Hi
I was curious if OpenSSL supports the creation of a CMS container and
also supports receiving and parsing a CMS container?
Thanks!!
Randy
__
OpenSSL Project http://www.openssl.org
User
:
On Tue, Dec 01, 2009 at 02:08:08PM -0800, Randy Turner wrote:
As an investor, I would rather have my coders use a product with
documentation to make progress on the actual goals of the product,
rather than reverse-engineer the information they're trying to look
for.
With the former method, my
As an investor, I would rather have my coders use a product with documentation
to make progress
on the actual goals of the product, rather than reverse-engineer the
information they're trying to look for.
With the former method, my cost is (n), with the latter method, my cost could
be
That's a great idea Mark and Will, I would be happy to contribute anything
that I learn about the toolkit.
There have been a wide range of comments from people saying look at the code
all the way to basically suggesting an attempt
at a new version of the O'Reilly book.
I can't imagine
there is some editing effort, it will be
little more useful than a FAQ and mailing list archive.
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Randy Turner
Sent: Thu 11/26/2009 11:38 AM
To: openssl-users@openssl.org
Subject: Re: General question about
Yes, I noted that usage of the APIs in combination with common use-cases is
more appropriate, but this doesn't obviate the need for per-API documentation,
as has occurred so far on the openssl website.
And I agree with the previous point that we should be trying to collectively
figure out how
This is an example of a relatively common use-case that I was alluding to in a
previous email...it would be nice to not have to figure this out either by
guessing, reverse-engineering something, or other sub-optimal form of
development strategy
Randy
On Nov 26, 2009, at 4:03 PM, John R
I would like to post a general observation regarding users of the OpenSSL
toolkit.
A number of the questions hitting this list, are somewhat detailed, and
sometimes deal with interesting corner cases regarding the use of the toolkit.
However, a large number of questions hitting this list
Is the OCSP response verification algorithm described below
implemented exclusively by OpenSSL, or is the algorithm an
implementation
of a particular RFC algorithm?
Thanks!
Randy
On Jul 28, 2009, at 9:41 AM, Dr. Stephen Henson wrote:
On Tue, Jul 28, 2009, Natanael Mignon -
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Randy Turner
Sent: Thursday, 4 June 2009 3:48 PM
To: openssl-users@openssl.org
Subject: Re: Callback suggestion for unsupported cert extensions
I agree that there should probably be a callback for extensions not
recognized and supported
I agree that there should probably be a callback for extensions not
recognized and supported by OpenSSL...the callback
could return a failure code that openssl would look at, and if it is
set to an error then openssl would run it's normal failure return
path (up the call stack).
If the
From this thread, it sounds like relying on the OpenSSL-FIPS canister
for cryptography means you can't use hardware cryptographic
accelerators through the engine interface, because the crypto would be
done in h/w and NOT within the
canister?
I'm assuming if the h/w cryptographic module
Just for my own edification, from this thread, it sounds like OpenSSL
doesn't support password-protected
PKCS#7 bundlesis this interpreation correct?
Randy
On Apr 29, 2009, at 6:16 AM, Dr. Stephen Henson wrote:
On Wed, Apr 29, 2009, Mathieu Malaterre wrote:
On Wed, Apr 29, 2009 at
On Apr 2, 2009, at 2:22 PM, Dr. Stephen Henson wrote:
On Thu, Apr 02, 2009, Randy Turner wrote:
Hello list,
Are the ASN.1 functions in OpenSSL generic enough to be used for
other
purposes besides reading/writing certificates?
Yes.
I was curious if the ASN.1 code could encode/decode
Hello list,
Are the ASN.1 functions in OpenSSL generic enough to be used for
other purposes besides reading/writing certificates?
I was curious if the ASN.1 code could encode/decode both BER and DER,
generically, even if the source of the data is NOT associated with
certificates. For
Hi,
I think there is probably a *formal* way to do this within the
confines of the build system and design of OpenSSL, and there is
probably a brute-force way to do this.
I think just grabbing the crypto subtree and building a make
subsystem for this that makes no dependencies on
Hello List,
I was curious about the diffs between the FIPS distribution of OpenSSL
and the standard distribution.
It seems like the FIPS tar file is based on an entirely different
versioning system, but I'm assuming there is a table somewhere that
maps this version back to a 0.9.x
Thanks for the reply.
So what you are saying is that if I encrypt a file with a password
according to my interpretation of PKCS#5/PBKDF2, then it might not
decrypt properly (with the same password) using the command-line openssl
function?
R.
-Original Message-
From: [EMAIL PROTECTED]
Using the following command...
openssl enc -aes-256-cbc -salt -in plain text file -out encrypted
file
I can create an AES-encrypted file.
Subsequently I can use the -d option to decrypt the same file if I use
the same key (when prompted) that I used to encrypt the file.
I think the same
Ok, it looks like these values are computed from the password...
Is the algorithm for computing the key and IV from the password
published ?
R.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Randy Turner
Sent: Wednesday, August 23, 2006 1:40 PM
I would probably consider the publishing of the openssl version on the web
server announcment message as a security issue.
Randy
-Original Message-
From: [EMAIL PROTECTED] on behalf of Marek Marcola
Sent: Thu 8/10/2006 2:45 PM
To: openssl-users@openssl.org
Subject: Re: CHecking the
the version of OpenSSL
Randy Turner wrote:
I would probably consider the publishing of the openssl version on the web
server announcment message as a security issue.
And some of us would laugh in your general direction ;-)
Exploiters don't need to know, they can just persist till they find
The discussion below wherein the term you're screwed is used seems to
indicate that there is a deadlock situation, which isn't the case. There may or
may not be performance issues associated with the scenario/use-case, but
there's no deadlock.
R
-Original Message-
From: [EMAIL
Hi,
Is there a brief on the reasons why someone would want to use OpenSSL
0.9.7j or choose to use 0.9.8b?
I believe one of the items is that the 0.9.7 branch can be part of a
solution for FIPS compliance, where 0.9.8b is not there yet.
Is this correct? I'm at a point where I need to
Hi Stephen,
There have been a few email messages on the list recently concerning
negative attributes of 0.9.8, with recommendations of using 0.9.7.x
versions. Are we to assume that later versions of 0.9.7.x are really
preferred for creating robust solutions with OpenSSL, instead of
0.9.8-based
When you want to operate in this special CA filtering mode, you
could hook the OpenSSL certificate validation logic. Your callback
could then implement it's only validation logic and return a reject
when you see a certificate you want to deny (even though it's valid).
Randy
On Mar 7,
The first sentence of the explanation below
seems to infer that its ok to call ssl_library_init() from each thread that
might want to access the SSL library.
I dont think thats what was
intended.
I think the last sentence is more accurate
if you have a multi-threaded application,
Hi All,
I just wanted to verify that, as of OpenSSL 0.9.8a, any OpenSSL data
facility that utilizes STACK_OF as a container for different types
of objects, the routines that reference these stacks do not support
multiple threads accessing the same stack. Is this the case? I
didn't see
I'm assuming it's also possible to statically link/bind (at build
time) engine drivers. Is this the case?
R.
On Feb 16, 2006, at 3:50 PM, Dr. Stephen Henson wrote:
On Thu, Feb 16, 2006, Lech Olmedo wrote:
My intent is trying to add as a new Engine some crypto modules from a
Coldfire
Is there any documentation on how I can programmatically create OCSP
requests, ready to be sent on the wire?
Thanks in advance!
Randy
__
OpenSSL Project http://www.openssl.org
User Support
I think someone has touched on some of this on the list recently, but
I was curious if there was a way to programmatically (through an API
call or other) way to patch into OpenSSL's configuration capability -
I understand the library by default looks at text files on a file
system for
31 matches
Mail list logo