Re: [openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

On 11/18/2015 07:05 AM, Hubert Kario wrote: > So, a full CAdES-A, XAdES-A or PAdES-A implementation _needs_ to support > both relatively modern TLS with user certificates, preferably the newest > cryptosystems and hashes as well as the oldest ones that were > standardised and used. > > That

Re: [openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !

> We have no plans to do this. May be will put it into your plans ? > It would be nice to see something like this as a new open-source project. I am for that by both hands. Burt unfortunatelly I am not a well skilled programmer/developer and I will not do it. I can give the task for that for

Re: [openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !

Ø > We have no plans to do this. May be will put it into your plans ? Doubtful. We have lots of other work to do. Writing a full-strength database-backed OCSP responder is outside of our interests. ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4147] TSA: SHA-1 update

OpenSSL TSA (ts) code is still using SHA-1 message digest algorithm, in even two ways: * as default message digest algo in the time-stamp query (by default) * in the time-stamp reply/token signature (hard-coded) This pull request attempts to fix it: https://github.com/openssl/openssl/pull/474

[openssl-dev] [openssl.org #4148] PCKS1 type 1 Padding check error

Dear List, I have found a BUG in the function " RSA_padding_check_PKCS1_type_1 " The bug is reproducible in OpenSSL Versions 1.0.1e , 1.0.1p , 1.0.1k and also in 1.0.2d (these are the versions I've tried) . After Inspecting the source code the bug can still be found in the actual development

Re: [openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

On 11/18/15, 12:12 , "openssl-dev on behalf of Benjamin Kaduk" wrote: >On 11/18/2015 07:05 AM, Hubert Kario wrote: >> So, a full CAdES-A, XAdES-A or PAdES-A implementation _needs_ to >>support >> both relatively modern TLS with

Re: [openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

On Wednesday 18 November 2015 11:12:59 Benjamin Kaduk wrote: > On 11/18/2015 07:05 AM, Hubert Kario wrote: > > So, a full CAdES-A, XAdES-A or PAdES-A implementation _needs_ to > > support both relatively modern TLS with user certificates, > > preferably the newest cryptosystems and hashes as well

[openssl-dev] PBE_UNICODE

Hello OpenSSL Team, I use the openssl 1.0.2d. There is a commented out definition of the PBE_UNICODE define in the file pkcs12.h I expected it to be necessary for correct processing of the Cyrillic symbols in PKCS12 passwords, but my test shows that the password is correctly processed when the

[openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !

Is it possible to include at nearest developing plans ability of running OpenSSL at Ocsp responder mode as multithreading daemon (Linux) and service (Windows) ? That is to add -daemon switch in conjunction with ocsp and -index (which causes OSSL acting as responder) . And in such way OSSL will

Re: [openssl-dev] [openssl.org #4144] patch: Use '__sun' instead of 'sun' for strict ISO conforming, compiler/options

Le 17/11/15 19:47, Kurt Roeckx via RT a écrit : > On Tue, Nov 17, 2015 at 06:33:22PM +, Richard PALO via RT wrote: >> >> Strict ISO conforming compilers don't define 'sun', only __sun. > > Ah, I clearly misunderstood your earlier message. > > > Kurt > Sorry, perhaps it was a bit terse...

Re: [openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !

Ø Is it possible to include at nearest developing plans ability of running OpenSSL at Ocsp responder mode as multithreading daemon (Linux) and service (Windows) ? We have no plans to do this. It would be nice to see something like this as a new open-source project.

Re: [openssl-dev] [openssl.org #4145] Enhancement: patch to support s_client -starttls http

Please note my typo identified by a dev at httpd, Yann... A little note, probably some missing == here: +else if (meth = TLSv1_2_client_method()) +BIO_printf(fbio, "Upgrade: TLS/1.2\r\n"); +else if (meth = TLSv1_1_client_method()) +BIO_printf(fbio,

Re: [openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

On Wed, Nov 18, 2015 at 02:34:41PM -0600, Benjamin Kaduk wrote: > > No, of course not. But after letting people depend on this “single > > cryptographic library” for many years, telling them “too bad” isn’t very > > nice. > > I guess I'm just having a hard time wrapping my head around why, upon

[openssl-dev] Fwd: OpenSSL as OCSP server (responder) as multithreading daemon !

>> We have no plans to do this. May be will put it into your plans ? > Doubtful. We have lots of other work to do. Writing a full-strength database-backed OCSP responder is outside of our interests. Ok. In such situation, can you add ability of using multiple -CA, -rkey, -rsigner parameters of

Re: [openssl-dev] Fwd: OpenSSL as OCSP server (responder) as multithreading daemon !

Ø Ok. In such situation, can you add ability of using multiple -CA, -rkey, -rsigner parameters of trinity, at least ? Perhjaps someone will contribute a patch? ___ openssl-dev mailing list To unsubscribe: