Linking the FIPS capable libraries to our code is proving to be a real pain
in the butt. The problem stems from the fact that long before I arrived it
was decided that everything is to be linked statically. So that means that
fipsld is needed. To compound things our code is c++ and compiled using
Hi
New to OpenSSL, but designing a PC application that must encrypt a
stream of 48 bytes message blocks to a USB device with aes128.The iv's
gets generated and synchronized when the connection with the device is
established, and I would like to keep the same cipher context going
until the
Hi,
how can i change datetime output format for commands like
openssl x509 -subject -startdate -enddate -noout -fingerprint -in 01.pem
?
Thanks, Michal
__
OpenSSL Project http://www.openssl.org
On 02/01/2013 03:19 AM, Santhosh Kokala wrote:
Linking the FIPS capable libraries to our code is proving to be a real pain
in the butt. ...
2) Does fipsld have to be used or could I, within the spirit of the security
policy, make my own fipsld of sorts that compiles fipspre_main.c with gcc
Is it possible to have null, untrusted, or shared certificates, to simplify
deployment for apps that don't care about SSL?
Basically I have an infrastructure that uses OpenSSL for comms. As it is
protocol based, it's important that everything runs the same code (I.e. I don't
want different
On Fri, Feb 01, 2013 at 01:46:46PM +, Nathan Smyth wrote:
Is it possible to have null, untrusted, or shared certificates,
to simplify deployment for apps that don't care about SSL?
Absolutely. On all servers that don't require client certificates
(can't ask for client certs when using an
On Fri, Feb 01, 2013 at 03:22:11PM +, Viktor Dukhovni wrote:
On Fri, Feb 01, 2013 at 01:46:46PM +, Nathan Smyth wrote:
Is it possible to have null, untrusted, or shared certificates,
to simplify deployment for apps that don't care about SSL?
Absolutely. On all servers that don't
Thanks Victor for your detailed reply.
I'm still to fully understand the specifics.
However, one question:
On all servers that don't require client certificates
(can't ask for client certs when using an anonymous ciphersuite)
enable anonymous ciphers,
Is it possible to both - in the sense
On Fri, Feb 01, 2013 at 04:24:47PM +, Nathan Smyth wrote:
On all servers that don't require client certificates
(can't ask for client certs when using an anonymous ciphersuite)
enable anonymous ciphers,?
Is it possible to both - in the sense you can check the peer's
certificate IF
I would really appreciate if someone answers my question.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Santhosh Kokala
Sent: Thursday, January 31, 2013 10:13 PM
To: openssl-users@openssl.org
Subject: Regarding FIPS_mode_set()
Hi All,
I have a C++
Dear Victor,
Thanks again for your help.
A bit of background - I'm using SSL in a peer-to-peer scenario, so each
*process* - for want of a better word - (from a TLS perspective) will act as a
TLS client, if they initiate a connection to another, and/or a TLS Server if
they receive a
I am using ECDSA to create and verify a signature for a document.
I apparently cannot use the ecdsa.PEM directory and so here is my question.
Below I have abstraction code for my question. The keys created are with the
openssl
commands shown below.
openssl ecparam -out *ecdsa.pem *-name
I'm trying to link an application that will use openssl and fips.
(sorry about any typos and shortcuts. I have to hand type this because
my development is on a closed system and I can't cut and paste to here)
I'm getting linker errors:
Error LNK2001: unresolved external symbol
Regarding:
C:\temp\nma0452:
setargv.obj d:\work\ssl\ved\Debug\VED.obj d:\work\ssl\ved\Debug\stdafx.obj
d:\work\ssl\ved\Debug\fips_premain.obj
d:\Work\SSL\openssl-1.0.1c\out32dll\libeay32.lib ws2_32.lib gdi32.lib
advapi32.lib crytp32.bli user32.lib
I’m not sure but did you link in
Thanks LM,
I wasn't explicitly including fipscanister.o.
According to my interpretation of the documentation, it should be
included in libeay32.dll:
Section 2.4.2
Note that except in the most unusual circumstances the FIPS Object
Module itself
(fipscanister.o) is not linked
RETRY (previous attempt 01-31 19:34 EST not seen)
From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
Sent: Thursday, 31 January, 2013 18:12
I am running the openssl tool from the FIPCA utility kit to check
the server certificate. I am getting error 20 and 21.
The certificate is
On Fri, Feb 01, 2013 at 07:22:52PM +, Nathan Smyth wrote:
In our current implementation, we assume every process has a
certificate associated with it, and thus, from a TLS perspective,
clients will validate server certificates, and servers will request
and validate client certificates for
Since the quality of OpenSSL documentation, and the ease of
contributing to it, has been a subject of discussion on both the
openssl-users list and the cryptography list in the past few months,
and since the only commercial book on OpenSSL is over a decade old
now, I thought it would be
From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
Sent: Thursday, 31 January, 2013 18:12
I am running the openssl tool from the FIPCA utility kit to check
the server certificate. I am getting error 20 and 21.
The certificate is retrieved successfully from the server and displayed
19 matches
Mail list logo
