On 8/25/2011 6:04 AM, Arjan Filius wrote:
Hello,
today i ran into a situation, where i notice firefox/chrome and
gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl
s_client takes only one.
one tcp session is what i expect, and i hope someone may have an
explanation.
On 7/26/2011 10:16 PM, Katif wrote:
Can you tell me what are the application dependency factor here so we'll be
able to chase a limit?
It is used as an RSA key exchange certification/private key pairing.
Thanks...
Maximum RSA key size supported.
Extensions supported.
DS
On 7/26/2011 4:38 AM, Katif wrote:
I need to know in advance the maximum length of the following three PEM
formatted files (excluding the -BEGIN/END lines):
It's application-dependent. There is no answer in general.
DS
On 7/14/2011 6:17 AM, Amit Kumar wrote:
Hi team,
I am using SSL_Connect() in one of my projects and this SSL_connect
is returning a value of -1.
With SSL_get_error() i can see it is *SSL_ERROR_WANT_READ ?*
*
*
* Now i am not understanding why this can come and if this is there
then
On 7/11/2011 3:18 PM, Carla Strembicke wrote:
The server recieves the encrypted data and sends to the lower level
and where it is pumped into the SSL structure ( which is using these
memory buffers) using the BIO_write call ( I acutally see that bytes are
written into it) and the buffer looks
On 6/21/2011 2:40 AM, ml.vladimbe...@gmail.com wrote:
The fourth function is SSL_EncryptUserData, which encrypt our own
application data before we can send their to secure channel:
int SSL_EncryptApplicationData(char *buf_in, int buf_in_len, char
buf_out, int buf_out_len, int
On 6/21/2011 2:53 AM, ml.vladimbe...@gmail.com wrote:
Jim, for me the main goal to replace functions that operate with sockets
is performance. I want to use OpenSSL with Windows IO Completion ports.
The method that you suggest is very interesting but the main is not
achieved - OpenSSL is still
On 6/22/2011 3:20 AM, ml.vladimbe...@gmail.com wrote:
Where can I find this example with BIO pairs? I can't understand only
with openssl's documentation how to work with BIO pairs.
I will be grateful for the help.
Look in ssl/ssltest.c, in the doit_biopair function.
DS
On 6/15/2011 11:57 AM, ml.vladimbe...@gmail.com wrote:
Hello.
By default OpenSSL itself works with sockets. I would want to implement
operation with sockets without admitting it to OpenSSL. I.e. for
example, when OpenSSL wants to write down something in a socket, it
should cause my function and
On 6/11/2011 8:52 AM, kali muthu wrote:
I have Linux Server which has been connected with a Windows XP client
using SSL Sockets. I am able to read and write through those sockets.
Good.
Recently my calls to SSL_Connect() waits for long time. And yes I am
using in Blocking mode. My search on
On 5/23/2011 1:59 AM, Harshvir Sidhu wrote:
David,
So are you suggesting that i change the approach in my Code.
Hard for me to give you a useful answer without seeing your code. If
your code tries to treat OpenSSL as a filter, expecting input and output
to correlate, then yes. If your
On 5/22/2011 5:10 PM, Harshvir Sidhu wrote:
Previously I have used SSL_XXX functions for performing SSL
operations. Now i have am working on an application which is written in
Managed C++ using callback functions(BeginReceive and EndReceive), and
SSL_Read function is not working for that.
On 5/18/2011 3:27 AM, G S wrote:
I'm probably being obtuse here, but I don't see how encrypting your
request with a public key would help you with your original problem.
What stops a rogue app from doing the same encryption?
They can't see what the parameters are. So what are
On 5/9/2011 1:45 PM, Eric S. Eberhard wrote:
int setblock(fd, mode)
int fd;
int mode; /* True - blocking, False - non blocking */
{
int flags;
int prevmode;
flags = fcntl(fd, F_GETFL, 0);
prevmode = !(flags O_NDELAY);
if (mode)
flags = ~O_NDELAY; /* turn blocking on */
else
flags
On 5/10/2011 2:10 AM, John Hollingum wrote:
I have a service written in Perl, running on Linux that presents a very
simple SSL listener. When this service is hit, it identifies the
connecting node from its certificate/peer address and just sends some
xml to them containing data from some files
On 5/9/2011 6:27 AM, Harshvir Sidhu wrote:
Also i suspect, that if i change the socket to non blocking, then
my current read write code will not work. i mean the one in which i use
FD_SET and select to perform operations.
Thanks.
It's very easy to get things wrong and it won't work
On 5/5/2011 10:01 AM, Chris Dodd wrote:
Is the OpenSSL library supposed to be at all reentrant? I've had odd
problems (intermittent errors) when trying to use OpenSSL in a
multithreaded
program (multiple threads each dealing with independent SSL connections),
and have apparently solved them by
On 5/4/2011 9:14 AM, Ashwin Chandra wrote:
Okay I read the complete bug report and it looks like there is a fix in
the latest openssl. However I checked it out and it limits the maximum
time RAND_poll will take to a second. 1000ms. Is there any other way to
speed this up?
Populate the OpenSSL
On 5/3/2011 11:31 AM, derleader mail wrote:
Hi,
I found OpenSSL server code which uses threds in order to process
clients. Is it possible to create connection pool with OpenSSL. There is
no information about this on openssl.org
How I can add threaded pool to this code?
On 5/1/2011 1:34 AM, derleader mail wrote:
I'm going to use stream protocol - TCP/IP. Here is the template source
code of the server without the encryption part
We mean application protocol.
while (1) {
sock = accept(listensock, NULL, NULL);
printf(client connected to child thread %i with
On 5/1/2011 3:31 AM, derleader mail wrote:
So I need a high performance solution that can handle many connections
with little server load.
1. SSL is a good solution but is not high performance - it's more
suitable for encryption of a web page. When establishing connection more
that 100
On 4/30/2011 10:48 AM, derleader mail wrote:
Thank you very much for the reply. The problem is that the encryption
and decryption must be on separate machines. I need a way to take the
size of the encrypted message using language function like strlen(). Is
there other solution?
Are you
On 4/20/2011 1:18 AM, Luc Perthuis wrote:
Hi all,
I'm specially interested on finding a way to uniquely identify rather
small data chunks (less than or equal to 128*1024 bytes in size) without
using a byte per byte compare.
Is there any theoretical proof for a good selection of 2 HASH
On 4/13/2011 2:35 AM, pattabi raman wrote:
*1. If I can't use sprintf then how can I copy the enrypted message to a
character buffer. Bcoz so far I am sending the request to middleware in
Char Buffer using TCP /IP socket. How can I able to achieve now.*
**
If you don't know how to copy bytes
On 4/11/2011 6:36 PM, Adrian D. Sacrez wrote:
I'm fairly new to OpenSSL. How do I convert the rsa generated
ry rsa_keygen_ex() into a public and private key?
Is there a way to do that?
I assume you mean RSA_generate_key_ex. It already is. The purpose of
this function is to generate a new
On 4/10/2011 3:03 PM, Anton Vodonosov wrote:
The question: if I provide locking_callback, will it be called only from the
threads where I invoke OpenSSL functions,
or OpenSSL may call it from some private/internal threads not created by me?
Since there's no callback to create a thread,
On 3/25/2011 3:50 AM, Michał Stawiński wrote:
//freeing popped client BIO in parent would disconnect client in child,
//so I can not free it, which will cause 64B memory leak
//parent: BIO_free ( b=client_bio ) : 1 //???
I don't know of any elegant solution. But there's a way that works.
On 3/25/2011 2:33 PM, Michal Stawinski wrote:
2011/3/25 David Schwartzdav...@webmaster.com:
I don't know of any elegant solution. But there's a way that works.
Open a file descriptor or socket you don't care about (for example, open
/dev/null). Then 'dup2' that file descriptor over
On 3/25/2011 4:17 PM, Jeremy Farrell wrote:
From: Jeffrey Walton
Sent: Friday, March 25, 2011 8:45 PM
On Fri, Mar 25, 2011 at 3:56 PM, Anthony Gabrielsonagabriels...@comcast.net
wrote:
This will do what you want:
On 3/22/2011 9:07 AM, Steffen DETTMER wrote:
When some entity verifies a certificate, finds a valid signature
etc but the current date is not between Valid From to Valid
To, meaning the certificate seems not yet valid or expired,
what is recommended to do?
It depends what you're doing.
I
On 3/17/2011 5:00 AM, ikuzar wrote:
The problem :
when I print data, I have got :
HELLO��y0�y
0�y��y
i`�0�y
������L���L��-M
etc...
instead of
HELLO.
in MYrecv, when I make L = 5, it works
what should I do to read just the right size so that when I print I get
HELLO, GOODBYE, etc
On 3/17/2011 6:40 AM, ikuzar wrote:
Why do we expect \r\n ? why not \0 ?
That's why you need to implement a protocol.
DS
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On 3/17/2011 7:43 AM, ikuzar wrote:
I am confused.
When I used a simple c++ program which uses SSL functions for the first
time, I need not implement a protocol. when I tell SSL_write( ) to send
5 bytes and tell SSL_read( ) to read 10 bytes, the last reads 5 bytes !
( doesn't it ? am I wrong ?
On 3/7/2011 2:45 PM, Yan, Bob wrote:
My question is that if my Reader thread gets a SSL_ERROR_WANT_WRITE
error from SSL_read function call, can my Writer thread do the SSL_write
operation right after the Reader’s SSL_read operation?
Yes.
Or, if my Writer
thread gets a SSL_ERROR_WANT_READ
On 3/7/2011 4:19 PM, Yan, Bob wrote:
Thank you very much, David,
In general, if the application use select/poll system function to
check the readable of underline BIO and invoke the SSL_read/SSL_write
only if there are data available on the socket, can the deadlock still
happened?
Not
On 3/2/2011 10:23 AM, prakgen wrote:
I've enabled fips in sshd (OpenSSH 5.5p1)
Why?
and linked it against
openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization
shoots up and remains high (40% to 90%) for around 5 seconds.
Doctor, it hurts when I do that.
Then don't do
On 3/5/2011 6:23 AM, prakgen wrote:
and linked it against
openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization
shoots up and remains high (40% to 90%) for around 5 seconds.
Doctor, it hurts when I do that.
Then don't do that.
Well Doctor, I need to do that.
Then it's
On 3/3/2011 6:50 AM, ikuzar wrote:
Hello,
I have got a SSL_ERROR_WANT_READ after a call to SSL_connect. I 'd like
to know what should I do exactly ?
Thanks
Retry the connect operation later, ideally after confirming that the
underlying socket is readable.
DS
On 3/2/2011 9:55 AM, ikuzar wrote:
3) I come back to the SSL_write( ). He wants to read( ).
The doc says :
Caveat: Any TLS/SSL I/O function can lead to either of
*SSL_ERROR_WANT_READ* and *SSL_ERROR_WANT_WRITE*. In particular,
|SSL_read()| or |SSL_peek()| may want to write data and
On 2/25/2011 11:59 AM, Michael S. Zick wrote:
On Fri February 25 2011, Ricardo Custodio wrote:
Veja www.icp.edu.br
Interesting, I get a server certificate fails authentication
from the above address.
You haven't chosen to trust the CA that issued it.
Keep in mind that when the person
On 2/25/2011 5:03 PM, John R Pierce wrote:
the root certificate in question is not in either Google Chrome's list
of CAs, or in Mozilla Firefox's list.
AC-SSL da ICPEDU is the Root CA, issuing a certificate to www.icp.edu.br
The Root Certificate appears to be one locally generated...
On 2/20/2011 6:42 PM, Bharani Dharan wrote:
Hi,
I want to find following details but getting error. Errors are
highlighted in RED. Kindly advise.
# echo | openssl s_client -connect server:25 -starttls smtp certificate
gethostbyname failure
connect:errno=0
Presumably the name of the
On 2/2/2011 9:13 PM, praveen kumar wrote:
i got this error,they configured port 8000 for ssl but still i cant get
problem where it is?
Can any one help me where is the exact problem?
Their server doesn't correctly support SSL negotiation. You can make it
work by disabling TLS1
On 1/31/2011 12:25 AM, Lutz Jaenicke wrote:
Dear friend
This is praveenkumar working as a app developer from Linkwell
telesystems,hyderabad,India.
i have a problem in ssl while hitting the server with the certificate
provided by server.i am using openssl tool in linux.
When
On 1/31/2011 5:37 PM, Ashwin Chandra wrote:
I would like to call this function to generate the same public/private
key everytime.
I thought all I had to do was create the same seed using RAND_seed each
time, however I still keep getting different key pairs.
Is there any way to have
On 1/12/2011 3:19 PM, Jijo wrote:
Hi All,
I hope this a basic question for you guys..
I'm trying to setup TLS connection between Client and Server.
In the server i did following things,
1. Created a selfsigned rootCA
2. Created IntermediateCA and signed with rootCA.
3. Create a Server
On 1/12/2011 6:48 AM, Mark H. Wood wrote:
Oh, now I'm curious. How do they test the randomness of a single
sample? 1 is every bit as random (or nonrandom) as
0xdcb4a459f014617692d112f0942c89cb.
They don't validate the number itself, they validatet hat the method by
which the number was
On 1/11/2011 7:02 AM, Fredrik Strömberg wrote:
(For the curious: I don´t need serial because I only identify with CN,
and I don´t need a database because I will never revoke any
certificates.)
The problem is, everybody else identifies by serial. So unless you don't
plan to interoperate with
On 12/29/2010 1:11 AM, Esimorp E wrote:
Hi all,
I tried changing the one-to-one socket type in OpenSSL to one-to-many by
changing SOCK_STREAM to SOCK_SEQPACKET and it compiled fine but while
trying to run other program on it I had the following error:
bss_dgram.c(236): OpenSSL internal error,
On 12/20/2010 10:49 AM, travis+ml-open...@subspacefield.org wrote:
So a friend ran into this lately;
libnss, at least on Linux, checks that the signing cert (chain) is valid
at the time of signature - as opposed to present time. (It may check
present time as well - not sure on that)
This is
On 12/17/2010 1:41 AM, Kingston Smiler wrote:
Is there any way to identify whether the other end supports TLS or not.
There is no way we could know the answer to this question. We have no
idea what your other end is, who designed it, or how.
My requirement is like this.
If the other end
On 12/2/2010 2:36 AM, Aarno Syvänen wrote:
Hi List,
I have problem with SSL_shutdown. Advice seems to be to call it again, if the
return value is 0.
However, this means that shutdown can hang forever. Can I just call
SSL_shutdown and go on ?
You can go do other things and try to shut the
On 11/29/2010 2:34 AM, A. N. Alias wrote:
I've been using IE, Chrome and Firefox as clients for a test SSL/TLS server.
This works fine with Firefox, which uses a single TCP connection for the TLS
handshake and subsequent communication. However, IE and Chrome seem often to
send different parts
On 11/18/2010 12:50 AM, Steve yongjin Shin wrote:
-BEGIN RSA PRIVATE KEY-
...omitted..
-END RSA PRIVATE KEY-
-BEGIN CERTIFICATE-
...omitted...
-END CERTIFICATE-
On 11/18/2010 7:26 AM, Pandit Panburana wrote:
I am not clear about the condition that vulnerability when using
internal session caching mechanism. Is it the same thing as TLS session
caching or this is some thing different?
The internal session caching mechanism caches TSL session
On 11/16/2010 11:06 PM, Nivedita Melinkeri wrote:
Hi,
I had some questions about the latest security advisory. I understand
that this applies to multi-threaded application while using ssl sessions.
Correct.
If the application is written thread safe using
CRYPTO_set_locking_callback
On 11/6/2010 7:44 AM, Martin Boßlet wrote:
I just tested, whether the BER-encoding is preserved if I do not alter
any of the contents. Unfortunately, it seems as if the encoding is not
preserved. I did the following:
d2i_PKCS7_bio(file,p7);
and then directly
i2d_PKCS7_bio(file2, p7);
again.
This may be a stretch, but did you confirm the socket is within the
range of sockets your platform allows you to 'select' on? For example,
Linux by default doesn't permit you to 'select' on socket numbers 1,025
and up, though you can have more than 1,024 file descriptors in use
without a
On 11/2/2010 6:25 PM, Md Lazreg wrote:
r=select(m_sock_fd + 1, fds, 0, 0, ptv);
if (r = 0 (Errno == EAGAIN || Errno == EINTR))/*if we timed
out with EAGAIN try again*/
{
r = 1;
}
This code is broken. If 'select' returns zero, checking errno is
On 10/6/2010 5:01 AM, john.mattapi...@wipro.com wrote:
Thanks Steve,
I used the following commands to create the certificate using the
openssl built with FIPS support
openssl genrsa -des3 -out wv-key.pem 1024
openssl req -new -x509 -key wv-key.pem -out wv-cert.pem -days 365
Do I miss any
On 9/30/2010 11:39 PM, Raj wrote:
Can you please let me know how can I set time out as a whole. I think
you are mentioning about SSL_CTX_Set_timeout function. If it is so then
I have set the time out using this function, and sadly I didn't get the
expected result.
There are a lot of ways. The
On 9/29/2010 11:41 PM, Raj wrote:
Hi All
Is there any method to set time our for SSL _read function.
As from the Open SSL document SSL_read will not return if there is no
data to read from the socket
You really shouldn't need this. If you know for sure that it's the other
side's turn to
On 9/27/2010 4:13 PM, Scott Neugroschl wrote:
As David said, yes.
On the other hand, you could re-implement malloc() and free() for your
platform.
There's really no way to make that help very much. It might help a
little, but the fundamental problem is this:
If you want to implement each
On 9/25/2010 9:31 AM, Jayaraghavendran k wrote:
(a) Does OpenSSL plan to support this feature in any of it's future
releases? (Or does any of the releases already support it? I went
through the Change Logs, but couldn't find anything), If no, why not?
I can't answer whether there are any
On 9/26/2010 11:14 PM, zhu qun-ying wrote:
Does it mean that it is hard to change the behavior?
Yes, because it's not implemented in any one particular place. It's a
fundamental design assumption throughout OpenSSL that it's aimed at
general-purpose computers with virtual memory subsystems.
On 9/24/2010 11:05 AM, zhu qun-ying wrote:
I think I should clarify something here. The app is running
in a small device that does not have virtual memory
(no swap space) and the memory is limited (256/512 M).
In peek connections, it may use up to 90% of the system memory,
and when
On 9/23/2010 7:16 AM, Gumbie wrote:
Can someone explain what is needed to create and EV (Extended
Validation) Certificate? I have been trying to research this and have
found limited information on this. Only one document that was of any
help
On 9/23/2010 11:42 AM, zhu qun-ying wrote:
Hi,
I have an SSL apllication, that it suppose to run for a long time. After some
time of running, I found the usage of the memory is growing. I stop all SSL
connections and checked all SSL * has been freed but it could not release the
memory back
On 9/12/2010 11:38 PM, Raj Singh wrote:
issuer_pubkey_len = i2d_PUBKEY(pubKey, NULL);
issuer_pubkey = malloc(issuer_pubkey_len);
i2d_PUBKEY(pubKey, issuer_pubkey);
memory_dump(issuer_pubkey, issuer_pubkey, issuer_pubkey_len);
The problem, is issuer_pubkey buffer is different each time, I run
Sam Jantz wrote:
It's multi threaded with non-blocking I/O. I'm not sure exactly what
you mean by socket discovery, but I think you are asking how my program
determines when something is ready? If that's the case then my program
uses a select statement to watch the file descriptor to see
I'm writing a SSL proxy (which is working great except for this issue)
and every time I got to attach a file in an email the connection resets,
and it gets caught in an infinite retransmit loop.
There are two totally different ways you can make an SSL proxy, and to figure
out your issue, we
Raj wrote:
I have tried one more method to read the data from the socket,
which was
partially successful it is defined as follows
do
{
dwReadDataLen = SSL_read(Serverssl,pBuff,iBufferSize); // Gets
the
data from the server side
Sandeep Kiran P wrote:
We dont have any control on how the server generates its certificates.
As said earlier, we only control the client portion of SSL/TLS.
Sites where our client application runs, is handed over the location
where trusted CA certs are stored and thats all we have.
Raj wrote:
Thanks for all the response
1. I was able to do the handshaking successfully with the
browser.
On receiving the request from the browser I will send HTTP OK
response
back to the browser, I was able to do the handshaking and read the
actual
GET request.
2.
Alexey Drozdov wrote:
Hi!
When your setup proxy setting for browsers, they using HTTP CONNECT
method for establish pure tcp-connection via proxy (not for local
resources).
It's seems like:
Client send HTTP-request to proxy
CONNECT remotehost:port HTTP/1.1
Host:
Rene Hollan:
Oh! I totally misunderstood this.
I thought OP wanted to MITM SSL sessions (which is possible, if
(a) the traffic is decrypted, (b) certs are reissued and resigned,
and (c) the client TRUSTS the modified cert chain (typically its
root cert)).
This is just HTTPS Proxy. In
I generated the ssl request, I signed it in my CA (openssl) and
uploaded
signed certificate back to device.
I generated also ca.der and uploaded it to my Internet browser. When I
trying open ilo my browser give a warning about a mismatched hostname.
I'm accessing this device via IP
Amit Ben Shahar wrote:
Hi,
The documentation specifies that SSL_ERROR_ZERO_RETURN is returned if
the transport layer is closed normally.
My question is, how should i handle this return code?
specifically should i call SSL_free normally to free resources, or are
resources already freed?
Chuck Pareto wrote:
My group is using RSA with a key thats 2048 in size.
We want to encrypt strings that are longer then this
key size gives.
If we switch to a key that is 4096 what is the max
string length we can encrypt? is it double?
No, no! You are doing this all wrong!
RSA is an
fatalfr fatalfr wrote:
Thank you for your reply. Actually I use
-passin (email editing problem ?)
Complete command line working fine in cmd is
the following one :
openSSL smime -decrypt -in OUT\TEST_OK.TXT -out OUT\OK.TXT
-inkey SBE\sbe-test.key.pem -passin pass:tn!;bg+xy:tABrP1YZK
Charlie wrote:
His algorithm has one part that doesn't seem right to me, but changing
it made things even worse. It seems weird that the Final function is
inside the main for loop. It seems like final should mean... final.
(ie: after the looping is done).
It's quite common that fixing one
Hannes Schuller wrote:
I'm very puzzled here. Why do you sign the reply and then sign a hash
of the signature? You say Message encryption successful, but that's
a signature you're doing, not an encryption.
I was under the impression that RSA_private_encrypt and
RSA_public_encrypt do
Hannes Schuller wrote:
hash = (unsigned char *)malloc(RSA_size(rsa) * sizeof(unsigned char));
ciphertext = (char *)malloc(RSA_size(rsa) * sizeof(char));
signature = (char *)malloc(RSA_size(rsa) * sizeof(char));
if (ciphertext != NULL signature != NULL hash != NULL) {
Chuck Pareto wrote:
I'm not sure what you mean by shouldn't be using public-key
encryption, why?
Because you don't understand its properties, so there's no way you can know
whether or not it meets your security requirements.
It seems like .Net sets up a nice class that is easily
Pankaj Aggarwal wrote:
I am able to think about the following approaches :
1. Keep a record a threads which are spawned.
2. Expose a function from our library for cleanup when the thread exits
Is there any other way to avoid the memory leak caused by error queues ?
There are several:
Rusty Carruth wrote:
I would have thought that OPENssl, for which I have the source, would
have met the requirements to use the _GPL symbols in the kernel.
The requirement is that the module claim that it is available under the GPL
by containing a specific license declaration. You can fix this
Chuck Pareto wrote:
if my public key is 256 bytes long, what is the max length
of the string I can use to encrypt? Is it 256?
If the output is exactly 256 bytes, there are (in theory) 2^(256*8) possible
outputs. That means there can be at most 2^(256*8) possible inputs. There
are more than
Kunal Sharma wrote:
What I see happening is this:
ENCRYPT - size of /etc/rgconf on disk is 157043 bytes
ENCRYPT - size of /etc/rgconf_encrypted on disk is 157044 bytes.
BROWSER saves the file to disk - size is 136 bytes (How ???)
You called 'strlen' on something that was not a string, so it
Kunal Sharma wrote:
void encode2(char *inbuf,char *outbuf)
{
unsigned char key32[] = As different as chalk and cheese;
unsigned char iv[] = As dark as pitch;
AES_KEY aeskey;
memset(outbuf, 0, sizeof(outbuf));
AES_set_encrypt_key(key32, 32*8,
Johannes Baeuer wrote:
Why would a 16 byte block need to be padded by one byte to 17 bytes?
Is it really not immediately obvious?
No encrypted output for one or more bytes of input can be less than 16
bytes. Thus the smallest possible output sequence is 16-bytes. The number of
possible
Christina Penn wrote:
Hello David,
Can you show me exactly how to break up my example code to make my example
work?
It's really simple. When you want to decrypt a message, call
EVP_DecryptInit_ex. For each chunk of data you want to decrypt that is part
of the message, call
Christina Penn wrote:
Here is some example code of me trying to decrypt a partial AES message.
It doesn't work.. is there a way I can do something like this? It only
works
if I call DecryptMessage() with the entire encrypted string. Why?
Your DecryptMessage function is specifically designed
Piper Guy1 wrote:
This is precisely what a browser does. Again, using the
https://www.amazon.com; example, OpenSSL takes care of getting the
certificate from the server, making sure the certificate is valid,
checking
that the server owns the certificate, and making sure the
Sad Clouds wrote:
1) According to the FAQ, an SSL connection may not concurrently be
used by multiple threads. Does this mean that an SSL connection can
be used by different threads provided access is limited to one at a
time?
I assume that having a mutex for each SSL object would
Piper.guy1 wrote:
Hi,
Please understand I'm a newbie to security if my question sounds
rather elementary.
The embedded product I'm working on requires a secure connection to
our server that uses a Verisign certificate to authenticate. I've been
porting the OpenSSL examples from the
Aravinda babu wrote:
During SSL/TLS handshake,a pre master secret is sent from client to the
server by encrypting pre master secret with server's public key.
From that both client and server derive master secret and finally one
symmetric key. My doubt is, why both cannot use pre master
P Kamath wrote:
I said it is an RNG, not cryptographic RNG. By adding current time
source,
however crude, and doing a sha1/md5, why should it not be cryptoPRNG?
What
properties should I look for?
You should look for a cryptographically-secure random number generator.
Seriously, you
Todd Thatcher wrote:
Using the command openssl s_client connect gmail.google.com:443
openssl gets the certificate information and stays connected until I enter
QUIT,
or the timeout is hit -- about 2 minutes later. I want to script
certificate
expiration date checks for out servers. Is
Rene Hollan wrote:
I guess I'm just dense and stupid. Won't that fail since the CA
IC cert won't be signed by the CA cert identified as it's issuer?
Yeah, I think you're right. I made the same mistake I was trying to convince
the OP not to make -- thinking that CAs sign certificates. The
Shaun Crampton wrote:
Is there any way to accomplish this while using only one domain?
Can you be very precise about what you mean by only one domain? For
example, you can do it by pointing www.example.com and www-x.example.com at
the same IP and having the server issue a different certificate
1 - 100 of 1078 matches
Mail list logo