> 3. The compiler wasn't written by a fanatic who put
> the "right shift of negative signed values is
> undefined" rule above common sense.
>
> This is only implementation-defined behavior, not undefined behavior. It is
> not permitted to crash the system or launch the missiles. (n1256.pdf 6.
On 12/11/15 17:41, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Andy Polyakov
>> Sent: Friday, December 11, 2015 10:07
>> To: openssl-users@openssl.org
>> Subject: Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in
>> OpenS
>>> static inline unsigned int constant_time_msb(unsigned int a) {
>>> -*return 0 - (a >> (sizeof(a) * 8 - 1));*
>>> + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1;
>>> }
>>
>>
>> ... Both versions
>> look reasonable to me (ignoring the hardcoded 8 - implying a char is 8
>> bits).
>
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Andy Polyakov
> Sent: Friday, December 11, 2015 10:07
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in
> OpenSSL 1.0.2d
>
> >> static inline unsigned int co
Hi all
I've had some emails recently from Derek at OSTIF who has been talking
to me about their plans to do an audit (separate to the current CII one)
of OpenSSL next year. OSTIF is not associated or affiliated with
OpenSSL, but if you're interested you can learn more here:
https://ostif.org/
Re
Thanks guys, Its done.
Regards,
Jebran.
On Fri, Dec 11, 2015 at 7:18 PM, Mohammad Jebran wrote:
> Please can I have some advise on this query.
>
> Regards,
> Jebran.
>
> On Tue, Dec 8, 2015 at 11:18 AM, Mohammad Jebran
> wrote:
>
>> I have to sign a sub-CA through my current root CA using ope
On 11/12/15 15:46, Abdul Razik wrote:
> Hello
>
> Can someone please help with this issue? I am trying to build version
> 1.0.2e with VS 2015 and got the following build error with 32 bit, 64
> bit builds fine ,
>
> searching online it seems to have been resolved, not sure how to get
> the fix
Hello
Can someone please help with this issue? I am trying to build version
1.0.2e with VS 2015 and got the following build error with 32 bit, 64
bit builds fine ,
searching online it seems to have been resolved, not sure how to get
the fix and which files are affected by the fix. Can someone ple
>> static inline unsigned int constant_time_msb(unsigned int a) {
>> -*return 0 - (a >> (sizeof(a) * 8 - 1));*
>> + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1;
>> }
>
>
> ... Both versions
> look reasonable to me (ignoring the hardcoded 8 - implying a char is 8
> bits).
Hardcod
>>> C does not make such a guarantee, though recent-ish POSIX does. (This
>>> system is a windows one, thought, right?)
>> There are DSPs that only support 32 bit, they don't have a concept
>> of 8 bit. But I think there is various code that assumes that
>> char is 8 bit, and I doubt you can get
1. Check if the certificate for your root CA specifies any
"path restrictions" or similar that says that it cannot
validly sign certificates outside some state or province.
Having such restrictions in a root CA is GOOD whenever
possible, because it limits the damage that can be done
if
Tell the person who created the CSR that the value of the
stateOrProvinceName field has to be HK. If that is not possible
because the subCA is in a different country you can change your
openssl.cnf to allow different values in that field so instead of
stateOrProvinceName = match you have to use at
Please can I have some advise on this query.
Regards,
Jebran.
On Tue, Dec 8, 2015 at 11:18 AM, Mohammad Jebran wrote:
> I have to sign a sub-CA through my current root CA using openSSLeverything
> I have configured as per instructions but still getting an error that
> "stateorProvanceName field
Bonjour,
The problem with signing with a default certificate is that the response
certainly won’t be accepted by the client (see RFC6960 section 4.2.2.2, this
responder certificate doesn’t follow criteria 1 and 2, and certainly not
criteria 3), so you’re performing a signature knowing it will b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Users,
I have released version 5.28 of stunnel.
This is a bugfix release. I highly recommend upgrading your stunnel.
The ChangeLog entry:
Version 5.28, 2015.12.11, urgency: HIGH
* New features
- Build matrix (.travis.yml) extended with ./c
15 matches
Mail list logo