[openssl-users] Cryptographic export laws + OpenSSL

2015-10-27 Thread Tom Kacvinsky
Hi, What US cryptographic export laws apply to OpenSSL? I am in need of distributing the run time libraries (not the development kit), but I don't want to run afoul of export laws. Thanks, Tom ___ openssl-users mailing list To unsubscribe:

Re: [openssl-users] Cryptographic export laws + OpenSSL

2015-10-27 Thread Steve Marquess
On 10/27/2015 01:13 PM, Tom Kacvinsky wrote: > Hi, > > What US cryptographic export laws apply to OpenSSL? I am in need of > distributing the run time libraries (not the development kit), but I > don't want to run afoul of export laws. U.S. export law is a mess. Both "EAR" and "ITAR" can apply

Re: [openssl-users] OCSP_sendreq_bio()

2015-10-27 Thread Walter H.
On 26.10.2015 21:42, rosect...@yahoo.com wrote: Hi, I need some help on this call. I am building an OCSP client following guide in openssl and compile the code in Cygwin environment. My openssl version is 1.0.1h. With HTTP based OCSP, the code works fine. But, with HTTPs, the code gets

Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool

2015-10-27 Thread Michel
Thanks Viktor for your answer, and Jakob for clarifying my thought. My english isn't good enough to argue with both of you, but obviously, I do agree with what you have proposed. Michel. -Message d'origine- DeĀ : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Jakob

[openssl-users] Need help understanding tradeoffs of "-dsaparam" in dhparam

2015-10-27 Thread Ethan Rahn
Hello, I'm trying to understand the tradeoffs of using "-dsaparam" in the openssl "dhparam" command. I know that it won't create a strong prime , but I'm not understanding the tradeoffs with that very well. The wikipedia page says that primes with the

[openssl-users] Where to find the OCSP response signer cert if the OCSP response does not contain one?

2015-10-27 Thread M K Saravanan
Hi, If the OCSP responder does not send the response signer certificate in the OCSP response, then how can we find the signer certificate? I was doing a simple test to verify google certificate via OCSP like this: $ openssl ocsp -issuer ./www.google.com.sg-issuer.cer -CAfile ./ca.cer -cert