Good morning...
I am using GCC 4.8.2 and AIX 5.3.
I downloaded the file then compile... Here what I did:
# ./Configure aix-gcc zlib fips
(no problem)
# make depend
(no problem)
# make
(no problem)
# make test
(failed, here is...)
test a^b%c implementations
../util/shlib_wrap.sh
On Sun, Aug 03, 2014, Vladimir Simonov wrote:
Hi all,
I'm trying to use openssl command line utility to sign data file
with key located in Windows Certificates Store.
I generated 1024 bit dsa private key and certificate. Converted them to
pkcs12 format and imported the certificate into
On Thu, Aug 07, 2014, Spence, Thomas P CIV USAF (US) wrote:
Good morning...
I am using GCC 4.8.2 and AIX 5.3.
I downloaded the file then compile... Here what I did:
# ./Configure aix-gcc zlib fips
(no problem)
# make depend
(no problem)
# make
(no problem)
# make test
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Thursday, August 07, 2014 3:16 PM
To: openssl-users@openssl.org
Subject: Re: openssl dgst and capi engine question
On Sun, Aug 03, 2014, Vladimir
On Sun, Aug 03, 2014, Vladimir Simonov wrote:
Hi all,
I'm trying to use openssl command line utility to sign data file with
key located in Windows Certificates Store.
I generated 1024 bit dsa private key and certificate. Converted them
to
pkcs12 format and imported the certificate
Hi All,
The following vulnerability fixes in 0.9.8 zb seems to be related to the
DTLS reassemble fragment functionality that is introduced from 0.9.8 o
version.
CVE-2014-3505 -Avoid double free when processing DTLS packets
CVE-2014-3506 -Fix DTLS handshake message size checks
CVE-2014-3507 -Fix
On Thu, Aug 07, 2014, Vladimir Simonov wrote:
On Sun, Aug 03, 2014, Vladimir Simonov wrote:
Hi all,
I'm trying to use openssl command line utility to sign data file with
key located in Windows Certificates Store.
I generated 1024 bit dsa private key and certificate. Converted
Your client is saying that it's failing the certificate verification of
the server certificate. It's probably not using the CAfile that you
passed to openssl s_client.
-Kyle H
On 8/5/2014 12:19 PM, Ted Byers wrote:
I have Perl code, which uses a library that in turn uses openssl for
HTTPS
I'm trying to track down a client side issue with the use of HTTPS. I
suspect it has something to do with a server misconfiguration and
client side certificates.
When running s_client:
$ echo -e GET / HTTP/1.1\nHost:example.com\n | \
openssl s_client -connect example.com:443 -ssl3 -ign_eof
Usually you don't need to echo anything to get the acceptable client CA
names list.
-Kyle H
On 8/7/2014 1:55 PM, Jeffrey Walton wrote:
I'm trying to track down a client side issue with the use of HTTPS. I
suspect it has something to do with a server misconfiguration and
client side
On Thu, Aug 07, 2014, Jeffrey Walton wrote:
I'm trying to track down a client side issue with the use of HTTPS. I
suspect it has something to do with a server misconfiguration and
client side certificates.
When running s_client:
$ echo -e GET / HTTP/1.1\nHost:example.com\n | \
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Users,
I have released version 5.03 of stunnel.
The ChangeLog entry:
Version 5.03, 2014.08.07, urgency: HIGH:
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.1i.
See https://www.openssl.org/news/secadv_20140806.txt
* New
On Thu, Aug 7, 2014 at 4:57 PM, Kyle Hamilton aerow...@gmail.com wrote:
Usually you don't need to echo anything to get the acceptable client CA
names list.
Thanks.
In this case, its IIS 7.5 and its *not* using SNI (SNI is available in
IIS 8). So I get a 400 bad request without the host header.
Hi Kyle,
Thanks
See below
On Thu, Aug 7, 2014 at 4:47 PM, Kyle Hamilton aerow...@gmail.com wrote:
Your client is saying that it's failing the certificate verification of
the server certificate. It's probably not using the CAfile that you
passed to openssl s_client.
-Kyle H
Actually, I
On Thu, Aug 7, 2014 at 5:29 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Thu, Aug 07, 2014, Jeffrey Walton wrote:
I'm trying to track down a client side issue with the use of HTTPS. I
suspect it has something to do with a server misconfiguration and
client side certificates.
When
I just upgraded our product to 1.0.1i and logins via SRP are now
broken. Shown below are the SSL calls made from both the client and
server. Everything worked perfectly under 1.0.1h.
Bot sides set the cipher list to 'SRP' via calls to
SSL_CTX_set_cipher_list(), so the no shared cipher
On Thu, Aug 07, 2014, Norm Green wrote:
I just upgraded our product to 1.0.1i and logins via SRP are now
broken. Shown below are the SSL calls made from both the client and
server. Everything worked perfectly under 1.0.1h.
Bot sides set the cipher list to 'SRP' via calls to
On Thu, Aug 07, 2014, Norm Green wrote:
I just upgraded our product to 1.0.1i and logins via SRP are now
broken. Shown below are the SSL calls made from both the client and
server. Everything worked perfectly under 1.0.1h.
Bot sides set the cipher list to 'SRP' via calls to
From: owner-openssl-us...@openssl.org On Behalf Of Kyle Hamilton
Sent: Thursday, August 07, 2014 16:48
Your client is saying that it's failing the certificate verification of
the server certificate. It's probably not using the CAfile that you
passed to openssl s_client.
-Kyle H
On
From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni
Sent: Monday, August 04, 2014 11:21
On Mon, Aug 04, 2014 at 05:43:47AM +, Mitra, Rituparna (STSD) wrote:
1. app1: sends a CGI POST request to app2 ? the POST request has
the
UN (username).
2. app2:
From: owner-openssl-us...@openssl.org On Behalf Of dave
Sent: Monday, August 04, 2014 15:50
I have it that the elliptic multiply is not standard. So I have been
skip tracing though the code.
It starts with ec_key.c, with EC_KEY_generate_key. This grabs the
group or or the particular
Thanks, OK I got the rest of the way through the tangled mess. The
question is there someone out there that can skip trace through the
subroutines that can put together a tight code set on how this works?
One command walk through to start from the beginning to the end which is
the key feedback.
On Thu, Aug 07, 2014, Norm Green wrote:
Any idea where to begin debugging this? Any and all help is appreciated.
The cause is incorrect handling of new SRP authentication type which was added
to correct a bug where SRP authentication was incorrectly classified as NULL
authhentication.
A
Thanks for tracking it down so fast Steve. I will revert the mods in
that commit and try it again tomorrow.
Norm
On 8/7/2014 7:21 PM, Dr. Stephen Henson wrote:
On Thu, Aug 07, 2014, Norm Green wrote:
Any idea where to begin debugging this? Any and all help is appreciated.
The cause is
Hi All,
Please let me know openssl-0.9.8za with -no-ec option is fips compliant or
not.
Thanks,
Gayathri
On Fri, Aug 8, 2014 at 1:11 AM, Gayathri Manoj gayathri.an...@gmail.com wrote:
Please let me know openssl-0.9.8za with -no-ec option is fips compliant or
not.
No. If you want FIPS validated crypto, then you need one of the
openssl-fips-*-tar.gz downloads. They produce the FIPS Object Module.
26 matches
Mail list logo