Hey

wow this is awesome give it a look http://www.finance15cinews.net/biz/?employment=0410777 __ OpenSSL Project http://www.openssl.org User Support Mailing List

FWD:

wow this is crazy check it out http://www.finance15elnews.net/biz/?page=7115048 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org

Hello

wow this is pretty awesome you should give it a look http://www.finance15dynews.net/biz/?read=9799495 __ OpenSSL Project http://www.openssl.org User Support Mailing List

fwd:

wow this is pretty crazy you should check it out http://www.thanews.net/biz/?employment=8003005 __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: RE: OpenSSL 1.0.1a

such an fatal error, seems it will damage the image of the project.   -- qun-ying - Original Message - From: Peter Heimann heima...@web.de To: openssl-users@openssl.org Cc: Spence, Thomas CIV USAF AFDW 844 CS/SCOX thomas.spe...@pentagon.af.mil Sent: Wednesday, April 25, 2012 12:08

would like to get some clearification on CVE-2011-4619

Hi, Regarding this  SGC-Restart DoS Attack (CVE-2011-4619), does it require the server to use the SGC certificate or it doesn't matter what kind of certificate is used by the server?   -- Qunying

Re: Why CVS?

Hi, It seems there is an effort to provide a git repository: http://repo.or.cz/w/mirror-openssl.git Qunying __ OpenSSL Project http://www.openssl.org User Support Mailing List

Should DTLS causing program abort when getting an incorrectly formatted fragment?

enlighten me if I miss something. -- qun-ying __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager

About client certification verification

Hi, I would like to clarify if SSL server request client to send certification, and does not do the verification in OpenSSL (verification error is ignored, and certificate is verified somewhere else), will the client certificate still participate in the negotiation of keys? Thanks -- qun

Re: where is the memory being held

I found a solution without hacking into the library itself. Since my system is running glibc, I forced all mem request to use mmap with mallopt(M_MMAP_THRESHOLD, 0), which release the memory back to the system when free is called, testing shows so far so good. -- qun-ying - Original

Re: where is the memory being held

Does it mean that it is hard to change the behavior? -- qun-ying --- On Fri, 9/24/10, David Schwartz dav...@webmaster.com wrote: Sounds like OpenSSL wasn't what you wanted. OpenSSL is intended for use on general-purpose computers with virtual memory. It is not designed to return virtual

Re: where is the memory being held

down. This leave very little memory for other part of the system, as this app is only a small part of a bigger system. The memory usage is a big concern as it is always running with the box. So far periodically restart the app is not a good solution. -- qun-ying This all seems normal

where is the memory being held

chunks = 81 mmap regions =4 mmap bytes = 1773568 Total (incl. mmap): system bytes = 30045520 in use bytes = 3582752 releasable bytes = 462496 -- qun-ying __ OpenSSL

Re: TLSv1.2 in openssl

If you just want to study it, gnutls has support TLS1.2, I suppose now most Linux distributions include it by default also. -- qun-ying --- On Tue, 7/14/09, Akos Vandra axo...@gmail.com wrote: From: Akos Vandra axo...@gmail.com Subject: Re: TLSv1.2 in openssl To: openssl-users

verifying CRL with critical extensions

Hi, May I know is the current version of OpenSSL supports verification for CRL with critical extensions? I am currently runing 0.9.7m. Thanks -- qun-ying __ The new Internet Explorer® 8 - Faster, safer, easier

IE could not connect to a chaine-cert's ssl server

Client: Windows XP, IE7, firefox 3.0.3 Actually, I try Aapche 2.x also, same result. Thanks for your help! -- qun-ying __ Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you

RE: IE could not connect to a chaine-cert's ssl server

Ah, I miss that one. Thanks. -- qun-ying --- On Wed, 2/4/09, Giang Nguyen cau...@hotmail.com wrote: From: Giang Nguyen cau...@hotmail.com Subject: RE: IE could not connect to a chaine-cert's ssl server To: openssl-users@openssl.org Received: Wednesday, February 4, 2009, 2:02 PM i think

Re: Time Diff?

Averroes wrote: Hi all, Perhaps someone noticed this: When I create a certificate there is difference between system (OS) time and creation time of certificate. Approximately one hour. certificate info: Validity Not Before: Sep 14 09:57:24 2001 GMT Not

Re: JAVA/JNI Wrapper for OpenSSL.

what platform/compiler are you running? take note of the order you supply the library. move the -lcrypto to the last of your link command may solve your problem. __ OpenSSL Project

Re: JAVA/JNI Wrapper for OpenSSL.

app_RAND_load_file() is not in the library. it is only a function used in the openssl command tool. you can get the function definition in apps/app_rand.c __ OpenSSL Project http://www.openssl.org

Re: JAVA/JNI Wrapper for OpenSSL.

the Java thread dump gives a lot of information unralted(I don't know how to interprete it either). try to insert a lot of debug print in your C code and find out exactly where it fails and check every return code from the OpenSSL library calll, from there it is much easier to find the problem..

Re: Netscape 6.01 and SSL: crash?

Don't use Netscape 6.01! Use Mozilla in stead (latest milestone is 0.8). It is much more stable and with features that Netscape does not have. -- (~._.~) s ^ (Qun-Ying) (65) 874-6643 ( O ) ()~*~() (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED

Re: Installation problem with mingw32 on NT4 SP4

I used to get this kind of error. Active perl seems not working quite well together with cygwin/mingw32. Try to get a perl version for cygwin. QUERAN LOIC wrote: --- Reçu de CMB.QUERALO 0298002339 13-12-00 10.29 I try to install OpenSSL 0.9.6 with gcc 2.95.2, make

strange result from i2d_X509()

Hi, I am trying to create a X509 certificate and store the result in a memory location for later usage. But the result return from i2d_X509() is wrong. I can get the correct result if I write the X509 structure through either PEM_write_X509() or i2d_X509_bio(). I am running OpenSSL 0.9.6 under

Q: not understand the meaning of codes in apps/x509.c

Hi, While going through the code in apps/x509.c, in line:979, function x509_certify(). What does the 3 lines do? It seems useless for the upkey is free after parameters being copied to? As int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); is defined as copy from the second argument to

signed after/before encryption?

While normally the original data before encryption gets signed, what is the effect of signing the encrypted data? In this form, the verification can take place without decrypting the data. Any pros and cons of this method? Thanks -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6643 ( O

Re: signed after/before encryption?

the verification of encrypted data's signature have the same level of security of the decrypted data's signature? The reason for this is that if the data have been corrupted, there is no point to decrypt them. -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6643 ( O ) TrustCopy Pte Ltd / Kent Ridge

Re: Base64 in MIME file...is LF really required?

After you create the base 64 BIO, set the following flag, BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); to parse the input without linefeed. -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore

Re: Private Keys and PKCS#12

out the cert. related code. -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] p12_crt.c

Re: Newbie question: Compiling OpenSSL under VC++ 6.0

In your VC installation, you should be able to found a batch file under C:\progra~1\micros~2\vc98\bin, it is named "vcvars32.bat", just run the batch file under your DOS prompt, it will setup all the environment for you. -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O )

BIO and proxy?

Hi, I have not dug into the source code yet, but I want to know how to use the proxy support? Does it work transparently with those web proxy server, acting as a tunnel for communication between two sites? Thanks -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O

Re: ??: RSA pri key storage format

?? wrote: no default format. if you use openssl, pem is default.It is DER encode of you private key, then base64 it. with addtion alogorithm information, it became .pem file. PKCS is another format to store one' s certificate of private key or crl. Not strange, often used by IE,

how to make dynamic library for Linux

It seems OpenSSL only support dynamic library on solaris system and dll under Windows. How do I make a dynamic library for Linux? Is there other issue to take care other than change the relevent compile options? __ OpenSSL

PKCS7 usage?

Ⱥ Ӣ (Qun-Ying) (65) 874-6743 ( O ) ()~*~() (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL

Re: PKCS7 usage?

into buffer block by block to verify the data. How do I setup such operations? Regards -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED

conver PKCS7 *p7 to DER string?

Hi, If I have the signature generated, how do I convert the p7 into a DER string without writing out to a file? How do I know the size of the buffer to prepare? Thanks -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) ()~*~() (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED