program.
Attaching my entire code here. After getting the base64 decoded I'm
calculating the MD5 sum and printing it. This works for a regular
string but not for SSH pubkey.
Thanks again.
--Prashant
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej
are
included?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
, Jakob Bohm jb-open...@wisemo.com:
Not having tested or read the relevant OpenSSL code, I
presume that SSL_write could want a read if it has sent
a handshake message, but not yet received the reply, thus
it cannot (encrypt and) send user data until it has
received and acted on the handshake reply
the client should refuse if the certificate does
not match the DNS name or IP address it was trying to contact
(not to be confused with whatever name the server returns in
protocol messages such as the SMTP banner).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
before the first read of client commands,
except in some servers that do an early read to check if
a broken/spammer client is trying to send before receiving
the banner).
--
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct
or to
coordinate with other stakeholders.
-Steve M.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
.
Also pleaseclean up any differences that are just typos
before the future 1.0.2arelease.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
. Experiment in
experiment-land.
My two bits.
On Fri, Feb 6, 2015 at 9:59 PM, Matt Caswell m...@openssl.org
mailto:m...@openssl.org wrote:
On 06/02/15 16:03, Jakob Bohm wrote:
I believe you have made the mistake of discussing only amongst
yourselves, thus gradually convincing
be selected by
setting the CYGWIN environment variable appropriately, so (contrary to recent
messages on the list) there's no reason to rewrite c_rehash for use on Windows.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45
certificate which fails
to display unknown name components.
P.S.
I presume that for any real use, you would use an officially
allocated OID to avoid clashing with what other people use.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark
is the alternate way for this
add signature function - that also dumps core at
PKCS7_SIGNER_INFO_set() function.
I have no clue as to what am I doing wrong here.
Appreciate your help.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark
give us credit
for not doing this arbitrarily, or on a whim.
I believe you have made the mistake of discussing only amongst
yourselves, thus gradually convincing each other of the
righteousness of a flawed decision.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
, GFlags.exe etc.).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
, GFlags.exe etc.).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
. 0xFF8, but that would still be 256 times rarer).
I am assuming without checking, that i2d_ASN1_INTEGER
already handles negative values.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public
mode around the basic DES/AES/IDEA/... block functions.
And this is just one example of the flexibility provided by
not going through the more rigid EVP API.
Should everyone not doing just TLS1.2 move to a different
librarynow, such as crypto++ ?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
to compile and thenjust outputs simplistic nmake
makefiles (such as nt.mak and ntdll.mak) based on those
lists.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non
On 28/12/2014 12:26, Kurt Roeckx wrote:
On Sun, Dec 28, 2014 at 01:31:38AM +0100, Jakob Bohm wrote:
3. The 1.0.x binary compatibility promise seems to not have been
completely kept. As recently as just this December, As a practical
example: I had an OS upgrade partially fail due
On 29/12/2014 01:37, Matt Caswell wrote:
On 28/12/14 00:31, Jakob Bohm wrote:
On 24-12-2014 00:49, Matt Caswell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You will have noticed that the OpenSSL 1.0.0 End Of Life Announcement
contained a link to the recently published OpenSSL Release
as they are, but change the comparison to compare values
that are actually supposed to be the same, such as MAC key length to MAC
key length (implicit 0 in the digests[] array), and result length to
result length (named keylen in the digests[] array).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S
, such as OS
loaders and door locks.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
version of s_client knows how to
dump out the constructed verification chain, there is only an option
to dump the server supplied certificates (regardless if those were
used by the client or not). Hopefully some future version will have
options to dump either or both lists.
Enjoy
Jakob
--
Jakob
lifetimes, but those tend to be used
regularly over that period, givingplenty of opportunity to convert
the private key files.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message
who chose them for you.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
On 19/12/2014 12:11, Jakob Bohm wrote:
On 19/12/2014 00:10, Prabhat Puroshottam wrote:
I am trying to summarize the problem again, since the previous
mail seems confusing to some of you. It might help you quickly understand
the problem I am facing:
We have a product, where Client connects
certificates or refreshing your CRL.
Thanks, best Benjamin!
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
On 12-12-2014 21:31, Jeffrey Walton wrote:
On Fri, Dec 12, 2014 at 5:23 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 09/12/2014 21:46, Jeffrey Walton wrote:
On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
amarendra.godb...@gmail.com wrote:
So Adam Langley writes SSLv3 decoding function
scheme, using
the same implementation functions.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
reportfrom .NET to see the real error code.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
loader API). For libraries written in C++, the static constructor
and destructor language mechanisms are treated this way
automatically and thus subject to the same limitations on
permitted operations.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730
I get 20 blocks totaling 253 bytes. I have stack traces of where
each block is allocated but I cannot figure out how this memory should be
cleaned up. Each of the 20 blocks filter down to 1 of 5 root stack traces. The
stack traces are:
Repeated 6 times:
Enjoy
Jakob
--
Jakob Bohm, CIO
the only affected clients, then this is not the best
possiblefix.
On the other hand, if some other SSL library would fail if
presented withthe 3 new suites (the GCM suites without
ECDSA certs), then their fix is correct and just helps the
old OpenSSL versions by chance.
Enjoy
Jakob
--
Jakob Bohm
!
On 11/5/2014 1:23 PM, Jakob Bohm wrote:
Maybe you forgot to run the batch file that sets the
INCLUDE and LIB environmentvariables to prepend later
VC 6.0 compatible SDK headers before,such as those in
the July 2002 Platform SDK.
The copyright message quoted by Walter H. is just that,
acopyright
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
, definitly
WINSOCK2.H contains this:
/*
* Constants and structures defined by the internet system,
* Per RFC 790, September 1981, taken from the BSD file netinet/in.h.
*/
by the way: Visual C++ is from 1998, also an old ancient compiler
we have 2014 ;-)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
'
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.
this seems that you include ancient SDK headers not capable of IPv6
at all ...
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10
tel:+4531131610
a certificate backed by much more thorough
identity checks, given your position in the SSL pecking order.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
anything to release fixes that enable solution B.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
is in progress.
Please let me know your opinion on this.
Once again thanks everyone for your response.
-Aditya
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
an example, which happens to be important right now
because of poodle.
Hope this will clear all the confusions.
-Aditya
On Fri, Oct 24, 2014 at 5:35 PM, Jakob Bohm jb-open...@wisemo.com
mailto:jb-open...@wisemo.comwrote:
On 24/10/2014 13:33, Aditya Kumar wrote:
Hi All
:
::SSL_CTX_set_cipher_list(ctx,
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM);
Is there something wrong with these ciphers? What are best cipher argument for
only TLSv1 communication. I think, I need not set ciphers on client side.
Thanks – Pradeep reddy.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
On 21/10/2014 16:05, Florian Weimer wrote:
* Jakob Bohm:
The purpose of the option is to make totally broken applications a
bit less secure (when they happen to certain servers). From my
I meant “a bit less insecure”, as Bodo pointed out.
OK, point already taken.
point of view
...@openssl.org] *On Behalf Of *Jakob Bohm
*Sent:* October-17-14 7:59 AM
*To:* openssl-users@openssl.org
*Subject:* Please document the new SSL_MODE_SEND_FALLBACK_SCSV
The new SSL_MODE_SEND_FALLBACK_SCSV option is badly documented in
the wiki and man pages, which is going to cause a lot of problems
when
SSL_OPTION_SEND_FALLBACK_SCSV (there is probably
a good reason, but itisn't documented).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
in the handshake, ensuring that the connection
will fail if it is modified, otherwise much worse could be done
(such as removing all the strong ciphers from that same list, thus
causing 40 bit encryption).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860
() and SSL_set_mode() manpage.
In other words, the script looks like it is indexing the SEE ALSO
section, ratherthan the TITLES and NAME sections (which is what
man(1) on *n*x does).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark
://ocsp.example.com/issuerCA
Netscape Cert Type:
SSL CA
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
://www.openssl.org
User Support Mailing List openssl-users@openssl.org
mailto:openssl-users@openssl.org
Automated List Manager majord...@openssl.org
mailto:majord...@openssl.org
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860
-noout -text | grep -A1 X509v3 Extended Key
Usage
which seems to produce a little less noise, but it's still not down to
a single line of output. Still, it's more elegant than what I cited, I
think.
Cheers
On 10/08/2014 08:43 AM, Jakob Bohm wrote:
I think you can safely omit the middle
care if the CA takes 30 seconds longer to sign a cert - but I'd really
care if it made a web browser hang when talking to the resultant server
cert ;-)
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10
tel
.
Thanks.
-Prasad
On Sep 19, 2014, at 10:24 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 19/09/2014 09:14, Prasad Dabak wrote:
The RFC links helped.
I am able to do decrypt the encrypted digest and match it
with the
DigestInfo as explained in rfc2315
are used to look up CAs in a disk-based
database, as used by the -CAdir option to various other OpenSSL commands.
Basically, each CA is listed under its own -subject_hash, and calling
-issuer_hash on a certificate then tells where to look for the CA
certificate).
Enjoy
Jakob
--
Jakob Bohm, CIO
assuming that I require to do both (1) and (2) in order to
verify the authenticode signature?
4. What is the best way to verify if the executable is signed by
specific company using that company's public key?
Any inputs will be greatly appreciated!
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
that don't protect against BEAST in
other ways.
To protect from the known RC4 repeated-plaintext vulnerability, one
might consider adding rate limiting to some SSL/TLS protocol steps
whenever RC4 is actually used.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
sure those
links get seen by folks in charge.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
given key).
You really should look at the extensive research done by SSL Labsbefore
blindly deprecating stuff.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
in their certificates
collection, issued byMicrosoft Code Verification Root to the
actual CA that issued the companycertificate. This is because
the signature checking code in Microsoft's bootloaderonly knows
about that Microsoft CA.
Enjoy and good luck
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S
is defined?:
SRTP_PROTECTION_PROFILE
[*]https://github.com/joyent/libuv/
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
.
Please update the page.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
with appropriate
engine options, then use a generic ZIP program to replace the
dummy $signaturename.RSA with the real one.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message
.
Thanks a lot.
Regards
Jayalakshmi
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
into a
Cisco router.
Anyway Laksha found it was a bug in the openssl binary.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote
is not portable.
Also note that the need to link actual application code to OpenSSL
(or any other portable library) significantly limits the choice
of compiler to those that produce compatible .o files to those
produced and used by the application linker.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
.
Instead use X509_VERIFY_PARAM_set1_host(), then name checks are
performed as needed. The verify callback is called with an error status
if the fail.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
On 7/1/2014 2:42 AM, Jeffrey Walton wrote:
On Mon, Jun 30, 2014 at 4:32 PM, Jakob Bohm jb-open...@wisemo.com wrote:
Because there is no documentation for SSL_CTX_set_tmp_ecdh_callback()
in OpenSSL 1.0.1 and older, I am afraid I have to ask:
1. Is the EC_KEY* returned by the callback supposed
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
that same X509_STORE as store_ctx-ctx and get your pointer from the
CRYPTO_EX_DATA at store_ctx-ctx-ex_data.
At least that is what it looks like to me.
(Figuring out how to use the generic CRYPTO_EX_DATA API is left as an
exercise for the reader).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S
(read only) byte array, then for each new
SSL session, loop over d2i_X509() until you reach the end of your array
or it fails. Use a second array for the concatenated CRLs. Note that
the arrays should be in DER format, not PEM format.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
the page to reflect this part of the
advisory.
This was also mentioned by Mr. Nageswar in an unanswered message
14 days ago.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message
the total
delay is
max(encrypt_time, transmit_time) + decrypt_time
while a non-parallelizable mode would have
encrypt_time + transmit_time + decrypt_time
Of cause there are other drawbacks to the various mode that
needs to be considered before choosing one.
Enjoy
Jakob
--
Jakob Bohm, CIO
that condition.
At least this is how I read the code.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
at 4:22 PM, Jakob Bohm jb-open...@wisemo.com
mailto:jb-open...@wisemo.com wrote:
On 5/30/2014 12:24 AM, Geoffrey Thorpe wrote:
...
The only way to to avoid any political overtones in such a
situation (if
that really is your intention, because doing the right
on the outer make.
The easiest workaround would be to omit the -j options from the outer
make invocation, or to simply ignore the warning.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public
On 5/30/2014 12:03 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Wednesday, May 28, 2014 13:04
On 5/25/2014 2:22 PM, Hanno Böck wrote:
Some clients (e.g. all common browsers) do fallbacks that in fact
can invalidate all improvements of later
of a potential ability
to threaten to reward or punish a project via the purse strings.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
correct)...?
Maybe the list of contributors and amounts should be published annually
on some webpage in a neutral form,
WITHOUT any golden or platine award...
A good compromise I think...
Yours sincerely,
Pierre Delaage
Le 30/05/2014 22:22, Jakob Bohm a écrit :
On 5/30/2014 12:24 AM
. There was however a minor change
somewhere between 1.0.1a and 1.0.1e which affects the default behavior
of SSL programs if compiled against the 1.0.1a header files but run with
the 1.0.1f or later DLLs.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev
in an unsigned part of the
exchange. This could even be specified in an UPDATE RFC for the
existing TLS v1.0..v1.2 versions, and a CVE number assigned to the
common bug of its non-implementation (after library implementations
become available).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo
relied upon by other companies.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
the full call graph of SSL_CTX_new()
and SSLv23_method().
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
the last few years that it they are becoming a single
point of failure for too many things (or too big to fail as it is
called in some other sectors).
Thus I think a different organization would be needed if OpenSSL were
to give up its independence.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
.1.0.0) in /usr/local/lib otherwise you don't have the fixed
code.
Please check that your user account has write access to /usr/local/lib,
or that make install was run as root (either should do it).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730
majord...@openssl.org
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
.
With a little tweaking, these tricks also work for GCM mode, since it
is mostly CTR mode with a checksum computed in parallel and then
encrypted.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public
(or something even more low-level in case
Microsoft sabotages these too), could be a way to work around the
sabotage introduced in Windows NT 6.3 (Marketed as 8.1).
On Thu, Jan 9, 2014 at 3:11 AM, Jakob Bohm jb-open...@wisemo.com wrote:
While I have not specifically checked the Windows 8 SDK, my
://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
with the (current) OpenSSL FIPS module 2.0, by
(as one of many steps) compiling OpenSSL 1.0.1 --with-fipsdir=
In either case, it is technically only the FIPS module and not the
OpenSSL library which is subject to FIPS validation.
(Note: There was no OpenSSL 0.9.9)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
released
===
Snipped rest of announcement boilerplate
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
exchange that doesn't
require a private dark fiber between the parties).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo
. When you use an OpenSSL CA to sign this type of
request, the certificate is made without issue but the SANS are stripped
out of the final product. What am I missing here?
Regards,
Brandon Biondo
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29
(first_block) header_length - md_block_size
then
This code will overflow first_block.
I sure hope there is code in there which checks the validity of the two
inequalities, either directly or by only using hardcoded known good
values for those parameters.
Enjoy
Jakob
--
Jakob Bohm, CIO
likely to
be loaded into your process. EXE files should use the default /BASE
value in any post-1997 linker (a few very old linkers used a different
value not compatible with later platforms but the new value is
backwards compatible).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
601 - 700 of 1144 matches
Mail list logo