Hello,
We have a firewall acting as a reverse proxy(server) doing SSL offload and we
are seeing a memory leak in x509_name_ex_new.
We are using OpenSSL 0.9.8l and we ran the OpenSSL's builtin memory leak
checker, dumped the results using CRYPTO_mem_leaks_fp and found several leaks
reported, one
Should I send this request to the developers list rather than here?
If so, I'll be happy to do so...
In any case, the short version is: I cross-compiled openssl for target
xscale, and could not load the kernel module because some of the symbols
(e.g. crypto_register_alg) apparently because they
Hi Dallas,
-Original Message-
From: Dallas Clement
Just wondering what the best way to turn off authentication is. I'm
wanting to do so for testing purposes. Would someone please advise?
just configure aNULL (see ssl.h) for your ciphersuites on both endpoints.
That way only
Hi,
Before I go nuts with all kinds of different tries to solve the
problem, I better ask the experts!
I'm on Debian Lenny, trying to install OpenSSL1.0.0 - have done it on
a machine just like it, but can't compile on this one. I've
tried./config with and without -fPIC and with and without
On Tue, May 25, 2010 at 19:09, Carruth, Rusty wrote:
Should I send this request to the developers list rather than here?
If so, I'll be happy to do so...
In any case, the short version is: I cross-compiled openssl for target
xscale, and could not load the kernel module because some of the
Thanks guys. It worked for me !!
- Kunal
On Wed, May 26, 2010 at 6:51 AM, Dave Thompson dthomp...@prinpay.comwrote:
From: owner-openssl-us...@openssl.org On Behalf Of ~ Kunal Sharma
~
Sent: Tuesday, 25 May, 2010 10:02
I guess I need to supply the iv in hex format. Is
I think the FAQ point is trying to highlight that the GZIP format as-is
was designed for single file compression (a compress replacement). So
therefore the extra tiny header at the start of the GZIP data that you
find in *.gz files is not necessary for zlib and streaming compressors.
Also
Hi Patrick,
I had first tried doing it at run-time, and it didn't seem to work.
SSL_set_cipher_list( mpSsl, aNULL );
I then modified ssl.h as follows:
#define SSL_DEFAULT_CIPHER_LIST aNULL:eNULL /* low priority for RC4 */
In both cases, I'm getting this error on the server end:
Hi Darryl,
--- On Wed, 5/26/10, Darryl Miles darryl-mailingli...@netbauds.net wrote:
From: Darryl Miles darryl-mailingli...@netbauds.net
Subject: Re: BIO_f_zlib() / gzip Format
To: openssl-users@openssl.org
Cc: Doug Kehn rdk...@yahoo.com
Date: Wednesday, May 26, 2010, 6:03 AM
I have to
Hi,
How do I check in my code, if a certificate is revoked or not?
From what I googled :
The x509 certificate contains set of CRL distribution points, ie set of urls.
We need to download the crl list .
Crl list contains serial numbers of certificates revoked and the date in which
they were
if my public key is 256 bytes long, what is the max length of the string I
can use to encrypt? Is it 256?
Rusty Carruth wrote:
I would have thought that OPENssl, for which I have the source, would
have met the requirements to use the _GPL symbols in the kernel.
The requirement is that the module claim that it is available under the GPL
by containing a specific license declaration. You can fix this
Chuck Pareto wrote:
if my public key is 256 bytes long, what is the max length
of the string I can use to encrypt? Is it 256?
If the output is exactly 256 bytes, there are (in theory) 2^(256*8) possible
outputs. That means there can be at most 2^(256*8) possible inputs. There
are more than
One small piece of additional info: I'm trying to avoid the use of
any certificates. Is that even possible with OpenSSL?
On Wed, May 26, 2010 at 6:34 AM, Dallas Clement
dallas.a.clem...@gmail.com wrote:
Hi Patrick,
I had first tried doing it at run-time, and it didn't seem to work.
Hello All,
Is there a function that translates certificate verify return codes?
#define X509_V_OK 0
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT2
#define X509_V_ERR_UNABLE_TO_GET_CRL3
...
Just
On Wed, May 26, 2010 at 07:20:12PM -0500, Dallas Clement wrote:
One small piece of additional info: I'm trying to avoid the use of
any certificates. Is that even possible with OpenSSL?
Yes. If both server and client support aNULL ciphers, and list these
above any other ciphers, or the server
I've figured this out. Just needed to disable cert verification in
addition to using aNULL cipher.
SSL_CTX_set_verify( mpSslContext, SSL_VERIFY_NONE, NULL );
Sorry for the spam.
On Wed, May 26, 2010 at 7:20 PM, Dallas Clement
dallas.a.clem...@gmail.com wrote:
One small piece of additional
Hi,
Our library uses OpenSSL(v 0.9.8k) in multithreaded environment. Recently I
observed memory leak resulting from not calling ERR_remove_state().
After reading the documentation of this function, I see that
ERR_remove_state should be called when a thread exits. Since we are using
OpenSSL
18 matches
Mail list logo