Dr. Henson,
I'm not understanding the code changes in your recent commit to the
OpenSSL_1_0_1-stable branch.
>From the associated commit comment: "To avoid multiple locks disable use of
>CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes."
But it looks as though the calls to "CRYPTO_w_[un]lock
I've discovered that having a trailing slash in an OCSP URL can cause
problems with MS-CAPI. This is a minimal patch to make the example
non-broken. I haven't added any additional text to the documentation
to explain this because all that was there in the first place was the
example. Please let me
On Mon, Dec 09, 2013, geoff_l...@mcafee.com wrote:
> Shouldn't the code read:
>
> if (!FIPS_mode())
> CRYPTO_w_[un]lock(CRYPTO_LOCK_RAND);
>
> Note the '!' operator.
>
Yes it should, sorry about that. Fixed now.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Co
On 09/12/13 23:34, Jeffrey Walton wrote:
Reference:
http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html
and http://openssl.6102.n7.nabble.com/Apple-are-apparently-dicks-td45512.html.
BL > ...and don't intend to fix their broken ECDSA suppor
Resubmitted (the first try I had the wrong mailing list, sorry):
Hello list,
the asn1parse application does provide a mechanism to enhance the output
by providing additional OID/string mappings. As of now it is not
possible to display the raw OIDs (without any name resolution done).
This is somet