Looks like it needs a BIO_free_all(bio) or something similair.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org]on Behalf Of Matthew Allen
Sent: Wednesday, April 21, 2010 5:18 AM
To: openssl-users@openssl.org
Subject: Socket left in
hack. It _should_ close the socket by itself. I'm
worried that this leakes some BIO object(s), because clearly if the BIO
objects were free'd they'd close their SOCKET. And since that ISN'T
happening maybe the BIO object is not being free [correctly].
Saju Paul wrote:
Looks like it needs
OptRenegotiate - enables avoidance of unnecessary handshakes by mod_ssl
which also performs safe parameter checks. It is recommended to enable
OptRenegotiate on a per directory basis.
also performs safe parameter checks maybe the key.
disable it and check if MSIE likes it.
-Original
1. Who as in Sender-encrypter or Receiver-decrypter should renegotiate
an SSL session? Can it be both or is it only the Sender? Is there a
document that describes the protocol?
2. Does renegotiation always require SSL handshake? (SSL_do_handshake)
Are they any circumstances where the
)
or a time(2minute) boundary would it not result in two renegotiations at the
boundary between the server and client. So even if either side can
renegotiate; is there a preferred renegotiator? not sure if that is even a
word but I hope you know where I'm going with this...
Saju
-Original
SSL on Port 21 usually is Explicit and on 990 Implicit. The difference
between the two being that in Explicit the client gets to decide by sending
the AUTH command when the SSL handshake happens. On Implicit the SSL
handshake happens right after connect. You could use the command line
openssl
FTP SSL operates in two modes. Explicit SSL - where the FTP Client issues
the AUTH command on the clear command channel which results in the server
and client performing the SSL handshake to secure the channel. The other
mode Implicit SSL - the SSL handshake is done soon as the Client to Server
George what you have is openssh; what you need is openssl.
HTH
_
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of George Ping
Sent: Thursday, February 05, 2009 11:09 PM
To: openssl-users@openssl.org
Subject: libcrypto.so.2 problem
Hi,
when building php; include the --with-openssl= option
- on unix/linux platforms it would look something like...
./configure --with-openssl=[DIR]; does a dynamic bind of libssl libcrypto
libraries.
check the built php binary with the ldd command.
Saju
-Original Message-
From: [EMAIL
The EVP functions should be in OpenSSL's crypto library.
some examples written in C
http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node22.html
http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node23.html
Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
gdb is a debugger. it is not clear from reading your note why you are
trying to debug the openssl command line module. if what you are trying to
do is understand why the client is unable to make the connection to
ipaddress:4433; try using the -debug option.
ex:
openssl s_client -connect
subsequent invocation of any cryptographic function calls. If all components
of the power-up self-test are successful then FIPS_mode_set() sets the
FIPS_mode flag to TRUE and the Module is in FIPS mode.
My interpretation of this was to call FIPS_mode_set() before
SSL_library_init()
Saju
IMO the public-key of the signer of the server certificate
CN=www.ws-onramp1.wholesale.bt.com should be in the CAfile
(c:\curl\ca\ca.pem)
-HTH
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Karia Ravi
Sent: Wednesday, June 11, 2008 5:23 AM
To:
Has OID at your site been configured for ldaps ? The SSL connection on 443
if I'm not mistaken is called StartTLS which is different from ldaps.
The URL below seems to suggest that ldaps in OID does not come configured
out of the box.
http://www.politi.no/help/adoidset.htm
Saju
-Original
Have you checked shared libs with ldd ?
# ldd /app/Apache/e2e01/modules/mod_ssl.so
Also check if ssl and crypto are where they are supposed to be...
# ldconfig -p | grep ssl
# ldconfig -p | grep crypt
Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf
Here is a clue...you need to have openssl 0.9.7m built installed on the
system you are attempting the FIPS build on.
HTH
- Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sisyphus
Sent: Thursday, March 13, 2008 12:40 AM
To: openssl-users@openssl.org
On a clean system the build order would be.
1. Build Install openssl-0.9.7m
2. Build Install openssl-1.1.2
3. Build Install openssl-0.9.8g
4. Build your application.
Sorry, wish I had the time in the day to get into specifics.
Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto
typo in step 2.
2. Build Install openssl-fips- 1.1.2
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Saju Paul
Sent: Thursday, March 13, 2008 10:37 AM
To: openssl-users@openssl.org
Subject: RE: OpenSSL FIPS 1.1.2 on Windows
On a clean system the build
TCP Connection: (4 bytes)
SYN
SYN/ACK
ACK
TCP TearDown: (3 bytes)
FIN/ACK
ACK
7 bytes were considered overhead and optimized on a channel that needs an
SSL session.
seems hardly worth it...IMO
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Schwartz
What makes sure that the last 'read' for the first session doesn't get some
of the data for the second session? Either something makes absolutely sure
this can't happen, or it can happen, and your design is broken.
SSL's bidirectional shutdown protocol probably makes sure there is no
Connection shutdown is just:
Library-BIO_ssl_shutdown(Bio);
Library-BIO_set_close(Bio,BIO_CLOSE);
Library-BIO_free_all(Bio);
//if (Library-SSL_shutdown(Ssl) == 0)
// Library-SSL_shutdown(Ssl);
// Library-SSL_free(Ssl); // Do I need this or not?
who is the signer of certificate newcert.pem ? is it a self-signed
certificate ? it should not be. newcert.pem should be signed by a trusted
CA (thawte,verisign,godaddy etc.) or by a CA that is in google/gmail's CA
repository.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
can
choose not to do the debug build of your application or you can change /MTd
switch to /MT and define /define _DEBUG to /define NDEBUG
Cheers,
Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Scott Rueter
Sent: Friday, February 01, 2008 12:48 PM
Jed,
To build static openssl libraries; (libeay32.lib ssleay32.lib)
perl Configure VC-WIN32 no-rc5 no-idea no-mdc2
ms\do_nasm
Edit: ms\nt.mak file (use any standard text editor)
change '/MD' to '/MT' in CFLAG
nmake -f ms\nt.mak
libeay32.lib ssleay32.lib will
Why don't you the check completion code from openssl and delete the 'bad'
RPM ?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mathew
Sent: Monday, November 05, 2007 4:12 PM
To: openssl-users@openssl.org
Subject: Output file is created on incorrect
The other thing that you may have missed is that the tarball
'openssl-fips-1.1.1.tar.gz' should be used ONLY to build the FIPS modules
(which is the fipscansiter.o, an executable, a C source file and 2
signatures). You then need to use the tarball 'openssl-0.9.7m.tar.gz'
(nothing before,nothing
The MSYS directory /usr/local/ssl/lib is the Windows directory
C:\msys\1.0\local\ssl (refered to in points 9 10);
1. there is no directory called /usr/local/ssl/lib
2. in step 10 I can find most of the files, but fips_premain.c.sha1 is no
where to be found
Hmm...these 2 points you have made
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Saju Paul
Sent: Tuesday, September 11, 2007 3:23 PM
To: openssl-users@openssl.org
Subject: RE: C++ compatability
is the compile error on the header file (asn1.h) or at the call ?
copy and paste the error include any necessary code.
-Original
*__ASN1_pack_string' defined but not used
When I remove the include to openssl/hmac.h I can compile successfully.
I am wondering if there is a patch that I need to install to remove
these lines from the header file?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Saju
]
[mailto:[EMAIL PROTECTED] On Behalf Of Saju Paul
Sent: Tuesday, September 11, 2007 2:37 PM
To: openssl-users@openssl.org
Subject: RE: C++ compatability
extern C {
// defn...
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin -
ACD
Sent
for 32-bit objects set SHLIB_PATH and unset LD_LIBRARY_PATH
for 64-bit objects set LD_LIBRARY_PATH and unset SHLIB_PATH
might help..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Aaron Smith
Sent: Tuesday, September 11, 2007 3:34 PM
To:
, 2007 3:38 PM
To: openssl-users@openssl.org
Subject: Re: C++ compatability
Saju Paul wrote:
is the compile error on the header file (asn1.h) or at the call ?
copy and paste the error include any necessary code.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf
below. Public Key
Algorthim on my certificate is rsaEncryption not sure if it can be used with
FIPS.
Thanks,
Saju
openssl version:0.9.7m
openssl fips version: 1.1.1
platform: windows XP (fipscansiter.o built with MinGW, openssl libs built
with VC++)
application: in-house FTP server built
Check 'Network Security with OpenSSL' by John Veiga, Matt Messier and Pravir
Chandra
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Madhuri Rambhatla
Sent: Friday, June 18, 2004 10:14 AM
To: [EMAIL PROTECTED]
Subject: SSL Handshake
Hi,
I am trying to
Openssl has a command line utility (openssl). Use it to build your
certificate.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ryan Schefke
Sent: Thursday, May 20, 2004 7:14 AM
To: [EMAIL PROTECTED]; 'Ryan Schefke'
Subject: Please Don't Shoot
Me for
here is a guess (and it is ONLY that); since the linker is complaining about
the ssl and crypto libraries. will it help if you rebuilt the ssl and crypto
libraries with the sparc7 or sparc8 compiler ?
- Original Message -
From: Jim Mack [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
- a '.so' is a shared object I think what you need to find is .a file
Saju
- Original Message -
From: Anand Raghavan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 28, 2003 11:41 AM
Subject: RE: Installation problem with OpenSSL
I did a find on my system for thread
C'mon give the guy a break. It's an innocent mistake and could happen to
anybody. He said he will take care of the problem so just leave him alone
for a while.
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 12, 2002 11:24 AM
Subject: RE:
Folks,
Trying to resolve a problem with the BIGNUM divide routine BN_div; could
someone check the code below and let me know if there is anything wrong with
code...
The code below is from openssl version 9.6B
int BN_div(..)
{
BIGNUM *snum;
BN_ULONG *wnump; /* a word number pointer
\MIS.$:2:202:45032252 - *** Run-time Error 004 ***
\MIS.$:2:202:45032252 - Arithmetic fault
\MIS.$:2:202:45032252 - From d2i_ASN1_SET + %334, UC.02
\MIS.$:2:202:45032252 - d2i_X509_NAME + %222, UC.02
\MIS.$:2:202:45032252 - ASN1_dup
For domain1, I tried to check the md5's of each of the key and crt...
The md5 for the crt shows up fine. When I try to get the md5 for the
.key,
I get this error:
# openssl rsa -noout -modulus -in server.key | openssl md5
read RSA key
unable to load key
d41d8cd98f00b204e9800998ecf8427e
: Re: problems with private keys... please help! urgent!
It never asked me for a password
- Original Message -
From: Saju Paul [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 10:23 AM
Subject: Re: problems with private keys... please help! urgent
I'm having a problem generating a RSA private when numbits is 64. The RSA
key generation patterns for few bits size I've tried is shown below. It's
seems to have no trouble when numbit is = 32 and = 64.
$WORK0 OLAPPOBJ 392 openssl genrsa 16 (does not generate key file to
stdout)
Generating
have been tested with examples
shown in the documentation.
Regards,
Saju Paul
Hmm. What platform are we talking about? What is the configuration
setting for Configure?
Of course you are aware, that an RSA key with a modulus of 32, 64 etc
is or more or less cosmetic worth. I would consider 1024
Trying to generate a RSA private key and get the
errors shown below
It is able to generate private keys when numbits
= 64.
Any Ideas AnyOne; Thanks In
Advance
$WORK0 OLAPPOBJ 315 run openssl genrsa -out
$work0.cadir.privkey -rand $work0.cadir.rnd -des3 -out $work0.cadir.privkey
- Original Message -
From: support [EMAIL PROTECTED]
Sent: Wednesday, December 05, 2001 9:48 PM
Subject: ¹úÄÚÍâóÒ׶¯Á¦Ö®Ô´
[ ÈôÄú²»¸ºÔðÕâ·½ÃæµÄÒµÎñ, ÇëתÏà¹ØÒµÎñ»ò²¿ÃŵĸºÔðÈË£¬Íò·Ö¸Ðл ]
[ Èô±¾Óʼþ´òÈÅÁËÄú£¬ÎÒÃÇÍò·Ö±§Ç¸ ]
Need to be build the OpenSSL libraries libssl.a libcrypto.a on a Tandem
Guardian platform. Trouble is it's an environment without the MAKE
utility. Using simple Compile Bind Macros (shell-scripts in unix-speak) I
have managed to compile (source list from Makefile.ssl) and build libssl.a .
My
47 matches
Mail list logo
