Im getting the following error using openssl x509 -inform DER -in cms_cert.der
-text
140026491385512:error:100D7010:elliptic curve routines:ECKEY_PUB_DECODE:EC
lib:ec_ameth.c:206:
140026491385512:error:0B07707D:x509 certificate routines:X509_PUBKEY_get:public
key decode error:x_pubkey.c:164: I
Your EC point is on the brainpoolP256r1 curve. This curve isn't
supported by OpenSSL (yet).
--
Erwann ABALEA
Le 20/10/2014 10:16, Harakiri a écrit :
Im getting the following error
using openssl x509 -inform DER -in cms_cert.der -text
140026491385512:error:100D7010:elliptic curve
Hello,
I have a signing certificate with which I sign a message with openssl
command line. I do NOT use -nocerts option, so the signing certificate
should be embedded in the CMS message. I verify that it exists by
retrieving it with command:
openssl cms -verify -in infile.ini -certsout
Hi All,
I have a question regarding SSL_MODE_SEND_FALLBACK_SCSV introduced in
OpenSSL 0.9.8zc as part of a preventive measure for SSL 3.0 POODLE
vulnerability.
I have client and server applications using OpenSSL for SSL/TLS
communication. My question is that what will happen if I update my
Hello,
I have a signing certificate with which I sign a message with openssl
command line. I do NOT use -nocerts option, so the signing certificate
should be embedded in the CMS message. I verify that it exists by
retrieving it with command:
openssl cms -verify -in infile.ini -certsout
On 10/20/2014 12:50 PM, Aditya Kumar wrote:
1. Will this updated client set with TLS_FALLBACK will be able to work
with un-updated Server(server using older version of OpenSSL where this
FALLBACK mode is not set)?
No, the behavior of existing OpenSSL applications will not change.
OpenSSL
Hi,
I have seen following strange behavior with openssl sources:
1. First time I compiled openssl sources 1.0.1j, downloaded from openssl
site, without any build options, like not shutting down ssl2, ssl3, It compiled
successfully. On this compiled sources, I added build options,
On Mon, Oct 20, 2014, Rares Dumitrache wrote:
Hello,
I have a signing certificate with which I sign a message with
openssl command line. I do NOT use -nocerts option, so the signing
certificate should be embedded in the CMS message. I verify that it
exists by retrieving it with command:
What is the best way to check if a raw socket connection is SSL or not?
Or better to say... is there an OpenSSL API that can check if that connection
is a supported SSL protocol or not?
Thanks a lot.
--
Marco Bambini
http://www.sqlabs.com
http://twitter.com/sqlabs
http://instagram.com/sqlabs
I had the same issue and was given the following patch.
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index f0c2df0..4d2bbb2 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -671,11 +671,11 @@ foreach (values %lib_nam)
$lib_obj=$lib_obj{$_};
local($slib)=$shlib;
- if (($_
Hi,
it worked. Thank you a lot.
Thanks - Pradeep Reddy.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Arthur Ramsey
Sent: Monday, October 20, 2014 7:11 PM
To: openssl-users@openssl.org
Subject: Re: Openssl 1.0.1j
I had the same issue and was given
Hi,
My file already has the contents:
foreach (values %lib_nam)
{
$lib_obj=$lib_obj{$_};
local($slib)=$shlib;
if (($_ eq SSL) $no_ssl2 $no_ssl3)
{
This is the first time I've seen this point of view expressed but it does make
evident sense - after all, the whole idea of falling back is to find a mutually
acceptable version. However it conflicts with some of the previous advice I've
seen on the list which recommended that
When I said always I meant always when you fall back
I was being too terse and not clear enough.
Hope this helps.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
-Original Message-
From: owner-openssl-us...@openssl.org
Hi all,
Can anyone confirm the order in which certs are returned by
SSL_get_peer_cert_chain()?
Regards,
Graham
—
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Well I think I'm completely confused about this option now; always when you
fall back seems to suggest that falling back is an application level operation
(as opposed to openssl-implemented behaviour), is it? i.e. is the onus on the
client application to retry with a lower version if it wants
Well I think I'm completely confused about this option now; always when
you fall back seems to suggest that falling back is an application level
operation (as opposed to openssl-implemented behaviour), is it? i.e. is the
onus on the client application to retry with a lower version if it
On 20/10/14 21:10, Nou Dadoun wrote:
Well I think I'm completely confused about this option now; always when you
fall back seems to suggest that falling back is an application level
operation (as opposed to openssl-implemented behaviour), is it? i.e. is the
onus on the client
On Mon, Oct 20, 2014 at 09:22:15PM +0200, Graham Leggett wrote:
Can anyone confirm the order in which certs are returned by
SSL_get_peer_cert_chain()?
Last time I read the code, I concluded that SSL_get_peer_cert_chain
returns the certificate chain exactly as sent by the remote server
in its
It certainly does, thanks to you and Rich for the clarification ... N
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Matt Caswell
Sent: October-20-14 1:40 PM
To: openssl-users@openssl.org
Subject: Re:
This should be a short question (for a change), am I correct in assuming that
the earliest version of openssl which provided support for TLSv1.1 and TLSv1.2
is openssl 1.0.1?
i.e. there's no support for those in 0.9.8 (soon to be deprecated) or 1.0.0?
One of our products uses 0.9.8 for the
On 20/10/14 23:59, Nou Dadoun wrote:
This should be a short question (for a change), am I correct in assuming that
the earliest version of openssl which provided support for TLSv1.1 and
TLSv1.2 is openssl 1.0.1?
i.e. there's no support for those in 0.9.8 (soon to be deprecated) or
On 10/20/2014 10:10 PM, Nou Dadoun wrote:
Well I think I'm completely confused about this option now; always when you fall
back seems to suggest that falling back is an application level operation (as
opposed to openssl-implemented behaviour), is it? i.e. is the onus on the client
23 matches
Mail list logo