On 01/09/2014 16:17, AUser ZUser wrote:
Hello
Can someone please help me with the following question.
I have a code signing certicate in my X509 store LocalMachine\My which I can
use for signing PowerShell scripts for example
Set-AuthenticodeSignature ./MyScript.ps1 -certificate ( gci
These configuration options do not build. I started to try and fix them, but
after fixing the first few problems, things got really sticky.
We hear that OpenSSL on embedded devices is important. Is anyone using this,
willing to share their fixes, and help maintain it? If not, it will be
Reminder.
-- Forwarded message --
From: md intekhab shaukat shaukat.mdintek...@gmail.com
Date: Thu, Aug 28, 2014 at 3:56 PM
Subject: Client Key Exchange Message
To: openssl-users@openssl.org
Hi,
I am a Master student and as case study regarding OpenSSL, I have to find
out what
We are using these options for an AmigaOS-based port of OpenSSL (which we call
AmiSSL) which can be found here:
http://sourceforge.net/projects/amissl/
In fact, we use these two options because file pointers are substantially
handled differently on AmigaOS and we use no-stdio because we build
Reading the OpenSSL source code in an effort to learn how the SSL and TLS
protocols work is not a good idea. OpenSSL is an implementation, not a tutorial.
I suggest you get an actual description of how SSL/TLS works, such as Eric
Rescorla's book SSL and TLS.
(I believe Rich already suggested
What config flags to you use? What changes have you made? It doesn't build
for me.
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
__
OpenSSL Project
What you could also consider doing is to look at list of cipher suites
that you advertise during handshake and try to restrict it a bit.
I had same problem with F5 BIG-IP after migration OpenSSL 1.0.0 -
1.0.1k (it seems there was many ciphers added between those to versions
which makes). Then
+1 for keeping the features (I use AmiSSL ;) )
alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
+1 for keeping the features (I use AmiSSL ;) )
It doesn’t build. Unless that is addressed, it is highly likely that I will
remove it from the tree after 1.0.2
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
I have found some change in the behavior of the OpenSSL 1.0.1 crypto
library between releases h and i regarding the internal handling of
PKCS7 and X509 structures. Attached is a S/MIME signed message
generated by C calls to the OpenSSL 1.0.1i API. If I take this output
and then on the command line
On Wed, Sep 03, 2014 at 02:01:35PM -0700, Andy Schmidt wrote:
openssl smime -in JohnHancock.smime -pk7out
Decoding the pkcs7 data with asn1parse results in:
0:d=0 hl=4 l=4594 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT:pkcs7-signedData
15:d=1 hl=4
Am 03.09.2014 um 21:33 schrieb Salz, Rich rs...@akamai.com:
+1 for keeping the features (I use AmiSSL ;) )
It doesn’t build. Unless that is addressed, it is highly likely that I will
remove it from the tree after 1.0.2
Well, then why are you asking for opinions in first place if your
Great, thank you!
The problem is that the API call sequence generates different S/MIME
and/or PKCS7 output between 1.0.1h and 1.0.1i. The attached files are
generated from the same API call sequence, JohnHancock.smime.h with
1.0.1h and JohnHancock.smime.i with 1.0.1i. The h version S/MIME does
On Wed, Sep 3, 2014 at 4:21 PM, Jens Maus m...@jens-maus.de wrote:
Am 03.09.2014 um 21:33 schrieb Salz, Rich rs...@akamai.com:
+1 for keeping the features (I use AmiSSL ;) )
It doesn’t build. Unless that is addressed, it is highly likely that I
will remove it from the tree after 1.0.2
On Wed, Sep 03, 2014 at 04:34:05PM -0700, Andy Schmidt wrote:
The problem is that the API call sequence generates different S/MIME
and/or PKCS7 output between 1.0.1h and 1.0.1i. The attached files are
generated from the same API call sequence, JohnHancock.smime.h with
1.0.1h and
I am sorry that I was not clear.
I am saying that if there are people who depend and want no-stdio and NO_FP_API
to be kept in the OpenSSL source, then they need to feed their patches, just to
make those things work, back to OpenSSL.
My mind is not made up. I am asking for people who want us
16 matches
Mail list logo
