Hi Stephan,
I didn't handle properly fd_write and fd_read events after ssl_accept
returning WANT_READ or WANT_WRITE. So sometimes SSL handshake didn't
complete succesfully. I use plain socket descriptors with some WSA functions
for selecting events, instead of MFC-Windows AsyncSocket classes.
On Fri, Jun 07, 2013, Michael Wild wrote:
Thanks for all the answers. Now I feel really stupid about forgetting
the implicit 0...
Stephen: How do I prevent my program from hashing the data?
EVP_md_null()? After all, hashing a hash is pretty pointless for my case...
It depends on how you
Hi,
when i tried to build FIPS 2.0.3 on Linux 2.6.16 x86-64 platform it is not
showing any error message , but ips_premain_dso exe/library is not built..
Can you please give input to debug.
Regards,
Sarju
We are using OpenSSL version 0.9.8l
And what we find is that the DSA private key formats are different in FIPS
and non-FIPS mode
In FIPS mode it starts with
-BEGIN PRIVATE KEY-
Whereas in non-FIPS mode it starts with
-BEGIN DSA PRIVATE KEY-
I understand that this is expected
Hi All,
I am reading thru the ca.c in the apps directory to understand how to
issue a certificate using OpenSSL and I came across this fragment of code
which I am struggling to understand.
Just before signing the certificate the code executes this fragment
pktmp=X509_get_pubkey(ret);
if
On 6/1/2013 1:13 AM, Matt Caswell wrote:
On 31 May 2013 21:07, Matt Caswell fr...@baggins.org wrote:
On 31 May 2013 16:42, Jakob Bohm jb-open...@wisemo.com wrote:
Interesting, I don't seem to be able to find code that calls dh_check
or equivalent on received DH group parameters, but then the
Hi,
Is it possible to create a PKCS8 RSA Private Key using a non-password based
encryption algorithm? There doesn't appear to be an option through the command
line `openssl pkcs8`. If it is not possible to do this through OpenSSL (which
seems to be the case), is it not a valid way to encrypt
On 6/7/2013 1:17 PM, srikanth chakravarthula wrote:
Hi Jakob,
Thank you for your response.
So If I understand, when genrsa or rand command is called, it uses the
seeded random number from /dev/random or /dev/urandom and generates the
key and then re-seeds the random bytes from the /dev/random
On 12.06.2013 14:57, Dr. Stephen Henson wrote:
On Fri, Jun 07, 2013, Michael Wild wrote:
Thanks for all the answers. Now I feel really stupid about forgetting
the implicit 0...
Stephen: How do I prevent my program from hashing the data?
EVP_md_null()? After all, hashing a hash is pretty
On 6/12/2013 10:17 PM, Thaddeus Fuller wrote:
Hi,
Is it possible to create a PKCS8 RSA Private Key using a non-password
based encryption algorithm? There doesn’t appear to be an option through
the command line `openssl pkcs8`. If it is not possible to do this
through OpenSSL (which seems to be
On 12 June 2013 21:15, Jakob Bohm jb-open...@wisemo.com wrote:
As for the DH_check_pub_key() function, checking if pubkey is in the
range two to large prime minus 2, inclusive is an insufficient check
against accepting degenerate keys. For instance NIST SP 800-56A
requires the following
Also I found that this works fine with openssl 1.0.1
Where keys are generated in FIPS mode with the following line.
Can someone let me know why this change in behavior between 0.9.8l and
1.0.1?
-BEGIN DSA PRIVATE KEY-
Thanks,
Anamitra
On 6/12/13 12:01 PM, Anamitra Dutta Majumdar
Hi,
I tried to validate a certificate from Comodo using their OCSP, but I
cannot verify the response:
3073455752:error:27069076:OCSP routines:OCSP_basic_verify:signer
certificate not found:ocsp_vfy.c:85:
The certificate I want to validate was issued by
C=GB, ST=Greater Manchester,
They are doing a CA signed OCSP response, this is legitimate.
We will do this in the not so distant future as well for many of our
responses also.
You basically need to look at the responderID and see if it's the same
entity that signed the certificate you are checking if so use that key
From: owner-openssl-us...@openssl.org On Behalf Of anu.engineer
Sent: Wednesday, 12 June, 2013 15:03
I am reading thru the ca.c in the apps directory to understand how
to issue a certificate using OpenSSL and I came across this fragment
of code which I am struggling to understand.
Just before
15 matches
Mail list logo
