Hi,
Our library uses OpenSSL(v 0.9.8k) in multithreaded environment. Recently I
observed memory leak resulting from not calling ERR_remove_state().
After reading the documentation of this function, I see that
ERR_remove_state should be called when a thread exits. Since we are using
OpenSSL within
I've figured this out. Just needed to disable cert verification in
addition to using aNULL cipher.
SSL_CTX_set_verify( mpSslContext, SSL_VERIFY_NONE, NULL );
Sorry for the spam.
On Wed, May 26, 2010 at 7:20 PM, Dallas Clement
wrote:
> One small piece of additional info: I'm trying to avoid th
On Wed, May 26, 2010 at 07:20:12PM -0500, Dallas Clement wrote:
> One small piece of additional info: I'm trying to avoid the use of
> any certificates. Is that even possible with OpenSSL?
Yes. If both server and client support aNULL ciphers, and list these
above any other ciphers, or the serve
Hello All,
Is there a function that translates certificate verify return codes?
#define X509_V_OK 0
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT2
#define X509_V_ERR_UNABLE_TO_GET_CRL3
...
Just wonderi
One small piece of additional info: I'm trying to avoid the use of
any certificates. Is that even possible with OpenSSL?
On Wed, May 26, 2010 at 6:34 AM, Dallas Clement
wrote:
> Hi Patrick,
>
> I had first tried doing it at run-time, and it didn't seem to work.
>
> SSL_set_cipher_list( mpSsl,
Chuck Pareto wrote:
> if my public key is 256 bytes long, what is the max length
> of the string I can use to encrypt? Is it 256?
If the output is exactly 256 bytes, there are (in theory) 2^(256*8) possible
outputs. That means there can be at most 2^(256*8) possible inputs. There
are more than
Rusty Carruth wrote:
> I would have thought that OPENssl, for which I have the source, would
> have met the requirements to use the _GPL symbols in the kernel.
The requirement is that the module claim that it is available under the GPL
by containing a specific license declaration. You can fix thi
if my public key is 256 bytes long, what is the max length of the string I
can use to encrypt? Is it 256?
Hi,
How do I check in my code, if a certificate is revoked or not?
>From what I googled :
The x509 certificate contains set of CRL distribution points, ie set of urls.
We need to download the crl list .
Crl list contains serial numbers of certificates revoked and the date in which
they were revok
Hi Darryl,
--- On Wed, 5/26/10, Darryl Miles wrote:
> From: Darryl Miles
> Subject: Re: BIO_f_zlib() / gzip Format
> To: openssl-users@openssl.org
> Cc: "Doug Kehn"
> Date: Wednesday, May 26, 2010, 6:03 AM
>
>
> I have to now ask, how are you using the
> raw/original/verbatim GZIP single fil
Hi Patrick,
I had first tried doing it at run-time, and it didn't seem to work.
SSL_set_cipher_list( mpSsl, "aNULL" );
I then modified ssl.h as follows:
#define SSL_DEFAULT_CIPHER_LIST "aNULL:eNULL" /* low priority for RC4 */
In both cases, I'm getting this error on the server end:
I think the FAQ point is trying to highlight that the GZIP format as-is
was designed for single file compression (a "compress" replacement). So
therefore the extra tiny header at the start of the GZIP data that you
find in *.gz files is not necessary for zlib and streaming compressors.
Also
Thanks guys. It worked for me !!
- Kunal
On Wed, May 26, 2010 at 6:51 AM, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of ~ Kunal Sharma
> ~
> > Sent: Tuesday, 25 May, 2010 10:02
>
> > I guess I need to supply the iv in hex format. Is it as simple as
On Tue, May 25, 2010 at 19:09, Carruth, Rusty wrote:
> Should I send this request to the developers list rather than here?
>
> If so, I'll be happy to do so...
>
> In any case, the short version is: I cross-compiled openssl for target
> xscale, and could not load the kernel module because some of
Hi,
Before I go nuts with all kinds of different tries to solve the
problem, I better ask the experts!
I'm on Debian Lenny, trying to install OpenSSL1.0.0 - have done it on
a machine just like it, but can't compile on this one. I've
tried./config with and without -fPIC and with and without share.
Hi Dallas,
> -Original Message-
> From: Dallas Clement
>
> Just wondering what the best way to turn off authentication is. I'm
> wanting to do so for testing purposes. Would someone please advise?
just configure "aNULL" (see ssl.h) for your ciphersuites on both endpoints.
That way only
Should I send this request to the developers list rather than here?
If so, I'll be happy to do so...
In any case, the short version is: I cross-compiled openssl for target
xscale, and could not load the kernel module because some of the symbols
(e.g. crypto_register_alg) apparently because they
Hello,
We have a firewall acting as a reverse proxy(server) doing SSL offload and we
are seeing a memory leak in x509_name_ex_new.
We are using OpenSSL 0.9.8l and we ran the OpenSSL's builtin memory leak
checker, dumped the results using CRYPTO_mem_leaks_fp and found several leaks
reported, one
18 matches
Mail list logo