On Sat, Jul 7, 2012 at 9:14 AM, Giuseppe Barbieri elec...@gmail.com wrote:
I am using OpenSSL for a cuda project.
I just imported all the project from win to linux (Eclipse)
I solved all the dependencies except this annoying error:
Invalid arguments ' Candidates are: int
On Sat, Jul 7, 2012 at 2:27 PM, pro...@secure-mail.biz wrote:
Hello,
is it possible to sign a foreign SSL public key without having CSR/private
key?
Background:
Because the public root CA's failed at least twice (DigiNotar, Comodo), I'd
like to pin a SSL certificate from a website I
On Sat, Jul 7, 2012 at 4:02 PM, pro...@secure-mail.biz wrote:
noloa...@gmail.com wrote:
You pin a certificate by whitelisting expected server certificates
(possibly thumbprints).
How to do that?
My bad. You usually do it pragmatically in an On Connect callback or
delegate. I don't have any
On Sat, Jul 7, 2012 at 4:02 PM, pro...@secure-mail.biz wrote:
noloa...@gmail.com wrote:
You pin a certificate by whitelisting expected server certificates
(possibly thumbprints).
[SNIP]
So my original question was how do I get wget to verify the torproject.org
fingerprint [4] without
On Sat, Jul 7, 2012 at 2:27 PM, pro...@secure-mail.biz wrote:
Hello,
is it possible to sign a foreign SSL public key without having CSR/private
key?
Background:
Because the public root CA's failed at least twice (DigiNotar, Comodo), I'd
like to pin a SSL certificate from a website I
On Wed, Jul 18, 2012 at 11:15 AM, Aunt Jomamma aunt.joma...@yahoo.com wrote:
Sorry if this is duplicate, but I had an issue with the mailer, and not sure
if this went...
I have successfully built openssl-fips-2.0 + openssl-1.0.1c for Android using
ndk-r8.
I am doing cross-compile on Mac
- Original Message -
From: Jeffrey Walton noloa...@gmail.com
To: openssl-users@openssl.org
Cc:
Sent: Wednesday, July 18, 2012 2:27 PM
Subject: Re: FIPS: Incore fingerprint check fails on Android?
On Wed, Jul 18, 2012 at 11:15 AM, Aunt Jomamma aunt.joma...@yahoo.com wrote:
Sorry
Hi All,
I was asked the details of OpenSSL's FIPS generator. Looking at
fips.{h|c} and fips_rand.{h|c} from OpenSSL's 1.0.x, is see its still
X9.31 using AES (I believe TDEA was used in the past).
What I can't seem to follow is how `static FIPS_PRNG_CTX sctx` is
initialized, so I can't tell if
On Fri, Jul 27, 2012 at 9:00 AM, Abyss Lingvo xidex...@yahoo.com wrote:
Hi all!
The last problem is how to create GOST key pair for certificate.
It is clear how to create RSA keys.
Sample is here : http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html
#include openssl/evp.h
#include
On Sat, Jul 28, 2012 at 6:12 PM, Tayade, Nilesh
nilesh.tay...@netscout.com wrote:
Hi,
I have developed the utility to decrypt the packets coming on wire.
I take the server private key and go on decrypting packets which are received
through the .pcap file.
But the utility is crashing in
never used it, but knew its been part of Crypto++ for some time:
http://www.cryptopp.com/docs/ref/class_g_o_s_t.html).
Jeff
Le 28/07/2012 21:31, Jeffrey Walton a écrit :
On Fri, Jul 27, 2012 at 9:00 AM, Abyss Lingvo xidex...@yahoo.com wrote:
Hi all!
The last problem is how to create GOST
Hi Doctor Henson,
On Mon, Aug 6, 2012 at 11:33 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Mon, Aug 06, 2012, Jakob Bohm wrote:
Much (maybe all, I don't know) of suite B is probable in OpenSSL
1.0.1 too, but I don't have an algorithm by algorithm breakdown
of inclusion status, others
On Tue, Aug 14, 2012 at 12:23 PM, no_spam...@yahoo.com wrote:
Is there a correlation between the strength (size) of the asymmetric keys
used to do the authentication and the strength (size) of the ephemeral DH
keys generated/used to protect the session key (during the key exchange)?
Yes,
On Tue, Aug 14, 2012 at 3:00 PM, no_spam...@yahoo.com wrote:
Thank you for the information and links.
[stuff deleted]
I'm probably missing something in the OpenSSL implementation. The
documentation for SSL_CTX_set_tmp_dh_callback() says that the
tmp_dh_callback is called with the
On Fri, Aug 17, 2012 at 5:19 PM, Cassie Helms cassie.he...@hp.com wrote:
Actually, my real question was, where can I see a list of bugs that are
already reported for openssl, so I can anticipate certain openssl
functions failing? I wish I could contribute more to the source by
reporting bugs,
On Mon, Aug 20, 2012 at 4:54 PM, Ken Goldman kgold...@us.ibm.com wrote:
I'm trying to compile openssl for:
Linux, 32-bit on a 64-bit machine, shared libraries, and debug.
The closest I found was:
./Configure linux-elf -m32 -shared -g
but this still does -O3, and the optimizer doesn't
On Thu, Aug 23, 2012 at 9:06 PM, Paulo Roberto bad_boy_...@hotmail.com wrote:
Hello, I am using the package libssl-dev on ubuntu in my beagleboard xm, and
I have to run two C algorithms using the openSSL library..
Although I can't compile using the command: gcc test.c -lssl -o test. It
seems
This is somewhat off topic, and I apologize for the noise. I imagine
it could interop problems on occasion.
http://support.microsoft.com/kb/2661254
...
The strength of public-key-based cryptographic algorithms is
determined by the time that it takes to derive the private key by
using brute-force
http://www.nist.gov/itl/csd/sha-100212.cfm
he National Institute of Standards and Technology (NIST) today
announced the winner of its five-year competition to select a new
cryptographic hash algorithm, one of the fundamental tools of modern
information security.
The winning algorithm, Keccak
On Fri, Oct 5, 2012 at 6:42 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 10/5/2012 9:54 AM, int0...@safe-mail.net wrote:
On computers that don't have a good /dev/*random, the randomness used
by OpenSSL comes only from things happening on the computer during the
few moments when the
On Sat, Oct 6, 2012 at 9:52 AM, Charles Mills charl...@mcn.org wrote:
I have recently written a product that incorporates SSL/TLS server code that
processes client certificates. I designed what I thought made sense at the
time but now I am wondering if what I did was best.
In the product's
hand
waiving since certificates can't sign one another).
Jeff
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton
Sent: Saturday, October 06, 2012 4:40 PM
To: openssl-users@openssl.org
Subject: Re: Best practice
On Mon, Oct 8, 2012 at 9:25 AM, Mark H. Wood mw...@iupui.edu wrote:
On Mon, Oct 08, 2012 at 07:42:04AM +, Marco Molteni (mmolteni) wrote:
try searching for certificate pinning. If you are familiar with ssh, it
is the same concept of the StrictHostKeyChecking option (although
obviously SSH
and server can perform the
additional validations.
Jeff
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton
Sent: Monday, October 08, 2012 11:13 AM
To: OpenSSL Users List
Subject: Re: Best practice for client cert
Hi All,
I'm revisiting some code I wrote a few years ago. During compilation
on a MacBook, I got a number of warnings due to deprecation:
SRPCommon.cpp: In destructor ‘virtual BigNumCleanup::~BigNumCleanup()’:
SRPCommon.cpp:52: warning: ‘BN_clear_free’ is deprecated (declared at
On Thu, Oct 11, 2012 at 6:47 PM, Charles Mills charl...@mcn.org wrote:
Thanks.
My boss is not technical. I am the CTO of this product. Our customers are
your basic commercial customers. Yes, I picture that they would be their own
CA. Why pay Verisign if you don't have a bunch of people
Hi aunt.jomamma,
You have ignored every return value. You should probably start by
checking all return values.
If you check all return values *and* assert all the checks, you will
have self debugging code. I find self debugging code the best code of
all, but I'm kind of lazy.
2) Is there
On Tue, Oct 16, 2012 at 10:25 AM, Charles Mills charl...@mcn.org wrote:
I have a Windows-only OpenSSL application developed in VS 2010. I have now
been tasked with creating parallel regular and exportable (from the US)
distributions of the application.
There's no need for two versions. Its all
On Wed, Oct 24, 2012 at 2:59 AM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
The wildcard is for a particular domain (* is value for any host within it)
. If your other server is in a different domain, then it won't work.
Don't do it. It violates the principle of least privilege. Why should
a user
On Wed, Oct 24, 2012 at 2:37 PM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Alan Buxey
Sent: Wednesday, 24 October, 2012 03:00
To: aurfal...@gmail.com; openssl-users@openssl.org
Subject: Re: Wild card SSL; use on multiple Apache servers
The
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
SSL_CTX_set_options, should I indicate protocols using this function?.
Before you do that, please realize TLS 1.0 is the least broken of the
protocols you are trying to enable. You really want all TLS 1.2
clients, but its not widely implemented in clients and servers. I can
tell you that a number
On Mon, Oct 29, 2012 at 11:04 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 10/27/2012 10:58 PM, Jeffrey Walton wrote:
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code
is not mentioned in
https://github.com/iSECPartners/ssl-conservatory/raw/master/everything-you-wanted-to-know-about-openssl.pdf.
Jeff
Le 27/10/2012 21:00, Jeffrey Walton a écrit :
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released
, Jeffrey Walton a écrit :
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14
On Tue, Oct 30, 2012 at 10:03 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 10/29/2012 7:05 PM, Jeffrey Walton wrote:
On Mon, Oct 29, 2012 at 11:04 AM, Jakob Bohm jb-open...@wisemo.com
wrote:
On 10/27/2012 10:58 PM, Jeffrey Walton wrote:
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan
On Fri, Nov 2, 2012 at 4:30 PM, Jakob Bohm jb-open...@wisemo.com wrote:
(continuing TOFU posting to keep the thread somewhat consistent)
Given some of the mathematical restrictions on parameters needed to
keep DSA and ECDSA safe from attackers, I don't think using the same
private key for
On Sun, Nov 4, 2012 at 7:15 PM, jb-open...@wisemo.com wrote:
On 02-11-2012 21:46, Jeffrey Walton wrote:
On Fri, Nov 2, 2012 at 4:30 PM, Jakob Bohm jb-open...@wisemo.com wrote:
(continuing TOFU posting to keep the thread somewhat consistent)
Given some of the mathematical restrictions
On Tue, Nov 13, 2012 at 1:34 PM, Sanford Staab sanfo...@gmail.com wrote:
I have been struggling with openssl for a few months now writing batch
scripts on windows trying to make a .net web client with a client
certificate work with 2-way ssl against an apache web server.
Do you guys just want
On Tue, Nov 13, 2012 at 1:51 PM, Magosányi, Árpád m4g...@gmail.com wrote:
On 11/13/2012 07:34 PM, Sanford Staab wrote:
Do you guys just want to continue to answer questions on this alias and not
FIX the docs somewhat over time? I could go into a litany of how much
information is just missing
On Wed, Nov 14, 2012 at 12:32 PM, Nou Dadoun ndad...@teradici.com wrote:
Hi folks,
We have several projects that use openssl in both FIPS-mode and
non-FIPS-mode; one of the projects that we have that does not use FIPS-mode
is one that uses the Boost ASIO library in which we can reach done
On Wed, Nov 14, 2012 at 3:25 PM, mclellan, dave dave.mclel...@emc.com wrote:
...
We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
and I’d like to test out this set of assumptions (or maybe they are
‘assertions’)
- In the context of OpenSSL, FIPS
important question: how we test that we got what we paid for?
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton
Sent: Wednesday, November 14, 2012 3:57 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL/FIPS
On Tue, Nov 13, 2012 at 4:26 PM, mclellan, dave dave.mclel...@emc.com wrote:
We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
and I’d like to test out this set of assumptions (or maybe they are
‘assertions’)
- In the context of OpenSSL, FIPS compliance is
On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote:
Hi,
At one place, we are using following logic for generating self-signed
certificate:
#define SEED_SIZE 128
k = RAND_status();
while(k == 0)
{
// custom logic for getting random numbers from system variables
...
WORKING EXAMPLES would be REAL cool.
You kind of have it with the source code to openssl.exe.
Crypto++ had the same way back when (its a C++ crypto library, and its
not nearly as popular as OpenSSL). Users did not check cryptest.exe
for API usage (cryptest.exe is the equivalent of openssl.exe).
On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote:
CryptGenRandom(hCryptProv, SEED_SIZE, buf); // On Windows OS
apr_generate_random_bytes(buf, SEED_SIZE); // On Linux OS
Speaking of poor
On Fri, Nov 16, 2012 at 9:17 AM, Graham Leggett minf...@sharp.fm wrote:
On 16 Nov 2012, at 4:36 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote
Hi Jacob,
On Fri, Nov 16, 2012 at 1:22 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 11/16/2012 3:36 AM, Jeffrey Walton wrote:
...
Headless servers, entropy starvation, and rollbacks are a concern in
modern environments. OpenSSL and other entropy gathers, such as EDG,
don't account
On Sat, Nov 17, 2012 at 10:56 PM, jb-open...@wisemo.com wrote:
On 16-11-2012 19:57, Jeffrey Walton wrote:
Hi Jacob,
On Fri, Nov 16, 2012 at 1:22 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 11/16/2012 3:36 AM, Jeffrey Walton wrote:
...
Headless servers, entropy starvation
On Sun, Nov 18, 2012 at 11:19 PM, Thomas J. Hruska
shineli...@shininglightpro.com wrote:
On 11/13/2012 11:34 AM, Sanford Staab wrote:
I have been struggling with openssl for a few months now writing batch
scripts on windows trying to make a .net web client with a client
certificate work with
On Mon, Nov 19, 2012 at 10:53 AM, Deeztek.com Support
supp...@deeztek.com wrote:
I fixed the command and it created the end user .pfx file. It imported
successfully into windows but I get this message when I looked at the
certification chain for the intermediate ca:
This certification
On Tue, Nov 20, 2012 at 11:56 AM, jw72...@verizon.net wrote:
it would be swell if I could get my email address removed from the list
without removing my subscription too. This way I could just use my
newsreader to get the messages without having my email box cluttered every
day with this
On Tue, Nov 20, 2012 at 6:16 PM, Santhosh Kokala
santhosh.kok...@riverbed.com wrote:
Hi,
I am trying to build an application with the FIPS Object module. I followed
the build instructions mentioned in FIPS User Guide 2.0.
FIPS Object Module:
./config
Make
make install
Open SSL:
On Mon, Nov 26, 2012 at 5:59 PM, Bill Durant cipherte...@gmail.com wrote:
Hello:
Is PKCS5_PBKDF2_HMAC() thread safe?
See the Is OpenSSL thread-safe? under the PROG section:
http://www.openssl.org/support/faq.html.
Jeff
__
I need to know, first, what Secure Renegotiation is, and then, if it is a
legitimate way to configure a secure server, why it is used.
Secure Renegotiation is a variant of the original negotiation supplied
in SSL way back when. There were two separate issues in renegotiation.
First was an
On Thu, Nov 29, 2012 at 9:57 AM, Staneva, Yana ysten...@micros.com wrote:
Help please.
I have a Win32 application (service) that loads several dlls that make
OpenSSL calls. Also there is a separate dll that takes care of the OpenSSL
initialization (thread setup, SSL_library_init(),
programming techniques. I don't discriminate.
Jeff
On Fri, Nov 30, 2012 at 9:03 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Nov 29, 2012 at 9:57 AM, Staneva, Yana ysten...@micros.com
wrote:
#define MUTEX_TYPEHANDLE
#define MUTEX_SETUP(x)(x) = CreateMutex( NULL, FALSE
On Fri, Nov 30, 2012 at 1:42 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Fri, Nov 30, 2012 at 12:24 PM, NuSkooler nuskoo...@gmail.com wrote:
I think responses like this would be much more helpful without the FUD.
I have no fear since I don't suffer uncertainty. The macros are broken
On Fri, Dec 7, 2012 at 5:05 AM, LN lnicu...@yahoo.com wrote:
...
MS CAPI has an option to mark a private key as exportable when you
create or install it, which means that the private key can then be read
anyway, but I don't know if that feature is used by the OpenSSL CAPI
Engine. It is
Hi All,
On page 133 of the User Guide 2.0 for the OpenSSL FIPS Object Module
v2.0, the document (book?) talks about symbol renaming. The discussion
occurs in Appendix I, API Entry Points by Source File, and the text
is below.
Why does symbol renaming occur?
Jeff
Symbol renaming: Some symbol
On Tue, Dec 11, 2012 at 6:27 PM, redpath redp...@us.ibm.com wrote:
When using this command
openssl genrsa -out test.pem 2048
an RSA pair is created. Its not so much I want to know how a pair is
randomly selected
but how secure is that random selection.
It depends. In theory, the way
On Wed, Dec 12, 2012 at 12:39 PM, Salz, Rich rs...@akamai.com wrote:
Until someone breaks the website, spoofs it, buys out the owner, etc.
Q2.4: Are the numbers available in a secure fashion?
Yes, since April 2007 you can access the server via https://www.random.org/
I should probably note
On Thu, Dec 13, 2012 at 12:34 AM, jeetendra gangele
gangele...@gmail.com wrote:
Hi i tried to load private key into 224 curve for ecdsa and I am
getting below error.
EC_KEY_check_key failed:
error:100B1043:lib(16):func(177):reason(67).
Bleow is my fun to load key.
Can anybody guide me?
$
On Thu, Dec 13, 2012 at 4:04 AM, jeetendra gangele gangele...@gmail.com wrote:
HI,
I am trying to sign the data using EC-DSA algorithm.
i have the private key to sign the data and I could load using
EC_KEY_set_private_key.
But when check the loaded key its failing with the error code below.
On Thu, Dec 13, 2012 at 7:21 PM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
Sent: Thursday, 13 December, 2012 16:31
On Thu, Dec 13, 2012 at 12:34 AM, jeetendra gangele
gangele...@gmail.com wrote:
snip
...
Nit: the primitive
On Sat, Dec 15, 2012 at 12:21 PM, Markus Wernig liste...@wernig.net wrote:
...
After encrypting multiple files with blowfish-cbc and distinct IV for
each file, do I need to keep the IVs secret?
It depends on your security posture. IVs are considered public
parameters, so there is usually no
On Mon, Dec 17, 2012 at 11:16 PM, jeetendra gangele
gangele...@gmail.com wrote:
Hi,
Do we have support for 448 bit hash value generation in openssl.?
I looked into the header file and I did not find functiobn related to that.
Actually I need to compute shared key for ecdh and that should be
because its anonymous or non-authenticated. NIST
Special Publication 800-56A, Recommendation for Pair-Wise Key
Establishment Schemes Using Discrete Logarithm Cryptography, might
help guide you.
Jeff
On 18 December 2012 09:57, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Dec 17, 2012 at 11:16 PM
On Tue, Dec 18, 2012 at 3:24 AM, Matt Caswell (fr...@baggins.org)
fr...@baggins.org wrote:
On 18 December 2012 05:30, jeetendra gangele gangele...@gmail.com wrote:
Ok,
can you expain me how ec_compute_key work and specially this last
argument.
Why its need hash value to calculate the
On Tue, Dec 18, 2012 at 11:15 PM, Bill Durant cipherte...@gmail.com wrote:
Is it not possible to build a FIPS-capable OpenSSL with assembly language
optimization enabled in the fipscanister that works under non-SSE2 capable
processors?
On SUSE Linux Enterprise Server 10, I have built the
On Mon, Dec 24, 2012 at 12:35 AM, Tayade, Nilesh
nilesh.tay...@netscout.com wrote:
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jakob Bohm
Sent: Friday, December 21, 2012 8:23 PM
To: openssl-users@openssl.org
Subject:
On Mon, Dec 24, 2012 at 1:54 AM, Tayade, Nilesh
nilesh.tay...@netscout.com wrote:
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jeffrey Walton
Sent: Monday, December 24, 2012 11:25 AM
To: openssl-users@openssl.org
On Mon, Dec 24, 2012 at 9:11 PM, Jeffrey Walton noloa...@gmail.com wrote:
Hi Steve,
What is the expectation of OPENSSLDIR when building the FIPS Object
Module and FIPS Capable OpenSSL?
Users are usually allowed to modify the environment (within reason).
Do users expect that OPENSSLDIR
Hi All,
I'm having problem building on Mac OS X (2012 MBP, OS X 10.8, Xcode
4.5). The target is iOS, but this appears to be a host problem.
Apple lacks DTLS, STCP, and friends, so I needed to ./config with
-no-dtls. That required a `make depend` cycle.
`makedepend` is missing, so that resulted
On Tue, Dec 25, 2012 at 8:35 AM, Jeffrey Walton noloa...@gmail.com wrote:
Hi All,
I'm having problem building on Mac OS X (2012 MBP, OS X 10.8, Xcode
4.5). The target is iOS, but this appears to be a host problem.
Apple lacks DTLS, STCP, and friends, so I needed to ./config with
-no-dtls
Hi Steve,
What is the expectation of OPENSSLDIR when building the FIPS Object
Module and FIPS Capable OpenSSL?
Users are usually allowed to modify the environment (within reason).
Do users expect that OPENSSLDIR will be honored and 'properly' wired
into --openssldir when configuring the FIPS
On Mon, Dec 24, 2012 at 9:12 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Dec 24, 2012 at 9:11 PM, Jeffrey Walton noloa...@gmail.com wrote:
Hi Steve,
What is the expectation of OPENSSLDIR when building the FIPS Object
Module and FIPS Capable OpenSSL?
Users are usually allowed
Hi All,
Is it sufficient to use -no-zlib to turn off SSL/TLS compression? Or
is compression available through other libraries?
Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing
On Wed, Dec 26, 2012 at 9:57 AM, Ben Laurie b...@links.org wrote:
On Tue, Dec 25, 2012 at 1:35 PM, Jeffrey Walton noloa...@gmail.com wrote:
I fetched `makedepend` from FreeDesktop.org
(http://xorg.freedesktop.org/releases/individual/util/). It would not
build due to missing dependencies. Ad
Hi All,
I'm trying to split hairs on the meanings of -no-shared and -no-dso.
I believe -no-shared means the output of the build process does not
include a shared object (*.so, *.dylib, etc). Other build process
artifacts, such as static libraries (*.a) will still be produced.
I believe -no-dso
: this is the location of the previous definition
...
[30 or 50 or so duplicate errors removed]
...
command-line: error: this is the location of the previous definition
make[1]: *** [depend] Error 1
make: *** [depend] Error 1
On Tue, Dec 25, 2012 at 12:27 PM, Jeffrey Walton noloa...@gmail.com wrote
not exist, it cannot be executed.
Jeff
On Fri, Dec 28, 2012 at 3:14 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Fri, Dec 28, 2012 at 7:48 AM, Michael Mueller abaci@gmail.com
wrote:
i compiled openssl with no-zlib
ldd client
linux-vdso.so.1 = (0x7fff059ff000
On Fri, Dec 28, 2012 at 3:14 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Fri, Dec 28, 2012 at 7:48 AM, Michael Mueller abaci@gmail.com wrote:
i compiled openssl with no-zlib
ldd client
linux-vdso.so.1 = (0x7fff059ff000)
libssl.so.1.0.0 = /lib64/libssl.so.1.0.0
On Fri, Dec 28, 2012 at 3:37 PM, Hemayamini Kurra
hemayaminiku...@email.arizona.edu wrote:
Hello!!
I am implementing DH algorithm using OpenSSL library.
My scenario is -
using DH key exchange algorithm for key generation and exchange between
client and server. Using DSA for two way
are not received properly by the peer!!
Use BSON to package the data. It sounds like its a presentation layer problem.
Jeff
On Fri, Dec 28, 2012 at 2:28 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Fri, Dec 28, 2012 at 3:37 PM, Hemayamini Kurra
hemayaminiku...@email.arizona.edu wrote
On Fri, Dec 28, 2012 at 6:32 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Fri, Dec 28, 2012, Jeffrey Walton wrote:
On Fri, Dec 28, 2012 at 3:23 PM, Michael Mueller abaci@gmail.com wrote:
i was going to do this:
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION
Hi All,
I'm trying to work through a couple of issues on Mac OS X. The steps
are below, all performed in openssl-1.0.1c/ directory.
The problem with ERR_load_COMP_strings has showed up on at *least* two
Apple platforms now. I've also had to fix MAKEDEPEND on two Apple
platforms.
Looking through
On Sun, Dec 30, 2012 at 8:23 AM, Jeffrey Walton noloa...@gmail.com wrote:
Hi All,
I'm trying to work through a couple of issues on Mac OS X. The steps
are below, all performed in openssl-1.0.1c/ directory.
The problem with ERR_load_COMP_strings has showed up on at *least* two
Apple
On Sun, Dec 30, 2012 at 11:06 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Sat, Dec 29, 2012, Dr. Stephen Henson wrote:
On Fri, Dec 28, 2012, Jeffrey Walton wrote:
On Fri, Dec 28, 2012 at 3:23 PM, Michael Mueller abaci@gmail.com
wrote:
i was going to do
Hi All,
While working on Apple with Mac OS X and iOS, I found I needed to
patch OpenSSL 1.0.1c's Makefile.
Makefile.org has the following line, and it was copied directly into
Makefile by Configure:
MAKEDEPPROG=makedepend
When the Configure target is iphoneos (cross), iphonesimulator
On Sun, Dec 30, 2012 at 3:20 PM, jb-open...@wisemo.com wrote:
On 30-12-2012 21:01, Jeffrey Walton wrote:
Hi All,
While working on Apple with Mac OS X and iOS, I found I needed to
patch OpenSSL 1.0.1c's Makefile.
Makefile.org has the following line, and it was copied directly
On Sun, Dec 30, 2012 at 3:20 PM, jb-open...@wisemo.com wrote:
On 30-12-2012 21:01, Jeffrey Walton wrote:
Hi All,
While working on Apple with Mac OS X and iOS, I found I needed to
patch OpenSSL 1.0.1c's Makefile.
Makefile.org has the following line, and it was copied directly
On Mon, Dec 31, 2012 at 8:39 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 12/31/2012 12:39 PM, Jeffrey Walton wrote:
On Sun, Dec 30, 2012 at 3:20 PM, jb-open...@wisemo.com wrote:
On 30-12-2012 21:01, Jeffrey Walton wrote:
...
Configure should test `makeddepend`. If 'makedepend' succeeds
On Mon, Dec 31, 2012 at 1:58 PM, Walter H. walte...@mathemainzel.info wrote:
Hello,
why does the following makefile not succeed?
...
I have isolated the problem:
openssl crl -noout -text -in $ $@
exits with exit code 1 instead of 0, why?
openssl crl -noout -text -in $ -out $@
does the
Hi All,
Is it possible to configure a build that does not include documentations?
I'm working on Mac OSX, and I have three targets under /usr/local/ssl/
(iphoneos, iphonesimulator, and macosx). There's no reason to install
the documentation over top itself multiple times.
Jeff
On Mon, Dec 31, 2012 at 7:00 AM, Ben Laurie b...@links.org wrote:
On Mon, Dec 31, 2012 at 11:39 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Sun, Dec 30, 2012 at 3:20 PM, jb-open...@wisemo.com wrote:
On 30-12-2012 21:01, Jeffrey Walton wrote:
Configure should test `makeddepend
1 - 100 of 744 matches
Mail list logo
