Hi,
It's pretty easy to run cppcheck. It also integrates quite well with
jenkins, as there is cppcheck plugin available. You can find mine
configuration right here if interested:
http://amongbits.com:8090/job/openssl/ (guest/guest for login/pass)
I don't have much experience with Coverity,
Hey,
Nice to see this continues build. Have you guys thought about creating
one build for static code analysis (f.e. integrating cppcheck)?
Kris
On 06/13/2015 12:32 AM, Matt Caswell wrote:
On 12/06/15 18:53, Valerie Fenwick wrote:
Hi Folks -
I was wondering if there is a document
Hi,
Yes, that's exactly what we do in our configuration. We have 24 servers
with rather high workload. SSL is offloaded on F5 load balancer and
servers behind load balancers receive decrypted traffic.
I'm not aware of any performance issues. And in fact it's quite good
idea as server itself
-06-01 07:36:01 -0400, Krzysztof Kwiatkowski wrote:
Yes, that's exactly what we do in our configuration. We have 24 servers
with rather high workload. SSL is offloaded on F5 load balancer and
servers behind load balancers receive decrypted traffic.
I'm not aware of any performance issues
Hi Guys,
Tickets #3705 and #3709 can be closed as they are exactly same as this one.
I've sent same mail few times. Sorry for inconvenience.
Kris
On 02/17/2015 10:49 PM, Krzysztof Kwiatkowski via RT wrote:
Currently SSL_CTX_set_srp_username/password functions take char*
argument
Hi Guys,
Tickets #3705 and #3709 can be closed as they are exactly same as this one.
I've sent same mail few times. Sorry for inconvenience.
Kris
On 02/17/2015 10:49 PM, Krzysztof Kwiatkowski via RT wrote:
Currently SSL_CTX_set_srp_username/password functions take char*
argument
Currently SSL_CTX_set_srp_username/password functions take char*
argument for username/password value. In an application level code those
values are very often const (user provided data). In such cases, when
passing those values to OpenSSL library either dirty cast needs to be
performed to
Hi,
Currently SSL_CTX_set_srp_username/password functions take char*
argument for username/password value. In an application level code those
values are very often const (user provided data). In such cases, when
passing those values to OpenSSL library either dirty cast needs to be
performed
Hi,
Do you plan to integrate this one somewhere soon?
https://github.com/openssl/openssl/pull/113
I can help with merge if needed.
Kris
___
openssl-dev mailing list
openssl-dev@openssl.org
http://www.amazon.co.uk/Network-Security-OpenSSL-Cryptography-Communications/dp/059600270X
I've found basics and even more advanced topics in this book, but please
notice that it is more than 10 years old, so doesn't cover new stuff and
I've found some information outdated. Still - good book.
-...@openssl.org] On
Behalf Of david.ll...@fsmail.net
Sent: Friday, November 14, 2014 4:16 PM
To: openssl-dev@openssl.org; Krzysztof Kwiatkowski; openssl-dev@openssl.org
Cc: owner-openssl-...@openssl.org
Subject: Re: Improving Developer Documentation
OpenSSL APIs haven't changed much in 10
Great!
I suppose it fixes both - client and server ?
On 15 October 2014 15:59:13 CEST, Matt Caswell m...@openssl.org wrote:
On 15/10/14 14:43, nicolas@free.fr wrote:
Hi,
there's a workaround here :
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
it aims to forbid
Hi,
Any idea what this is about? Is it a threat for OpenSSL users:
http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_tomorrow/
Regards,
Kris
__
OpenSSL Project
Hi,
When you connect with s_client to my SRP server the protocol displayed
is TLSv1. I wonder if it is correct ? Shouldn't it say SRP or TLS-SRP ?
Protocol : TLSv1
Cipher: SRP-AES-256-CBC-SHA
Kris
__
OpenSSL
Hi OpenSSL dev team !
Would you be able to integrate #2578 into next version of OpenSSL?
http://rt.openssl.org/Ticket/Display.html?id=2578
Kris
__
OpenSSL Project http://www.openssl.org
Can you share the code you have used for testing?
On Thu, 2014-08-21 at 16:14 +0200, Jay True via RT wrote:
I've tested versions 1.0.0b and 1.0.1i, both have this problem too.
More specifically, it happens only when the application called SSL_write()
after peer A starts the renegotiation.
First of all, I think you should ask this question on
openssl-us...@openssl.org.
In my opinion you can mix SSL_write() and SSL_read() operations when
they return WANTS_X.
According to documentation of SSL_read() says The calling process then
must repeat the call after taking appropriate
+0200, Krzysztof Kwiatkowski wrote:
On 2014-05-27 11:13, Michael Tuexen wrote:
On 27 May 2014, at 10:01, Krzysztof Kwiatkowski krzys...@leeds.pl
wrote:
On Tue, 2014-05-27 at 09:18 +0200, Michael Tuexen wrote:
Please do update it.
I guess that patch should be against the master branch
On Tue, 2014-05-27 at 09:18 +0200, Michael Tuexen wrote:
Please do update it.
I guess that patch should be against the master branch, right?
(the current patch doesn't apply there...)
That what I was thinking about. Wouldn't it be less work to apply my
patch to master and then apply patch
On 2014-05-27 11:13, Michael Tuexen wrote:
On 27 May 2014, at 10:01, Krzysztof Kwiatkowski krzys...@leeds.pl
wrote:
On Tue, 2014-05-27 at 09:18 +0200, Michael Tuexen wrote:
Please do update it.
I guess that patch should be against the master branch, right?
(the current patch doesn't apply
Following the comment of Viktor I've updated the pull request with
documentation for new -localip option.
On Sun, 2014-05-25 at 14:29 +0200, Krzysztof Kwiatkowski via RT wrote:
Thanks, I didn't notice this change (some merge issue I guess)
I'm sending new diff in the attachement. Also I've
wrote:
On 24/05/2014 11:06 PM, Krzysztof Kwiatkowski via RT wrote:
Hello,
This patch implements request for ticket 2578. I've also created pull
request in github that you can find here:
https://github.com/openssl/openssl/pull/108
Why is there a crypto/objects/obj_xref.h change mixed
],
sigoid_srt[18],
+ sigoid_srt[17],
sigoid_srt[0],
sigoid_srt[1],
sigoid_srt[7],
--
1.8.3.1
From a06d75a27fcfa6549f887fe0017662749abc23ca Mon Sep 17 00:00:00 2001
From: Krzysztof Kwiatkowski krzys...@leeds.pl
Date: Sun, 18 May 2014 12:28:42 +0200
Subject: [PATCH 2/3
],
sigoid_srt[18],
+ sigoid_srt[17],
sigoid_srt[0],
sigoid_srt[1],
sigoid_srt[7],
--
1.8.3.1
From a06d75a27fcfa6549f887fe0017662749abc23ca Mon Sep 17 00:00:00 2001
From: Krzysztof Kwiatkowski krzys...@leeds.pl
Date: Sun, 18 May 2014 12:28:42 +0200
Subject: [PATCH 2/3
Hi,
I've found small issue - entry in ssl_option_single table was
duplicated.
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 475fb1d..fc6caa9 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -203,7 +203,6 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char
*cmd)
Hello,
Any idea if this patch will be integrated?
Kris
On 2013-10-28 23:31, Krzysztof Kwiatkowski wrote:
Well, maybe but it's not always possible.
In my case I have machine which is running application server that is
handling a lot of connections (SSL and not) with different partners
(kind
?
Patrick Watson, CISSP
Software Engineer
Data Security Electronic Payment Systems
NCR Retail
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Krzysztof Kwiatkowski
Sent: Sunday, October 27, 2013 6:59 PM
To: openssl-dev
Hello,
This patch implements a change in s_client that makes it possible to
select local IP from which connection must be made.
Request for such change was suggested by ticket #2578
Motivation for such functionality is that one may not find s_client
useful if it tries to connect from host which
Hi,
I've general question about how session renegotiation is initiated.
Are there cases where openSSL library can decide to renegotiate SSL/TLS
session (automatically) or such decision always is driven by the code
that uses openSSL lib? In other words - if I have an applications
Hello,
I've legacy application which handles full-duplex connections - many
threads writing and reading from/to the same socket at the same time.
Now I need to implement SSL communication over those sockets.
According to this
30 matches
Mail list logo
