On 30.04.2014 03:57, Nikolay Elenkov wrote:
What hasn't been suggested is giving each server, etc. its own sub-CA signed by
the root. Then there won't be a need to have the root key at multiple places and
not problems with serial. Additionally, clients will only have to
install and trust
the
This time the client hello and server hello is done,but when client key
exchange the server reply Alert (Level: Fatal, Description: Protocol
Version).Shows bellow, what wrong with this? And I kown this alert means the
client is not using the same protocol, but why client hello ,and server
On 29.04.2014 22:32, Tim Hudson wrote:
On 30/04/2014 6:05 AM, Walter H. wrote:
On 29.04.2014 21:38, d...@deadhat.com mailto:d...@deadhat.com wrote:
This all seems unecessarily complex. Make the serial number a 256
bit or
greater true random number. There will be no collisions.
the serial
On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com zyf01...@gmail.comwrote:
This time the client hello and server hello is done,but when client key
exchange the server reply Alert (Level: Fatal, Description: Protocol
Version).Shows bellow, what wrong with this? And I kown this alert means
Some standards (like the CA/Browser Forum guidelines) request a certain amount
of entropy (like 20 bits) to be contained within the serial number. Is there
some sort of best-practice for incorporating this small amount of real random
data into a larger unique serial number?
cheers
Mat
On
On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com zyf01...@gmail.comwrote:
This time the client hello and server hello is done,but when client key
exchange the server reply Alert (Level: Fatal, Description: Protocol
Version).Shows bellow, what wrong with this? And I kown this alert means
I have tryed, it works well. So ,what wrong with my appliction?
zyf01...@gmail.com
From: Jeffrey WaltonDate: 2014-04-30 15:27To: OpenSSL Users ListSubject: Re:
TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)
On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com
I use wcecompat with OpenSSL for WinCE 2.11; I haven't tried building
for a later version of WinCE, and I use an older compiler. There's
some basic problem with your build; it looks like something as basic
as using a C compiler to compile C++ and getting tripped up on new
syntax. Are you
I would like to publicly thank Hitomi Kimura for his recent personal
donation of US$500 to the OpenSSL project. He notes that he is a long
time OpenSSL user and that for his job as an information security
engineer in Japan he has distributed tens of thousands of client
certificates.
-Steve M.
--
I'm using a verify callback function set via
X509_STORE_set_verify_cb_func() to customize the behavior of
X509_verify_cert(). For example errors related to the fact that no
complete chain to a trusted root can be built are ignored, in order to
still allow validation of other properties of
On Wed, Apr 30, 2014 at 03:44:51PM +0200, Stephan M?hlstrasser wrote:
Shouldn't it only return X509_V_OK if at least one of the three tests Check
key ids (if present), Check serial number and Check issuer name
actually was performed?
Don't know about the CRL code path, but the same function
It is my great pleasure to announce that Nokia
(http://company.nokia.com/en), formerly Nokia Solutions and Networks
(NSN), has signed on as the first ever Platinum Sponsor of OpenSSL.
Their press release:
Wow - congrats!
Good and positive outcomes of Hearbleed : )
On Thu, May 1, 2014 at 12:52 AM, Steve Marquess
marqu...@opensslfoundation.com wrote:
It is my great pleasure to announce that Nokia
(http://company.nokia.com/en), formerly Nokia Solutions and Networks
(NSN), has signed on as the
13 matches
Mail list logo