The 'ranlib' warnings are normal on OSX, for whatever reason. I get
them on the i386 version.
The non-compatible type warnings, though, are not.
Which version of Xcode do you have installed? Which version of gcc
are you using (3.x or 4.x)?
-Kyle H
On Wed, Jan 7, 2009 at 12:41 PM, PGNet
Hi Mounir:
Thanks a lot for the sample code, it answers all my questions!
Do you know if PSS is going to be part of the next release for RSA signatures?
Cheers
-- Chev
__
OpenSSL Project
Hello,
I've recently come across a problem with openssl versions over 0.9.7a. I
have a network of approximately 100 servers using curl to access
different websites. Some of the servers are using openssl 0.9.7a and
some are using 0.9.8b. We recently encountered a problem accessing some
sites
This vulnerability only comes into play during active TLS sessions.
Certificate chain validation is not affected.
S/MIME is not affected.
Quoting Dr Henson (a later message, Message-ID
20090107184137.ga99...@openssl.org):
Certificate chain validation is not affected nor other forms of DSA/ECDSA
--- On Wed, 1/7/09, Dr. Stephen Henson st...@openssl.org wrote:
Incorrect checks for malformed signatures
- ---
It is not perfectly clear to me if regular certificate validiations and smime
signature validiation is also affected by this. Could you
I would expect it has something to do with the following change (from
0.9.7b CHANGELOG):
+ *) Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in
On Wed, Jan 07, 2009, PGNet wrote:
I'm building fips 1.2 on OSX,
uname -a
Darwin pb.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24
17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh
Config,
cd /usr/local/src/openssl-fips-1.2
./config
I have solved my problem.
The problem in my case was a server one. I use a non-blocking socket for the
server to receive information from the clients, so the server performs a
select with a timeout of 1 second to read information. It turns out that
when they are network issues, 1 second is not
Hi,
On Thu, Jan 8, 2009 at 12:42 AM, Kyle Hamilton aerow...@gmail.com wrote:
Which version of Xcode do you have installed?
XCode v3.1.2, build 1149
Which version of gcc are you using (3.x or 4.x)?
gcc version 4.2.1 (Apple Inc. build 5566)
On Wed, Jan 7, 2009 at 12:41 PM, PGNet
I am using OpenSSL 0.9.8g/h, followed the following path,
C:\SSL\openssl-0.9.8g_win32\openssl-0.9.8g_win32\binopenssl pkcs12 -in
c:\ssl\s
arojesh05012009.pfx -out c:\ssl\choice.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
Dear users,
I want to extract public key from certificate (*.cer file) in C++ (with
visual C++).
In command, I can do that with this command : c:\OpenSSL\bin\openssl
x509 -inform pem -in certificate.cer -pubkey -noout publickey.pem
Could you telle how to do that in C++?
Thanks in
Perhaps, but is there anything I can do to fix this issue? These sites load
fine via browsers so I am in a tough position trying to say it's a problem with
the server configuration even if it is. Any help you can provide would be
appreciated. Thanks.
-- Matt
-Original Message-
From:
As a test, ignoring the UserGuide's admonition about user-config
options to FIPS build, with a TARGET = darwin-ppc-cc, this,
./config --prefix=/usr/local/ssl-fips fipscanisterbuild
make
make install
installs FIPS as directed in /usr/local/ssl-fips.
Then, building openssl 098j,
mv
On Thu, Jan 08, 2009, PGNet wrote:
This is an unfortunate side effect of gcc being stricter about function
pointers
...
The actual errors you see are not part of the validated module but part of
the rest of OpenSSL. If you complete the make process once (despite the
crashes) and can
if you have the X509 * object (in your code), then you can try
X509_set_pubkey() (in x509.h) to obtain the EVP_PKEY * object, then you can
use the various PEM_write_..._RSAPublicKey() (in pem.h).
_
Windows Live™ Hotmail®: Chat.
then you can try X509_set_pubkey() (in x509.h) to obtain the EVP_PKEY *
object
of course i meant X509_get_pubkey().
_
Windows Live™: Keep your life in sync.
* Md Lazreg wrote on Thu, Jan 08, 2009 at 15:11 +0100:
The problem in my case was a server one. I use a non-blocking socket for the
server to receive information from the clients, so the server performs a
select with a timeout of 1 second to read information. It turns out that
when they are
Hi,
You can achieve the same by following these steps :
- Call the function PEM_read_X509 to obtain an X509 pointer from
the certificate file.
- Call the function X509_get_pubkey on this pointer to obtain an
EVP_PKEY pointer.
- Call the function PEM_write_PUBKEY on this pointer to
I compiled openssl-0.9.8j without problems under Linux. When running
under Windows XP SP3, Visual Studio 9, using option do_ms, nt.mak
compiled without error.
ntdll.mak had the following fatal compiler error:
Building OpenSSL
cl /Fotmp32dll\ec_asn1.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2
On Thu, Jan 8, 2009 at 7:58 AM, Dr. Stephen Henson st...@openssl.org wrote:
If you want to move the validated module elsewhere afterwards you can do
provided you keep to the permission requirements of the security policy.
Once you've installed the validated module you can then use OpenSSL
A client cert is only sent when requested by the server, so that makes
this a Tomcat/apache issue, not an OpenSSL issue.
apps/s_client demo app supports transmission of client cert upon
request (try this in conjunction with the apps/s_server OpenSSL demo
app, for instance).
Check out this:
On Thu, Jan 08, 2009, Carter Browne wrote:
I compiled openssl-0.9.8j without problems under Linux. When running
under Windows XP SP3, Visual Studio 9, using option do_ms, nt.mak
compiled without error.
ntdll.mak had the following fatal compiler error:
Building OpenSSL
cl
Hi,
As far as I know, it's only supported in the 0.9.9 development tree
through the introduction of the new type EVP_PKEY_CTX and the new
functions EVP_PKEY_sign_init and EVP_PKEY_sign. Personally, I find it
simpler to implement this scheme using the low level primitives I showed
you in my
Hi OpenSSL Users,
I am setting up an Ubuntu 8.10 LAMP server on a Linode VPS. I have an older
Ubuntu 6.10 vps set up as well that I configured with self signed
certificates and CACert. I would like to set this new server up with a
certificate from Thawte, or Verisign, et el (I'm open to
I've managed to build/install openssl 098j+fips12 on
(1) a PPC mac, running OSX 10.5.6
uname -a
Darwin mac 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:39:01 PST
2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh
(2) a shared, Debian host,
uname -a
Linux cobra
If you create a softlink to the real target directory, that seems to
work...
cd /usr/local/ssl
ln -s fips-1.0 /usr/local/ssl-fips
Please respond to openssl-users@openssl.org
Sent by:owner-openssl-us...@openssl.org
To: openssl-users@openssl.org
cc: (bcc: Dan Mitton/YD/RWDOE)
Kevin Murphy kevinpatrickmur...@gmail.com writes:
[...]
I came accross a couple howto articles for setting up one certificate that
will cover all virtual hosts on a web server... one static IP, one
certificate,
multiple sites, lots of saved money!
Hi Kevin,
Those sites describe a way to
27 matches
Mail list logo
