OCSP_basic_verify

2013-04-24 Thread socket
I am using OCSP software which pre-signs all certificate information. Therefor if a nonce check is requested, my responders are not able to provide the nonce back. Knowing this I grabbed apache 2.4.4 from source and modified "/usr/local/src/httpd-2.4.4/modules/ssl/ssl_engine_ocsp.c" I commente

OCSP_basic_verify

2013-04-24 Thread socket
I am using OCSP software which pre-signs all certificate information. Therefor if a nonce check is requested, my responders are not able to provide the nonce back. Knowing this I grabbed apache 2.4.4 from source and modified "/usr/local/src/httpd-2.4.4/modules/ssl/ssl_engine_ocsp.c" I commented

Re: Bug in call to an Engine during PKCS7_sign? (or not?)

2013-04-24 Thread Dr. Stephen Henson
On Wed, Apr 24, 2013, Alan Kozlay wrote: > OpenSSL Team, > > Compiled for Android: > OpenSSL 1.0.1e > FIPS Module 2.0.3. > > I've created an Engine for PKCS#11 to perform RSA operations. > It works when OpenSSL is used for TLS/SSL in both FIPS and non-FIPS mode. > It works when OpenSSL is used f

Re: The new subject hash algorithm

2013-04-24 Thread Krzysztof Benedyczak
Hi, W dniu 24.04.2013 17:36, Dr. Stephen Henson pisze: On Mon, Apr 22, 2013, Krzysztof Benedyczak wrote: Hi Openssl Developers, Since openssl 1.0.0 a new subject hash is used, i.e. the output of the openssl x509 -subject_hash ... has changed. The old one was quite easy to decipher and commo

Re: MD5 in openSSL internals

2013-04-24 Thread Nikola Vassilev
-Original Message- From: Venkataragavan Narayanaswamy Sender: owner-openssl-us...@openssl.org Date: Tue, 23 Apr 2013 00:29:17 To: openssl-dev@openssl.org; openssl-us...@openssl.org Reply-To: openssl-us...@openssl.org Subject: MD5 in openSSL internals Hi, We are currently analyzing an

Bug in call to an Engine during PKCS7_sign? (or not?)

2013-04-24 Thread Alan Kozlay
OpenSSL Team, Compiled for Android: OpenSSL 1.0.1e FIPS Module 2.0.3. I've created an Engine for PKCS#11 to perform RSA operations. It works when OpenSSL is used for TLS/SSL in both FIPS and non-FIPS mode. It works when OpenSSL is used for PKCS_sign in non-FIPS mode but not in FIPS mode. I see

Problems compiling 1.0.1e with no-tlsext

2013-04-24 Thread no_spam_98
I can't get the 1.0.1e SSL library to build when I specify the following config options: shared no-ec2m no-idea no-krb5 no-mdc2 no-rc5 no-tlsext -DOPENSSL_IA32_SSE2 First I get warnings: s3_srvr.c: warning: implicit declaration of function 'ssl_check_clienthello_tlsext_late' s3_srvr.c: warning

Re: The new subject hash algorithm

2013-04-24 Thread Dr. Stephen Henson
On Mon, Apr 22, 2013, Krzysztof Benedyczak wrote: > Hi Openssl Developers, > > Since openssl 1.0.0 a new subject hash is used, i.e. the output of the > > openssl x509 -subject_hash ... > > has changed. The old one was quite easy to decipher and commonly > known (part of the MD5 hash of the bin