[openssl-users] convert from PEM to DER format or vice versa

[Sairam Rangaswamy -X (sairanga - ARICENT TECHNOLOGIES MAURIITIUS LIMITED at Cisco)]

As I understand, the X509 certificates from CA or self-signed can be created in 
either
PEM or DER format.

Is there a way to programmatically convert the PEM format file to DER or DER to 
PEM?
Is there a single API or set of APIs available from openssl libraries?

Regards,
R. Sairam
Sairam Rangaswamy

Architect

saira...@cisco.com | Mobile +919880302240 | Office 
+918041068409

[cid:image002.jpg@01D25489.7A99ACB0]






-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

RE: bac record mac alert with openssl 1.0.1e

[Sairam Rangaswamy -X (sairanga - ARICENT TECHNOLOGIES MAURIITIUS LIMITED at Cisco)]

Hi,

Any help on this is greatly appreciated.  I have not seen any reply to this 
issue so far, on even how to debug or workaround this issue.

Thanks,
R. Sairam

From: Sairam Rangaswamy -X (sairanga - ARICENT TECHNOLOGIES MAURIITIUS LIMITED 
at Cisco)
Sent: 02 February 2014 14:18
To: 'openssl-users@openssl.org'
Subject: bac record mac alert with openssl 1.0.1e

Hi,

I am using openssl 1.0.1e based statically linked libraries on a Vxworks based 
platform.
We recently upgraded  to fom 4.1 from fom 3.0 along with openssl 1.0.1e.

The embedded node is running this vxworks based library and has a java based 
application packaged
On the node. We connect to the node from browser(IE or Firefox) and it 
downloads the jar files from
The node and executes on the desktop.

Initially it is a https connection, and jar files get downloaded and launched 
on the desktop. The app
Itself then sets up an SSL connection to the node and the app is used for 
managing the node.

We get random bad record mac errors (both in wire shark capture and reported by 
the browser or java console)
In any of the stages.

I went through the bugs and mailing list archieves and found couple of issues 
and applied those patches.
But it is still giving random bad record MAC errors.
http://rt.openssl.org/Ticket/Display.html?id=3002user=guestpass=guest - Later 
I realized we are not executing
on a AES-NI supported platform and this patch only applies to AESNI capable 
x86/amd platforms.
Then, I followed another thread that discussed a prolem in s3_cbc.c and baced 
out that patch also.
Please see 
https://mailman.archlinux.org/pipermail/arch-commits/2013-February/187691.html

But still I am facing random bad record mac errors and connection terminates. 
Sometimes, I am not able
To connect to the node from any desktop browser. Sometimes, other machines 
connect and only the machine
From where I see the problem does not connect. The behaviour is completely 
random and sometimes it works fine
Without any SSL alerts.

I enabled the Err_put_error macro on FIPS (FOM 4.1) and I see these two errors 
on the node console:
: rsa_pk1.c: 192rsa_eay.c: 671. Even with these errors, the SSL is successful 
sometimes and the node is working fine.
From the code, I see this returns -1, and could result in bad record macs? But 
this is during RSA_private_decrypt and
Not during message decrypt. The ciphers we use are TLS 1.1 RSA_AES_128 and 
RSA_AES_256 ciphers. Another input
Is this problem is seen only when FIPS mode is enabled on the node.

Any help on this is appreciated. We are in a critical release phase and hit 
this problem at the last minute.

Thanks,
R. Sairam

bac record mac alert with openssl 1.0.1e

[Sairam Rangaswamy -X (sairanga - ARICENT TECHNOLOGIES MAURIITIUS LIMITED at Cisco)]

Hi,

I am using openssl 1.0.1e based statically linked libraries on a Vxworks based 
platform.
We recently upgraded  to fom 4.1 from fom 3.0 along with openssl 1.0.1e.

The embedded node is running this vxworks based library and has a java based 
application packaged
On the node. We connect to the node from browser(IE or Firefox) and it 
downloads the jar files from
The node and executes on the desktop.

Initially it is a https connection, and jar files get downloaded and launched 
on the desktop. The app
Itself then sets up an SSL connection to the node and the app is used for 
managing the node.

We get random bad record mac errors (both in wire shark capture and reported by 
the browser or java console)
In any of the stages.

I went through the bugs and mailing list archieves and found couple of issues 
and applied those patches.
But it is still giving random bad record MAC errors.
http://rt.openssl.org/Ticket/Display.html?id=3002user=guestpass=guest - Later 
I realized we are not executing
on a AES-NI supported platform and this patch only applies to AESNI capable 
x86/amd platforms.
Then, I followed another thread that discussed a prolem in s3_cbc.c and baced 
out that patch also.
Please see 
https://mailman.archlinux.org/pipermail/arch-commits/2013-February/187691.html

But still I am facing random bad record mac errors and connection terminates. 
Sometimes, I am not able
To connect to the node from any desktop browser. Sometimes, other machines 
connect and only the machine
From where I see the problem does not connect. The behaviour is completely 
random and sometimes it works fine
Without any SSL alerts.

I enabled the Err_put_error macro on FIPS (FOM 4.1) and I see these two errors 
on the node console:
: rsa_pk1.c: 192rsa_eay.c: 671. Even with these errors, the SSL is successful 
sometimes and the node is working fine.
From the code, I see this returns -1, and could result in bad record macs? But 
this is during RSA_private_decrypt and
Not during message decrypt. The ciphers we use are TLS 1.1 RSA_AES_128 and 
RSA_AES_256 ciphers. Another input
Is this problem is seen only when FIPS mode is enabled on the node.

Any help on this is appreciated. We are in a critical release phase and hit 
this problem at the last minute.

Thanks,
R. Sairam