On Fri, Nov 03, 2000 at 01:45:59PM +0100, Villy Kruse wrote:
On Wed, 1 Nov 2000, Lutz Jaenicke wrote:
If you are using shared libraries, you either have to recompile your
application or must make sure, that the correct shared library is being
used. This is typically assured by including
Hi!
I have just (successfully) tried to build openssl with shared libraries
for HP-UX 10.20 using the new build-shared options.
Two small corrections (not related to shared libs :-) were necessary.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU
. Then later, the application can be linked with +b and/or +s
option to specify the place where to search for the shared libraries.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl
and build $ENGINE_PATH/name_of_engine when calling shl_load()
and/or the application calls some engine_setup(shared_lib_path) and
this shared_lib_path is then used when constructing the complete
path name to the shared library...
Best regards,
Lutz
--
Lutz Jaenicke
(and hence the return value _must_not_ be "const char *").
Sorry, couldn't resist :-)
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Te
On Wed, Nov 08, 2000 at 10:15:36AM +0100, Richard Levitte - VMS Whacker wrote:
From: Lutz Jaenicke [EMAIL PROTECTED]
Lutz.Jaenicke I have not looked into the engine code. It should
Lutz.Jaenicke however be possible to perform some string processing
Lutz.Jaenicke inside OpenSSL to generate
ave extended
the documentation.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-
for HP-UX enabled and have SHLIB_PATH evaluated in order
to make life easier for application devlopers.
(LD_LIBRARY_PATH is evaluated for dlopen() anyhow, so there is no additional
risk involved for SHLIB_PATH.)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
B
e degradation may occur.
I am however not sure, whether "-w" is also recommendable for other
platforms.
Opinions?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allg
orks great,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 3
On Tue, Nov 14, 2000 at 02:14:31PM -0600, Albert Chin-A-Young wrote:
On Mon, Nov 13, 2000 at 04:48:48PM +0100, Richard Levitte - VMS Whacker wrote:
From: Lutz Jaenicke [EMAIL PROTECTED]
Lutz.Jaenicke The install-target will install the shared libraries
Lutz.Jaenicke with permission &quo
compiler since 9.x, the bundled
compiler is only for building the kernel.
You must either buy HPs ANSI C compiler or install gcc (can be obtained
from the HPUX Software Porting and Archive Center at
http://hpux.connect.org.uk/
Best regards,
Lutz
--
Lutz Jaenicke
(this includes DSA ciphers) will only be chosen, if DH parameters are set...
What OpenSSL does not offer is a server-side "cipher choice" callback.
The client sends a list of ciphers and an openssl server will always choose
the first of the ciphers it does support.
Best regards,
Lut
key and certificate is already there with
SSL_CTX_check_private_key() but having a SSL_CTX_check_cert_chain()
might make tracking down problems much easier. This is not a promise
that I am going to write such a beast (at least not within a guaranteed
schedule :-).]
I hope this clarifies thing
_ learning that there is no client certificate!?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaet
, the same applies for the "outside OpenSSL" approach,
call SSL_set_cipher_list() as appropriate.
Inside OpenSSL, you should have a look into the ssl3_choose_cipher()
function.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
eople can and will work around the PRNG-needs-seed
problem and use bad seeding.
Now, we can discuss whether the design decision is a good one, and with the
side effect given on windows (a startup time of a client of 1 minute as you
described is not acceptable) I think that it will be reconside
or directory
make[1]: Leaving directory `/home/vswami/kde-download/openssl-0.9.5a/crypto'
make: *** [all] Error 1
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
duce your
setup.
Having this said, and I don't think the configuration for HP-UX 64bit
has changed significantly between versions, OpenSSL 0.9.6 is available
for some time.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http:/
http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz
), but the directory structure is not portable enough.
- /etc/egd-socket?
(I would not use /dev as this is for device files only (and might lead
to trouble on Linux-2.4 not even having a real /dev directory).)
Comments? Booohs? Hoorays?
Hooray, that may reduce the unnecessary traffic on openssl-* :-)
Best
On Sat, Jan 06, 2001 at 08:48:09PM +0100, Richard Levitte - VMS Whacker wrote:
From: Lutz Jaenicke [EMAIL PROTECTED]
Lutz.Jaenicke On Fri, Jan 05, 2001 at 09:49:56PM +0100, Richard Levitte - VMS
Whacker wrote:
Lutz.Jaenicke I don't know how select() would act on a regular
Lutz.Jaenicke file
to recompile.
Let's rather add a list of places and have this static; stop on success.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
quot;hard error"). In case of a hard error, the
error message is located on the stack.
Maybe you have to extend libwww to provide this additional error information.
Maybe the server has just closed down the connection.
Regards,
Lutz
--
Lutz Jaenicke [EMAIL PR
+ seeding like with /dev/[u]random will be performed.
+ Positions tried are: /etc/entropy, /var/run/egd-pool.
+ [Lutz Jaenicke]
Is /etc/entropy a standard location for EGD? Otherwise, and maybe
even if it is, I'd prefer an explicit file name such as /etc/egd-pool
instead
s libsafe does not run on SuSE
Linux 6.4, I cannot try myself. There was a short discussion on the
SuSE-security mailing list about libsafe, the result was not very much
in favor of libsafe; SuSE does not include it into the distribution.)
Best regards,
Lutz
--
Lutz Jaenicke
snapshot as there is no
2.3.1p1 version of OpenSSH.)
I run 2.3.0p1 in production on both HP-UX and Linux (OpenSSL 0.9.6) and never
met the problem you describe...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
).
It does use much less machine dependent settings.
Of course, if your appointment is explicitly to work with OpenSSL...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl
) ...
to check whether the certificate passed verification...
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D
client certificate is not used any where
other than establishing the new session..
No, it is not used in the handshake again (that's why it must be kept inside
the stored session).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
On Tue, Jan 23, 2001 at 10:51:27AM +, Ben Laurie wrote:
Lutz Jaenicke wrote:
On Mon, Jan 22, 2001 at 04:41:41PM -0800, Nagaraj Bagepalli wrote:
Thanks for your response. If I understand this correctly, certificate
is stored in the session table so that application can retrieve
.. you get the picture. This is one of the reasons that it
OpenSSL only stores the peer's certificate but not the rest of the chain.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
to 2.95.2 and it also works.
I strongly recommend you to get rid of gcc-2.8.1 and install 2.95.2
instead.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine
:-)
Did I miss something?
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49
on installation and use.
Sincere regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
be of type
SSLv2, even if both the server and the client could do better.
+1 to change this in both current and stable.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl
On Fri, Mar 02, 2001 at 12:30:05PM +0100, Richard Levitte - VMS Whacker wrote:
From: Lutz Jaenicke [EMAIL PROTECTED]
Lutz.Jaenicke The (needed) fix should have one side effect (from
Lutz.Jaenicke conclusion, I did not try it): Since the SSL_connect()
Lutz.Jaenicke is now performed
, the bug should also
affect it. Maybe the change should also be recorded to the changelog.
Best,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~jaenicke/
__
OpenSSL Project
On Tue, Mar 13, 2001 at 10:15:24PM +0100, Richard Levitte - VMS Whacker wrote:
From: Lutz Jaenicke [EMAIL PROTECTED]
Lutz.Jaenicke Hmm. The DSO code was considerably changed for the
Lutz.Jaenicke 0.9.7 version and changes are not completed yet
Lutz.Jaenicke (additional security aspects must
On Tue, Mar 13, 2001 at 10:56:44PM +0100, Richard Levitte - VMS Whacker wrote:
From: Lutz Jaenicke [EMAIL PROTECTED]
Lutz.Jaenicke 1.10 breaks existing functionality, since once ".sl" is
Lutz.Jaenicke used, ".so" crypto engines will not be loaded any
Lutz.Jaenicke l
)
n bytes were sent;
If (nBytesSent == 0)
connection was closed with SSL shutdown alert (clean close);
else
call SSL_get_error() and check the error stack to find out what is going on;
man SSL_get_error, ERR_get_error.
Best regards,
Lutz
--
Lutz Jaenicke
romFile106
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
Lutz Jaenicke [EMAIL PROTECTED]
B
ename) + len(extension);
the second "len()" is obviously wrong and should be strlen().
The warning on line 98 seems to be caused by a longint conflict in
the return types.
I'll investigate further and check in a fix.
Many thanks,
Lutz
--
Lutz Jaenicke
On Thu, Mar 22, 2001 at 10:07:36AM +0100, Lutz Jaenicke wrote:
cc -I.. -I../../include -DTHREADS -D_REENTRANT -DDSO_DL +O3
+Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W
- -DMD32_XARRAY -c dso_dl.c
cc: "dso_dl.c", line 98: warning 604: Pointers are not
the old passphrase, you can use the "openssl rsa" command
to modify passphrases.
If you have lost or forgotten the old passphrase, you of course cannot
recover the key (otherwise we could stop working on cryptography :-).
Best regards,
Lutz
--
Lut
es that set the new encryption (or none when not specified).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
U
changes :-).
I did not check the details, but at least cyrus-sasl uses the DES part
of OpenSSL, if found.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine
on less
common platforms), and report any problems to [EMAIL PROTECTED].
Passed (normal and engine) on HP-UX 10.20 with both HP ANSI-C and gcc-2.95.2.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE
r a cipher with DSA authentication, a DSA certificate must be present
on the server side. All DSA ciphers and some RSA ciphers (with EDH)
also do need DH parameters. Openssl s_server has built in DH-parameters,
so the last point cannot be your problem.
Best regards,
Lutz
--
Lut
then their initialization to 0 is nowhere enforced...
I have never dealt with the "openssl enc" command so I'll have to look
into it deeper before actually realizing a change.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
compiler or install gcc.
gcc for HP-UX 11 is available for free from HP's download site at
http://devresource.hp.com/.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine
internally
inside pem_lib.c , on line 451 , line
PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT) .
Hmm. I just had a look into the source and would guess, that something
is odd with the passphrase. Unfortunately you do not supply your password_cb.
Best regards,
Lutz
--
Lutz Jaenicke
as a backup entropy source for openssl genrsa.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
dsa:deleteme.param -keyform DER -new -x509 -nodes
Because the -new overrides the -newkey option. -new has RSA hardcoded
and as it is processed later in the list, its setting gets preference.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49
it: are you already using the latest version and/or
can this problem be reproduced with it?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
indicate that it is
fixed in later versions...
Reading this ethereal printout is a bit hard. Can you supply the dump
in tcpdump binary format so that it can be further processed e.g. with
ssldump?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
On Mon, Jul 23, 2001 at 11:20:17AM +0200, Lutz Jaenicke wrote:
On Sun, Jul 22, 2001 at 05:57:21AM +, a y wrote:
HMTL-gibberish...
This indicates that there is a b missing in an `fopen(...,w)' that
should read `fopen(...,wb)', such that a LF is transformed to CR/LF.
I suppose you
Please check out the SSL_CTX_set_cipher_list manual page (use the online
version at http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html,
as I have just updated the information with respect to this error message).
Best regards,
Lutz
--
Lutz Jaenicke
please don't expect
binary compatibility coming soon.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
it, it
sais the following:
(make pid):error:0A7071003:dsa routines:DSA_do_verify:BN lib:dsa_ossl.c:305
Does anyone have an idea?
Yes. At least post your operating system and compiler information :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED
to be extended to save
the additional information.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3
has already been checked in this morning.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3
into the object, but it is actually never used.
This seems to be a bug :-)
I'll have to go through this again to make sure that I did not miss
anything and then consider the best strategy to solve this problem.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU
of this array into the
X509 and load it using SSL_CTX_use_certificate().
(OpenSSL rsa does not have a -C option, so transferring it into an array
is left as an exercise to the reader :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http
.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax
something
There is a manual page for SSL_CTX_use_certificate in my copy of OpenSSL.
A manual page for d2i_X509 does not exist, but the handling of all
d2i_* functions is similar, so you can use the description of
d2i_SSL_SESSION.
Good night,
Lutz
--
Lutz Jaenicke
,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
On Thu, Aug 16, 2001 at 09:15:36AM -0500, Stephen Hinton wrote:
This is the first patch I've submitted for OpenSSL. Feedback about what I
did wrong (and what I did right) is appreciated.
Well done. Patches have just been applied.
Best regards,
Lutz
--
Lutz Jaenicke
anybody have an idea on why this distinction is being made?
It doesn't make sense to me. (If nobody has an idea on why it should not be
public, I will make it public.)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
. One better
should not work on Sundays. (fixed)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
an appropriate note tomorrow.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D
specs don't set this limit, but rather allows 2^24 certificates.
I understand the need to have some practical limit, but it should be
setable by the application at run time.
To be considered.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU
!
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
On Fri, Aug 24, 2001 at 06:31:56PM -0700, Doug Kaufman wrote:
On Fri, 24 Aug 2001, Lutz Jaenicke wrote:
On Thu, Aug 23, 2001 at 02:21:27PM -0500, Douglas E. Engert wrote:
! #if defined(MSDOS) !defined(WIN32)
! 1024*30, /* 30k max cert list :-) */
! #else
will therefore be part of the next release.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D
an undocumented -Fl option (at least on 10.20).
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
On Sat, Aug 25, 2001 at 01:59:24PM +0200, Lutz Jaenicke wrote:
I'll add it to the TODO list. If we change this to a dynamic limit,
we could start with 16kB (platform independant) and then applications
may decide at will. 16kB should be sufficient in most cases, because
the construct
the shared
library support from 0.9.7-dev to 0.9.6x?
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D
supply a patch, we will strongly consider applying it :-)
Please only take care of the current development snapshot (0.9.7-dev).
The development for 0.9.6c is more or less finished and for compatibility
reasons we should leave this point as is.
Best regards,
Lutz
--
Lutz Jaenicke
somewhat
complicated (besides building with +O4=optimization at link time)...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel
not count
it as a really unpredictable input.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3
On Wed, Nov 14, 2001 at 10:59:57AM -0800, Michael Sierchio wrote:
Lutz Jaenicke wrote:
The entropy parameter should tell, how much uncertainty is in the
data provided.
If we choose a value of 0, we mean that there may be entropy in it, but
maybe an attacker can predict the value, so
.
Thanks, I have rephrased the corresponding paragraph.
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3
() to obtain the
X509 objects. You can then simply write them to file using the
PEM_write_X509()/PEM_write_bio_X509() function.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl
have any problems due to this behaviour?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz
for consistency with
other messages.
Will be fixed in a minute.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
to your needs, as it is intended for application and not for testing?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69
it to this list :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
On Tue, Oct 16, 2001 at 02:30:03PM +0100, Adam Back wrote:
On Sun, Oct 14, 2001 at 06:19:30PM +0200, Lutz Jaenicke wrote:
[...]
* If you have any patch to submit that will improve the behaviour of
s_client you are most welcome to post it to this list :-)
OK, here you go, someone
X509_STORE_CTX_set_verify_cb() introduced
to allow the necessary settings.
[Lutz Jaenicke]
The fix will be available in 0.9.6c (due out in the next days!?) and 0.9.7.
Nevertheless: thanks for your effort!
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU
be detectable...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
an insight into other peoples work.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044
. Just increasing buffer allocations only hides the problem,
it does not solve it.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
On Thu, Dec 13, 2001 at 10:06:45AM +0100, Srikanta Nayak wrote:
How openSSL will looks EGD ? Is there any such documentation available on net
related to it?
http://www.openssl.org/support/faq.html#USER1
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
been read
by PEM_read_X509().
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044
of X509_STORE_CTX_get_error(ctx); is
significant.
If not sure, you should start without a callback function and see,
whether the certificate verification fails (it should).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
however can offer you the standard
answer for cases without sockets: use BIO-pairs. This way you have
full control over the complete I/O process.
I do use BIO-pairs in my Postfix/TLS patchkit available at
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/
Best regards,
Lutz
--
Lutz
.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax
301 - 400 of 705 matches
Mail list logo
