[openssl-dev] PR 2351: Place ticket keys into secure memory

vdukhovi wrote: I don't think this change is useful at present. Most applications run with a single context for the lifetime of the process, so this makes no difference. We (perhaps I) first need to implement automated key rotation, and only then do I think it make sense to worry about

Re: [openssl-dev] TLSv1.3 draft 19 support

Thanks Matt! -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Mar 16, 2017, at 10:35 AM, Matt Caswell > wrote: All, I have just pushed to master the updates necessary for

Re: [openssl-dev] verify depth behavior change from 1.0.2 to 1.1.0?

Ben Kaduk: Do we know the values that are being passed to SSL_CTX_set_Verify_depth() match the -verify_depth argument, or do they differ? If they differ, do identical arguments to the function behave the same in 1.1.0 and 1.0.2? Viktor: What we’re getting at here, is that this appears to be a

Re: [openssl-dev] Compiler requirements

I think it’s more a matter of using new features in C11 that preclude compilation on older platforms, rather than the use of a C11 compiler itself. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Jul 4, 2017, at 1:34

Re: [openssl-dev] 90-test_secmem.t hangs the machine for good

Blumenthal, Uri - 0553 - MITLL >>> <u...@ll.mit.edu <mailto:u...@ll.mit.edu>> wrote: >>> >>> I’m tracking the current OpenSSL master only on El Capitan 10.11.6. I could >>> try it on Sierra 10.12.4, if you really expect it to make a difference

Re: [openssl-dev] 90-test_secmem.t hangs the machine for good

three if by the Internet." > On May 12, 2017, at 4:50 PM, Short, Todd via openssl-dev > <openssl-dev@openssl.org> wrote: > > Uri: > > Look at https://github.com/openssl/openssl/pull/3455 > <https://github.com/openssl/openssl/pull/3455> > > I limited th

Re: [openssl-dev] 90-test_secmem.t hangs the machine for good

It’s trying to reserve 1<<34 bytes of memory… there goes your 16GB... -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." > On May 12, 2017, at 4:05 PM, Blumenthal, Uri - 0553 - MITLL > wrote: > > Todd> Yes, it’s likely this is due

Re: [openssl-dev] 90-test_secmem.t hangs the machine for good

sea, three if by the Internet." > On May 12, 2017, at 4:46 PM, Short, Todd via openssl-dev > <openssl-dev@openssl.org> wrote: > > It’s trying to reserve 1<<34 bytes of memory… there goes your 16GB... > -- > -Todd Short > // tsh...@akamai.com <mailto:tsh...@ak

Re: [openssl-dev] 90-test_secmem.t hangs the machine for good

Yes, it’s likely this is due to the amount of memory available in the machine. I tried to use reasonable values, but apparently not reasonable enough. This is certainly a case where we’re trying to stretch the limits of the hardware; so it may not be an appropriate test for all hardware. In

Re: [openssl-dev] 90-test_secmem.t hangs the machine for good

MLOCK_ONFAULT is a Linux-only feature (hence the need to include wrapped by OPENSSL_SYS_LINUX. So, you should not be encountering any MLOCK_ONFAULT or issues on MacOS. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." > On May 15, 2017, at 1:51

Re: [openssl-dev] X509_cmp_time (possible) bug

Yes, it’s annoying, but it’s historic. I looked into changing this at one point. I recommend using ASN1_TIME_cmp_time_t() (from the master branch) instead, for the results you are expecting. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if

Re: [openssl-dev] X509_cmp_time (possible) bug

o if by sea, three if by the Internet." On Sep 11, 2017, at 10:43 AM, Daniel Kahn Gillmor <d...@fifthhorseman.net<mailto:d...@fifthhorseman.net>> wrote: On Mon 2017-09-11 14:16:11 +0000, Short, Todd via openssl-dev wrote: Yes, it’s annoying, but it’s historic. I looked into changing