Hi All,
I am trying to find whether there is minimum key length restriction when
operating SSL/TLS in fips mode. Documents say that if key length is 1024
bits, fips 140-2 compliant openssl-fips-1.2p1 ssl library will not allow
the SSL connection.
I know that SSL_connect() should fail if this is
Hi,
I would like to know if OpenSSL has support for SHA-512/224 and
SHA-512/256. I see init functions for SHA-256 and SHA-224. But could not
find one for the 512/t. Is it not supported?
Thanks,
Gnanasekar
Is there a way to seek with a BIO_ cipher?
I try BIO_seek and BIO_reset but any reads after this are incorrect
It looks like CRYPTO_set_mem_functions() of OpenSSL 1.0.1e-4.fc18 does not
work: CRYPTO_set_mem_functions() calls indirectly CRYPTO_malloc() which sets
allow_customize = 0; and so CRYPTO_set_mem_functions() does nothing (just
return 0, instead of 1).
Gdb trace with a modified _ssl module:
#0
Hi!,
Yes, this is SHA-512. I am interested in the 512/t variants for which the
IVs and the final digests length differs. I don't see any parameters to
mention that. So wondering if support for 512/224 and 512/256 is available.
Regards,
Gnanasekar
On 4 October 2013 13:19, Fredrik Jansson
Yes, I have searched a lot for SHA- 2 .
Looks like there is no support for SHA-2 in openssl-fips 1.2
Thanks
Anil
On Fri, Oct 4, 2013 at 3:00 PM, Gnanasekar R gnanasekar@gmail.comwrote:
Hi!,
Yes, this is SHA-512. I am interested in the 512/t variants for which the
IVs and the final
Could it be because of a misuse of X509_dup() or CRYPTO_add( ..., 1,
CRYPTO_LOCK_X509 )
in a copy constructor or an assignment operator ?
#10 0x08052673 in CertificateRemote::cleanup_x509 (this=0x9bb55f0) at
syfer/crypto/Certificate.cpp:309
What could be possible reason for the above crash ?
Hello Dave,
Please see inline.
Assuming by “get it signed” you mean signing the CSR, not getting a cert
issued from the CSR which many people wrongly think is “signing the CSR”:
yes OpenSSL has APIs for both X509 (cert) and X509_REQ.
[Kamalraj] If you don’t mind, can you share those APIs
You
Am 03.10.2013 14:32, schrieb Puneet Khunteta:
Hello,
I have later found that the fail behavior may be due to the insufficient
memory available for the target device .
I have seen that -stream option is added in smime application in
openssl version 1.0.0 .
1.) Can i have the access to the
When you run it interactively, does it work right away or do you need to hit
TWO returns?
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
On Fri, Oct 4, 2013 at 9:17 AM, Salz, Rich rs...@akamai.com wrote:
When you run it interactively, does it work right away or do you need to
hit TWO returns?
It works right away.
The keypresses trigger the read of stdin (since the
WaitForSingleObject(stdin) is bypassed due to the
Summary: CSR has x509v3 extensions, certificate does not
Working with CentOS 6.2, openssl version:
OpenSSL 1.0.0-fips 29 Mar 2010
I created my own CA certificate using:
openssl req -new -x509 -days 365 -key host.example.com_CA.key -out
host.example.com_CA.crt
I found on internet how we can
From: owner-openssl-us...@openssl.org On Behalf Of Hum Brai
Sent: Friday, October 04, 2013 12:00
Summary: CSR has x509v3 extensions, certificate does not
snip
I found on internet how we can make CSR (request) have subjectAltName,
(and verified)
PROBLEM is when take a request to make new
Hello,
there exists a self signed root CA certificate (A)
one intermediate CA certificate (B)
and this intermedia certificate has signed a SSL certificate (C) of a
web server;
the SSL certificate has in its 'Authority Information Access' extension
the URL to the
intermediate CA certificate,
On 10/4/13, Hum Brai humb...@gmail.com wrote:
Oh, sorry my message got labeled as spam, is it because I pasted the
conf? THANK YOU for replying anyway. Question:
Summary: CSR has x509v3 extensions, certificate does not
snip
I found on internet how we can make CSR (request) have
Everything good now. Solution below. Thank to Dave very much.
Summary: CSR has x509v3 extensions, certificate does not
snip
I found on internet how we can make CSR (request) have subjectAltName,
(and verified)
PROBLEM is when take a request to make new user certificate, I get no
x509v3
To read X509, man (s3) PEM_read_[bio_]X509 or d2i_X509[_fp,bio] . There
aren't man pages for
the non-I/O functions and similarly for X509_REQ other than I/O, but they're
pretty obvious in x509.h:
you want X509_get_$various and X509_REQ_set_$various . When I have a
question on these I usually
Oh, sorry my message got labeled as spam, is it because I pasted the
conf? THANK YOU for replying anyway. Question:
Summary: CSR has x509v3 extensions, certificate does not
snip
I found on internet how we can make CSR (request) have subjectAltName,
(and verified)
PROBLEM is when take a
I have just started to learn OpenSSL, and I am having troubles
finding documentation that is helpful.
www.openssl.org seems to have lots of reference documentation, but
not too much in usage documentation, e.g., what are the typical
contents expected in the SAN for a CA cert vs. those of a
From: owner-openssl-us...@openssl.org On Behalf Of Hum Brai
Sent: Friday, October 04, 2013 15:27
To: openssl-users@openssl.org
Subject: *** Spam *** Re: *** Spam *** Unable to create Version 3
certificates with subjectAltName using my own CA
Oh, sorry my message got labeled as spam, is it
I'm writing an openssl-based app that uses client and sever certs,
generated using a private root CA. Each client has its own cert and
private key.
For ease of deployment, I'm combining the private key and public cert
into a single file, i.e.:
$ cat client.key client.crt client.privcrt
21 matches
Mail list logo
