I want to create expired Certs as to address them in code.
You would think this would be easy.
I use this command below to create a Cert and then a PKCS12 which I commonly
use for things.
openssl genrsa -out myrsa.pem 2048
openssl req -new -key myrsa.pem -inform pem -x509 -days 731 -out my.crt
Jeff,
Thanks for the suggestion but that isn't the case. You'll note below that the
unresolved external symbols are from fips_premain.obj, which was naturally
compiled from fips_premain.c.
fips_premain.obj : error LNK2001: unresolved external symbol unsigned
In looking at fips_premain.c,
Original Message
From: James ja...@nixsecurity.org
To: openssl-users@openssl.org
Cc: openssl-users@openssl.org
Sent: Wed, Feb 6, 2013, 3:51 PM
Subject: Re: Issue with 1.0.1d with Apache 2.2.23
Original Message
From: James ja...@nixsecurity.org
To: openssl-users@openssl.org
On 07/02/2013 14:36, James wrote:
Just an update, using a SSLCipherSuite in the SSL configuration file for Apache
of RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 works fine. The ciphers we're
using are
Original Message
From: Bruce Cran br...@cran.org.uk
To: openssl-users@openssl.org
Cc: James ja...@nixsecurity.org
Sent: Thu, Feb 7, 2013, 9:48 AM
Subject: Re: Issue with 1.0.1d with Apache 2.2.23
On 07/02/2013 14:36, James wrote:
Just an update, using a SSLCipherSuite in the SSL
On Wed, Feb 06, 2013, Memmott, Lester wrote:
Jon,
I???m having trouble with fipslink as well and thought it might help to
compare notes. These are the linker errors I???m getting using Visual
Studio 2008:
If you can it is far easier to link against the DLLs created by the FIPS
capable
Jon,
I've not made any meaningful progress yet, but found a few interesting things.
I'm using fipslink.pl as is and didn't have to modify it. Did you have to
modify yours before you called ntdll.mak? It's used in there.
I didn't have to modify it to build openssl but when I looked
Dr Henson,
Thanks so much for your response. Perhaps some clarification is in order.
When you state static libraries are you referring to libeay32 being
statically linked with the c runtime libraries? ...or do you mean my
application statically linking in the openssl libraries?
Thanks,
On Thu, Feb 07, 2013, Memmott, Lester wrote:
Thanks so much for your response. Perhaps some clarification is in order.
When you state static libraries are you referring to libeay32 being
statically linked with the c runtime libraries? ...or do you mean my
application statically linking
Dr Henson,
Excellent! Thanks for clarifying that for us!
Jon,
I'm using dynamic openssl libraries so I have no need pursue this further. If
you still do, good luck!
Thanks,
Lester
__
OpenSSL Project
Hello,
Is there a porting guide for porting 0.9.x to 1.x version of OpenSSL
especially to be used with the latest FIPS module? For an example, it appears
that SHA1_Init... cannot be used in FIPS mode and EVP_MD_... API should be used
instead.
Thank you,
-Pandit
On Thu, Feb 07, 2013 at 08:00:42PM +1300, Trevor Jordan wrote:
It is bad practice to clone keys. You should also not depend on
OpenSSL negotiating a particular algorithm. OpenSSL's key are
for the OpenSSL session only. Keys for your application should
be the result of a suitably independent
Hi,
on UNIX one can pass a file descriptor to an unrelated process. Is it
possible to serialize/deserialize the current SSL state so that the
receiver can continue to handle the connection without the other side
noticing?
If yes, how?
Thanks,
Torsten
s-s3-tmp.key_block
s-s3-tmp.key_block_length
I think, these are the variables you are looking for.. Memory for the
key_block is allocated in ssl3_setup_key_block() or tls1_setup_key_block()
functions. Key Block contains keys and IVs in the following order as
specified in RFC.
client write
On Thu, Feb 7, 2013 at 9:00 AM, Trevor Jordan jordan.tre...@gmail.com wrote:
From what I understand so far, the KeyBlock is the place to look for the
key? It's just a matter of getting the sizes and order of the individual
Keys and IV's so that I can extract the bits I need. Any pointers in
Is it possible to serialize/deserialize the current SSL state so that the
receiver can continue to handle the connection without the other side
noticing?
Yes it's possible. Two places to look are the session ticket code within
OpenSSL, and the serialize function in Apache module modssl.
On Thursday 07 February 2013 07:31:55 you wrote:
On Wed, February 6, 2013 23:47, Thomas Koeller wrote:
bash-4.0$ openssl verify -x509_strict -CAfile cacert/root_ca.pem -purpose
sslserver cacert/host_ca.pem
cacert/host_ca.pem: C = DE, ST = Hamburg, O = K\C3\B6ller Family, OU =
K\C3\B6ller
From what I understand so far, the KeyBlock is the place to look for the
key? It's just a matter of getting the sizes and order of the individual
Keys and IV's so that I can extract the bits I need. Any pointers in that
area?
While it is technically possible to extract keys (search for
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
Sent: Wednesday, 06 February, 2013 16:59
To: openssl-users@openssl.org
Subject: Re: fipslink
On Wed, Feb 6, 2013 at 2:40 PM, Memmott, Lester
lester.memm...@landesk.com wrote:
Jon,
I'm having trouble with fipslink as
From: owner-openssl-us...@openssl.org On Behalf Of Thomas Koeller
Sent: Thursday, 07 February, 2013 15:54
On Thursday 07 February 2013 07:31:55 you wrote:
On Wed, February 6, 2013 23:47, Thomas Koeller wrote:
bash-4.0$ openssl verify -x509_strict -CAfile cacert/root_ca.pem
-purpose
20 matches
Mail list logo