At 07:48 10/06/03 -0700, you wrote:
Thierry Boivin wrote:
I agree with you about the way to build the initial ctr value from the nonce
value. My question is different : whithin the encryption of a whole plaintext
message (so a big block to be divided into 128 bit length blocks) , why to
To whom it may concern,
I'm not sure of the format you require for bug reports but I'll try to
limit this email to pertinent info only...
Summary: Our application uses Pocket IE v3.02 on WinCE to communicate with
our secure webserver (apache + mod_ssl). When we upgraded the server's
openssl
Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom
The rsa command fails strangely when attempting to use
both -passin fd:int and -passout fd:int together. My code was
openssl rsa -passin fd:5 -des3 -passout fd:7
and it was reencoding the key with a bad passphrase. Changing to
Contribution to openssl:
pkcs#11 engine for openssl 0.9.7b
[EMAIL PROTECTED]
Bull TrustWay RD
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
Contribution to openssl:
pkcs#11 engine for openssl-engine 0.9.6j
[EMAIL PROTECTED]
Bull TrustWay RD
__
OpenSSL Project http://www.openssl.org
Development Mailing List
In message [EMAIL PROTECTED] on Wed, 11 Jun 2003 09:21:49 +0200 (METDST), Charles B
Cranston via RT [EMAIL PROTECTED] said:
rt
rt Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom
rt
rt The rsa command fails strangely when attempting to use
rt both -passin fd:int and -passout
In message [EMAIL PROTECTED] on Wed, 11 Jun 2003 09:21:49 +0200 (METDST), Charles B
Cranston via RT [EMAIL PROTECTED] said:
rt
rt Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom
rt
rt The rsa command fails strangely when attempting to use
rt both -passin fd:int and -passout
or behavioural problems lurking that might have required the
memset in the first place. Should be in CVS shortly, and so the next
nightly snapshots too.
I've done some minimal manual testing of
openssl-0.9.7-stable-SNAP-20030611 using ubsec: it does fix the
regresssion, and I don't see any other
In message [EMAIL PROTECTED]
on Wed, 11 Jun 2003 09:21:49 +0200 (METDST),
I (Charles B Cranston via RT [EMAIL PROTECTED]) said:
Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom
The rsa command fails strangely when attempting to use
both -passin fd:int and -passout fd:int
Hi,
I used the joined shell to generate key pair on my crypto hardware, a CSR,
and make a self-signed certificate.
Regards
Afchine Madjlessi
- Original Message -
From: Gilad Finkelstein [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 11, 2003 4:21 PM
Subject: pkcs#11 engine
Hi All,
(B
(BI run SSL test server of OpenSSL0.9.7b by following command
(B
(Bopenssl s_server -www -cipher "ALL:!RC4:@STRENGH"
(B
(BI tried to browse this server by IE6.0.
(BHowever IE6.0 shows error "cannot display page ".
(B
(BI capture packets of this commucation.
(BServerHello was
On Wed, Jun 11, 2003 at 11:53:04PM +0900, [EMAIL PROTECTED] wrote:
I run SSL test server of OpenSSL0.9.7b by following command
openssl s_server -www -cipher ALL:!RC4:@STRENGH
I tried to browse this server by IE6.0.
However IE6.0 shows error cannot display page .
I capture packets of
Thank you!!
Your suggestion is correct.
I could solve this problem.
IE6.0 displayed following page with 3DES cipher-suite.
//Mas
--
s_server -cipher ALL:!RC4:@STRENGTH -www -bugs
Ciphers supported in s_server binary
TLSv1/SSLv3:EDH-RSA-DES-CBC3-SHA TLSv1/SSLv3:EDH-DSS-DES-CBC3-SHA
[EMAIL PROTECTED] - Wed Jun 11 09:21:46 2003]:
Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom
The rsa command fails strangely when attempting to use
both -passin fd:int and -passout fd:int together. My code was
openssl rsa -passin fd:5 -des3 -passout fd:7
and it was
I just committed a change, which will appear in tomorrow's snapshots.
Thanks for the report. Ticket resolved.
[levitte - Wed Jun 11 20:16:02 2003]:
[EMAIL PROTECTED] - Wed Jun 11 09:21:46 2003]:
Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom
The rsa command fails
Patch applied and committed. Thank you. Ticket resolved.
[EMAIL PROTECTED] - Sun Jun 1 16:35:09 2003]:
I've noticed that openssl installs the man page des_modes.7 and makes
three links to it called Modes.7, of.7, and DES.7 (because the title
is
Modes of DES).
To fix this, I have
Richard Levitte via RT wrote:
I've figured it out. The problem only occurs when the first passphrase
is longer than the second. In your example, you will see that the
output key (tpk.pem) really is protected with the passphrase
baaa (5 bs followed by 7 as).
Thanks, I would NEVER
I've no idea. I think you should ask in the Apache mailing lists, not
here.
I'm resolving this ticket.
[EMAIL PROTECTED] - Fri May 30 09:17:48 2003]:
hi,
For Apache version 2.0.42 (web server) which version
of openssl is compatible
Please kindly help me on this
from
athma
I've implemented ERR_set_mark() and ERR_pop_to_mark(), which can be used
for similar functionality. I'll look into ERR_disable() and
ERR_enable() as well, but that requires quite a lot more work.
If the implemented functions are enough for you for now, I'll resolve
this ticket.
[EMAIL
[EMAIL PROTECTED] - Fri May 16 12:54:13 2003]:
Hi All,
The X509_TRUST_OBJECT_SIGN, which is defined in crypto/x509/x509.h, is
not
included in the trstandard table defined in crypto/x509/x509_trs.c.
The
number of trust options and the number of entries and their order in
this
table should
I've added ean entry for X509_TRUST_OBJECT_SIGN in trstandard[]. Please
test tomorrow's snapshot.
[EMAIL PROTECTED] - Fri May 16 12:54:13 2003]:
Hi All,
The X509_TRUST_OBJECT_SIGN, which is defined in crypto/x509/x509.h, is
not
included in the trstandard table defined in
Ok.
Is there a new release soon? I would like to have it implemented
(ERR_disable/ERR_enable) by next release, I have no problem doing it, just
want to know if I have time to do it.
Frédéric Giudicelli
http://www.newpki.org
- Original Message -
From: Richard Levitte via RT [EMAIL
In message [EMAIL PROTECTED] on Wed, 11 Jun 2003 23:52:17 +0200, Frédéric Giudicelli
[EMAIL PROTECTED] said:
groups Ok.
groups Is there a new release soon? I would like to have it implemented
groups (ERR_disable/ERR_enable) by next release, I have no problem doing it, just
groups want to know if
Ok, I'll wait for you to tell me when the update on the error handling will
be done, I'll take it from there.
Frédéric Giudicelli
http://www.newpki.org
- Original Message -
From: Richard Levitte - VMS Whacker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday,
In message [EMAIL PROTECTED] on Thu, 12 Jun 2003 00:22:28 +0200, Frédéric Giudicelli
[EMAIL PROTECTED] said:
groups Ok, I'll wait for you to tell me when the update on the error
groups handling will be done, I'll take it from there.
If you mean to ask for when the new functions ERR_set_mark()
In message [EMAIL PROTECTED] on Wed, 11 Jun 2003 10:43:03 -0600, Verdon Walker
[EMAIL PROTECTED] said:
VWalker I have also applied the patch to the latest 0.9.8 development
VWalker snapshot. It applies (with the exception of changes to
VWalker hw_aep.c which does not exist in the 0.9.8 tree),
Patch applied and committed to 0.9.8-dev. Thanks. Ticket resolved.
--
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
__
OpenSSL Project http://www.openssl.org
Development Mailing
Patch applied and committed. Thanks. Ticket resolved.
[EMAIL PROTECTED] - Thu Apr 24 18:41:01 2003]:
managment - management
i diffed against openssl-0.9.7a.
jmc.
--- demos/engines/zencod/hw_zencod.h Tue Aug 13 14:26:40 2002
+++ hw_zencod.h.new Thu Apr 24 13:55:19
I fixed this a while ago. Ticket resolved.
[EMAIL PROTECTED] - Tue Apr 22 13:02:44 2003]:
Hi *,
I have just tried to build openssl-SNAP-20030421 on
a Solaris box and got an error (see below). Note:
this error does not occur in 0.9.7.
Regards,
Nils
OpenSSL self-test report:
I've addressed all three concerns with small changes. Please try
tomorrow's 0.9.7 snapshot, and report a bug report if you find them.
Ticket resolved.
[EMAIL PROTECTED] - Thu Apr 17 19:20:13 2003]:
Hi,
sorry, another issue, that seems not to be cleanly handled
(for more info about
Corrected. Thanks. Ticket resolved.
[EMAIL PROTECTED] - Thu Apr 17 19:18:35 2003]:
Hi!
openssl-0.9.6g/bugs/SSLv3:non-self-sighed CA which does not have it's
CA in netscape, and the
openssl-0.9.6g/doc/ssl/SSL_CTX_set_options.pod:non-self-sighed CA
which does not have it's CA in
I've added the two latest contributions to
http://www.openssl.org/contrib/.
--
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List
And oh, it might be interesting to port this to use the new STORE type
in 0.9.8-dev, which supports key generation...
[levitte - Thu Jun 12 03:27:57 2003]:
I've added the two latest contributions to
http://www.openssl.org/contrib/.
--
Richard Levitte
[EMAIL PROTECTED]
(B
(B
(B
(BHi,all
(B
(BI am studying the verifying of the OCSP response in Openssl v0.9.7b.
(BI find in the ocsp_find_signer() in ocsp_vfy.c , there is no search in the
(BX509 STORE for the signer certificate of the ocsp response.
(B(there is comment says /* Maybe lookup from store if
35 matches
Mail list logo