land" are stuck with
"legacy" proxies for some time. It would be a shame if we cannot use
OpenSSL 1.1+ on the grid.
JM2CW,
JJK / Jan Just Keijser
PS I'm a co-worker of Mischa Salle
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
rmine which flags were set during certificate
verification?
thanks for any pointers or advice,
JJK / Jan Just Keijser
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
?
thanks for any pointers or advice,
JJK / Jan Just Keijser
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
is is off-topic for this list, but I cannot email you directly. You
could try reading up at
http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-3.html
or any other hit that comes up when searching for "linux shell stderr
redirect"
HTH,
JJK
> -Original Message-----
> From: Ja
for this list, but I cannot email you directly. You
could try reading up at
http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-3.html
or any other hit that comes up when searching for "linux shell stderr
redirect"
HTH,
JJK
-Original Message-----
From: Jan Just Keijser via RT
Hi,
On 18/07/16 18:39, Lapprich, Harold via RT wrote:
> To Whom It May Concern,
>
> openssl version -a:
>
> OpenSSL 1.0.2a 19 Mar 2015
>
> built on: reproducible build, date unspecified
>
> platform: linux-ppc
>
> options: bn(64,32) rc4(ptr,char) des(idx,risc1,16,long) blowfish(idx)
Hi,
On 18/07/16 18:39, Lapprich, Harold via RT wrote:
To Whom It May Concern,
openssl version -a:
OpenSSL 1.0.2a 19 Mar 2015
built on: reproducible build, date unspecified
platform: linux-ppc
options: bn(64,32) rc4(ptr,char) des(idx,risc1,16,long) blowfish(idx)
compiler:
appearance of the check_issued callback is
worrisome, as that callback is crucial for verifying proxy certificates.
How should I modify my code so that it builds and links with openssl 1.1.0?
thx for any pointers,
JJK / Jan Just Keijser
$ gcc -I openssl-1.1.0-pre5/include -o grid-proxy-veri
r for my application were verified.
>
>
FWIW: I've downloaded and built openssl-1.0.1s on my EL 5.11 box in both
32bit and 64bit mode (I needed to hack ./Configure for that, BTW). The
resulting
openssl x509 -hash
command prints out the exact same hash for both the 32bit and 64b
on my EL 5.11 box in both
32bit and 64bit mode (I needed to hack ./Configure for that, BTW). The
resulting
openssl x509 -hash
command prints out the exact same hash for both the 32bit and 64bit
versions.
HTH,
JJK / Jan Just Keijser
Nikhef
Amsterdam
--
openssl-dev mailing list
.
regards,
JJK / Jan Just Keijser
Nikhef
Amsterdam
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
engine_pkcs11). I have personal experience with
various usb hardware tokens from Feitian and Aladdin/SafeNet. The main
feature of such tokens is that indeed the private key cannot be exported
from the device.
hope this helps,
JJK / Jan Just Keijser
Hi,
r...@openssl.org via RT wrote:
And linux-x86_64 won't work here, since it uses some instructions not
supported by MIC.
But all x86_64 modules feature run-time switch, when processor
capabilities are detected [with cpuid] and code that can't be executed
on any particular
Hi,
r...@openssl.org via RT wrote:
And linux-x86_64 won't work here, since it uses some instructions not supported by MIC.
But all x86_64 modules feature run-time switch, when processor
capabilities are detected [with cpuid] and code that can't be executed
on any particular processor
bad but if you need to debug
it or if you need to cross-compile then it is (IMHO) an absolute nightmare.
I'd consider it a step backwards if openssl moved in the direction of
cmake.
JM2CW,
JJK / Jan Just Keijser
__
OpenSSL
before it is #days, anything after
it is time in HH:MM format
if arg contains no hyphen and no colon then it's the number of days
if arg contains no hyphen but it does contain a colon then #days = 0 and
the entire argument is a time in HH:MM format
suggestions?
JJK / Jan Just Keijser
Nikhef
then anything before it is #days, anything after
it is time in HH:MM format
if arg contains no hyphen and no colon then it's the number of days
if arg contains no hyphen but it does contain a colon then #days = 0 and
the entire argument is a time in HH:MM format
suggestions?
JJK / Jan Just Keijser
Nikhef
'-valid' to '-duration' .
I'll get back on this in mid August.
cheers,
JJK / Jan Just Keijser
Nikhef
Amsterdam
__
OpenSSL Project http://www.openssl.org
Development Mailing List
hi ,
attached is a minor patch to apps/x509.c. The patch allows the user to
specify the validity of a certificate in hours and minutes (next to
days). This is esp useful when creating grid/RFC3820 proxies which
typically have a duration of 12 hours.
regards,
JJK / Jan Just Keijser
hi ,
attached is a minor patch to apps/x509.c. The patch allows the user to
specify the validity of a certificate in hours and minutes (next to
days). This is esp useful when creating grid/RFC3820 proxies which
typically have a duration of 12 hours.
regards,
JJK / Jan Just Keijser
On 24/04/14 01:46, Peter Waltenberg wrote:
rpm -q --changelog openssl | grep CVE
AFAIU RedHat backports CVE's to the version of openssl included in RHEL5
(0.9.8e)
FWIW: this is the changelog from a Scientific Linux 5 box:
rpm -q --changelog openssl | grep CVE
- fix for CVE-2013-0169 - SSL/TLS
Hi Ralf,
Ralf Skyper Kaiser wrote:
Hi,
OpenSSL 1.0.1e 11 Feb 2013
$ grep bits openssl.cnf
default_bits= 4096
= Note that the default_bits are set to 4096.
$ openssl req -config openssl.cnf -nodes -newkey rsa -keyout
testkey.pem -keyform PEM -out testreq.pem -outform PEM
Perrow, Graeme wrote:
I'd like to add the ability for my (client) application to use the
Windows certificate store to verify a server's certificate during an
SSL handshake. I've created a callback and set it using
SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER, mycallback ). Inside that
callback,
see 'rsax' and 'gost' as available engines but I am quite certain that
they are not used unless I specify them on the command line OR if I load
them in my code using something like
ENGINE_load_builtin_engines();
HTH,
JJK
2013/3/22 Jan Just Keijser janj...@nikhef.nl mailto:janj
Hi Costas,
Costas Stasimos wrote:
Hello!
I'm currently using the cryptodev framework-engine with openssl-1.0.1e.
By run the command
# openssl engine -t
(cryptodev) cryptodev engine
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
we can see that the cryptodev
Hi,
saurav barik wrote:
Hello,
I am trying to implement TLS security (in the client side) over a UDP
connection. I have a parallel TCP connection(to the same server) over
which TLS is already done and it works fine. In the same session of my
application I am creating a UDP connection to the
patch-1.829645.14k68659.05k 119742.60k 169329.66k 183457.25k
For all 4 platforms the 11/5/2012 patch was the fastest.
I don't have an Atom based box to test it on.
share and enjoy,
JJK / Jan Just Keijser
150106.58k 183705.94k
197330.99k
version 1.8:
sha256 33560.42k73153.83k 121472.43k 167948.67k
180955.23k
all my tests were done using 'openssl speed sha256' , I'm unsure how you
did your testing.
cheers,
JJK / Jan Just Keijser
Jan Just Keijser wrote:
Andy Polyakov wrote:
I
modified the 'Configure' script to allow the compilation of a 32bit
version of openssl *with* the assembly routines.
What does it mean? Configure supports 32-bit builds *with* assembly as
it is. To build 32-bit version on 64-bit Linux, run
the sha256 patch be applied to the 64bit code base?
cheers,
JJK / Jan Just Keijser
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
, as done in the s_server.c code?
A more general question is where we can read up on all this :) ?
many thanks in advance,
JJK / Jan Just Keijser
__
OpenSSL Project http://www.openssl.org
Development
and hours e.g.
openssl x509 -valid 4:00
We use this patch to x509 to generate grid proxies from an Aladdin
eToken, using the openssl engine support.
regards,
Jan Just Keijser
System Integrator
Nikhef
Amsterdam
--- openssl-0.9.8d/apps/x509.c 2005-07-16 13:13:03.0 +0200
+++ openssl-0.9.8d
32 matches
Mail list logo