All the necessary bits are in place to make this possible,
they just never got wired up. With this, for instance, when
you use the 'verify' sub-command to verify a certificate
chain with '-purpose sslserver', error 28 will occur if the
root cert is not trusted for X509_TRUST_SSL_SERVER. This
matche
On Thu, 2015-01-15 at 04:52 -0800, Adam Williamson wrote:
> If anyone can point out what I'm missing I'd be very grateful :)
So I think I may actually know more or less what's going on, now.
Passing -purpose to `verify` seems to really enable only *purpose*
checking. It doesn't actually enable
> On Jan 15, 2015, at 3:41 AM, Jeffrey Walton wrote:
>
> According to the man pages on EVP_DigestVerifyFinal
> (https://www.openssl.org/docs/crypto/EVP_DigestVerifyInit.html):
>
>EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for
>success and 0 or a negative value for fail
Via our nginx config, we've been supporting TLSv1 with the following
ciphers: AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5
On Thu Jan 15 2015 at 9:00:36 AM Eric R. wrote:
> Thanks Matt. Would you have any guess as to why this is happening so
> frequently all of a sudden and disrupting traff
Thanks Matt. Would you have any guess as to why this is happening so
frequently all of a sudden and disrupting traffic? It seems strange that
it's so intermittent and only some users have the problem repeat for them.
On Thu Jan 15 2015 at 6:30:56 AM Matt Caswell wrote:
>
>
> On 15/01/15 05:03, E
Whew, that was a long title!
Hi, folks. I'm a Fedora QA person who's been poking at SSL stuff as a
sort of sideline lately; please don't give me too much credit for my
email address, I'm not one of RH's official security / SSL folks, so
please be gentle when I'm wrong ;)
This is all with OpenS
On 15/01/15 05:03, Eric R. wrote:
> For the past week I've been noticing many entries like this in our nginx
> error logs:
>
> SSL_do_handshake() failed (SSL: error:1408A0D7:SSL
> routines:SSL3_GET_CLIENT_HELLO:required cipher missing) while SSL
> handshaking
>
> What does the error "required c
On Thu, Jan 15, 2015 at 05:46:22AM -0500, jone...@teksavvy.com wrote:
> On Tue, 13 Jan 2015 21:33:49 -0500
> "jone...@teksavvy.com" wrote:
>
> > So basically every app that uses libssl will have to be modified to
> > add a FIPS_mode_set() call near the beginning. Is that right ?
>
> Is there a
On Tue, 13 Jan 2015 21:33:49 -0500
"jone...@teksavvy.com" wrote:
> So basically every app that uses libssl will have to be modified to
> add a FIPS_mode_set() call near the beginning. Is that right ?
Is there a way to automatically have the FIPS test executed when an
application loads the libra
According to the man pages on EVP_DigestVerifyFinal
(https://www.openssl.org/docs/crypto/EVP_DigestVerifyInit.html):
EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for
success and 0 or a negative value for failure...
I have an unexplained failure in EVP_DigestVerifyInit (i.e
On Jan 14, 2015 10:14 PM, "Steven Kneizys" wrote:
>
> Just my opinion ... but ...
>
> While nasm is the only supported assembler, I have been able to get masm
to work but I often have to tweak the perl code a bit. Every few months I
have been testing and reporting my findings to the openssl-dev g
11 matches
Mail list logo
