Hi there!I am trying to create my own CA, but am having some small issues:I can
create the root CA, then an intermediate CA, both of these are linked correctly
in the certification path ie. it shows that Cert B was signed by Cert A, but
when I sign a certificate with the IA (Cert B) the signed
I'm compiling and linking dynamic library and adding both /DYNAMICBASE:NO and
/FIXED to LFLAGS in ms\ntdll.mak doesn't work for me. I've to add /FIXED to
this line
$(FIPSLINK) $(MLFLAGS) /map /fixed /base:$(BASEADDR) /out:$(O_CRYPTO)
/def:ms/LIBEAY32.def @ $(SHLIB_EX_OBJ) $(CRYPTOOBJ)
btw, you just have to do nmake -f ms\ntdll.mak install under openssl-fips,
it'll copy files to \usr\local\ssl\fips-2.0 in the correct file structure.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Compiling-openssl-fips-in-Windows-tp43439p47313.html
Sent from the OpenSSL -
From: Dave Thompson
Yes, the server has a custom root cert that isn't installed on this
machine. I am happy that the server cert is correct.
For testing that's okay, but I hope in real use you are verifying.
Otherwise an active attacker may be able to MITM your connections.
Production
On Tue, November 12, 2013 05:47, Alan Jakimiuk wrote:
Is there a way I can make all three linked?
this should be the default.
ie. Cert A-Cert B-Cert C in the certification path?
Any help would be appreciated
can you view the certificates?
openssl x509 -noout -text -in certfile
you should
On Tue, Nov 12, 2013, Alok Sharma wrote:
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
in OpenSSL, , do not properly consider timing side-channel attacks on a MAC
check requirement during the processing of
I've noticed what appears to be a bug in the OpenSSL 1.0.1e 586
assembly-optimized AES_cbc_encrypt function when encrypting data that is 1
block in length, but not an integral multiple of the block size. Specifically
it appears that when encrypting the partial-block tail, the block is XOR-ed
Two weeks ago Viktor Dukhovni wrote:
Actually, SHA-2 SHOULD NOT (yet) be used for signing certificates.
Many TLSv1 clients don't support SHA-2 and servers must present
SHA-1 certificates except when TLSv1.2 clients indicate SHA-2 support.
Fielding multiple certificates with different
We have a cross platform client application based on Trolltech/Nokia/Digia Qt
that uses a secure socket for JSON. It works perfectly well on OSX, and works
on most Windows installations. The libs libeay32.dll and ssleay32.dll are
located in the same directory as all the apps libraries.
Collected performance numbers using openssl speed for two copies of OpenSSL
1.0.1e,
one built as FIPS-capable, the other not, running on an ARMv6. I am having a
hard time
understanding the differences I observed and would appreciate any insight.
Non-FIPS Capable
# openssl speed aes
Type
On Wed, Nov 13, 2013, Vuille, Martin (Martin) wrote:
Collected performance numbers using openssl speed for two copies of OpenSSL
1.0.1e,
one built as FIPS-capable, the other not, running on an ARMv6. I am having a
hard time
understanding the differences I observed and would appreciate any
11 matches
Mail list logo