Re: PKCS #1 Bug ??
OpenSSL:
30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04
14 14 44 0A B6 53 49 25 48 25 A8 02 A3 5C
7C 1A 8C D1 14 F9
This looks correct to me:
SEQUENCE ($21) {
SEQUENCE ($09) {
OID ($05)
NULL ($00)
}
OCTETSTRING ($14)
}
PKCS #1:
30 21 30 1F 06 05 2B 0E 03 02 1A 05 00 04
14 14 44 0A B6 53 49 25 48 25 A8 02 A3 5C
7C 1A 8C D1 14 F9
This doesn't:
SEQUENCE ($21) {
SEQUENCE ($21) {
OID ($05)
NULL ($00)
OCTETSTRING ($14)
}
}
since AlgorithmIdentifier is defined as
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parametersANY DEFINED BY algorithm OPTIONAL
}
The OCTETSTRING which probably holds the signature
is not a parameter of the algorithm.
Interessant... Is it a (known) typo in the PKCS #1 standard ? It would
be cool if OpenSSL implements the
standard better than the standard itself :-)
A+
Pascal
--
Pascal Junod
Europay AG, Hertistr. 27, CH-8304 Wallisellen
[EMAIL PROTECTED] ++41 (0)1 832 93 27
Privat: Ettenfeldstr. 11, CH-8052 Zürich-Seebach
[EMAIL PROTECTED] ++41 (0)1 302 14 10
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
RE: PKCS #1 Bug ??
I was signing a message with the smime tool and following command line
...
and I was unable to verify the signature using the commercial toolkit
OpenSSL:
30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04
14 14 44 0A B6 53 49 25 48 25 A8 02 A3 5C
7C 1A 8C D1 14 F9
This looks correct to me:
SEQUENCE ($21) {
SEQUENCE ($09) {
OID ($05)
NULL ($00)
}
OCTETSTRING ($14)
}
PKCS #1:
30 21 30 1F 06 05 2B 0E 03 02 1A 05 00 04
14 14 44 0A B6 53 49 25 48 25 A8 02 A3 5C
7C 1A 8C D1 14 F9
This doesn't:
SEQUENCE ($21) {
SEQUENCE ($21) {
OID ($05)
NULL ($00)
OCTETSTRING ($14)
}
}
since AlgorithmIdentifier is defined as
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parametersANY DEFINED BY algorithm OPTIONAL
}
The OCTETSTRING which probably holds the signature
is not a parameter of the algorithm.
Just my two pence
Robert
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
OpenSSL 0.9.5 `make test' failed at `sha1test'
Dear, `./config' and `make' passed successful. But `make test' won't pass "sha1test" with any of optimization option -O3, -O2, -O1 or -O0. I would like to hear from you. Thanks in advance. -- Nobuhiro Shibuya mailto:[EMAIL PROTECTED] http://www.isac.co.jp/ /* testlog follows: == OpenSSL self-test report: OpenSSL version: 0.9.5 Last change: PKCS7_encrypt() was adding text MIME headers twice beca... OS (uname): FreeBSD dummy.rd.isac.co.jp 2.2.8-STABLE FreeBSD 2.2.8-STABLE #0: Fri Mar 3 17:51:11 JST 2000 [EMAIL PROTECTED]:/usr/src/sys/compile/W221 i386 OS (config): i586-pc-freebsd2.2.8 Target (default): FreeBSD Target: FreeBSD Compiler: gcc version 2.7.2.1 Failure! - testing... ./destest Doing cbcm Doing ecb Doing ede ecb Doing cbc Doing desx cbc Doing ede cbc Doing pcbc Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done Doing ofb Doing ofb64 Doing ede_ofb64 Doing cbc_cksum Doing quad_cksum input word alignment test 0 1 2 3 output word alignment test 0 1 2 3 fast crypt test ./ideatest ecb idea ok cbc idea ok cfb64 idea ok ./shatest test 1 ok test 2 ok test 3 ok ./sha1test *** Signal 11 Stop. *** Error code 1 Stop. - == */ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: I'm just a little bit totally lost here, please help
On Thu, 9 Mar 2000 [EMAIL PROTECTED] wrote: I am running a Mandrake 6.1 system and am trying to get Apache 1.3.12, PHP 4 and MySQL to work with SSL included. When I 'make test' all goes well for a while and then I get this: running bc Failed! bc: /bin/sh: bc: command not found [...] Joel *** Joel Macklow Solutions Engineer Ramhb Internet Services *** Joel, Maybe you have not installed bc; In RedHat 6.0 it is in pockage called bc, and the file is /usr/bin/bc Add rpm containing bc and you should be done. Best regards, Wojtek __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS #1 Bug ??
jnp Interessant... Is it a (known) typo in the PKCS #1 standard ? It would jnp be cool if OpenSSL implements the jnp standard better than the standard itself :-) Depends on how you defined "standard". To me, the standard is the source, which is the ASN1 module, and that one had better be trustable :-). A faulty footnote isn't quite at the same level, even in an authoritative document. Besides, the PKCS#1 v2.1 document is a draft (with more blatant faults. Have you read the editor's note at the beginning? :-)), and I assume that things like this will be corrected before it becomes the new standard document. If you feel up to it, you might consider reporting the error back to RSA. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: install openssl under my directory??
Lingyun Wang [EMAIL PROTECTED]: How can I install openssl under my directory? Step 1: Read INSTALL. Step 2: Use the --openssldir option explained in INSTALL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Failed OpenSSL Compilation on Linux... Doh...
Howdy. Just downloaded openssl-0.9.5 for use with apache, and goldurn it, Linux and egcs won't play Ball. Here's the jist from testlog. 8--- OpenSSL self-test report: OpenSSL version: 0.9.5 Last change: PKCS7_encrypt() was adding text MIME headers twice beca... OS (uname): Linux red-angel.cyanit.co.uk 2.2.5-15 #1 Mon Apr 19 21:39:28 EDT 1999 i586 unknown OS (config): i586-whatever-linux2 Target (default): linux-elf Target: debug-linux-elf Compiler: gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) Compiler doesn't work. 8- Fresh installation as well. Bah. Any help would be mucho appreciated,as the SSL functionality required is a Specification of our initial contract. Cheers [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL 0.9.5 `make test' failed at `sha1test'
On Thu, Mar 09, 2000 at 07:17:50PM +0900, [EMAIL PROTECTED] wrote:
`./config' and `make' passed successful.
But `make test' won't pass "sha1test" with any of
optimization option -O3, -O2, -O1 or -O0.
OS (config): i586-pc-freebsd2.2.8
Target (default): FreeBSD
Target: FreeBSD
Compiler: gcc version 2.7.2.1
I've zapped my mail, but I believe the following does the trick:
--- sha1-586.pl.origFri Mar 10 00:24:38 2000
+++ sha1-586.pl Fri Mar 10 00:24:55 2000
@@ -392,7 +392,8 @@
X_expand("esi");
mov(wparam(1),"esi");
- set_label("shortcut", 1);
+ #set_label("shortcut", 1);
+ set_label("shortcut");
comment("");
comment("Start processing");
--
Ng Pheng Siong [EMAIL PROTECTED] * http://www.post1.com/home/ngps
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Failed OpenSSL Compilation on Linux... Doh...
Allan Just downloaded openssl-0.9.5 for use with apache, and goldurn it, Allan Linux and egcs won't play Ball. Here's the jist from testlog. Hmm, can you send a full config and make log? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL 0.9.5 `make test' failed at `sha1test'
Hi,
this is a known bug which got through the net... but is fixed in the
latest snapshots... either you can turn off assembly or you can make
clean and do the the following little change which I pulled from the
cvsWeb interface at
http://www.openssl.org/source/cvs/crypto/sha/asm/sha1-586.pl?hideattic=1sortbydate=0
cheers,
Sean O'Riordain // [EMAIL PROTECTED]
===
RCS file: /e/openssl/cvs/openssl/crypto/sha/asm/sha1-586.pl,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- crypto/sha/asm/sha1-586.pl 2000/02/27 01:15:25 1.4
+++ crypto/sha/asm/sha1-586.pl 2000/03/03 00:06:40 1.5
@@ -392,7 +392,7 @@
X_expand("esi");
mov(wparam(1),"esi");
- set_label("shortcut", 1);
+ set_label("shortcut", 0, 1);
comment("");
comment("Start processing");
[EMAIL PROTECTED] wrote:
Dear,
`./config' and `make' passed successful.
But `make test' won't pass "sha1test" with any of
optimization option -O3, -O2, -O1 or -O0.
I would like to hear from you.
Thanks in advance.
--
Nobuhiro Shibuya
mailto:[EMAIL PROTECTED]
http://www.isac.co.jp/
/* testlog follows:
==
OpenSSL self-test report:
OpenSSL version: 0.9.5
Last change: PKCS7_encrypt() was adding text MIME headers twice beca...
OS (uname): FreeBSD dummy.rd.isac.co.jp 2.2.8-STABLE FreeBSD 2.2.8-STABLE #0:
Fri Mar 3 17:51:11 JST 2000
[EMAIL PROTECTED]:/usr/src/sys/compile/W221 i386
OS (config): i586-pc-freebsd2.2.8
Target (default): FreeBSD
Target: FreeBSD
Compiler: gcc version 2.7.2.1
Failure!
-
testing...
./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
Doing pcbc
Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done
Doing ofb
Doing ofb64
Doing ede_ofb64
Doing cbc_cksum
Doing quad_cksum
input word alignment test 0 1 2 3
output word alignment test 0 1 2 3
fast crypt test
./ideatest
ecb idea ok
cbc idea ok
cfb64 idea ok
./shatest
test 1 ok
test 2 ok
test 3 ok
./sha1test
*** Signal 11
Stop.
*** Error code 1
Stop.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Failed OpenSSL Compilation on Linux... Doh...
On Thu, Mar 09, 2000 at 05:46:06PM +0100, Richard Levitte - VMS Whacker wrote: Allan Linux and egcs won't play Ball. Here's the jist from testlog. Hmm, can you send a full config and make log? The "Compiler doesn't work" message means that the system fails to compile a straight simple "Hello world" program. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
s_client
We are using s_client to do some automated white box testing of our secure server product. We have a set of scripts that hit on our server kind of like this,... bash% cat dg.txt netscape-4.71-linux | openssl s_client -connect 10.0.0.100:5150 -cert EntrustCert1.pem -key EntrustKey1.pem DG01.txt where DG01.txt = 'GET /DG?arg=dsflkjewrdsf389 HTTP/1.0 and netscape-4.71-linux contains the HTTP headers that the browser send in an HttpRequest. Problem was : s_client was not printing the output returned from the server it was just printing DONE Solution was : we changed s_client.c in two places s_client.c:579 if ((!c_quiet) ((i0) || (cbuf[0]='Q'))) s_client.c:679 if(i0) now it works but we must have de-stabilized the program. Questions: Does anyone know if this is a bug or not ? Does anyone use s_client with piped input ? Thanks , dave. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: s_client
dpalaitis We are using s_client to do some automated white box dpalaitis testing of our secure server product. We have a set of dpalaitis scripts that hit on our server kind of like this,... Is that just "kind of" or "exactly"? Important question, because the line you showed us is faulty: dpalaitis bash% cat dg.txt netscape-4.71-linux | openssl s_client dpalaitis -connect 10.0.0.100:5150 -cert EntrustCert1.pem dpalaitis -key EntrustKey1.pem DG01.txt You see, it's a bit hard to get a stdin with more than one source (one through redirection and one through the pipe, in your case). Bash will (I just checked) give a redirection higher prority than input coming from a pipe, so you end up feeding only DG01.txt to s_client. I would suggest the following instead: cat DG01.txt dg.txt netscape-4.71-linux | openssl s_client \ -connect 10.0.0.100:5150 -cert EntrustCert1.pem \ -key EntrustKey1.pem However, there's another problem as well. As soon as EOF is reached, s_client will shut down the connection and exit *without waiting for anything*. So, the transfer of your input gets through so quickly that the response won't get through before s_client shutdown the connection... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
(maybe) bug rpt on v0.9.5 and SNAP 308
Greetings bug-trackers, First, a grateful "job well done" to all of you. I've successfully used all OpenSSL releases since v0.9.1c but now (with a fresh glibc Linux) have run into a problem - and it could very well be at my end, not yours, but I'm not sure so thought I'd report anyway. With v0.9.5 and also the 308 snapshot, "make test" fails like this on the big number tests: -- BEGIN -- test BN_mod_exp test BN_exp running bc Failed! bc: /bin/sh: bc: command not found make[1]: *** [test_bn] Error 255 make[1]: Leaving directory `/usr/local/openssl-SNAP-2308/test' make: *** [tests] Error 2 -- END -- I've attached jas.SNAP.2testlogs.tgz, which contains output from two separate "make report" runs: jas.SNAP08.testlog.CFLAG jas.SNAP08.testlog.NO_CFLAG The reference to "bc" is what's throwing me. I'm sure the CFLAG options are fine because they're based on ./Configure linux-elf , but i cleaned them out for the 2nd attempt. I'll investigate further here apologize profusely if i'm simply missing a binary - any advice will be appreciated. Best wishes to all, John A. Scozzy [EMAIL PROTECTED] http://users.ntr.net/~jasmith -- today's internet privacy update ... http://www.junkbusters.com/ht/en/new.html jas.SNAP.2testlogs.tgz
Re: (maybe) bug rpt on v0.9.5 and SNAP 308
On Thu, Mar 09, 2000 at 05:07:42PM -0500, John A. Scozzy wrote: I've successfully used all OpenSSL releases since v0.9.1c but now (with a fresh glibc Linux) have run into a problem - and it could very well be at my end, not yours, but I'm not sure so thought I'd report anyway. Failed! bc: /bin/sh: bc: command not found bc is the Unix calculator. It is only used in the test to verify that OpenSSL's math library works correctly. What surprises me is that you are already the second to report this problem. I would assume that bc was installed on the system(s) where you used earlier versions of OpenSSL, but is missing on your current Linux system. Could you please verify that? What happens when you run "bc" from the shell? In case it says "command not found", did you do anything unusual while installing the system? Thanks, Ulf __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Peer Certificates
I got the demo\ssl\cli.c and demo\ssl\srv.cpp ported to NT and working. The server has the following code:[srv.cpp]SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM);SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM); Apparently this enables the client to retrieve the certificate by calling [cli.cpp] client_cert = SSL_get_peer_certificate (ssl);My problem is this:I want both the client and the server to use a certificate, when I add the code from srv.cpp to cli.cpp. The call to SSL_get_peer_certificate();on the server still returns NULL. I can't seem to make the client pass it's certificate along.What am I doing wrong?
no bug, problem solved
On Thu, Mar 09 2000 at 20:07:46PM [EMAIL PROTECTED] wrote in reply: bc is the Unix calculator. Problem solved, and my error for not recognizing the calculator. I did not install it with the system last week, and yes it was certainly on prior systems. I've just installed bc and expect everything will be fine when i re-build tomorrow. And next time I'll check more carefully before sending a report! Thanks, Ulf. John -- today's internet privacy update ... http://www.junkbusters.com/ht/en/new.html __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Was: Re: OpenSSL 0.9.5 `make test' failed at `sha1test'
Dear, Sean O Riordain [EMAIL PROTECTED] wrote: this is a known bug which got through the net... but is fixed in the latest snapshots... This made test passed confortablly. `test' is up to date. I have got just installed OpenSSL 0.9.5 in this morning. Thank you for your quick and honest assistance. Yours, -- Nobuhiro Shibuya mailto:[EMAIL PROTECTED] http://www.isac.co.jp/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Compilation error on OpenStep 4.0
snapshot of 3-9 cc -I.. -I../../include -O -Wall -c b_print.c -o b_print.o b_print.c:205: warning: redefinition of macro MAX /NextLibrary/Frameworks/System.framework/Headers/bsd/libc.p:0: warning: this is the location of the previous definition cc -I.. -I../../include -O -Wall -c bss_bio.c -o bss_bio.o bss_bio.c:209: undefined type, found `ssize_t' bss_bio.c:247: undefined type, found `ssize_t' make[2]: *** [bss_bio.o] Error 1 make[2]: Leaving directory `/root/temp/openssl-SNAP-2309/crypto/bio' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/root/temp/openssl-SNAP-2309/crypto' make: *** [all] Error 1 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
mspdb60.dll not found
I can not "nmake -f ms\ntdll.mak", because mspdb60.dll not found on my system. How can I do for it? Thanks very much. __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
still can not install openssl under my directory
Thanks for help, but when I try this, (assume zlww6 is my dir) ./config --prefix=/home/zlww6/ssl --openssldir=/home/whopes/ssl or ./config --prefix=/home/zlww6/ssl --openssldir=/home/zlww6/sslprogram When "make install", after "install man3 and man7" Error shows up: Cannot create directory /export/home/zlww6/openssl-0.9.5/ssl/lib: File exists *** Error code 17 (bu21) I don't understand. And, if I ***move*** openssl program(successfully make install in other directory) to my own directory. Does it run well? --- Hong Chang-Su [EMAIL PROTECTED] wrote: Hi, ex) OpenSSL source existed under /home/whopes/src/ cd /home/whopes/src/ ./config --prefix=/home/whopes/ssl --openssldir=/home/whopes/ssl make make test make install then you can install OpenSSL You wrote Thanks in advance. I am not a root user(IRIX), without permission to write file under root directory. How can I install openssl under my directory? successfully "make" and "make test". Now when I try to "make install", it said "Cannot create directory /usr/local/ssl: Permission denied" when I use "make INSTALL_PREFIX=. install" it passed last step, but stopped with"sh[5]: ./usr/local/ssl/man/man1/CA.pl.1: cannot create: No such file or directory *** Error code 1 (bu21)" when I use " make INSTALL_PREFIX=/tmp/openssl install", it succeed. But installing under /temp directory is not my intention. I am very confused. Your any suggestion will be greatly appreciated. Max _ ¼ÒÁßÇÑ »ç¶÷¿¡°Ô º¸³»´Â ¾ßÈÄ! ¾ÈºÎ, http://greetings.yahoo.co.kr/ Æò»ý °øÂ¥·Î ¾²´Â ¾ßÈÄ! ¸ÞÀÏÀ» http://mail.yahoo.co.kr/ ¿¡¼ ¸¸µå¼¼¿ä. __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
help on PKCS10
Hello, I have this CSR from my customer, but cannot use 'openssl' (0.9.4) to display it. I believe that the CSR is in PKCS10 format. Does openssl-0.9.4 support PKCS10? If yes, what is the command syntax? If not, how can I write one util based on openssl-0.9.4? Any instruction would be very appreciated. Thanks. --Yunhong -BEGIN NEW CERTIFICATE REQUEST MIIBCTCBtAIBADBPMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEYMBYG A1UEChMPRXllcyBvbiBUaGUgV2ViMRQwEgYDVQQDFAt3d3cuZXR3Lm5ldDBcMA0G CSqGSIb3DQEBAQUAA0sAMEgCQQCeojtjnHqg0GTxp+XZ56RaSe1iZWpumXjU6Sx7 v1FdXzsY1oLOQa090Jtnu1WsQRHh0yDS+45oncjKm1zCG/IZAgMBAAGgADANBgkq hkiG9w0BAQQFAANBAFBj9g+NiUh8YWPrFGntgf4miUd/wqUshptjJy4PjdsD3ugy 5svvuh3G//PpGh2aYXIjHpJXTUBQyzxSEIINYtc= -END NEW CERTIFICATE REQUEST- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: s_client
Richard Levitte - VMS Whacker [EMAIL PROTECTED]: [...] I would suggest the following instead: cat DG01.txt dg.txt netscape-4.71-linux | openssl s_client \ -connect 10.0.0.100:5150 -cert EntrustCert1.pem \ -key EntrustKey1.pem However, there's another problem as well. As soon as EOF is reached, s_client will shut down the connection and exit *without waiting for anything*. So, the transfer of your input gets through so quickly that the response won't get through before s_client shutdown the connection... Also of course instead of patching s_client the "-quiet" option should be used. One if its effects is to ignore EOF at stdin, so (cat ...)|openssl s_client should work with it. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
better docs?
Is there a tutorial-style doc that explains the process of utilizing the openssl lib? The online docs appear to just list a bunch of structures and methods, great info but difficult to decode for actual use. Thanks Brady Moritz Moritz Designs __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
