is not
required):
dpkg -l | grep libssl
These commands should pick up that openssl fix as well as any other updates:
sudo apt -y update
sudo apt -y upgrade
Thanks,
Shawn
there is a
symlink or not.
Thanks,
Shawn
the symlink.
Properly implemented, symlinks do not reduce security, but any tool can
be misused. If you have a situation where a symlink presents a security
concern, it probably means someone did it wrong.
Thanks,
Shawn
to the command.
Many thanks to Victor for the nudge that got me on the right track to
make it work. I have become very spoiled by Ubuntu ... when I work on
RHEL clones, it always takes more effort.
Shawn
ards.pem
The file named le_root.pem contains JUST the root certificate. Since all
of the certs generated by this setup will come from LetsEncrypt, I can
put the root cert in a static file and not worry about changing it until
they move to a new root.
Thanks for pointing me in the right direction!
Shawn
On 9/2/22 21:42, Shawn Heisey via openssl-users wrote:
Other bare metal systems and their results with the same PEM file:
Verifies on Proxmox (the one running the VM) with openssl 1.1.1n
Verifies on Ubuntu 22.04 with openssl 3.0.2
Fails on CentOS 7.5.1804 with openssl 1.0.2k-fips
Additional
would like the VM to do the same, but
right now I can't because of this issue.
Thanks,
Shawn
Blah, auto complete bit me - sorry, wrong ml / ot :(
On Oct 14, 2016 10:45, "Salz, Rich" wrote:
> > Is there a way to to check (from a script) if a key in the agent is
> unlocked?
>
> Agent? Do you mean ssh? This is openssl :)
> --
> openssl-users mailing list
> To
Is there a way to to check (from a script) if a key in the agent is
unlocked?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
End goal - I don't want the machine (curl, wget, git, etc) to throw errors
when accessing a site that I trust (ie, within the company).
[root@srwilson-centos7 anchors]# openssl s_client -showcerts -connect
site.com:443 /dev/null|openssl x509 -outform PEM > site_git.pem
[root@srwilson-centos7
Hey All,
I'm trying to figure out how to properly destroy an X509_CRL struct. I
can't seem to figure out any API for it. Can someone point me in the right
direction? I'm using PEM_read_X509_CRL to create the object.
Thanks,
Shawn
hi ALL,
There were 13 upstream commits for fixing the Lucky-13 issue in
openssl 0.9.8. For this issue, modified/deleted thousand of lines of
code. Is there any method or POC code for verification? Any ideas?
Thanks!
--
GNU powered it...
GPL protect it...
God blessing it...
regards
Shawn
machine. In case it's useful, I've attached the PEM file
generated by the most recent run of the test. The passphrase is
cartman.
Thanks,
--
Shawn.
rsa.pem
Description: Binary data
://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/rsa_key_unittest.cc
and the functions that do the reading and writing are in:
http://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/rsa_key_unittest.cc
Thanks,
Shawn
evp_pkey.reset(PEM_read_bio_PrivateKey(in.get(), NULL, NULL, NULL));
// Removes the ciphers from the table.
EVP_cleanup();
--
Shawn Willden | Software Engineer | swill...@google.com | Commerce Team
Then I guess that moves it firmly outside the purview of this list and into
your ISP's hands. Good luck.
On 9/22/03 1:44 PM, Frank [EMAIL PROTECTED] wrote:
Finally somebody with a clue!!! I can't effetely stop this crap
unless my ISP gives my root/admin on the mail server
.
On 8/19/03 1:24 PM, Neil Humphreys [EMAIL PROTECTED] wrote:
Shawn,
Thanks for the response.
It's a lovely thought, but it's not as simple as sticking in a firewall I am
afraid .. that leaves
me open to attacks that can't be blocked by the firewall ..
such as attacks from inside the firewall
What they're trying to get at is that you should be using strong
cryptography, but pay attention to any export restrictions and
patents/licensing. They don't want someone to be able to say, Sure it's
illegal, but Visa made me do it.
Also, they'd rather keep your business instead of seeing you
Yes.
On 8/5/03 10:58 AM, Bruce Embrey [EMAIL PROTECTED] wrote:
I have a question about encrypting whenever possible.
Doesn't this require you to share your public key with
those individuals you are communicating with?
Bruce
On Tue, 05 Aug 2003 10:51:55 -0500
Shawn P. Stanley [EMAIL
Yes, it's mainly geared toward processors and not individual merchants.
On 8/8/03 10:33 AM, Waitman C. Gobble, II [EMAIL PROTECTED]
wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Salz
Sent: Friday, August 08, 2003 8:17 AM
To: Shawn P
Nope. Thus my apology.
On 8/5/03 10:59 AM, Wayne Rasmussen [EMAIL PROTECTED] wrote:
Is this really appropriate for this mailing list
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Shawn P. Stanley
Sent: Tuesday, August 05, 2003 8:52 AM
To: [EMAIL
Perhaps some simple trepanation.
Why is the FBI trying to destroy your life? Perhaps tackling the root of
the problem will yield a more effective result. Using encryption will
likely only serve to escalate the problem.
On 8/4/03 5:49 PM, buddy fancher [EMAIL PROTECTED] wrote:
Hi there,
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Maybe I am misunderstanding the question... are you looking for an
SSL-enabled ftp client? If so, you can try PSFTP from:
http://www.chiark.greenend.org.uk/~sgtatham/putty/
thanks,
shawn p. duffy
http://codepiranha.org/~pakkit
email: [EMAIL
or something like that...
thanks,
shawn
On Fri, 2002-04-12 at 00:54, Paul Wiggins wrote:
Sun recently release a new patch that adds /dev/random support to
Solaris (Patch-ID# 112438-01). When I did a fresh compile and install
of OpenSSL 0.9.6c and then OpenSSH 3.1p1, OpenSSH does not use
/dev
string is a suffix of another.
Hope this helps.
73,
Shawn
On Fri, 8 Mar 2002, Mads Rasmussen wrote:
Hi,
This might be a stupid question, but it keeps troubling my mind.
I was thinking, when encrypting a string ( with symmetric cipher) you
would want to enter
I would like to abstract the SSL communications through 2 pipe[] fd's
under win32 where I plan on reading the read side of the pipes and then
Handling all network connectivity myself. I tried using
SSL_set_rfd()/SSL_set_wfd() but I still couldn't get it to write
communications when I issued a
Is there a a high-level OpenSSL function for dealing with the
digital signatures from the MSCrypto API in a PKCS7 blob?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Why is it not advisable to use openssl/crypto/pkcs7/verify.c ?
Dr S N Henson wrote:
tangquan wrote:
you can verify your signature using openssl/crypto/pkcs7/verify.c .
according to my experience, Netscape make a standand pkcs7 digital
signature and encode it in base64 format.
You
Have fun with these links.
Bye.
LINKS1.VBS
Already is: FreeSwan http://www.xs4all.nl/~freeswan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
[snip]
I guess it's a matter of time till somebody
outside the
U.S. hacks up an internation implementation.
create one on a PC and have the
client import it. Will that even work??? Is there another way to
create client certs with IE other than xenroll?
Shawn K. Tagseth
BBM Bureau Of Measurement
(416)445-9800x2075
__
OpenSSL Project
I've found IE 5 to be funny animal.. Go into Tools, Options, Advanced
and hit restore defaults.(what default is it setting?? I haven't
bothered to figure it out.) That has fixed about 90% of my problems
with clients and IE5. The other 10 needed to go request a new
certificate after they did
This link was posted to the apache-ssl mailing list but I thought it
might be of interest to people here too
http://www.nytimes.com/library/tech/99/05/biztech/articles/02encr.html
Snips from the article:
In a paper to be presented Tuesday in Prague, the computer scientist,
Adi Shamir,
33 matches
Mail list logo