> On Feb 24, 2015, at 9:42 PM, jone...@teksavvy.com wrote:
>
> On Tue, 24 Feb 2015 16:16:17 +
> "Dr. Stephen Henson" wrote:
>
>> On Tue, Feb 24, 2015, jonetsu wrote:
>
>>> Hello,
>>>
>>> To grasp how FIPS methods are called, and following one method
>>> as an example, HMAC_Update() in h
Have you tried changing FIPSLD_CC and FIPSLD_LINK to include the necessary
options (e.g. -mt)? Note: it might be simpler to modify fipsld instead,
depending on how easy/hard it is to maintain spaces properly when settings
FIPSLD_CC and FIPSLD_LINK. Since the fipsld script is just a convenience
On Tue, 24 Feb 2015 16:16:17 +
"Dr. Stephen Henson" wrote:
> On Tue, Feb 24, 2015, jonetsu wrote:
> > Hello,
> >
> > To grasp how FIPS methods are called, and following one method
> > as an example, HMAC_Update() in hmac.c, we can see that if FIPS
> > mode is active then FIPS_hmac_update(
Am 24.02.2015 um 16:19 schrieb Salz, Rich:
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for "openssl ocsp", should I file a documentation
defect in RT for that?
yes, please.
Never mind, Stephen already fixed the doc in master :)
Sorry, I sent alrea
On Tue, Feb 24, 2015, Stephan M?hlstrasser wrote:
>
> Do I understand it correctly then that "a local configuration of
> OCSP signing authority" here means that it is a deliberate choice
> inside OpenSSL itself to look for the OCSPSigning flag in the
> extended key usage of the root CA, although
On Tue, Feb 24, 2015, jonetsu wrote:
> Hello,
>
> To grasp how FIPS methods are called, and following one method
> as an example, HMAC_Update() in hmac.c, we can see that if FIPS
> mode is active then FIPS_hmac_update() will be called. This is
> fine although searching the sources for the phys
Am 24.02.15 um 14:47 schrieb Dr. Stephen Henson:
If the responder root CA is set to be trusted for OCSP signing then it can be
used to sign OCSP responses for any certificate (aka a global responder). This
comes under:
1. Matches a local configuration of OCSP signing authority for the
c
> > As there is no documentation and as noone seems to know the meaning of
> > the -no_explicit for "openssl ocsp", should I file a documentation
> > defect in RT for that?
>
> yes, please.
Never mind, Stephen already fixed the doc in master :)
___
ope
On 22 Feb 2015, at 11:22 PM, Tinker wrote:
> I need your authoritative answer on the following question.
[snip stuff that is too long]
You are totally overthinking this.
The SSL protocol involves negotiation, during which the sender and the receiver
exchange data with each other. What this me
Hello,
To grasp how FIPS methods are called, and following one method
as an example, HMAC_Update() in hmac.c, we can see that if FIPS
mode is active then FIPS_hmac_update() will be called. This is
fine although searching the sources for the physical definiton of
FIPS_hmac_update() does not yiel
On Tue, Feb 24, 2015, Richard Welty wrote:
> On 2/24/15 9:21 AM, Dr. Stephen Henson wrote:
> >
> > Typically you'd write the signed content to a memory BIO and then decrypt
> > that. Precisely how you decrypt the enveloped data depends on the format. It
> > might be in MIME format in which case yo
> As there is no documentation and as noone seems to know the meaning of
> the -no_explicit for "openssl ocsp", should I file a documentation defect in
> RT
> for that?
yes, please.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/
On 2/24/15 9:21 AM, Dr. Stephen Henson wrote:
>
> Typically you'd write the signed content to a memory BIO and then decrypt
> that. Precisely how you decrypt the enveloped data depends on the format. It
> might be in MIME format in which case you'd pass it through the MIME parser.
> Alternatively i
On Mon, Feb 23, 2015, Bala Duvvuri wrote:
> Hi All,
>
> I am trying to test the FIPS ECDH support present in OpenSSL i.e trying to
> run the fips_ecdhvs.c test.
>
When you say ECDH support present in OpenSSL do you mean in the FIPS module or
in OpenSSL itself?
If you mean in OpenSSL itself th
On Mon, Feb 23, 2015, Richard Welty wrote:
> i'm starting on some work that needs to use CMS in an
> application, and i'm having trouble getting my head
> wrapped around how to handle the case of verifying
> a signature and then decrypting the enveloped data
> that has been signed. specifically, i
On Wed, Feb 18, 2015, Stephan M?hlstrasser wrote:
>
> What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using
> the "-no_explicit" command line option. What exactly is checked by
> the X509_check_trust() call above with respect to the relevant RFCs?
>
If the responder root CA is set
Am 18.02.15 um 13:19 schrieb Stephan Mühlstrasser:
Unfortunately the "-no_explicit" command line option is not documented:
https://www.openssl.org/docs/apps/ocsp.html
What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using the
"-no_explicit" command line option. What exactly is che
17 matches
Mail list logo