Dr. Stephen Henson steve-mcmkbn63+blafugrpc6...@public.gmane.org
writes:
[...]
RSA_private_decrypt is fine [...]
Is it? It begins with discouraging-looking code:
int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char
*to,
RSA *rsa, int padding)
{
If one naively uses PKCS12_parse to extract key, certificate, and
certificate chain, and then iterates through the STACK_OF(X509) calling
SSL_CTX_add_extra_chain_cert (starting at sk_X509_value(ca, 0)) then the
chain will be in the opposite order to what's in the PKCS#12 file.
That seems
Dr. Stephen Henson steve-mcmkbn63+blafugrpc6...@public.gmane.org
writes:
[...]
Validated RSA_METHOD structures set RSA_FLAG_FIPS_METHOD, so that will work
with the FIPS module.
That code is there so you can't accidentally use an unvalidated method (e.g.
from an ENGINE) in FIPS mode but if
Cristian Thiago Moecke
contato-pbw9x2wndctn3hn+mpyg4faujnlxr...@public.gmane.org writes:
You have two ways to follow.
1) To use an HSM to sign, the official way to do it is to use an
openssl engine. If your HSM does not provide an openssl engine, it
probably does provide a PKCS#11 module,
Bin Lu blu-3r7miqu9kmnr7s880jo...@public.gmane.org writes:
[...]
if (dcrl)
{
ok = ctx-check_crl(ctx, dcrl);
if (!ok)
goto err;
ok =
Geoff Thorpe [EMAIL PROTECTED] writes:
[...]
Has this ever been (in recent history) an issue within a given
release branch? Ie. has 0.9.8(n+1) ever broken apps that were
running ok against 0.9.8n? 0.9.8x is of course not backwards
compatible with 0.9.7y, and 0.9.9 will not be backwards
Geoff Thorpe [EMAIL PROTECTED] writes:
[...]
But in fact, the original question was about binary compatibility
Sure, and I've no reason to believe binary compatibility has been
broken in 0.9.8. (Though it's something I've never really cared
about.)
[...]
Stephen Lewis step...@commsguy.eu writes:
[...]
- It it possible to specify a dirName nameConstraint that allows CN to
contain *.mydomain.com where * is anything but not allow CN = anything
that does not end in .mydomain.com ?
I don't think that's possible (independent of what's expressible
li...@kaiser.cx writes:
Hi,
On Tue, Mar 31, 2009 at 05:29:15PM +0200, Dirk Reske wrote:
We need to put some extra informations (simple strings) into the
certificates (e.g. year of birth, ...).
I have looked around the internet, but don't really find any usefull stuff.
define a private
Joe Friedeggs friedegg...@hotmail.com writes:
I'm pretty much a noob when it comes to SSL, so any help would be
greatly appreciated. I just installed Openldap running TLS with self
signed certs. Everything *seems* to be working fine (LDAP logs show
TLS encryption), but when I run the
Victor B. Wagner vi...@cryptocom.ru writes:
[...]
This is about unexpected values in KNOWN extension. Not about totally
new extension with new OID.
I think you're misreading it---I think it's talking about unexpected
extensions. In any case I think the language in RFC 5280 makes it
clearer
Mike Frysinger vap...@gentoo.org writes:
[...]
ive been trying to figure out exactly how to invoke openssl to get the
equivalent behavior.
It's beyond me, I'm afraid. But a couple of things do suggest
themselves...
[...]
i'm creating the parameters file with:
openssl ecparam -name
Alessandro Borga al...@libero.it writes:
I must use RSA encrypt/decprypt functions in a target using Arm cpu.
Other rsa source code doesn’t work right because target environment use big
endian memory allocation for int and long
Really? SPARC (32bit) is big-endian, and really quite common
Alexey Luchko l...@ank-sia.com writes:
I'm new to openssl.
I've got two questions on EVP API:
1. What do EVP_EncryptInit_ex and EVP_CipherInit_ex differ with?
When should I use encrypt/decrypt and when cipher?
If you look at the source, EVP_EncryptInit_ex/EVP_DecryptInit_ex are
just
With 0.9.8m I'm getting some failures to read PEM files (and do some
other thnigs, I think) that 0.9.8l is happy with.
The PEM files are created by BouncyCastle, I think (though I imagine
0.9.8l could be persuaded to write similarly failing files). they begin
something like:
-BEGIN RSA
Dr. Stephen Henson st...@openssl.org writes:
[...]
Didn't realise anyone was using CFB for that. Is that some default or does it
have to be specifically requested?
It was explicitly requested, though I'm not sure for any positive reason
in this case (more because we'd used that cipher and
Ben DJ bendj095124367913213...@gmail.com writes:
[...]
but,
openssl ciphers -v HIGH:!RSA
returns,
RSA: Event not found.
I think that's your shell, not openssl.
__
OpenSSL Project
Matt Fioravante fmatthew5...@gmail.com writes:
I've got some code that dynamically allocates an X509 object using
PEM_read_X509 and then extracts some data from it.
The problem is the object never gets freed. I tried to call free() on the
X509 pointer but that doesn't work either because
decoder deco...@own-hero.net writes:
[...]
Ok, so what I am currently doing is something like
asndata = ASN1_OCTET_STRING_new();
ASN1_OCTET_STRING_set(asndata, myData, myLength);
and then I add asndata to an extension I create:
ex =
Aravind GJ aravin...@gmail.com writes:
[...]
While functions like SSL_use_PrivateKey use EVP_PKEY structure, but to
get that structure, I need to use BIO APIs which again takes filename
as input.
See BIO_new_mem_buf(). (There are other ways to construct EVP_PKEYs
without reading from a
Plot Lost plot.l...@gmail.com writes:
Hi, I'm trying to figure out how to check a certificate is valid
according to a chain of certificates.
There are 3 certs in all, and they are all held as X509 data in memory, e.g.
X509 *server_cert;
X509 *inter_cert;
X509 *root_cert;
How can I check
Plot Lost plot.l...@gmail.com writes:
[...]
For this particular project I'm required to check each step
individually, not the entire chain at once.
That's what verifying the chain does (see the implementation of
X509_verify_cert()). You could add a callback using
Erik Tkal et...@juniper.net writes:
Hi Michael,
Your rootcacert is not a root cert, as it was issued by C=US,
ST=UT, L=Salt Lake City, O=The USERTRUST Network,
OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication
and Email. You need to append that cert as well to your
Erik Tkal et...@juniper.net writes:
Maybe that's a bug in OpenSSL 0.9.8o? The docs for verify say It is
an error if the whole chain cannot be built up.
Maybe, but I think it's just as reasonable to regard it as a bug in the
docs.
I think it's useful for verify to be able to verify chains
Dr. Stephen Henson st...@openssl.org writes:
[...]
Is that unmodified OpenSSL 0.9.8o? If so that's peculiar I get the expected
error here.
No, it's Debian's 0.9.8o-2.
[...]
__
OpenSSL Project
Michael Ströder mich...@stroeder.com writes:
Bruce Stephens wrote:
[...]
Ah, my fault. Obvious in retrospect: Debian's openssl finds the root
cert because it's in the ca-certificates package!
Did you use -CAfile as in my original posting when testing?
I did.
Doesn't -CAfile set
ikuzar razuk...@gmail.com writes:
[...]
my questions :
1) What does DER format means ?
Distinguished Encoding Rules. It's an encoding for ASN.1. See X.690.
is it equivalent to a string format ?
It's a binary serialisation. So it's a string in the sense that it
can be sent over
Jeff Saremi jsar...@morega.com writes:
[...]
Section 6.3.3. of RFC 5280 - CRL Processing
This algorithm begins by assuming that the certificate is not revoked
For each distribution point (DP) in the certificate's CRL distribution
points extension, for each corresponding CRL
So my
Jeff Saremi jsar...@morega.com writes:
[...]
Here's the code:
cert.status = NOT_REVOKED;
for (i = 0; i cert.crldp.size; ++i)
{
/* some processing loops */
if(cert.status == UNDETERMINED)
{
/* do what Bruce Stephens suggested */
}
}
No, I think RFC5280 is saying that you
Jeff Saremi jsar...@morega.com writes:
[...]
According to the RFC, is it an error for a certificate and its chain not
to have any CRLs and CRL distribtuion points?
No, but you're perhaps confusing things by joining the two together. On
CRL DPs, this profile RECOMMENDS support for this
David Coulson da...@davidcoulson.net writes:
[...]
OpenSSL has other ideas. First one validates fine, second one does
not. I can't for the life of me figure out what the difference is.
Any ideas?
Add the -showcerts option to the s_client commands and you'll see the
first server returns a
David Coulson da...@davidcoulson.net writes:
On 3/29/11 12:58 PM, Bruce Stephens wrote:
Add the -showcerts option to the s_client commands and you'll see the
first server returns a chain of certificates where the second offers
only the end server certificate.
Okay, I see that - Makes sense
I was confused to find logging indicating an intermittent error while
doing SSL in an application:
x509 certificate routines:X509_check_private_key:key values
mismatch:x509_cmp.c:318:
But that's while running automated tests which always use certificates
and keys from pregenerated PKCS#12 files.
I have a chain that fails to verify:
brs% openssl verify -verbose -issuer_checks -CAfile serversTA.pem -untrusted
'servers-users.pem' dua.pem
dua.pem: CN = config, CN = DSA Manager
error 29 at 0 depth lookup:subject issuer mismatch
CN = config, CN = DSA Manager
error 31 at 0 depth
I have a chain that fails to verify:
brs% openssl verify -verbose -issuer_checks -CAfile serversTA.pem -untrusted
'servers-users.pem' dua.pem
dua.pem: CN = config, CN = DSA Manager
error 29 at 0 depth lookup:subject issuer mismatch
CN = config, CN = DSA Manager
error 31 at 0 depth
Jakob Bohm jb-openssl-Ov0D3Su7/I/qt0dzr+a...@public.gmane.org writes:
[...]
As explained above, 192 bit DSA and ECDSA only works with 192 bit
hashes (and only one hash algorithm is allowed for each private/public
key pair).
You can use larger digests (SHA-512, for example), but the digest
Jakob Bohm jb-openssl-Ov0D3Su7/I/qt0dzr+a...@public.gmane.org writes:
[...]
I did mention that in passing under my item 2 (where I mentioned use
of 192-bit-truncated-SHA-224 as one allowed 192 bit hash algorithm for
use with ECDSA-192).
OK, sorry, I missed that.
I don't remember if the
sandeep kiran p sandeepkiranp-re5jqeeqqe8avxtiumw...@public.gmane.org
writes:
Hi,
A quick question. Does the SubjectName in a certificate really need
point to an LDAP DN in a X500 Directory that a CA uses or do CAs
manage the SubjectName DNs without actually using any sort of
Directory? I
Bruce (Riji) Cai bcai-zm9q81nvl4ufkj6hysv...@public.gmane.org
writes:
Not quite sure, but to my understand, the ex_data is saved into per
ssl connection context, so the index to it should be per connection
scope.
That's not correct, no. The ex_data mechanism can be used to store many
Arthur Spitzer arthur.spitzer-nefzrhniqppqt0dzr+a...@public.gmane.org
writes:
[...]
The problem is: The verification always fails with error code 7
(“signature invalid”). I already tried three different attempts
(documented in the attached cpp file) to build the trust chain, with
the same
Anand Vasudevan [EMAIL PROTECTED] writes:
Hi, am using libcurl(ver 7.15.4) which uses openssl libraries. When I
ran my application with valgrind-3.1.0 in Fedora core 5, I observed
some valgrind errors coming from open ssl library..any inputs? pls
find the attached for the errors..
You
Christopher Kunz [EMAIL PROTECTED] writes:
how can I extract all extensions from a certificate into a
STACK_OF(X509_EXTENSION)? For certificate requests, there is
X509_REQ_get_extensions that returns this stack, but how is that done
with an actual certificate?
X509_get_ext_count(),
Christopher Kunz [EMAIL PROTECTED] writes:
[...]
Is there any up-to-date complete documentation available for the full
function set of OpenSSL? For some of the stuff, like ASN.1 manipulation,
I can't even find anything on Google...
Not that I know of. I use Source Navigator (or
Marcelo de Moraes Serpa [EMAIL PROTECTED] writes:
[...]
Does that mean that the developer made the link to the create account page
via HTTPS (not important at all) and then forgot the really relevant part,
which is to send the html form contents via HTTPS?
Yes.
Saju Paul [EMAIL PROTECTED] writes:
It is very clear that you Thomas have never ever used the hmac routines !!
So how you entertain yourself is irrelevant to the problem being discussed.
thank you.
You'll need to give more information. For me, the following C++
program compiles, links (needs
Dr S N Henson [EMAIL PROTECTED] writes:
[...]
There's a function X509_get1_email() which will retrieve a list of
email addresses both from the subject name and subjectAltName
extensions and arrange them in a STACK. From then its trivial to
just compare each or use sk_find().
Currently
Dr S N Henson [EMAIL PROTECTED] writes:
[...]
Ah, I see. The x509 -email option of OpenSSL 0.9.6 does just that.
So it does. Sorry, I should have RTFMed!
I've passed this information on to the Gnus list, so with any luck,
Gnus will be one of the first free MUAs to support S/MIME
andatory for
TLS-1.0, but browsers don't support them (or not very well, anyway)
yet. (It'll probably be a while until the browsers support these
things properly---probably after next September when it won't matter
anyway.)
--
Bruce Stephens [EMAIL PROTECTED]
MessagingDirect(UK)
reliably, either. So what's the right thing to do?
--
Bruce Stephens [EMAIL PROTECTED]
MessagingDirect(UK) Ltd URL:http://www.MessagingDirect.com/
__
OpenSSL Project http
Edward Ned Harvey (openssl)
openssl-Z8efaSeK1ezqlBn2x/y...@public.gmane.org writes:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Michael Wojcik
For someone who does want more background in cryptography, I'd
recommend Schneier's /Applied
I have some code accessing these fields from X509_NAME pointers, but
obviously that's not allowed in 1.1.
I think the code can be restructured to use X509_NAME_cmp
instead. Maybe.
But before I start that, is there some strong reason for not offering an
accessor function? Something like
Suppose I want to verify a certificate, and I've collected some CRLs
and some OCSP responses. How can I do that?
If I just want to verify revocation for the end certificate (so
X509_V_FLAG_CRL_CHECK rather than X509_V_FLAG_CRL_CHECK_ALL) then
that's straightforward: I use X509_verify_cert without
52 matches
Mail list logo