On Wed Oct 05 07:05:06 2016, sgbrazhni...@gmail.com wrote:
> Hi, guys.
>
> Just figured out that files encrypted with OpenSSL 1.1.0-stable can not be
> decrypted with previous releases and vice versa.
> Tested aes256, cast5-cfb, camellia128 on 1.1.0-stable, 1.0.2-stable and
> 0.9.8(cast5-cfb only)
On Wed Sep 28 19:44:49 2016, mich...@michsoft.de wrote:
> In addition to my message I send you my gdb backtrace:
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x71413700 (LWP 13663)]
> 0x76ba4e87 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
>
On Fri Sep 16 13:54:00 2016, georg.hoellr...@gmx.at wrote:
>
> As long as $SAN is unset I get
> openssl version
> 6870300:error:0E065068:configuration file routines:STR_COPY:variable has no
> value:conf_def.c:618:line 17
>
This is expected and documented behaviour: see config manual page for
On Sat Aug 27 14:01:11 2016, 1047941...@qq.com wrote:
> hello:
> i want to use libcurl with openssl, and i build openssl use this
> cmd:
> "perl configure VC-WIN32 no-asm -DOPENSSL_SSL_CLIENT_ENGINE_AUTO=capi
> -DOPENSSL_CAPIENG_DIALO"
>
>
> when i use curl get url,eg "curl -k
On Thu Aug 18 14:01:03 2016, bmor...@mortoninsights.com wrote:
> Ok, so this might be a separate issue. Please let me know what you think
> and I can file. The issue is pretty much irrelevant since you can't
> decrypt anything over 1.5G.
>
> Try this:
>
> bmorton@athens:~$ dd if=/dev/urandom
On Thu Aug 18 00:40:21 2016, bmor...@mortoninsights.com wrote:
>
> Regardless of input size (2GB or 30GB) to the smime application, the
> resulting encrypted file is only 1.9GB on disk. Unless smime format
> has
> some very serious compression, it looks like it is silently truncating
> input. A 32
On Wed Aug 17 18:16:41 2016, bmor...@mortoninsights.com wrote:
> That doesn't sound like an ideal case for a bugfix. Any other creative
> ideas on how to fix this one? Some suggestions I read previously included
> adding support for streaming decode to avoid such a large memory
> allocation. This
It's a bug that is fixed in the current stable versions of OpenSSL and will be
in the next releases.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here:
On Wed Aug 03 21:13:08 2016, open...@roumenpetrov.info wrote:
>
> Please update documentation (status of 3.8.2016):
> 1) DSA_SIG_new.pod
> DSA_SIG_new() allocates and initializes a B structure.
>
> So now function only allocates signature.
>
>
> 2) ECDSA_SIG_new.pod
> ECDSA_SIG_new() allocates a
On Mon Aug 08 13:52:12 2016, f.schuel...@infodas.de wrote:
> Hello,
>
> for some engine-implementations one needs the possibility to change
> the EVP_MD used in signctx_init and verifyctx_init.
> (because different EVP_MD are needed for standalone calculating of the
> digest and calculating the
Added documentation now and constified a few more cases.
Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4639
Please log in as
Added now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4637
Please log in as guest with password guest if prompted
--
This has addressed the original issue. If there are any cases for DH/DSA/RSA
you feel need addressing please give details in a new ticket.
Steve.;
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here:
On Mon Jul 11 12:10:27 2016, 13731461...@126.com wrote:
>
> I was trying to install openssl 1.0.1t on AIX5.3, and it report error
> when running "make test". Below is the error test.
>
> CMS consistency test
> /usr/bin/perl cms-test.pl
> CMS => PKCS#7 compatibility tests
> signed content DER
On Sun Jul 24 18:29:16 2016, aniru...@avaya.com wrote:
> Thanks a lot !!! Will definitely try it out :)
>
Note that this bugfix is now in OpenSSL 1.0.2 and the master branch so
alternatively just try a recent snapshot.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial
This is a known issue which is fixed in the current snapshots. Commit
a1eef756cc1948ed4d1f addresses it.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here:
On Fri Jul 22 14:56:11 2016, hka...@redhat.com wrote:
> the issue is present in master 0ed26acce328ec16a3aa and looks to have
> been
> introduced in commit:
>
I tried what I thought was a fix for this which is to simply delete the lines:
if (decrypt_len < 0)
goto err;
from
Fixed now in master and 1.0.2.
Thanks for the report,
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4511
Please log in as guest with password guest if
On Sat Jun 25 22:09:59 2016, open...@roumenpetrov.info wrote:
>
> Above is reason the request to remove const from return argument of get0
> methods.
>
We had a discussion about this and the preference was to have get methods
retain const for various reasons.
Instead the DSA_SIG/ECDSA_SIG
This has now been addressed in master and 1.0.2.
Thanks for the report,
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4610
Please log in as guest with
On Sat Jul 02 11:13:44 2016, k...@roeckx.be wrote:
>
> /* If we are changing MD then we must have a key */
> if (md != NULL && md != ctx->md && (key == NULL || len < 0))
> return 0;
>
> That means contrary to the documentation, the existing salt isn't
> reused
> when the md argument is non-zero
On Tue Jul 19 22:23:56 2016, steve wrote:
>
> If there are multiple CRLs with the appropriate scope then the first
> one where
> the current time falls between lastUpdate and nextUpdate is used.
>
> It is possible to dynamically update CRLs but currently only the time
> criteria
> is used. So if
Fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4600
Please log in as guest with password guest if prompted
--
On Tue Jul 19 08:47:11 2016, levitte wrote:
> My answer was incorrect...
>
> What happens when trying to find a CRL is that get_cert_by_subject (in
> crypto/x509/by_dir.c) gets called, and it will try to load every file
> it finds
> (so both $hash{sub_ca}.r0 and $hash{sub_ca}.r1). However, when
Thanks for the report, fixed now in master and 1.0.2.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4588
Please log in as guest with password guest if
Fixed now, ticket closed.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4605
Please log in as guest with password guest if prompted
--
openssl-dev
Fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4554
Please log in as guest with password guest if prompted
--
It looks like a lot of these warnings are bogus. For example ct_validation is
only ever set to 0 or 1 yet it throws out a warning with if(ct_vlidation) in
one place while not warning about a similar expression just above it.
I tidied up ocsp_prn.c which avoided the warning in that file: though
Fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2369
Please log in as guest with password guest if prompted
--
On Sun Feb 21 13:55:35 2016, rainer.j...@kippdata.de wrote:
> Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0
> adjustments, I get
>
Can you please check to see if this issue is still present in the latest
OpenSSL 1.1.0?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core
On Mon May 16 18:32:13 2016, bwell...@xbill.org wrote:
> This is fixed, but there are similar problems that still exist, for
> example:
>
> —
> #include
> #include
>
I've addresses some, but not all the warnings now. Some of them would require
signiicant changes to the way STACK works. We'll
On Tue Nov 30 11:20:30 2010, donz4...@donz.ru wrote:
> Hello.
> I use OpenSSL 1.0.0a 1 Jun 2010 version.
>
> 1)Command "openssl smime -sign ..." generates output with added headers
> and meta-data in body with '\n' as line terminator but
> http://www.faqs.org/rfcs/rfc2822.html demands using only
Now fixed for smime and cms utilities. Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1817
Please log in as guest with password
The master version of the ts utility now supports the full set of verification
options including the -attime option which can set the verification time.
Ticket resolved.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see:
On Mon May 16 22:17:57 2016, beld...@gmail.com wrote:
> Dear Stephen,
>
> There was one more bugreport merged to this ticket regarding the OCSP
> (#4216).
> Could you take a look at it?
>
That should be fixed by commit 6302bbd21a79bd2ed
Steve.
--
Dr Stephen N. Henson. OpenSSL project core
On Sat May 14 21:43:05 2016, beld...@gmail.com wrote:
>
> Yes. The bug is still reproducable with the req command.
>
> To reproduce it, you need to specify the OPENSSL_CONF variable.
> (You have to load the engine via config to enable the algorithms on
> startup
> of the openssl).
> The engine you
Fixed in commit afdd82fb567db
Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4471
Please log in as guest with password guest if
On Mon Jan 04 14:07:23 2016, beld...@gmail.com wrote:
> Hello!
>
> I found the following problems running my cipher suite with openssl 1.1.0
>
> 1. Some apps try to load the default config file twice. In case when we
> load an engine via the config file and the engine prevents itself from
>
Fixed in commit 0b2d4755d67eece48d1
Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4302
Please log in as guest with password
It's caused by the S/MIME test certificates expiring. This is fixed in commit
24762dee178bace3c3 either apply that, use a recent snapshot or just copy the
test/smime-certs directory from a recent snapshot.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now
The remaining cases should be fixed now by commit d18ba3cc36d5fed032d.
Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4207
Fixed now, along with a few similar cases. Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4403
Please log in as guest with
Fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4246
Please log in as guest with password guest if prompted
--
Fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4438
Please log in as guest with password guest if prompted
--
On Wed Oct 21 19:41:57 2015, beld...@gmail.com wrote:
> Hello,
>
> I've found a bug in the crl2pkc7 command in the master branch.
>
> openssl crl2pkcs7 -in test.crl -certfile cert.pem -out p7.pem
>
> Output:
>
> error opening the file, -in
> error loading certificates
>
On Wed May 11 22:16:00 2016, dan...@haxx.se wrote:
>
>
> Sorry, that problem was fixed at some later point and I've not seen it
> trigger
> recently. I forgot to mark it as such in the bug.
OK, thanks for the update. Ticket closed.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Thanks, applied.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4442
Please log in as guest with password guest if prompted
--
openssl-dev mailing
Applied, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4363
Please log in as guest with password guest if prompted
--
On Thu Jan 14 17:08:13 2016, dan...@haxx.se wrote:
> Hey
>
> I've had this crash for a while with current openssl git master. It is
> perfectly reproducable using curl test 313 and I have an openssl build
> here
> with debug symbols so I can provide more info to help someone diagnose
> this,
>
Applied now. Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4224
Please log in as guest with password guest if prompted
--
Fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4538
Please log in as guest with password guest if prompted
--
This is now supported in the master branch with the SSL_CIPHER_get_auth_nid()
function.
The equivalent cannot be added to 1.0.2 as we do not add new features to stable
branches.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see:
Applied (in slightly modified form) thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4390
Please log in as guest with password
Support added now for VERBOSE and V.
Closing ticket,
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4462
Please log in as guest with password guest if
This has now been applied, thanks for the contribution.
Ticket closed.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4435
Please log in as guest with
Fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3826
Please log in as guest with password guest if prompted
--
No problems reported, ticket closed.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4147
Please log in as guest with password guest if prompted
--
On Fri May 06 22:37:55 2016, nbh...@gmail.com wrote:
> Hello Steve,
>
> *If I do not indicate the location of the cert*
> >
>
> > PS C:\OpenSSL-Win32\bin> .\openssl s_client -connect
> > www.googleapis.com:443
> > CONNECTED(0088)
> > depth=2
On Fri May 06 00:33:47 2016, nbh...@gmail.com wrote:
>
> I updated the openssl version to 1.0.2h and reran. Was able to
> reproduce. *Old
> pem works newer pem fails*.
>
Can you reproduce this using s_client?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support
Fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4449
Please log in as guest with password guest if prompted
--
Fixed, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4466
Please log in as guest with password guest if prompted
--
Added now. Thanks for the contribution.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4478
Please log in as guest with password guest if prompted
--
The bug was that to support CMS a cipher needs to be able to handle the ASN.1
associated with the cipher and (AFAIK) no standard exists for RC4. The decrypt
code checked to see if ASN.1 handling was supported and threw the error because
it was not. The encrypt side only tried to use ASN.1 if the
Looks like this was addressed with commit a6eef4c81b62bbab8d.
Thanks for the contribution.
Closing ticket.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here:
Fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4504
Please log in as guest with password guest if prompted
--
On Tue Apr 12 13:41:51 2016, nbh...@gmail.com wrote:
> On my test server running OpenSSL 1.0.2e on Windows Server 2012. The
> "newest" cacert.pem fails with an error "SSL certificate problem: unable to
> get local issuer certificate", however, the one from 2014 works. I am
> attaching both.
>
Can
On Mon Mar 21 13:02:56 2016, ramunas.jurgi...@gmail.com wrote:
> I did write function which changes PKCS12 passphrase. I noticed that
> PKCS12_newpass function leaks memory. Memory leak disappears when
> commenting out line where is PKCS12_newpass func.
>
> Below I posted this code which I am
Fixed in commit acde647fb0347f64af8
Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4493
Please log in as guest with password
On Thu May 05 12:54:11 2016, howard.m.kash@mail.mil wrote:
>
> OpenSSL 1.0.2h fails to process large CRLs (anything over 1MB) with the
> error "X509_NAME_EX_D2I:too long:x_name.c:203" due to X509_NAME_MAX being
> set to 1024*1024. The CRLs I'm examining with "openssl crl -in
> -nextupdate
This has now been fixed. I've addred checks for the block length and set the
Blake2 block length properly.
Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here:
Fixed, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4527
Please log in as guest with password guest if prompted
--
On Mon May 02 19:00:03 2016, john.with...@irs.gov wrote:
>
> I successfully built and deployed to a 64-bit RHEL 5.11 server (using
> a local installation path) and was able to configure the issuer
> certificate cache for my applications. I built a separate package for
> 32-bit RHEL 5.11 (again,
On Sun May 01 07:32:17 2016, hen...@newdawn.dk wrote:
> Thank you all for the assistance - trying to convince Qt/C++ SSL
> sockets to do as you've described by cutting down on ciphers. I did
> check std Google Chrome ClientHello which does only contain about 10
> cipher suites - where Qt seems to
On Sat Apr 30 21:23:30 2016, hen...@newdawn.dk wrote:
> Since this is a MS IIS 7.0 server I would argue that it'd be in the
> interest of openssl to handle the situation rather than accept this
> scenario - since IIS is likely powering more than a few hosts? It is
> possible to have the host
Fixed, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4517
Please log in as guest with password guest if prompted
--
On Tue Mar 22 21:51:05 2016, michel.sa...@free.fr wrote:
> Hi,
>
> Here attached is some test data files and a patch against today's git repo
> to allow for the use of wrap mode using the OpenSSL 'enc' command.
>
> The 'raw*.dat' files contains the NIST test vectors, and the '*.ok.enc' the
>
Fixed now. Closing ticket.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4436
Please log in as guest with password guest if prompted
--
openssl-dev
Your fix has now been applied to the master branch. Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4446
Please log in as guest
On Wed Mar 09 23:50:40 2016, matthias.st.pie...@ncp-e.com wrote:
> > According to our records, your request has been resolved. If you have
> > any
> > further questions or concerns, please respond to this message.
>
> Thanks a lot for finally adding the patch. Since our software is not
> ready for
On Sat Mar 05 19:58:57 2016, matthias.st.pie...@ncp-e.com wrote:
>
> These functions, although internal, appear to me to be the natural way
> to serialize
> and deserialize private ECDH groups. They are well tested and reusable
> and the only
> reason why they are not public is probably because
On Sat Mar 05 09:01:48 2016, matthias.st.pie...@ncp-e.com wrote:
> Is there any chance that this change will find it's way into OpenSSL
> 1.1 ?
>
The fact we don't export the DHparameters item I'd regard as a bug which should
be fixed.
The EC one I'm less sure about. This ends up exposing what
On Fri Mar 04 14:35:30 2016, darovskikh.and...@gmail.com wrote:
> Hi
>
> I'm using openssl 1.0.2 library for SSL connection.
> For supporting TLS1.2 protocol with client cert from windows cert store I
> modified openssl capi engine. In method capi_rsa_sign I initialize
> Microsoft Enhanced RSA and
On Wed Feb 24 12:07:05 2016, mo...@computer.org wrote:
> Hi,
>
> I have PR https://github.com/openssl/openssl/pull/739 with the below
> changes, please have a look.
>
> - In EC_KEY_priv2buf(), check for pbuf sanity.
> - If invoked with NULL, gracefully returns the key length.
>
If you're doing
On Fri Feb 12 18:41:41 2016, rainer.j...@kippdata.de wrote:
> Using OpenSSL 1.1.0pre2 I see renegotiation problems between s_client
> and s_server (but also in Apache mod_ssl).
>
Fixed in commit 5b326dc529e19194
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech
Now applied as commit 43db7aa2de68e0
Thanks for the report, Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4266
Please log in as guest with password
On Thu Feb 11 07:11:17 2016, bcri...@gmail.com wrote:
> This is the Endorsement Key certificate extracted from a TPM device.
>
Does it always do that or is this just an oddity?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see:
On Thu Feb 11 21:38:18 2016, bcri...@gmail.com wrote:
> The EK certificate is generated and burned into the TPM during
> manufacturing. The extraction operation always returns the same certificate.
>
I meant do you have any other examples of this anomalous encoding or is it some
rare glitch in
On Wed Feb 10 21:59:12 2016, bcri...@gmail.com wrote:
> Version: "OpenSSL 1.1.0-pre2 (alpha) 14 Jan 2016"
>
> Command: "openssl x509 -inform der -in sample_ekcert.der"
>
> Result:
> "unable to load certificate
> 140618483803816:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal
>
On Fri Jan 29 19:14:50 2016, h...@symas.com wrote:
>
> Just to be clear - in our use case we already know the length. But if
> the
> function you're proposing is returning only a success/error code, then
> the
> function should probably also provide the length as a return
> parameter, for
> more
OK thanks for the update, ticket resolved.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-dev mailing list
To unsubscribe:
Duplicate of ticket #2397 which is now resolved.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-dev mailing list
To unsubscribe:
On Tue Feb 02 21:46:59 2016, rsalz wrote:
> Sorry, we can't touch the FIPS code any more without sponsorship.
Though if this is still a problem a workaround is to rename the symbols on the
OpenSSL side outside the FIPS code.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
On Tue Feb 02 15:56:01 2016, frank.br...@ipb-halle.de wrote:
> Hi,
> please find my pull request on
> https://github.com/openssl/openssl/pull/610
>
> These two patches add an -attime option to "openssl ts -verify"
> similar to the same option in "openssl verify". This allows checking
> of
The existing functionality reuses an EC_KEY structure and generates a new key.
We can't really change this because any application relying on that would end
up getting the same key back instead of a new one.
However I think a separate function which calculates the public key based on
the set
On Tue Feb 02 23:38:51 2016, stuart.k...@microfocus.com wrote:
> The SecurityPolicy.pdf claims that HP-UX 11i IA64 is a Supported
> Configuration; how can this claim be made when the code does nto even
> compile correctly?
The FIPS module compiles correctly but there is the duplicated symbol
On Fri Jan 29 09:59:23 2016, alek...@aleksey.com wrote:
> Hello,
>
> At the moment, there is no way to set r/s in the ECDSA_SIG structure
> manually to verify the signature encoded into a different format.
> Would be great to add a simple function:
>
> void ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM
On Fri Jan 29 15:08:47 2016, h...@highlandsun.com wrote:
> Howard Chu via RT wrote:
> > In OpenLDAP we reference X509_NAME->bytes->data directly, we want the
> > DER
> > bytes which we then pass thru our own DN validator/formatter. This no
> > longer
> > works with OpenSSL 1.1 and I don't see any
On Fri Jan 29 17:35:05 2016, steve wrote:
> On Fri Jan 29 15:08:47 2016, h...@highlandsun.com wrote:
> > Howard Chu via RT wrote:
> > > In OpenLDAP we reference X509_NAME->bytes->data directly, we want
> > > the
> > > DER
> > > bytes which we then pass thru our own DN validator/formatter. This
> >
On Fri Jan 29 17:59:59 2016, alek...@aleksey.com wrote:
>
> Do you have plan to change the behavior of DSA_SIG_new() as well
> to pre-create r and s? Currently both are NULL.
>
That seems like a reasonable change. In 1.0.x we can't do that because it would
result in compatibility issues. For
Thanks for the report, fixed now.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-dev mailing list
To unsubscribe:
1 - 100 of 926 matches
Mail list logo
