There isn't an easy a way to do what you want in 1.1.1.
RAND_set_rand_method replaces the RNG for all of OpenSSL. In theory
your RAND_METHOD could detect which thread it is running in and do
different things for each. I'm not sure this is a good idea however.
Why aren't the random number fro
Hi,
I have some doubts/questions on how to use methods (for ex:
RAND_set_rand_method) in multi threaded application which use OpenSSL. In my
application (running on OpenSSL 1.1.1d) there are two threads which use
OpenSSL, both threads perform very different operations. The issue I am facing
is
> From: Blumenthal, Uri - 0553 - MITLL
> Sent: Thursday, 1 April, 2021 10:09
> To: Michael Wojcik ; openssl-users@openssl.org
> Subject: Re: Why does OpenSSL report google's certificate is "self-signed"?
>
> In general - I concur, but there are nuances: sending root CA cert is mostly
> harmless, b
On 01/04/2021 16:21, Michael Wojcik wrote:
Thanks to everyone who responded. You've confirmed my impression:
- There doesn't appear to be any applicable standard which requires or forbids
including the root, or even endorses or discourages it).
rfc8446 page 65:
The sender's certifi
In general - I concur, but there are nuances: sending root CA cert is mostly
harmless, but mostly useless - except when there's a human on the receiving end
that can and is allowed to make a decision to accept and trust that CA cert.
Re. PQC - even the "smallest" among them are much larger than
> From: openssl-users On Behalf Of Mark
> Hack
> Sent: Thursday, 1 April, 2021 07:45
> To: openssl-users@openssl.org
> Subject: Re: Why does OpenSSL report google's certificate is "self-signed"?
>
> RFC6066
>
>Note that when a list of URLs for X.509 certificates is used, the
>ordering of U
Thanks to everyone who responded. You've confirmed my impression:
- There doesn't appear to be any applicable standard which requires or forbids
including the root, or even endorses or discourages it).
- It's harmless except for performance issues and possible low-severity flags
from analyses l
RFC6066
Note that when a list of URLs for X.509 certificates is used, the
ordering of URLs is the same as that used in the TLS Certificate
message (see [RFC5246], Section 7.4.2), but opposite to the order in
which certificates are encoded in PkiPath. In either case, the
self-signed ro
On 01/04/21 09:49, Dr Paul Dale wrote:
Perhaps ask Qualys to answer your concerns directly? They must have a
reason for including this warning.
oh, I am not particularly /concerned/ about it - it's just that I
noticed Qualys spits out this warning whenever I do include the root
anchor, wit
Perhaps ask Qualys to answer your concerns directly? They must have a
reason for including this warning.
Pauli
On 1/4/21 5:43 pm, Jan Just Keijser wrote:
On 31/03/21 19:43, Michael Wojcik wrote:
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: Wednesday, 31 March, 2021 10:31
To:open
On 31/03/21 19:43, Michael Wojcik wrote:
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: Wednesday, 31 March, 2021 10:31
To: openssl-users@openssl.org
Subject: Re: Why does OpenSSL report google's certificate is "self-signed"?
It looks like Google includes a self-signed root CA in the wi
11 matches
Mail list logo
