RE: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

Cc: Richard Levitte ; Michael Wojcik ; Matt Caswell ; openssl-users@openssl.org Subject: Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc Thanks for the heads up. For some reason, the information at our CDN remained incorrect for the &quo

Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

---Original Message- > From: Richard Levitte [mailto:levi...@openssl.org] > Sent: Wednesday, September 11, 2019 2:41 PM > To: Michael Wojcik > Cc: Carl Tietjen ; Matt Caswell > ; > openssl-users@openssl.org > Subject: Re: Problem with the SHA256 signatures (download files) for the

RE: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

, 2019 2:41 PM To: Michael Wojcik Cc: Carl Tietjen ; Matt Caswell ; openssl-users@openssl.org Subject: Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc Issue found... Apache detected .gz in the file name and set the encoding to

Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

Issue found... Apache detected .gz in the file name and set the encoding to 'application/x-gzip'... Apparently, we already force .asc and .sha1 files to application/binary, but have apparently not added a similar directive for .sha256 files. Now done. Cheers, Richard On Wed, 11 Sep 2019 22:04:

RE: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

I can confirm Carl's issue when I download using Pale Moon (a Firefox fork): - $ file openssl-1.1.1d.tar.gz.sha256 openssl-1.1.1d.tar.gz.sha256: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT) $ file openssl-1.1.1d.tar.gz.sha1 openssl-1.1.1d.tar.gz.sha1: ASCII text $ file opens

RE: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Matt Caswell Sent: Wednesday, September 11, 2019 11:10 AM To: openssl-users@openssl.org Subject: Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc On 11/09/2019 18:08, Carl

Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

On 11/09/2019 18:08, Carl Tietjen wrote: > Hello, > > From the download site, https://www.openssl.org/source/ click the SHA256 link > for the new releases.  The files do not contain SHA256 hashes. > > FYI -- The SHA1 hashes seem to be ok -- I only checked one. These se

Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

Hello, >From the download site, https://www.openssl.org/source/ click the SHA256 link >for the new releases. The files do not contain SHA256 hashes. FYI -- The SHA1 hashes seem to be ok -- I only checked one. Thanks, Carl

Re: FIPS and new releases of openssl

Justin A wrote: Hi Steve Marquess, What's the equivalent file for fipscanister.o on windows..? Let's see ... for the OpenSSL FIPS Object Module v1.1.1/1.1.2 it's fipscanister.o. For the upcoming v1.2 it will be fipscanister.lib. -Steve M. -- Steve Marquess Open Source Software Institute

Re: FIPS and new releases of openssl

Hi Steve Marquess, What's the equivalent file for  fipscanister.o on windows..? Thanks, Justin --- On Tue, 11/4/08, Steve Marquess <[EMAIL PROTECTED]> wrote: From: Steve Marquess <[EMAIL PROTECTED]> Subject: Re: FIPS and new releases of openssl To: openssl-users@openssl.

RE: FIPS and new releases of openssl

ute to any individuals or organizations, without restriction. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger No-Spam Sent: Tuesday, November 04, 2008 8:34 AM To: openssl-users@openssl.org Subject: FIPS and new releases of openssl Hello, In appendix B of t

Re: FIPS and new releases of openssl

David Schwartz wrote: ... Build the FIPS module, then fix the higher-level code, then build the rest of OpenSSL. So long as don't modify the source before building the FIPS module, you are fine. You can fix the code that doesn't go in the FIPS canister without violating FIPS, then link your fix

Re: FIPS and new releases of openssl

Roger No-Spam wrote: Hello, In appendix B of the openssl FIPS security policy it is stated that the module must be built with a particular tar file (openssl-fips-1.1.2.tar.gz) and a hmac hash value for the tar file is specified. Furthermore it is stated that there shall be no additions, dele

RE: FIPS and new releases of openssl

> Hello, > > In appendix B of the openssl FIPS security policy it is stated > that the module must be built with a particular tar file > (openssl-fips-1.1.2.tar.gz) and a hmac hash value for the tar > file is specified. Furthermore it is stated that there shall be > no additions, deletions, or alt

FIPS and new releases of openssl

Hello, In appendix B of the openssl FIPS security policy it is stated that the module must be built with a particular tar file (openssl-fips-1.1.2.tar.gz) and a hmac hash value for the tar file is specified. Furthermore it is stated that there shall be no additions, deletions, or alterations o

new releases

I've haven't looked at the OpenSSL web site and haven't read the mailing list for a while. what's the difference between openssl-0.9.6 and openssl-engine-0.9.6 distribution? Is there any ''what's new'' file to read for these new versions BEFORE downloading them? Thanks