Am 14.03.2016 um 18:48 schrieb Salz, Rich via RT:
> Did you enable RC4 when you built openssl?
Yes, more specifically I did not disable it.
Otherwise it would not have been possible to encrypt with RC4 with
"openssl cms -rc4 -encrypt", would it?
--
Ticket here:
I had written a message about this issue to openssl-users, but received
no reaction.
As OpenSSL cannot decrypt data encrypted by itself, this looks like a
defect. It is also not possible to decrypt RC4-encrypted CMS objects
created by third-party software.
This was reproduced with the current
There's no documentation available for the -no_explicit option of
openssl ocsp:
https://www.openssl.org/docs/apps/ocsp.html
Dr. Henson explained the meaning of the option and of the corresponding
flag OCSP_NOEXPLICIT for OCSP_basic_verify() like this on the
openssl-users list:
If the
The OpenSSL FAQ says that with a -DPURIFY build no messages about
uninitialized data should appear:
https://www.openssl.org/support/faq.html#PROG14
14. Why does Valgrind complain about the use of uninitialized data?
When OpenSSL's PRNG routines are called to generate random numbers the
Am 09.05.14 00:53, schrieb Stephen Henson via RT:
On Thu May 08 15:49:11 2014, s...@pdflib.com wrote:
I can confirm that with this patch applied my use case with
X509_verify_cert() works as expected (misidentification of signing
certificate as CRL issuer no longer occurs).
Could you give
I posted this test case for function X509_check_akid() on the
openssl-users mailing list, but got no reaction, therefore I'm
submitting it now as a defect for triaging.
Test case:
1) Certificate that has an Authority Key Identifier extension (save as
file testcert.pem):
-BEGIN
Am 15.04.14 20:00, schrieb Stephen Henson via RT:
The cause was that the lastpost parameter was set to 0 instead of -1. The
purpose of lastpos is to find multiple extensions of the same time so you can
continue from the last found position or -1 to start from the beginning.
Erroneously setting
Am 15.04.14 20:00, schrieb Stephen Henson via RT:
I've just added a fix (and to two other cases in the same file). Let me know
of
any problems.
The commit now showed up in the public Git repository, so I'm all set now.
Best Regards
Stephan
Hi,
the following problem was reproduced with several OpenSSL 1.0.1 versions
and also with a recent build from the OpenSSL_1_0_2-stable branch:
RFC 3161 says in 2.3. Identification of the TSA:
The corresponding certificate MUST contain only one instance of the
extended key usage field
