The problem is the root CA uses MD2WithRSAEncryption as a
signature algorithm
and that is prohibited in FIPS mode.
I'm pretty ignorant when it comes to FIPS, is this a limitation of the
FIPS requirements itself or a limitation of OpenSSL's FIPS validation?
The former. FIPS does not allow the
> > The problem is the root CA uses MD2WithRSAEncryption as a
> > signature algorithm
> > and that is prohibited in FIPS mode.
> I'm pretty ignorant when it comes to FIPS, is this a limitation of the
> FIPS requirements itself or a limitation of OpenSSL's FIPS validation?
The former. FIPS does n
Finally, I'm getting X509_V_ERR_CERT_SIGNATURE_FAILURE errors when in
fips mode during SSL negotiation, but the same binary, simply telling
it via a config setting not to enter fips mode, works fine. This
is to ssl3.vitalps.net:5003, specifically, but I don't have any reason
to believe other addr
On Tue, Nov 18, 2008, Brad House wrote:
>>> Second, it doesn't describe which version of the OpenSSL API that the
>>> newly-validated module supports. (in this case, it supports v0.9.8
>>> (and requires 0.9.8i onward), but I dunno about 0.9.7?) Providing
>>> compatibility with a version bump in t
The "OpenSSL FIPS Object Module", a software component compatible with
the OpenSSL API, has been FIPS 140-2 validated
I don't think it's been said yet, but thanks for everyones
hard work on this!
-Brad
__
OpenSSL Project
Second, it doesn't describe which version of the OpenSSL API that the
newly-validated module supports. (in this case, it supports v0.9.8
(and requires 0.9.8i onward), but I dunno about 0.9.7?) Providing
compatibility with a version bump in the API is significant enough
that it should be called ou
On Nov 11, 2008, at 12:28 AM, Sander Temme wrote:
On Nov 2, 2008, at 9:19 AM, Sander Temme wrote:
The following compiles and tests cleanly on trunk and on the latest
snapshot of 0.9.8-stable (with offset 1 in e_chil.c). Also
attached to prevent line wrap:
Ping?
Any chance to squeeze
On Tue, Nov 18, 2008, Kyle Hamilton wrote:
>
> Second, it doesn't describe which version of the OpenSSL API that the
> newly-validated module supports. (in this case, it supports v0.9.8
> (and requires 0.9.8i onward), but I dunno about 0.9.7?) Providing
> compatibility with a version bump in the
I dunno who I'm supposed to give feedback to, but this format of FIPS
announcement needs some work.
First, the subject line doesn't say anything about the version of the
FIPS module that has been validated. (In this case, it should be
something like "OpenSSL FIPS 140-2 validation for module v1.2"
Hi all,
I am working on a multi threaded OCSP server based on OpenSSL. When I
switched from multi-process server (fork()) to a multi-threaded version
I got strange errors (segfaults).
I tracked down the problem, and the error seems to be within the openssl
libs - in particular in the OCSP_basic_
Good news for developers and vendors of software for the U.S. and
Canadian government market where FIPS 140-2 validated cryptography is
required.
The "OpenSSL FIPS Object Module", a software component compatible with
the OpenSSL API, has been FIPS 140-2 validated (see certificate #1051
and Securit
On Tue, 18 Nov 2008 14:25:53 +0100 Yathish Shivanna
<[EMAIL PROTECTED]> wrote:
>It is required in the project to use the PSK-TLS auth. Offical
>OpenSSL
>from openssl.org does not support this authentication. Expecting
>PSK-TLS
>release in 0.9.9
Last time I looked it was in CVS version and it w
It is required in the project to use the PSK-TLS auth. Offical OpenSSL
from openssl.org does not support this authentication. Expecting PSK-TLS
release in 0.9.9
Please can anyone tell when will 0.9.9 be released.
Thanks,
Yathish.H.S
Senior Engineer - Software
SASKEN BUSINESS DISCLAIMER
--
OS: OpenBSD, Linux
OpenSSL version: 0.9.7j - 0.9.7m
Snippet from crypto/x509v3/v3_alt.c
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
{
[...]
if(ctx->flags == CTX_TEST) return 1;
if(!ctx || (!ctx->subject_cert && !ctx->subject_req))
[...]
As you
Hi,
Can I know how Asynchronous WinCE socket I/O ( using WSAEventSelect) can be
achieved using Openssl?
Thanks in advance...
BR,
Irshad.
Hi,
I've a simple program (used as a stress tool) that creates a number of
threads, and uses a shared SSL_CTX to create an SSL object for each
thread. My understanding of the threading model is that this fits with
the intended thread-safety model of the library.
Sporadically, I get "SSL_R_WRO
Resent to request tracker.
OS: Linux
OpenSSL version: 0.9.8i
When running speed tests on multiple processes and using buffered output
(e.g. to a file),
openssl speed rsa1024 -multi 8 > result
the child processes inherit pending buffered output from the parent process,
which in turn they send ba
17 matches
Mail list logo