wrong).
Multiple threads could potentially be in one of the RSA_...en/decrypt()
routine at any point in time.
My question is: can the worker threads all use the RSA * created by the
master thread or do they need to have a private copy of it?
Any help greatly appreciated.
regards,
Tim Knigge
If you're in the USA, and plan to use RSA-patented algorithms for
anything other than nonprofit research, buy the cheapest 128-bit SSL
webserver you can, toss out the software, and keep the license. RSAref
is for research and nonprofit use only (I will happily forward you my
letter from them if y
Look back over the past few weeks; the reason that no one has responded
is (IMHO) they are all legalese'd out. RSA has done their dead-level
best to make the license issue as confusing as possible and has
apparently succeeded.
The ideal solution is to move to Canada...
--
"We all enter thi
September 2000, apparently.
--
"It is better to ask some of the questions
than to know all of the answers."
--James Thurber
__
OpenSSL Project http://www
> But, I'm having my usual
> nightmare ... so are there any Linux gurus other there willing to help
> get the damn thing installed? I'm trying to do RH 6.0,
OH GOD NO! NOT A .0 VERSION!
Perhaps you would like the 5.2 release better, seeing as to how it is
not RAGINGLY UNSTABLE... I am far from
Howard Uman wrote:
>
> I've been trying to set up "require" certificates for my web site. I added
> the CA Certificates to the conf/ssl.crt directory and the browsers offer
> more certificates than they did before I added the CA Certs. The problem is
> that once I submit the certificate the ser
> >
> > You'll have to patch ssh if you want to do that ... simple enough to do
> > by hand, but nonetheless one more irritating niggly. (patched for
> > glibc2.1 / RH6.0, that is)
> >
> > I would be happy to document the patch I used if enough people plan to
> > use RH6.0 + ssh.
> >
>
> I'll a
but neither has been fruitful yet. Any help will be much
appreciated (and ought to make it into mod_ssl 2.3.x with any luck).
Thanks in advance,
--tim
__
OpenSSL Project htt
Tim wrote:
>
> > When you really want to patch this into mod_ssl you can insert it into
> > ssl_hook_Auth() where similar things are already done for the faked Basic Auth
> > facility. OTOH you can also write a stand-alone mod_foobar.c which creates
> > such variable
MSIE4, on my coworker's machine, fails to use its imported client
certificate, though the import of both the client and CA certificates is
successful. This is sucky, and gives me
an error message of:
[21/May/1999 16:08:15] [error] OpenSSL: error:1408909F:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE
> You can use the RSAref library kit inside the US for non-commercial use, but
> good luck finding it, RSA pulled it off their website a few months ago.
look on replay.com, it's there (both versions).
--
"A computer system without Microsoft products is
like a dog without bricks ch
04 00 80 @...
0020 - 02 00 80 84 7f 3f 80 d3-f2 f9 c9 e4 18 85 0c a0 .?..
0030 - 9e 1e fb ...
SSL_connect:SSLv2 write client hello A
Any assistance will be greatly appreciated..
Tim B
04 00 80 @...
0020 - 02 00 80 84 7f 3f 80 d3-f2 f9 c9 e4 18 85 0c a0 .?..
0030 - 9e 1e fb ...
SSL_connect:SSLv2 write client hello A
Any assistance will be greatly appreciated..
Tim B
oot certificate by putting it in a disk file. It's embedded in the
application's executable, and I want to load it into OpenSSL from there, so
I don't want to use these functions anyway. But finding out how to do that
is the next problem, not the current one.
- you must follow the documented procedure.
Tim.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
native Name:
email:syst...@example.com
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha1WithRSAEncryption
-BEGIN CERTIFICATE-
End client cert ==========
Ma
n other aspects].
All the best,
Tim
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Bonjour :)
On 19/05/11 13:03, Erwann ABALEA wrote:
Bonjour,
Hodie XIV Kal. Iun. MMXI, Tim Watts scripsit:
I do apologise - it's a long post. I'm just not totally sure if I
have the correct attributes and extensions - and whether it meets
the requirements of a v3 SSL cert (I think it
On 19/05/11 14:48, Erwann ABALEA wrote:
Bonjour Tim,
Hodie XIV Kal. Iun. MMXI, Tim Watts scripsit:
Thanks for that. I'm not sure how to do random serials (I let
openssl manage those) but it interesting to know it makes a
difference.
This how I do this:
- in the setup phase, after h
On 19/05/11 16:09, Erwann ABALEA wrote:
Bonjour Tim,
Hi Erwann,
I presume there is a slight possibility of a serial number clash
with that? Not that it's a problem, but it would be wise to check
index.txt to see if the number has been used before?
Really, no. A counter is encrypted
queness
within a second may be used.
Ah yes - that would guarantee a non repeating unpredictable sequence.
I was confuse initially as I did not realise the serial number could be
so big (16 bytes was it?).
Cheers
Tim
___
On 19/05/11 17:38, Erwann ABALEA wrote:
Hodie XIV Kal. Iun. MMXI, Tim Watts scripsit:
On 19/05/11 16:46, Peter Sylvester wrote:
another approach is to take the value of 'time' (the current second)
and append to it the current process number, and, in case of
several machines, s
On 19/05/11 10:44, Tim Watts wrote:
Hi folks,
I'm setting up a new CA/SSL infrastructure for work - the CA is self
signed and all SSL certs (mostly server certs rather than client certs)
will be signed off against this CA.
Thanks for all your help - I've managed something that in
ng ARM.
Unless your embedded device is powerful enough to run the ARM compiled
version of perl (or microperl) in which case just use your script.
Cheers,
Tim
--
Tim Watts
Personal Blog: http://www.dionic.net/tim/
__
OpenSSL P
On 30/06/11 10:53, ty hawk wrote:
Hi Tim
I have compile completely openssl on windows, found it used aes-586.pl
<http://aes-586.pl> and it had been converted aes-586.asm in compiler
process
Now I need use it device, so I used aes-armv4.pl <http://aes-armv4.pl>
replace for aes-586.pl
l variables) by correct ARM register names.
Best regards
Andreas Müller
ah-ha - all becomes clear now...
--
Tim Watts
Personal Blog: http://www.dionic.net/tim/
__
OpenSSL Project http://www.o
);
X509_NAME_get_text_by_NID(
subjectName, NID_commonName, subjectCn, sizeof(subjectCn));
Also look at X509_NAME_oneline() and X509_NAME_print_ex() which may be closer to
what you are looking for depending on your context.
apps/apps.c print_name is an example usage.
Tim.
PGP.sig
Description
for the 'bn' part of the build may be a workaround if you are
unable to move forward to 0.9.8k.
Tim.
PGP.sig
Description: PGP signature
en( filename, "rb" );
if ( file != 0 )
{
PKCS12 *pkcs12 = d2i_PKCS12_fp( file, 0 ); // from the O'Reilly book
What's wrong with that please? And what documentation should I have found,
and where, that would have helped me get
to understand the stuff in the FAQ about
applink.c ... what have I missed?
Tim Ward - Brett Ward Limited - 07801 703 600
www.brettward.co.uk
- Original Message -
From: "Tim Ward"
To:
Sent: Monday, November 16, 2009 3:25 PM
Subject: Getting started - d2i_PKCS12_fp
My first
ance of working?
And if you're right that Windows builds ignore the applink stuff that was
explicitly added for Windows builds ... I can ignore applink, not include
it, and also not call the CRYPT malloc thing?
Thanks again!
Tim Ward - Brett Ward Limited - 07801 703 600
www.brettward.co.uk
What did I get wrong in the above chain of logic, and what should I have
done instead, and how should I have known to do something else instead?
(I do, by the way, see a couple of other people have had problems with
OpenSSL and the
From: "Tim Ward"
Trying to follow that through the sources myself it doesn't make any sense
to me - the BIO_s_file I've found, in bss_file.c, simply returns a
pointer, it doesn't make any call to setmode or anything else. OK ...
looking at the disassembly that&#x
From: "Tim Ward"
For debug, you need to generate and use a different .mak file;
where you see the lines in do_{ms,masm,nasm}.bat that say
perl util\mk1mf.pl (options) VC-WIN32 >makefile
either add lines with 'debug' added to the options part
and different mak
e chain were on disk in a .pem file, but
it isn't - it's in memory in a STACK_OF(X509).
How do I get the server end of an SSL connection to use the certificate
chain parsed out of a PKCS#12 file using PKCS12_parse? Or have I completely
misunderstood how to use OpenSSL to get the certifi
Now solved. You iterate round the STACK_OF(X509) and add them one at a time
with
SSL_CTX_add_extra_chain_cert
Tim Ward - Brett Ward Limited - 07801 703 600
www.brettward.co.uk
- Original Message -
From: "Tim Ward"
To:
Sent: Monday, November 23, 2009 11:11
bject" system - I've sort-of picked up that
if you XXX_new() something you maybe ought to XXX_free() it sometime later,
and there's some sort of use counting going on, but I've not found any
documentation for any of this yet.
Tim Ward - Brett Ward Limited - 07801 703 600
w
l break when the next
version does something different, which is not the case if you're writing to
a published and documented API as you won't be accidentally relying on
non-guaranteed implementation details.
Tim Ward - Brett Ward Lim
S
records talking to each other by explicitly configured IP address the DNS
lookup took minutes to time out before Java would deign to get on with doing
what it was told. With no way of switching this nonsense off. Hence I used a
C++ DLL to do the crypto stuff.
Tim W
utton on a Word toolbar, as that is clearly
the most friendly way to provide the feature to users (or, better, have it
run automatically on document close). You certainly aren't going to want a
document author to have to type command lines!!!
Tim Ward
Brett Ward Limited - www.brettward.co.uk
malloc wrapper functions, valgrind and purify.
Thanks,
Tim.
PGP.sig
Description: PGP signature
27;ve forwarded your email (SteveH) noting that you are reverting that change.
Thanks,
Tim.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openss
gnature" is a rather accurate and precise error return - you were
presenting a signature for different data (a digest) for verification against
the request.
Tim.
PGP.sig
Description: PGP signature
Let's pretend for a moment that an out of the box application uses openssl to
provide access not through a browser, but rather through a SOAP client like
Eclipse.
And let's also say that you have no access to the code internal to that
application.
Is there any other way to limit the ciphers? So
having a background as a SQL DBA, I
have no idea how to do that.
Is there an easy answer? The server will be running Windows 2003 32-Bit, and I
just want to compile it with only the FIPS compliant strong ciphers.
Any help is greatly appreciated.
Thanks.
-Tim Cloud
policy document which is what was
done when the cross compilation support for the FIPS140 build was added in
November 2009. When working with a FIPS140 validated cryptographic module you
have to check the status on the NIST website to have c
ell)
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jakob Bohm
Sent: Monday, August 16, 2010 4:18 AM
To: openssl-users@openssl.org
Subject: Re: Cipher selection
On 12-08-2010 18:03, Tim Cloud wrote:
> Q: I am a bit confuse
seem to be on a sparc box:
./Configure solaris64-sparcv9-gcc
or
./Configure solaris64-sparcv9-cc
(depending on if you are using GCC or the Sun compiler)
Look at the various targets available in the Configure script for more
information.
Then the usual
make clean all
Tim.
;
--debug 10 --x509cafile /etc/ssl/certs/Thawte_Premium_Server_CA.pem
strategic.wiki.csupomona.edu -p 443
This fails. You need to correct your server configuration so that it correctly
sends out the chain.
Tim.
__
Op
ation is standard in SLES 10, I have no idea
--installing to /usr/local/ssl causes the same problem), but I can't seem
to track down what the problem is.
Any help is appreciated, even if its just a link to a guide that I can
follow.
Th
To my knowledge, NO.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phibo
Sent: Monday, July 28, 2008 2:16 PM
To: openssl-users@openssl.org
Subject: SSL certificate signing request
Hi
Is it possible for a certificate authority (CA) signing my SSL
certi
The only way (other than brute force or perhaps some highly-classified,
non public attack on the RSA algorithm) for a man-in-the-middle to
compromise an SSL session without notifying the client is for the MITM
to either:
Have the private key of one of the two parties.
Be considered a trusted CA by
e the error code.
If your openssl is compiled without OPENSSL_NO_ERR then it would also have
reported the file name and line number where the error occurred which also helps
for tracking down issues (i.e. build without using "no-err" as an option)
Tim.
PGP.sig
Description: PGP signature
oks' (aka callbacks) which are invoked from the OpenSSL code.
apps/s_cb.c has examples - and see their usage via
SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback) and
SSL_set_msg_callback(con, msg_cb) in s_client and s_server.
Tim.
PGP.sig
Description: PGP signature
algorithms with
OpenSSL_add_all_algorithms(). See the manual page for more information. This can
cause several problems such as being unable to read in an encrypted PEM file,
unable to decrypt a PKCS#12 file or signature failure when verifying certificates.
Tim.
PGP.sig
Description: PGP signature
ll at least tell you what
algorithms are used by the server certificate.
Are you sure you are actaully calling OpenSSL_add_all_algorithms() or the older
varients of it?
Tim.
PGP.sig
Description: PGP signature
to confirm the
official release packages.
Tim.
---8<---
wget http://www.openssl.org/source/openssl-0.9.8h.tar.gz.asc
[EMAIL PROTECTED] ~> telnet www.openssl.org http
Trying 195.30.6.166...
Connected to master.openssl.org.
Escape character is '^]'.
GET /source/openssl-
the connection then add
in the -cert arg too.
Tim.
PGP.sig
Description: PGP signature
ebug and step through the routines to see what is happening.
When you do that you should see that you simply need to remove the 'x' in
'x' and things work nicely as 'x' is not a valid character for a hexadecimal
string.
Tim.
PGP.sig
Description: PGP signature
ect (valid) manner.
Tim.
PGP.sig
Description: PGP signature
joshi chandran wrote:
Can u please tell me what FIPS_set_mode() returns
when i am using it will the FIPS_set_mode(1), returns 1 and
also when using FIPS_set_mode(1), returns 1
FIPS_mode_set() returns 1 on success and 0 on failure.
FIPS_mode() returns the current mode.
Tim.
PGP.sig
ter option. Look at the settings for CC in the top-level Makefile
and that is the value to use for FIPSLD_CC
Tim.
PGP.sig
Description: PGP signature
nssl.org/Ticket/Display.html?id=1642&user=guest&pass=guest which is
a patch I posted to the list back in Feb when looking through purify issues.
I'm working on a linux-x86 setup (not solaris-sparc) but most of the issues are
platform independent.
Tim.
PGP.sig
Description: PGP signature
Raymond Zhou wrote:
Hi there,
I was trying to load a function from openSSL libeay32.dll using
LoadLibrary and GetProcAddress, the function is the following:
BIO* BIO_new_fp(File*, int).
You'll need to at least change File* to FILE * - C is case sensitive.
05 Sep 2006
TLSv1 part of OpenSSL 0.9.8c 05 Sep 2006
DTLSv1 part of OpenSSL 0.9.8c 05 Sep 2006
If you have code:
Look in crypto/opensslv.h (or whereever you place placed the include file during
installation) and see OPENSSL_VERSION_NUMBER
grep OPENSSL_VERSION_ /usr/include/openssl/opensslv.h
T
e why this is happening, and what I can do about it?
Thanks,
Tim
p.s. I build OpenSSL as follows:
cd /test_ssl.src/openssl-0.9.8b
./Configure linux-ppc shared --prefix=/test_ssl.src
--openssldir=/test_ssl.src/openssl-0.9.8b
I then edit /test_ssl.src/openssl-0.9.8b/Makefile and set:
the right one to be using absent a specific
reason to pick an earlier release. If you select anything other than the current
release then you need to confirm the application of all relevant security
patches to the release you sel
can be viewe, but fails upon
verificatio, as mentioned.
Has anybody any idea what I'm doing wrong?
King regards
Tim
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
ficatio, as mentioned.
Has anybody any idea what I'm doing wrong?
King regards
Tim
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl
if (buf_in) free(buf_in);
if (buf_out) free(buf_out);
if (req) X509_REQ_free(req);
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
if (bio_err) {
CRYPTO_mem_leaks(bio_err);
}
if (bio
Hi Steve
Thanks a lot for your reply.
Just another quick question. Do you know by chance an openssl function
that would convert the raw sha1 into a digestinfo structure?
Kind regards
Tim
On 03/15/2013 02:36 PM, Dr. Stephen Henson wrote:
On Fri, Mar 15, 2013, Tim Tassonis wrote:
Hi
I
X509_SIG;
EVP_DigestFinal(&ctx,buf,&buf_len);
gives me a character buffer buf, containing the digest, but I seem to
have to encode this to ASN1_OCTET_STRING.
Can anybody quickly tell me the required functions or point me to an
example of how to do this?
Kind regards
Tim
On 03/15/2013
Hi Stephen
Thanks a lot, that did the trick, the verify now returns ok.
Kind regards
Tim
On 03/18/2013 02:26 PM, Dr. Stephen Henson wrote:
On Mon, Mar 18, 2013, Tim Tassonis wrote:
Hi Erwann
What you have to do it hash your data, prepare an X509_SIG object, set
its "algor&quo
d not work correctly on a RedHat 6.x system?
For the record the customer has tried with OpenSSL 1.1.1g and 1.1.1k with
similar results.
Many thanks,
Tim
Hi Tom,
So from what you say, you can run an OpenSSL built on RedHat 6.6 on a
RedHat 6.6 server.
But you cannot run that build on RedHat 6.5?
Thanks,
Tim
-Original Message-
From: Floodeenjr, Thomas
Sent: Thursday 8 July 2021 18:02
To: Tim Culhane ; openssl-users@openssl.org
Subject
Hi Victor,
We used to ship OpenSSL with our product but decided to decouple OpenSSL so
that customers had the flexibility to run with whatever versionof OpenSSL
and could upgrade OpenSSL when they needed to rather than waiting for an
update from us containing a new OpenSSL implementation.
Tim
edHat version.
I need to find that out first.
Tim
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: Thursday 8 July 2021 22:04
To: openssl-users@openssl.org
Subject: Re: installing OpenSSL 1.1.1 on RedHat 6.x
On Thu, Jul 08, 2021 at 09:58:15PM +0100, Tim Culhane
(iv)
cipher.key=(key)
output = cipher.update(content)
output << cipher.final
output
end
encrypt 'test'
encrypt 'test'
root@puppet ~ #
The complete original code:
https://github.com/binford2k/binford2k-node_encrypt/blob/main/lib/puppet_x/binford2k/node_encrypt.rb#L11-L55
My WIP patch:
https://github.com/binford2k/binford2k-node_encrypt/compare/main...bastelfreak:binford2k-node_encrypt:49675?expand=1
Cheers, Tim
OpenPGP_signature
Description: OpenPGP digital signature
Hello,
I was following a HOWTO document:
http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3
In the last step, I should have a control panel application (ISPConfig 3)
launching when accessed with https://www.example.com:8080 but instead, I get a
connectio
a freezing river or something like that.
Well, hopefully that was the problem. I can't change the router settings until
late tonight.
Tim Legg
- Original Message -
From: Tim Legg
Sent: 10/10/13 05:24 PM
To: openssl-users@openssl.org
Subject: Broken implementation of OpenSSL
Hello, I
nge to use the SSL_get_ssl_method function.
This line:
if (ssl3_write_bytes(v_ssl, TLS1_RT_HEARTBEAT, buf,
3 + payload + padding) >= 0)
Simply becomes:
if (SSL_get_ssl_method(v_ssl)->ssl_write_bytes(v_ssl,
TLS1_RT_HEARTBEAT, buf,
3 + payload + padding) >= 0)
Tim.
block the
response to heartbeat in application code if your library hasn't been
patched.
However the right solution is to fix the library via either of the
methods mentioned in the advisory at
https://www.openssl.org/news/secadv_20140407.txt
Tim.
_
ug it into your application.
Tim.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
thing to consider is if you (or anyone else) is able to provide
permanent (or semi-permanent) access (via ssh) to a z/OS platform with
USS installed that places the user into a standard shell environment
with the compilers accessible.
Tha
TianoCore project is
interested in engaging on working through this issue then they should
open an RT item so it can be tracked.
Tim.
__
OpenSSL Project http://www.openssl.org
User Support Ma
e issue)
ifconfig eth0 | grep HWaddr| awk '{print $NF}'| sed -e 's/://g'; echo
"00" > path-to-ca-serial-file
Tim.
cally notes
when there is additional information available beyond the advisory
details for a given issue.
If there are other useful references to this item or to other items in
the security vulnerability announcement then updating the wiki to note
them there would be helpful.
Thanks,
Tim.
On 6/06/2
t is
about checking *all *the components are correct. It isn't about doing
anything other than that and without n,e,d *and p and q* there isn't
much it is meant to do. Why are you missing p and q in your particular
context?
Thanks,
Tim.
echanism would be needed. Just
performing the check would be a simpler solution I think ...
Thanks,
Tim.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On 31/08/2014 3:02 PM, Lewis G Rosenthal wrote:
> Rich, what needs to be done to see that OS/2 does not get removed from HEAD?
Can someone provide an OS/2 build environment for team members?
Thanks,
Tim.
__
OpenSSL Proj
ink you'll find increasing
the awareness of the team about what our users are doing is the more
important of the two objectives in seeking feedback.
Tim.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
an implementation which uses OpenSSL as a
> backend. I tried finding it for you, but my connection (mobile, on
> train) is so bad that I couldn't be bothered to keep trying.
http://www.mail-archive.com/openssl-dev@openssl.org/msg28042.html
Tim.
_
y thanks for any clarification you can provide.
Tim
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
maybe it's just a
matter of changing the prompt (I'm happy to submit a PR for such a minor
change).
Thanks,
Tim
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
or packet dissections
showing the exact behavior I'm seeing, if that would be
helpful or interesting.
Any further troubleshooting options would be welcome.
--
Tim Kirby
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
BIOs?
Thanks.
--
Tim Kirby
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I just posted a message which i have copied below to a python forum. It
might be better asked here. The coles notes version of my question is this:
I have received an encrypted data file (mydata.encrypted) and a key (plain
text for now) and the following command to decrypt it:
openssl enc -d -a
Good fine Marian. Thx for all your help.
On Mon, Mar 25, 2019 at 9:24 AM Marian Beermann wrote:
> As it just so happens here is a gist implementing EVP_BytesToKey in Python:
> https://gist.github.com/tly1980/b6c2cc10bb35cb4446fb6ccf5ee5efbc
>
> -Marian
>
> Am 25.03.19 um
t test.cert
My application is written in Perl and I'm using open2(...) to execute
the "openssl verify ..." command. Is there a CPAN module that will give
more direct access to the openssl libraries for this task?
Thanks,
Tim
If all you are going to do to test the accelerator/server combination is
fetch some static content, then your job is fairly easy:
Load-test the server using HTTP connections fetching the static content,
until you either reach a server bottleneck (CPU/Memory/IO) or achieve your
max number of conne
1 - 100 of 237 matches
Mail list logo
