On 01/26/2015 06:21 PM, jone...@teksavvy.com wrote:
On Fri, 16 Jan 2015 10:16:48 -0500
Steve Marquess marqu...@openssl.com wrote:
On 01/15/2015 05:52 AM, Marcus Meissner wrote:
On Linux usually triggered by /proc/sys/crypto/fips_enabled
containing 1 or the environment variable
On Tue, Jan 27, 2015 at 10:21:01PM +0300, Serj wrote:
Some web-sites don't send all intermediate certs during SSL Handshake.
Indeed some websites are misconfigured.
For example, www.verisign.com sends only server's cert but doesn't send next
intermediate cert:
But www.verisign.com is not
Browsers have too many work arounds for broken sites which results in
those sites not actually getting fixed.
Because if the site doesn't work, the user will blame the browser and switch. :(
___
openssl-users mailing list
To unsubscribe:
On 01/26/2015 06:21 PM, jone...@teksavvy.com wrote:
On Fri, 16 Jan 2015 10:16:48 -0500
Steve Marquess marqu...@openssl.com wrote:
On 01/15/2015 05:52 AM, Marcus Meissner wrote:
On Linux usually triggered by /proc/sys/crypto/fips_enabled
containing 1 or the environment variable
Hi, Viktor.
I have some questions.
I didn't find docs on such functions as SSL_get0_param
Why there is no corresponding functions as SSL_set0_param in your code?
Where can I found documentation on functions operating with params?
I found only this code:
X509_VERIFY_PARAM *param;
param =
Steve Marquess marqu...@openssl.comwrote on 01/27/15 09:18:
Thank you (and Tom) for your comments - much appreciated.
Tom Francis nailed the answer to this one. We did design the FIPS module
+ FIPS capable OpenSSL combination to make it possible to have a
system wide FIPS mode capability, but
On Tue, Jan 27, 2015 at 04:18:49PM +0300, Serj wrote:
I didn't find docs on such functions as SSL_get0_param
As I mentioned, this function should be documented, but is not yet.
Why there is no corresponding functions as SSL_set0_param in your code?
Where can I found documentation on
On 01/27/2015 11:09 AM, jonetsu wrote:
Steve Marquess marqu...@openssl.comwrote on 01/27/15 09:18: Thank
you (and Tom) for your comments - much appreciated.
Tom Francis nailed the answer to this one. We did design the FIPS
module + FIPS capable OpenSSL combination to make it possible to
This is an implementation of an IETF draft that expired seven years ago. Is
anyone using it?
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
___
openssl-users mailing list
To
On Tue, Jan 27, 2015 at 10:09:38PM +0300, Serj wrote:
27.01.2015, 20:23, Viktor Dukhovni openssl-us...@dukhovni.org:
I would set SSL verification parameters is to obtain the parameter
handle via SSL_get0_param() or where appropriate SSL_CTX_get0_param(),
and use the various
On Tue, Jan 27, 2015 at 10:21:01PM +0300, Serj wrote:
Some web-sites don't send all intermediate certs during SSL Handshake.
Indeed some websites are misconfigured.
For example, www.verisign.com sends only server's cert but doesn't send next
intermediate cert:
But www.verisign.com is not
Hi, Viktor.
27.01.2015, 20:23, Viktor Dukhovni openssl-us...@dukhovni.org:
I would set SSL verification parameters is to obtain the parameter
handle via SSL_get0_param() or where appropriate SSL_CTX_get0_param(),
and use the various X509_VERIFY_PARAM_mumble() functions to tweak
the parameter
Hello.
Some web-sites don't send all intermediate certs during SSL Handshake. For
example, www.verisign.com sends only server's cert but doesn't send next
intermediate cert:
s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)06/CN=VeriSign
On Tue, Jan 27, 2015, Serj wrote:
Hi, Viktor.
27.01.2015, 23:07, Viktor Dukhovni openssl-us...@dukhovni.org:
It is complete enough. The word mumble is not meant to be taken
You full code from wiki is:
const char *servername;
SSL *ssl;
X509_VERIFY_PARAM *param;
Hi, Viktor.
27.01.2015, 23:07, Viktor Dukhovni openssl-us...@dukhovni.org:
It is complete enough. The word mumble is not meant to be taken
You full code from wiki is:
const char *servername;
SSL *ssl;
X509_VERIFY_PARAM *param;
servername = www.example.com;
28.01.2015, 00:04, Dr. Stephen Henson st...@openssl.org:
It's this:
param = SSL_get0_param(ssl);
Because SSL_get0_param retrieves the internal pointer to parameters used by
ssl: so if you modify those parameters the modified versions will be used by
ssl.
Thanks, Stephen. Now it's
On Tue, Jan 27, 2015 at 11:42:51PM +0300, Serj wrote:
It is unfortunate that browsers lend a helping hand to such sites.
So, you want to say that browsers trust connections that don't provide
intermediate certs during SSL handhake?
As I know most browsers have also intermediate certs in
Browsers have too many work arounds for broken sites which results in
those sites not actually getting fixed.
Because if the site doesn't work, the user will blame the browser and switch. :(
___
openssl-users mailing list
To unsubscribe:
From: openssl-users On Behalf Of Kurt Roeckx
Sent: Tuesday, January 27, 2015 17:14
On Tue, Jan 27, 2015 at 11:42:51PM +0300, Serj wrote:
snip
What browsers do is cache the intermediate certificates. snip
That's one possibility. Another is that it uses AuthorityInfoAccess
to fetch the cert
19 matches
Mail list logo