Bonjour,
Le 30 mai 2015 à 09:48, John Lofgren via RT r...@openssl.org a écrit :
I believe I have pinpointed a typo-error that may be the cause of one or
two other outstanding bugs related to certificate chain validation. This
bug only occurs in a chain of certs at least 3 deep when the
Bonjour,
Le 30 mai 2015 à 09:48, John Lofgren via RT r...@openssl.org a écrit :
I believe I have pinpointed a typo-error that may be the cause of one or
two other outstanding bugs related to certificate chain validation. This
bug only occurs in a chain of certs at least 3 deep when the
Dear Team,
We have a client-server (Server is a C++ process) communication which does a
TCP communication over a secure layer. The SSL is achieved by OpenSSL library
on that process.
Am having some connection problems in the Server side - So inorder to avoid
this can I put this SSL under F5
Erwann, thank you for the explanation. This makes sense now. I looked at
the spec and now I understand the purpose the AKI.authorityCertIssuer. What
made me misunderstand this in the first place is that 'openssl x509 -text
...' gives no indication that this field is the name of the issuer's
On Mon 2015-06-01 07:36:01 -0400, Krzysztof Kwiatkowski wrote:
Yes, that's exactly what we do in our configuration. We have 24 servers
with rather high workload. SSL is offloaded on F5 load balancer and
servers behind load balancers receive decrypted traffic.
I'm not aware of any
We are thinking of removing support for EGD (entropy-gathering daemon) in the
next release. None of our supported platforms have needed it for some time.
If this will cause an issue for you, please reply soon.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
Depending on how the comparison function was implemented, the insert could
still succeed at the point mentioned.
In the case of the patch sent for RT 3883, the original implementation of the
comparison function always failed if the client IP address was not set (given
that RT 3883 does not
Re: copyrights:
Planning to copy the (109-line) main copyright from another source file and
append to it:
/*
* Copyright (C) 2015 Akamai Technologies. ALL RIGHTS RESERVED.
* This code was originally developed by Akamai
Depending on how the comparison function was implemented, the insert could
still succeed at the point mentioned.
In the case of the patch sent for RT 3883, the original implementation of the
comparison function always failed if the client IP address was not set (given
that RT 3883 does not
Hi,
Yes, that's exactly what we do in our configuration. We have 24 servers
with rather high workload. SSL is offloaded on F5 load balancer and
servers behind load balancers receive decrypted traffic.
I'm not aware of any performance issues. And in fact it's quite good
idea as server itself
Note that this (almost) is identical to the Sun Microsystems contribution
copyright in s3_both.c, s3_clnt.c s3_lib.c s3_srvr.c, ssl_cert.c ssl_ciph.c,
ssl_lib.c and ssl_locl.h…
--
-Todd Short
// tsh...@akamai.commailto:tsh...@akamai.com
// “One if by land, two if by sea, three if by the
Believe that this question will be raised again and again...
Yuting Chen
-Original Message-
From: Erwann Abalea
Sent: Monday, June 01, 2015 10:12 AM
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] verify fails for 3-level cert chain when
usingX509v3 Authority Key Identifier
On Mon, 1 Jun 2015, Salz, Rich wrote:
We are thinking of removing support for EGD (entropy-gathering daemon)
in the next release. None of our supported platforms have needed it for
some time. If this will cause an issue for you, please reply soon.
There is one currently shipping system I
While HP NonStop is not officially supported, I have been helping to maintain
a fork for the platform since December and are current through 1.0.2a. We
do use prngd. I am looking for ways to get back on the official platform list,
looking for alternatives to prngd for that platform, and trying
There is one currently shipping system I am aware of that does need PRNGD.
OpenServer 5 from XinuOS.
Which isn't a supported system...
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Mon, Jun 1, 2015 at 12:56 PM, Daniel Kahn Gillmor
d...@fifthhorseman.net wrote:
On Mon 2015-06-01 07:36:01 -0400, Krzysztof Kwiatkowski wrote:
Yes, that's exactly what we do in our configuration. We have 24 servers
with rather high workload. SSL is offloaded on F5 load balancer and
servers
On June 1, 2015 10:03 AM Rich Salz wrote:
We are thinking of removing support for EGD (entropy-gathering daemon) in
the next release.
None of our supported platforms have needed it for some time. If this
will cause
an issue for you, please reply soon.
While HP NonStop is not officially
I had to install an entropy gather on Debian desktop because reads to
/dev/random would fail on occasion when the device was opened
O_NONBLOCK. I was not hitting it hard - I was just trying to grab a 32 byte
one-time seed to seed an in-app generator. It was really surprising to see
Debian's
On 5/31/2015 2:46 AM, noloa...@gmail.com via RT wrote:
apps.c has a couple of parsing routines called load_pubkey and
load_key. rsautl uses those routines.
However, there's no option in rsautil to use anything other than a
ASN.1/DER or PEM encoded traditional key (or subject public key info).
In message
48ce1b94ef3648d990a5e253a8992...@ustx2ex-dag1mb2.msg.corp.akamai.com on Mon,
1 Jun 2015 18:33:01 +, Salz, Rich rs...@akamai.com said:
rsalz While HP NonStop is not officially supported, I have been helping to
maintain
rsalz a fork for the platform since December and are
Yes, obviously security of the connection ends on offloading device with
all consequences.
I agree that having TLS end-to-end is great but quite hard to do it with
OpenSSL if you need full-duplex connection. So in my case I have SSL
till F5. One connection may trigger many transactions inside
Is present in at least OpenSSL 1.0.2 / master.
The code in bss_dgram.c checks if IP_MTUDISCOVER is defined, where it should
test for IP_MTU_DISCOVER:
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 5eade50..7cd57bf 100644
--- a/crypto/bio/bss_dgram.c
+++
22 matches
Mail list logo