Hi,
I am developing an application that needs to perform certificate
verification asynchronously (specifically, the CRL queries are performed
asynchronously).
I am using non-blocking BIOs that read/write packets from/to
application-provided buffers.
Can I somehow use SSL_set_verify and trick the
Would you please confirm to the list the name of the Python module, the
download site for it and the version you are currently working with.
This just helps up provide assistance to this same question in future.
Please read up on this recent thread. I do not know anything about
Python modu
I got the icc problem resolved by writing shell script.
Building static libraries get stuck at following point ( I guess the object
limit of qar is hit)
qar -cuv ../../libcrypto.a a_object.o a_bitstr.o a_utctm.o a_gentm.o
a_time.oa_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp
Yup, I had to do a couple of fixes to the GNU utilities to get around
size limitations, for example when the size limit to ADDBNDDIRE (not
qar) is reached, then to split the request and make multiple calls.
G.
From: owner-openssl-us...@openssl.org
[mailto:owner-
Long info because I fear the Python module maybe misunderstanding what
SSL_shutdown() actually does and why it exists. Which in turn mean that
users of the Python module also misuse it (sandcastles in the sand and
all that).
Antoine Pitrou wrote:
While testing Python's SSL support with Op
On Tue, 6 Apr 2010 21:17:01 +0200
"Dr. Stephen Henson" wrote:
> Well that actual manual page is rather old and it still talks about
> PRNG initialisation which dates from the time OpenSSL didn't handle
> that automatically on many platforms.
So are you saying there is no need to seed PRNG? Is th
On Wed, Apr 07, 2010, Sad Clouds wrote:
> On Tue, 6 Apr 2010 21:17:01 +0200
> "Dr. Stephen Henson" wrote:
>
> > Well that actual manual page is rather old and it still talks about
> > PRNG initialisation which dates from the time OpenSSL didn't handle
> > that automatically on many platforms.
>
Hello,
> Would you please confirm to the list the name of the Python module, the
> download site for it and the version you are currently working with.
> This just helps up provide assistance to this same question in future.
This is with Python trunk (from SVN). The error is easily witnessed w
it appears that this function only handles char*, how should unicode strings be
handled?
thanks,
sean
_
Hotmail is redefining busy with tools for the New Busy. Get more from your
in
ok my bad, the question was wrong.
here is the real question I have, when I use the routine X509_NAME_print_ex,
how can I convert the output to be in unicode format? the result I get
currently is just char*.
From: swan...@hotmail.com
To: openssl-users@openssl.org
Subject: does bio_get
On Fri, 2010-04-02 at 15:57 -0400, Victor Duchovni wrote:
> The performance of the 1.0.0 AES algorithm as reported by "openssl speed",
> appears to be much lower with block sizes of 16, 64 and 256 bytes than
> with previous releases. Larger block sizes of 1024 and 8192 bytes show
> good performance
Hello Michael,
[...]
$HOME = . # [active directorey, from which I call openssl]
You better check that one - it may have been a typo here, but *nix systems
__never__ specify the "current working directory" as the $HOME directory.
*nix and nearly all other "single tree" file system OS have an
Hello Michael,
[...]
$HOME = . # [active directorey, from which I call openssl]
You better check that one - it may have been a typo here, but *nix systems
__never__ specify the "current working directory" as the $HOME directory.
*nix and nearly all other "single tree" file system OS have an
Hi,
I took the source of Openssl 1.0.0 and tried building it after running
perl Configure no-idea no-rc5 no-mdc2 no-md2 no-krb5 no-tlsext VC-WIN32
The build fails with the following link errors.
SSLEAY32.def : error LNK2001: unresolved external symbol
SSL_set_session_secret_cb
SSLEAY32.def : e
Hi,
I made the following changes in ssl.h (have indicated the changes with a
comment //added this)
#ifndef OPENSSL_NO_TLSEXT //added this
/* TLS extensions functions */
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_t
Hi,
Does any version of openssl crypto library ( one for RNG) has complaint with
the requirement of NIST SP800-90?
Plz let me know. I couldnt get any info on this from docs.
-Nikitha
Hi All,
I'm a novice user to openssl libraries. Could you plz point me to the
source/test suite available for known answer test of FIPS 140-2 level 2
complaint Diffie-Hellman module?
Thanks,
Nikitha
While we are on the subject of Unicode, there are other areas of OpenSSL that
need Unicode support added, in particular handling of paths and filenames on
UTF16-based filesystems that require wchar_t* parameters. For instance, on
Windows, OpenSSL cannot load certificate files/directories that h
Is it possible to build a FIPS capable Openssl for AMD64?
You can build the fipscanister for AMD64, but then attempting to build
OpenSSL 0.9.8n fails.
cl /Fotmp32dll\fips_standalone_sha1.obj -Iinc32 -Itmp32dll /MD
/Ox /O2 /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32
-DWIN3
On Wed, Apr 07, 2010, Kaila, Ashish wrote:
>
> Hi,
>
> I made the following changes in ssl.h (have indicated the changes with a
> comment //added this)
>
> #ifndef OPENSSL_NO_TLSEXT //added this
> /* TLS extensions functions */
> int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_
On Wed, Apr 07, 2010 at 06:58:05PM +0100, David Woodhouse wrote:
> As you can see, the results all got much faster once I got back in time
> to about mid-2007. Using 'git-bisect' I was able to find the offending
> commit which had caused the performance degradation:
> http://git.infradead.org/user
Why is there code that will not compile still in the tarball?
Granted your makefiles don't try to build it - so why's it there?
Look at pkcs7/bio_ber.c:bio_ber_get_header
This function clearly doesn't compile (missing semicolon after 'unsigned
long length'). Looks like its been like that for a
I am trying to build the newly-released openssl (1.0.0) in a basic
MinGW environment.
I have tried both the automatic MinGW installer, which installs gcc
3.4.5 (fairly old), and a manual install of the current (not
"proposed") gcc, version 4.4.0.
The first error is 3 missing definitions in winc
One more definition is required in wincrypt.h:
sh-3.1$ diff wincrypt.h~ wincrypt.h
1323a1324,1325
>BOOL WINAPI CryptEnumProvidersA( DWORD, DWORD *, DWORD, DWORD *,
LPSTR, DWORD *) ;
>
After that...
ALL TESTS SUCCESSFUL.
make[1]: Leaving directory `/home/ral/openssl-
Hi,
I am using openssl from within neon, itself used from within
Subversion. During an svnsync, I receive the following error
message:
svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL
error: parse tlsext (https://xxx.org)
If I am right, this message comes from openssl.
On Wed, Apr 07, 2010, Florent Georges wrote:
> Hi,
>
> I am using openssl from within neon, itself used from within
> Subversion. During an svnsync, I receive the following error
> message:
>
> svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL
> error: parse tlsext (https
On Wed, 2010-04-07 at 16:00 -0400, Victor Duchovni wrote:
> Can someone confirm that what we are seeing is a work-around for DJB's
> cache timing attack on AES? If so, I would guess that the timing attack
> is believed to be impractical for large blocks, so the fast path is used
> only for sufficie
Dr. Stephen Henson wrote:
Thanks for your fast response!
> That looks like it is only part of the actual error code.
That's all I have. I guess either Subversion or Neon truncates
the error message.
> I suspect it is because the server doesn't support secure
> renegotiation. You can check
On Wed, Apr 07, 2010, Florent Georges wrote:
> Dr. Stephen Henson wrote:
>
> Thanks for your fast response!
>
> > That looks like it is only part of the actual error code.
>
> That's all I have. I guess either Subversion or Neon truncates
> the error message.
>
> > I suspect it is because
29 matches
Mail list logo