Trouble using openssl s_client

2014-03-17 Thread Marc Chamberlin
Hi - I am trying to test the TLS/SSL connection for my Apache James 2.3.2 email server. When using Thunderbird as a client and connecting via TLS/SSL protocol I don't have any problems sending/receiving email. I am pretty sure that I have set up my private (self-signed) certificate on the serve

RE: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO

2014-03-17 Thread Pingzhong Li
Sorry, just notice it, it might be sent out my 2 years old son by accident. please ignore this email. Regards,Pingzhong > Subject: Re: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO > From: lipzh...@hotmail.com > Date: Mon, 17 Mar 2014 21:13:20 -0400 > To: openssl-users@openssl.org > > U >

Re: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO

2014-03-17 Thread Pingzhong Li
U P Sent from my iPad > On Mar 17, 2014, at 5:48 PM, "hhachem" wrote: > > openssl_capture.txt > Hello, > > I'm using OpenSSL in order to encrypt some emails, that a piece of hardware > sends. But, whenever I try to call SSL_c

How to extract ECC signature bytes from EVP_DigestSignFinal's signature

2014-03-17 Thread axisofevil
I had been using the lower level ECDSA_do_sign for EC signing but had to migrate to EVP functions. If I get signature from EVP_DigestSignFinal(), what format is the signature, and how can I extract the 'real' bytes? I'd expect 32 bytes each for r and s. I need the 'real bytes' for compatibility.

SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO

2014-03-17 Thread hhachem
openssl_capture.txt Hello, I'm using OpenSSL in order to encrypt some emails, that a piece of hardware sends. But, whenever I try to call SSL_connect(), I get : SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol After sending

Renegotiation and/or Revalidation of CRL and/or Certs files during an active client connection.

2014-03-17 Thread Blechman, Ronald I, Jr (Ron)
I'm looking for a way to revalidate my CRLs and Certificate files for an active TLS client session whenever the files themselves have been updated using the SSL(3) api calls. Specifically, my application would like to do the following: Whenever a new CRL or Certificate is downloaded to my applic

Re: fips_premain.c, C++ compiler, and work arounds?

2014-03-17 Thread Jeffrey Walton
On Sun, Mar 9, 2014 at 9:06 AM, Dr. Stephen Henson wrote: > On Sun, Mar 09, 2014, Jeffrey Walton wrote: > >> I still have not found a solution to using OpenSSL with a C++ compiler. >> >> fips_premain.c makes the following declarations. They lack 'extern >> "C"', so I've got unresolved symbols: >>

Re: FIPS_mode_set Software Integrity self-test question

2014-03-17 Thread Steve Marquess
On 03/17/2014 01:45 PM, Jason Schultz wrote: > I've been doing some testing with the latest 2.0 FIPS Object Module I > downloaded and 1.0.1e OpenSSL and have a question. > > > I was wondering what the Software Integrity self-test is designed to > accomplish? It seems like it's to ensure the so

FIPS_mode_set Software Integrity self-test question

2014-03-17 Thread Jason Schultz
I've been doing some testing with the latest 2.0 FIPS Object Module I downloaded and 1.0.1e OpenSSL and have a question. I was wondering what the Software Integrity self-test is designed to accomplish? It seems like it's to ensure the source code or build hasn't been tampered with. Out of cu

RE: Sha256

2014-03-17 Thread Glenn, William
Hi Aya, I have not tried this with a self-signed certificate, but putting the "-sha256" option in the signature command has worked for me before, i.e., x509 -req -in server.csr -signkey server.key -out server.crt -sha256 The can check the attribute with: x509 -text -in server.crt ... Signatur