From: owner-openssl-us...@openssl.org On Behalf Of Sukalp Bhople
Sent: Friday, 29 June, 2012 15:30
I am trying to measure server performance for client certificate
verification.
However, there is no significant difference in the server performance
when I send one certificate and condition when
From: owner-openssl-us...@openssl.org On Behalf Of Lutz Jaenicke
Sent: Friday, 29 June, 2012 15:10
Forwarded to openssl-users for public discussion
(attachment: 80-char lines of base64 that didn't decode)
OpenSSL BIO_f_base64 by default tries to nearly enforce the
MIME limit of 76 encoded
From: owner-openssl-us...@openssl.org On Behalf Of Sukalp Bhople
Sent: Friday, 29 June, 2012 19:37
Following is the code I used at server side program.
while (1) {
SSL *ssl = SSL_new(ctx);
SSL_set_fd(ssl, clientserver[1]);
if (SSL_accept(ssl) != 1)
break;
From: owner-openssl-us...@openssl.org On Behalf Of Dogan Kurt
Sent: Friday, 29 June, 2012 15:14
Hi, i am developing a client app with openssl. I use SSL_read
and SSL_write in blocking mode, i just cant figure out something
about them, if server sends me 10 kb and i call SSL_read just
once, can
From: owner-openssl-us...@openssl.org On Behalf Of Mohammad khodaei
Sent: Monday, 02 July, 2012 10:05
I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt().
I use this procedure to encrypt so that I can retreive the encrypted buffer
into a char* (and not into a file). Here is
_
From: Mohammad khodaei [mailto:m_khod...@yahoo.com]
Sent: Wednesday, 04 July, 2012 07:12
To: openssl-users@openssl.org; dthomp...@prinpay.com
Subject: Re: Convert PKCS7_decrypt output to char*
Thanks a lot for the response. I applied the feedbacks you gave me. Now I
changed the
From: owner-openssl-us...@openssl.org On Behalf Of Peter Eckersley
Sent: Monday, 09 July, 2012 19:59
# now try to verify it. Note that allcerts was a poorly chosen
directory name. It should have been allCAs...
openssl verify -untrusted twitter.com.results_2.pem
-CApath ../allcerts/
From: owner-openssl-us...@openssl.org On Behalf Of Sandro Tosi
Sent: Monday, 09 July, 2012 10:15
/usr/bin/openssl ts -verify -sha256 -untrusted CERT -CAfile
CA -data FILE TO MARK -in TSA REPLY
and the output we get is:
140119872083624:error:2F06D064:time stamp
From: owner-openssl-us...@openssl.org On Behalf Of Sebastian Raymond
Sent: Saturday, 07 July, 2012 05:31
I have set-up the apache2 on my linux machine. Everything worked fine
previously.
But now, when I try to use openssl s_client command to connect to
the machine, SSL handshake is
From: owner-openssl-us...@openssl.org On Behalf Of Michal Kuchta
Sent: Thursday, 12 July, 2012 10:04
I have a certificate and private key file in the encrypted .p12 file
format (I have the password for the file). I need to use it in the
[PHP] function PKCS7_sign, which assumes certificates
From: owner-openssl-us...@openssl.org On Behalf Of Matthias Apitz
Sent: Sunday, 22 July, 2012 02:54
I'm trying to build openssl keys to be used in a client/server connection
and neeed some step by step guide for this, as I'm doing it for the
first time.
1)openssl req -out ca.pem -new
From: owner-openssl-us...@openssl.org On Behalf Of Sukalp Bhople
Sent: Wednesday, 25 July, 2012 08:45
You will always have to create a certificate request using your private
key.
True if you're using an external CA, but not if you're doing it yourself.
openssl commandline supports both options:
From: owner-openssl-us...@openssl.org On Behalf Of Hasan, Rezaul (NSN -
US/Arlington Heights)
Sent: Thursday, 26 July, 2012 12:02
I have created a self-signed CA certificate, a Client certificate and a
Server certificate. I signed the Client and Server certificates with
the self-signed CA
From: owner-openssl-us...@openssl.org On Behalf Of Saurabh Pandya
Sent: Thursday, 26 July, 2012 02:52
demos/x509/mkcert.c approach:
I understood that I dont need to create Certificate
signing request (CSR) and I can directly create
X509 *My_cert ,
and sign it with my CA
From: owner-openssl-us...@openssl.org On Behalf Of Saurabh Pandya
Sent: Friday, 27 July, 2012 10:21
On 7/27/12, Saurabh Pandya er.saurabhpan...@gmail.com wrote:
Do roughly the same thing apps/ca.c does, except you probably don't
need all its options but may want some other options:
From: Ashok C [mailto:ash@gmail.com]
Sent: Saturday, 28 July, 2012 01:21
Thanks Dave. But main use case for me is the trust anchor update case.
I have a certain requirement which goes like this:
I have a client application which runs on my machine and it will attempt
to connect to multiple
From: owner-openssl-us...@openssl.org On Behalf Of Pica Pica Contact
Sent: Saturday, 28 July, 2012 14:41
My application uses X.509 certificates with commonName field
set to following format:
number#UserName,
Everything is ok when UserName is in ascii, but when I sign
new certificates
From: owner-openssl-us...@openssl.org On Behalf Of Pica Pica Contact
Sent: Monday, 30 July, 2012 13:47
Look at this example: snip
This certificate was signed by openssl ca without changing subject,
and openssl req did not use BMPString and UCS-2 in this
case. CN string contains Georgian
From: owner-openssl-us...@openssl.org On Behalf Of Albers, Thorsten
Sent: Monday, 30 July, 2012 03:43
snip
I also debugged the openssl-server when receiving the message
above. The server recognized the correct hash and signature
algorithms, but while following the functions to the point
From: owner-openssl-us...@openssl.org On Behalf Of Erik Tkal
Sent: Wednesday, 01 August, 2012 16:33
I'm playing around to see if I can observe client and server
under various conditions when negotiating TLS 1.2 with newer
certs. I created a root and server cert as ecdsa-with-SHA256.
From: owner-openssl-us...@openssl.org On Behalf Of Harald Latzko
Sent: Thursday, 02 August, 2012 03:03
snip self-signed certificate as attached to this mail (can be retrieved
from the TLS server 87.236.105.37:6619). My TLS client uses the
following options:
SSL_CTX_load_verify_locations(ctx,
From: owner-openssl-us...@openssl.org On Behalf Of Harald Latzko
Sent: Friday, 03 August, 2012 03:02
Am 03.08.2012 um 03:55 schrieb Dave Thompson:
Yes, the hash link (hash.0) exists and after the first
connect failed, I double-checked the linked openSSL version
against the commandline
From: owner-openssl-us...@openssl.org On Behalf Of Erwann Abalea
Sent: Monday, 06 August, 2012 08:06
The given certificate is correctly self-signed, you can
manually check
it by extracting the signature block and playing with openssl rsautl
..., dd ... | openssl dgst -sha1, etc.
It
From: owner-openssl-us...@openssl.org On Behalf Of Alexandra Druecke
Sent: Tuesday, 07 August, 2012 08:02
I'm using the attached code to connect to a server. This
works perfectly until
I had to excange the certificate which now needs two
additional intermediate
certs. All certs are
From: owner-openssl-...@openssl.org On Behalf Of Mithun Kumar
Sent: Wednesday, 08 August, 2012 16:53
Note: individual recipient dropped; that's poor netiquette
unless requested, which AFAICS it wasn't.
I think this should be -users not -dev, so I added -users back.
i will elaborate, for
From: owner-openssl-us...@openssl.org On Behalf Of James Marshall
Sent: Thursday, 09 August, 2012 19:41
I'm trying to write a secure embedded HTTP server using OpenSSL.
I'm using non-blocking I/O, and the main functions I'm using are
SSL_accept(), SSL_read(), SSL_write(), and SSL_shutdown().
From: owner-openssl-us...@openssl.org On Behalf Of Alexander Voropay
Sent: Friday, 10 August, 2012 08:24
How to produce a canonical RC4 test vectors as seen on Wikipedia
http://en.wikipedia.org/wiki/Rc4#Test_vectors
[or RFC6229, referenced therein]
Is it possible to produce this result
From: owner-openssl-us...@openssl.org On Behalf Of CharlesTSR
Sent: Friday, 10 August, 2012 16:48
Please bear with me; I'm a real SSL newbie. I am attempting
to develop my
first SSL program, an SSL/TLS client that will communicate
with a commercial
SSL server product (Kiwi Server) that
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Monday, 13 August, 2012 11:32
Found some things on the Web that led me to believe some
programs choke when
they get IPv6 addresses back from gethostbyname(), so I tried
disabling IPv6
on Windows -- but no improvement.
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Saturday, 11 August, 2012 08:57
I wondered if perhaps there were path or filename
specification problems
(need to escape backslashes? a problem with embedded spaces?) but I
eliminated all of those variables -- put the
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Tuesday, 14 August, 2012 08:09
snip
if your self-signed cert has a KeyUsage extension that does
not include certSign,
OpenSSL skips it for chain-building, resulting in verify 20.
Looks like the latter to me. Please
From: owner-openssl-us...@openssl.org On Behalf Of CharlesTSR
Sent: Tuesday, 14 August, 2012 17:12
You've already followed-up with some, but a few more points:
I am porting an existing Windows-based TCP/IP server
(receive-only, not a Web server) to OpenSSL.
The way it works with TCP/IP
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Monday, 20 August, 2012 15:32
Sorry to have so many questions ...
I create a certificate request. I sign it with
openssl.exe ca -in MYNOTEBOOK_server.req.pem -config CMC_root_config.cnf
-out MYNOTEBOOK_server.pem
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Monday, 20 August, 2012 16:05
I create a certificate request that includes -reqexts usr_cert. The [
usr_cert ] section specifies two additional names.
I display the request and see them:
snip
I then sign the request
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Tuesday, 21 August, 2012 14:41
The O'Reilly OpenSSL book - in some examples but not others -
cat's the
certificate and key together and then just uses that one file as both
certificate_chain_file and PrivateKey_file.
From: owner-openssl-us...@openssl.org On Behalf Of Bart W Jenkins
Sent: Monday, 20 August, 2012 09:15
I've created a prototype, in Java that creates an s/mime file,
and now I need to convert that to the equivalent of what the
binary switch does when using openssl. The command in openssl is:
From: owner-openssl-us...@openssl.org On Behalf Of Nathan McCrina
Sent: Tuesday, 21 August, 2012 21:31
snip I'm using 'openssl enc' on the command line to check my
[Blowfish]. However, the man page seems to indicate that it is only
possible to use 128-bit keys with the openssl Blowfish. Is
From: owner-openssl-us...@openssl.org On Behalf Of Tayade, Nilesh
Sent: Wednesday, 22 August, 2012 16:13
The 'Client Key Exchange' packet carries the encrypted
premaster. I am working on utility for decrypting the data
and supported cipher suites are RC4_128_MD5 and RC4_128_SHA.
Only for
From: owner-openssl-us...@openssl.org On Behalf Of Bjoern Schiessle
Sent: Friday, 24 August, 2012 12:14
snip Now I'm trying the implement the function
which does exactly the opposite: Take the public and private key in
the PEM format from the server and import it in a RSA structure:
Note
From: owner-openssl-us...@openssl.org On Behalf Of Paulo Roberto
Sent: Monday, 27 August, 2012 18:37
Can no one help me? Isn't there a way of specifying the local
the openssl is installed?
You mean location i.e. in the file system? As far as I know
packages on most Linuxes, including ubuntu,
From: owner-openssl-us...@openssl.org On Behalf Of Paulo Roberto
Sent: Monday, 27 August, 2012 20:21
Okay, this time you did post the error.
When I use the command gcc teste.c -lssl -o teste:
/tmp/ccyvrO2i.o: In function `main':
rsa.c:(.text+0x8): undefined reference to `BN_new'
snip many more
From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
Sent: Thursday, 30 August, 2012 08:32
cryptlib.h
#ifdef OPENSSL_USE_APPLINK
#define BIO_FLAGS_UPLINK 0x8000
#include ms/uplink.h
#endif
On Thu, Aug 30, 2012 at 6:00 PM, Mithun Kumar mithunsi...@gmail.com
wrote:
i am extremely
From: owner-openssl-us...@openssl.org On Behalf Of Hankyaku
Sent: Friday, 31 August, 2012 05:29
I'm working on a bigger poject where openSSL is used. Right
now I'm doing the migration from 1.0.0e to 1.0.1c. On the way
I get a number of linking errors, like: ssleay32.lib(ssl_sess.obj)
:
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Friday, 31 August, 2012 12:39
To: openssl-users@openssl.org
Subject: RE: Creating a SSH Key pair - public and private for
my Windows 2008 server app so it can communicate with a
partner sftp site
You can do this with
From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
Sent: Thursday, 30 August, 2012 19:50
openssl s_client -connect NC-WIN2008X64:1433 -state -debug -msg -ssl3
CONNECTED(0003)
SSL_connect:before/connect initialization
write to 08A018A8 [08A0B660] (100 bytes = 100 (0x64))
snip
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Friday, 31 August, 2012 12:00
To: openssl-users@openssl.org
Subject: SSL_CTX_set_default_verify_paths and Windows?
Is there documentation for SSL_CTX_set_default_verify_paths()?
It's declared here
From: owner-openssl-us...@openssl.org On Behalf Of Richard Levenberg
Sent: Sunday, 02 September, 2012 13:30
The error with both OpenSSL 1.0.0e 6 Sep 2011 and OpenSSL
1.0.1c 10 May 2012 is:
3076311816:error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert
internal error:s3_pkt.c:1251:SSL
From: owner-openssl-us...@openssl.org On Behalf Of Carolin Latze
Sent: Monday, 03 September, 2012 13:39
I try to send an RSA public from one entity to another using socket
BIOs. I use PEM_write_bio_RSA_PUBKEY and PEM_read_bio_RSA_PUBKEY to do
that. I also tried with
From: owner-openssl-us...@openssl.org On Behalf Of Carolin Latze
Sent: Monday, 03 September, 2012 10:48
I guess I just got it if the only way is to use the PEM API?
Hi all,
is there an API call that allows to extract an RSA public key (out of an
RSA structure) or should I just access
From: owner-openssl-us...@openssl.org On Behalf Of Carolin Latze
Sent: Tuesday, 04 September, 2012 08:03
I went on reading about this error and figured out that the socket bio
does not support the BIO_gets method. Is it possible that
PEM_read_bio_RSA_PUBKEY uses BIO_gets internally and is
From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
Sent: Thursday, 06 September, 2012 16:29
When i give file pointer as input to API(ERR_print_errors_fp())
nothing is getting written to the FILE during a SSL handshake
failure. Any inputs why things are failing.
If you are
From: owner-openssl-us...@openssl.org On Behalf Of Ben White
Sent: Friday, 07 September, 2012 13:01
snipusing gSOAP with opensslsnip
Everything works fine on my build system (Fedora 17 x64), but
when I run the cross compiled version on my target device
(ARM/Montavista 5), I get the following
From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
Sent: Monday, 10 September, 2012 01:56
Answering -users only, this isn't a -dev question.
I have a challenge befor me where i have to debug a SSL handshake
failure. Client has OpenSSL libraries and Server is Microsoft
SQL Server.
From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
Sent: Monday, 10 September, 2012 08:17
On Mon, Sep 10, 2012 at 1:52 PM, Dave Thompson dthomp...@prinpay.com
wrote:
2. If it's a handshake failure, can you use commandline
s_client? That has logging builtin, use -msg
From: owner-openssl-us...@openssl.org On Behalf Of Ben White
Sent: Monday, 10 September, 2012 06:17
snip my previous advice, can't easily reformat
Calling openssl with the -CApath pointing to the certificate
store resolves this issue, so it's definitely related to this.
However, there seems to
From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
Sent: Tuesday, 11 September, 2012 02:10
On Tue, Sep 11, 2012 at 8:08 AM, Dave Thompson dthomp...@prinpay.com
wrote:
snip
I didn't notice before, but 1433 on Windows is usually SQLServer.
If so, SQLServer doesn't start
From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de
Almeida
Sent: Tuesday, 11 September, 2012 10:08
To: openssl-users@openssl.org
For any SSL connection, you have to assure that:
1- The cpu's can reach each other (the hostname
test.mydomain.com must be also resolved).
From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
Sent: Friday, 14 September, 2012 20:53
On the issue i am working currently after i connect to a SQL Server,
Client hello is sent successfully but I am not getting server hello
and READ() below returns as highlighted. Looks like
From: owner-openssl-us...@openssl.org On Behalf Of Mohammad Khodaei
Sent: Monday, 17 September, 2012 05:01
I've got a problem regarding BIO* to PKCS7* conversion. I want to
call PKCS7_decrypt() function to decrypt a cipher text. Before that,
I have this section of code:
in =
From: Mohammad khodaei [mailto:m_khod...@yahoo.com]
Sent: Tuesday, 18 September, 2012 06:52
Thanks for the response. The encryption is also done by me.
I have generated the cipher text as below:
in = BIO_new_mem_buf(pchContent, iPriKeyLen);
if (!in) { //
p7 =
From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
Sent: Tuesday, 18 September, 2012 00:37
Hello Dave,
Below is what i see in Server Logs
Encryption is required to connect to this server but the
client library does not support encryption; the connection
has been closed.
From: owner-openssl-us...@openssl.org On Behalf Of James Burton
Sent: Tuesday, 18 September, 2012 15:15
Can you tell me what I am doing wrong , I am build a window application (
.exe )
and I got this error:
igncl.exe sign.c
Microsoft (R) C/C++ Optimizing Compiler Version 17.00.50727.1 for x64
From: owner-openssl-us...@openssl.org On Behalf Of ckyh43
Sent: Thursday, 20 September, 2012 04:50
I am unable to connect to the Gmail IMAP server with the
OpenSSL s_client. snip Debug output (from the second command):
http://pastebin.com/raw.php?i=BJumtDHV
(sent ClientHello see below,
From: owner-openssl-us...@openssl.org On Behalf Of Sharanagoud B D
Sent: Friday, 21 September, 2012 02:03
Hi All,
Can anyone tell me how to increase the SSL record layer length size?
I assume you mean the maximum size (or limit) of 2^14 bytes.
You set the length of a particular record you
From: owner-openssl-us...@openssl.org On Behalf Of Nou Dadoun
Sent: Friday, 21 September, 2012 15:29
Just wanted to confirm an assumption, I've got 3 x509 certificates:
Root -- intermediate -- leaf
I load the intermediate certificate (but not the Root
certificate) into the x509_store
From: owner-openssl-us...@openssl.org On Behalf Of Gloria Binette
Sent: Tuesday, 25 September, 2012 07:42
I have been tasked with using OpenSSL to create certificates and
then use them with Glassfish. I have created the CA, CSRs and CRTs,
have tried various ways to import them into
From: owner-openssl-us...@openssl.org On Behalf Of David William
Sent: Tuesday, 25 September, 2012 07:07
I am writing a soap request and I am using SSL_VERIFY_NONE flag mode
because that was the only way that I could actually do the request
to the server.
I tried the others mode flags
From: owner-openssl-us...@openssl.org On Behalf Of Bogdan Harjoc
Sent: Wednesday, 26 September, 2012 12:23
I'm looking for the reason a server closes a SSL connection unless
I overwrite this cipher id from the ClientHello cipher list:
(more exactly, improperly closes during handshake; close[]
From: owner-openssl-us...@openssl.org On Behalf Of sa...@zxid.org
Sent: Wednesday, 26 September, 2012 06:46
Matthias Apitz g...@unixarea.de said:
and was a bit surprised that the connection went fine and
the wserver
accepts the SSL connection and responds fine with its dummy
message.
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Monday, 01 October, 2012 10:12
Is there specific documentation anywhere for TXT_DB errors?
AFAIK only $sourcetree/crypto/txt_db/txt_db.h
Unlike most(?) other modules in openssl, txt_db does NOT use
the ERR_ module with
From: owner-openssl-us...@openssl.org On Behalf Of Bogdan Harjoc
Sent: Thursday, 27 September, 2012 11:19
On Thu, Sep 27, 2012 at 1:43 AM, Dave Thompson dthomp...@prinpay.com
wrote:
What version of openssl, and was it built with any options? snip
I tried with 1.0.0d and 1.0.1c. I
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Tuesday, 02 October, 2012 17:06
I deleted index.txt and reset serial.txt to 00 and that
solved the problem.
Hope that was not a terrible idea.
If this was play data as said it shouldn't hurt, but I'm
not sure it's a
From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
Sent: Thursday, 04 October, 2012 14:31
I have a self signed certificate created and i have loaded that
into a trust store of the client. I have also configured the Server
with that self signed certificate. So when i try to
From: owner-openssl-us...@openssl.org On Behalf Of Henrik Grindal Bakken
Sent: Friday, 05 October, 2012 03:47
Hi. I have a list of (RSA) signatures made on the same digest, and
I'd like to store them in a single file.
A simple solution is obviously to e.g. store the length of sig0
(32
From: owner-openssl-us...@openssl.org On Behalf Of Dongcai Shen / Xiaoli
Shen
Sent: Thursday, 04 October, 2012 04:57
I am a newbie of using openssl and would like to seek help from you.
Thank you very much.
A common error message printed out by openssl is:
140770FC:SSL
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
Sent: Saturday, 06 October, 2012 19:11
On Sat, Oct 6, 2012 at 5:41 PM, Charles Mills
charl...@mcn.org wrote:
Thanks. I'm a relative newbie to this whole topic. Can you
point me to a resource that describes pin in the sense
From: owner-openssl-us...@openssl.org On Behalf Of Matthias Apitz
Sent: Sunday, 07 October, 2012 02:36
El día Saturday, October 06, 2012 a las 01:37:06PM -0400,
Indtiny s escribió:
Hi,
Thanks for the information .. I get the server part from
the this link
From: owner-openssl-us...@openssl.org On Behalf Of redpath
Sent: Saturday, 06 October, 2012 18:59
I have created EC Digital Signature and saved it in a file.
snip
And I use this signature file to verify a message digest later using a
public key.
snip
You don't say, but I assume this
From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
Sent: Tuesday, 09 October, 2012 21:12
I am trying to write a server that will accept an incoming SSL connection.
In psuedo, I have the following chain of function calls
SSL_CTX_load_verify_locations(ctx,
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Monday, 08 October, 2012 07:47
Dave, any thoughts on my original question? My thread kind of
got hi-jacked.
Not much, but since you ask:
-Original Message-
From: Charles Mills [mailto:charl...@mcn.org]
Sent:
From: owner-openssl-us...@openssl.org On Behalf Of Sharanagoud B D
Sent: Tuesday, 09 October, 2012 06:25
How to check in Linux client device whether the certificate
used is cached or it's from the server? I am using openssl
s_client to establish http connection.
By the certificate used
From: owner-openssl-us...@openssl.org On Behalf Of Sharanagoud B D
Sent: Tuesday, 09 October, 2012 06:39
Is there a option to specify a source interface along with
openssl s_cleint option to establish multiple HTTP
Connections from single linux device? This is required to
test
From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de
Almeida
Sent: Thursday, 11 October, 2012 14:04
I have an application which already establishes SSL Socket connection
using OpenSSL as lib. Now, my application needs to able the user create
a RSA key pair, sign documents and
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Thursday, 11 October, 2012 10:45
On 10/11/2012 4:16 PM, redpath wrote:
Well the situation is I have a file which has been signed
for its contents.
This signature
is used to verify the authentication of the file. The
. But that skips the only
usage of certs in the protocol, namely for authentication,
so it seems unlikely to be what you want.
Thanks,
Sharan
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Thursday, October
From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
Sent: Thursday, 11 October, 2012 19:03
i have a server that is running a custom app that can accept
a SSL connection. I generate a cert on each server, that is
signed by my own CA. I tested whether this worked or not by
using the
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Thursday, 11 October, 2012 19:40
Some minor points:
How do you specify the name (URL) of the Web site in Firefox?
Do you use exactly the same name as you use with the test client
(and the name in the certificate)?
OP's
parameters needed for req -new
on the commandline you don't need a config file for that.
Since 1.0.0 -new demands a config file even if not needed.
On Thu, Oct 11, 2012 at 7:55 PM, Dave Thompson dthomp...@prinpay.com
wrote:
snip: name(s) in cert must match host desired by client like Firefox
From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
Sent: Sunday, 14 October, 2012 17:36
I am trying to use SSL_connect. I have bound a socket to my interface,
set up the context, and call SSL_connect(). This is returning a -1,
which I catch, and call SSL_get_error() to fall through a
From: owner-openssl-us...@openssl.org On Behalf Of Alex Chen
Sent: Friday, 12 October, 2012 21:31
The 'openssl cipher -v' command shows the following cipher suites:
snip
If both the client and server uses the sample version of openssl
library and they only calls OpenSSL_add_all_algorithms()
to
From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
Sent: Friday, 12 October, 2012 17:06
Interesting. While I was playing around with this, I actually
noticed that if I use the -subj option on the CSR, I am not able
to do this. I was able to get it working by adding the common name
From: owner-openssl-us...@openssl.org On Behalf Of ml
Sent: Sunday, 14 October, 2012 17:54
i am a little question concerning the presence of libssl.dll
libcrypt.dll into the win32 standard system or OS
into linux this lib are very standard
its the same when are the poor win32 OS is ready
From: owner-openssl-us...@openssl.org On Behalf Of naveen
Sent: Saturday, 13 October, 2012 21:59
I have a question related to openssl. I need to give two keys
k1 and k2 for ede encryption(for des). Now how do I give it in
the command line ?
I see that there is a pass parameter and iv parameter,
From: owner-openssl-us...@openssl.org On Behalf Of Sanjay Patnaik
(sanpatna)
Sent: Friday, 12 October, 2012 16:29
Is there any documentation available for functions like
PEM_read_PrivateKey, Pem_write_PrivateKey etc.
On any correct Unix install you should have man pages.
Or online at
From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
Sent: Friday, 12 October, 2012 11:51
As some additional info, I am suspecting this may be an issue with my
config file.
I am using the same config file I used to set up my certificate authority,
which has under [ req ] a
From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de
Almeida
Sent: Monday, 15 October, 2012 15:14
I was following the main function in genpkey.c file and
following the same
sequence for generating key pair. I've got some executing
erros that took me
some hours to get it.
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Tuesday, 16 October, 2012 11:41
If you are linking to OpenSSL DLLs, then your application
isn't statically
linked against OpenSSL. .lib files can simply be
references to exports in .dll files.
This is an
From: owner-openssl-us...@openssl.org On Behalf Of shailesh durgapal
Sent: Tuesday, 16 October, 2012 17:14
I am seeing inconsistent values returned from BIO_read for
different IP addresses. My certificate has:
X509v3 extensions:
X509v3 Subject Alternative Name:
From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de
Almeida
Sent: Tuesday, 16 October, 2012 17:06
Does your library dynamically-link the openssl libs,
or statically embed them (while being dynamic itself)?
library dynamically-link the openssl libs.
My lib already uses
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Wednesday, 17 October, 2012 09:47
snip
[Using ShiningLight Windows build]
If you link with lib/VC/* (or lib/MinGW/*) you get
implicit dynamic linking. If you link with
lib/VC/static/* you get static linking.
1 - 100 of 1095 matches
Mail list logo