Hi,
I successfully built the FIPS 2.0 module (2010), its tests passed, and
it was installed correctly in /usr/local/ssl/fips-2.0.
I then build openssl 1.0.1 (2010):
./config fips shared
make
which all seems to go ok
Then I do:
make test
and eventually get this error:
...
Testing key
Hi Steve,
A Lotus Domino server v8 wants to connect to my postfix like several others
do with client certificate authentication over TLS.
Unfortunately, it fails early on with
warning: TLS library problem: 25785:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1053:SSL alert
I've just started using openssl, and have been having some problems with
valgrind. Here's my distilled test program:
#include openssl-1.0.0e/include/openssl/hmac.h
#include openssl-1.0.0e/include/openssl/evp.h
#include string.h
char key[20] = { 0 };
int
main()
{
HMAC_CTX * context;
#include openssl-1.0.0e/include/openssl/hmac.h
#include openssl-1.0.0e/include/openssl/evp.h
#include string.h
char key[20] = { 0 };
int
main()
{
HMAC_CTX * context;
context = (HMAC_CTX *) malloc(sizeof(*context));
Do you need to malloc the context (a pointer) ?
I
Hi all,
I am newbie to openssl any help is greatly appreciated.
I have a requirement of fetching the Common name (domin name ) from the
certificate that I request from any HTTPS websites. I followed the regular
method of
1. establish a connection with the ip address using *connect() *system
Hi all,
on various sources on the internet I found that it is possible to
concatenate two X509 CRL's together.
cat file1.pem file2.pem combined.pem
However, if I run
openssl crl -in combined.pem -text -noout
I see only the revoked certificates from file1.pem
Is this not supported? Should I
The concatenation of two digitally signed CRLs is not a
valid digitally signed CRL. Some applications may
happen to have code to explicitly support this hack, but
that ability could actually be a security hole as an enemy
could concatenate an outdated and a current CRL, fooling
such applications
The combined crl means a certificate revocation list including all revoked
certificate for the whole (and single) CA and the partitioned one is a more
light crl limited to a known number of emitted certificate. CAs must publish a
number of partitioned crls that covers all issued certificates
You are getting the question completely wrong!
This is not about CAs issuing partial, incremental and complete CRLs
(something OpenSSL has silly problems with handling). This is about
a user who though that concatenating CRL files as text would be a
valid way to produce a complete/combined CRL
Jonas Schnelli
jonas.schne...@include7.ch writes:
#include openssl-1.0.0e/include/openssl/hmac.h
#include openssl-1.0.0e/include/openssl/evp.h
#include string.h
char key[20] = { 0 };
int
main()
{
HMAC_CTX * context;
context = (HMAC_CTX *) malloc(sizeof(*context));
Do you
On 11/15/2011 11:39 AM, Henrik Grindal Bakken wrote:
Jonas Schnelli
jonas.schne...@include7.ch writes:
#includeopenssl-1.0.0e/include/openssl/hmac.h
#includeopenssl-1.0.0e/include/openssl/evp.h
#includestring.h
char key[20] = { 0 };
int
main()
{
HMAC_CTX * context;
context =
On Mon, Nov 14, 2011, Kevin Fowler wrote:
Hi,
I successfully built the FIPS 2.0 module (2010), its tests passed, and
it was installed correctly in /usr/local/ssl/fips-2.0.
I then build openssl 1.0.1 (2010):
./config fips shared
make
which all seems to go ok
Then I do:
thank you.
We'll probsbly switch to OCSP then.
Olivier
2011/11/15 Jakob Bohm jb-open...@wisemo.com:
The concatenation of two digitally signed CRLs is not a
valid digitally signed CRL. Some applications may
happen to have code to explicitly support this hack, but
that ability could actually
Hi,
I'm indirectly using OpenSSL through Net::SSLeay¹, which I use through
AnyEvent::TLS². AnyEvent::TLS provides the means to define a custom
verification mechanism by setting verify_cb³. Here's an example (keys
included):
http://paste.scsys.co.uk/159837
If the custom verification callback
Hi, Arjun,
For non-blocking case, you have to handle SSL_ERROR_WANT_READ and
SSL_ERROR_WANT_WRITE
In that case you need to redo *SSL_connect.*
*
*
Huaqing
On Tue, Nov 15, 2011 at 5:51 AM, Arjun SM arjun...@gmail.com wrote:
Hi all,
I am newbie to openssl any help is greatly appreciated.
Thank you - that was my problem
On Tue, Nov 15, 2011 at 9:43 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Mon, Nov 14, 2011, Kevin Fowler wrote:
Hi,
I successfully built the FIPS 2.0 module (2010), its tests passed, and
it was installed correctly in /usr/local/ssl/fips-2.0.
I
Hello,
I am maintaining a piece of code that calls PKCS12_parse. It worked with
an older version of openssl (0.9.8m), but it is not working with version
1.0.0
Here are some clips:
X509 *cert = NULL;
BIO*in = NULL;
STACK_OF(X509) *ca_certs = NULL;
PKCS12
On Tue, Nov 15, 2011, dricha...@globalcerts.net wrote:
Hello,
I am maintaining a piece of code that calls PKCS12_parse. It worked with
an older version of openssl (0.9.8m), but it is not working with version
1.0.0
Here are some clips:
X509 *cert = NULL;
BIO
On Tue, Nov 15, 2011, Tobias Nissen wrote:
Hi,
I'm indirectly using OpenSSL through Net::SSLeay¹, which I use through
AnyEvent::TLS². AnyEvent::TLS provides the means to define a custom
verification mechanism by setting verify_cb³. Here's an example (keys
included):
Dr. Stephen Henson wrote:
On Tue, Nov 15, 2011, Tobias Nissen wrote:
I'm indirectly using OpenSSL through Net::SSLeay¹, which I use
through AnyEvent::TLS². AnyEvent::TLS provides the means to define
a custom verification mechanism by setting verify_cb³. Here's an
example (keys included):
On Tue, Nov 15, 2011, Tobias Nissen wrote:
Dr. Stephen Henson wrote:
On Tue, Nov 15, 2011, Tobias Nissen wrote:
I'm indirectly using OpenSSL through Net::SSLeay¹, which I use
through AnyEvent::TLS². AnyEvent::TLS provides the means to define
a custom verification mechanism by setting
From: Jakob Bohm [mailto:jb-open...@wisemo.com]
Sent: Tuesday, November 15, 2011 2:28 PM
On 11/15/2011 11:39 AM, Henrik Grindal Bakken wrote:
Jonas Schnelli
jonas.schne...@include7.ch writes:
#includeopenssl-1.0.0e/include/openssl/hmac.h
#includeopenssl-1.0.0e/include/openssl/evp.h
I made some progress. The call to PKCS12_parse succeeded, but the pkey
returned was NULL. Please see below where I indicated how I created this
.p12 file. I wonder why the PKCS12_parse command can't read its private
key. I keep suspecting on permissions, but they seem ok - this app is
running as
Sorry, but this is just getting more interesting: it seems that the call
fails when I type the right password (within the app, not in my sample).
It is when I typed the wrong password that the call succeeded, but
returned the empty key...
Will keep investigating...
Dirce
I made some progress.
During the test of my C code using OpenSSL, I noticed that even though
CA certs were not loaded, SSL verification succeeded unexpectedly.
Attached below is a simplified code that demonstrates what I have been
seeing. I intentionally commented out the section where tries to load
CA certs, but
25 matches
Mail list logo