AW: EVP_CipherFinal_ex fails

Hello, I still have not found a solution for the below problem. Can anyone offer any help? Cheers Nico Von: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Im Auftrag von Nico Flink Gesendet: Mittwoch, 23. November 2011 12:12 A

Re: Authenticated channel as authentication for a TLS connection

Thanks Jakob; that's simple and elegant, and a much better fit for how my authentic channel operates. I'm not quite sure what you mean by the phrase 'all the "encrypted" handshake traffic up to a specific point'. I think it should work if I hash the entire handshake, which I could collect using th

Re: Usage of CAPath/CAFile options in int SSL_CTX_load_verify_locations Reg.

Hi Dave, Thanks for the reply. Some more followup questions here: In case of a server application, it is expected to send > the intermediate certificates to the client. And in this case, > is this API -- SSL_CTX_load_verify_locations( ) sufficient to be used? > Or is there a separate API to send

Adding a Friendly name

Please can you advise how I can add a Friendly name to a CA Certificate using OpenSSL ? Many thanks __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-use

Re: Authenticated channel as authentication for a TLS connection

Here is my proposal based on experience doing something similar: 1. Establish the TLS session with a strong DH agreement, but no certificate or an untrusted unchecked server certificate. While establishing the TLS session, hash all the "encrypted" handshake traffic up to a specific point with a

Re: revoking a certificate without having to provide pass phrase as next step

Two realistic options: A) Use the "-passin" option to the openssl tool, this can be used to specify that the password should be read from a pipe, whose output comes from a program that obtains it in some secure way and which is only willing to output it under the right circumstances. I don't rem

Re: revoking a certificate without having to provide pass phrase as next step

I know. that's why i'm looking for a way, where I can provide it in some way other than needing to interact with system. 2011/11/29 Curt Sampson > On 2011-11-29 04:15 +0100 (Tue), Peter wrote: > > > It generally works, but after the command above is sent, i have to type > in > > pass phrase manu

stunnel 4.49 released

Dear Users, I have released version 4.49 of stunnel. The ChangeLog entry: Version 4.49, 2011.11.28, urgency: MEDIUM: * Bugfixes - Missing Microsoft Visual C++ Redistributable (msvcr100.dll) required by FIPS-compliant OpenSSL library was added to the Windows installer. - A bug was fi