Hello Openssl Team,
Currently am seeing an issue as follows.
We would like to use our internal verification logics for the key exchange
message received at SSL client.
As part of this, we have registered with our function pointers.
ECDSA_verify() is now calling our registered function to
From: Michael Wojcik [mailto:michael.woj...@microfocus.com]
Thanks for the detailed and thoughtful response. I only want to respond to a
few of your points.
One is simply that we're seeing a lot of
OpenSSL roadmap announcements. That's good in the sense that before the
funding boost,
I am upgrading an embedded linux board's BSP from 1.0.0m to 1.0.1l due to a
requirement for TLS v1.1. Version 1.0.1 will cross compile without errors
using my 1.0.0 configuration but I have identified the following errors on
the board (so far) with the build using 1.0.1:
1.) Cannot create a RSA
I have successfully built OpenSSL 1.0.0..., 1.0.1..., and 1.0.2 also on
an ARM926EJ linux based system. I used the 'no-ssl2 no-ssl3 linux-armv4
shared' options (plus some others). I found that it works with and
without the ARM assembly accelerations (no-asm option), even though the
ARM926EJ
Using the openssl pkcs12 -export command, how can one specify a
different friendlyName attribute for the private key?
For example, consider the command:
openssl pkcs12 -export -out pkcs12.p12 -name sean key 2015 -inkey
key.txt -in user.crt -name sean user cert 2015 -certfile othercerts.txt
Using the openssl pkcs12 -export command, is it possible to specify a
-certpbe value that does not do encryption? Perhaps you only want
integrity protection--you don't care whether the certificates are
shrouded. The PKCS #12 standard seems to imply that certBags can be
used as-is; however, all
From: openssl-users On Behalf Of Rajeswari K
Sent: Friday, February 13, 2015 09:48
snip
As part of [ECDSA] signature verification, we first take lenght_of_signature
received
and compare with double the size of number_of_bytes from curve parameter.
Have converted the ECDSA_SIG to unsigned
On Fri, Feb 13, 2015 at 11:33 AM, Sean Leonard dev+open...@seantek.com wrote:
Using the openssl pkcs12 -export command, is it possible to specify a
-certpbe value that does not do encryption? Perhaps you only want
integrity protection--you don't care whether the certificates are shrouded.
The
On Fri, Feb 13, 2015 at 08:17:40PM +0530, Rajeswari K wrote:
We would like to use our internal verification logics for the key exchange
message received at SSL client.
That sounds like a bad idea. Let OpenSSL do the work for you,
configure appropriate trust anchors, or trusted leaf
On Fri, Feb 13, 2015, Sean Leonard wrote:
Using the openssl pkcs12 -export command, is it possible to specify
a -certpbe value that does not do encryption? Perhaps you only
want integrity protection--you don't care whether the certificates
are shrouded. The PKCS #12 standard seems to imply
On Fri, Feb 13, 2015, Sean Leonard wrote:
Using the openssl pkcs12 -export command, how can one specify a
different friendlyName attribute for the private key?
For example, consider the command:
openssl pkcs12 -export -out pkcs12.p12 -name sean key 2015 -inkey
key.txt -in user.crt -name
MS On Fri, Feb 13, 2015 at 11:33 AM, Sean Leonard dev+open...@seantek.com
wrote:
Using the openssl pkcs12 -export command, is it possible to specify a
-certpbe value that does not do encryption? Perhaps you only want
integrity protection--you don't care whether the certificates are shrouded.
Yes, I am sure that some folks find known plaintext in an encrypted object
to be helpful.
[apologies for top-posting... dumb smart phone]
- M
On Feb 13, 2015 1:21 PM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:
On Fri, Feb 13, 2015 at 12:02:06PM -0800, Michael Sierchio wrote:
Whenever
On Fri, Feb 13, 2015 at 12:02:06PM -0800, Michael Sierchio wrote:
Whenever I hear someone talking about encrypting a certificate, I
conclude that they are horribly confused. A cert is signed, over the
entire contents, so integrity is reducible to the cryptographic
algorithms employed. A cert
Hello Dave,
Based on your input, have stopped calling i2d_ECDSA_SIG() and used
BN_bn2bin() to overcome the der headers.
And now, my verification is working fine.
Is there any function at openssl, to get the HASH used for the digest at
ECDSA_verify()?
I see that, for ECDSA_verify(), first
On 2/13/2015 12:12 PM, Dr. Stephen Henson wrote:
On Fri, Feb 13, 2015, Sean Leonard wrote:
Using the openssl pkcs12 -export command, is it possible to specify
a -certpbe value that does not do encryption? Perhaps you only
want integrity protection--you don't care whether the certificates
are
On 2/13/2015 12:23 PM, Dr. Stephen Henson wrote:
On Fri, Feb 13, 2015, Sean Leonard wrote:
Using the openssl pkcs12 -export command, how can one specify a
different friendlyName attribute for the private key?
For example, consider the command:
openssl pkcs12 -export -out pkcs12.p12 -name sean
17 matches
Mail list logo