-#define HEADER_DES_H
+#ifndef HEADER_NEW_DES_H
+#define HEADER_NEW_DES_H
[...]
I think it would be better to use something like:
#ifndef HEADER_OPENSSL_DES_H
#define HEADER_OPENSSL_DES_H
No other module could use this protector unintentionally...
Bye
Goetz
--
Goetz Babin-Ebell, TC Trus
s intended...
So please have a look...
Bye
Goetz
--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
smime.p7s
Description: S/MIME Cryptographic Signature
ilar patch that worked as intended...
So please have a look...
Bye
Goetz
--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
smime.p7s
Description: S/MIME Cryptographic Signature
Hallo folks,
is the NISCC test suite that found the ASN.1 bugs in OpenSSL
somewhere available ?
We want to include it in our internal test environment...
Bye
Goetz
--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80
Hello Jostein,
Jostein Tveit wrote:
Goetz Babin-Ebell <[EMAIL PROTECTED]> writes:
is the NISCC test suite that found the ASN.1 bugs in OpenSSL
somewhere available ?
This was the answer I got when I contacted NISCC some days after the ASN.1
bug was discovered:
: NISCC has a policy o
const char *password =
((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password[0] != '\0')
+ if (password && password[0] != '\0')
return 1;
}
--
Goetz Babin-Ebell, software designer, TC TrustCenter AG
Sonninstr. 24-28, 20097 Hamburg, Germany
Office: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
www.trustcenter.de www.betrusted.com
smime.p7s
Description: S/MIME Cryptographic Signature
RTLD_GROUP
+ if (dso->flags & DSO_FLAG_GROUP_SYMBOLS)
+ flags |= RTLD_GROUP;
+#endif
ptr = dlopen(filename, flags);
if(ptr == NULL)
Bye
Goetz
{
--
Goetz Babin-Ebell, software designer,
TC TrustCenter AG, Sonninstr. 24-28, 20097 Hamburg, Germany
Off
another can of worms:
If the certificate expired before the CRL was issued
the revocation entry might be dropped from the CRL...
Any Ideas how to handle this ?
Bye
Goetz
--
Goetz Babin-Ebell, software designer,
TC TrustCenter AG, Sonninstr. 24-28, 20097 Hamburg, Germany
Office: +49-(0)40 80 80 26 -0
Hi Steve,
Dr. Stephen Henson wrote:
On Mon, Sep 13, 2004, Goetz Babin-Ebell wrote:
ther might be a problem in X509_verify_cert() (at least 0.9.7d):
if you set a verification time and
the CRL was not yet valid at this time,
the error X509_V_ERR_CRL_NOT_YET_VALID will be generated.
(see check_crl
Hi Steve,
Dr. Stephen Henson wrote:
On Tue, Sep 14, 2004, Goetz Babin-Ebell wrote:
I still would propose the following logic:
a) CRL is valid (regarding issuance time)
if thisUpdate >= checkTime and thisUpdate <= now.
b) CRL is considered to be able to deliver revocation
informat
Hi Steve,
Dr. Stephen Henson wrote:
On Wed, Sep 15, 2004, Goetz Babin-Ebell wrote:
Would something like the attached patch be acceptable ?
(please ignore versin info in the diff)
This patch also adds checking of the revokation time against the checkTime
I'm not sure about that last bi
LL_PREFIX}/doc/openssl
fi
[...]
function create_cygwin_readme()
{
if test -d ${INSTALL_PREFIX}/usr/share/doc
then
README_DIR=${INSTALL_PREFIX}/usr/doc/Cygwin
else
README_DIR=${INSTALL_PREFIX}/usr/share/doc/Cygwin
fi
[...]
Bye
Goetz
--
Goetz Babin-Ebell, software designer,
TC TrustCenter
Hi,
Goetz Babin-Ebell wrote:
Hello Richard,
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Tue, 28 Sep
2004 11:55:56 +0200, Corinna Vinschen <[EMAIL PROTECTED]> said:
vinschen> would some kind person from the core developer team mind to
vinschen> apply t
it / _signUpdate / SignFinal,
but that requires more work...
Bye
Goetz
--
Goetz Babin-Ebell, software designer,
TC TrustCenter AG, Sonninstr. 24-28, 20097 Hamburg, Germany
Office: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
www.trustcenter.de www.betrusted.com
diff -ur openssl-SNAP-20040
Hello Mathias,
Mathias Brossard wrote:
On Tue, 2004-10-05 at 17:44, Goetz Babin-Ebell wrote:
PKCS7_sign() has the disadvantage that all signed data must be
kept in memory.
[...]
/* we got the digest of the data,
now create a PKCS#7 detached signed object... */
p7 = PKCS7_signHash(signer, key
Hello Steve,
Dr. Stephen Henson wrote:
On Wed, Sep 15, 2004, Goetz Babin-Ebell wrote:
Dr. Stephen Henson wrote:
On Tue, Sep 14, 2004, Goetz Babin-Ebell wrote:
I still would propose the following logic:
a) CRL is valid (regarding issuance time)
if thisUpdate >= checkTime and thisUpdate <=
Hello,
is there a special reason that openssl ca has only
functionality to copy the emailAddress from the subject name
to the subjectAltName extension ?
Or would something like the attached patch acceptable ?
This patch extends the syntax of the subjectAltName entry
of the config file section with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dr. Stephen Henson wrote:
Hello Steve,
did you see some pigs flying around your house ? ;-)
| Log:
| Nothing to see here... move along
Goetz
- --
DMCA: The greed of the few outweighs the freedom of the many
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tanguy Fautré wrote:
| Hi,
|
| Using OpenSSL 0.9.8j via LibCurl 7.19.5, we've discovered some random
crashes and deadlocks that,
| after further investigations, led us to a call to RAND_screen() from
LibCurl.
|
| Two things puzzles me about the implem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
omronz wrote:
| hmm, so you mean that these are function call statements? or is it a
function
| prototype? Yes, i was aware about the data type of the function prototype,
| but since I never tried OpenSSL before, so i just try and see the
error is.
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill Schoolfield wrote:
| Hello,
Hello Bill,
| I have a legacy app that I converted to use ssl encryption. I have
| everything working, except server authentication.
|
| I'm trying to test the host name in the server's cert post
| handshake. Using:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chaitra Shankar wrote:
| So I wanted to know whether there is a way to load CA certificates
| in DER format using any SSL APIs.
| My search till now for such an API has been unfruitful.
Yes, directly loading DER encoded certificates into an SS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
suneel musunuru wrote:
... another question that belongs to openssl-users...
| My Server program has been implemented using the method
| "SSLv23_method()" . So, by using this method my expectation is to accept
| connections from TLS1, SSLv2 and SSLv
_entry(pX509Name, pX509NameEntry, 1, 1);
/* Setup Organisation */
X509_NAME_ENTRY_create_by_NID(&pX509NameEntry,
NID_organizationName,V_ASN1_PRINTABLESTRING,
(unsigned char *) "ACME", 4);
Use the source, Luke... (crypto/x509/x509name.c)
By
Goetz
--
Goetz Babin-Ebell
vsprintf(hugebuf,format,args);
#endif
ret=BIO_write(bio,hugebuf,strlen(hugebuf));
va_end(args);
return(ret);
}
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Center GmbHhttp://www.trustcenter.de
Sonn
d fix BIO_printf() to truncate the data at the
end of the buffer...
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
_
rtificates from
this store.
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
At 08:00 11.01.00 +0200, Arne Ansper wrote:
>
>
>> So any preferences or alternative suggestions?
>
>peek for iget and copy for rget
peek is OK.
copy is bad, suggesting you get a independent copy you can modify.
link(ed) ?
By
Goetz
--
Goetz Babin-Ebell, TC Trus
O *bp,int cmd,long larg,int (*cb)());
Is not nice, requires changing of some structures but seems to be the
best save way...
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80
, &p);
retval = i2d_SSL_SESSION (ssl_session2, &p);
...
>> if (!retval)
>> return (-1);
>> printf ("Session len : %d value : %s\n", retval, buf);
buf contains binary data (DER encoded session data),
printing it to terminal won't produce hu
181
#define OBJ_domainComponent OBJ_pilotAttributeType,25L
(from:
ccitt OBJECT IDENTIFIER ::= {0}
data OBJECT IDENTIFIER ::= {ccitt 9}
pss OBJECT IDENTIFIER ::= {data 2342}
ucl OBJECT IDENTIFIER ::= {pss 19200300}
pilot OBJECT IDENTIFIER ::= {ucl 100}
pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
client key :
passphrase:
> In any case, this would probably become a new directory under crypto/,
> don't you think? crypto/ui/?
1+
> [it should be plain visible that I was a bit inspired from the
> HWCryptoHook stuff :-)]
Perhaps a list of required user interactions could
Richard Levitte - VMS Whacker wrote:
Hallo Richard,
> From: Goetz Babin-Ebell <[EMAIL PROTECTED]>
> gbe> 1. InsertString: ask the user for a string
> gbe> 1.1InsertPass: special case: ask for a passphrase
> gbe> (1.2 InsertFile: special case:
Richard Levitte - VMS Whacker wrote:
Hallo Richard,
> From: Goetz Babin-Ebell <[EMAIL PROTECTED]>
> gbe> Richard Levitte - VMS Whacker wrote:
> gbe> Agree,
> gbe> but a seperate function for user autentification would be good...
>
> Exactly what do you mean
nk line should have been:
/usr/local/bin/gcc client.o infernet_c_connect.o infernet_c_disconnect.o
\
infernet_c_receive.o infernet_c_send.o infernet_ssl_c_connect.o \
infernet_ssl_c_setup.o \
-o client -L/usr/local/ssl/lib -g -lssl -lcrypto -lxnet
Must be somewhere in the GCC FAQ...
By
G
Error 1
make can't find it.
check your PATH...
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
300L,100L,1L,25L
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
__
of abstraction, have we? Is
> there a better way? Config files? External programs?
something like
[ENGINE_ENTRY_xyz]
ctrl_0 = 1234,LONG:42
ctrl_1 = 0xff,DATA:
[...]
resulting in something like:
...
ENGINE_ctrl(engine,1234,42,0,0);
ENGINE_ctrl(engine,0xff,0,data,0);
...
By
Goet
Dr S N Henson wrote:
> The idea behind this is that a simple engine aware application could
> then just call ENGINE_load_config("filename.cnf") and forget about any
> other details.
Would carve the way to store the engine configuration in stone...
By
Goetz
--
Go
ot cert needs an own serial number !
(but this is a wise decission anyway...)
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26
Mats Nilsson wrote:
> Goetz Babin-Ebell <[EMAIL PROTECTED]> wrote:
> >You can generate a new root certificate and use it to
> >sign the new CRL which lists the old root certificate as revoked...
>
> I'm not sure one should recognize the new root ca to be a leg
as a CRL, where it can publish the revokation
of the old root cert of the old CA.
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)4
Peter Gutmann wrote:
>
> Goetz Babin-Ebell <[EMAIL PROTECTED]> writes:
>
> >Everybody can issue a CRL.
>
> Only a CA with CRL signing enabled can issue a CRL.
Everybody who can generate a certificate with the propper flags
can generate a CRL.
But he has to find
SA_PKCS ( PKCS#11) algoritm. To decrypt sign with
Please read the PKCS#11 standard more carefully.
CKM_RSA_PKCS is RSA with PKCS#1 (V1.5) padding...
How do you calculate the digest with PKCS#11, how do you verify the
result
with OpenSSL ?
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://w
yptUpdate()
}
EVP_EncryptFinal()
> It seems to work good only with some sizes of data blocks.
> Our question;
Only for small blocksizes...
(Meaning: one loop...)
> Encrypt Init has to be called every time we call EncyptUpdate?
No It has te be called once to generate the symetric key..
Prashant Kumar wrote:
Hello Group,
Hello Prashant,
The workaround of freeing s3->rbuf and s3->wbuf after the handshake is
complete and after SSL_read, SSL_write, SSL_shutdown and so on returns
success really seems to work. I have tested it running openssl as a SSL
client and as a server. Taking
Richard Levitte - VMS Whacker wrote:
OpenSSL version 0.9.8 Beta 1
There is still an old bugfix about some potential memory leaks
in crypto/pkcs7/pk7_smime.c that I sent last year.
New version of patch attached...
Bye
Goetz
--
DMCA: The greed of the few outweighs the freedom of the many
Index: cry
Hello Nils,
Nils Larsch wrote:
Goetz Babin-Ebell wrote:
Richard Levitte - VMS Whacker wrote:
OpenSSL version 0.9.8 Beta 1
There is still an old bugfix about some potential memory leaks
in crypto/pkcs7/pk7_smime.c that I sent last year.
New version of patch attached...
patch applied.
TNX.
By the
Richard Levitte - VMS Whacker wrote:
OpenSSL version 0.9.8 Beta 4
Would it be possible to remove the annoying compiler warning
about the deprecated gcc option -m486 by replacing
-m486 with the new -march=i486 in configure and TABLE ?
(an possible patch is in TT#
Nils Larsch wrote:
Hello Nils,
OpenSSL CVS Repository
http://cvs.openssl.org/
Modified files:
openssl Configure TABLE
Log:
replace the deprecated "-m486" gcc option with "-march=i486"
Nils Larsch wrote:
Goetz Babin-Ebell wrote:
(BTW: I still get an out of memory in bn_test if I build
OpenSSL with efence on linux... :-( )
I thought the problem was in ectest ? It's on my todo list
but it's not really trivial to resolve (well one could disable
the e
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Wed, 29 Jun 2005 06:42:59 +0200, Karsten Ohme
<[EMAIL PROTECTED]> said:
widerstand> will there be some day, when the the OpenSSL source code
widerstand> is documented in a some way? In all source files,
widerstand> explanati
[EMAIL PROTECTED] wrote:
Hi,
Hello Mike,
The problem is that calling the
d2i functions with a length of 0 somehow corrupted
my TLS connection and I would get protocol errors
that required shutting down the connection. Note
that the RSA and DSA objects are in no way connect-
ed to the TLS conn
Richard Levitte - VMS Whacker wrote:
OpenSSL version 0.9.7i released
===
OpenSSL 0.9.7h caused crashes when the shared libcrypto was
upgraded. This release fixes that problem. For those who want
or have to stay with the 0.9.7 series of OpenSSL inst
Dharmesh Vyas wrote:
Hello Group...
Hello Dharmesh Vyas,
(1) If I run the tests and perform 'make report', the output generated
shows 'Test passed.' But from the log file i found that in the section
[...]
and there are a few of this types which shows the same ERROR in CLIENT,
Is this erro
[EMAIL PROTECTED] via RT wrote:
In the rt now is a new patch for openssl HEAD (of 20051108)
that handles the subjectAltName generation.
This patch allows users to set all types of generalNames
from data provided in the DN of the request.
Bye
Goetz
--
DMCA: The greed of the few outweighs the f
Hallo,
this patch has 2 changes for s_client:
* It adds the command line param -Verify to terminate the
ssl handshake if peer verify fails.
* It adds the additional flag "manual" to the param -starttls,
giving the complete initial handshake in user hands,
For example exim4 needs at least th
Pavel Gorshkov wrote:
Some SMTP servers require a HELO/EHLO command before a STARTTLS,
e.g.:
[...]
The attached patch (against openssl-0.9.8a) adds the `-ehlo'
option to s_client:
-ehlo hostname - use the EHLO smtp command before issuing STARTTLS
(to be used in conjunction w
Pavel Gorshkov wrote:
On Sat, Dec 31, 2005 at 04:26:46PM +0100, Goetz Babin-Ebell wrote:
This patch solves only smtp.
But there are many more protocols using STARTTLS
Has anybody thought about a plugin interface or a different way
to handle the startup ?
I agree that it would be better to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dr. Stephen Henson schrieb:
> patch -p0 <<'@@ .'
> Index: openssl/CHANGES
>
> $ cvs diff -u -r1.1342 -r1.1343 CHANGES
> --- openssl/CHANGES 18 Jul 2006 12:36:17 -00
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Richard schrieb:
> hi all,
Hello Richard,
> i'm thinking this needs "big brain" attention on the dev list ...
No.
It doesn't
> i've 0.9.8b built from src on OSX 10.4.7.
>
> when i test the server's install with:
>
> % openssl s_client -conne
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nils Larsch schrieb:
Hello Nils,
> Server: cvs.openssl.org Name: Nils Larsch
> Root: /v/openssl/cvs Email: [EMAIL PROTECTED]
> Module: openssl Date: 29-Nov-2006 21:54:57
> Bra
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nils Larsch schrieb:
> Moin Goetz,
Moin Nils,
> Goetz Babin-Ebell wrote:
> ..
>>> Index: openssl/crypto/bio/bio.h
>>>
>>>
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Ralf,
via RT wrote:
> [EMAIL PROTECTED] ~]$ openssl s_client -connect mail.buu.ch:25
> -starttls smtp -debug
[...]
I have a patch for s_client which allows arbitrary (textual) handshake
before the TLS handshake starts...
If somebody is int
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kurt Roeckx wrote:
> On Sat, Dec 16, 2006 at 08:03:43PM +0100, Goetz Babin-Ebell wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> via RT wrote:
>>> [EMAIL PROTECTED] ~]$ openssl s_client -connect mail.buu.ch:25
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Richard,
Richard Levitte - VMS Whacker wrote:
> In message <[EMAIL PROTECTED]> on Thu, 15 Feb 2007 10:34:23 -0800,
> Kees Cook <[EMAIL PROTECTED]> said:
>
> kees> 3 years ago, I wrote a patch[1] (and did the TSU[2]) for adding
> kees> these fea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lutz Jaenicke wrote:
> Goetz Babin-Ebell wrote:
[...]
>> * in SMTP doing a STARTTLS without previous EHLO
>> will return a
>> 503 STARTTLS command used when not advertised
>> * in IMAP doing a STARTLS requires a
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Lutz,
Lutz Jaenicke wrote:
> Goetz Babin-Ebell wrote:
>> Lutz Jaenicke wrote:
>> [...]
>> Do you want something like the attached patch ?
>> (untested, I'm off to bed...)
> Ok, I have reworked this section as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Lutz,
why not...
Lutz Jaenicke wrote:
> patch -p0 <<'@@ .'
> Index: openssl/crypto/rand/rand_lib.c
>
> $ cvs diff -u -r1.16 -r1.17 rand_lib.c
> --- openssl/c
--On May 22, 2007 16:01:41 -0700 Richard Kao <[EMAIL PROTECTED]>
wrote:
Hope someone can help me understand the validity date and time format of
x509.
For example, when connecting to https://401k.fidelity.com/, my IE shows
it's cert validity is
Valid from: August 30, 2006 5:00:00 PM
Valid t
--On Jun 12, 2007 18:28:49 +0200 Nanno Langstraat <[EMAIL PROTECTED]> wrote:
v2 of the SHA save patch.
Is there a special reason to limit it to SHA ?
Why not a EVP_MD_CTX_{load|save} ?
Goetz
--
DMCA: The greed of the few outweights the freedom of the many
pgpFVb5vOyptj.pgp
Description: PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Sierchio wrote:
| robert2007 wrote:
|> I noticed that using RSA with OpenSSL places a 117 character limit when
|> encrypting messages. Would anyone happen to know the reason for this?
|
| 1) It doesn't
|
| 2) Do you mean with a 1024-bit modul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Sierchio wrote:
| Goetz Babin-Ebell wrote:
|
|> RSA has some weaknesses against chosen plain text attacks.
|
| Anyway, why would someone use RSA for encryption? ;-)
... because they don't know what they are doing ? ;-)
(that's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Erik de Castro Lopo schrieb:
| Theodore Tso wrote:
|
|> On Thu, May 15, 2008 at 11:09:46AM -0500, John Parker wrote:
|>> What I was hoping for was a -DNO_UNINIT_DATA that wouldn't be the
|>> default, but wouldn't reduce the keyspace either.
|> -DPURIF
UFoIj
iTdOu8dWlWVzyF5k60RGCt/SC/x4nqr0O5QmxbcOFvc/7srlmvQEJzSkuS+KH3gC
pU2rQftSPGmJKKdwS8DYPplO+a5X2TLMM1tEjfR52pV4LxKujWDRlXQMBQ8kfQSq
hxSuKH4RP3oO/nrB50f3eDMpoyyl3H0T0xlh+AJbSt0cxZlaR+UrOQkjsXPnLbI2
FfZVUJw5/oQqixXWX4U2NE//Tcb0CSKewYvFF1LVwk6ifGMigRIdhA==
=zWEO
-END PGP SIGNATURE-
-
in the c files:
#ifdef HAS_INT_64
code for 64 bits
#else
code for 32 bits
#endif
This way we are allways shure about the sizes of the used data
But most:
We really should use it...
By
Goetz
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Center for Security
alse 0
typedef signed long longSInt64;
typedef unsigned long long UInt64;
#endif
#endif /* ossize_H */
Any comments / additions ?
By
Goetz
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Center for Security
o define it at all...
By
Goetz
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Center for Security http://www.trustcenter.de
in Data Networks GmbH Tel.: +49-40-766 29 3301
Am Werder 1 / 21073 Hamburg / Germany
-WIN32 no-asm debug dll >ms\ntdbgdll.mak
perl util\mk1mf.pl VC-WIN32 no-asm debugbc >ms\ntdbgbc.mak
rem perl util\mk1mf.pl VC-WIN32 no-asm debugbc dll >ms\ntdbgbcdll.mak
perl util\mk1mf.pl VC-WIN32 no-asm multithread >ms\nt.m.mak
rem perl util\mk1mf.pl VC-WIN32 no-asm multithread dll
>ms\ntdll.m.mak
perl util\mk
nal
>> ben> beta
>>
>> I assume "final" means "release"...
>
>Yes, 0 for beta, 1 for release. 2-f could be used for something else,
>but I can't think what :-)
2 for next beta,
3 for a interim release,
4 for the betas based on 3
...
By
only.
Given the paths of the files this would be simple...
By
Goetz
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Center for Security http://www.trustcenter.de
in Data Networks GmbH Tel.: +49-40-766 29 3301
Am Werder 1 / 21073 Ham
BYNAME);
> return(ret);
> }
By
Goetz
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Center for Security http://www.trustcenter.de
in Data Networks GmbH Tel.: +49-40-766 29 3301
Am Werder 1 /
/* else add to cache */
if (ghbn_cache[lowi].ent != NULL)
By
Goetz
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Center for Security http://www.trustcenter.de
in Data Networks GmbH Tel.: +49-40-766 29 3301
Am Werder 1 /
se callback in the "old way". Anything that wants to pass
>parameters to the callback can replace the default_pem_callback() and
>interpret the 'x' parameter in any appropriate way.
>
>This does however lose typechecking of the 'x' parameter and is a bit
r
>to EVP_PKEY instead.
But this way you couldn't do
PKey = PEM_read_PrivateKey(fp,NULL,cb)
and let PEM_read_PrivateKey() handle the allocation for you
By
Goetz
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Center for Security http://www.trustcenter.de
in Data N
s security by obscurity.
When information has only local meaning,
why include it in the certificate at all ?
In your local environment it is simple to create a lookup from
certificate to Title ("Project Manager...)
By
Goetz
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
t directory directores like
./i486-linux-gnu ./i486-linux-gnu-dbg ./sparc-solaris ./sparc-solaris-dbg
./i486-winnt ./i486-winnt-dbg ./i486-winnt-dbgbc ...
for M$ it is there but not for *nix
By
Goetz
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Cent
E:peer did not return a certificate
>[Hint: No CAs known to server for verification?]
You must specify a list of CA certificates.
Only if Netscape has a client certfificate signed by
one of the certificates in the list,
it will send a client certificate...
Should be in the FAQ...
By
Goetz
--
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
90 matches
Mail list logo