These comments are on the version of the specification released on
Monday 2019-02-11 at https://www.openssl.org/docs/OpenSSL300Design.html
General notes on this release:
- The release was not announced on the openssl-users and
openssl-announce mailing lists. A related blog post was
announced
In particular, I'm getting a close_notify alert, followed by two
NewSessionTickets from the server.
The does SSL_read()/SSL_get_error(), it is returning
SSL_ERROR_ZERO_RETURN, so I stop calling SSL_read().
However, that means that the NewSessionTickets aren't seen, so I don't
get the callbacks
Hi All,
I am using CMS_sign API to generate pkcs7-envelopedData for SCEP
implementation.
I am facing issue as CMS_sign API generates default version, originatorInfo
and recipientInfo fields as .
I would like to know how to set correct values to these fields, if there is
any other openssl API I
>Yes - I do expect you to be able to build just the validated source
independently of the rest of the tarball so that you could (for example)
run the
latest main OpenSSL version but with an older module.
Which means that this doesn't have to happen in the first release since
>Integrity of validated source code when other parts of the tarball
get regular changes?
The design doc, just recently published, talks about this a bit. Not all
details are known yet.
>Building the validated source code in a controlled environment
separate from the full
Can you give any guidance on which platforms will be validated with the OpenSSL
FIPS 3.0 module? My recollection is that it will only be a handful of
platforms. It would be helpful to have an idea which platforms will and will
not be included. Any additional information about how other
On 14/02/2019 16:42, Patrice Guérin wrote:
> Hello,
>
> I have two questions :
>
> * I use OBJ_NAME_do_all_sorted() with OBJ_NAME_TYPE_CIPHER_METH to get the
> list of supported cipher methods
> Is there a difference between lowercase and uppercase names ?
> I've noticed that
+1 on the point: firm expiration date without firm replacement date ... really?!
We have to hope that the firm expiration date will actually move if the
replacement isn't ready before then ... and that doesn't begin to account for
the calendar time to get the new one certified
Thanks,
Mark
On 14/02/2019 16:34, Jakob Bohm via openssl-users wrote:
> On 13/02/2019 20:12, Matt Caswell wrote:
>>
>> On 13/02/2019 17:32, Jakob Bohm via openssl-users wrote:
>>> On 13/02/2019 12:26, Matt Caswell wrote:
Please see my blog post for an OpenSSL 3.0 and FIPS Update:
Hello,
I have two questions :
* I use OBJ_NAME_do_all_sorted() with OBJ_NAME_TYPE_CIPHER_METH to
get the list of supported cipher methods
Is there a difference between lowercase and uppercase names ?
I've noticed that some do not have uppercase name (ex. aes-128-ccm)
Is there a
On 13/02/2019 20:12, Matt Caswell wrote:
On 13/02/2019 17:32, Jakob Bohm via openssl-users wrote:
On 13/02/2019 12:26, Matt Caswell wrote:
Please see my blog post for an OpenSSL 3.0 and FIPS Update:
https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
Matt
Given this announcement, a
Hey guys,
I would like to get a list of all the CAs added to the X509_STORE. For this
I use:
X509_STORE_set_default_paths or X509_STORE_load_locations.
Basically I need to get the list of the CAs out of the store or the store
context. I could not figure out a proper way to do this. I tried to
On 13/02/2019 20:28, Michael Richardson wrote:
>
> Matt Caswell wrote:
> > Please see my blog post for an OpenSSL 3.0 and FIPS Update:
>
> > https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
>
> Thank you, it is very useful to have these plans made up front.
> I think your
13 matches
Mail list logo
