. Even without
doing this, and using -verify_return_error, openssl s_client does not
refuse to connect to the server. Why is this and what else do I have to
do to convince the system that this self signed cert is OK?
Three suggestions, depending on what git send-email and your system
does:
1
Is anyone looking at the failing CI builds? It’s been a few days now.
Hello,
I'm finding conflicting information on whether OpenSSL can perform OCSP
validation via AIA responders through a proxy. An open issue at GitHub suggests
that this is an open feature request
(https://github.com/openssl/openssl/issues/6965), however I've seen people
saying that a proxy
“*ASN1_CTX ctx*” in openssl 1.1.0g.
Also am getting error as /usr/include/openssl/asn1_mac.h:10:2: error: #error
"This file is obsolete; please update your software."
You are using the old ASN1 API which has been obsolete since 2002. Are you
reading/writing your own custom ASN1 structu
On Wed, Apr 10, 2019 at 12:13:27PM -0400, Dennis Clarke wrote:
> On 4/10/19 7:37 AM, Richard Moore wrote:
> >Hi All,
> >
> >I haven't found a way to list the supported openssl ciphers from the
> >command line (i.e. get the list of potential values for -ciphersuites). I
&
On 10/04/2019 14:28, Kingsley O wrote:
Hello,
I get the above error when trying to build openssl. I am on a x64
Windows 10 platform, using perl 5, version 26, subversion 3 (v5.26.3)
built for MSWin32-x64-multi-thread and Visual studio express for
Windows 10
The file limits is clearly
Dear OpenSSL Users,
This is my first interaction in this community.
While am trying to build the latest openssl-1.0.2r code on CE-X86 platform, it
fails with the below error:
rsa_pk1.c
.\crypto\rsa\rsa_pk1.c(296) : warning C4761: integral size mismatch in argument
conversion supplied
.\crypto
expired, but nobody really
trusts private algorithms any more. There’s too much good stuff readily
available.
To answer your other question: OpenSSL is covered by the Apache license and any
contributions should also use the same license or they will not be accepted.
And cryptography
Hello,
I want to use OpenSSL to create an X509 request where the signature has
been calculated by an external device (ATMEL ATECC508A). With OpenSSL
1.0 I used
X509_REQ *req;
req = X509_REQ_new();
algor = X509_ALGOR_new();
algor->algorithm = OBJ_nid2
On 03/04/2019 22:16, Jeremy Harris wrote:
On 02/04/2019 17:03, Viktor Dukhovni wrote:
Does the server have a temporally stable ticket decryption key?
Is this Exim? Is the server's SSL_CTX persistent and shared
across multiple connections?
Ah, right. Unlike GnuTLS, the STEK is tied to the
On 02/04/2019 10:44, Matt Caswell wrote:
On 01/04/2019 22:23, Steffen wrote:
Hello,
I believe that I have narrowed the problem down to one specific version of
OpenSSL. Version 1.1.0b works as expected while OpenSSL 1.1.0c does not.
Using the cert/data files you provided me off-list (thanks
On 25/03/2019 22:53, sebastien wrote:
hi
in a terminal I've got this error with
|openssl version openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1:
version `OPENSSL_1_1_1' not found (required by openssl) openssl:
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1'
not found
>This software however is 7 years old, we’re not in a position to drop
> everything and rewrite it.
Then don't upgrade? If it's for a CA you don't need TLS 1.3 for example.
Or take the existing OpenSSL code that works and jam it into the current
release.
Maybe because EVP_PKEY_EC designates an ECDSA key, that an EdDSA key is not
generated the same way (particularly the public part), and that the encodings
are different?
Cordialement,
Erwann Abalea
Le 15/03/2019 19:20, « openssl-users au nom de Sam Roberts »
a écrit :
It seems like
On 15/03/2019 14:33, Dennis Clarke wrote:
On 3/15/19 5:38 AM, Matthias St. Pierre wrote:
My guess is that your binary is loading the system's shared libraries.
To find out whether this is the case, try
ldd bin/openssl
If my assumption is correct, you might have to set the LD_LIBRARY_PATH
* checking for SPNEGO support in GSSAPI libraries... configure: error: in
configure: error: cannot run test program while cross compiling
See `config.log' for more details
That’s ot
Openssl library version : cyrus-sasl-2.1.27
Command used : configure --host=x86_64-unknown-freebsd9 --cache
>: configure --host=x86_64-unknown-freebsd9 --cache=config.cache --disable-ntlm
>--disable-otp --disable-sample --enable-gssapi --with-des=no
>--with-gss-impl=mit
That’s not an OpenSSL configuration, and the error you got is not from OpenSSL.
It would be really good if code being merged to master had --strict-warnings
and the mdebug backtrace stuff turned on. In the past few days there have been
a flurry of checkins that these flags would have caught.
Well, flurry is admittedly too strong. …
Hi All,
The OpenSSL version 1.1.1b chooses wrong AS(assembler) on running through
Cygwin in Windows. It chooses 'ml' instead of 'nasm'(but uses the syntax of
nasm) which causes OpenSSL build failure on Windows. The same works fine with
OpenSSL 1.1.0i version.
Looks like a bug with 1.1.1b
clause 9, then moved to clause 6.1 in 2000, and clause 6.4 in 2012).
RFC5280 is far from being that clear.
OpenSSL added some checks on GeneralizedTime/UTCTime, by enforcing RFC5280
rules. I haven't followed the source code to see if these checks also apply to
data types other than RFC5280 certi
On 06/03/2019 18:38, Jordan Brown wrote:
On 3/5/2019 1:16 PM, Yann Ylavic wrote:
Furthermore, if that scenario were a real use case, it'd mean that
libldap could initialize openssl with no regard to httpd needs,
Everybody has to play nice, but ... yes. Random libraries might need
OpenSSL
On 06/03/2019 16:17, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Richard Levitte
Sent: Wednesday, March 06, 2019 03:07
On Wed, 06 Mar 2019 10:52:44 +0100,
Jan Just Keijser wrote:
as a follow-up: Richard's analysis/suspicion was spot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [6 March 2019]
ChaCha20-Poly1305 with long nonces (CVE-2019-1543)
==
Severity: Low
ChaCha20-Poly1305 is an AEAD cipher
the default
mid-series is probably not a good idea.
Changing the default could be considered for 3.0.
Yes please, as it stands the 1.1 series is unloadable on the most
used
openssl libraries, distros'. I find this a bit unfortunate, and more
#ifdef-ery to come (though I'd like the OPENSSL_INIT_[NO_
Can we take OpenBSD code and put it under the Apache license?
On 01/03/2019 12:38, Chethan Kumar wrote:
Dear all,
In need of some assistance. I compiled openssl1.1.1b on Debian and
executed openssl commands on another Debian machine.
Its giving below error:
openssl: */lib/i386-linux-gnu/libc.so.6: version `GLIBC_2.25' not
found (required by /home
Hi,
Earlier our application used OpenSSL version 1.0.2n. Now we wanted to
upgrade to 1.1.1b.
After upgrade when i compile OpenSSL, i see the following errors:
Tried to generate the Makefile with both the ways mentioned below..
But getting compilation errors as attached mainly at places
where
at libcrypto could "magically" combine two
different FIPS providers, which would be none of the two options
mentioned above.
Yes. I believe this is okay, but also that OpenSSL is not going to support
this.
>Huh? From the design document, section "Example dynamic views of
algorithm selection", after the second diagram:
An EVP_DigestSign* operation is more complicated because it
involves two algorithms: a signing algorithm, and a digest
algorithm. In general those
>I always understood "FIPS-capable OpenSSL" to refer specifically to an
OpenSSL compiled with the options to incorporate the FIPS canister
module, not just any OpenSSL build that might be used in FIPS compliant
applications (as that would be any OpenSSL
On 27/02/2019 22:18, Richard Levitte wrote:
On Wed, 27 Feb 2019 21:55:29 +0100,
Jakob Bohm via openssl-users wrote:
On 27/02/2019 20:59, Salz, Rich via openssl-users wrote:
If you change a single line of code or do not build it EXACTLY as documented,
you cannot claim to use the OpenSSL
On 27/02/2019 20:59, Salz, Rich via openssl-users wrote:
If you change a single line of code or do not build it EXACTLY as documented,
you cannot claim to use the OpenSSL validation.
I believe the context here is one I also mentioned in my comment on
the 3.0 draft spec:
- OpenSSL FIPS
If you change a single line of code or do not build it EXACTLY as documented,
you cannot claim to use the OpenSSL validation.
PREFIX/bin/openssl{.exe,}) link to the
shared library in the build tree whenever the target allows
this.
Some examples:
- Windows(all versions): This is already the system default
if the shared libraries are copied into the test program
directory, even in Windows versions that don't search th
No.
The OpenSSL FIPS Module is not written that way. It should not be permitting
any non-FIPS implementations (see Rich's email regarding a bug).
You could write your own engine, get that FIPS certified, and run it with
plain, vanilla OpenSSL.
There's a design spec out for OpenSSL 3.0.0
On 2/26/2019 6:28 PM, Hong Cho wrote:
> I see no code change between 1.0.2q and 1.0.2r.
>
> --
> # diff -dup openssl-1.0.2q openssl-1.0.2r |& grep '^diff' | awk
> '{print $4}'
> openssl-1.0.2r/CHANGES
> openssl-1.0.2r/Makefile
> openssl-1.0.2r/Makefile.org
>
-validated code,
which means that you *have* to use the OpenSSL implementation.
If you do not use the OpenSSL implementation, then you cannot claim to be FIPS
validated, and you must get your validation for your implementation.
et."
On Feb 26, 2019, at 10:40 AM, Matt Caswell
mailto:m...@openssl.org>> wrote:
On 26/02/2019 15:03, Short, Todd via openssl-users wrote:
The latest security advisory:
https://www.openssl.org/news/secadv/20190226.txt
mentions stitched vs. non-stitched ciphersuites, but doesn’t really
The latest security advisory:
https://www.openssl.org/news/secadv/20190226.txt
mentions stitched vs. non-stitched ciphersuites, but doesn’t really elaborate
on which ciphersuites are stitched and non-stitched.
"In order for this to be exploitable "non-stitched" ciphersuites must be in
use.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [26 February 2019]
0-byte record padding oracle (CVE-2019-1559)
Severity: Moderate
If an application encounters a fatal protocol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.1b released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1b of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.0.2r released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2r of our open
: login (584) PC=0xb6e6ab00 Instr=0xe5951000
Address=0xd27cdc63 FSR 0x001
Kernel panic - not syncing: Attempted to kill init! exitcode=0x000b
that doesn't look like openssl problem at all, openssl may trigger it, but
only because it's using the system to its fullest potential, not because
(Resend from correct account)
On 15/02/2019 18:35, Salz, Rich via openssl-users wrote:
(as for "possibly not the FIPS provider", that's exactly right. That
one *will* be a loadable module and nothing else, and will only be
validated as such... meaning that noone can stop you fr
On 17/02/2019 14:26, Matt Caswell wrote:
On 16/02/2019 05:04, Sam Roberts wrote:
On Fri, Feb 15, 2019 at 3:35 PM Matt Caswell wrote:
On 15/02/2019 20:32, Viktor Dukhovni wrote:
On Feb 15, 2019, at 12:11 PM, Sam Roberts wrote:
OpenSSL could delay the actual shutdown until we're about
On 16/02/2019 00:02, Richard Levitte wrote:
On Fri, 15 Feb 2019 18:33:30 +0100, Lewis Rosenthal wrote:
...
I strongly encourage you to re-think this. Everyone else on this list
whose server has been properly configured to not trash legitimate
messages must now be inconvenienced by the needs of
t
invalid re FIPS)
To be pedantic: this is true only *if you are using the OpenSSL validation.*
If you are getting your own validation (such as using OpenSSL in an HSM device
or whatnot), this is not true.
> - If permitted by the CMVP rules, allow an option for
> a
On 15/02/2019 12:23, Matt Caswell wrote:
On 15/02/2019 03:55, Jakob Bohm via openssl-users wrote:
These comments are on the version of the specification released on
Monday 2019-02-11 at https://www.openssl.org/docs/OpenSSL300Design.html
General notes on this release:
- The release
extra decoration of the
messages, i.e. the list footer that's usually added and the subject
tag that indicates what list this is (I added the "openssl-users:"
that you see manually).
So IF you're filtering the messages to get list messages in a
different folder, based on the subject
These comments are on the version of the specification released on
Monday 2019-02-11 at https://www.openssl.org/docs/OpenSSL300Design.html
General notes on this release:
- The release was not announced on the openssl-users and
openssl-announce mailing lists. A related blog post was
announced
>Yes - I do expect you to be able to build just the validated source
independently of the rest of the tarball so that you could (for example)
run the
latest main OpenSSL version but with an older module.
Which means that this doesn't have to happen in the first release si
.0 code drop to start porting and a looming deadline for the
1.0.x API.
You get what you pay for. I can be harsh because I am not a member of the
OpenSSL project.
You can start by porting to 1.1.x now.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 13/02/2019 20:12, Matt Caswell wrote:
On 13/02/2019 17:32, Jakob Bohm via openssl-users wrote:
On 13/02/2019 12:26, Matt Caswell wrote:
Please see my blog post for an OpenSSL 3.0 and FIPS Update:
https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
Matt
Given this announcement
On 13/02/2019 12:26, Matt Caswell wrote:
Please see my blog post for an OpenSSL 3.0 and FIPS Update:
https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
Matt
Given this announcement, a few questions arise:
- How will a FIPS provider in the main tarball ensure compliance
OpenSSL 1.1.1.
We really don't want to create a separate socket: we'd like to support
client requests on the same socket using either the old connection
method or TLS. We also want to support "pure" TLS, rather than some
kind of wrapped connection protocol. This means we need to
Hi all,
While trying to verify a client certificate using openssl verify with
-crl_check_all and –partial_chain options set , I get the following error:
error 8 at 1 depth lookup: CRL signature failure
error client1.pem: verification failed
Here is the command used:
openssl verify -crl_check
Hi all,
So, I found some hints on stack overflow
(https://stackoverflow.com/questions/6772465/is-there-any-c-api-in-openssl-to-derive-a-key-from-given-string)
and an implementation with pyCrypto
(https://gist.github.com/mimoo/11383475).
I still can't get the expected results but these raise some
i everyone,
I am looking for some documentation on how to pad and/or derive my
message and my key (from simple password), to mimic AES 128 ECB
en/decryption.
For a decorative purpose (no security consideration in mind), I used
openssl to encrypt a small message (less than 16 bytes) with a small
On 30/01/2019 00:11, Kurt Roeckx wrote:
On Tue, Jan 29, 2019 at 02:42:48PM -0500, Viktor Dukhovni wrote:
On Jan 29, 2019, at 2:23 PM, Rich Fought wrote:
The OpenSSL 1.1.1 ciphers manpage claims that some non-ephemeral DH ciphers are
supported:
TLS1.0:
DH-RSA-AES128-SHA
DH-RSA-AES256-SHA
Since this seems to be a certificate issue, would it be possible
to make the server log all the certificate checking steps and
errors with the failing certificates.
One obvious test would be to try connecting to the "openssl s_server"
utility with a similar configuration and lot
.
As explained above, most of that storage infrastructure is in
fact in place, but the major e-mail clients lack the code to use
it. For example the "openssl cms" command (used by some unix mail
clients, such as Mutt) doesn't have an option to specify the "as of"
date extracted from
> On Jan 7, 2019, at 11:52, Chris Fernando via openssl-users
> wrote:
>
>>
>> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users
>> wrote:
>>
>> I perused the list archives for all of 2018 and did not see anything current
>> relat
Look at the tricks openssl has to do in order to properly zeroized memory and
avoid having the compiler optimize it away.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
eed and open an issue on github? Yes, this
would be a bug-fix because "going opaque" made some things not possible.
Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 10/01/2019 19:55, Corey Minyard wrote:
On 1/10/19 11:00 AM, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
Behalf Of Jordan Brown
Sent: Thursday, January 10, 2019 11:15
On 1/9/2019 6:54 PM, Corey Minyard wrote:
2. Set the userid in the certificate
On 10/01/2019 18:00, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jordan Brown
Sent: Thursday, January 10, 2019 11:15
On 1/9/2019 6:54 PM, Corey Minyard wrote:
2. Set the userid in the certificate and use client authentication
I would expect that smartphone clients might want to prioritize CHACHA over
AES, but I don't think Node cares about that environment.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 07/01/2019 22:26, Jordan Brown wrote:
[ Off topic for OpenSSL... ]
On 1/7/2019 8:06 AM, Jakob Bohm via openssl-users wrote:
A chroot with no other reason to open /dev/null should not contain that
file name, even on unix-like platforms (least privilege chroot design).
There's always
On 07/01/2019 22:31, Steffen Nurpmeso wrote:
> Good evening.
>
> Jakob Bohm via openssl-users wrote in <95bceb59-b299-015a-f9c2-e2487a699\
> 8...@wisemo.com>:
> |Small corrections below:
> | ...
Note that I do not represent the project at all, I am just another
Small corrections below:
On 07/01/2019 19:31, Steffen Nurpmeso wrote:
...
|> That is really bad. Of course you had to do it like this, and you
|> surely have looked around to see what servers and other software
|> which use OpenSSL do with
>
> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users
> wrote:
>
> I perused the list archives for all of 2018 and did not see anything current
> relating to this problem, so if this is a question that has been asked &
> answered, please feel free to
On 04/01/2019 22:04, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jordan Brown
Sent: Friday, January 04, 2019 13:16
If you want to, what you want is something like:
int fd;
do {
fd = open("/dev/null&quo
liar with Windows & compiling Open Source projects, but I am
having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual Studio
2017 (Community Edition), I am able to compile the FIPS 2.0.16 module and
OpenSSL 1.0.2q (NO FIPS) without issue.
When I try to compile OpenSSL with the FIPS canis
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Jakob - you’re a star! Thanks so much, your suggestion works. So I added
https://mta.openssl.org/mailman/listinfo/openssl-users
.
Cheers
Neil Craig
Lead Technical Architect | Online Technology Group
Broadcast Centre, London W12 7TQ | BC4 A3
Twitter: https://twitter.com/tdp_org
On 03/01/2019, 11:02, "openssl-users on behalf of Matt Caswell"
wrote:
On 03/01/2019 10:31, Neil Craig wrote:
Hi all
Does anyon
Two of the more common causes of cron failure are
- Environment variable missing or has different value (PATH etc)
- File permissions are different if running under root vs normal
interactive user.
Hope that helps.
--
openssl-users mailing list
To unsubscribe: https
On 02/01/2019 11:18, Dennis Clarke wrote:
On 1/2/19 5:14 AM, Jakob Bohm via openssl-users wrote:
On 02/01/2019 10:41, Matt Caswell wrote:
On 27/12/2018 08:37, Dmitry Belyavsky wrote:
Hello,
Am I right supposing that local variables tmp1, tmp2, iv1, and iv2
are unused in
this function
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing
rts NUL bytes at the end of each array, changing
sizeof(array) as well as cache access patterns (and thus side
channel effects).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion
> I didn't bother looking up what freeing entails - it's obvious to
> anyone at this point that OpenSSL is a severe victim of feature creep,
> that its memory allocation scheme is a mess, and long story short: I
> will NOT free a perfectly fine object just because of
* But I only get early data for get method.
* When using post method, the server terminate connection. Is it related
with openssl? If so, how can I do to allow post method?
Early data can be replayed. It is only safe to use early data when the request
is idempotent, like GET. You
On 29/12/2018 14:19, C.Wehrmeyer wrote:
I don't have access to the actual testing environments until Wednesday
next year, so I've had to create a private account.
> Which version of OpenSSL is this? (I don't remember if you said this
> already).
I'm not entirely sure, but I *think* it's
tion now.
PKCS#7 also known as CMS or (in OpenSSL) SMIME, doesn't just pad. It
generates a random key and encrypts it with the recipients key (usually
a public key from a certificate, but there may be a symmetric variant).
Thus to do PKCS#7 with OpenSSL, you need to use the "
On 29/12/2018 07:42, carabiankyi wrote:
Thanks for your advice.
I get early data when I configure nginx ssl_early_data on.
But I only get early data for get method.
When using post method, the server terminate connection. Is it related
with openssl? If so, how can I do to allow post method
Great idea; https://github.com/openssl/web/issues/101
On 12/28/18, 12:39 AM, "Jakob Bohm via openssl-users"
wrote:
Consider at least including the one-line manpage summaries on the index
pages (the ones displayed by the apropos command on POSIX systems).
--
openssl-use
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
y on rails
[
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
* Please let me know if we have any update on this.
This is a volunteer effort. :)
My *GUESS* is that the CRL data isn’t sorted, and it’s doing a linear search.
You should profile the code to find out where, exactly, all the time is being
spent.
--
openssl-users mailing list
* Please find the above previous mail.
I am not sure what this means. I guess you are referring to earlier email in
the thread. I gave you my suggestion, good luck.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ommand line makes no sense (no output file, wrong argument
count, auto with unrecognized file extension). Ideally this
would be in the common perl module(s), not in individual
assembler files.
Remember that keeping every patch easily audited by the wider
community is essential to the trustworthiness
s
> the same.
>
> Please let us know if this is an expected behavior or something should be
> done to improve the above observation.
>
> With Regards,
> Prateep
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
retend to be either side.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
If all you need is RSA then you will probably find it easier to write a
makefile of your own. You will have to do multiple builds to get all the
missing pieces, such as the BN facility, the memory allocation, the error
stack, etc.
--
openssl-users mailing list
To unsubscribe: https
| Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
From: Alibek Jorajev via openssl-users [mailto:openssl-users@openssl.org]
Sent: Tuesday, 18 December 2018 8:10 PM
To: openssl-users@openssl.org
Subject: [openssl-users] FIPS module v3
Hi everyone,
I have been following Ope
> >. New certificates should only use the subjectAltName extension.
>Are any CAs actually doing that? I thought they all still included
> subject.CN.
Yes, I think commercial CA's still do it. But that doesn't make my statement
wrong :)
--
openssl-users
Putting the DNS name in the CN part of the subjectDN has been deprecated for a
very long time (more than 10 years), although it is still supported by many
existing browsers. New certificates should only use the subjectAltName
extension.
--
openssl-users mailing list
To unsubscribe: https
Hi everyone,
I have been following OpenSSL blog and know that work on new OpenSSL FIPS
module has started. Current FIPS module (v.2) has end of life (December 2019)
and I assume that new FIPS module will be by that time. but can someone tell
me - is there are approximate dates
lly
the PKCS#7 formats) allow almost unlimited file size, and any 2GiB limit is
probably an artifact of either the openssl command line tool or some of the
underlying OpenSSL libraries.
It would be interesting to hear from someone familiar with that part of the
OpenSSL API which calls to use to actually
want
Cordialement,
Erwann Abalea
De : prithiraj das
Date : lundi 17 décembre 2018 à 08:23
À : Erwann Abalea , "openssl-users@openssl.org"
Objet : Re: [openssl-users] RSA Public Key error
Hi Erwann/All,
Thank you for your earlier response. I have done a couple of tests on the
701 - 800 of 1657 matches
Mail list logo