New Blog Post: CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

Please see the new blog post here: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ OpenPGP_0xD9C4D26D0E604491.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature

Re: memory still reachable post calling SSL_CTX_free

On 21/06/2022 11:42, Tomas Mraz wrote: This is actually not a memory allocated by the SSL_CTX_new() itself but error string data that is global. There is no real memory leak here. You can call OPENSSL_cleanup() to explicitly de-allocate all the global data however please note that you can do

Re: memory still reachable post calling SSL_CTX_free

On Tue, 2022-06-21 at 10:33 +, Tiwari, Hari Sahaya wrote: > Hi, > I need one clarification on routine SSL_CTX_free(). I see the memory > is not freed even after calling this SSL_CTX_free(). >   > I have a simple test program, which just does SSL_CTX_new() and  > SSL_CTX_free(). >   > #include

memory still reachable post calling SSL_CTX_free

Hi, I need one clarification on routine SSL_CTX_free(). I see the memory is not freed even after calling this SSL_CTX_free(). I have a simple test program, which just does SSL_CTX_new() and SSL_CTX_free(). #include #include int main() { const SSL_METHOD *method; SSL_CTX *ctx = NULL;

Re: New Blog Post

On 2021-11-25 15:00, Matt Caswell wrote: Please see the new blog post by Tim Hudson giving an update on the OpenSSL Project. https://www.openssl.org/blog/blog/2021/11/25/openssl-update/ Followup: While the OpenSSL leadership may think they have made things easier for algorithm developers

New Blog Post

Please see the new blog post by Tim Hudson giving an update on the OpenSSL Project. https://www.openssl.org/blog/blog/2021/11/25/openssl-update/ Matt

Re: FIPS POST induced failure in OpenSSL3.0.0 for FIPS 140-2 compliance

On 29/10/2021 16:40, Cristian Andrei Sandu wrote: Hi all, I’m currently updating an application from OpenSSL 1.0.2d to OpenSSL 3.0.0 in preparation for a FIPS 140-2 submission and I’m not sure how to approach the issue of induced failures for the power on self tests. In OpenSSL 1.0.2d we

FIPS POST induced failure in OpenSSL3.0.0 for FIPS 140-2 compliance

Hi all, I'm currently updating an application from OpenSSL 1.0.2d to OpenSSL 3.0.0 in preparation for a FIPS 140-2 submission and I'm not sure how to approach the issue of induced failures for the power on self tests. In OpenSSL 1.0.2d we used to use FIPS_post_set_callback() for this purpose,

Blog post about Let's Encrypt root certificate expiration and OpenSSL 1.0.2

I've written a blog post to explain the situation with the old Let's Encrypt root certificate expiration which will happen on 2021-09-30 and the behavior of OpenSSL 1.0.2 with that root certificate. Please read, if interested: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire

Re: Blog post

On 17/06/2021 18:35, Ethan Rahn wrote: Hello Matt, Love the blog post, and of course a hearty thanks to everyone who worked on the project to get it to this point. Is the plan still to continue with the FIPS 140-2 validation instead of 140-3? Apologies for the lack of a first party source

Re: Blog post

Hello Matt, Love the blog post, and of course a hearty thanks to everyone who worked on the project to get it to this point. Is the plan still to continue with the FIPS 140-2 validation instead of 140-3? Apologies for the lack of a first party source but https://www.leidos.com/insights/fips-140

Blog post

For anyone interested I've written a blog post to accompany the 3.0 beta 1 release. You can read it here: https://www.openssl.org/blog/blog/2021/06/17/OpenSSL3.0ReleaseCandidate/ Matt

Re: Openssl-3.0.0 POST

F_TEST_new manual pages. It's easiest to run them from the command line. Pauli On 5/2/21 7:48 pm, Nagarjun J wrote: Hello, Can any one tell , how to run POST tests in openssl-3.0.0. Regards, N

Openssl-3.0.0 POST

Hello, Can any one tell , how to run POST tests in openssl-3.0.0. Regards, N

Re: Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error (first post please be kind!)

Hi Craig, On Wed, Dec 09, 2020 at 08:35:46PM +0900, Craig Henry wrote: > Hi, > > This is my first post to this list so please be kind! > > Environment - Linux Centos > SSL - 1.0.2k19-el7 > > Connection - CURL (via PHP) with public / private key auth + http basic auth &g

Re: Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error (first post please be kind!)

On 09/12/2020 11:35, Craig Henry wrote: > Hi, > > This is my first post to this list so please be kind! > > Environment - Linux Centos > SSL - 1.0.2k19-el7 > > Connection - CURL (via PHP) with public / private key auth + http basic auth > > We're havin

Re: Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error (first post please be kind!)

Hi, curl on RHEL-7 and Centos 7 uses NSS and not OpenSSL as the TLS backend. So this is unfortunately a wrong mailing list to ask. Tomas Mraz On Wed, 2020-12-09 at 20:35 +0900, Craig Henry wrote: > Hi, > > This is my first post to this list so please be kind! > > Environment

Help with SSL 8152 SEC_ERROR_INVALID_KEY Intermittent Error (first post please be kind!)

Hi, This is my first post to this list so please be kind! Environment - Linux Centos SSL - 1.0.2k19-el7 Connection - CURL (via PHP) with public / private key auth + http basic auth We're having an issue where we are seeing intermittent behavior connecting to a 3rd party of the key being

OpenSSL Blog Post

Please take a look at my blog post that gives an update on OpenSSL 3.0 development, FIPS and 1.0.2 EOL: https://www.openssl.org/blog/blog/2019/11/07/3.0-update/ Matt

OpenSSL blog post by APNIC

An APNIC article loosely based on the OpenSSL presentation at AusCERT earlier this year: https://blog.apnic.net/2019/10/21/openssl-3-0-accelerating-forwards/ Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic

Re: [openssl-users] Blog post on the new LTS release

>This didn't show up in my RSS client. Is the RSS feed not working, or is > it just my client? It probably sat in draft form for too long, and went out with the old date. Oops. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Blog post on the new LTS release

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Salz, Rich via openssl-users > Sent: Tuesday, May 29, 2018 11:12 > To: openssl-users; openssl-annou...@openssl.org > Subject: [openssl-users] Blog post on the new LTS release > We just posted a new

[openssl-users] Blog post on the new LTS release

We just posted a new blog entry on long-term support, the different phases, and so on. It’s here: https://www.openssl.org/blog/blog/2018/05/18/new-lts/ TL;DR is that the upcoming 1.1.1 will be our next LTS release. -- openssl-users mailing list To unsubscribe:

[openssl-users] TLSv1.3 blog post

FYI, I reposted my TLSv1.3 blog post from last year, but updated with the latest information. You can read it here: https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-dev] Blog post; changing in email, crypto policy, etc

➢ this feature sends notifications about _all_ conversations happening. For me, I get the actual comments that are posted. Don’t you? On the mailing list, you have to explicitly mark/junk conversation threads in your mail program. You would still have to do that here. I don’t understand

Re: [openssl-users] [openssl-dev] Blog post; changing in email, crypto policy, etc

You should be able to just watch the openssl repo (the eyeball/watch notice in the upper-right side) On 1/23/18, 7:00 AM, "Hubert Kario" <hka...@redhat.com> wrote: On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote: > There’s a new blog post

Re: [openssl-users] [openssl-dev] Blog post; changing in email, crypto policy, etc

Hello, On Tue, Jan 23, 2018 at 3:00 PM, Hubert Kario <hka...@redhat.com> wrote: > On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote: > > There’s a new blog post at > > https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ > > >

[openssl-users] Blog post; changing in email, crypto policy, etc

There’s a new blog post at https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ It contains some important policy changes we decided at our meeting last month. This includes: - Closing the openssl-dev mailing list; use GitHub for issues - New mailing list openssl-project

Re: [openssl-users] Delete a post to openssl-user mailing list

What is the security risk? Management ? :) There could be a perceived problem that the world now knows that company X has problems with OpenSSL, and a competitor could even try to make mischievous use of this information - it happened to me once (with another technology). Death of developer

Re: [openssl-users] Delete a post to openssl-user mailing list

What is the security risk? Management ? :) -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-users-Delete-a-post-to-openssl-user-mailing-list-tp57653p57670.html Sent from the OpenSSL - User mailing list archive at Nabble.com

Re: [openssl-users] Delete a post to openssl-user mailing list

by the system administrator of the openssl-user email forum? My original post about NULL EVP_PKEY was flag by my company as a security risk. The data in the post was fake. I have been directed to remove the post if possible. -Original Message- From: openssl-users [mailto:openssl-users-boun

Re: [openssl-users] Delete a post to openssl-user mailing list

Can a message be removed by the system administrator of the openssl-user email forum? There are several places that archive openssl mailing lists. My original post about NULL EVP_PKEY was flag by my company as a security risk. That seems erroneous to me. I have been directed to remove

Re: [openssl-users] Delete a post to openssl-user mailing list

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Vollaro, John Sent: Wednesday, April 22, 2015 09:56 To: openssl-users@openssl.org Subject: Re: [openssl-users] Delete a post to openssl-user mailing list Can a message be removed by the system administrator

Re: [openssl-users] Delete a post to openssl-user mailing list

promotion points anyways by having their real names in mailing lists. -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-users-Delete-a-post-to-openssl-user-mailing-list-tp57653p57673.html Sent from the OpenSSL - User mailing list archive at Nabble.com

Re: [openssl-users] Delete a post to openssl-user mailing list

Can a message be removed by the system administrator of the openssl-user email forum? My original post about NULL EVP_PKEY was flag by my company as a security risk. The data in the post was fake. I have been directed to remove the post if possible. -Original Message- From: openssl

[openssl-users] Delete a post to openssl-user mailing list

Is it possible to remove a message I posted to the openssl-user email forum? This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended

Re: [openssl-users] Delete a post to openssl-user mailing list

On Tue, Apr 21, 2015 at 09:21:47PM +, Vollaro, John wrote: Is it possible to remove a message I posted to the openssl-user email forum? No. -- Viktor. ___ openssl-users mailing list To unsubscribe:

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

From: Michael Wojcik [mailto:michael.woj...@microfocus.com] Thanks for the detailed and thoughtful response. I only want to respond to a few of your points. One is simply that we're seeing a lot of OpenSSL roadmap announcements. That's good in the sense that before the funding boost,

[openssl-users] Code Reformat blog post

I have posted a new blog article covering the recent reformat activity: https://www.openssl.org/blog/blog/2015/02/11/code-reformat-finished/ It's basically a review of what we did, how we did it and the problems we encountered. It also discusses the various tags that we've created in the repo,

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it explicilty in DEFAULT) is a good one that maintains important backward compatibility while providing the desired removal of RC4 by default. There's no advantage to moving RC4 to LOW. Sure there is: it's an accurate

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

All sorts of things can be done. Clearly, in the Brave New World of well- funded OpenSSL, they'll have to be, because it's apparent that we're going to see a lot of disruptive change made on the flimsiest of pretexts, with objections from the user community brushed aside. That's your

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On 11/02/2015 16:46, Salz, Rich wrote: I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it explicilty in DEFAULT) is a good one that maintains important backward compatibility while providing the desired removal of RC4 by default. There's no advantage to moving RC4 to LOW. Sure

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich Sent: Wednesday, February 11, 2015 10:47 To: openssl-users@openssl.org; openssl-...@openssl.org Subject: Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2 I agree with Viktor

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Tuesday, February 10, 2015 21:01 To: openssl-...@openssl.org; openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2 On Wed, Feb 11, 2015

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich Sent: Wednesday, February 11, 2015 13:26 To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2 All sorts of things can be done. Clearly

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Wed, Feb 11, 2015 at 12:59:22PM +0100, Hubert Kario wrote: On Tuesday 10 February 2015 21:46:46 Viktor Dukhovni wrote: On Tue, Feb 10, 2015 at 09:15:36PM +, Salz, Rich wrote: I would like to make the following changes in the cipher specs, in the master branch, which is planned for

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Wed, Feb 11, 2015 at 03:46:54PM +, Salz, Rich wrote: I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it explicitly in DEFAULT) is a good one that maintains important backward compatibility while providing the desired removal of RC4 by default. There's no advantage

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Tue, Feb 10, 2015 at 06:17:38PM -0500, Daniel Kahn Gillmor wrote: On Tue 2015-02-10 16:15:36 -0500, Salz, Rich wrote: I would like to make the following changes in the cipher specs, in the master branch, which is planned for the next release after 1.0.2 Anything that uses RC4 or MD5

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Wed, Feb 11, 2015 at 12:22:44AM +, Salz, Rich wrote: RC4 in LOW has a bit of pushback so far. My cover for it is that the IETF says don't use it. So I think saying if you want it, say so is the way to go. By all means, don't use it, but it is not OpenSSL's choice to make by breaking

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

By all means, don't use it, but it is not OpenSSL's choice to make by breaking the meaning of existing interfaces. Except that we've explicitly stated we're breaking things with this new release. Those magic cipher keywords are point-in-time statements. And time has moved on.

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Wed, Feb 11, 2015 at 03:30:57AM +, Salz, Rich wrote: By all means, don't use it, but it is not OpenSSL's choice to make by breaking the meaning of existing interfaces. Except that we've explicitly stated we're breaking things with this new release. Those magic cipher

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

currently, this is an error: 0 dkg@alice:~$ openssl ciphers -v ALL:!NO-SUCH-CIPHER bash: !NO-SUCH-CIPHER: event not found 0 dkg@alice:~$ Yeah, but that's coming from bash, not openssl :) ; openssl ciphers -v ALL | wc 111 6758403 ; openssl ciphers -v ALL:!FOOBAR | wc 111

[openssl-users] Proposed cipher changes for post-1.0.2

I would like to make the following changes in the cipher specs, in the master branch, which is planned for the next release after 1.0.2 Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW Anything that was 40-bit encryption is removed: /* Cipher 03 EXP-RC4-MD5 removed */ /*

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Wed, Feb 11, 2015 at 01:50:07AM -0500, Daniel Kahn Gillmor wrote: RC4 in LOW has a bit of pushback so far. My cover for it is that the IETF says don't use it. So I think saying if you want it, say so is the way to go. I think that's the correct position. People who want to be able

Re: [openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

On Tue, Feb 10, 2015 at 09:15:36PM +, Salz, Rich wrote: I would like to make the following changes in the cipher specs, in the master branch, which is planned for the next release after 1.0.2 Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW Note, that RC4 is already

[openssl-users] POST Integrity test/fingerprint failure on 32-bit MIPS/R3000 with openssl-fips-2.0.5

cross compiler - begin runtime output on MIPS target bash./my_fips_test_suite 1. Non-Approved cryptographic operation test... DRBG AES-256-CTR DF test started DRBG AES-256-CTR DF test OK a. Included algorithm (D-H)..successful POST started

OpenSSL FIPS library POST fails

I am trying to build a DLL that includes the OpenSSL FIPS Object Module, and then load that DLL from my application. This is on Windows 7 64-bit using Microsoft Visual Studio v10. The DLL is built successfully and my application can load it, but when I call the FIPS_mode_set(1) function, the

Does OpenSSL supports the HTTP POST request?

Hi, I want to use HTTP POST request for connecting to the server..I checked with the available sample programs but it all supports HTTP GET. So my doubt is that Is it possible to send HTTP POST message using the openSSL. If yes?then how I can achieve that? Thanks. -- View this message

Re: Does OpenSSL supports the HTTP POST request?

Hi Yogesh Of course, yes ! SSL is completly independant of HTTP protocol. HTTP GET and POST methods differ in the way of passing parameters. On GET, parameter are passed in the URI as URI?param=valueparam=value...param=value On POST, parameters are passed in the same format param

Re: Does OpenSSL supports the HTTP POST request?

Hi I use https post with any problem you just need to format properly your https post string , and send the data Regards Luiz Hi, I want to use HTTP POST request for connecting to the server..I checked with the available sample programs but it all supports HTTP GET. So my doubt

FIPS 140-2 post 2010

, and the approved integrity technique specified in Section 4.6.1 of FIPS 140-2; Since the FIPS module digest is generated with SHA1, i do not know if this will automatically make this issue dead in the water. Has anyone heard of this or dealt with this, or has made OpenSSL FIPS compliant for post-2010

Re: FIPS 140-2 post 2010

compliant for post-2010 (with the understanding it has not been validated for compliance). if this has been discussed already, i apologize. i could not find anything on this issue, just on whether or not there will be a FIPS 140-3 validation in the future for OpenSSL. thank you very much, -=- adam

Re: Post-2010 future of the OpenSSL FIPS Object Module?

transition documentation implies that may not be the case post-2010. I've heard that these transitional requirements, which are still officially in draft form, are generating some significant unfavorable feedback from industry. Changes or clarification are possible. So at this point I really

Re: Post-2010 future of the OpenSSL FIPS Object Module?

Michael Sierchio wrote: Forgive my ignorance, but are you a 501(c)3? Can you communicate that in a signature line so it's obvious? The OpenSSL Software Foundation (OSF) is *not* a non-profit corporation. It was created for the purpose of supporting the commercial activities of OpenSSL

Post-2010 future of the OpenSSL FIPS Object Module?

, that situation is due to a lack of funding and not a lack of interest on our part. We will tackle a new validation with enthusiasm at the first opportunity. The purpose of this open message is twofold: First, to note that we are actively soliciting sponsors for a post-2010 FIPS 140-2

RE: Post-2010 future of the OpenSSL FIPS Object Module?

? I beleive the above to be true, this email cast some doubt, however. Thanks. Date: Thu, 18 Feb 2010 17:27:54 -0500 From: marqu...@opensslfoundation.com To: openssl-users@openssl.org Subject: Post-2010 future of the OpenSSL FIPS Object Module? In the three years since the open source

Re: Post-2010 future of the OpenSSL FIPS Object Module?

Steve Marquess wrote: In the three years since the open source based FIPS 140-2 validated OpenSSL FIPS Object Module became available many software vendors have directly or indirectly utilized it to realize substantial cost and schedule savings. We're glad to see the widespread benefits of

Re: Post-2010 future of the OpenSSL FIPS Object Module?

On 2/19/2010 11:00 AM, Michael Sierchio wrote: Steve Marquess wrote: In the three years since the open source based FIPS 140-2 validated OpenSSL FIPS Object Module became available many software vendors have directly or indirectly utilized it to realize substantial cost and schedule savings.

Re: post-connection assertions

Dave Thompson wrote: 3. Use SSL_set_verify() and provide a callback function. This sounds promising but the callback function gets called for every certificate in the chain. How can I find out whether the certificate in question is the peer's cert and not some intermediate cert?

RE: post-connection assertions

From: owner-openssl-us...@openssl.org On Behalf Of Daniel Mentz Sent: Wednesday, 02 September, 2009 08:27 To: openssl-users@openssl.org Subject: post-connection assertions I'm wondering what's the best way to check the identity of the peer [in its cert just after connection] So I call

post-connection assertions

I'm wondering what's the best way to check the identity of the peer i.e. compare the commonName or subjectAltName included in the x509 cert with the data I expect. The book Network Security with OpenSSL calls this Post-connection assertions (page 134). I already managed to extract all

Re: Question about one of your post

the key). Thank you ! Normand Bédard Lars Kühl wrote: Am Donnerstag, 6. November 2008 19:13:11 schrieben Sie: Hi, in a september post, you wrote: If you use openssl to generate the keyfiles then you can use the parameter -passout pass:password to encrypt the file within the key

Re: Website correction request: only subscribers can post to openssl-users

Frank J. Iannarilli wrote: Hi, On the following page: http://www.openssl.org/support/ it declares that anybody can post to the openssl-users. But evidently (from my experience), that's not true; only subscribers can. Unfortunately, browsing the website doesn't unambiguously indicate whom

Website correction request: only subscribers can post to openssl-users

Hi, On the following page: http://www.openssl.org/support/ it declares that anybody can post to the openssl-users. But evidently (from my experience), that's not true; only subscribers can. Unfortunately, browsing the website doesn't unambiguously indicate whom I should notify about

Re: Segmentation fault in SSL_read() (Re-post)

- Original Message From: Kyle Hamilton [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, April 18, 2008 5:32:49 PM Subject: Re: Segmentation fault in SSL_read() (Re-post) ergh. My apologies for not catching that. You're right, it shouldn't matter on the client side. Okay

Segmentation fault in SSL_read() (Re-post)

Sorry for the fist post. It seems like I have some problems with the other email client. A new try :) I have wrote a multi-threaded server (UNIX) and I use OpenSSL for encrypting communication between the server and the client (the client is an MFC application, but I think this doesn't matter

Re: Segmentation fault in SSL_read() (Re-post)

- Original Message From: Ion Scerbatiuc [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, April 18, 2008 1:15:35 PM Subject: Segmentation fault in SSL_read() (Re-post) Sorry for the fist post. It seems like I have some problems with the other email client. A new try :) I have

Re: Segmentation fault in SSL_read() (Re-post)

for your main executable? What compiler was used to create the library? What linker was used for all of it? -Kyle H On Fri, Apr 18, 2008 at 3:15 AM, Ion Scerbatiuc [EMAIL PROTECTED] wrote: Sorry for the fist post. It seems like I have some problems with the other email client. A new try :) I have

Re: Segmentation fault in SSL_read() (Re-post)

or questions? Thanks for your time! Regards, Scerbatiuc Ion - Original Message From: Kyle Hamilton [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, April 18, 2008 2:14:03 PM Subject: Re: Segmentation fault in SSL_read() (Re-post) My initial idea would be that you're passing

Re: Segmentation fault in SSL_read() (Re-post)

@openssl.org Sent: Friday, April 18, 2008 2:14:03 PM Subject: Re: Segmentation fault in SSL_read() (Re-post) My initial idea would be that you're passing in an invalid pointer to SSL_read. Does this happen with, say, openssl s_client? Remember a couple of things: 1) You MUST use the proper

Re: Segmentation fault in SSL_read() (Re-post)

Hamilton [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, April 18, 2008 2:33:03 PM Subject: Re: Segmentation fault in SSL_read() (Re-post) How are you creating an MFC executable on Linux? -Kyle H On Fri, Apr 18, 2008 at 4:29 AM, Ion Scerbatiuc [EMAIL PROTECTED] wrote: Thanks

Re: Segmentation fault in SSL_read() (Re-post)

ergh. My apologies for not catching that. You're right, it shouldn't matter on the client side. Okay... going back to basics (I'm sorry if this seems a bit patronizing, I honestly don't intend it to be such), a segfault occurs on a pointer dereference, trying to gain access to memory which is

Re: Post

-users@openssl.org Subject: Post How can I delete any post that have my email address. [EMAIL PROTECTED] there is data that should not be out on the net __ OpenSSL Project http://www.openssl.org User

Re: Post

Michael Fedor wrote: Thanks do you know who the list maintainer is. I suspect that instructions for contacting the list maintainer could be had via the [EMAIL PROTECTED] email listed in the trailer appended to all emails sent via the list. Sending it a message containing a line that reads

Re: Post

On Wed 07-05-09 17:52, Michael Fedor wrote: How can I delete any post that have my email address. [EMAIL PROTECTED] there is data that should not be out on the net You may or may not be able to persuade the list maintainer to delete your posts, but it won't do you much good. I have my own

Re: Post

Im cool On 5/9/07, Keith Thompson [EMAIL PROTECTED] wrote: On Wed 07-05-09 17:52, Michael Fedor wrote: How can I delete any post that have my email address. [EMAIL PROTECTED] there is data that should not be out on the net You may or may not be able to persuade the list maintainer to delete

RE: Post

If you're talking about the cert and session key you posted, anyone can get the cert from the server and the master key is useless. DS __ OpenSSL Project http://www.openssl.org

HTTPS POST in perl

; $encrstr = caaresult=$encrstr; my $rlen = length $encrstr; if(!defined open_TCP('F','http://www.xyz.com','80')) { print Error connecting to web server\n; exit(-1); } print F POST /cgi-bin/mycgi.pl HTTP/1.0\n; print F Accept: */*\n; print F User-Agent: caaresults/1.0\n; print F

Re: HTTPS POST in perl

What I use it HTTP and LWP::UserAgent Perl modules use LWP::UserAgent; $ua = new LWP::UserAgent; $ua-agent(AgentName/0.1 . $ua-agent); my $cgi = new CGI(); my $post = ''; # Create a request my $req = new HTTP::Request POST = 'https://www.server.com'; $req-content_type('application/x-www-form

cert chain building post tls handshake

. That ssl_verify_cert_chain throws away the chain built up in X509_verify_cert. Am I correct that if I need to traverse the cert chain that used to validate the peer cert , post handshake, I need to do the same steps as ssl_verify_cert_chain() in my code, so as to get a cert chain so I can utilize

I cant' post the message!!

Only test! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]

Re: Deutsche Post

On 2/19/06, Peter Sylvester [EMAIL PROTECTED] wrote: Where did you find the certs from Deutsche Post? http://www.deutschepost.de/dpag?skin=locheck=yeslang=de_ENxmlFile=49490, click on 'Certificate lookup', second option from the bottom of the box close to the upper right corner of the page

HTTPS POST example snippet

post. Some of the extras (e.g. the https server you're talking to, meaningful header details, a more meaningful message body, etc...) will obviously need to be filled in by yourself... and if you are using certificates and so forth, you're own your own adding that stuff: I have no need for it so

unable to reader the parameters from the http post method

hi, I'm trying send the char * request = "POST /cgi-bin/sample.pl HTTP/1.1\x0D\x0AHost: 192.168.1.89:443\x0D\x0A\x43onnection: Close\x0D\x0A\x0D\x0Abirthday=jan0104"; and a CGI script(sample.pl) was written at the server side whichreeads the request , and I'ma trying to print theh

Re: unable to reader the parameters from the http post method

, | | I'm trying send the | | char * request = POST /cgi-bin/sample.pl HTTP/1.1\x0D\x0AHost: 192.168.1.89:443\x0D\x0A\x43onnection: Close\x0D\x0A\x0D\x0Abirthday=jan0104; | | and a CGI script(sample.pl) was written at the server side which reeads the request , and I'ma trying to print the header data

test post - delete this

Title: test post - delete this testing email rejection please delete this email, I'm testing my ability to post, which has been broken for a whilt. sorry for the bother. d.

what is the difference between get and post with ssl?

Version: apache-1.3.28 mod_ssl-2.8.15 openssl-0.9.6h[engine] i execute the test.html in internet explorer and it return a correct index1.html page. But if i change the method from 'get' to 'post', it return the message " Method Not Allowed The requested method POST is not al

Re: what is the difference between get and post with ssl?

the method from hzhijun 'get' to 'post', it return the message hzhijun hzhijun Method Not Allowed hzhijun The requested method POST is not allowed for the URL /index1.html. hzhijun hzhijun hzhijun why??? First of all, this has absolutely *nothing* to do with SSL (let alone OpenSSL). The POST method

Re: what is the difference between get and post with ssl?

Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Thu, 28 Oct 2004 18:10:35 +0800, [EMAIL PROTECTED] said: hzhijun i execute the test.html in internet explorer and it return a hzhijun correct index1.html page. But if i change the method from hzhijun 'get' to 'post

HTTPS POST problem.

(merchant.ematters.com.au, 443) h.debuglevel=1 h.request('POST', path, body) resp = h.getresponse() f = resp.fp resp = resp.read() f.close() h.close() print resp When python is compiled with 0.9.6a I get a nice HTML response: reply: 'HTTP/1.1 200 OK\r\n' header

  1   2   >