RE: Sha256

2014-03-17 Thread Glenn, William
Hi Aya, I have not tried this with a self-signed certificate, but putting the -sha256 option in the signature command has worked for me before, i.e., x509 -req -in server.csr -signkey server.key -out server.crt -sha256 The can check the attribute with: x509 -text -in server.crt ... Signature

FIPS_mode_set Software Integrity self-test question

2014-03-17 Thread Jason Schultz
I've been doing some testing with the latest 2.0 FIPS Object Module I downloaded and 1.0.1e OpenSSL and have a question. I was wondering what the Software Integrity self-test is designed to accomplish? It seems like it's to ensure the source code or build hasn't been tampered with. Out of

Re: FIPS_mode_set Software Integrity self-test question

2014-03-17 Thread Steve Marquess
On 03/17/2014 01:45 PM, Jason Schultz wrote: I've been doing some testing with the latest 2.0 FIPS Object Module I downloaded and 1.0.1e OpenSSL and have a question. I was wondering what the Software Integrity self-test is designed to accomplish? It seems like it's to ensure the source

Re: fips_premain.c, C++ compiler, and work arounds?

2014-03-17 Thread Jeffrey Walton
On Sun, Mar 9, 2014 at 9:06 AM, Dr. Stephen Henson st...@openssl.org wrote: On Sun, Mar 09, 2014, Jeffrey Walton wrote: I still have not found a solution to using OpenSSL with a C++ compiler. fips_premain.c makes the following declarations. They lack 'extern C', so I've got unresolved

Renegotiation and/or Revalidation of CRL and/or Certs files during an active client connection.

2014-03-17 Thread Blechman, Ronald I, Jr (Ron)
I'm looking for a way to revalidate my CRLs and Certificate files for an active TLS client session whenever the files themselves have been updated using the SSL(3) api calls. Specifically, my application would like to do the following: Whenever a new CRL or Certificate is downloaded to my

SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO

2014-03-17 Thread hhachem
openssl_capture.txt http://openssl.6102.n7.nabble.com/file/n48871/openssl_capture.txt Hello, I'm using OpenSSL in order to encrypt some emails, that a piece of hardware sends. But, whenever I try to call SSL_connect(), I get : SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol After sending

How to extract ECC signature bytes from EVP_DigestSignFinal's signature

2014-03-17 Thread axisofevil
I had been using the lower level ECDSA_do_sign for EC signing but had to migrate to EVP functions. If I get signature from EVP_DigestSignFinal(), what format is the signature, and how can I extract the 'real' bytes? I'd expect 32 bytes each for r and s. I need the 'real bytes' for

Re: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO

2014-03-17 Thread Pingzhong Li
U P Sent from my iPad On Mar 17, 2014, at 5:48 PM, hhachem hamze.hac...@deos-ag.com wrote: openssl_capture.txt http://openssl.6102.n7.nabble.com/file/n48871/openssl_capture.txt Hello, I'm using OpenSSL in order to encrypt some emails, that a piece of hardware sends. But, whenever I try

RE: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO

2014-03-17 Thread Pingzhong Li
Sorry, just notice it, it might be sent out my 2 years old son by accident. please ignore this email. Regards,Pingzhong Subject: Re: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO From: lipzh...@hotmail.com Date: Mon, 17 Mar 2014 21:13:20 -0400 To: openssl-users@openssl.org U P