So a friend ran into this lately;
libnss, at least on Linux, checks that the signing cert (chain) is valid
at the time of signature - as opposed to present time. (It may check
present time as well - not sure on that)
This makes for problems if you renew the cert, since the new cert will
have a c
On Wed, May 28, 2008 at 08:01:11PM +0200, Ger Hobbelt wrote:
> Anything (such as passwords) which has been used on an *actual*
> 'compromized box' (be it one of 'those Debian' releases or otherwise)
> to _generate_ keys plus any keys _produced_ on such a compromised box
> must be eradicated and are
On Thu, May 29, 2008 at 10:14:12AM -0400, Victor Duchovni wrote:
> And then knowing that attackers never choose these keys, users start
> using these keys because attakers avoid them, and then attackers start
> checking these first again, ... This way lies madness. Fix your premise
> and don't chan
On Wed, May 28, 2008 at 10:55:18PM -0700, David Schwartz wrote:
> Okay, I guess I give up. I now realize that I had no idea what
> you meant in your past few comments. What relevance do you think
> this notion of weak keys has to do with this issue, since you
> were the one who brought it up?
>
>
Hi all!
I've recently been put in charge of SSL, and I'm working my way through the
O'Reilly book.
However, I'm a bit stumped as to this problem.
I tried to upgrade our build system to use OpenSSL 0.9.8g, and thought I
succeeded.
However, the code is blowing up. The code is for caching sessi
So this is from 0.9.8g's pem.h:
#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
And so is this:
void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
pem_password_cb *cb, voi
On Wed, Jan 16, 2008 at 07:29:45PM -0500, Victor Duchovni wrote:
> No actual problem, in ANSI C pointers can be freely converted between
> (type *) and (void *) and back.
I'd call it an actual problem when a compilation of my C++ code bombs
out because the OpenSSL header files don't compile in my
On Thu, Jan 17, 2008 at 04:05:07PM -0600, [EMAIL PROTECTED] wrote:
> So I guess I'll define a similar acro in my code now, but it'd be nice
> if OpenSSL fixed it in the distribution so that I didn't have to work
> around it...
Ended up doing this:
#define READ_SSL_SESSION(fp,x,cb,u) (SSL_SESSIO
So I've got to interchange data with a Java-based environment. I
believe their choice of libraries is with Bouncy Castle, which IIUC
implements a newer version of PKCS#7 called CMS. We only have OpenSSL,
which uses PKCS#7 v1.5..
Does anyone have experience with these kinds of situations? It has
So we're testing out an upgrade from OpenSSL 0.9.7e to 0.9.8g,
and we're mostly using the SSL network connection functionality,
not the crypto lib.
I am supposed to help with a test plan to make sure our stuff works
properly, but I'm not sure what to test. I imagine that it has to be
backward com
10 matches
Mail list logo
