Viktor Dukhovni wrote:
|> On Jan 24, 2018, at 9:27 AM, Michael Richardson wrote:
|>> email clients are designed to handle hundreds to thousands of messages
|>> a day, Github UI isn't
|
|Indeed email is best for informal ad-hoc back and forth
Hello.
Tomas Mraz wrote:
|I would like to restart the discussion about possibilities of system-
|wide configurability of OpenSSL and particularly libssl.
|
|Historically OpenSSL allowed only for configuration of the enabled
|ciphersuites list if application called
"Blumenthal, Uri - 0553 - MITLL" wrote:
|>So I guess you want an interface that can both add things to the
|> "entropy" pool, and to the "additional data" pool? It shouldn't
|>be that hard, I'll try to come up with some proposal soon.
|
|I’d say the interface
"Salz, Rich" wrote:
|Is this new RNG object available to user programs, or do they need
|to reinvent the wheel even though they definitely link against the
|OpenSSL library?
|
|You don’t have to re-invent the wheel, but you might have to modify \
|the source ☺
"Salz, Rich via openssl-dev" wrote:
|➢ But I’d like the development team to comment on (and ideally – accept) \
|my request to add RAND_add() method to the RNG that is used in generation \
|of private keys.
|
|Well, I’ve been thinking about this for a bit, since you
Hello.
Richard Levitte wrote:
|I've added a change with documentation:
|
|https://github.com/openssl/openssl/pull/2818
|
|Please go in and comment, or if you don't have a github account, feel
|free to comment here.
Thank you, i have added it to my makefile 1:1.
Ciao!
Hello.
Richard Levitte <levi...@openssl.org> wrote:
|In message <20170301221703.tfwpu%stef...@sdaoden.eu> on Wed, 01 Mar \
|2017 23:17:03 +0100, Steffen Nurpmeso <stef...@sdaoden.eu> said:
|
|steffen> Yes, i mean, i just didn't know this, it is not mentioned anywher
Hello,
Richard Levitte <levi...@openssl.org> wrote:
|In message <20170301165032.8jhwg%stef...@sdaoden.eu> on Wed, 01 Mar \
|2017 17:50:32 +0100, Steffen Nurpmeso <stef...@sdaoden.eu> said:
|
|steffen> "Salz, Rich" <rs...@akamai.com> wrote:
|steffen&
Hello again,
Viktor Dukhovni <openssl-us...@dukhovni.org> wrote:
|> On Mar 1, 2017, at 11:46 AM, Steffen Nurpmeso <stef...@sdaoden.eu> wrote:
|> No, not that i know. But this -- thanks -- lead me to the
|> following, which is the KISS that you want?
...
|> diff --
Good evening.
Viktor Dukhovni <openssl-us...@dukhovni.org> wrote:
|> On Mar 1, 2017, at 11:13 AM, Steffen Nurpmeso <stef...@sdaoden.eu> wrote:
|>
|> $ ldd /home/steffen/usr/opt/.ssl-1.1.0/bin/openssl
|> ...
|> libssl.so.1.1 => not found
|&g
"Salz, Rich" wrote:
|> This is new behaviour, until now the installation was always self-contain\
|> ed
|> when configured via
|>
|> ./config --prefix=$(MYPREFIX) zlib-dynamic no-hw shared
|
|Did you install the libraries in a standard place?
|
|> I think this should
Sorry for the late reply, this really is a slow machine (and
i cleanup again completely anything once it is installed, _and_
the tests compile a long time even if not run)..
"Salz, Rich" wrote:
|> I am sorry, but i have no github account. Maybe it is possible to \
|> have
Oh, hello again,
now i finally have updated (without "make tests?") and it seems
i now have to fill in $LD_LIBRARY_PATH to get running:
$ ldd /home/steffen/usr/opt/.ssl-1.1.0/bin/openssl
...
libssl.so.1.1 => not found
libcrypto.so.1.1 => not found
This is new behaviour, until now the
Hello.
I am sorry, but i have no github account. Maybe it is possible to
have some @bug address which creates issues automatically?
I see this on
? openssl version
OpenSSL 1.0.2k 26 Jan 2017
? /home/steffen/usr/opt/.ssl-1.1.0/bin/openssl version
FYI,
and because i don't have a github account, though this could be
related to ticket #1635, on a x86_64 GNU LibC based Linux via
openssl:
cd openssl.git &&\
if [ -f NULL ]; then git checkout `cat NULL`; fi &&\
./config --prefix=$(MYPREFIX) zlib-dynamic no-hw
"Salz, Rich" wrote:
|> Maybe you like it. I haven't tried it, but see no reason why it
|> shouldn't work. It also adjusts headline tags in secpolicy.html, \
|> which don't
|> comply to the rest of the site yet.
|
|It's good enough. None of us our web developers. I just
Rich Salz via RT wrote:
|The title now has the URL. Closing. Fixed as it's gonna get :)
Not on Github, but i have really cloned the repository from
openssl.org (not promoted, but present) and had a short run on top
what you have committed. Maybe you like it. I haven't tried
Richard Levitte via RT wrote:
|On Thu Sep 01 13:18:44 2016, stef...@sdaoden.eu wrote:
|> From the documentation i cannot tell what is wrong with the
|> following:
|>
|> echo abc > a; echo def > b; echo ghi > c
|> openssl genpkey -algorithm RSA -out k.prv
|> openssl pkey
Richard Levitte via RT wrote:
|On Thu Sep 01 13:18:44 2016, stef...@sdaoden.eu wrote:
|> From the documentation i cannot tell what is wrong with the
|> following:
|>
|> echo abc > a; echo def > b; echo ghi > c
|> openssl genpkey -algorithm RSA -out k.prv
|> openssl pkey
Richard Levitte via RT wrote:
|On Thu Sep 01 13:13:44 2016, stef...@sdaoden.eu wrote:
|> Before sending the last message i looked around on the website (it
|> has become particularly complicated to find the bug tracker), and
|> looking at the "go-back" list i saw dozens of
Richard Levitte via RT wrote:
|On Thu Sep 01 13:13:44 2016, stef...@sdaoden.eu wrote:
|> Before sending the last message i looked around on the website (it
|> has become particularly complicated to find the bug tracker), and
|> looking at the "go-back" list i saw dozens of
"Salz, Rich" wrote:
..
|for and fix? (I'm kinda slow sometimes)
Do you know the story of the couple that had been married for
decades when suddenly, at a Sunday morning breakfast, it has been
revealed that she, who was given the upper half of the bread rolls
for so long --
Hello.
>From the documentation i cannot tell what is wrong with the
following:
echo abc > a; echo def > b; echo ghi > c
openssl genpkey -algorithm RSA -out k.prv
openssl pkey -in k.prv -pubout -out k.pub
openssl dgst -sha512 -sign k.prv -out .sig a b c
openssl dgst -sha512 -verify
Before sending the last message i looked around on the website (it
has become particularly complicated to find the bug tracker), and
looking at the "go-back" list i saw dozens of "OpenSSL" entries,
rather than rt, "Getting started as a contributor", etc.
--steffen
--
Ticket here:
Matt Caswell <m...@openssl.org> wrote:
|> Matt Caswell <m...@openssl.org> wrote:
|>|On 25/08/16 22:14, Steffen Nurpmeso wrote:
|>|> OpenSSL <open...@openssl.org> wrote:
|>|>| OpenSSL version 1.1.0 released
|>|>
|>|> A bit dis
|N'morning UK. (^.^)
Ok i'm awake, you've created a new branch for that.
Thanks.
--steffen
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
N'morning UK. (^.^)
Matt Caswell <m...@openssl.org> wrote:
|On 25/08/16 22:14, Steffen Nurpmeso wrote:
|> OpenSSL <open...@openssl.org> wrote:
|>| OpenSSL version 1.1.0 released
|>
|> A bit distressing that it is me again, as if i would have
|> something to do
Good evening.
OpenSSL wrote:
| OpenSSL version 1.1.0 released
A bit distressing that it is me again, as if i would have
something to do with that..., but: the tag is missing.
|https://www.openssl.org/news/openssl-1.1.0-notes.html
Looks good in Lynx!
Anyway, it
Against [80f397e]
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index fb39f94..7b38489 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -124,8 +124,8 @@ than the deprecated alternative commands below.
=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>,
I hope i don't "open" this one!
Richard Levitte via RT wrote:
|On Thu Jun 02 15:50:31 2016, stef...@sdaoden.eu wrote:
|> I have never seen something like this:
|>
|> Parser.c: loadable library and perl binaries are mismatched (got
|> handshake key 0xdb00080, needed
I hope i don't "open" this one!
Richard Levitte via RT wrote:
|On Thu Jun 02 15:50:31 2016, stef...@sdaoden.eu wrote:
|> I have never seen something like this:
|>
|> Parser.c: loadable library and perl binaries are mismatched (got
|> handshake key 0xdb00080, needed
Yep:
-rw--- 1 steffen steffen 1848 Jun 2 14:46 VhXl383LiQ
-rw--- 1 steffen steffen 1612 Jun 2 14:46 F1RkvxEZi0
-rw--- 1 steffen steffen 1848 Jun 2 14:46 qg_wML0XIF
-rw--- 1 steffen steffen 1848 Jun 2 14:46 4MUN7KIs69
-rw--- 1 steffen steffen 1840 Jun 2
Oh yes, please!
--steffen
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4555
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hello.
I have never seen something like this:
Parser.c: loadable library and perl binaries are mismatched (got handshake
key 0xdb00080, needed 0xdb80080)
This is v5.24 on a Linux system, and it flawless afaik.
Thanks.
--steffen
--
Ticket here:
"Salz, Rich" wrote:
|There are currently three functions related to the EGD:
|int RAND_egd(const char *path);
|int RAND_egd_bytes(const char *path, int bytes);
|int RAND_query_egd_bytes(const char *path, unsigned char *buf\
|, int
Hello,
for certificates which get renewed -- mine do twice a year, for
example -- the fingerprint changes
?0[tmp]$ openssl x509 -fingerprint -noout cert.old
SHA1 Fingerprint=00:10:F0:2C:EA:50:1F:11:FE:8D:CC:A0:A9:40:91:A2:D0:4D:65:4E
?0[tmp]$ openssl x509 -fingerprint -noout cert.crt
And on [1] (at least) the link Please see the list of new or open
bugs and requests. leads to nowhere.
Ciao,
[1] http://openssl.org/support/rt.html
--steffen
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
Huhu!!
|Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx
I just want to mention these «UTF-8 re-encoded as UTF-8» issues,
which may be acceptable for names of males, but, but
*particularly* with respect to the natural beauty of the affected
person… On the other hand i
Matt Caswell m...@openssl.org wrote:
|On 19/05/15 17:40, Kurt Roeckx wrote:
| I think that we should just provide the SSLv23_client_method define
| without the need to enable something, and I guess I missed
| something during the review in that case.
|
|The reason you need to enable
Kurt Roeckx k...@roeckx.be wrote:
|On Tue, May 19, 2015 at 08:03:05PM +0200, Steffen Nurpmeso wrote:
| Steffen Nurpmeso sdao...@yandex.com wrote:
||Kurt Roeckx k...@roeckx.be wrote:
|||I think that we should just provide the SSLv23_client_method define
|||without the need to enable something
Salz, Rich rs...@akamai.com wrote:
| c_zlib.c:113:5: warning: excess elements in struct initializer
| NULL,
| ^~~~
|
|Are you sure you have an accurate copy of master?
|
|The EX_DATA was removed in 9a555706a3fb8f6622e1049ab510a12f4e1bc6a2 \
|as part of making the COMP
Hello,
i've just read on the Lynx list about compilation error because of
a missing SSLv23_method() and indeed [1] says it is deprecated and
a new TLS_client_method() is to be used instead. Now i've
searched on Gmane but i couldn't find just any word. (Let's just
hope that there will be TLS
Kurt Roeckx k...@roeckx.be wrote:
|I think that we should just provide the SSLv23_client_method define
|without the need to enable something, and I guess I missed
|something during the review in that case.
Thanks for the clarification.
--steffen
___
Steffen Nurpmeso sdao...@yandex.com wrote:
|Kurt Roeckx k...@roeckx.be wrote:
||I think that we should just provide the SSLv23_client_method define
||without the need to enable something, and I guess I missed
||something during the review in that case.
|
|Thanks for the clarification.
Ehm
Hello,
Dr. Stephen Henson st...@openssl.org wrote:
|On Fri, Feb 13, 2015, Viktor Dukhovni wrote:
| On Fri, Feb 13, 2015 at 11:59:13AM +, Salz, Rich wrote:
| Some time ago, I had submitted a patch which allows administrators, but
| most importantly OS distributors to set their own strings
Hello,
Nikos Mavrogiannopoulos n...@redhat.com wrote:
|On Thu, 2015-02-12 at 18:39 +0100, Steffen Nurpmeso wrote:
| And i want to point to OPENSSL_config(3) which states for a longer
| time duration:
|
|It is strongly recommended that all new applications call
Oh, this thread is about the OpenSSL configuration package that
Rich Salz promised!..
Daniel Kahn Gillmor d...@fifthhorseman.net wrote:
|On Wed 2015-02-11 10:15:11 -0500, Salz, Rich wrote:
| Note that for most applications the correct approach to configuring
| ciphersuites should be to start
Hello,
Thanks for OpenSSL first.
And again when you can read this.
Matt Caswell m...@openssl.org wrote:
|On 22/01/15 22:34, Steffen Nurpmeso wrote:
| Since noone else seems to say a word.
| I personally didn't understand at all why v1.0.2 when its
| end-of-life is in sight already.
|
|From
Daniel Kahn Gillmor d...@fifthhorseman.net wrote:
|On Fri 2015-01-23 06:19:14 -0500, Steffen Nurpmeso wrote:
| brings. (Myself even starves for documentation [coverage]
| improvements.)
|
|fwiw, OpenSSL documentation is pretty easy to read and to edit. If you
|notice that things
Since noone else seems to say a word.
I personally didn't understand at all why v1.0.2 when its
end-of-life is in sight already. Now you have to continue to
track three active branches. But this is your problem of course.
What i _really_ don't understand is why 1.0.2 is delivered with
false
I wonder about this interface oddity.
There is
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
int SSL_set_cipher_list(SSL *ssl, const char *str);
but only
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
const char *SSL_get_cipher_list(const SSL *ssl, int priority);
Stephen Henson via RT r...@openssl.org wrote:
All i can parse from your answer is that the statement that is
long in OpenSSL documentation and was referred to by Rich Salz
(unless i'm mistaken) in a different #issue, namely the following
paragraph from OPENSSL_config(3):
It is strongly
So i follow Rich Salz and am adding support for
SSL_CONF_modules_load_file() (but i'm still wondering a bit why
i do that) and while testing (with v1.0.2 beta4) i see messages
like
error:02001002:system library:fopen:No such file or directory
error:0200100D:system library:fopen:Permission
Hello,
while following Rich Salz's suggestion to make use of
CONF_modules_load_file() i stumbled personally over the
restriction that only a global openssl.cnf seems to be supported.
There is no support for automatic loading of a $HOME/.openssl.cnf
on top of the global version.
And whereas
..so that even after OpenSSL_add_all_algorithms(3)
EVP_get_cipherbyname(3) fails to load aes-128 as an alias for
aes-128-cbc.
--steffen
diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod
index 41791ad..88e8b79 100644
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -282,7 +282,7 @@ authentication
Hello,
Stephen Henson via RT r...@openssl.org wrote:
|On Mon Dec 08 19:58:31 2014, sdao...@yandex.com wrote:
| If people start using SSL_CONF_CTX as they are supposed to with
| v1.0.2, then it can be expected that users start using strings
| like, e.g. (from my thing),
|
| set
Salz, Rich via RT r...@openssl.org wrote:
| Personally i am willing to put enough trust in the OpenSSL team *even
| insofar* as i now do 'set ssl-protocol=ALL,-VULNERABLE'
| and leave the task of deciding what is VULNERABLE up to you.
|
|That is not a responsibility we want. No how, no way.
Yoav Nir ynir.i...@gmail.com wrote:
| On Dec 9, 2014, at 1:24 PM, Steffen Nurpmeso via RT r...@openssl.org \
| wrote:
| Salz, Rich rs...@akamai.com wrote:
||I think magic names -- shorthands -- are a very bad idea. \
|
| I _completely_ disagree.
|
|| They are point-in-time statements
Salz, Rich via RT r...@openssl.org wrote:
| Y causes a ciphersuite (or TLS version) to be dropped into VULNERABLE,
|I am more concerned about the case where a common crypto type \
|is broken, and zillions (a technical term :) of websites are \
|now at-risk because there wasn't an immediate
Salz, Rich via RT r...@openssl.org wrote:
| I'd love to see a version of bettercrypto.org that only \
| has to say to configure
| OpenSSL version 1.0.3 and higher, you should use the string BEST_PRACTICE
|
|That can happen but not by embedding magic strings into code. See
But isn't TLSv1.2
Hello,
Stephen Henson via RT r...@openssl.org wrote:
|On Mon Dec 08 19:58:31 2014, sdao...@yandex.com wrote:
| If people start using SSL_CONF_CTX as they are supposed to with
| v1.0.2, then it can be expected that users start using strings
| like, e.g. (from my thing),
|
| set
Hi.
Richard Moore richmoor...@gmail.com wrote:
| Programs which use the OpenSSL library generally just want to flip a
| switch and know that they've turned on security, instead of trying to
|My experience suggests that while that might be what some developers want,
|that's not what users
Salz, Rich via RT r...@openssl.org wrote:
| Personally i am willing to put enough trust in the OpenSSL team *even
| insofar* as i now do 'set ssl-protocol=ALL,-VULNERABLE'
| and leave the task of deciding what is VULNERABLE up to you.
|
|That is not a responsibility we want. No how, no way.
Yoav Nir ynir.i...@gmail.com wrote:
| On Dec 9, 2014, at 1:24 PM, Steffen Nurpmeso via RT r...@openssl.org \
| wrote:
| Salz, Rich rs...@akamai.com wrote:
||I think magic names -- shorthands -- are a very bad idea. \
|
| I _completely_ disagree.
|
|| They are point-in-time statements
Salz, Rich via RT r...@openssl.org wrote:
| Y causes a ciphersuite (or TLS version) to be dropped into VULNERABLE,
|I am more concerned about the case where a common crypto type \
|is broken, and zillions (a technical term :) of websites are \
|now at-risk because there wasn't an immediate
Salz, Rich via RT r...@openssl.org wrote:
| I'd love to see a version of bettercrypto.org that only \
| has to say to configure
| OpenSSL version 1.0.3 and higher, you should use the string BEST_PRACTICE
|
|That can happen but not by embedding magic strings into code. See
But isn't TLSv1.2
Hi.
Richard Moore richmoor...@gmail.com wrote:
| Programs which use the OpenSSL library generally just want to flip a
| switch and know that they've turned on security, instead of trying to
|My experience suggests that while that might be what some developers want,
|that's not what users
Salz, Rich via RT r...@openssl.org wrote:
| So you want a separate openssl-conf package. Fine, then provide it and
| give an easy mechanism for applications to hook into it.
| And for users to be able to overwrite system defaults.
| But this has not that much to do with #3627.
|
|Yes it
Dr. Stephen Henson st...@openssl.org wrote:
|On Thu, Dec 11, 2014, Steffen Nurpmeso via RT wrote:
| are hard (not only to parse) for users but there is a lot of
| information for good in very few bytes; sad is
|
| Received SIGPIPE during IMAP operation
| IMAP write error: error:
Salz, Rich via RT r...@openssl.org wrote:
| So you want a separate openssl-conf package. Fine, then provide it and
| give an easy mechanism for applications to hook into it.
| And for users to be able to overwrite system defaults.
| But this has not that much to do with #3627.
|
|Yes it
Dr. Stephen Henson st...@openssl.org wrote:
|On Thu, Dec 11, 2014, Steffen Nurpmeso via RT wrote:
| are hard (not only to parse) for users but there is a lot of
| information for good in very few bytes; sad is
|
| Received SIGPIPE during IMAP operation
| IMAP write error: error:
Stephen Henson via RT r...@openssl.org wrote:
|On Mon Dec 08 20:20:44 2014, sdao...@yandex.com wrote:
| and finally i propose three new values for the Protocol slot of
| SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE.
|
|Just to add my 2p to this thread which seems to have veered into
Richard Moore richmoor...@gmail.com wrote:
|On 8 December 2014 at 19:20, Steffen Nurpmeso via RT r...@openssl.org wrote:
| and finally i propose three new values for the Protocol slot of
| SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE.
|
|In Qt we've added an enum value for TLS versions
Richard Moore richmoor...@gmail.com wrote:
|On 9 December 2014 at 11:35, Steffen Nurpmeso sdao...@yandex.com wrote:
| Richard Moore richmoor...@gmail.com wrote:
||On 8 December 2014 at 19:20, Steffen Nurpmeso via RT r...@openssl.org
| wrote:
|| and finally i propose three new values
Kurt Roeckx via RT r...@openssl.org wrote:
|On Mon, Dec 08, 2014 at 08:20:44PM +0100, Steffen Nurpmeso via RT wrote:
| and finally i propose three new values for the Protocol slot of
| SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE.
|
|I actually find the option unfortunate and I think
Kurt Roeckx via RT r...@openssl.org wrote:
|On Mon, Dec 08, 2014 at 07:58:31PM +0100, Steffen Nurpmeso via RT wrote:
| set ssl-protocol=ALL,-SSLv2
|
| This results in the obvious problem that when they (get)
| upgrade(d) their OpenSSL library they will see a completely
| intransparent
|Kurt Roeckx via RT r...@openssl.org wrote:
||been one that sets the minimum and maximum version. But I think
||we're too late 1.0.2 process to still change this.
Attached a git format-patch MBOX for 1.0.2 (on top of [6806b69]).
It boils anything down into two changesets (SSL_CONF_CTX and
Salz, Rich rs...@akamai.com wrote:
|I think magic names -- shorthands -- are a very bad idea. \
I _completely_ disagree.
| They are point-in-time statements whose meaning evolves, \
|if not erodes, over time.
Because i don't think that a normal user, or even normal
administrators and
Kurt Roeckx via RT r...@openssl.org wrote:
|On Mon, Dec 08, 2014 at 07:58:31PM +0100, Steffen Nurpmeso via RT wrote:
| set ssl-protocol=ALL,-SSLv2
|
| This results in the obvious problem that when they (get)
| upgrade(d) their OpenSSL library they will see a completely
| intransparent
Richard Moore richmoor...@gmail.com wrote:
|On 8 December 2014 at 19:20, Steffen Nurpmeso via RT r...@openssl.org wrote:
| and finally i propose three new values for the Protocol slot of
| SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE.
|
|In Qt we've added an enum value for TLS versions
Richard Moore richmoor...@gmail.com wrote:
|On 9 December 2014 at 11:35, Steffen Nurpmeso sdao...@yandex.com wrote:
| Richard Moore richmoor...@gmail.com wrote:
||On 8 December 2014 at 19:20, Steffen Nurpmeso via RT r...@openssl.org
| wrote:
|| and finally i propose three new values
Does:
- Fixes a typo in s_client.pod (2x in the).
- Changes .pod to reflect reality: it is SSL_CONF_CTX_finish(),
not SSL_CONF_finish().
- While here it seems best to change the remaining SSL_CONF_cmd(),
SSL_CONF_cmd_argv() and SSL_CONF_cmd_value_type() to have
a SSL_CONF_CTX_ prefix,
Oh yes: and on top of that former patch there really where also
dangling SSL_CTX_cmd() use cases in .pod files, which are thus and
finally changed to SSL_CONF_CTX_cmd via the attached patch, too.
Thank you.
--steffen
diff --git a/doc/ssl/SSL_CONF_CTX_cmd.pod b/doc/ssl/SSL_CONF_CTX_cmd.pod
index
Hello,
and finally i propose three new values for the Protocol slot of
SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE.
I included OLDEST for completeness sake, NEWEST is in effect what
i've always forced for my thing whenever possible, and encouraged
users to use themselve, but of course it
|What is the SECLEVEL you refer to? I had a quick look at SSL_CONF API
|pointed out by Stephen.[.]
|
I did too. Attached a doc patch (against 1.0.2) to match code
reality. Fixes linking for me.
--steffen
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index
Hello,
Dr. Stephen Henson st...@openssl.org wrote:
|On Thu, Dec 04, 2014, Tomas Hoger wrote:
| On Wed, 3 Dec 2014 22:55:06 +0100 Kurt Roeckx wrote:
| Maybe applications may benefit from an API where they can pass string
| set by the end user and let OpenSSL parse version number from that.
|
i wrote:
|until now when i printed certificate chains (in verbose mode)
|i used a brute simple hand driven function that dealt with
|ASN1_UTCTIME. Today i connected to a server where one of the
|certificates in the chain used ASN1_GENERALIZEDTIME, which
|resulted in the -- faulty -- message:
Salz, Rich rs...@akamai.com wrote:
|Please send this to r...@openssl.org so it doesn't get lost.
Nah, that is quite ridiculuous, is it; i read this as it is fine
to use the function, though.
Thanks,
--steffen
__
OpenSSL Project
Hello,
until now when i printed certificate chains (in verbose mode)
i used a brute simple hand driven function that dealt with
ASN1_UTCTIME. Today i connected to a server where one of the
certificates in the chain used ASN1_GENERALIZEDTIME, which
resulted in the -- faulty -- message:
OpenSSL open...@openssl.org wrote:
| OpenSSL version 1.0.1g released
| ===
Forgot to git(1) tag OpenSSL_1_0_1g?
--steffen
__
OpenSSL Project
90 matches
Mail list logo