Re: pkcs 12 to pem utility
try `openssl pkcs12` vijo. On Fri, Oct 11, 2002 at 06:37:45AM -0700, tarun matai wrote: Dear All, I am looking for a utility which can convert public key/private key bundeled in the pkcs12 format into the pem format, is there any utility available if yes what is the link for the download of the same. I would highly appreciate the help provided by you Thanks in advance. regards Tarun Matai __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- vijo __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Validity period of certificates
X509_get_notBefore() X509_get_notAfter() are your friends. make sure you dont use that key/cert in any production systems. vijo. On Fri, Sep 27, 2002 at 03:39:07PM +0200, Radboud Platvoet wrote: Thanks guys, That works great. However, I would really like to do it with a call from my C code and not in the shell. -Radboud -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michiels Olivier Sent: Friday, September 27, 2002 3:04 PM To: [EMAIL PROTECTED] Subject: Re: Validity period of certificates Hi, take the BEGIN CERTIFICATE to the END CERTIFICATE part, put it in a file, then do : openssl x509 -in yourfile -text. You will see the start and the end date at the beginning of the response. Hope this help, Michiels Olivier Radboud Platvoet wrote: Hi everyone, I would like to know if there is a way to find out for what period a certificate is valid (ie: the start and end date). This is the certificate from which I like to determine the validity period: -BEGIN RSA PRIVATE KEY- MIICXQIBAAKBgQDHbmDreHdsfXmdgiveojbx2hVrJPvzxzQ0Ug6g0KxOYUVSSLbs xBCW5PGQEn6a++AI6SMt13MTidpUJZmiPiOB2/D7Lg1YMJNQgJ8VfpzWESvgtQCV 6txwVWz0gGSnmJ8EkLhaY0t57PhrEqM2RpZKgiBl08bueXCazblhWpyvOQIDAQAB AoGAB33wCiiGY/76uJ4RQ9XYNpG4yEOla20KWwTSI9xy/KbO0d6FcLOU4/ZJ1N28 /9mCexM3DRvQ6OT+3LZk5SFsd/1dOEi+P5rhIOAe/0VReiS5oIlhqr6lhOF4/WHp OZwglVDuB1U+zqX3fb6exkBlfcg8nv/iaI7GrxRl+ib9bWECQQD3crtg8DkLXT1o zwqgNyobPQgv0TJaCHAIub/XVjN2jkTU6HJPrPh6RUBTPAx/pW5CSuxGqcRDRgan RP6Zqu8NAkEAzlLSauaZhGGQXROxaac8Q7v423e/CTXKwCHAhkOIlKHBcq2Qzvo6 PrHzAKYVsOx5fwMZATe86Kz8OeSgoCFV3QJATILFPWwJt2HVIxshhfiIpHNynJZq ozwIqCoHD2Yv83B6B/r3nXs2OVhAU3w1wSI9vXG9LPxBGywD0qSatJkN4QJBAMoR MUVDLU0KpHGUDOhVwl7wJO0EnRNvHHAJXl3gnE49EZG3zR/4z7yBWWXkQ1AweVlc dkvMA/a5HJmygWHy4/0CQQCybDrUXfLGmfCL3R95fc3/XfHF+VodnfZoWY09hjQO wYPK/0sAatyAW4I9ks0XCoWbPBJEOueX5TAixPhh0pkn -END RSA PRIVATE KEY- -BEGIN CERTIFICATE- MIICkzCCAfygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBgzELMAkGA1UEBhMCTkwx FTATBgNVBAgTDFp1aWQgSG9sbGFuZDESMBAGA1UEBxMJUm90dGVyZGFtMRMwEQYD VQQKEwpEaWdpdm94IEJWMSEwHwYDVQQLExhSZXNlYXJjaCBhbmQgRGV2ZWxvcG1l bnQxETAPBgNVBAMTCFMyU2VydmVyMB4XDTAyMDkyNzA3MzM1NFoXDTAzMDkyNzA3 MzM1NFowgYMxCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkIEhvbGxhbmQxEjAQ BgNVBAcTCVJvdHRlcmRhbTETMBEGA1UEChMKRGlnaXZveCBCVjEhMB8GA1UECxMY UmVzZWFyY2ggYW5kIERldmVsb3BtZW50MREwDwYDVQQDEwhTMlNlcnZlcjCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx25g63h3bH15nYIr3qI28doVayT788c0 NFIOoNCsTmFFUki27MQQluTxkBJ+mvvgCOkjLddzE4naVCWZoj4jgdvw+y4NWDCT UICfFX6c1hEr4LUAlerccFVs9IBkp5ifBJC4WmNLeez4axKjNkaWSoIgZdPG7nlw ms25YVqcrzkCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgZAMA0GCSqGSIb3DQEB BAUAA4GBAA4al9nd/lph0P+RKoOfDPZXLFf1kfU7dHJIrXR5F9HvhVuVNyFLNyTO JXq8M/mcPM9eGNEfOwdGjHZCM91pduauvTZ6rqUOHIDV5oQdqVsCEMdZa5t2aTS+ g+ffMr6+aAm+ax3eU3/5tk1T2RkVOsIFEYCymiaMcXsVCFUvi/Pn -END CERTIFICATE- Any help is greatly appreciated! Thanks, Radboud __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- vijo __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Help with SSL_write
check the return value of SSL_write... vijo. On Thu, Aug 08, 2002 at 02:22:53PM -0400, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: Hi, I have a program something like : main () { SSL *ssl; ssl = SSL_new(...); /* handshake is done etc */ /* BIO is BIO_s_socket() */ ... ... alarm(5); SSL_write(ssl, ...); alarm(0); } alarm_handler() { SSL_set_shutdown(ssl, ...) SSL_free(ssl); } The situation is : SSL_write has not yet completed because the Client has not yet acknowledged the data, and the timeout happens. What happens now ?. -Madhu __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- vijo __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: EAGAIN error in SSL_read
Try SSL_get_error(3) man page. See openssl/demos/tunala/ for sample code. vijo. On Mon, Mar 11, 2002 at 04:32:52PM -0800, [EMAIL PROTECTED] wrote: Hi, I am searching the openssl source code now but I thought I should also post a question here. I use SSL_read() on nonblocking socket. SSL_read () will uses the TCP system call read() to read the data from the socket. My question is when read() returns EAGAIN, will the control returned to the caller of SSL_read(). I checked the bss_sock.c file and it looks like on Solaris system, EAGAIN will be handled as no retry. But my SSL client is reported a lot of consecutive EAGAIN errors when I use truss to trace the system calls invoked. I want to find out if SSL_read() retries the read() internally if the read returns EAGAIN Thanks, Patrick __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: starting new ssl session on existing ssl socket
This can be done. vijo. On Mon, Mar 11, 2002 at 10:09:58PM -, krish K wrote: Hi, I have to start a new ssl session on previous ssl socket. Can this be done? Are there any problems I may get into? Here is what I need to do: 1. start a session 2. send/receive some data 3. close the session but keep the connection open. 4. start a new session 5. send/receive some data 6. close the connection. Pl. help me. Regards, Nagarama. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- vijo __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL_read() and select() problem.
Venu, I see the similar problem too. But, for me when I do a ssldump i see CS bad_record_mac. That seems to be the reason for SSL_read returning 0/SSL_ERROR_SYSCALL. Do you see that? It would be great if you can share the info. thanks, vijo. On Fri, Nov 02, 2001 at 04:01:33PM +0200, Venugopal Panchamukhi wrote: Hi, I've modified the client code in such a way that reading and writing is done in a single thread. But my basic problem was not cleared. When i'm calling select() it is returning the read condition after which the read_SSL() method is returning value 0. When i tried to find out the error using SSL_get_error() it is giving me SSL_ERROR_SYSCALL. The man pages have given that EOF has occured and it is a violation of the protocol. Any help on this is greatly appreciated. The snippet of the code where i'm using select() and SSL_read() is as follows: void receive_thread(void *arg) { fds *conns; int server_fd; int HTTPSClient_fd; SMSCenter *smsc = NULL; conns = ((fds *)arg); server_fd = http_socket_fd(conns-server); HTTPSClient_fd = conns-HTTPSClient_fd; smsc = (SMSCenter *)conns-smsc; while(1) { int rc = 0; fd_set rf, wf; HTTPSocket *client; struct timeval tv; FD_ZERO(wf); FD_ZERO(rf); FD_SET(server_fd, rf); FD_SET(HTTPSClient_fd, rf); FD_SET(HTTPSClient_fd, wf); tv.tv_sec = 0; tv.tv_usec = 1000; rc = select(FD_SETSIZE, rf, wf, NULL, tv); if(rc 0) { if(errno == EINTR || errno == EAGAIN) continue; error(errno, select(2) failed); } else if(rc 0 FD_ISSET(server_fd, rf)) { client = http_server_accept_client(conns-server); if(client != NULL) { jobqueue_add_job(serve_client, client); } } mutex_lock(request_Mutex); if(rc 0 FD_ISSET(HTTPSClient_fd, wf) (emptyList(request_list) != TRUE) ) { mutex_unlock(request_Mutex); http_post_ssl((void *)smsc); } mutex_unlock(request_Mutex); if(rc 0 FD_ISSET(HTTPSClient_fd, rf)) { read_responces((void *)smsc); } } } void read_responces(void *arg) { int l=0; SSL *ssl; char buf[4096]; int SSL_error; char *request; SMSCenter *smsc = (SMSCenter *)arg; int read_blocked = 0; memset(buf, 0, 4096); ssl = get_session(conn); readrepeat: debug(test,0,Thread read_responces started...); read_blocked = 0; do { l = 0; l = SSL_read(ssl, buf, 4096); if( l 0) { switch(SSL_get_error(ssl, l)) { case SSL_ERROR_WANT_READ: error(0, SSL_ERROR_WANT_READ in SSL_read() 0); read_blocked = 1; break; case SSL_ERROR_WANT_WRITE: error(0, SSL_ERROR_WANT_WRITE in SSL_read() 0); read_blocked = 1; break; default: error(0, default: ERROR in reading in ssl); }; } else if(l == 0) { int ret = 0; int wait = 0; read_blocked = 1; debug(smsc_http, 0, No data to read); switch(SSL_get_error(ssl, l)) { case SSL_ERROR_WANT_READ: read_blocked = 1; error(0, SSL_ERROR_WANT_READ in SSL_read()); break; case SSL_ERROR_WANT_WRITE: read_blocked = 1; error(0, SSL_ERROR_WANT_WRITE in SSL_read()); break; case SSL_ERROR_ZERO_RETURN: error(0, SSL_ERROR_ZERO_RETURN in SSL_read()); break; case SSL_ERROR_NONE: error(0, SSL_ERROR_NONE in SSL_read()); break;
certificate format.
How can I find out the format of a certificate from a C program? thanks, -- vijo __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ChangeCipherSpec
SC ChangeCipherSpec seems to be taking the longest time in the SSL transactions. Is there a reason for this? Pls CC me, thanks, vijo. = I am a friend of http://www.find-life.com __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Ocotillo PRNG
A related question: if I have a hardware random number generator and i use it instead of /dev/urandom, is it likely to improve performance at all? how much will it help? thanks, vijo. On Fri, 27 Apr 2001, you wrote: On Fri, Apr 27, 2001 at 11:33:25AM -0700, Crosland, Jerel (Contract) wrote: I'd like to use the a href=http://ocotillo.sourceforge.net;Ocotillo/a PRNG with OpenSSL, but it is failing when I do the make test in the randtest module. Ocotillo creates a named pipe at /dev/urandom but if OpenSSL is treating it like a character device it may not work correctly. OpenSSL will only open() and read() from the file. Please run trace/strace/tusc/truss or whatever the system call tracer is called on your platform and see, whether the open() or the read() call fails and with which error. This already should give you a hint. As far as I have seen from the open() man-page, using a named pipe for this purpose is not very robust (it will fail for non-blocking behaviour: you cannot open a pipe for writing without a reading process, HP-UX 10.20) and I am not sure how this setup should work with several processes trying to read entropy at the same time. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- vijo __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]