Re: 0.9.7c Vulnerability??

2003-12-30 Thread Fred Merritt
Michael, Andrew, Fred, and Mark, first of all, thank you for your rapid response to my append to this list. All your comments were constructive, and helpful. Do I have any reason to think that this is an OpenSSL bug? No - I have my doubts. If

Re: 0.9.7c Vulnerability??

2003-12-30 Thread Rabellino Sergio
Fred Merritt wrote: Michael, Andrew, Fred, and Mark, first of all, thank you for your rapid response to my append to this list. All your comments were constructive, and helpful. Do I have any reason to think that this is an OpenSSL bug? No - I

Re: problem to decrypt S/MIME with latin characters in subjectName entries

2003-12-30 Thread Peter Sylvester
> > But OpenSSL doesn't see it as PrintableStrings but as V_ASN1_T61STRING. > And that's what make the decryption fail. I think I really misunderstand you > because what I observe is the opposite of what you're explaining. In latin there were no accents as fae as I remember :-) Anyway: Althou

Re: 0.9.7c Vulnerability??

2003-12-30 Thread Andrew Mann
If possible, put a system capable of logging all traffic in a position to record everything going to that system (and everything coming out if that's not too much data). A hub (not a switch), or a switch that be configured to echo all traffic out to a specific port will do. The recording sys

Validate PDF signature with OpenSSL

2003-12-30 Thread Luis Pascual Forner
Hi, I'm trying to validate the signature of a PDF document using OpenSSL. I have used the following documentation of Adobe: http://partners.adobe.com/asn/tech/pdf/specifications.jsp The procedure that I have followed has been the following one: 1. Obtain the certificate form fiel

Re: "expired" CRL

2003-12-30 Thread Charles Cranston
Well, make that hard choice: do you want to have your software fail when an up-to-date CRL is not available, or do you want to make your software susceptible to a denial-of-service attack on the CRL distro process? Same question if your OCSP request fails without prejudice. If you go ahead and tru

Re: "expired" CRL

2003-12-30 Thread Rich Salz
> Well, make that hard choice: do you want to have your software fail > when an up-to-date CRL is not available, or do you want to make your > software susceptible to a denial-of-service attack on the CRL distro > process? Exactly. Security is all about risk management. Which is more likely to h

Occasional ssl23_read() failure

2003-12-30 Thread Michael Lee
I tried to run s_server (version 0.9.6l) with the following options: openssl s_server -accept 443 -cert cert.pem -key key.pem -www I use IE6.0 (with default settings) to connect to this server. It works fine except when I press and *hold down* the F5 key (the shortcut key for refreshing the