e while
handling these errors? or How I can gracefully come out of this situation
and avoid infinite loop ?
Thanks in advance.
Regards,
Amit
alled from the "int_rsa_verify()".
I tried to find it in google but I am getting only openssl man pages.
Could someone please help me how to get the definition of these functions.
Any other suggestions for porting RSA_verify will also be welcomed.
Thanks & Regards,
Amit
--
open
-android-
For FIPS:
cd openssl-fips-2.0.7
./config
make
make install INSTALLTOP=$PWD/../fips
cd ..
For OpenSSL:
cd openssl-1.0.1i
./config fips shared --with-fipsdir=$PWD/../fips
--openssldir=$PWD/../OpenSSLFips
make depend
make
make install
Thanks in Advance
Amit
Compliation instruction for Openssl android is well availabe in wiki.
Please go through it.
Regards,
Amit
On Jul 21, 2014 7:47 AM, Kyle Hamilton aerow...@gmail.com wrote:
This isn't an android developer support list, but you can gain access to
the built-in openssl by using the Native
Abhishek.
--
Regards,
Amit Agrawal
Amit amit.uttam@... writes:
Hello,
Looking at *crypto/sha/asm/sha1-x86_64.pl*, there is a measurement that
states 5.3 cycles / byte when computing the sha1.
How was this measurement obtained? I tried using linux perf tools and
got close to this figure but I am not sure if I am
Hello,
Looking at *crypto/sha/asm/sha1-x86_64.pl*, there is a measurement that
states 5.3 cycles / byte when computing the sha1.
How was this measurement obtained? I tried using linux perf tools and
got close to this figure but I am not sure if I am performing the
correct test.
Thanks,
Amit
really new to OpenSSL API's and learning it. Please consider me as a
beginner while replying.
Any help will be greatly appreciated.
--
Amit Kumar
Engineer
Assuming i'm only using SSL_set_bio to assign a BIO to the SSL object
(all other calls are read/write), will the SSL_free suffice?
Amit
On Wed, Jul 14, 2010 at 16:08, Darryl Miles
darryl-mailingli...@netbauds.net wrote:
Amit Ben Shahar wrote:
The documentation specifies
Hi,
The documentation specifies that SSL_ERROR_ZERO_RETURN is returned if
the transport layer is closed normally.
My question is, how should i handle this return code?
specifically should i call SSL_free normally to free resources, or are
resources already freed?
Thanks,
Amit Ben Shahar
ssl_write(mSsl, buff, dataLength);
// free buffer now
free tmpBuff;
is this legal?
(considering that ssl_write did not return want_read/want_write)
Thanks
Amit.
__
OpenSSL Project http
I am having issues with a server, i'm getting many of these errors
especially while running a load (~80 users), up to a point that every
client i use gets this error
the decryption_failed_or_bad_record_mac flag is set in s3_pkt.c:466,
the mac does not match the 'md' variable
Here is the call
I am having issues with a server, i'm getting many of these errors
especially while running a load (~80 users).
here is the full error message:
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record
mac
It seems to be occurring during the negotiation (accept) phase.
Maybe
On Fri, Apr 23, 2010 at 21:35, James Mansion
ja...@mansionfamily.plus.comwrote:
Amit Ben Shahar wrote:
One of the crucial ingredients is ssl using OpenSsl. but we are
encountering a problem with the 'no OPENSSL_Applink' error.
as this is a .Net project, there is no way (i can think
the
Uplink/applink to recognize a method in the .Net assembly (i understood that
it cannot be in an adjacent dll) OR to completely eliminate the Applink
usage.
If i misunderstood please correct me :)
Amit Ben Shahar
VP RD
ISQ Technologies
(+972) 545-592-934
a...@isqgroup.net
www.isqgroup.net
2010/4/24
Would anyone happen to know how i can eliminate the requirement of the
applink implementation? why would we actually need it?
Amit Ben Shahar
On Sat, Apr 24, 2010 at 13:25, Amit Ben Shahar amit.b...@gmail.com wrote:
Patrice,
I think your have misunderstood me (or i did you),
From what you
Patrice,
Thank you for the clarification, i'll try just that and post back with my
results.
Thanks!
Amit Ben Shahar
2010/4/24 Patrice Guérin guer...@magic.fr
Amit,
No, I don't misunderstand you.
The (real) example I gave is in fact similar (I think so)
In a classic Win32 application
On Sat, Apr 24, 2010 at 18:29, James Mansion
ja...@mansionfamily.plus.comwrote:
Amit Ben Shahar wrote:
The .Net.Security.SslStream is not working in asynchronous calls, meaning
we'd have to implement it in a thread-per-connection paradigm, which is
obviously not an option.
Why 'obviously
with openSsl 0.9.8, all the source and relevant
binaries are in the sourceforge project.
I'd appreciate any insight.
Regards,
Amit Ben Shahar
amit.
- Original Message
From: Dave Thompson dave.thomp...@princetonpayments.com
To: openssl-users@openssl.org
Sent: Monday, April 27, 2009 3:08:44 PM
Subject: RE: Openssl 0.9.8j Client Hello
From: owner-openssl-us...@openssl.org On Behalf Of Amit Singh
Sent: Saturday, 25 April
0.9.8j work.
Any pointers would help.
Thanks in advance
amit.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
0.9.8j work.
Any pointers would help.
Thanks in advance
amit.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
didn't get ant error.
Is openssl installation is wrong ?
we have to install some other package ?
or is this is a bug in net-snmp-5.4 ?
Please help me out.
Thanks
Amit
___
Yahoo! For Good helps you make a difference
http
for some
tips.
Regards,
Amit Sharma
Thank You! That is exactly what I needed.
-Original Message-
From: Geoff Thorpe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 25, 2008 10:02 AM
To: openssl-users@openssl.org
Cc: Amit Sharma
Subject: Re: Question regarding use of SSL_get_ex_new_index
On Mon, 2008-03-24 at 17:38 -0400
--Amit
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Simon Edwards
Sent: Friday, June 01, 2007 9:14 AM
To: openssl-users@openssl.org
Subject: RE: openssl clients for windows
Hi Gary,
I've seen this message when a dependent library is missing. Try using
Hi Gary,
Try using the dependency walker. It's a great tool.
http://www.dependencywalker.com/
--Amit
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of gary clark
Sent: Friday, June 01, 2007 10:36 AM
To: openssl-users@openssl.org
Subject: RE: openssl
on.
You can find that information via the Dependency walker UI
--Amit
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of gary clark
Sent: Friday, June 01, 2007 11:52 AM
To: openssl-users@openssl.org
Subject: RE: openssl clients for windows
Hello,
I changed my
\ntdll.mak install
Put the batch file under \\0.9.8e\openssl-0.9.8e. Then run the batch
file (double click will also do).
Try it out
--Amit
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of gary clark
Sent: Friday, June 01, 2007 12:18 PM
To: openssl-users
Try to drop in MSVCR80.dll in system32
--Amit
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of gary clark
Sent: Friday, June 01, 2007 4:13 PM
To: openssl-users@openssl.org
Subject: RE: openssl clients for windows
Hey Amit,
I built the visual studio
Hi All,
My application uses libeay32.dll and Ssleay32.dll. I have noticed that
on some computers my application won't start giving a 0xc0150002 Error.
I am not sure why I having this problem.
Anyone has faced a similar problem
Thanks,
--Amit
I do this?
Thanks
Amit
be
using to accomplish that?
Thanks
--Amit
Hi,
I am retrieving the store from SSL_CTX
SSL_CTX_get_cert_store()
I add certificates to the store using
X509_STORE_add_cert()
What APIs are there to facilitate me to list the certificates in the
STORE.
Thanks
--Amit
(such
as, openssl) that shall allow me to tweak around the SSL handshake
instead of rewriting the complete protocol. Any documentation on the
implementation of the SSL handshake will also be quite useful.
Any ideas?
Thanx in advance,
Gracias,
Amit
PS. I am relatively new to openssl. Incase therez some pre
;
case SSL_ERROR_ZERO_RETURN:
file://BIO_printf(bio_s_out,DONE\n);
break;
file://goto err;
// coutDone;
}
-SIGTERM
amit
- Original Message -
From: Shao (E-mail) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, December 13, 2002 1:47 PM
Subject: Who steal
(socket layer)
has not been properly initialized
though SSLv2_server_method() might do what SSL_set_acceptstate will do
try explicitly setting it to server mode
-SIGTERM
amit
John Cronin wrote:
I have a server program running, which basically executes the following
SSLCTX *sslctx;
SSL *sslcon
well what server method are u using the problem seems to come from there
-SIGTERM
amit
[EMAIL PROTECTED] wrote:
I am (trying) to create a http proxy server with a
secure socket
I am using a Demo Cert from another sample code I
downloaded.
All seems good but I get a error on SSL_accept
is a IE browser
is it a problem with IE or the openSSL library will i have to implement
something on the server side to work around the this problem
i m using openssl-0.9.6c
-SIGTERM
amit
__
OpenSSL Project
will
give u the string reprsentation it will give a proper error message
check the status of the calls u are making each of these can fail
-SIGTERM
amit
PS i assume that uhave done SSL_library_init()
[EMAIL PROTECTED] wrote:
Hi all,
I am trying to write a server that coneects using winsock
ne ideas how can i set a new local CA on my machine
-SIGTERM
amit
On Wed, 27 Mar 2002, Bhavin Shah wrote:
Hi Amit,
I cannot exactly solve the particular problem which you mention, but you can
go through the directory:
openssl_source_root_directory/apps
This directory contains
hello
How do i handle the STACK_OF data type
what functions ormacros are provided for extracting individual elements of this
stack
-SIGTERM
amit
__
OpenSSL Project http://www.openssl.org
User
Accept is returning me a bad asn1 object header
error can nebody explain me what are the possiblw causes of this
error
iam using sslv23server method and have
initailized SSL _CTX SSL SSL method objects without any errors
-SIGTERM
amit
(.text+0x332): undefined reference to `dlclose'
collect2: ld returned 1 exit status
gmake[1]: *** [ssl_test] Error 1
gmake: *** [all-recursive] Error 1
*** failed ***
i hope this gives a fair idea about what my problem could be
i am not getting it
-SIGTERM
amit
This is the source code of the file i have already posted the output of make
-SIGTERM
amit
/***
main.c - description
---
begin : Tue Mar 5 10:23:09 IST 2002
copyright : (C) 2002 by amit
email : ljfl
I have been trying to compile s file using
SSL_library_init
tduring compile it throws a lot of undefined errors
like ssl_algs.o uddefined reference to "EVP_des_cbc"
i have already linked libssl.a
can anybody suggest some remedies
-SIGTERM
amit
i linked using libssl.a libcrypto.a i m getting errors
like
dlfnc
- Original Message -
From: Richard Levitte - VMS Whacker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, March 04, 2002 9:16 PM
Subject: Re: compile errors
From: amit limaye [EMAIL PROTECTED]
amit.limaye
hello
the SSL Layer sits between the application (say HTTP) and the
transport (TCP)
so it should hide all transport calls like socket()
connect() accept()
it does this and if i am writing an SSL application
i don't need to know SSL handshake details
is this right ?
-SIGTERM
amit
Hello does calling SSL_Connect mean that i would
not have to call the TCP Connect
-SIGTERM
amit
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.out.println(**End of SSL Authentication**);
System.out.println(**111*);
String name=Amit;
URL url2 = null;
url2 = new URL(https://localhost:7002/soap/servlet/rpcrouter
for a passphrase to decrypt the private key.
Enter there the passphrase that you entered when you generated the
certifcate request/private key.
Amit.
__
OpenSSL Project http://www.openssl.org
User
how to use this
feature. If anybody could enlighten me on the use of this call,
it would be great.
Regards,
Amit.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
SSL_new and SSL_free for each connections helps avoid
fragmentation and heap access (heap access is serialized on NT. I
believe
its the same on Linux). These tips really mean much only if efficiency
is
your primary concern.
Good luck,
Amit.
Thanks for helping!
Yours VW
.
Regards,
Amit.
"Dearnaley (EXT), Roger" wrote:
I would like to use openssl to generate keys and certificates for import
into Microsoft IIS 4.0 (since IIS only produces keys with up to 1024-bit RSA
moduli).
I seem to have all the key generation and signing stuff working, the problem
Hi,
I just wanted to know if there is any work happening on an OCSP
library for
OpenSSL. Or is it something that is left to the users i.e goes into the
verify callback?
Thanks,
Amit.
__
OpenSSL Project
of looking at it.
Regards,
Amit.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL
for ssl_read/write.
I hope this is not misleading.
Regards,
Amit.
David Schwartz wrote:
[snip]
I thought that this meant that 'ssl_bio' would be the
decrypted side and
'bio_io' would be the encrypted side. However, I send encrypted data to
'bio_io' and that exact same data (still
alright. Also it would be great if calling
SSL_clear also de-allocates the BIO buffer. I re-use SSL structures
across connections, so I call SSL_free only when my server exits.
I haven't looked at the code for SSL_clear. Maybe it already does such
a thing.
Regards,
Amit
?
My doubts arise out of concern of handling these conditions properly and
transparently in my application.
And yeah, I am not asking about establishment of new sessions after
expiry.
Details would be appreciated.
Thanks,
Amit
That is probably because, the client CA list that the server sends
does not contain the CA that issued the client certificate.
Search archives for thread titled :
***Why and when do I need SSL_CTX_set_client_CA_list()?**
Hope this helps,
Amit.
Pinca George wrote:
Hello world,
I got
really needn't lose much sleep on the bugs front.
Regards,
Amit.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
by the choice of record size and would greatly
appreciate any explanation.
Thanks,
Amit.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List
. But I am learning.
Thanks a lot. This thread has been extremely informative.
I undertand the BIO mechanisms (fairly) well. I have to now code
it right.
Regards,
Amit.
__
OpenSSL Project http
of this
and it never matter now many bytes are given to SSL_write?
I know these are a lot of questions, but the asnwers are kinda critical
to my understanding of OpenSSL.
Thank You,
Amit.
__
OpenSSL Project
ng here? I believe that the SSL state machine
is not getting reset properly. What can I do to fix this? I wish to avoid
allocating memory at run time and I believe doing a SSL_new does allocate
memory for a host of structures.
I apologise for the repost, but I'm quite literally stuck.
Th
);
}
else //repost same message
PostQueuedCompletionStatus(info);
break;
}
}
The pseudo-code might have some minor mistakes, but I hope
the point I'm trying to make is not lost.
Thanks for any help,
Amit
send
to the client in 'Certficate Request' message. The client then checks
if
it has a certificate signed by one of these CAs to send to the server.
If it doesnot then, ideally the handshake should fail if client
authentication
is not optional.
Amit
ood random seed ?
Thanks,
Amit.
additional seed in the form of PID, thread ID, system time, and
other private data.
Of the items you listed, all of them could be easily guessed. :)
/r$
__
OpenS
Hi,
There are 2 things that could be wrong here.
Firstly check if your browser has strong ciphers enabled (you might be
using an export version) and secondly check if the same is enabled in
your Apache-modSSL server. I think the server config parameter is
SSLCiphers or something.
Amit.
chee
hi,
Do the follwing when you deinit ssl
void
SSLDeInit()
{
EVP_cleanup();
ERR_remove_state(0);
ERR_free_strings();
OBJ_NAME_cleanup(-1);
}
This solved my problem. With luck it'll solves yours too.
Amit.
"Daniel M. Pomerantz" wrote:
I tried to send
to the site?? when the web server has accepted the connection
or when the handshake has finished ?
Thanks,
Amit.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
to the site?? when the web server has accepted the connection
or when the handshake has finished ?
Thanks,
Amit.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
using the callback for ephemeral keys still causes memory to
leak.
Thanks,
Amit.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated
]
ERR_clear_error [err.c:284]
ssl3_accept[s3_srvr.c:116]
ssl3_read_bytes [s3_pkt.c:654]
ssl3_read [s3_lib.c:1034]
SSL_read [ssl_lib.c:633]
Thanks,
Amit
Hello all
I use the openssl library writing a server that can, among other things,
transport files / large amounts of data over the network.
Since not all of the files /data is in compressed form, I would like the
ssl protocol to compress the information before sending it over the
network.
I
after looking into the SSL code i'm more confused
than ever
Is there a clean way out?
One more thing!! How does SSL_OP_SINGLE_DH_USE work with all this??
Thanks,
Amit.
Bodo Moeller wrote:
On Tue, Apr 11, 2000 at 05:10:12PM +0530, Amit Chopra wrote:
I found that when my application
Hello all
I use the openssl library writing a server that can, among other things,
transport files / large amounts of data over the network.
Since not all of the files /data is in compressed form, I would like the
ssl protocol to compress the information before sending it over the
network.
I
, but that i have already freed up in my
case and so the access violations.
How do i get the CRYPTO_free_ex_data function to do a custom free ( like
in my case call DH_free() ?
Thanks,
Amit
__
OpenSSL Project
is having problems with.
:) Amit.
Pluto wrote:
On Thu, 17 Feb 2000, Amit wrote:
Hi,
I think the problem lies with the browser. The browser seems to be an
export version so strong encryption algorithms have been disabled. This
means that in the client_hello the browser's list of available
Hi
The browsers send a prioritised list of ciphers to the server for selection,
strong first, followed by the weaker ones.
The server selects the first cipher that matches. So the server should typically
select the strongest possible common cipher.
:) Amit.
[EMAIL PROTECTED] wrote:
Steve
s_server in the debug mode and actually find out the cipher list that
the browser sends to the server.
:) Amit.
vijay karthik wrote:
Hi!
I selected the "RC2/RC4 encryption with 128 bit key"
cipher for SSL connection from my browser.
I tried to connect to the apache listener(wit
value of EPIPE) - but I don't want to
write into the socket. What can I do?
Thanks in advance,
Amir Amit
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
procedure of adding an algorithm ?
Amit Sahai
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Hi,
Look up the Apache mod SSL code on how they have implemented verification
against the CRL. Its well documented and neat and you just have to copy-paste
that code into yours !! I myself have used that and it works great !!
Amit Chopra.
-Original Message-
From: Patrick O'Neill
84 matches
Mail list logo