Hello List,
please forget this Mail. This is an old Mail and the problem is solved.
I don't know why this Mail is again on the List.
Andreas von Linden schrieb:
Hello,
i have a problem with the Blowfish algorithm. When i encrypt a long
message i get the following error when i try to decrypt
Hi,
Explore www.opensslbook.com
Also, buy (or somehow grab) a copy of the book: Network Security with
OpenSSL by John Viega, Matt Messier, and Pravir Chandra. This book has a
very good treatment of openssl.
I also believe, from the openssl site, you should 'Read The Fine Manual'
[:-)] and you
Hi,
Your best bet would be to Google for OpenSSL and sample
code. Also check out the OpenSSL book published by O'Reilly.
I would say that the OpenSSL book is essential.
Also I would recommend the book SSL and TLS by Eric Rescorla.
Regards,
Mark
Hello,
So what you are saying is that if I encrypt a file with a password
according to my interpretation of PKCS#5/PBKDF2, then it might not
decrypt properly (with the same password) using the command-line openssl
function?
Yes, this function internally looks like PBKDF2 and has similar use
Hi all!
Im having a problem with SSL_read. When SSL_read fails and returns
SSL_ERROR_WANT_READ I do select checking for readability but I never get a
hit and if I try SSL_read again I get the same error. Does anyone know what
to do?
Im using different threads for receiving and sending.
Hi Team,
I am working on the CRL validation. I am seeing some issues in
extracting the
- delta crl distribution point and
- reason for revocation.
Could you please let me know your thoughts on how to access these two
above mentioned information?
Let me explain you my problem clearly:
1. I got
Hi Team,
I am working on the CRL validation stuff. In that process, I need to
extract the cdp(crl distribution point).
I am a bit hazy about extracting the crl distribution point (cdp) from
the certificate.
I am following the below mentioned procedure to extract the cdp. I am
succeeded in
Hi all,
I'm experiencing reproductable segv in ERR_error_string. I've reduced my
original code to a simpler test code wich show this ; see at end.
It's reproductable on ubuntu and debian. If I use ERR_error_string_n
then I've no problem.
some infos about the ubuntu system:
ii libssl0.9.7
Hi,
I'd like to know how to proceed (is it doable) to convert a PKCS #7
data (made with PKCS7_sign, flag = PKCS7_BINARY | PKCS7_DETACHED;)
with several cert (the one from the signer) and a chain of cert, from
BER to DER encoding.
I have another one PKCS #7 data which was made with the same
Hello
Using the last version of openSSL, I am trying to
create a certificate request, but have some issues on the syntax of the
configuration file for the req command.
My organization has a tree of OU (between the O and
the CN)
Do you know how I may create such a request?
Below is
Benjamin Sergeant wrote:
I'd like to know how to proceed (is it doable) to convert a PKCS #7
data (made with PKCS7_sign, flag = PKCS7_BINARY | PKCS7_DETACHED;)
with several cert (the one from the signer) and a chain of cert, from
BER to DER encoding.
Is the decryption key present to sign the
The post process would be done by the signer (on his machine with all
the credential availables), with the key present. If this can be done
inside PKCS_sign, or during the same session.
I don't want this re-encoding to be particulary a post-process, just
want it to be done anytime, of course ...
Im having a problem with SSL_read. When SSL_read fails and returns
SSL_ERROR_WANT_READ I do select checking for readability but I
never get a
hit and if I try SSL_read again I get the same error. Does anyone
know what
to do?
That sounds like there is just nothing to read.
Im
David Schwartz wrote:
Make sure that you protect the SSL session with a
mutex. You are not allowed to call SSL_read and SSL_write at the same time
on the same session from different threads.
DS
David,
Does same session mean, same instance of an ssl object, or same
instance of a
David,
Does same session mean, same instance of an ssl object, or same
instance of a ctx object?
You are permitted concurrent access to different SSL sessions based on
the
same context. You just cannot read and write to the same session at the same
time. (You also can't read a
I am working on an application on Mac OS X that's using OpenSSL to talk
to a server via SSL. Because I'm using custom nonblocking socket code, I
setup a BIO pair to do the SSL encoding internally. Everything works
great--handshaking is successful, data is properly encrypted and
decrypted, and
Hello,
I am working on an application on Mac OS X that's using OpenSSL to talk
to a server via SSL. Because I'm using custom nonblocking socket code, I
setup a BIO pair to do the SSL encoding internally. Everything works
great--handshaking is successful, data is properly encrypted and
Hi,
How do i validate a certificate chain. is there a EVP api for it ?
thanks
Kunal
From: Marek Marcola [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: OpenSSL Generating Extra Packets
Date: Fri, 25 Aug 2006 23:51:45 +0200
Hello,
I am working
Hello,
Hi,
How do i validate a certificate chain. is there a EVP api for it ?
thanks
If we are talking about verifying X509 cert against CA certs this
may be done for example like:
-
FILE *fp;
X509_STORE * CAcerts;
X509 * cert;
X509_STORE_CTX ca_ctx;
char *strerr;
You can also consider using function
int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk), if a stack of certs is
available.
Rick
From: Marek Marcola [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: Validating Cert Chain
Date: Sat, 26 Aug
Bonjour François,
On 26/08/2006, at 1:42 AM, [EMAIL PROTECTED] wrote:
Using the last version of openSSL, I am trying to create a
certificate request, but have some issues on the syntax of the
configuration file for the req command.
My organization has a tree of OU (between the O and the
Hi,
I'm using openssl, (I think the slimmed
down engine version), and attempting to support a program written by someone
else. The server that I'm talking to recently moved to a new ISP and the
program stopped working. It should be as simple as getting the server's
new certificate and it should
Hi Richard,
There's a lot of confustion over the OpenSSL license but in actually
it's quite a simple license.
Answers to your questions in-line:
- Original Message -
From: Ryan Shon [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Tuesday, August 22, 2006 9:06 AM
Subject: Re:
23 matches
Mail list logo