Hello,
I tried to encrypt and decrypt a text using different ciphers. There I
found that the decryption failes at EVP_CipherFinal_ex() call. Somebody
please point me out what I've done wrong. The code is attached.
After looking at your source code my first proposition is not
to use strlen()
Is it possible to specify instead of filename (char* file) for
SSL_use_certificate_file file with absolute path? Because it doesn't
work for me :-( and in the man page is nothing about 'path'
Thanks
__
OpenSSL Project
Hello !
The following works for me (it's hardcoded however!).
#define certificate_file /root/security/server.crt
if((SSL_use_certificate_file(m_ssl,certificate_file,1))!=1) //FG: Define
SSL certificate to use
{
cout SSL certificate file error - did not open endl;
}
else
{
cout SSL
Yes, giving an absolute path to SSL_use_certificate_file will work. If you are
on windows, then you should escape the \ which will be present in the path -
thats all.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bu Bacoo
Sent: Monday, August 21, 2006
Hi,
The application I am writing has requirement that
after a request is sent to server, it should hear from the server in xyz
seconds.
With normal tcp socket, i can achieve this
through select() function. But how do I achieve this for SSL_read?
As I understand from last few threads on this
Hi,
The application I am writing has requirement that after a
request is sent to server, it should hear from the server in
xyz seconds.
I have done this by using non blocking sockets with SSL_read.
I call SSL_read in a loop using select() when necessary. I use
a timeout in the calls to
Hello,
The application I am writing has requirement that after a request is
sent to server, it should hear from the server in xyz seconds.
With normal tcp socket, i can achieve this through select() function.
But how do I achieve this for SSL_read?
As I understand from last few threads on
Title: multiple signers
Hello,
Do you know how I can to create a PKCS#7 file containing multiple signs?
I need to sign a file with multiple signers and generate just one PKCS#7 file with all the signs inside.
Thank you very much.
Fernando Jaraba Nieto
Madrid, Spain.
As far as I know the only product that supports this is iSafeGuard from MXC Software (http://www.mxcsoft.com). You might be able to get some information from them."Jaraba Nieto, Fernando" [EMAIL PROTECTED] wrote: Hello, Do you know how I can to create a PKCS#7 file containing multiple
Hi all
I am trying to fit a CSR generating capability into a small footprint
embedded system.
Note that I already have the openssl library in there
Openssl is about 300K in size which I want to avoid copying over if I
can just for generating CSRs
Are there any APIs in the OpenSSL library that
I am trying to decide whether building OpenSSL with
threads option is appropriate or not for my particular
situation. The Configure script says that the option
tr[ies] to create a library that is suitable for
multithreaded applications. How exactly are the libraries
created to be suitable for
To generate a library suitable for multithreaded use, the malloc and
free implementations must be the same as the ones used by the rest of
the program. (That's the number one issue.) A second issue is that
certain data structures must be wrapped in mutexes (linked lists, as
only one example).
The application I am writing has requirement that
after a request is sent to server, it should hear
from the server in xyz seconds.
With normal tcp socket, i can achieve this through select()
function. But how do I achieve this for SSL_read?
Same way.
As I understand from last few
Dear All, The quick version: How can I disable or prevent OpenSSL headers from being viewable to outside traffic (similiar to when you disable Apache from allowing its header and version information from being viewable to the outside world)?
The long version: We run security check software, which
Scott Campbell wrote:
The long version: We run security check software, which makes
connections with various services, calls up the header, and then tells
us that based upon the version it read in the header, this service has
certain vulnerabilities. For security purposes, we would
The long version: We run security check software, which makes connections
with various services, calls up the header, and then tells us that based
upon the version it read in the header, this service has certain
vulnerabilities.
You mean it might have certain vulnerabilities. You
Nice advertising here by john..
i think there are more products =) - try bouncycastle
API they can do it too ... for free
--- John Pattern [EMAIL PROTECTED] wrote:
As far as I know the only product that supports this
is iSafeGuard from MXC Software
(http://www.mxcsoft.com). You might be able
The long version: We run security check software, which makes
connections
with various services, calls up the header, and then tells us that based
upon the version it read in the header, this service has certain
vulnerabilities.
I just have to say one more thing:
You
Hello,
The quick version: How can I disable or prevent OpenSSL headers
from being viewable to outside traffic (similiar to when you disable
Apache from allowing its header and version information from being
viewable to the outside world)?
OpenSSL is realizing SSL3/TLS1 protocol and
David Schwartz wrote:
The long version: We run security check software, which makes connections
with various services, calls up the header, and then tells us that based
upon the version it read in the header, this service has certain
vulnerabilities.
You mean it might have certain
Thomas J. Hruska wrote:
David Schwartz wrote:
The long version: We run security check software, which makes
connections
with various services, calls up the header, and then tells us that based
upon the version it read in the header, this service has certain
vulnerabilities.
You mean it
The OP, however, is right. Why report the version at all to the user of
a website? There is no need to let them know you are even running
OpenSSL let alone the version being run. I'm not talking about security
through obscurity. I'm referring to common sense. Don't tell people
what you
Look at X509_REQ_* functions.
Subash Kalbarga wrote:
Hi all
I am trying to fit a CSR generating capability into a small footprint
embedded system.
Note that I already have the openssl library in there
Openssl is about 300K in size which I want to avoid copying over if I
can just for
Blocking the version number is worse
than reporting stale version information. At least they can determine a
minimum security level. Incorrect information cuts both ways, helping the
hacker and legitimate user at the same time. Better to prefer the legitimate
user's interest.
SP
[EMAIL
Hi. I am new at this and at my wits end. I keep on getting the same error when I try and start lighttpd. I have rekeyed my cert 2 times now so I am fairly certain that it is not a problem there. I have redone the KEY and CSR as well. I do not know what to do. Please let me know if you have any
[EMAIL PROTECTED] wrote:
Blocking the version number is worse than reporting stale version
information. At least they can determine a minimum security level.
Incorrect information cuts both ways, helping the hacker and legitimate
user at the same time. Better to prefer the legitimate user's
Thomas J. Hruska wrote:
Now compare that number to how many hackers know and care about the same
information.
None. If an exploit exists, it will be exploited. You are a fool if you
expect that a hacker would rely on the reported version number to elect
one of the dozens of past exploits.
[EMAIL PROTECTED] wrote:
Blocking the version number is worse than reporting stale version
information. At least they can determine a minimum security level.
Incorrect information cuts both ways, helping the hacker and legitimate
user at the same time. Better to prefer the legitimate
The problem is that virtually no legit users will ever look, but the
hackers
definitely will. I'll admit (being a geek) that I checked once when
logging
into my banking site for the first time many years ago. So maybe I was
'benefitted' that one time (and my case is definitely not typical),
29 matches
Mail list logo