A quick look at apps/s_client.c in the 1.0.1j sources suggests that it does
EBCDIC-ASCII translation if it was compiled with CHARSET_EBCDIC.
What version are you using? Was it built with CHARSET_EBCDIC defined?
Michael Wojcik
Technology Specialist, Micro Focus
From: openssl-users
ons for simple connection-flood DoS
attacks since the mid-1990s (RED in 1993, SYN Cookies in 1996, and so on).
Protocol-specific DoS attacks are more sophisticated and in general more
difficult to defend against, so they merit separate discussion.
--
Michael Wojcik
Technology Specialist, Micro Foc
://wiki.openssl.org/index.php/Diffie_Hellman
https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
___
openssl-use
gt;
> > > From: openssl-users On Behalf Of Michael Wojcik
> > > Sent: Thursday, December 18, 2014 21:27
> >
> > >
> > > And if DH parameters have not been set, OpenSSL will have to
> > > generate them on the fly, which can be *very* slow (relative
blocking" is with the dd command, using
"conv=sync". Since this is AIX, the OP might also look at the tctl command,
which also has a mode ("tctl write') that reads from standard input and writes
complete blocks to a tape device.
I'm sure there are plenty of exam
cure-G3-aia.verisign.com/SVRSecureG3.cer
>
> cert = d2i_X509_fp(fp, NULL);
> it will return fail, as below
What's the platform? What are the parameters to the fopen that you used to get
fp?
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for
(Apologies for the top-post; Outlook does not deal properly with HTML email.)
If open, called by fopen, actually is setting EPERM, then one of the following
should be true:
- /usr/local/ssl/openssl.cnf exists but the user does not have read permission
on it
- Either /usr/local or /usr/local/ssl
eing the problem here (and I've never seen it before, and none of our
customers have reported it). This appears to be unique to the OP's environment.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
following should work
(under suitable shells):
OPENSSL_CONF=/dev/null openssl ...
Just let openssl open /dev/null as its config file. It'll get EOF immediately
(as if openssl.cnf existed and was empty) and should trundle along happily.
--
Michael Wojcik
Technology Specialist, Micro Focus
nditions
under which openssl emits the warning and continues, as bug 2644 suggests. But
reasonable people could argue otherwise.
Probably someone who's particularly bothered by this should submit a patch.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned
where we see it
contains a pointer to one of the specific key types, such as rsa_st. rsa_st is
defined in rsa.h, and if we look there we see that it contains all the RSA
parameters, so it implicitly contains both the public and private key.
Michael Wojcik
Technology Specialist, Micro Focus
yle symlinks are
shortcuts, so per above they do not work. Native symlinks are Windows symlinks
and should work fine with OpenSSL. The native implementation can be selected by
setting the CYGWIN environment variable appropriately, so (contrary to recent
messages on the list) there'
4 to make disabling of RC4 a choice best made
> by applications.
I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it explicilty
in DEFAULT) is a good one that maintains important backward compatibility while
providing the desired removal of RC4 by default. There's no adv
e done. Clearly, in the Brave New World of well-funded
OpenSSL, they'll have to be, because it's apparent that we're going to see a
lot of disruptive change made on the flimsiest of pretexts, with objections
from the user community brushed aside. That's your prerog
the users of OpenSSL, sometimes in quite disruptive ways.
And sometimes they leak through to our users, and we have to handle that
situation. So yes, some of us will be resistant to changes that we think aren't
strongly justified.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Eric Rescorla's book SSL and TLS is a good start. There are many online
references and tutorials, but I can't say I've found any I'm especially fond
of. SSL and TLS is now quite old (unless he's written a new edition; the one I
have is from 2001), but TLS 1.2 is not so terribly different from 1.
Viktor's description agrees with Matthew Green's explanation.[1] The FREAK
attack can work against non-patched OpenSSL clients even if they disable
export-grade ciphers; in fact, that's precisely the problem.
The attack works like this:
1. Client sends ClientHello with a suite list that include
is probably the processing time for checking certification
paths; as the RFC points out, this kind of graph-path processing grows quickly
with the size of the graph.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scan
t few bytes to
see if they're 1) ASCII uppercase letters and 2) form the prefix of a valid
HTTP command would be satisfactory.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
_
to all implementations of RC4, and its use by any SSL/TLS
implementation. OpenSSL can't fix the problem. A future release of OpenSSL may
remove RC4 suites from the default list (indeed, it's probably all but
inevitable), so applications won't use it unless they enable it. For n
able. Even with that, however, your test design
is largely useless, because what you're trying to measure will be swamped by
environmental effects (unless you're running on in an extremely restricted
platform, like a single-task embedded system). At the very least, you need to
measure
it's
not of sufficient value, or the users just don't care. So I have no strong
feelings either way about this feature in OpenSSL.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
___
also note that I've been writing C code for numerous platforms (MS-DOS,
all the incarnations of Windows, many UNIX variants, OS/400, z/OS...) for
decades, and the Solaris compilers have *never* given me problems. That's more
than I can say for the compilers from Microsoft, HP, and so
te it.
I'm afraid that cat is not only out of the bag, but no longer visible from the
bag with the naked eye and receeding at high speed.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
__
t 8 characters as the system password. But that's only using 48 bits of
the hash value. Can I do better?"
(Another question would be what this has to do with OpenSSL...)
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense
ame build
machine.
A quick check is to run "cl" with no parameters from the command line you're
using for OpenSSL. It will say something like "Microsoft (R) C/C++ Optimizing
Compiler Version 17.00.61030 for x86" or "... for x64".
--
Michael Wojcik
Technology S
ical reasons. At any rate, that's what I have in my Windows build
directory; I believe those are the standard names.
--
Michael Wojcik
Technology Specialist, Micro Focus
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
uot; is the Configure option you need. We actually have a script
that changes some of the OpenSSL makefiles after configuring, so our process is
a bit different from yours.
--
Michael Wojcik
Technology Specialist, Micro Focus
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
it's
basically just a list of function signatures.
Is it possible your build created both static and dynamic versions? Do you have
two different versions of libeay32.lib in the build directory?
What version of OpenSSL are you building?
--
Michael Wojcik
Technology Specialist, Micro Focus
st; enable-static-engine links them in statically instead.
> or no-dso?
I don't know what that option does, off the top of my head. Doesn't look like
our build uses it.
--
Michael Wojcik
Technology Specialist, Micro Focus
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Response inline below, prefixed with "MW". (Unfortunately Outlook is incapable
of replying to HTML messages properly, so you'll have to excuse the formatting.)
Michael Wojcik
Technology Specialist, Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On B
he
certificates from a PEM file when creating the certificate directory, if you
use a script that gets the hash value of each certificate in the file.
I personally don't much care, but I could believe that someone else might find
that useful.
--
Michael Wojcik
Technology Specialist, Micr
code base, making the whole easier to maintain,
which is a benefit to people not using those features. It's a procedure that
shouldn't be undertaken lightly, but software development is always a matter of
compromises, and sometimes it's the best co
hing to the client.
Client subsequently sends the signed data and signature to the server, as part
of a file in the proprietary format, along with whatever unsigned data is
included.
Server extracts the signed data and signature, and uses "openssl rsautl
-verify" to verify it.
Micha
2013.aspx discusses the addition of several
> useful C99 features in VS2013, including compound literals, designated
> initializers, and variable declarations.
Still no sign of a conforming snprintf, though.
MSVC isn't even really a conforming hosted-environment C90. It's debatable
ration as non-fatal. I don't
know why it's different in your case, and I have no idea how to fix it, as I've
never had to poke into the implementation of autoconf and don't know what's
making your gcc behave differently.
--
Michael Wojcik
Technology Specialist, Mi
ves an expensive
human component), it's not very efficient.
You could build a card-shuffling-and-data-entering robot with some good
physical randomness (tumbling the cards in a turbulent-air chamber, maybe), but
there are physical-randomness alternatives with less complexity and better form
f
0.1p) suggests that ctx->error_depth,
which is what get_error_depth returns, is always set before calling the
callback.
--
Michael Wojcik
Technology Specialist, Micro Focus
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
l give you
accessor functions. Some people will complain that at that point you're no
longer writing C - you're reinventing C++ - to which I'd reply that they don't
really understand C or C++.
--
Michael Wojcik
Technology Specialist, Micro Focus
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
The value of the -k argument you're passing to "openssl enc" ends with "g",
which is not a hexadecimal digit; the rest of the value appears to be
hexadecimal. But it's not clear why you're using -k anyway. Perhaps you mean to
use -K (uppercase K,
c. It's along the lines of:
desc = accept(master, ...);
ssl = SSL_new(ctx);
SSL_set_fd(ssl, desc);
SSL_accept(ssl);
There's some setting of socket options like SO_KEEPALIVE and ex_data so we can
recover our info in the callbacks, but really it's all p
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Kurt Roeckx
> Sent: Monday, November 30, 2015 18:38
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] long (~2.5 minute) delay in TLS handshake
>
> On Mon, Nov 30, 2015 at 10:46:45PM
differently?" is not the right question.
Michael Wojcik
Technology Specialist, Micro Focus
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
or ::1), so no
one can bypass the proxy.
That's assuming stunnel doesn't also play silly buggers with the cipher suite
list.
--
Michael Wojcik
Technology Specialist, Micro Focus
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jakob Bohm
> Sent: Thursday, December 03, 2015 21:11
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] explicitly including other ciphers.
>
> On 04/12/2015 03:03, Michael Wojcik wrot
ormance in actually serving content. It's impossible to guess without
knowing more about the application and its behavior.
(And you mean "lose", not "loose".)
--
Michael Wojcik
Technology Specialist, Micro Focus
___
opens
U is smaller than the
record size) then it could have a partial record when it receives the RST. I
can't tell if that situation is present in your case (without manually decoding
the tcpdump trace, which I don't have time to do at the moment).
kely to use it. (Also, such platforms are generally DSPs which are not
likely to be able to run OpenSSL anyway.)
All of these points have already been made in this thread, except for the C&V
citations (and with occasional errors such as "the unit for
lue-from-SSL_pending. Copy in the small fixed buffer, then SSL_read into
the tail of the allocated buffer.
- If SSL_read returns SSL_WANT_READ, loop back to poll. The call to SSL_read
(with read-ahead set in the SSL object via the context) should have grabbed the
available data from the socke
message
regardless of size, which is good for program correctness and maintainability.
Based on what you've told us, this is the approach I'd recommend. The only
question is the size of that initial buffer, and you're in a better position to
determine that.
--
Michae
ns, the peer has time to respond to the request you
just sent. Or it sends something else immediately after completing the
handshake, if your application doesn't use a strict switched-duplex
request-response protocol.
So I'd recommend going ahead and t
It'd be a bit more optimal to separately track the WANT_* state for both
reading and writing, but in practice it's unlikely to make much of a difference
unless you're really performance-critical.
There are enough separate states here that it's
e AIX installation media, if memory serves.) /usr/bin/X11 is a
symlink to /usr/lpp/X11/bin. Is /usr/bin/X11 in your path?
--
Michael Wojcik
Technology Specialist, Micro Focus
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
unsigned integer type has the same width as the corresponding integer type.
That change just makes the code longer and more fragile if the type of "a" is
changed later. (And the parentheses around "a" in the original are unnecessary
- sizeof is an operator, not a function.)
--
Sorry - I thought this topic had come up again (or that this was a new
continuation of the older discussion). Now I see it was an old message that had
been delayed. Apologies for the noise.
--
Michael Wojcik
Technology Specialist, Micro Focus
, because OpenSSL can be built
with various algorithms enabled or disabled, and which algorithms are available
at runtime depends on which of those included at compilation have been added
when initializing OpenSSL. So the most likely issue is that you haven't called
OpenSSL_add_all_alg
support SSLv2.
The client cannot prevent this attack - it has to be mitigated at the server
end.
--
Michael Wojcik
Technology Specialist, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
verification. I don't see anything that implies
the middle step wouldn't irreversibly change state.
--
Michael Wojcik
Technology Specialist, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
- again, you haven't provided even the most basic information with your
question), I'd suggest running the application under Valgrind.
Michael Wojcik
Technology Specialist, Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Vikas TM
Sent: Tues
tcuts for "command prompt" windows with INCLUDE, LIB, and
PATH set appropriately, in its start-menu entries. It also has command scripts
that set up the appropriate environment.
Michael Wojcik
Technology Specialist, Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.o
sm, which is an
open-source assembler. You can get it at www.nasm.us<http://www.nasm.us>. Just
download it, install it (which I think is just unzipping an archive), and put
it in the path.
Michael Wojcik
Technology Specialist, Micro Focus
From: openssl-users [mailto:openssl-users-boun...@o
nning under servers, broken intermediary nodes (gateways and proxies),
network problems, etc. Thus they try to apply the rules for determining the end
of the response, but they also try to render data as it's received, and after a
while they'll time out and decide that a message has ended.
--
Michael Wojcik
Technology Specialist, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> From: Hanno Böck [mailto:ha...@hboeck.de]
> Sent: Tuesday, April 26, 2016 12:13
> To: Michael Wojcik
> Cc: openssl-users@openssl.org
> Subject: Re: [openssl-users] BIO_read hangs, how can I know if the server
> wants to send data?
>
> Thanks for both your answer
> From: Michael Wojcik
> Sent: Tuesday, April 26, 2016 12:39
> To: openssl-users@openssl.org
> Subject: RE: [openssl-users] BIO_read hangs, how can I know if the server
> wants to send data?
>
> Ugh. Apache is doing the Wrong Thing. It's sending data as it generates i
advertising.
And you are using TLS, right?
For AECDH* (or any ECC suite), don't you have to tell OpenSSL what curve to
use? I haven't implemented that bit myself in any applications, but my
understanding is that with OpenSSL 1.0.2 you can just call
SSL_CTX_set_ecdh_auto(ctx, 1).
ertificateContext@4 referenced in function _capi_free_key
You have the CAPI engine linked into libcrypto (rather than configuring it for
dynamic loading), so you need to link against the Windows CAPI library, which
is crypt32.lib. Add /Lcrypt32, either when you create libcrypto or when you
link your
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Matt Caswell
> Sent: Wednesday, May 25, 2016 08:05
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] openssl-1.1.0 - Linker error on Windows
>
>
> On 25/05/16 14:59, Michael Woj
tely we no longer regularly build OpenSSL on HP-UX for PA-RISC, so I
can't easily test 1.0.2g there.
If I get a chance, I'll poke around to see if we still have a PA-RISC machine I
could use to try to reproduce the problem with 1.0.2h.
--
Michael Wojcik
Technology Specialist, Micro Focus
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Matt Caswell
> Sent: Wednesday, May 25, 2016 08:52
>
> On 25/05/16 15:35, Michael Wojcik wrote:
> >> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> >> Behalf Of
y updates, for example),
and what do they cost?
If you don't have the resources to create a proper threat model and produce
usable cost estimates, then you have to use heuristics. And the heuristic most
widely followed in this case is "link the OpenSSL shared objects".
think you want to do this? (When people ask this question, for TLS
or any other protocol, it almost always indicates that they don't understand
TCP and have a broken design. TCP is not a record-based protocol.)
Michael Wojcik
Technology Specialist, Micro Focus
From: openssl-users [
ail. Most applications
dynamically link OpenSSL because they have a rather different use case and thus
a rather different threat model. It's not very useful to ask "why does everyone
else do X?" when X doesn't apply to your situation. Except, of course, that you
may learn why X doesn't apply to your situation.
--
Michael Wojcik
Technology Specialist, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
for as long as it existed, but
it's been widely known to be broken since the mid-1990s.)
Feistyduck.com has a free "OpenSSL cookbook" ebook which is a decent
introduction.
Michael Wojcik
Technology Specialist, Micro Focus
From: openssl-users [mailto:openssl-users-boun...@op
3_*_method and
sets options to restrict versions, or lets the administrator configure it to
use a different method but uses SSLv23 by default, depending on product.)
Should have checked the docs before posting.
--
Michael Wojcik
Technology Specialist, Micro Focus
--
openssl-users mailing list
d installed OpenSSL
1.0.2g". It's not clear what that means. Are you building using libraries
created by someone else?
--
Michael Wojcik
Technology Specialist, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
hat asymptotically approaches being worse than the problem.
(Now I want that on a t-shirt.) But at the moment there are no viable
alternatives for most use cases.
--
Michael Wojcik
Technology Specialist, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jeffrey Walton
> Sent: Tuesday, June 28, 2016 18:04
> To: OpenSSL Users
> Subject: Re: [openssl-users] Getting error 'SSLv2_client_method': identifier
> not found
>
> On Mon, Jun 2
ot; time, that is time the
process spends in user mode; that's why that line says "user sec".
So this is telling you that your system uses about 1.5ms of user-mode CPU time
per connection, and that it was able to make about 270 connections per second.
I'm not sure what use
bidding further use of DSA. But then
it's also very likely that any such directive would be delayed for years. The
wheels of US government cryptography grind slowly.
In short: Removing support for DSA in OpenSSL would prevent some of our
products from updating to 1.1.x for a significant
d want to create an object instance using
operator new, rather than calling malloc. But the principle remains the same -
don't use a pointer to an object which will be invalidated when it goes out of
scope.
Michael Wojcik
Distinguished Engineer, Micro Focus
From: openssl-users [mailto:open
ve a look
for yourself. It's quite straightforward, which is not *always* the case with
OpenSSL.
Michael Wojcik
Distinguished Engineer, Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Eric To
Sent: Thursday, August 25, 2016 09:29
To: openssl-users
oked into it, though.
It's not an issue for us because our build scripts do a bunch of other things
(as part of our integration process) besides extracting the sources and
building OpenSSL, so adding this step wasn't burdensome.
Michael Wojcik
Distinguished Engineer, Mi
Ivan Ristic's free OpenSSL Cookbook has a long section on cipher suite
selection. It's available on
feistyduck<https://www.feistyduck.com/books/openssl-cookbook/>.
Michael Wojcik
Distinguished Engineer, Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.o
e
> first 16 bytes. The output of byte 16 and on is just some period of the first
> 16
> bytes and therefore has several duplicated numbers.
Do you have a small program that demonstrates the problem?
Michael Wojcik
Distinguished Engineer, Micro Focus
--
openssl-users mailing
ld never assume TCP is anything other than a byte-stream service. An
application that makes any assumptions about how its send operations translate
into TCP segments or IP packets is asking for trouble.
--
Michael Wojcik
Distinguished Engineer, Micro Focus
--
openssl-users mai
, and it was only discovered when a different project
used some other OpenSSL features and got incorrect results on some platforms.
So, in short: You do in fact have to publish and maintain one
architecture-specific header.
Michael Wojcik
Distinguished Engineer, Micro Focus
--
ope
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Kim Gräsman
> Sent: Tuesday, October 18, 2016 07:04
>
> On Tue, Oct 18, 2016 at 2:21 PM, Michael Wojcik
> wrote:
> >
> > So, in short: You do in fact have to publish and maintain one a
(void) {return strtoul("0", NULL, 10);}
If that complains about a missing _Stoul, you have the same problem as the
OpenSSL build is seeing in your environment. If it works, then your environment
is OK, and OpenSSL Configure picked up something weird. EIther way it may help
you iso
tep and the actual build). The
OpenSSL build is not trivial, and the Windows toolchain is, in a word, terrible.
I would also recommend getting nasm out of the Visual Studio tree, where it
most definitely does not belong, and into a normal (non-spacey) path.
Michael Wojcik
Distinguished Engineer, Mi
useful information about what
the "problem" is, so we don't know whether the heartbeats would have been
transmitted after 200ms.
If they're not being transmitted for some other reason (e.g. receive window
advertised as closed), then disabling Nagle won't make any
sl x509 -subject -noout -in cacert-2016-11-02.pem
> subject=C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
Did you actually capture that, or did you retype it? Because it's not valid
openssl x509 output. Note that it doesn't match what you reported from the PC:
&g
start with that and try to understand it better.
Note that there's already an ENGINE implementation for PKCS#11, so if your
hardware supports that you may be able to simply use that code. If not, then 1)
why doesn't it (providing the standard API is generally a good idea), but 2) it
where on your system, and not against the ones
you built.
This is not specific to OpenSSL, by the way; it's all standard UNIX / Linux
library use.
Michael Wojcik
Distinguished Engineer, Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Schmicker, R
ing some custom toolchain of your own devising,
you'll need to create your own configuration, including all the necessary rules
and files. I do not recommend it.
Michael Wojcik
Distinguished Engineer, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mail
. What kind of cleanup needs to happen at
process exit (in the typical environment in which OpenSSL is used)? I suppose
I'll have to take a look at the source, but I'd be very interested to hear the
rationale.
Michael Wojcik
Distinguished Engineer, Micro Focus
--
openssl-users mai
ly.
Or not, because cleaning up resources immediately before process termination is
usually a waste of time.
Michael Wojcik
Distinguished Engineer, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
e
economic sense to accommodate rare implementations. How many C programs work
correctly on implementations where CHAR_BIT > 8?
Michael Wojcik
Distinguished Engineer, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
SL_pending
is true or the socket is readable. (Or until OpenSSL returns SSL_WANT_WRITE, in
which case you have to wait until the socket is writable instead, because
you're renegotiating.)
That's all off the top of my head, so I may have gone wrong there somewhere -
in whic
on iSeries, for
example, is failing to correctly declare a function that returns a pointer
type, such as malloc - because an undeclared function is assumed to return int,
and sizeof(int) < sizeof(void*) in those implementations.
And don't even get me started on calling undeclared functio
[Snipped HTML content, since Outlook can't quote it properly and it was garbled
anyway.]
openssl-users doesn't really seem like the right place to discuss this (the
sci.crypt newsgroup or a relevant area of the sprawling StackOverflow empire
would be better), but it's a low-traffic list, so wha
201 - 300 of 583 matches
Mail list logo