Re: [openssl-users] SMIME -sign subcommand

[Carlos Caraccia]

Thanks a lot Jacob, I’ll try it now. I’m a hobby developer and must do this for 
my real work.


Carlos



> On Sep 7, 2017, at 09:43, Jakob Bohm  wrote:
> 
> On 07/09/2017 14:02, Carlos Caraccia wrote:
>> Hello, is there a way to debug or watch line by line which functions are 
>> executed when I run a this command:
>> 
>> openssl smime -sign -signer certificadoWSASS.cer -inkey MiClave -out 
>> ticket.xml.cms -in Ticket.xml -outform PEM -nodetach
>> 
>> I know there I can see the smile.c here
>> 
>> /apps 
>> 
>> I want to know how to compile if it is possible to compile it and to run it 
>> in Xcode and watch step by step the functions involved.
>> 
> Get the source code from https://www.openssl.org/source/
> 
> Build it for your Mac using commands such as:
> (Note these steps are based on a build script for OpenSSL 1.0.2k)
> 
> tar xzf openssl-1.something.tar.gz
> cd openssl-1.something
> 
> CC=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang
> export CC
> MACOSX_SDK=/Developer/SDKs/MacOSX10.12.sdk
> [ -d ${MACOSX_SDK} ] || 
> MACOSX_SDK=/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk
> 
> ./Configure debug-darwin64-x86_64-cc --openssldir="$(pwd)-x86_64"
> perl -i -pe 's|static volatile sig_atomic_t intr_signal|static volatile int 
> intr_signal|' crypto/ui/ui_openssl.c
> perl -i -pe "s|^CC= gcc|CC= ${CC} -arch x86_64 -mmacosx-version-min=10.6|g" 
> Makefile
> perl -i -pe "s|^CFLAG= |CFLAG= -arch x86_64 -mmacosx-version-min=10.6 
> -isysroot ${MACOSX_SDK} |g" Makefile
> make MAKEDEPPROG=${CC} depend
> make
> make test
> make install
> 
> Now debug the program in openssl-1.something-x86_64/bin/openssl
> 
> (Sorry, I don't know how to tell XCode to debug a program already
> compiled with the XCode command line clang)
> 
> Enjoy
> 
> Jakob
> -- 
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How can I sstart openssl ocsp in secure mode using TLS/SSL

[Richard Moore]

On 22 September 2017 at 15:08, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:

> Openssl 0.9.8 is old and obsolete and has security issues; you should
> upgrade.
>
>
>
> But even if you upgrade, the ocsp command will not listen on HTTPS; that
> is not supported.
>
>
>
​It's also worth pointing out that CAs are banned from running OCSP servers
over HTTPS anyway and it isn't needed since the responses are already
signed - http is fine.

Cheers

Rich.
​
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] [ANN] M2Crypto 0.26.3

[Matěj Cepl]

On 21/09/17 00:26, Matej Cepl wrote:
> after a way too long time I have another version of M2Crypto. Despite
> the deceptively minor version number (0.26.2; it is mistake, it has all
> right to be called 0.27.0, but the release is already on PyPI, sorry)
> this was a lot of work.

Oh well, so I have forgot one syntax error in a C file. I have no idea
why it wasn't caught by CI, but there is quick 0.26.3 release available
now on PyPI.

Oh well,

Matěj

-- 
https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz
GPG Finger: 3C76 A027 CA45 AD70 98B5  BC1D 7920 5802 880B C9D8

Quod fuimus, estis; quod sumus, vos eritis.



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How can I sstart openssl ocsp in secure mode using TLS/SSL

[Salz, Rich via openssl-users]

Openssl 0.9.8 is old and obsolete and has security issues; you should upgrade.

But even if you upgrade, the ocsp command will not listen on HTTPS; that is not 
supported.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How can I sstart openssl ocsp in secure mode using TLS/SSL

[Ike Ikonne]

Hi all,

I have been trying to test the embed openssl ocsp server in secure mode 
like:

c:\openssl-0.9.8\share>c:\openssl-0.9.8\bin\openssl ocsp -url 
https://myhost:7575-req_text -resp_text -text -index 
intermediate\index.txt -CA int
ermediate\certs\ca-chain-cert.pem -rkey 
intermediate\private\ocsp.example.com.key.pem -rsigner 
intermediate\certs\ocsp.example.com.cert.pem

using the https protocol, but when I try to validate a certificate using 
the built-in ocsp client similar to:

c:\openssl-0.9.8\share>c:\openssl-0.9.8\bin\openssl ocsp -CAfile 
intermediate\certs\ca-chain-cert.pem -url https://myhost:7575-resp_text 
-issuer
intermediate\certs\intermediate.cert.pem -cert 
intermediate\certs\test.example.com.cert.pem

I get the following error message

Error connecting BIO
Error querying OCSP responsder
12164:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:./ssl/s23_clnt.c:585:

Does anyone know how I may overcome this?


Thanks,

Ike

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] s_server and explicit dhparam

[Benjamin Kaduk via openssl-users]

On 09/21/2017 10:57 PM, Le Van Gong, Hubert wrote:
> Hi Ben,
>
> Ah, good catch. Maybe the doc should be updated to mention that fact.
> Does anyone know if this is on the roadmap?

The documentation could not really get updated more easily than the
code, and I committed the needed fix yesterday, so we're in as good a
shape as we can reasonably expect to be.

-Ben
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users