versions
of the Windows Logo guidelines, but is basically about using the
locations returned by SHFOLDER.DLL with appropriate program specific
suffixes. However in this particular case there is no point in having
the file anyway.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
DONE
:HASHFAIL
echo Error creating hashed copy of %1 as %HASH%%NUM%
set HASH=
goto DONE
:DONE
c_rehash bat ends here
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message
every time.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
openssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10
call:+4531131610
This message is only for its intended
anyone have experience with this? Any pointers or links to documentation
for how this might be done?
Thanks in advance N
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10
call:+4531131610
This message is only
track it down?
Try putting printf() statements inside RAND_bytes() to narrow it
further (I assume you compile OpenSSL yourself).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion
REFER MOUNTPOINT
iscbind_rpool/ROOT/s10s_u9wos_14a 31.9G 680M 30.7G /
# rm libcrypto.a
# zfs list iscbind_rpool/ROOT/s10s_u9wos_14a
NAMEUSED AVAIL REFER MOUNTPOINT
iscbind_rpool/ROOT/s10s_u9wos_14a 22.7G 9.90G 21.4G /
Enjoy
Jakob
--
Jakob Bohm, CIO
hello.txt
$openssl md5 hello.txt
works
$set OPENSSL_FIPS=1
$openssl md5 hello.txt
Error disabled for fips
$openssl sha1 hello.txt
works
Thanks for any advice,
-EJ
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct
useful on the client side to decide which
certificates to provide to the other end.
--
Ashok
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10
call:+4531131610
This message is only for its intended recipient, delete
is still trusted.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
objects, which can
then be passed to multiple signing operations without reloading
them.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
) of suite B is probable in OpenSSL
1.0.1 too, but I don't have an algorithm by algorithm breakdown
of inclusion status, others on this list probably have such a
list.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16
On 8/7/2012 2:52 PM, Dr. Stephen Henson wrote:
On Tue, Aug 07, 2012, Jeffrey Walton wrote:
Hi Doctor Henson,
On Mon, Aug 6, 2012 at 11:33 AM, Dr. Stephen Henson
st...@openssl.org wrote:
On Mon, Aug 06, 2012, Jakob Bohm wrote:
Much (maybe all, I don't know) of suite B is probable
of the terminal code
and API.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
, might not compile):
#include stdio.h
int main(int argc, char **argv) {
char buf[1024];
(void)argc;
(void)argv;
fgets(buf, sizeof(buf), stdion);
fputs(buf, stdout);
fputs(!\n, stdout);
return 0;
}
On Aug 8, 2012, at 5:12 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 8/8
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
' in encrypted code?
Is there any range of characters I can specify to DES algorithm
which can
be
used for encrypted code generation?
Please help I am stuck.
Thanks.
Tarun
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
the certificate to tell the server what the public key is
and as proof of what identity is proven by the signature does prove a
lot. So that is what SSL does. And that is why an SSL client needs
the private key of the client certificate (if any).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
is necessary because the
RFC3161 protocol returns a signature which is not a valid RFC2985
counterSignature.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
to verify ee.pem with the
newca.pem.
P.S. The CA and EE certificates are v3 but do not contain AKI or SKI
fields.
--
Ashok
On Mon, Sep 24, 2012 at 6:50 PM, Jakob Bohm jb-open...@wisemo.com
mailto:jb-open...@wisemo.com wrote:
On 9/13/2012 3:41 PM, Charles Mills wrote:
Would
, Jakob Bohm jb-open...@wisemo.com
mailto:jb-open...@wisemo.com wrote:
Hi,
In your test case which fields actually differ between the
old root CA certificate and the new root CA certificate?
P.S.
Please do not use those 3 letter abbreviations of certificate
field names, very
On 9/25/2012 11:11 AM, Erwann Abalea wrote:
Bonjour,
Le 24/09/2012 21:03, Jakob Bohm a écrit :
Does that work with any other serious X.509 validation toolkit?
It should.
When trying to build a valid certification path, all possibilities have
to be tested until one of them succeeds. If a CA
On 9/25/2012 6:12 PM, Erwann Abalea wrote:
Bonjour,
Le 25/09/2012 14:16, Jakob Bohm a écrit :
On 9/25/2012 11:11 AM, Erwann Abalea wrote:
Le 24/09/2012 21:03, Jakob Bohm a écrit :
Does that work with any other serious X.509 validation toolkit?
It should.
And in fact, OpenSSL works
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
On 9/28/2012 4:45 PM, Valentin Bud wrote:
Hello Jakob,
On Fri, Sep 28, 2012 at 04:20:00PM +0200, Jakob Bohm wrote:
Simple really:
Indeed. When you know a certain topic and you've studied for a certain
time it's really simple. For me, for now, compliant RFC CA is a nebula.
I am starting
the approved
CSR's to the CA machine for signing and then hand carry the signed
certificates back. Large public CAs need more robust multi-person
procedures.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
initiatives in the past.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
bug that it frequently chooses the wrong directory for the file,
apparently the code was written by someone unfamiliar with the Windows
FHS conventions (which are logically similar but very different from
the Linux/Unix FHS).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
algorithms in 2007, when it was thought that SHA-2, the
standard secure hash algorithm, might be threatened. Keccak will now
become NIST’s SHA-3 hash algorithm.
...
Gary Clark already posted this more than 13 hours ago...
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
some light into this?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
functions.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
to be a pretty common
thing.
I did search the forum for this.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
is also known as SSL/TLS client
authentication or as SSL/TLS with client certificates.
Those other names are what is used most in the OpenSSL documentation,
on this mailing list, and probably in that book (which I have not
read).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
of this (and because some platforms just don't support it at
all), it is good practice for portable DLLs to export a functions
which returns the address of the data item, thus working around all
this breakage.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730
. The security model is that the wildcard cert identifies
the organization, and the organization only installs the private key
on trusted servers.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
someserver.example.com:443 -showcerts NUL
openssl pkcs7 -noout -print_certs -text -in somemail.pem
openssl cms (some args) somemail.pem
2. Display each certificate with the command
openssl x509 -noout -text -in onecert.pem
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
On 10/29/2012 7:05 PM, Jeffrey Walton wrote:
On Mon, Oct 29, 2012 at 11:04 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 10/27/2012 10:58 PM, Jeffrey Walton wrote:
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper
element contains a public key, but the quintuple
representation is a way to represent a private key. So RSAKeyValue
corresponds to (n,e) from RFC3447 section 3.1, not 3.2.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark
the OP (and others as this seems a FAQ) to a good
example of adding OpenSSL to existing socket code with current best
practices, please post it as a reply in this thread.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct
On 11/2/2012 3:06 PM, John A. Wallace wrote:
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jakob Bohm
Sent: Thursday, November 01, 2012 12:25 PM
To: openssl-users@openssl.org
Subject: Re: Enabling https capability
this temp config file
;and wipe it securely after use
[req]
...
attributes = thisreq_attributes
[thisreq_attributes]
challengePassword_default = VerySecretWordTheyCannotGuessThisHaHa
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
? Could you also
mention why?
Well one reason is that the fixed ECDH cipher suites do not support forward
secrecy because they always use the same ECDH key.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13
On 11/5/2012 1:37 AM, Jeffrey Walton wrote:
On Sun, Nov 4, 2012 at 7:15 PM, jb-open...@wisemo.com wrote:
On 02-11-2012 21:46, Jeffrey Walton wrote:
On Fri, Nov 2, 2012 at 4:30 PM, Jakob Bohm jb-open...@wisemo.com wrote:
(continuing TOFU posting to keep the thread somewhat consistent
validation), it probably calls an appropriate subroutine on the expiry
date in the X509 cert.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
tm structures
called OPENSSL_gmtime_diff.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
tell by string comparison
if you are close or not, which is kind of rare for a
non-neural computer).
Good joke though
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non
On 11/7/2012 7:34 PM, Erwann Abalea wrote:
Le 07/11/2012 16:08, Jakob Bohm a écrit :
On 11/7/2012 3:39 PM, Charles Mills wrote:
A struct tm is only granular down to whole seconds, right?
Yes, and it is not the easiest data type for data math either, even
when restricted to GMT/UT1/UTC.
Plus
products from teh mix, based on deficiencies and
improvements that appear in each as they develop.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may
with the
unencrypted data as the input parameter which would then pass this to
the running “service”, retrieve the encrypted data result from this
“service” and pass it as the output.
Can anyone enlighten me on a potential solution for this?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
as a common
example. This wouldpresumably be irrelevant if feeding the kernel
plenty of external entropy, e.g.by getting it from a hardware RNG
hooked up to a trusted server (under yourown control of cause).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29
updating
4. There was an extra option in the Win32/Win64 build scripts which
package the HTML pages into a properly indexed .chm file.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion
if never called with
NULL).
My own attempts to reduce this were not as successful as I had hoped.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
will be quite obvious as your program would no longer link.
Except for that incident on Solaris earlier this year, the size of .a
files is rarely a real problem.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
not compile code for other
ciphers right?
As I tried to explain in my first reply, most of the size of libcrypt
is not the ciphers,but all the ASN.1 stuff, such as code to handle
X.509 certificates, CRLs, PKCS#7messages, PKCS#12 and PKCS#8 key
files, etc. etc.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
.
(And similarly the verifier for a signer.) Most standard schemes
do use
X.509 certs for this purpose, because they are also standard.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public
. Be very careful if you are using that library
on Windows.
I can't explain all the defective code circulating. Folks must all be
copy/paste'ing the same junky code.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark
published by CAs (much
of which will be referenced in various fields in issued certificates).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
TestFortyTwo_Expired.pem -noout -text
and compare all the details to what you see in IE.
Maybe it is not the same certificate.
Can I switch careers to basket weaving?
Nah, I think that got outsourced (back) to China too.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
On 12/5/2012 6:44 PM, Will Nordmeyer wrote:
On Wed, Dec 5, 2012 at 12:18 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 12/5/2012 5:30 PM, Will Nordmeyer wrote:
On Wed, Dec 5, 2012 at 11:22 AM, Dr. Stephen Henson st...@openssl.org
wrote:
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
On Wed
to go the
other way would compromise security just by being possible).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote
-in yourcert.p7b -noout -print_certs -text
(A CA is not required to obey any of the requested attributes listed in
the CSR, any by default most CA software will put in only its usual
attributes unless explicitly told otherwise by the PKI folks).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo
, 64);
SHA1_Update(context, outbuf, 20);
SHA1_Final(outbuf, context);
Could someone please advice how is HMAC-SHA256 implemented?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
procedure changes to simply skipping steps 2 and 3 and restarting
download slightly earlier than what the other end previously sent you
(because some data did not make it to disk before the crash).
Thanks in advance for shedding some light for a lost soul ;-)
Enjoy
Jakob
--
Jakob Bohm, CIO
first compiling
the C source code to native code (I guess that would mean compiling
as CX when creating a Metro App, not sure though).
Running OpenSSL does not need or use perl in any way.
2.no its not
Hope this changes soon.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
for these new primitives).
(Note, the above is from my fading memory, I may have gotten some
details wrong).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may
binary (the fipscanister) lacked this basic test.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
a strong NDA, so I cannot give you the
details.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
the incoming network requests arrive, thus
shaving some time off the response time, especially if the load is a
little uneven, rather than a sustained maximum-capacity test load.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark
.
In the previous case, it turned out they were two different certificates
with similar names, and the wrong certificate had been imported into
Windows in a previous attempt, preventing loading of the real
certificate until the wrong one was manually deleted.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
://cvs.openssl.org/fileview?f=openssl/Configurev=1.621.2.37.2.32.2.11
http://cvs.openssl.org/fileview?f=openssl/Makefile.orgv=1.295.2.10.2.11.2.3
I think this is better done by someone who is already familiar with that
piece of code (./Configure) and its design/style.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
or some future cipher implementing
the EVP_CTRL_PBE_PRF_NID cipher control (most modern ciphers don't
implement this badly thought out nonsense and most higher level openssl
APIs and apps do not allow passing a prf NID or EVP_MD down to
PKCS5_pbe2_set_iv().
Enjoy
Jakob
--
Jakob Bohm, CIO
, but it is really the llvm-clang compiler (not the
llvm-gcc compiler, which is a different part of the llvm project).
Also note that as is (or at least recently was) the Apple fork of GNU
as, not the llvm assembler (again, this is for iOS).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
will generated at all?
On Tue, Jan 8, 2013 at 2:36 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 1/8/2013 10:03 AM, Serhiy Ivanov wrote:
I built my simple project with -lssl option, so libsssl.a qattached
statically. However as i see from map report i see next pages:
The command
cc -lssl
be able to point you to precisely which
existing OpenSSL mechanisms can do the trick.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
) software than the
build machine.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
would greatly appreciated.
Did you remember to install NASM?
Are the functions completely missing or just not exported from the
resulting DLLs?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
On 1/10/2013 12:13 PM, Tayade, Nilesh wrote:
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jakob Bohm
Sent: Friday, December 21, 2012 8:23 PM
To: openssl-users@openssl.org
Subject: Re: RSA_private_decrypt function takes
from them, then you know that to be true.
Someone please correct me if I got this wrong.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
compilation result, with
3 possible runtime hardware dependent behaviors, not a 3x3 matrix
of possible host/target capability combinations. Ditto for x86_64
(maybe 2 possibilities not 2x2) and arm (2 possibilities not 2x2).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
it sounds like I cannot use the current FIPS modules then, which
is the subject of this thread.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
vice versa only without the -pkeyopt.
No, in that case you need to find the name of the hash algorithm
elsewhere in either the SignedData structure or its context.
...
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
?
please correct me if i am wrong.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
government use and might not meet the needs of all military
classification levels (I am not cleared to know the details of that
either, so don't tell me or the public list what you find out).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
should show you the underlying cause.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
for the
difference between the two tls-unique values from the two halfs of the
connection.
(snip code to extract the tls-unique binary value from an SSL_CTX
handle without a specific API for this task)
For HKDF see: https://tools.ietf.org/html/rfc5869
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo
On 1/30/2013 7:15 PM, Viktor Dukhovni wrote:
On Wed, Jan 30, 2013 at 07:03:09PM +0100, Jakob Bohm wrote:
You don't, but, you shold instead obtain the tls-unique channel
binding data ( https://tools.ietf.org/html/rfc5929#section-3 ) and
run the result through a KDF (HKDF should work well
nickname as the file name and use subdirectories for certificate types
(e.g. cacerts/, incerts/, contacts/, owncerts/).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non
attacked with replays of
client packets, amongst other benefits.
Client random protects the client from being attacked with replays of
server packets, amongst other benefits.
Simple, really.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
operations available via a PKCS#11 or Microsoft
CryptoAPI driver. There is also documentation for writing your own
engine if none of the available engines are good enough.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31
attack, and specifically praises the OpenSSL
fix for being even better than their own demonstration code for
the countermeasures.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message
-CAfile root-chain.pem cert1.pem
And the second round would be
Unix: cat cert1.pem root.pem cert1-chain.pem
Windows: copy /A cert1.pem+root.pem cert1-chain.pem
Both: openssl verify -CAfile cert1-chain.pem cert2.pem
Etc.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
at
http://www.openssl.org/~bodo/tls-cbc.txt
However that document seems to be missing.
Would you mind restoring the document, even if you are not otherwise
allowing Mr. Moeller to host stuff on www.openssl.org?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
On 2/25/2013 4:26 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Friday, 22 February, 2013 05:06
On 2/21/2013 11:12 AM, Mozes, Rachel wrote:
[other reports say issue]
affects just The TLS protocol *_1.1 and 1.2_ *and the DTLS
protocol 1.0
On 2/25/2013 4:26 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Friday, 22 February, 2013 06:03
On 2/21/2013 2:29 PM, ashish2881 wrote:
I have a certificate chain in a file chain.pem .it also has root
certificate(self signed) .
How can i verify
of
CertificateRequest.supported_signature_algorithms which is
compatible with the chosen client certificate.
THE RECOMMENDED BEHAVIOR is to use the strongest such element,
but without choosing something impossible.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
1 - 100 of 1144 matches
Mail list logo