> On Jan 24, 2018, at 1:33 AM, Gladewitz, Robert via openssl-users
> wrote:
>
> Nevertheless, a problem remains open for the Cisco CUCM users. If these use
> the certificate internally signed by Cisco, the attributes are set as in the
> discussion and can not be subsequently adapted in our cas
Hallo Voktor,
I had contact with the Freeradius group in this regard. At first we also
assumed that something is wrong with the client certificate. But in TLS
Freeradius uses the OpenSSL standard functions to identify and verify the
client certificate. Exactly here only the CA certificate includin
>> You seem to be very very VERY upset by how OpenSSL implements one
> particular part of RFC 5280. Viktor has shown that it’s not just us, it’s
> other code as well. The original poster was able to live with OpenSSL’s
> implementation. You don’t like that code. So be it.
> If tha
On Tue, Jan 23, 2018 at 4:33 PM, Salz, Rich wrote:
> On Tue, Jan 23, 2018 at 3:45 PM, Salz, Rich wrote:
> > ➢ The docs have _not_ changed:
> https://www.openssl.org/docs/standards.html.
> >
> > Nor is there any need for that page to change. READ WHAT IT SAYS.
>
> ➢ I'm surpr
On Tue, Jan 23, 2018 at 3:45 PM, Salz, Rich wrote:
> ➢ The docs have _not_ changed:
https://www.openssl.org/docs/standards.html.
>
> Nor is there any need for that page to change. READ WHAT IT SAYS.
➢ I'm surprised you are arguing against clear documentation on behaviors
On Tue, Jan 23, 2018 at 3:45 PM, Salz, Rich wrote:
> ➢ The docs have _not_ changed:
> https://www.openssl.org/docs/standards.html.
>
> Nor is there any need for that page to change. READ WHAT IT SAYS.
I'm surprised you are arguing against clear documentation on behaviors.
Jeff
--
openssl-
➢ The docs have _not_ changed: https://www.openssl.org/docs/standards.html.
Nor is there any need for that page to change. READ WHAT IT SAYS.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> On Jan 23, 2018, at 3:07 PM, Jeffrey Walton wrote:
>
> Your arguments are fallacious. How the browsers do things does not
> constitute the "de facto" standard. Your just begging the claim.
You're trolling. I'm no longer playing along, better things to do...
--
Viktor.
--
openssl-
On Tue, Jan 23, 2018 at 12:43 PM, Viktor Dukhovni
wrote:
>
>
>> On Jan 23, 2018, at 7:31 AM, Gladewitz, Robert via openssl-users
>> wrote:
>>
>> Despite being wrong it is also absolutely irrelevant, because FreeRADIUS
>> retrieves the OpenSSL rejection of the cacert.capf.pem before any end-entit
> On Jan 23, 2018, at 7:31 AM, Gladewitz, Robert via openssl-users
> wrote:
>
> Despite being wrong it is also absolutely irrelevant, because FreeRADIUS
> retrieves the OpenSSL rejection of the cacert.capf.pem before any end-entity
> certifcate is ever seen.
This is almost certainly not the c
Hi All,
We are using DRBG using AES-CTR-256 in FIPS mode. I could find test
suite/file that takes CAVP test request and generating the response for
DRBG using AES-CTR-256.
However I am not finding any test suite/file that validates AES-CTR
128/192/256 bits. Please can any one let me know while te
At our face to face we took a look at the security policy and noticed
that it contained a lot of background details of why we decided on the
policy that we did (in light mostly of the issues back in 2014) as
well as a bit of repeated and redundant information. We've taken some
time to simplify it,
➢ this feature sends notifications about _all_ conversations happening.
For me, I get the actual comments that are posted. Don’t you? On the mailing
list, you have to explicitly mark/junk conversation threads in your mail
program. You would still have to do that here.
I don’t understand
You should be able to just watch the openssl repo (the eyeball/watch notice in
the upper-right side)
On 1/23/18, 7:00 AM, "Hubert Kario" wrote:
On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote:
> There’s a new blog post at
> https://www.openssl.org/blog/
On Sun, Jan 21, 2018 at 6:38 PM, Salz, Rich via openssl-users
wrote:
> ➢ The sensible thing at this point is to publish an update to RFC5280
> that accepts reality.
>
> Yes, and there’s an IETF place to do that if anyone is interested; see the
> LAMPS working group.
Related, the subject came
Dear helpful people,
The problem is now solved by a workaround based on a new CAPF certificate.
That is that.
Concerning the discussion here, i (representing my supervisor) would like to
pinpoint 2 facts that arouse:
First and foremost the attached cacert.capf.pem is based on a Cisco __System
ge
Hello,
On Tue, Jan 23, 2018 at 3:00 PM, Hubert Kario wrote:
> On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote:
> > There’s a new blog post at
> > https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
>
> > We decided to increase our use of GitHub. In addition to a
Hi All,
We resolved the issue by using SSL_peek which does not clear the bio after
read and we could also get the peer information after calling this API.
This helped us differentiate the peer connections.
Thanks for the multiple suggestions provided.
Thanks,
Grace
On Tue, Jan 16, 2018 at 12:34 P
18 matches
Mail list logo