At 11:54 04.04.2002 -0700, you wrote:
Hi folks, how can one limit and enforce the the key size that can be
generated and used by openSSL and related utilities. The enforcement
has to happen on multiple levels,
1. At generation.
See http://www.openssl.org/docs/apps/openssl.html
2. Loading
At 17:54 08.04.2002 -0400, you wrote:
Received this error after trying to generate key pair using openssl
syntax : openssl req -new -nodes -keyout private.key -out public.csr.
Error:
demo1# openssl req -new -nodes -keyout private.key -out public.csr
Using configuration from
At 10:20 16.04.2002 +0100, you wrote:
If I build openssl with CHARSET_EBCDIC not defined, it fails to recognise a
certificate, presumably because it fails to find the -BEGIN
CERTIFICATE- string. With CHARSET_EBCDIC defined, I get a Base64
decode error, presumably because the encrypted
At 15:16 28.05.2002 -0600, you wrote:
Has anyone seen anything like this that we could leverage off? Is there
any source code we could use as a model or even a general discussion of
the architecture that we could use in writing our own server that would
be optimized to handling as many handshakes
At 15:30 25.03.2003 +0100, you wrote:
i've a problem compiling open ssl o.9.4. See the following output:
YA7:ffpbld : /eu/ffp/archive/src/openssl-0.9.4 make
making all in crypto...
make[1]: Entering directory `/eu/ffp/archive/src/openssl-0.9.4/crypto'
( echo #ifndef MK1MF_BUILD; \
echo
Goetz Babin-Ebell wrote:
Jostein Tveit wrote:
Goetz Babin-Ebell [EMAIL PROTECTED] writes:
is the NISCC test suite that found the ASN.1 bugs in OpenSSL
somewhere available ?
This was the answer I got when I contacted NISCC some days after the
ASN.1
bug was discovered:
: NISCC has a policy of
Omprakash wrote:
Hello everybody,
I have two symmetric key encryption algorithms Camellia and Seed which
is
properly integrated and tested with openssl 0.9.6j, which i did it for my
project. Will openssl interested in integrating these algorithm with those
standard list it already have. If
Victor B. Wagner wrote:
Is there somebody involved in development of mod_ssl module for Apache?
Probably the mod_ssl mailing list is a better place for finding such
person(s), see http://www.modssl.org/support/.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
JBYTuna via RT wrote:
When an OpenSSL server built on z/OS is using client verification, the
following error is incurred:
0x140890b2 - error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned
From tracing, we found the correct certificate was being returned. We found
JBYTuna wrote:
Oh my. So, these patches have not been incorporated? Will they ever get
incorporated?
I get once or twice a year this question, but every time i have to
answer: i don't know.
We did not know these patches existed. We've been chasing this problem for a
couple of years
Thomas Schweikle wrote:
Hi!
can anyone give me a hint where to look on how I open an openssl
encripted socket bound to a specific interface? I found
bind(address), but do not have a clue on how it is used correctly!
First: the openssl-users mailing list would have been more appropriate.
You
dean gaudet wrote:
On Thu, 15 May 2008, Geoff Thorpe wrote:
I forgot to mention something;
If you're using an up-to-date version of openssl when you see this (ie. a
recent CVS snapshot from our website, even if it's from a stable branch for
compatibility reasons), then please post
Richard Stoughton wrote:
On Tue, May 20, 2008 at 12:09 AM, Bodo Moeller [EMAIL PROTECTED] wrote:
As far as I can understand the code, the suggested usage pattern for
the RNG would be
ssleay_rand_bytes(ssleay_rand_add ^ n) with n 0.
If consecutive calls to ssleay_rand_bytes without
Mirsad Todorovac via RT wrote:
Dear Mr. Cristoph Martin,
I saw you are the supporter for openssl package.
Afaik Mr. Martin is (beside Mr. Roeckx) supporter for the *Debian*
OpenSSL package, so if you want to address specifically Mr. Martin, you
should try a Debian mailing list. If on the
mclellan, dave via RT wrote:
Hi everyone: we are a little new to OpenSSL, and recently upgraded our
distribution to 9.7c. I'm building on a BS2000 host. Everything
builds
happliy, and make test runs for a while, then starts reporting errors in
MD4
tests.
Before I start digging, I'd like to
Because Evan Jennings asked in openssl-users for EBCDIC patches for the
0.9.7 branch, i post here my collection of EBCDIC patches for 0.9.7c.
This collection comprises also the (slightly extended) patches from
Howard Chu posted here some months ago.
Because requests for the EBCDIC patches occur
Robert Urban wrote:
I'm wondering if the following but has been found and fixed. If so,
I'd really like to know about it.
backtrace:
- stunnel dies on a SIGSEGV
We have a similar problem on a SOLARIS/SPARC machine. A workaround is
the removal of the calls of ENGINE_load_builtin_engines and
In crypto/engine/eng_table.c the size of the accessed stack is not
checked, so regularly non-existent stack elements are tried to access.
Surprisingly often this does not crash (and all seems to function
perfectly), but sometimes it does, as expected. My problems in
connection with stunnel can
Cosmin Moldovan wrote:
Im not sure about the correct usage pattern of the stack structures, but
I think that this is a bug, found in openssl 0.9.7d, in
crypto/stack/stack.c. The function sk_insert does not initialize the
newly allocated pointers, when it reallocs the data array (lines 146-154).
Rüdiger Plüm wrote:
are there any plans to add support for rfc3546 (Transport Layer Security (TLS)
Extensions),
especially Server Name Indication to openssl in the near future?
See the mail in this list from Peter Sylvester with the subject TLS
Extension support - Server Name Indication
DALE REAMER wrote:
I should explain further. The client is using openssl, the server is on
firmwware and cannot use openssl. The server developer has rc4 code and we want
to verify the encryption phase after the handshake phase. If I could give him
separately(offline) the session secret
Because Evan Jennings asked in openssl-users for EBCDIC patches for the
0.9.7 branch, i post here my collection of EBCDIC patches for 0.9.7c.
This collection comprises also the (slightly extended) patches from
Howard Chu posted here some months ago.
Because requests for the EBCDIC patches occur
In the error checks which have added to crypto/rsa_eay.c in version 0.9.7l
RSAerr is called in function RSA_eay_public_encrypt with the first parameter
RSA_F_RSA_EAY_PUBLIC_DECRYPT and in function RSA_eay_public_decrypt with the
first parameter RSA_F_RSA_EAY_PUBLIC_ENCRYPT.
--
Dr. Richard W.
23 matches
Mail list logo
