Re: [openssl-users] TLS Heartbeat

> Yes. We're thinking of using TLS Heartbeats as cheaper KeepAlive option in > idle connections. Use TCP keepalive if really needed. That keeps your application level free to reap truly idle connections if/when it wants to. -- openssl-users mailing list To unsubscribe:

[openssl-users] convert from PEM to DER format or vice versa

As I understand, the X509 certificates from CA or self-signed can be created in either PEM or DER format. Is there a way to programmatically convert the PEM format file to DER or DER to PEM? Is there a single API or set of APIs available from openssl libraries? Regards, R. Sairam Sairam

Re: [openssl-users] convert from PEM to DER format or vice versa

Please download the source code and refer to apps/x509.c - this handles the conversion command, such as: openssl x509 -in xxx.pem -inform pem -out xxx.cer -outform DER the function you will look for is i2d_X509_bio On 12 December 2016 at 09:37, Sairam Rangaswamy -X (sairanga - ARICENT

Re: [openssl-users] Is it possible to change the name of export functions from the static library ?

On 11/12/2016 17:34, ddx wrote: I complied an OpenSSL static library for my windows application , which utilize another ssl static library : BoringSSL too. As expected , the linker complains about LNK2005 errors . Is it possible to rename the export functions in the libssl.lib and

Re: [openssl-users] convert from PEM to DER format or vice versa

On 12/12/2016 10:37, Sairam Rangaswamy -X (sairanga - ARICENT TECHNOLOGIES MAURIITIUS LIMITED at Cisco) wrote: As I understand, the X509 certificates from CA or self-signed can be created in either PEM or DER format. Is there a way to programmatically convert the PEM format file to DER or

Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

> So what is the correct way, 1 or 2? > > 1) > > RAND_poll() > /* RAND_bytes is unnecessary */ > /* RAND_add is unnecessary */ > > 2) > > RAND_poll() > RAND_bytes(buf, 128); > /* RAND_add is unnecessary */ On Windows, you call CryptGenRandom to obtain your seed for the OpenSSL PRNG. On Linux, you

Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

On Mon, Dec 12, 2016 at 3:53 PM, Jeffrey Walton wrote: > > So what is the correct way, 1 or 2? > > > > 1) > > > > RAND_poll() > > /* RAND_bytes is unnecessary */ > > /* RAND_add is unnecessary */ > > > > 2) > > > > RAND_poll() > > RAND_bytes(buf, 128); > > /* RAND_add is

Re: [openssl-users] openssl-users Digest, Vol 25, Issue 8

buffer > > using RAND_bytes() (based on https://wiki.openssl.org/ > > index.php/Random_Numbers#Software) seeding via RAND_add(). > > > > -- > Silvio Cl?cio > -- next part -- > An HTML attachment was scrubbed... > URL: <http://mta.openssl.org

Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

> "In short, I just replaced the RAND_screen() call to the RAND_poll(), > generated a random buffer using RAND_bytes() (based on  > https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it via > RAND_add()" You fed RAND_bytes output back into RAND_add? That's silly. --

Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

> > You fed RAND_bytes output back into RAND_add?  That's silly. > Yes. Is it unnecessary? My steps are: It is a bad idea. It is pointless. Don't do it. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

On Mon, Dec 12, 2016 at 3:28 PM, Salz, Rich wrote: > > > You fed RAND_bytes output back into RAND_add? That's silly. > > Yes. Is it unnecessary? My steps are: > > It is a bad idea. It is pointless. Don't do it. So what is the correct way, 1 or 2? 1) RAND_poll() /*

Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

Finally I think I solved this problem! :-) This is the patch I'm going to send to the `ssl_openssl_lib` authors: http://pastebin.com/VgSpnwxB . In short, I just removed the RAND_screen() call, generated a random buffer using RAND_bytes() (based on

Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

On Mon, Dec 12, 2016 at 3:33 PM, silvioprog wrote: [...] > So what is the correct way, 1 or 2? > *"which is ..." -- Silvio Clécio -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

Oops, I meant: "In short, I just replaced the RAND_screen() call to the RAND_poll(), generated a random buffer using RAND_bytes() (based on https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it via RAND_add()" On Mon, Dec 12, 2016 at 2:46 PM, silvioprog

Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

On Mon, Dec 12, 2016 at 3:04 PM, Salz, Rich wrote: > > "In short, I just replaced the RAND_screen() call to the RAND_poll(), > generated a random buffer using RAND_bytes() (based on > https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it > via RAND_add()" > >

Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application

Seed the RNG, via RAND_poll. When or if you need random bytes, call RAND_bytes. If you just need crypto keys, call the appropriate keygen API. Done. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users