[openssl-dev] Not Before and Not After Date format for openssl API X509_gmtime_adj

Hi all, I am programmatically generating the self signed certificate and need to specify the Not Before and Not After date, Wanted to understand what all formats are acceptable by this API ? Also, similarly while using API , what exactly is the time format expected by

Re: [openssl-dev] [openssl-users] X509_verify() error - block type is not 01

the private key with which certificate was signed, or the public key which this certificate signs. Sorry, I think I am still bit not clear on purpose of the API. Thanks Regards, Nayna Jain From: Viktor Dukhovni openssl-us...@dukhovni.org To: openssl-us...@openssl.org, openssl-dev@openssl.org

Re: [openssl-dev] [openssl-users] X509_verify() error - block type is not 01

Thanks Victor, I want to match the certificate with the private key for whose public key that certificate is provided. If this verifies who signed the certificate, then how do I verify whether the certificate provided is for the private key which was generated, Thanks Regards, Nayna Jain

[openssl-dev] X509_verify() error - block type is not 01

Hi, I am trying to verify X509 certificate against two private keys such that atleast one of them it should match. I used the API as X509_verify(x509, pkey) where pkey is of EVP_PKEY type However, for one of the private key it is failing with error block type is not 01// And this key is

Re: [openssl-dev] [openssl-users] Is there openssl API to verify certificate content is DER or PEM format ?

Hi, Thanks Victor, I am going to try these.. I have similar concern for private key. If I have a pem file with private key in that, how do I check if that is RSA/DSA ? Thanks Regards, Nayna Jain From: Viktor Dukhovni openssl-us...@dukhovni.org To: openssl-us...@openssl.org, openssl

[openssl-dev] X509_STORE_free() and X509_LOOKUP_free() also frees the X509 certificates inside it

Hi all, I am using X509_STORE and X509_LOOKUP to verify the certificate and its chain. But at the end when I do X509_STORE_free(store) and X509_LOOKUP_free (lookup), it is also doing free of the X509* certificate which I added. But I don't want that, because after that when I immediately try

Re: [openssl-dev] [openssl-users] Is there openssl API to verify certificate content is DER or PEM format ?

PEM APIs. or there are DER specific APIs also, I didn't find though, unless they are d2i_xxx types. Thanks Regards, Nayna Jain From: Viktor Dukhovni openssl-us...@dukhovni.org To: openssl-us...@openssl.org Date: 06/09/2015 10:34 AM Subject:Re: [openssl-users] Is there openssl

[openssl-dev] Is there openssl API to verify certificate content is DER or PEM format ?

Hi, I need to verify if the certifiate I have received is having its content in PEM/DER format. Is there any API which if given file pointer like (fp) will tell me whether it has valid format of certificate and if yes then whether it is PEM/DER format ? If no API, then what is the other way to

[openssl-dev] What key length is used for DHE by default ?

Hi, With the latest logjam attack, as I was trying to verify if my server (lighttpd) accepts DHE_xxx ciphers, I saw that it accepted and I didn't do any configuration setting done for DH parameters explicitly. But I couldn't verify what is the key length did it use by default 512/1024/2048 ?

Re: [openssl-dev] What key length is used for DHE by default ?

Hi Hubert, Thanks.. I tried the command you mentioned i.e. openssl s_client -connect hostname:443 -cipher EDH /dev/null 2/dev/null | grep 'Server Temp Key' But it didn't output anything. Thanks Regards, Nayna Jain From: Hubert Kario hka...@redhat.com To: openssl-dev@openssl.org Cc

Re: [openssl-dev] What key length is used for DHE by default ?

Ok, I think this is what I didn't know. I was using openssl 1.0.1g client. I still didn't have openssl 1.0.2 . Thanks.. Thanks Regards, Nayna Jain From: Salz, Rich rs...@akamai.com To: openssl-dev@openssl.org openssl-dev@openssl.org Date: 05/22/2015 09:31 PM Subject:Re

SSL connection broken after upgrading from 0.9.8a to 1.0.1e version of openssl

, Nayna Jain __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org

SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

couldn't get much information. Since the error seems to be too much code level, sending it to openssl dev group also, along with openssl users group. Thanks Regards, Nayna Jain __ OpenSSL Project

Re: SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

reason comes is as - it as mismatch issue between server and client SSL connection either protocol or certificates like that.. Thanks Regards, Nayna Jain From: Brad House b...@monetra.com To: openssl-dev@openssl.org, Date: 04/21/2014 04:48 PM Subject:Re: SSL negotiation failed

Are Openssl Random Number Generator NIST compliant ?

is loaded by default ? Thanks Regards, Nayna Jain __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

How SSLv23_xxx_method() is able to handle all the protocols SSLv3, TLS1.x

, Nayna Jain __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org

Need understanding of SSLv23_xxx_method() API.. It is failing when SSLv23_client_method() connects to TLSv1_2_server_method()

this error. earliar I was getting Digest to big in size for rsa Can someone please explain this ? Thanks Regards, Nayna Jain __ OpenSSL Project http://www.openssl.org Development Mailing List

What is the reason for error SSL negotiation failed: error:04075070:rsa routines:RSA_sign:digest too big for rsa key

? If possible, also if someone can explain that how SSLv23 is able to handshake with both TLSv1_2 related APIs as well as SSLv3 related APIs. Thanks Regards, Nayna Jain __ OpenSSL Project http