Hi Matt,
Thank you for the response. I have attached the certificates details. My
apology I am not supposed to share the certificates. We are not using
X509_VERIFY_PARAM_xxx
API's. We are using 4 certificates with the device.
1. Root CA- Baltimore CyberTrust Root
2. Intermediate CA-1 - Microsoft
Thanks all for your feedback!
I asked for mainstream use-cases for algorithms whose removal could cause
widespread pain. Some individual users, undoubtedly, will be hit by this,
and I acknowledge that they may not be reading this list. But I wanted to
know if I'd missed something endemic. I also
On Mon, Nov 16, 2015 at 04:51:10PM +0100, Emilia Käsper wrote:
> As for specific deprecation strategies:
> - Don't forget that all applications will have to recompile against 1.1.
The EVP_get_cipherbyname() and EVP_get_digestbyname() interfaces
remain, so nothing changes at compile-time. Most
On 16/11/2015 16:51, Emilia Käsper wrote:
Thanks all for your feedback!
I asked for mainstream use-cases for algorithms whose removal could
cause widespread pain. Some individual users, undoubtedly, will be hit
by this, and I acknowledge that they may not be reading this list. But
I wanted
Hi,
I am seeing crashes in OpenSSL 1.0.2d when using it with the FIPS 2.0.10
object module.
Apparently the size of
struct ec_group_st
(in crypto/ec/ec_lcl.h) differs between 1.0.1 and 1.0.2, since
BN_MONT_CTX *mont_data; /* data for ECDSA inverse */
has been added to it.
The FIPS module
One more time,
I know that someone, somewhere is probably using any given feature of
OpenSSL. I am looking to gather information about concrete, actively
maintained applications that may be using one of those algorithms, to build
a more complete picture.
If you are aware of a concrete use of MD2
Could it be because your CA-2 has the following: Extended Key Usage - Client
Authentication, Server Authentication?
Some fields that in general only apply to end certificates, e.g. name
constraints, when used in a CA certificate, are interpreted as constraints on
the certificates that can be
On 16 November 2015 at 19:05, Hubert Kario wrote:
> Example: CAdES V1.2.2 was published in late 2000, the first serious
> attacks on MD2 were not published until 2004. I think it is not
> unreasonable for CAdES-A documents to exist today which were originally
> signed with MD2
Probably not, that constraint is satisfied since this is SSL/TLS and the
end cert has that same EKU.
On 16/11/2015 22:37, E T wrote:
Could it be because your CA-2 has the following: Extended Key Usage
- Client Authentication, Server Authentication?
Some fields that in general only apply to
At most one of CA-1 and CA-2 would be part of the chain from Baltimore
to the end cert.
However your end cert (apparently for hosted Sharepoint services) was
issued by a 3rd MSIT CA that was not provided. If it wasn't provided to
the code either, the chain would not validate for that reason
On 16/11/15 15:51, Emilia Käsper wrote:
> Thanks all for your feedback!
>
> I asked for mainstream use-cases for algorithms whose removal could
> cause widespread pain. Some individual users, undoubtedly, will be hit
> by this, and I acknowledge that they may not be reading this list. But I
>
Ø If you are aware of a concrete use of MD2 or any of the other algorithms,
please let us know!
Also, note that we have an extended alpha and-beta test period, so we can add
things back if mistakes are made.
/r$
___
openssl-users
On 16/11/15 06:52, Jayalakshmi bhat wrote:
> Hi Victor,
>
> Thanks a lot for details explanation.
>
> Our device acts as TLS/SSL client. The device receives chain of
> certificates as part of SSL handshake, when it is trying to get
> connected to TLS/SSL server like sharepoint 365.
>
>
Anybody able to help?
Thanks
Dirk
On 10.11.2015 17:09, Dirk Menstermann wrote:
> Hi,
>
> I'm using openssl 1.0.2 (as web server application) and utilize the APLN
> callback to react on protocols offered by the client. In this callback I need
> a
> way to get the list of ciphers that the client
14 matches
Mail list logo