If these are the roots you attached -- with names that differ only
in case of one letter -- they should have gotten the same hashvalue
(with suffixes .0 and .1); did they?
yes
Does it work with client=Firefox using client certs under both CAs?
I would expect at least one to fail. Note that
Hi,
I have compiled openssl-fips and openssl in Windows CE 6. But when I
run fips_premain_dso.exe libeay32.dll in target environment I get
following error:
=
217450134:error:2507606A:DSO support routines:WIN32_BIND_FUNC:could
not bind to the requested symbol
Hi,
I would like to know if it is possible to assign pre-defines
bufs(addresses) to OpenSSL which it can use to store plaintext/cipher text
during AES computation.
On 5/17/2013 11:50 AM, Abhijit Ray Chaudhury wrote:
Hi,
Is there anybody tried Openssl build on wince ce6 ?
I am trying to compile openssl-1.0.1-c on ce6 after applying the patch
mentioned in http://www.mail-archive.com/openssl-dev@openssl.org/msg26888.html,
but my link fails for md4test.exe
On 5/21/2013 2:04 AM, Phillip Hellewell wrote:
On Mon, May 20, 2013 at 1:12 PM, Phillip Hellewell ssh...@gmail.com wrote:
Should I try to patch it myself?
FYI, the linker error is occurring because nasm is failing with a ton
of errors on x86_64-g2m.asm, I think maybe because it is creating
On Mon, May 20, 2013, Phillip Hellewell wrote:
On Mon, May 20, 2013 at 1:12 PM, Phillip Hellewell ssh...@gmail.com wrote:
Should I try to patch it myself?
FYI, the linker error is occurring because nasm is failing with a ton
of errors on x86_64-g2m.asm, I think maybe because it is creating
Ø I would like to know if it is possible to assign pre-defines bufs(addresses)
to OpenSSL which it can use to store plaintext/cipher text during AES
computation.
You mean force all AES encryptions during a TLS session to use fixed buffers?
No, that is not possible without code changes.
Yes, basically I am trying to see if I can make OpenSSL use certain
'pre-defined' bufs that will be mmap'ed to a known location in
the memory. So that in the HW cryptolib I can make use of DMA to supply
data to the crypto engine and read back to the same physical address. That
way it will be
On Tue, May 21, 2013 at 5:33 AM, Dr. Stephen Henson st...@openssl.org wrote:
Just tried it myself with Visual Studio 2012, nasm version 2.10.07 and it
compiles with no problems for me. I also tried it without nasm (i.e. ml64) and
that worked OK too.
Ok, this is very helpful to know that it is
On Tue, May 21, 2013 at 9:08 AM, Phillip Hellewell ssh...@gmail.com wrote:
But when executed from my build script (a batch file), it runs into
problems.
Here is a copy of my build script. Can anyone spot a problem with it?
@echo off
if %1== goto buildall
setlocal
cd /d %~dp0..
@call
I forgot to mention, I am using perl.exe version 5.16.3 and nasm.exe
version 2.10.07.
Phillip
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Good news, I found the bug! I got thinking, why is x86_64-gf2m the
only one giving me a problem? So I compared x86_64-gf2m.pl to the
others and found that it has this line:
open STDOUT,| \$^X\ $xlate $flavour $output;
whereas the others have this:
open OUT,| \$^X\ $xlate $flavour
On Tue, May 21, 2013 at 10:14:27AM -0600, Phillip Hellewell wrote:
Good news, I found the bug! I got thinking, why is x86_64-gf2m the
only one giving me a problem? So I compared x86_64-gf2m.pl to the
others and found that it has this line:
open STDOUT,| \$^X\ $xlate $flavour $output;
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury abhijit.ray.chaudh...@gmail.com wrote:
Which means GetProcAddress is failing for symbol name
FINGERPRINT_premain. But if I do dumpbin /exports libeay32.dll, I
can see the symbol FINGERPRINT_premain exported.
Quote that output line from
Hi,
I built and installed openssl 1.0.1e. When i try to connect using ssh with
2048 DSA keys, i get *bad sig size 32 32* error.
Is this a bug?
Here is how i created the keys.
openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
openssl dsaparam -out dsaparam.pem 2048
openssl gendsa -out ssh_dsa_key
Hello!
I need to create a key and a csr with SN=x but can't find any way to do
this.
Does anyone know how to do this?
Kind regards
/Per Edlund
signature.asc
Description: Message signed with OpenPGP using GPGMail
On Tue, May 21, 2013 at 11:00 AM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
If so, this is a Windows Perl bug IMHO. The parent should wait
for the child to exit with close(STDOUT) in either scenario.
Any special treatment of STDOUT should be reset after
open STDOUT,|cmd;
in
I have an application (server) that is working using SSLv23 with a
regular certificate. Now I have to use one chain of two intermediate
certificates but for any reason, openssl library is not sending the
chain and the only way to work correctly is when I inform to the
client side about the
On 21 May 2013, at 5:02 PM, Jorge Ventura wrote:
Because the client trust the connection when I inform the
intermediate, I suppose the server is not sending the intermediate,
only the first certificate in the chain and in this case the command
fail.
That is a reasonable conclusion. You can
Somech,
The server side is using one .pem file like this:
private key
the certificate
intermediate 1
intermediate 2
The intermediate 2 was signed by one root CA available at client
side and the two intermediate was supplied by the same root authority.
I think that I didn't forgot that.
On
On 21 May 2013, at 5:37 PM, Jorge Ventura wrote:
Somech,
The server side is using one .pem file like this:
private key
the certificate
intermediate 1
intermediate 2
The intermediate 2 was signed by one root CA available at client
side and the two intermediate was supplied by the same
Jorge,
On the server, you can copy all the public certs i.e. the intermediates and
the root into one PEM file. That will send everything down to the client.
Best,
Somesh
On Tuesday, May 21, 2013, Jorge Ventura wrote:
I have an application (server) that is working using SSLv23 with a
regular
That is what I have when I don't include the intermediate in the command:
openssl s_client -connect 10.10.10.10:443 -verify 5 -state -showcerts
verify depth is 5
CONNECTED(0003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server
In your s_client command, you still need to include the -CAfile parameter
and point it to just the self-signed Root certificate. Your server is
sending the intermediates but the client is not able to verify the chain up
to a Root.
You may want to edit cacerts.pem to include only the Root
24 matches
Mail list logo
