[no subject]
Dear All; When I compiled openssl-0.9.8g on VDSP and run \demos\ssl\cli.cpp .And I tried to connect https://www.gmail.com https://www.gmail.com/ .At that time I saw client sent client hello and server sent server hello successfully. But After that Client is not sending MASTER_KEY message. I checked and I found in file ssl\s2_clnt.c inside function int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data) having function x509=d2i_X509 (NULL, data,(long)len); return x509=0; that's why it is going err. And returning ret =-1; Please tell me how I can remove this error. One thing I want to say for compilation purpose I added below function in this file . //// Thnx. Regards; Ajeet Kumar Singh DSP Software Engg. Jasmin Infotech Private Limited Plot No.119, (Opp to N.I.O.T.), Velachery Tambaram Road, Pallikaranai, Chennai 600 100, India
Problem in openssl Master key Generation
Dear All; When I compiled openssl-0.9.8g on VDSP and run \demos\ssl\cli.cpp .And I tried to connect https://www.gmail.com https://www.gmail.com/ using sslv2.0 .At that time I saw client sent client hello and server sent server hello successfully. But After that Client was not sending MASTER_KEY message. I checked and I found in file ssl\s2_clnt.c inside function int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data) having function x509=d2i_X509 (NULL, data,(long)len); return x509=0; that's why it is going to label err. And returning ret =-1; Please tell me how I can remove this error. So I can proceed further next step in sslv2.0 response . One thing I want to say for compilation purpose I added below function in this file x_x509.c. //// ASN1_SEQUENCE(X509_EXTENSION) = { ASN1_OPT(X509_EXTENSION, object, ASN1_BOOLEAN), ASN1_OPT(X509_EXTENSION, value, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(X509_EXTENSION) ASN1_SEQUENCE(PKCS8_PRIV_KEY_INFO) = { ASN1_OPT(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), } ASN1_SEQUENCE_END(PKCS8_PRIV_KEY_INFO) IMPLEMENT_ASN1_FUNCTIONS(X509) IMPLEMENT_ASN1_DUP_FUNCTION(X509) IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) IMPLEMENT_ASN1_DUP_FUNCTION(PKCS8_PRIV_KEY_INFO) //// If above function is wrong and problem due to this, what I wrote in file x_x509.c then please tell me how Linux or Window os map this function and how I can map it. Thnx. Regards; Ajeet Kumar Singh
Re: Accessing encrypted messages after cert expires
It's rather infeasable to keep the same private key and generate a new public key. If you keep the private key after the expiration of the certificate, you can still decrypt messages encrypted to it; thus, if you generate a new pub/priv pair, you just need to keep the old key, and use all the keys you have to try to decrypt until one works. -Kyle H On Fri, Mar 14, 2008 at 4:20 PM, Mick [EMAIL PROTECTED] wrote: Yes it does. Keeping the same private key and generating new public key with it seems to be a sensible thing to do from a practical point of view. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem in openssl Master key Generation
Hello, When I compiled openssl-0.9.8g on VDSP and run \demos\ssl\cli.cpp .And I tried to connect https://www.gmail.com using sslv2.0 .At that time I saw client sent client hello and server sent server hello successfully. But After that Client was not sending MASTER_KEY message. I checked and I found in file ssl\s2_clnt.c inside function int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data) having function x509=d2i_X509 (NULL, data,(long)len); return x509=0; that’s why it is going to label err. And returning ret =-1; Please tell me how I can remove this error. So I can proceed further next step in sslv2.0 response . One thing I want to say for compilation purpose I added below function in this file “x_x509.c“. Do not use/support SSL2 for secure communications, use SSL3 or TLS1. SSL2 client_hello may be used for negotiations SSL3 or TLS1 (only one handshake packet). Best regards, -- Marek Marcola [EMAIL PROTECTED]
Re: Accessing encrypted messages after cert expires
On Saturday 15 March 2008, Kyle Hamilton wrote: It's rather infeasable to keep the same private key and generate a new public key. If you keep the private key after the expiration of the certificate, you can still decrypt messages encrypted to it; thus, if you generate a new pub/priv pair, you just need to keep the old key, and use all the keys you have to try to decrypt until one works. Thanks Kyle, Doesn't what you suggest create a headache? Every time I want to decrypt an old message I sent or I received, or a file, I will need to change the mail client configuration and point it to another private key. Keeping the same key overcomes this problem. Have I got this right? Why is it not feasible to retain the same private key? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: Accessing encrypted messages after cert expires
On Sat, Mar 15, 2008 at 12:12 PM, Mick [EMAIL PROTECTED] wrote: On Saturday 15 March 2008, Kyle Hamilton wrote: It's rather infeasable to keep the same private key and generate a new public key. If you keep the private key after the expiration of the certificate, you can still decrypt messages encrypted to it; thus, if you generate a new pub/priv pair, you just need to keep the old key, and use all the keys you have to try to decrypt until one works. Thanks Kyle, Doesn't what you suggest create a headache? Every time I want to decrypt an old message I sent or I received, or a file, I will need to change the mail client configuration and point it to another private key. Keeping the same key overcomes this problem. Have I got this right? Why is it not feasible to retain the same private key? If you want to decrypt an old message sent to you from the private key, you keep the certificate that contains the public key associated with it. This costs storage on the receiver. If you want to decrypt a message sent to the private key from the old public key, you keep the private key associated with that public key. Most mail clients allow you to have multiple keypairs, and identify which to use by the key used to encrypt them. The certificate is a means of specifying the 'policy' associated: 'do not use this key for new encryption after X date/time.' It's infeasable to generate a new public key associated with the same private key because of the mathematics involved. If a new public key could be derived at-will from the private key, then a new private key could be derived at-will from the public key, which would rather defeat the entire security of asymmetric-key cryptography. (The function which must be solved is the same both ways -- if one way can be solved easily, the other way can be solved just as easily.) -Kyle H __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]