Wondering if a vendor product might be vulnerable to existing (fixed) bugs, despite showing current version number

Hi, I'm a student and I've been doing some security testing of a VPN from a rather large vendor as part of a school project. During my mapping of the VPN, I discovered the version of OpenSSL that they are distributing is 0.9.8h-fips-dev 19 mar 2008 As I understand it, that makes this a

Re: Re: Re: hello everyone

thanks Ger Hobbelt and All, my question have been solved, thanks a lot. 2008-08-02 abc_123_ok 发件人： Ger Hobbelt 发送时间： 2008-07-30 16:52:00 收件人： openssl-users 抄送： 主题： Re: Re: Re: hello everyone yes , you are correct , my client does not use Openssl code. Okay... Well, this

Re: Verify x509 certificate

The verify(1ssl) man page has descriptions of these error codes. 7 is X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure, which is described as: the signature of the certificate is invalid. I would presume that this is because the signature cannot be verified with the public key

Re: Verify x509 certificate

On sab, 2008-08-02 at 02:04 -0700, Kyle Hamilton wrote: The verify(1ssl) man page has descriptions of these error codes. 7 is X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure, which is described as: the signature of the certificate is invalid. I would presume that this is

Re: Verify x509 certificate

Solved ! I forgot to call SSLeay_add_all_algorithms(); ... a summer youthful folly :-) Flt Il giorno sab, 02/08/2008 alle 11.43 +0200, .:: Francesco la Torre ::. ha scritto: On sab, 2008-08-02 at 02:04 -0700, Kyle Hamilton wrote: The verify(1ssl) man page has descriptions of these error

using signature with elliptic curve

Hello I would like to sign the digest of a file using the elliptic curve sect233r1 I generate my by openssl ecparam -genkey -name sect233r1 -noout -out id_eckey Signing by openssl dgst -sha1 -sign id_eckey file = OK = OK openssl dgst -sha512 -sign id_eckey file = NOK When I try to generate

Re: Wondering if a vendor product might be vulnerable to existing (fixed) bugs, despite showing current version number

Samuel Lavitt wrote: I am wondering how I could determine, with only access to the compiled binary, if this version has any missing security fixes The worst vulnerabilities (and your time might be valuable, so prioritization might be important) have published exploits available. Black hat

Re: Verify x509 certificate

I'm not sure you solved that. This works just because your certificate chain will have only 1 certificate so no signature verification is done. kr, Eugen Sendroiu - Original Message From: .:: Francesco la Torre ::. [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: