users@openssl.org Sent: Friday, April 18, 2008 5:32:49 PM Subject: Re: Segmentation fault in SSL_read() (Re-post) ergh. My apologies for not catching that. You're right, it shouldn't matter on t

Re: Segmentation fault in SSL_read() (Re-post)

ergh. My apologies for not catching that. You're right, it shouldn't matter on the client side. Okay... going back to basics (I'm sorry if this seems a bit patronizing, I honestly don't intend it to be such), a segfault occurs on a pointer dereference, trying to gain access to memory which is i

Re: Segmentation fault in SSL_read() (Re-post)

From: Kyle Hamilton <[EMAIL PROTECTED]> To: openssl-users@openssl.org Sent: Friday, April 18, 2008 2:33:03 PM Subject: Re: Segmentation fault in SSL_read() (Re-post) How are you creating an MFC executable on Linux? -Kyle H On Fri, Apr 18, 2008 at 4:29 AM, Ion Scerbatiuc <[EMAIL PROTECTED]

Re: Segmentation fault in SSL_read() (Re-post)

ds, > Scerbatiuc Ion > > > - Original Message > From: Kyle Hamilton <[EMAIL PROTECTED]> > To: openssl-users@openssl.org > > Sent: Friday, April 18, 2008 2:14:03 PM > Subject: Re: Segmentation fault in SSL_read() (Re-post) > > My initial idea would be that

Re: Segmentation fault in SSL_read() (Re-post)

questions? Thanks for your time! Regards, Scerbatiuc Ion - Original Message From: Kyle Hamilton <[EMAIL PROTECTED]> To: openssl-users@openssl.org Sent: Friday, April 18, 2008 2:14:03 PM Subject: Re: Segmentation fault in SSL_read() (Re-post) My initial idea would be that you're

Re: Segmentation fault in SSL_read() (Re-post)

g for your main executable? What compiler was used to create the library? What linker was used for all of it? -Kyle H On Fri, Apr 18, 2008 at 3:15 AM, Ion Scerbatiuc <[EMAIL PROTECTED]> wrote: > > Sorry for the fist post. It seems like I have some problems with the other > email clie

Re: Segmentation fault in SSL_read() (Re-post)

- Original Message From: Ion Scerbatiuc <[EMAIL PROTECTED]> To: openssl-users@openssl.org Sent: Friday, April 18, 2008 1:15:35 PM Subject: Segmentation fault in SSL_read() (Re-post) Sorry for the fist post. It seems like I have some problems with the other email client. A new try :)

Segmentation fault in SSL_read() (Re-post)

Sorry for the fist post. It seems like I have some problems with the other email client. A new try :) I have wrote a multi-threaded server (UNIX) and I use OpenSSL for encrypting communication between the server and the client (the client is an MFC application, but I think this doesn't m

RE: Post

If you're talking about the cert and session key you posted, anyone can get the cert from the server and the master key is useless. DS __ OpenSSL Project http://www.openssl.org U

Re: Post

Im cool On 5/9/07, Keith Thompson <[EMAIL PROTECTED]> wrote: On Wed 07-05-09 17:52, Michael Fedor wrote: > How can I delete any post that have my email address. > [EMAIL PROTECTED] > there is data that should not be out on the net You may or may not be able to persuade the lis

Re: Post

On Wed 07-05-09 17:52, Michael Fedor wrote: > How can I delete any post that have my email address. > [EMAIL PROTECTED] > there is data that should not be out on the net You may or may not be able to persuade the list maintainer to delete your posts, but it won't do you much good.

Re: Post

Michael Fedor wrote: Thanks do you know who the list maintainer is. I suspect that instructions for contacting the list maintainer could be had via the [EMAIL PROTECTED] email listed in the trailer appended to all emails sent via the list. Sending it a message containing a line that reads

Re: Post

To: openssl-users@openssl.org Subject: Post How can I delete any post that have my email address. [EMAIL PROTECTED] there is data that should not be out on the net __ OpenSSL Project http://www.opens

RE: Post

Is it worth something? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Fedor Sent: Wednesday, May 09, 2007 2:52 PM To: openssl-users@openssl.org Subject: Post How can I delete any post that have my email address. [EMAIL PROTECTED] there is data

Re: Post

Thanks do you know who the list maintainer is. On 5/9/07, Rick Jones <[EMAIL PROTECTED]> wrote: Michael Fedor wrote: > How can I delete any post that have my email address. > [EMAIL PROTECTED] > there is data that should not be out on the net Basically, once you send to a ma

Re: Post

Michael Fedor wrote: How can I delete any post that have my email address. [EMAIL PROTECTED] there is data that should not be out on the net Basically, once you send to a mailing list, all bets are off. You _might_ be able to ask a list maintainer to remove your post from an archive, but

Post

How can I delete any post that have my email address. [EMAIL PROTECTED] there is data that should not be out on the net __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: HTTPS POST in perl

What I use it HTTP and LWP::UserAgent Perl modules use LWP::UserAgent; $ua = new LWP::UserAgent; $ua->agent("AgentName/0.1 " . $ua->agent); my $cgi = new CGI(); my $post = ''; # Create a request my $req = new HTTP::Request POST => 'https://www.server.com&#

HTTPS POST in perl

;caaresult=$encrstr"; my $rlen = length $encrstr; if(!defined open_TCP('F','http://www.xyz.com','80')) { print "Error connecting to web server\n"; exit(-1); } print F "POST /cgi-bin/mycgi.pl HTTP/1.0\n"; print F "Accept: */*

  1   2   >