Re: add hash signature as part of the stream on which this hash is based on
My guess is that if you could write a hash working the way you say, it would be vulnerable to all sorts of cryptographic attacks: give up! I have indeed given up and found other ways to incorporate the hash while verifying the stream integrity. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
EVP Padding size
Hi, How can I set the EVP padding size to 32byte instead of 16? I currently have the problem, using aes 256bit, that if I encrypt a 20 or 30 size block it will only encrypt 16bytes instead of the whole part. Thanks. -- View this message in context: http://openssl.6102.n7.nabble.com/EVP-Padding-size-tp42413.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Regrading reducing the size of libcrypto.a
From: jeetendra gangele gangele...@gmail.com Please guide me How can i minimize the size since I need only selected algorithms. Can one strip a .a the file...? Mine goes from 3.3M down to 1.8M. But I have no idea if it will still be working... JD __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Regrading reducing the size of libcrypto.a
On 11/20/2012 3:40 PM, jeetendra gangele wrote: Hi, I need to use only AES,SHA-2,EC-DH,EC-DSA. I configure for only those ciphertext and compile the code still I am getting 3.3MB library. How can I minimize it?. When I build with all the ciphertext enable that time also I am getting 3.3 MB size. Please guide me How can i minimize the size since I need only selected algorithms. Are you sure you want to reduce the size of the .a file? Since an .a file is a collection or .o files only some of which will be included in any given program, it is usually more interesting to reduce the amount of unused code ending up in your (real or sample) program. What I generally do is to find a linker option which will tell me which .o files got included, how much the contribute to the size of the program and (for better linkers) why those .o files were included. Then start looking for ways to 1. Avoid .o files which are not really used (but the linker thinks so because of a badly placed reference in a really used .o file) 2. Avoid large .o files where only a small portion of that .o file is needed (the rest is linked in only because someone put it in the same .c file as the needed stuff) I have found that libcrypt is particularly bad in both areas: 1. Many common or required functions contain code such as if (ourObject-somepointer) /* Rarely true */ SomeOtherObject_Free(ourObject-somepointer); Or even worse pAlg = SearchTableBySomeId(n); // Pulls in all the algs in table 2. Functions pulled in by logic such as the first bad example above are often in the same .o file as the full implementation of all functionality and needs of SomeOtherObject, which tends to be much more than what is needed by the (really unused) _Free(ptr) method. A lot of the bloat in libcrypt.a comes from the ASN.1 object handling code, from functions that take an algorithm or object id rather than a pointer to an algorithm/type descriptor, and from functions that are coded to fallback to some specific method if NULL is passed in (thus forcing the fallback to be linked in even if never called with NULL). My own attempts to reduce this were not as successful as I had hoped. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Regrading reducing the size of libcrypto.a
On 11/20/2012 3:53 PM, John Doe wrote: From: jeetendra gangele gangele...@gmail.com Please guide me How can i minimize the size since I need only selected algorithms. Can one strip a .a the file...? Mine goes from 3.3M down to 1.8M. But I have no idea if it will still be working... Properly stripping an .a file simply strips the debug information from all the included .o files, making it harder to debug your program while only providing the same savings as stripping the program after linking it. Improperly stripping an .a file also strips the symbols needed for linking, which will be quite obvious as your program would no longer link. Except for that incident on Solaris earlier this year, the size of .a files is rarely a real problem. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Regrading reducing the size of libcrypto.a
No, it gives me .a file then i convert it to .so file. Since it was saying .so not supported yet for arm-linux evn in configure script. i stripped .so file and i could reduce it to 2.5 MB but still its a big one only. I am compiling with only few ciphers algorithms like sha256,aes,EC-DH and EC-DSA. Interested thing is then I configure with all the size is 3.5MB and when i configure with only above 5. In that case also same size,it should not compile code for other ciphers right? Thanks Jeetendra On 20 November 2012 20:23, John Doe jd...@yahoo.com wrote: From: jeetendra gangele gangele...@gmail.com Please guide me How can i minimize the size since I need only selected algorithms. Can one strip a .a the file...? Mine goes from 3.3M down to 1.8M. But I have no idea if it will still be working... JD __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Regrading reducing the size of libcrypto.a
On 11/20/2012 4:21 PM, jeetendra gangele wrote: No, it gives me .a file then i convert it to .so file. Since it was saying .so not supported yet for arm-linux evn in configure script. i stripped .so file and i could reduce it to 2.5 MB but still its a big one only. Strange, why would it say such a thing? Some incompatible assembler code? Anyone knows? I am compiling with only few ciphers algorithms like sha256,aes,EC-DH and EC-DSA. Interested thing is then I configure with all the size is 3.5MB and when i configure with only above 5. In that case also same size,it should not compile code for other ciphers right? As I tried to explain in my first reply, most of the size of libcrypt is not the ciphers,but all the ASN.1 stuff, such as code to handle X.509 certificates, CRLs, PKCS#7messages, PKCS#12 and PKCS#8 key files, etc. etc. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Does OpenSSL 0.9.7 support SHA256 Digest Algorithm
Hi All, In our product, we are still using OpenSSL 0.9.7d (on Windows platform) for certificate validation. Recently we suffered an issue about certificates based SHA256, and the following error is thrown: ldap_bind: Can't contact LDAP server (-1) additional info: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm My question is: 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? 2) If answer is NO for point 1, since which version does OpenSSL support SHA Digest Algorithm? Thanks Regards, Aaron __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Newsreader (was: Question about exporting user certificate files to .pfx)
On Tue, Nov 20, 2012 at 11:56 AM, jw72...@verizon.net wrote: it would be swell if I could get my email address removed from the list without removing my subscription too. This way I could just use my newsreader to get the messages without having my email box cluttered every day with this high-volume list. Is such a think outside the realm of conceivable possibilities for anyone here? Who here after all is in control (for lack of a better word) of this list? :)Thanks. Google Groups mirrors this list. No need for a subscription/ http://groups.google.com/group/mailing.openssl.users. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Newsreader (was: Question about exporting user certificate files to .pfx)
So can you get that group of messages sent to a newsreader? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Jeffrey Walton Sent: Tuesday, November 20, 2012 11:38 AM To: openssl-users@openssl.org Cc: st...@openssl.org Subject: Newsreader (was: Question about exporting user certificate files to .pfx) On Tue, Nov 20, 2012 at 11:56 AM, jw72...@verizon.net wrote: it would be swell if I could get my email address removed from the list without removing my subscription too. This way I could just use my newsreader to get the messages without having my email box cluttered every day with this high-volume list. Is such a think outside the realm of conceivable possibilities for anyone here? Who here after all is in control (for lack of a better word) of this list? :)Thanks. Google Groups mirrors this list. No need for a subscription/ http://groups.google.com/group/mailing.openssl.users. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Undefined reference to 'FIPS_text_start()'
Hi, I am trying to build an application with the FIPS Object module. I followed the build instructions mentioned in FIPS User Guide 2.0. FIPS Object Module: ./config Make make install Open SSL: ./config fips make depend Make My Application: export FIPSLD_CC=g++ export CC=gcc export CXX=/usr/local/ssl/fips-2.0/bin/fipsld Build Errors: /tmp/cczHeW7i.o: In function `FINGERPRINT_premain()': /usr/local/ssl/fips-2.0/bin/../lib/fips_premain.c:103: undefined reference to `FIPS_text_start()' /usr/local/ssl/fips-2.0/bin/../lib/fips_premain.c:116: undefined reference to `FIPS_incore_fingerprint(unsigned char*, unsigned int)' So my question is, How to fix these errors? Santhosh
Re: Undefined reference to 'FIPS_text_start()'
On Tue, Nov 20, 2012 at 6:16 PM, Santhosh Kokala santhosh.kok...@riverbed.com wrote: Hi, I am trying to build an application with the FIPS Object module. I followed the build instructions mentioned in FIPS User Guide 2.0. FIPS Object Module: ./config Make make install Open SSL: ./config fips make depend Make My Application: export FIPSLD_CC=g++ export CC=gcc export CXX=/usr/local/ssl/fips-2.0/bin/fipsld Build Errors: /tmp/cczHeW7i.o: In function `FINGERPRINT_premain()': /usr/local/ssl/fips-2.0/bin/../lib/fips_premain.c:103: undefined reference to `FIPS_text_start()' /usr/local/ssl/fips-2.0/bin/../lib/fips_premain.c:116: undefined reference to `FIPS_incore_fingerprint(unsigned char*, unsigned int)' Add fipscanister.o to the link phase/ Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm
From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao (Aaron, HPSW-RD-SH) Sent: Tuesday, 20 November, 2012 10:42 In our product, we are still using OpenSSL 0.9.7d (on Windows platform) for certificate validation. Recently we suffered an issue about certificates based SHA256, and the following error is thrown: ldap_bind: Can't contact LDAP server (-1) additional info: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm My question is: 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? On one system I still have 0.9.7m which does have SHA-2, with no mention in CHANGES. However, the 0.9.8* CHANGES describe it as added by 0.9.8(original) and not in 0.9.7h. Thus it was apparently backported somewhere 7h =7m. 2) If answer is NO for point 1, since which version does OpenSSL support SHA Digest Algorithm? (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in OpenSSL much longer, and the algorithm originally released as SHA was defective and withdrawn before use.) Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and signatures using SHA-2 with RSA. Due to API limitation they can't do signatures using SHA-2 with ECDSA, and AIR don't have the DSA sizes for SHA-2 added by FIPS 186-3. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Unable to compile fips_hmac.c file
I am trying to compile tips_hmac.c to verify the FIPS build. But I see errors. Can you please let me know what needs to be done to fix this? Errors: gcc -c fips_hmac.c -I/usr/local/ssl/include FIPSLD_CC=gcc /usr/local/ssl/fips-2.0/bin/fipsld -o fips_hmac fips_hmac.o /usr/local/ssl/fips-2.0/lib/fipscanister.o /usr/local/ssl/lib/libcrypto.a /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup': dso_dlfcn.c:(.text+0x2d): undefined reference to `dlopen' dso_dlfcn.c:(.text+0x43): undefined reference to `dlsym' dso_dlfcn.c:(.text+0x4d): undefined reference to `dlclose' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_pathbyaddr': dso_dlfcn.c:(.text+0x8f): undefined reference to `dladdr' dso_dlfcn.c:(.text+0xe9): undefined reference to `dlerror' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_func': dso_dlfcn.c:(.text+0x451): undefined reference to `dlsym' dso_dlfcn.c:(.text+0x528): undefined reference to `dlerror' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_var': dso_dlfcn.c:(.text+0x5b1): undefined reference to `dlsym' dso_dlfcn.c:(.text+0x688): undefined reference to `dlerror' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_unload': dso_dlfcn.c:(.text+0x6f3): undefined reference to `dlclose' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_load': dso_dlfcn.c:(.text+0x7d7): undefined reference to `dlopen' dso_dlfcn.c:(.text+0x848): undefined reference to `dlclose' dso_dlfcn.c:(.text+0x88d): undefined reference to `dlerror' collect2: ld returned 1 exit status make: *** [fips_hmac] Error 1 Steps I followed to build FIPS Object Module, Openssl and my application (fips_hma.c) FIPS Object Module: ./config make make install OpenSSL ./config fips Make depend Make Make install Openssl Version Output: /usr/local/ssl/bin/openssl version -a OpenSSL 1.0.1c-fips 10 May 2012 built on: Mon Oct 22 16:20:18 PDT 2012 platform: linux-elf options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: /usr/local/ssl My Application I used Makefile give in the FIPS User Guide 2.0 Makefile: CC = gcc OPENSSLDIR = /usr/local/ssl LIBCRYPTO = $(OPENSSLDIR)/lib/libcrypto.a INCLUDES = -I$(OPENSSLDIR)/include CMD = fips_hmac OBJS = $(CMD).o /usr/local/ssl/fips-2.0/lib/fipscanister.o $(CMD): $(OBJS) FIPSLD_CC=$(CC) /usr/local/ssl/fips-2.0/bin/fipsld -o $(CMD) $(OBJS) $(LIBCRYPTO) $(OBJS): $(CMD).c $(CC) -c $(CMD).c $(INCLUDES) clean: rm $(OBJS)
RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm
Thanks a lot, Dave. So it means that SHA256 is only technically supported from 0.9.7h. If I am using 0.9.7d, it is not included, right? Best Regards, Aaron -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, November 21, 2012 10:01 AM To: openssl-users@openssl.org Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao (Aaron, HPSW-RD-SH) Sent: Tuesday, 20 November, 2012 10:42 In our product, we are still using OpenSSL 0.9.7d (on Windows platform) for certificate validation. Recently we suffered an issue about certificates based SHA256, and the following error is thrown: ldap_bind: Can't contact LDAP server (-1) additional info: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm My question is: 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? On one system I still have 0.9.7m which does have SHA-2, with no mention in CHANGES. However, the 0.9.8* CHANGES describe it as added by 0.9.8(original) and not in 0.9.7h. Thus it was apparently backported somewhere 7h =7m. 2) If answer is NO for point 1, since which version does OpenSSL support SHA Digest Algorithm? (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in OpenSSL much longer, and the algorithm originally released as SHA was defective and withdrawn before use.) Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and signatures using SHA-2 with RSA. Due to API limitation they can't do signatures using SHA-2 with ECDSA, and AIR don't have the DSA sizes for SHA-2 added by FIPS 186-3. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: This is one for the Pros: cert is not privkey
From: owner-openssl-us...@openssl.org On Behalf Of Peter Parker Sent: Tuesday, 20 November, 2012 20:59 Subject: This is one for the Pros Not really. This is pretty basic. I've been trying to generate a public/private key pair after generating the certificates, but OpenSSL keeps giving me an error. The commands and the error are below. Thanks. No you're not; you're generating a CA keypair and cert (directly), then an application keypair, then an application cert (via CSR). Which is the (well, a) correct sequence, for one entity. Commands #openssl req -new -x509 -extensions v3_ca -days 365 -keyout caKey.pem -passout pass:test -out caCert.crt -batch #openssl genrsa -out application.pem -passout pass:test -des3 1028 1028 is an unusual size for an RSA key; most folks use power-of-2 based values like 1024 1536 2048. 1024 is presently rather marginal for security; for example, NIST has it deprecated since the end of 2010, and prohibited after the end of 2013, for US government use. #openssl req -new -key application.pem -passin pass:test -out application.csr -batch A second req -new -batch generates a CSR with the same DN ... #openssl x509 -req -days 365 -in application.csr -CA caCert.crt -CAcreateserial -CAkey caKey.pem -passin:test -out test-key.pem -extensions ssl_cert ... thus this creates a CA-signed cert which appears to be self-signed, and will not chain correctly with OpenSSL. If the ssl_cert section of your config file (which doesn't exist in the distro file) includes AKI, other software that chains primarily by AKI may work, but this is still incorrect. This puts the cert in a file named test-key.pem, which is a misleading name. #openssl rsa -in test-key.pem -passin pass:test -out pub-key.pem -outform PEM -pubout And therefore this command, which is not the last one, fails because you told it to read the privatekey from a file which is a certificate. application.pem is your privatekey. #openssl rsautl -encrypt -inkey pub-key.pem -pubin -in testfile.txt -out eFile.ssl Error unable to load Private Key (I receive this after the last command) Not last. The key thing that I am trying to do is to encrypt some files with the key that I generate. I do however want to use the public and private keys that I get out of the PEM file using the x509 (or the ca utilities). If (any of) your files are larger than about 100 bytes (for 1024-bit RSA) you can't use raw RSA; even if they aren't, you can't interoperate with properly designed software that doesn't use raw RSA. The conventional approach is to encrypt the bulk data symmetrically with a nonce key (DEK) and PK (RSA) encrypt that DEK; there are numerous schemes that do this, but the one that OpenSSL supports directly is PKCS7/CMS/SMIME. (CMS is an updated Internet version of PKCS7, and SMIME is a simple wrapping of CMS.) You can generate and use RSA keys without using certificates (and without using the req x509 ca utilities) IF you have a way to distribute them correctly -- that is, to make sure the enveloper always uses a correct publickey for the recipient and not a forged, tampered, or obsolete one. (And similarly the verifier for a signer.) Most standard schemes do use X.509 certs for this purpose, because they are also standard. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm
From: Wu, Hong-Tao (Aaron, HPSW-RD-SH) [mailto:hongtao...@hp.com] Sent: Tuesday, 20 November, 2012 22:05 To: openssl-users@openssl.org Cc: dthomp...@prinpay.com Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm Thanks a lot, Dave. So it means that SHA256 is only technically supported from 0.9.7h. If I am using 0.9.7d, it is not included, right? I don't have all the old versions to check, but according to CHANGES it is NOT in 0.9.7h which means it SHOULD NOT be in any earlier 0.9.7*, and 0.9.7d IS earlier than 0.9.7h so it SHOULD NOT be in 0.9.7d. It IS in the code for 0.9.7m, therefore it was added sometime after 0.9.7h and before or at 0.9.7m. That's what 7h =7m means. Best Regards, Aaron -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, November 21, 2012 10:01 AM To: openssl-users@openssl.org Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao (Aaron, HPSW-RD-SH) Sent: Tuesday, 20 November, 2012 10:42 In our product, we are still using OpenSSL 0.9.7d (on Windows platform) for certificate validation. Recently we suffered an issue about certificates based SHA256, and the following error is thrown: ldap_bind: Can't contact LDAP server (-1) additional info: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm My question is: 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? On one system I still have 0.9.7m which does have SHA-2, with no mention in CHANGES. However, the 0.9.8* CHANGES describe it as added by 0.9.8(original) and not in 0.9.7h. Thus it was apparently backported somewhere 7h =7m. 2) If answer is NO for point 1, since which version does OpenSSL support SHA Digest Algorithm? (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in OpenSSL much longer, and the algorithm originally released as SHA was defective and withdrawn before use.) Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and signatures using SHA-2 with RSA. Due to API limitation they can't do signatures using SHA-2 with ECDSA, and AIR don't have the DSA sizes for SHA-2 added by FIPS 186-3. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org