Bonjour,
SHALL is not equivalent to a SHOULD, but to a MUST. See RFC2119.
Cordialement,
Erwann Abalea
Le 12 sept. 2017 à 02:46, Winter Mute
<zshr...@gmail.com<mailto:zshr...@gmail.com>> a écrit :
Hello,
The RFC<https://tools.ietf.org/html/rfc6960#section-4.2.2.2> states
one the following
conditions is true:
- they’re defined in a module declared with « EXTENSIBILITY IMPLIED »
- they both include the extensibility marker (i.e. they’re slightly modified)
If you plan to use BER, CER or DER (and only these), then the parser MUST
ignore the extensibility markers (present or not), and work as if they’re
present. But that won’t change the ASN.1 definition, only the decoder behaviour.
Cordialement,
Erwann Abalea
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
eral in what you accept, when dealing with crypto, gives you stuff
like this: https://www.mozilla.org/en-US/security/advisories/mfsa2014-73/
Cordialement,
Erwann Abalea
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
eral in what you accept, when dealing with crypto, gives you stuff
like this: https://www.mozilla.org/en-US/security/advisories/mfsa2014-73/
Cordialement,
Erwann Abalea
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4301
Please log in as guest with password guest if prompted
--
and bit 8 of
the second octet are all zero. This is invalid.
There is no additional rule for DER on INTEGERs.
Cordialement,
Erwann Abalea
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
eters-4>
and there’s no standardized *SHA512 cipher suite, as you can see.
Cordialement,
Erwann Abalea
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
be to fork the branch into a new
repository on github and work there. We will not be checking anything into
the official stable branch.
Cordialement,
Erwann Abalea
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo
You’re looking for ENGINE objects.
There’s maybe already an ENGINE directly supporting your hardware module.
If your hardware thing has a PKCS#11 library, a PKCS#11 ENGINE exists.
Cordialement,
Erwann Abalea
Le 20 juil. 2015 à 17:14, Alexander Gostrer agost...@gmail.com a écrit :
Hi All
Bonjour,
Le 30 mai 2015 à 09:48, John Lofgren via RT r...@openssl.org a écrit :
I believe I have pinpointed a typo-error that may be the cause of one or
two other outstanding bugs related to certificate chain validation. This
bug only occurs in a chain of certs at least 3 deep when the
Bonjour,
Le 30 mai 2015 à 09:48, John Lofgren via RT r...@openssl.org a écrit :
I believe I have pinpointed a typo-error that may be the cause of one or
two other outstanding bugs related to certificate chain validation. This
bug only occurs in a chain of certs at least 3 deep when the
not identify a signature algorithm (it's the OID { itu-t
recommendation }).
The decoding step of the 0600 hex sequence correctly produces a BAD
OBJECT, since it's an invalid encoding of an OID.
So having an error when decoding such a CSR is a correct behaviour and
should be expected.
--
Erwann
Bonjour,
Probably an openssl-users question.
Use openssl x509 -text -in localhost-server.crt -nameopt
oneline,utf8,-esc_msb
Your terminal must be able to display UTF8 sequences.
I sometimes add the show_type nameopt option, to check things.
--
Erwann ABALEA
Le 02/03/2015 06:58, Ikonta
It seems all the tarballs have disappeared.
--
Erwann ABALEA
Le 02/03/2015 18:06, Alex Sklyar via RT a écrit :
Hello guys. There is a issue with openssl pod installing with cocoapods tool.
The URL «https://www.openssl.org/source/openssl-1.0.2.tar.gz» is dead
Le 17/12/2014 17:34, Salz, Rich a écrit :
#define PEM_STRING_X509_PAIRCERTIFICATE PAIR
(note, this is supposed to encapsulate a CertificatePair structure
from X.509)
This is not used anywhere in openssl. I just removed it and did a build :)
The fact that the fields are named forward
() job
will render this request invalid if is contains a + (it can happen in
a Base64 encoded string).
--
Erwann ABALEA
Le 26/09/2014 04:56, Salz, Rich a écrit :
I don't see where the OCSP request is de-base64-ified, and URL-decoded.
In both cases, d2i_OCSP_REQUEST_bio is called to get the request
isn't important
for the comparison/match.
openssl crl should print a leading 00 to avoid confusion, but it's
not really important.
--
Erwann ABALEA
__
OpenSSL Project http://www.openssl.org
Le 11/09/2014 19:45, Salz, Rich a écrit :
The attached diff adds GET support to ocsp. I'd appreciate any feedback.
I don't see where the OCSP request is de-base64-ified, and URL-decoded.
In both cases, d2i_OCSP_REQUEST_bio is called to get the request, but
it's done directly on the HTTP
(trying a resend, my email address has changed)
Le 11/09/2014 19:45, Salz, Rich a écrit :
The attached diff adds GET support to ocsp. I'd appreciate any feedback.
I don't see where the OCSP request is de-base64-ified, and URL-decoded.
In both cases, d2i_OCSP_REQUEST_bio is called to get
Bonjour,
SHA3 is not standardized yet. Keccak has been chosen in the end, but its
parameters are still debated.
I'm pretty sure that once those parameters are fixed in stone, there
will be an implementation in OpenSSL.
--
Erwann ABALEA
Le 12/02/2014 11:29, Francis GASCHET a écrit
think you could define your own with TLS1.0).
--
Erwann ABALEA
Le 23/04/2013 08:29, Venkataragavan Narayanaswamy a écrit :
Hi,
We are currently analyzing and understanding the security strength of
the openSSL internal implementation to certify the products.
In version 0.9.8d, TLSv1.0 alone
on collision of both MD5 and SHA1 at the same time.
--
Erwann ABALEA
Le 23/04/2013 14:28, David Jacobson a écrit :
Careful about this. The technically correct answer is misleading.
Yes, MD5 is used in the PRF, but it is XORed with SHA1. So you get at
least the strength of stronger of the two
The countryName field is a PrintableString, that's mandatory (see X.520).
It also MUST be 2 characters long, but that's not enforced by OpenSSL.
--
Erwann ABALEA
Le 28/03/2013 14:33, Joseba Gil Irisarri via RT a écrit :
Hello,
I´m using OpenSSL 1.0.1c as a CA to sign a corporate certificate
The countryName field is a PrintableString, that's mandatory (see X.520).
It also MUST be 2 characters long, but that's not enforced by OpenSSL.
--
Erwann ABALEA
Le 28/03/2013 14:33, Joseba Gil Irisarri via RT a écrit :
Hello,
I´m using OpenSSL 1.0.1c as a CA to sign a corporate certificate
Le 15/03/2013 11:34, Huzaifa Sidhpurwala a écrit :
On Fri, Mar 15, 2013 at 3:39 PM, Erwann Abalea
erwann.aba...@keynectis.com wrote:
Bonjour,
In my understanding, after a fast read of RFC5246, this won't work.
If RC4 is finally considered weak (at last), just don't use it anymore. Do
you use
IMHO, it's more OpenSSL users' job (programs and libraries), not
directly OpenSSL.
--
Erwann ABALEA
Le 01/03/2013 16:08, russell.aspinw...@bcs.org.uk via RT a écrit :
Hi,
Would you consider adding support for RFC6698 Domain Authentication of
Named Entities (DANE) Transport Layer Association
IMHO, it's more OpenSSL users' job (programs and libraries), not
directly OpenSSL.
--
Erwann ABALEA
Le 01/03/2013 16:08, russell.aspinw...@bcs.org.uk via RT a écrit :
Hi,
Would you consider adding support for RFC6698 Domain Authentication of
Named Entities (DANE) Transport Layer
constructed.
--
Erwann ABALEA
-
yachtitropicomythivorotrièdre: triangle des Bermudes
Le 13/09/2012 09:15, David Shambroom via RT a écrit :
Using:
Windows 7 Professional SP1
openssl-1.0.0g
Build:
perl Configure debug-VC-WIN64A no-asm --prefix=c:\openssl
ms\do_win64a
nmake -f ms\nt.mak
source file
.
--
Erwann ABALEA
-
yachtitropicomythivorotrièdre: triangle des Bermudes
Le 13/09/2012 09:15, David Shambroom via RT a écrit :
Using:
Windows 7 Professional SP1
openssl-1.0.0g
Build:
perl Configure debug-VC-WIN64A no-asm --prefix=c:\openssl
ms\do_win64a
nmake -f ms\nt.mak
source
Le 12/07/2012 15:36, David Woodhouse a écrit :
I have encountered a server which presents an invalid set of
certificates in its TLS handshake.
This is common. Really common.
It's presenting four certificates, where the second cert is *not* the
issuer of the first cert in the list. The chain
Same here.
Also with
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf and
http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf are OK.
--
Erwann ABALEA
-
nocticonsiliophorisme
/fips/fips180-2/fips180-2withchangenotice.pdf
--
Erwann ABALEA
-
atripodanatoclaste: qui ne casse pas trois pattes à un canard
__
OpenSSL Project http://www.openssl.org
Development Mailing List
is
needed?
--
Erwann ABALEA
-
transrhinoscopie: capacité de voir plus loin que son nez
Le 14/06/2012 16:56, Yusheng Yang via RT a écrit :
[...]
This test attempts to sign, encode, decode, and verify messages using
the PKCS7 API. The messages are single integers. Every integer works
as expected
is
needed?
--
Erwann ABALEA
-
transrhinoscopie: capacité de voir plus loin que son nez
Le 14/06/2012 16:56, Yusheng Yang via RT a écrit :
[...]
This test attempts to sign, encode, decode, and verify messages using
the PKCS7 API. The messages are single integers. Every integer works
, APPLICATION_VERIFICATION_FAILURE doesn't
tell you much).
--
Erwann ABALEA
-
Un forum peut répondre à plusieurs besoins à la fois
Ici, le groupe des débutants dépasse en nombre le groupe des utilisateur
middle-class ce qui provoque inévitablement des tensions.
-+- EF - Guide du Neuneu d'Usenet - La lutte
that what you spotted is not a bug in OpenSSL but an incomprehension on
your side.
Cordialement.
--
Erwann ABALEA
-
Ce ne sont que des propositions. Je ne veux pas les faire passer en
force. Je pense que si mes idées doivent être reprises, elles ne
doivent pas passer au vote, pour plusieurs
you spotted is not a bug in OpenSSL but an incomprehension on
your side.
Cordialement.
--
Erwann ABALEA
-
Ce ne sont que des propositions. Je ne veux pas les faire passer en
force. Je pense que si mes idées doivent être reprises, elles ne
doivent pas passer au vote, pour plusieurs raison
another reason.
--
Erwann ABALEA
-
podoclaste: casse-pieds
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
another reason.
--
Erwann ABALEA
-
podoclaste: casse-pieds
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
.
On Mon, Apr 2, 2012 at 3:52 PM, Erwann Abalea via RTr...@openssl.org wrote:
Bonjour,
Le 02/04/2012 13:21, Tamir Khason via RT a écrit :
There is a bug in ASN.1 DER serializer used to generate RSA private
keys. It trims trailing zeros despite the DER specification. Please
see the full info
.
On Mon, Apr 2, 2012 at 3:52 PM, Erwann Abalea via RTr...@openssl.org wrote:
Bonjour,
Le 02/04/2012 13:21, Tamir Khason via RT a écrit :
There is a bug in ASN.1 DER serializer used to generate RSA private
keys. It trims trailing zeros despite the DER specification. Please
see the full info
/languages/X.690-0207.pdf).
This is why i think there is a bug in ASN.1 encoding of the
certificate
--
Erwann ABALEA
-
nosovermiculotracter: interroger
__
OpenSSL Project http://www.openssl.org
/com17/languages/X.690-0207.pdf).
This is why i think there is a bug in ASN.1 encoding of the
certificate
--
Erwann ABALEA
-
nosovermiculotracter: interroger
__
OpenSSL Project http
, should be encoded
according ANS1 DER encoding, which means should be have either length
octets or end-of-contents octets
On Mon, Apr 2, 2012 at 6:56 PM, Erwann Abalea via RTr...@openssl.org wrote:
Tamir,
What are you talking about?
DER encoding doesn't say anything about how the length of RSA key
, should be encoded
according ANS1 DER encoding, which means should be have either length
octets or end-of-contents octets
On Mon, Apr 2, 2012 at 6:56 PM, Erwann Abalea via RTr...@openssl.org wrote:
Tamir,
What are you talking about?
DER encoding doesn't say anything about how the length of RSA
of
a mail.
--
Erwann ABALEA
-
BC Merci à tous de me plnnKER que j'ai plus à vous supporter!
VR Du coup, je l'ai déplonké, pour voir.
Tiens, moi il est passé de -1000 à -100...
-+- ED in GNU : La constante de plonk en solde à -100
of
a mail.
--
Erwann ABALEA
-
BC Merci à tous de me plnnKER que j'ai plus à vous supporter!
VR Du coup, je l'ai déplonké, pour voir.
Tiens, moi il est passé de -1000 à -100...
-+- ED in GNU : La constante de plonk en solde à -100
. That *is* legal.
No, you were (partly) right. This is legal BER, not DER.
--
Erwann ABALEA
-
parturiophone: enceinte acoustique
__
OpenSSL Project http://www.openssl.org
Development Mailing List
. That *is* legal.
No, you were (partly) right. This is legal BER, not DER.
--
Erwann ABALEA
-
parturiophone: enceinte acoustique
__
OpenSSL Project http://www.openssl.org
Development Mailing
Hodie III Id. Sep. MMXI, Peter Sylvester scripsit:
On 09/11/2011 12:12 AM, Erwann ABALEA wrote:
Hodie IV Id. Sep. MMXI, Maarten Billemont via RT scripsit:
According to rfc1779, the key STREET in the subject name should be
capitalized.
obj_dat.h specifies it as a lower-cased
in one aspect: the following names are
not considered equal:
CN=James Bond, O=MI6, C=UK
CN=James \ Bond, O=MI6, C=UK
CN=\ \ jAmeS bonD, O=MI6, C=UK
these examples are equal, following X.520 rules.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
, and 128bits ciphers.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Bonjour,
Given a certificate with an authorityKeyIdentifier extension
containing the issuerName and serial fields, with a negative serial
number, displaying this certificate (openssl x509 -text -noout ...)
doesn't tell that the serial number is negative, and prints its
absolute value.
--
Erwann
that pushes programmers to allocate fixed
size fields in databases, and consider a certificate's serial number
to always fit the size. This is also bad in practice.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
.
[...]
Kyle Hamilton wrote:
I was asked this morning where to find the X.509 specification,
since http://itu.int/ is such a messy website.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
11-13 rue René Jacques - 92131 Issy les Moulineaux Cedex - France
Tél.: +33 1 55 64 22 07
.509 specification,
since http://itu.int/ is such a messy website.
It's sad the 2008 version is only available for a fee.
I always thought the free 2005 version (and corresponding X.5xx
standards covering other important aspects) was a good thing to help
development.
--
Erwann ABALEA erwann.aba
of OpenSSL...
*sigh*
Sorry for this. These are security measures, as volcano ashes are very
abrasive for engines.
If you're in Paris, I'd be glad to offer you a beer or two, just
contact me off-list.
--
Erwann ABALEA erwann.aba...@keynectis.com
-
It takes 43 muscles to frown and 17 to smile
Hodie VII Id. Mar. MMX, Dr. Stephen Henson scripsit:
On Tue, Mar 09, 2010, Erwann ABALEA wrote:
I can't verify ecdsa-with-SHA256 certificates, the ones transmitted a
few days ago (German passports), with the same error
(d2i_ECPKParameters function).
The verification of the root
.
--
Erwann ABALEA erwann.aba...@keynectis.com
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
SIb3DQEJFQQeBBwxLjIuMjc2LjAuODAuMS4xMi4wLjIwLjUuMS4wMCsGA1UdEAQk
MCKADzIwMDkwNDMwMTM0NzMyWoEPMjAwOTA4MzAxMjMwNTBaMAwGCCqGSM49BAMC
BQADSAAwRQIgQYfwgQkqtEPTFWz+/vKQqH7ixuz/dqYbgkhxeisdcvQCIQCN5kAI
7TDnyDJpmli7Ci6cjOIZxNHLFUlV3fGX5JzaJg==
-END CERTIFICATE-
--
Erwann ABALEA erwann.aba...@keynectis.com
can provide certificates if necessary (those are passport
certificates from different countries)
--
Erwann ABALEA erwann.aba...@keynectis.com
-
All men can fly, but sadly, only in one direction -- down
__
OpenSSL Project
coccinelle means, in french).
--
Erwann ABALEA erwann.aba...@keynectis.com
-
OK to continue? Yes No Maybe
__
OpenSSL Project http://www.openssl.org
Development Mailing List
should it be refused by OpenSSL?
--
Erwann ABALEA erwann.aba...@keynectis.com
-
I t±ld yo±, Never±touch ±he flop±y disk s±rface!
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Hodie IV Non. Mar. MMIX, Oliver Martin scripsit:
Am Wed, 4 Mar 2009 11:19:09 +0100 schrieb Erwann ABALEA:
RFC5280 is a *profile* of X.509, i.e. a subset; it cannot replace
X.509.
Non Zulu times, minute accuracy, and fractional seconds are accepted
in X.509, why should it be refused
Hi Dave,
Hodie Kal. Feb. MMVIII est, Dave Thompson scripsit:
From: [EMAIL PROTECTED] On Behalf Of Erwann ABALEA
Sent: Thursday, 31 January, 2008 13:08
Hodie pr. Kal. Feb. MMVIII est, Patrick Patterson scripsit:
I disagree with this idea, in principle, and what you are suggesting
Hi Patrick,
Hodie pr. Kal. Feb. MMVIII est, Patrick Patterson scripsit:
Hi Erwann;
On Thursday 31 January 2008 13:07:32 Erwann ABALEA wrote:
Renewal is when you issue a new certificate, but keep the same keys. In
this case, the CRL validation in OpenSSL works fine, since the keys
it checks the verification of the CRL against the public key
of the certificate that signed the end-user certificate. That's not
conformant to the X.509 standard.
--
Erwann ABALEA [EMAIL PROTECTED]
openssl099-crl-renewedca.diff.gz
Description: Binary data
Hi Patrick,
Hodie pr. Kal. Feb. MMVIII est, Patrick Patterson scripsit:
Hi Erwann:
On Thursday 31 January 2008 11:23:57 Erwann ABALEA wrote:
Hello,
OpenSSL doesn't cleanly verify revocation status when a CA is renewed
(with a key change). Attached is a proposed patch to handle
field.
The corresponding paragraph of the RFC3280 (RFC2459 is obsolete, and
superseded by RFC3280) reads:
If the extension is present, then the certificate MUST only be used
for one of the purposes indicated.
RFC3280 is much more clear and unambigous than RFC2459.
--
Erwann ABALEA [EMAIL
.
If necessary, please contact Dominique Manenc [EMAIL PROTECTED].
You'll receive this message only once.
Thanks.
--
Erwann ABALEA [EMAIL PROTECTED]
-
It takes months to find a customer, but only seconds to lose one...
The good news is that we should run out of them in no time
itself, when it's a self-signed CA.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
If you never try anything new, you'll miss out on many of life's great
disappointments.
Demotivators, 2002 calendar
this mistake, I never found it in
any other product I've seen.
Based on that, I really don't think it might be necessary to rewrite the
RFC, or the X.509 standard (which would involve *much* more work).
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Unspeakable error in module Cthulhu
children. That's how it's done, and that's how it
has to be done.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Le netétiquette n'est qu'une vaste fumisterie,il faut de l'argent pour
fonctionner,à force,en France de refuser tout rapport sain avec
l'argent,l'on riqsque de
. The keyIdentifier
is not used, the only valid content for the authorityKeyIdentifier is the
issuer's name of the issuer certificate, packed with the issuer's
certificate serial number.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Et puis, je sais que ça ne se fait pas de reprendre sur
extension to have a qualified certificate
Hope this helps.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
CJ Les censeurs agitent plus de vent que les moulins des Pays Bas.
Tiens, je savais pas que c'étaient les moulins qui créaient le vent.
-+- GR in GNU : Dame qui se
is stored in a certificate is a GMT time.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Stupidity is no excuse for not thinking.
__
OpenSSL Project http://www.openssl.org
Sorry for this late delivery. It seems pipes can be filled with
old stuff sometimes. ;)
On Mon, 8 Jul 2002, Erwann ABALEA wrote:
On Mon, 8 Jul 2002, Mehdi Jabal Ameli wrote:
[...]
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
J'aurai aimé savoir si en Norvège il y
if you could fill
it.
Thank you for your time and your interest.
I'm looking foreward to reading you.
Yours sincerely
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Pour moi, que ce soit fr.rec.arts.musique.variete ou
fr.rect.arts.chansons, c négatif, parce que je
, and that changing the mod_ssl.so into mod_ssl.dll in
the configuration file should do the trick.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
NT n'a pas pu initialiser le fichier de partage de la partition de
démarrage pour le vidage sur incident. Ceci est peut-être dû au fait
que
solution would be to call the administrator.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
BC désolé, mais j'ai pas pû m'empecher.
On a vu, mais bon, vraiment fallait pas, vous ne manquiez pas encore
assez.
-+- RM in http://neuneu.mine.nu : En période de manque
reasonable control structures for programs. See bc(1).
dc and bc are linked by some way...
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
I'm not dyslexic, thank dog!
__
OpenSSL Project
On Tue, 5 Mar 2002, Michael Sierchio wrote:
Erwann ABALEA wrote:
dc and bc are linked by some way...
Yes. Unlink dc and bc won't work. ;-)
;)
I read J.P. King's email, and it's more clear now.
ot
I should try to learn dc, as I'm more comfortable with RPN that
traditional algebraic.
/ot
, not a bug in the OpenSSL library.
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
``We're operating from a knowledge base that is not very dense.''
Jim Skeen
Explaining how to say that we don't know what we are doing
]
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
When uncertain
2001, Erwann ABALEA wrote:
On Thu, 3 May 2001, Reddie, Steven wrote:
Zoran, I'd be happy to test your implementation. The PKCS#11 devices that I
have at my disposal are:
Eracom CSA7001/7002
nCipher nFast SCSI HSM
GemPlus PC410 smartcard reader
Litronic Netsignia 210
even think of it...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project http://www.openssl.org
Development Ma
,risc1,16,long) idea(int)
blowfish(idx)
compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM
-DMD5_ASM -DRMD160_ASM
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID
or windows (if there is)
thanx,
audrey
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project http://www.openssl.org
D
Does anyone have paid to go through the FIPS-140 evaluation of any part of
OpenSSL? ;-)
On Thu, 23 Mar 2000, David Ahrens wrote:
Does anyone know if the pseudo random number generator in openssl is
FIPS-140 compliant?
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL
found another problem with the command line tool openssl, used in it's
"prompt mode"... I'll try to reproduce the behaviour, and I'll post my
results.
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID:
with their cracked keys.) But my boss as asked me
I (and others too) think that 1024 bits RSA will be broken in less than 10
years...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5
ones used to generate
the certificates Basically, you have one certificate to sign the
certificates, and one other to sign the CRLs... A different key pair is
associated with each certificate.
The difference is in the keyUsage extension.
--
Erwann ABALEA
System and Development Engineer - C
Please read the file INSTALL.W32, everything's described...
On Mon, 17 Jan 2000, bhushan wrote:
Could you please explain,how to build static ssleay libraries on
WindowsNT
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5
Just run 'openssl speed' and enjoy...
You can also give parameters to the 'openssl speed' command.
On Fri, 4 Jun 1999, Pierre De Boeck wrote:
Where can I find a program that compute
benchmark time for the ciphers, digests and
public key alg of OpenSSL (I use the 0.9.3a version).
--
Erwann
Who wants to write a simple S/MIME tool, able to decrypt, verify, sign,
crypt any mail, so I can use it as a PINE filter? ;-)
On Tue, 20 Apr 1999, Andrea e Luca Giacobazzi wrote:
[NON-Text Body part not included]
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL
codes are PL and 616 AFAIR)
Right... France is 'FR' and '250'... Next! ;-)
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project
On Thu, 11 Feb 1999, Dr Stephen Henson wrote:
Erwann ABALEA wrote:
I posted this question on the old ssl-users list, but got no answer.
I wanted to add OIDs from SET books, and I'm running into problems.
Could you send me a sample certificate that exhibits this behaviour
Hi,
I'm new to the list, but I have used SSLeay for 4 or 5 months from now.
I submitted a correction to Eric Young, but it seems it has not been
reported to OpenSSL 0.9.1c:
in asn1.h, line 284, change ocurrence of PRINTABLESTRING_STRING to
PRINTABLESTRING
--
Erwann ABALEA
System
of this object is a
certificate of a CA to be trusted.
I'm not sure about the MIME type, I write this from memory, but I used
this method, and it works well, both with Netscape and IE4.
For more info, just read the (poor) documentation contained in SSLeay.
--
Erwann ABALEA
System and Development
98 matches
Mail list logo