hi all
i'm a newbie to the openssl and plan to integrate SSL to my server. my
server is developed based on IO completion port. so i want
to separate the SSL engine from the socket object totally. after googled in
mail list, i found it is possible by using BIO pair mechanism .
after almost two
From: dthomp...@prinpay.com
To: openssl-users@openssl.org
Subject: RE: Using self-signed certificates with openssl
Date: Fri, 13 May 2011 22:06:55 -0400
From: owner-openssl-us...@openssl.org On Behalf Of Roger No-Spam
Sent: Friday, 13 May, 2011 04:15
We have decided to
Good Morning,
My situation is very strange, i guess.
At work we use a CFT server, which is very popular in Europe for File
transfert between corporation, like bank.
In my case one of our customer is a bank, and they want that our file
transfert to be securised over SSL.
CFT include SSL support
Viktor, thank you a lot for the syntax: really that manual IS misleading!
Well, now I can configure good (for Microsoft) CRL distribution points:
crlDistributionPoints = ca_cdp
[ ca_cdp ]
fullname = @ca_cdp_uries
reasons = keyCompromise
[ ca_cdp_uries ]
URI.1 =
Hi all.
I'm trying to use the OpenSSL crypto lib. I've generated a public/private
RSA key pair. Then I wrote some code to try to encrypt an eight-byte random
string. But it crashes in RSA_size(). Here's the code:
BIO* bp = BIO_new_mem_buf(_publicKey, -1);//
Create
Thanks Viktor,
I hadn't properly understood the relationship between the certificate and the
cipher, so I'll look at that now. I think I'm also confusing the OpenVPN
OpenSSL relationship.
OpenVPN does appear to be using TLS according to the logs, so I had tried to
specify
tls-cipher
Hi,
After lot of struggles, finally get rid of this error, but I cant tell the
reason, how was it rectified.
We installed our libs on a new machine.
Now a different error is seen.
After client and server conection is established, TLSv1 Encrypted Alert+21
is sent by the client.
Google search
I'd try that way:
authorityInfoAccess = @aias
[aias]
caIssuers;URI.1=http://pervaya.ssilka/..
caIssuers;URI.2=http://vtoraya.ssilka/..
but this is just my guess... might be wrong.
Alexandre
Le 16/05/2011 11:52, A.B.COKO/\OB a écrit :
Viktor, thank you a lot for the syntax: really that manual
Hello,
I have a program, written on C++ and QT.
I need to implement checking of signature in my program, so that it
would do the same check, as this openssl command:
openssl dgst -sha1 -signature signature.bin -verify pubkey.pem file.txt
what is the most optimal method, I can use?
What
I'm trying to use the OpenSSL crypto lib. I've generated a public/private
RSA key pair. Then I wrote some code to try to encrypt an eight-byte random
string. But it crashes in RSA_size(). Here's the code:
BIO* bp = BIO_new_mem_buf(_publicKey, -1);//
Create
Is pubKey a valid pointer after PEM_read_bio_RSA_PUBKEY?
If it is NULL there is an error in PEM data.
Da: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
Per conto di G S
Inviato: lunedì 16 maggio 2011 12:13
A: openssl-users@openssl.org
Oggetto: Why would RSA_size()
Hello,
I have a program, written on C++ and QT.
I need to implement checking of file signature in my program, so that
it would do the same check, as this openssl command:
openssl dgst -sha1 -signature signature.bin -verify pubkey.pem file.txt
Can i do it, calling some QT methods?
If no, are
Alexandre, you've got it!!!
Monday, May 16, 2011, 3:07:54 PM, you wrote:
AA I'd try that way:
AA authorityInfoAccess = @aias
AA [aias]
AA caIssuers;URI.1=http://pervaya.ssilka/..
AA caIssuers;URI.2=http://vtoraya.ssilka/..
(3) So maybe you know how to deal with unknown (to ssl)
extentions?
Duh, thanks to the people who pointed out that the pointer returned by
PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use
Xcode, which refuses to show any local variables and GDB claims they don't
exist).
The question now is why it's null, since I know the string itself
Duh, thanks to the people who pointed out that the pointer returned by
PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use
Xcode, which refuses to show any local variables and GDB claims they don't
exist).
This is probably the optimizer, try compiling with -O0
I am learning various sites and blogs to make it clear, but, it's yet
unclear to me! I think, you may help me if you want and that will be a big
favor for me.
What I am trying to do is: I am trying to renew cert of one server which
was certified by CAcert.org. What I am trying to follow is:
1.
You could hack ur client and server to use cipher null and see the
alert in clear..most,y should be digest failure.
On Monday, May 16, 2011, pradeepreddy pradeepreddy@gmail.com wrote:
Hi,
After lot of struggles, finally get rid of this error, but I cant tell the
reason, how was it
Hi Bob,
Your question is of interest to me because I had posted a question about
renegotiation too and got no response yet:
I have a client and server that communicate with PSK-AES128-CBC-SHA.
In making openssl I selected no-tlsext. What I see is that client
initiates legacy
On Mon, May 16, 2011 at 6:53 AM, John Hascall j...@iastate.edu wrote:
(sadly I have to use
Xcode, which refuses to show any local variables and GDB claims they
don't
exist).
This is probably the optimizer, try compiling with -O0 -g3
Thanks, John, I am building Debug. I verified
Ah, I see the g3 option generates extra debugging info. I'll give it a
shot. I have a bug open with Apple about this anyway. It has proven to be
very hard to pin down. Restarting Xcode will usually eliminate the problem
and let you step through code... ONCE. If you want to do it again, you
Java has tools to create the key pairs and the CSR; you are not required to do
this with OpenSSL. I provided some links below that have some commands.
https://www.digicert.com/easy-csr/keytool.htm
http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/
On Mon, May 16, 2011 at 9:08 PM, Eduardo Navarro
eduardo.nava...@live.comwrote:
4. import response into the keystore
Thanks Eduardo for your nice and very very effective email. But, I am having
problem with this number 4. What I need to do here actually? Do i need to
install this? Or.. do I
Use the same tool from the JDK, keytool.exe. Your response should be nothing more than a certificate, the private key that is associated to that certificate had an alias , which you to specify during the import process. Sent from my Windows Phone
From: ZicoSent: Monday, May 16, 2011 11:40 AMTo:
On Mon, May 16, 2011 at 11:56:41AM +0100, Mike Bell wrote:
Thanks Viktor,
I hadn't properly understood the relationship between the certificate
and the cipher, so I'll look at that now. I think I'm also confusing
the OpenVPN? OpenSSL relationship.
OpenVPN does appear to be using TLS
Alert 21 seems to be decryption failure.
Sent from my iPad
On May 16, 2011, at 6:12 AM, pradeepreddy pradeepreddy@gmail.com wrote:
Hi,
After lot of struggles, finally get rid of this error, but I cant tell the
reason, how was it rectified.
We installed our libs on a new machine.
Hi,
I am trying to cross-compile openssl-fip-1.2.2 for arm-linux on a Linux
x86-host system. The compilation goes through, but the tests fail to run on
the target with errors as shown below.
1. This is how I compiled the library.
# setting environment variables;
export
On Mon, May 16, 2011, openssl-fips-1.2.2 wrote:
Hi,
I am trying to cross-compile openssl-fip-1.2.2 for arm-linux on a Linux
x86-host system. The compilation goes through, but the tests fail to run on
the target with errors as shown below.
1. This is how I compiled the library.
On Mon, May 16, 2011 at 8:51 AM, Sergey sh0...@gmail.com wrote:
Hello,
I have a program, written on C++ and QT.
I need to implement checking of file signature in my program, so that it
would do the same check, as this openssl command:
openssl dgst -sha1 -signature signature.bin -verify
OK, this is perplexing. I have a PEM-format RSA key in a character string
called _publicKey, with newlines between the header, key data, and trailer.
Like this:
-BEGIN PUBLIC KEY
MCwwHRTJKoZIhvcNAQEBBQADGwAwGAIRALPMoZzXMLIKhidteVfdR28CAwEAAQ==
-END PUBLIC KEY-
But
A follow-up: After seeing an example, I tried printing the result of
ERR_reason_error_string(ERR_get_error()). It's null.
On Mon, May 16, 2011 at 9:53 AM, John Hascall j...@iastate.edu wrote:
Duh, thanks to the people who pointed out that the pointer returned by
PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use
Xcode, which refuses to show any local variables and GDB claims they don't
From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Sundar
Sent: Monday, 16 May, 2011 16:06
Alert 21 seems to be decryption failure.
Alert description aka alert code 21, yes.
But OP says he is getting an encrypted alert, apparently in
wireshark, which then can't and doesn't decode
From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Sundar
Sent: Monday, 16 May, 2011 10:18
You could hack ur client and server to use cipher null and see the
alert in clear..most,y should be digest failure.
If you mean MAC failure (actually MAC-or-decryption-failure,
since they
Am not sure what the poster of this msg is actually doing, but I faced a
similar problem when I was trying to achieve SSL from kernel, I had to work
on sk_buff chains and fragmented SSL Records, and during my development, I
got a lot of error alerts of 21 as some boundary conditions were not met.
From: owner-openssl-us...@openssl.org On Behalf Of Mohan Radhakrishnan
Sent: Monday, 16 May, 2011 00:13
Not sure why I mixed up the order earlier but this procedure works.
If the old leaf is first in the .pem file followed by the
new intermediate and the old root the intermediate is
On Mon, May 16, 2011, G S wrote:
A follow-up: After seeing an example, I tried printing the result of
ERR_reason_error_string(ERR_get_error()). It's null.
ERR_print_errors_fp(stderr) might be more useful: see FAQ.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial
16 May 2011 Monday 7:28 P.M. Singapore Time
For Immediate Release
SINGAPORE, SINGAPORE - Singapore Citizen Mr. Teo En Ming (Zhang Enming)
would like to report first hand account of mind intrusion and mind
reading. I have been hearing voices for quite some time now but I have
not been able to
Thanks to those who answered. It was a simple goof using std::string's
substr() method; I was treating the second parameter as the end position
rather than the character count, thus lopping off some essential characters
and causing the failure. It works now.
38 matches
Mail list logo