Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

> I.e., between compiler non-C11 atomic intrinsics, C11 intrinsics, OS atomic > function libraries, and portable open-source atomics libraries, we can cover > almost all the bases. Agreed. > We have a surfeit of options, not a dearth of them. I don't think lack of > atomics primitives is

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

On Tue, Dec 15, 2015 at 01:24:12PM +0100, Florian Weimer wrote: > * Nico Williams: > > > On Tue, Dec 08, 2015 at 11:19:32AM +0100, Florian Weimer wrote: > >> > Maybe http://trac.mpich.org/projects/openpa/ would fit the bill? > >> > >> It seems to have trouble to keep up with new architectures. >

Re: [openssl-dev] Need Steps to build FIPS Enabled openssl for Solaris 64 bit sparc machine.

Hello OpennSSL Experts, Someone please share the steps to build FIPS enabled openssl for Solaris 64 bit sparc machine. Actually, I have successfully built it on Linux platform. But on Solaris i have tried many steps using gcc and solaris sun studio compilers but i could not able succeed. also i'm

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

On Tue, Dec 15, 2015 at 09:57:32AM -0600, Benjamin Kaduk wrote: > On 12/15/2015 06:43 AM, Kurt Roeckx wrote: > > On Tue, Dec 15, 2015 at 01:24:12PM +0100, Florian Weimer wrote: > >> Using C++11. > > I think this is a relevant article: > >

[openssl-dev] Cannot verify self-signed certificates?

It appears that openssl verify refuses to deal with self-signed certificates? Is it the expected/intended behavior? I can easily imagine circumstances when a user would be happy with a “partial” validation, i.e. with validating as much as practically possible – like consistency, correctness of the

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

On Tue, Dec 15, 2015 at 09:57:32AM -0600, Benjamin Kaduk wrote: > On 12/15/2015 06:43 AM, Kurt Roeckx wrote: > > On Tue, Dec 15, 2015 at 01:24:12PM +0100, Florian Weimer wrote: > >> * Nico Williams: > >> Not on Windows. > >> > >>> What's the alternative anyways? > >> Using C++11. > > I think this

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

On Tue, Dec 15, 2015 at 06:15:32PM +, Salz, Rich wrote: > > I.e., between compiler non-C11 atomic intrinsics, C11 intrinsics, OS atomic > > function libraries, and portable open-source atomics libraries, we can cover > > almost all the bases. > > Agreed. Thanks. This is helpful. I now

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

On Tue, Dec 15, 2015 at 07:54:35PM +0100, Kurt Roeckx wrote: > Also, if you want to use atomics we really want the C11 / C++11 > memory model which prevents certain important optimazations. Right, because compilers can reorder some operations. But we've been living with this pre-C11 for decades.

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

* Nico Williams: > On Tue, Dec 08, 2015 at 11:19:32AM +0100, Florian Weimer wrote: >> > Maybe http://trac.mpich.org/projects/openpa/ would fit the bill? >> >> It seems to have trouble to keep up with new architectures. > > New architectures are not really a problem because between a) decent >

[openssl-dev] [openssl.org #1222] Please introduce versioned symbols

This feature is now available in master (1.1.0). Closing this ticket. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Cannot verify self-signed certificates?

On Tue, Dec 15, 2015 at 08:04:45PM +, Blumenthal, Uri - 0553 - MITLL wrote: > It appears that openssl verify refuses to deal with self-signed > certificates? You mean the command-line utility? $ openssl x509 -in rootcert.pem -subject -issuer subject= CN = Root CA issuer= CN =

Re: [openssl-dev] Cannot verify self-signed certificates?

>>If I want to “partially” verify a certificate via the command-line >>utility >> - e.g. when I don’t have the issuing certificate at hand, is there a way >> to tell openssl tool to go just as far as it can *without* climbing up >>the >> cert chain? I understand and agree that it significantly

[openssl-dev] Behavior of OpenSSL EC API regarding point setting

Hi, I experienced some features of the OpenSSL API regarding elliptic curves that I find quite unusual and I want to ask whether that's intended. It's regarding these functions to set curve coordinates: EC_POINT_set_affine_coordinates_GFp EC_POINT_set_compressed_coordinates_GFp It is possible

Re: [openssl-dev] Cannot verify self-signed certificates?

I have actually asked a variant on this question in the path, I would rephrase it as I have a certificate chain which doesn't go all the way back to a self-signed cert. But I "trust" the highest certificate in the chain that I have; is there a way of telling openssl that once it hits this

Re: [openssl-dev] Cannot verify self-signed certificates?

> On Dec 15, 2015, at 5:00 PM, Nounou Dadoun wrote: > > I have actually asked a variant on this question in the path, I would > rephrase it as I have a certificate chain which doesn't go all the way back > to a self-signed cert. But I "trust" the highest

Re: [openssl-dev] Cannot verify self-signed certificates?

On 12/15/15, 17:51 , "openssl-dev on behalf of Viktor Dukhovni" wrote: >>On Dec 15, 2015, at 5:30 PM, Blumenthal, Uri - 0553 - MITLL >> wrote: >> >>$ openssl verify --help >> usage: verify [-verbose]

Re: [openssl-dev] Cannot verify self-signed certificates?

> On Dec 15, 2015, at 5:30 PM, Blumenthal, Uri - 0553 - MITLL > wrote: > > Also, in your next email you mention “openssl verify -partial_chain”. > Alas, I don’t see this option: > > $ openssl version > OpenSSL 1.0.2e 3 Dec 2015 > $ openssl verify --help > usage: verify

Re: [openssl-dev] Cannot verify self-signed certificates?

On Tue, Dec 15, 2015 at 10:56:59PM +, Blumenthal, Uri - 0553 - MITLL wrote: > $ openssl verify -verbose -CAfile ~/Certs/RabbitMQ_CA.pem -partial_chain > -purpose sslclient RabbitMQ_Dev.pem > RabbitMQ_Dev.pem: OK Well if that CAfile yields a path to a root CA, the "-partial_chain" option

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

On 12/15/2015 06:43 AM, Kurt Roeckx wrote: > On Tue, Dec 15, 2015 at 01:24:12PM +0100, Florian Weimer wrote: >> * Nico Williams: >> Not on Windows. >> >>> What's the alternative anyways? >> Using C++11. > I think this is a relevant article: >

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

On Tue, Dec 15, 2015 at 01:24:12PM +0100, Florian Weimer wrote: > * Nico Williams: > > > On Tue, Dec 08, 2015 at 11:19:32AM +0100, Florian Weimer wrote: > >> > Maybe http://trac.mpich.org/projects/openpa/ would fit the bill? > >> > >> It seems to have trouble to keep up with new architectures. >

[openssl-dev] [openssl.org #4181] Error building openssl with REF_PRINT

Hello OpenSSL team, I get errors when I build openssl 1.0.2e with -DREF_PRINT -DREF_CHECK ./config -ggdb -DREF_PRINT -DREF_CHECK make ec_key.c: In function 'EC_KEY_free': ec_key.c:115:14: error: called object is not a function or function pointer REF_PRINT("EC_KEY", r); ^

Re: [openssl-dev] Cannot verify self-signed certificates?

On 12/15/15, 15:34 , "openssl-dev on behalf of Viktor Dukhovni" wrote: >On Tue, Dec 15, 2015 at 08:04:45PM +, Blumenthal, Uri - 0553 - MITLL >wrote: >> It appears that openssl verify refuses to deal with self-signed >>

Re: [openssl-dev] [openssl.org #3198] [PATCH] Fix missing NULL pointer checks and memory leaks in crypto/asn1 files

On 10/06/14 21:48, Jonas Maebe via RT wrote: > On 13/12/13 11:54, The default queue via RT wrote: > >> In attachment you can find 7 patches against git master (generated via git >> format-patch) to fix a number of memory leaks (in case of failures) and >> missing NULL pointer checks (generally

[openssl-dev] [openssl.org #4182] Error in generating my certificate

Dear Sirs I have run the open ssl The first step has executed successfully: OpenSSL> genrsa 1024 > myID -key.pem But when attempt to execute the next step which is req -new -days 365 -key myID -key.pem -out myID -csr.pem Then the following error appear so Please please advise regarding this