> From: owner-openssl-us...@openssl.org On Behalf Of Prashanth kumar N
> Sent: Thursday, 29 March, 2012 10:02
> Bit confusing... are you saying that i need to add NULL termination
> at the end of encrypted data? Isn't this wrong? I assume i shouldn't be
> NULL terminating the
> From: owner-openssl-us...@openssl.org On Behalf Of (me)
> Sent: Wednesday, 28 March, 2012 20:45
> AES-OFB or AES-CFB or AES-OFB are stream modes [with no padding]
Sorry; I meant to write -OFB or -CFB or -CTR.
While I'm correcting, -GCM is also a (new) stream mode,
implemented in 1.0.1; it d
> From: owner-openssl-us...@openssl.org On Behalf Of Alex Chen
> Sent: Wednesday, 28 March, 2012 17:50
> When the padding is disabled by setting the padding size to 0
> in EVP_CIPHER_CTX_set_padding(), is the output data block
> size the same as the input block size?
> Will this reduce the encry
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Monday, 26 March, 2012 01:52
> I was going through the RFC of AES and it does say we get the IV upon
> unwrapping . Check the below link
> http://www.ietf.org/rfc/rfc3394.txt
Not really. 2.2.3 says
In the final step of
> From: owner-openssl-us...@openssl.org On Behalf Of Prashanth kumar N
> Sent: Wednesday, 28 March, 2012 03:01
> As i read min AES block size is 128 bits which can go up to
> 256 bits in multiples of 32-bits. Is this correct?
No but almost. The *algorithm* Rijndael designed b
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Wednesday, 21 March, 2012 01:46
> Coming to the usage, i really don't want to use HEX for the
> PKCS5_PBKDF2_HMAC_SHA1(). I just want to input the values i got from
> RAND_byes().
>
> Here is what i am going to do, correct me if
ut for
key wrapping like this, assuming your data keys are random
as they should be, you don't really need nonce IVs, and
you could have both wrap and unwrap use the default in
those routines (8 x A6) or some other fixed value.
>
> Dave Thompson-5 wrote:
> >
> >&g
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Monday, 19 March, 2012 09:17
> I have a requirement of wrapping a 512-bit DEK witk 256 bit
> KEK. I picked up
> openssl API and figured out that it provides AES_wrap_key()
> to do the job. I
OpenSSL's AES_{wrap,unwrap}_key doe
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Tuesday, 20 March, 2012 00:36
> Thanks a lot Dave for pointing out few things which i need to
> take care. By
> the way as this is not complete code, original code already
> has taken care
> of few things.
>
> Now coming to th
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Monday, 19 March, 2012 13:25
> On 3/19/2012 5:26 PM, Nicle wrote:
> > Hi all,
> >
> > I can understand if file-size%16 != 0, openssl will pad data.
> >
> > But it will also pad 16bytes for those file size exactly 16 times.
> >
> From: owner-openssl-us...@openssl.org On Behalf Of Fekete, Tamás
(lesswire AG Ungarn)
> Sent: Saturday, 17 March, 2012 01:03
> But I am thinking, maybe a trivial question to you.
> Do I need use something "to ACK" messages?
Maybe. It depends on your application(s).
SSL/TLS,
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Sunday, 18 March, 2012 03:55
> We have fixed the Segment lost issue which was causing Packet
> drop. But we
> are still seeing the "Encryption Alert" again. I am attaching one more
> packet capture which has all the information.
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Monday, 19 March, 2012 03:06
> I am trying to use PKCS5_PBKDF2_HMAC_SHA1() and below is my
> sample program.
> I wanted to make sure if my result of
> PKCS5_PBKDF2_HMAC_SHA1() is correct so
> i verified the same with the below
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Thursday, 15 March, 2012 14:18
> To: openssl-users@openssl.org
> Subject: Need help on using RAND_bytes()
Aside: your message is not very clear but it appears
your problem is really C programming in general,
not RAND_bytes or e
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Saturday, 10 March, 2012 02:33
> To: openssl-users@openssl.org
> Subject: Re: Please Clarify : Unable to verify leaf signature (21)
>
>
> Thanks Dave.
>
> I request you please give more information regarding this error. What
>
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Wednesday, 07 March, 2012 05:33
> While setting up the TLS session i am facing below error.
>
> TLS Alert Level: Fatal, Description: Unable to verify leaf
> signature (21)
>
> I created the Chained certfificate like below :
> From: owner-openssl-us...@openssl.org On Behalf Of Curt Sampson
> Sent: Tuesday, 06 March, 2012 00:38
> If I run
>
> openssl x509 -nameopt show_type -noout -text -in user-a1.crt
>
> against the certificate below, the openssl command line
> program appears
> to crash in the middle of prin
> From: owner-openssl-us...@openssl.org On Behalf Of Edward Ned Harvey
> Sent: Tuesday, 06 March, 2012 13:18
> > From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> > us...@openssl.org] On Behalf Of Mr.Rout
> >
> > 1) what is intermediate certificate validation ?
>
> When you generate
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Monday, 05 March, 2012 23:35
> To: openssl-users@openssl.org
> Subject: Need help on using AES_wrap_key() function
> 1. As i understand AES_wrap_key(), first argument AES_KEY
> *key is the key
> which needs to be wrapped and *in
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Wednesday, 29 February, 2012 15:51
> I do not know why MS KB2643584 does not mention changing TLS 1.1
> and/or TLS 1.2 behavior, maybe someone familiar with the attack
> described in CVE2011-3389 knows a reason.
>
Well, at le
> From: owner-openssl-us...@openssl.org On Behalf Of burtbick
> Sent: Thursday, 23 February, 2012 14:13
> Hi, I'm working on a project where I need to interact with a
> hardware device that is using Triple DES-ECB for encrypting keys.
>
> One of the first things that I'm trying to do is to gene
> From: owner-openssl-us...@openssl.org On Behalf Of praveenpvs
> Sent: Tuesday, 21 February, 2012 10:24
> When I extracted the public key and saved to file, the Public
> key file looks like [---END--- line incomplete]
> I am not able to figure out what is problem.
> Any suggestions/thoughts??
>
> From: owner-openssl-us...@openssl.org On Behalf Of Pingzhong Li
> Sent: Monday, 20 February, 2012 14:55
> To: openssl-users@openssl.org
> Subject: self signed cert verification is failed
> we have a server which has a self signed certificate, however
> when we tried
> to use openssl to connect
> From: owner-openssl-us...@openssl.org On Behalf Of praveenpvs
> Sent: Sunday, 19 February, 2012 23:15
> I am new to OPENSSL. I have a certificate, i need to extract
> public key and
> serial number from it. I know the command to do that, but i
> wanted to use
> api in my application.
> Could
> From: owner-openssl-us...@openssl.org On Behalf Of MK
> Sent: Saturday, 18 February, 2012 10:59
> On Fri, 17 Feb 2012 12:12:43 -0700
> Dave Meetchum wrote:
>
> > I am trying to use OpenSSL on iOS and Android in conjunction with
> > libcurl for my applications HTTP interface. From what I unders
> From: owner-openssl-us...@openssl.org On Behalf Of
rober...@mail.uni-paderborn.de
> Sent: Thursday, 16 February, 2012 03:07
> To: openssl-users@openssl.org
> Subject: Define own x.509v3 Extension, "myterious zeros"
>
> Hallo mailing list.
>
> I want to define an own Extension for a specific usa
> From: owner-openssl-us...@openssl.org On Behalf Of manoj dhyani
> Sent: Saturday, 04 February, 2012 23:59
> both soapUI and client application built using axis 2c are running
> on the same machine, I have axis2java based client running on the
> same machine and works fine
> th
> From: owner-openssl-us...@openssl.org On Behalf Of Kacper86
> Sent: Monday, 06 February, 2012 09:49
> I would like to use openssl library in my iOS application
> (Objective-C) to generate certificate signing request [like]
> openssl req -new -newkey rsa:2048 -nodes -out common_name.csr -keyout
> From: owner-openssl-us...@openssl.org On Behalf Of Chris
Satterthwaite
> Sent: Friday, 03 February, 2012 15:55
> I am using OpenSSL to run through a sizable number of web server
> connections (~500), and tell me which certs are getting ready to expire.
> My utility has worked
> From: owner-openssl-us...@openssl.org On Behalf Of manoj dhyani
> Sent: Friday, 03 February, 2012 00:13
> I am using the following WSDL
>
https://nestlepreview.i-nexus.com/nestlepreview/webservices/v1/nexus.wsdl
> and trying to get data using the operations from the WSDL,
> From: owner-openssl-us...@openssl.org On Behalf Of incogn...@mixnym.net
> Sent: Wednesday, 01 February, 2012 16:31
> Not sure if this is an OpenSSL bug.
>
> When making a key and certificate:
>
> When going through the dos request and coming to this:
>
I'm no sure what you mean by 'dos re
> From: owner-openssl-us...@openssl.org On Behalf Of Matt Caswell
(fr...@baggins.org)
> Sent: Thursday, 26 January, 2012 18:16
> I think that the stream that it writes to is platform specific.
> So depending on your platform it will be one of stderr, con
> or /dev/tty.
> Since you said you've a
> From: owner-openssl-us...@openssl.org On Behalf Of Neale Ferguson
> Sent: Tuesday, 24 January, 2012 12:44
> There¹s a system I'm attempting to interface to that uses SSL, via the
> gsToolkit I believe, to protect its transmissions. However,
> it doesn't begin
> the protection until it exchanges
> From: owner-openssl-us...@openssl.org On Behalf Of Peter Eckersley
> Sent: Thursday, 26 January, 2012 16:39
> To: openssl-users@openssl.org
> Subject: Separating the digest and signature steps of RSA signing
>
> Hi all,
>
> I have an offline system that needs to compute RSA signatures over
> la
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Wednesday, 18 January, 2012 02:52
> root@1143726:/usr/bin# openssl s_client -connect 10.204.4.69:7003
> WARNING: can't open config file: /usr/ssl/openssl.cnf
> CONNECTED(0003)
> depth=0 C = IN, ST = Karnataka, L = Bangalo
> From: hamid.sha...@sungard.com [mailto:hamid.sha...@sungard.com]
> Sent: Wednesday, 18 January, 2012 10:36
> - Yes, I am calling load certificates before the trying to
> make a connection. According to your suggestion, I have tried
> to used openssl s_client to see the callback events and go
> From: owner-openssl-us...@openssl.org On Behalf Of
hamid.sha...@sungard.com
> Sent: Tuesday, 17 January, 2012 09:01
> I am trying to create SSL connection with a remote server
> using OpenSSL in visual C++ (Visual Studio-2008, Win-7). I am
> getting the following errors. Plea
> From: owner-openssl-us...@openssl.org On Behalf Of Philip R. Landreth
> Sent: Friday, 13 January, 2012 09:55
> The files were given to me in .txt format and the original file is a
> .txt. as for the "keyfile" being in .txt I don't know. I used -p to
> print the key and iv and used those instead
> From: owner-openssl-us...@openssl.org On Behalf Of Suter, Ray CTR NAVAIR,
724000D
> Sent: Friday, 13 January, 2012 11:18
> Is there a way to remove a cipher completely from ever being
> used? We use retina and it is picking up
> DES-CBC-SHA and I need to remove it from being used, seen, or
>
> From: owner-openssl-us...@openssl.org On Behalf Of Michael S. Zick
> Sent: Thursday, 12 January, 2012 13:24
> On Thu January 12 2012, Johannes Bauer wrote:
> > Hello group,
> >
> > I have a question regarding the verify method of OpenSSL: If I have a
> > certificate chain: Root -> A -> B -> Lea
> From: owner-openssl-us...@openssl.org On Behalf Of Philip R.
Landreth
> Sent: Thursday, 12 January, 2012 09:33
> I was sent 2 files and a partial java code that another company uses
to decrypt.
> byte[] encryptedData = (byte[])msg.getBody().get();
> byte[] decrypti
> From: owner-openssl-us...@openssl.org On Behalf Of Wojciech Kocjan
> Sent: Wednesday, 11 January, 2012 14:47
> I am working on reworking existing code that uses several OpenSSL APIs
> from using files to store keys, certificates and CAs to passing this
> directly from memory (so that it can be r
> From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
> Sent: Thursday, 05 January, 2012 11:34
> On Wed, Jan 04, 2012, vhow...@currenex.com wrote:
> error:05067068:Diffie-Hellman routines:GENERATE_KEY:key size too small
> The above problem is cause by FIPS mode refusing to gene
> From: owner-openssl-us...@openssl.org On Behalf Of Mick
> Sent: Monday, 26 December, 2011 14:01
> I seem to have overcome the original problem. Now both the
> cacert and signed
> client certificates are formatted in the same way. I used -policy
> policy_anything to avoid complaints from o
> From: owner-openssl-us...@openssl.org On Behalf Of Matthew Pounsett
> Sent: Wednesday, 28 December, 2011 13:24
> It looks like there's been a recent change that's causing
> 'req' to insist on a config file, presumably for reading the
> OID info from. Is there a way to get the interactive mode
> From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> Sent: Tuesday, 27 December, 2011 06:20
> But regarding this:
> >>Important note: make sure the old and new root certs have
different
> names. (Same for intermediate CAs, which your example doesn't have.)
>
> From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> Sent: Thursday, 22 December, 2011 10:55
> Another doubt I have is about the SSL_CTX_set_client_ca_list
> and the SSL_get_client_ca_list.
> I understand that the set method is called by the server to
>
> From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> Sent: Tuesday, 20 December, 2011 04:16
> What will be the recommendation from the open source community for
> supporting the following scenario in a openSSL based client/server
application:
> The certi
> From: owner-openssl-us...@openssl.org On Behalf Of Nathan Smyth
> Sent: Monday, 19 December, 2011 13:48
> I was wondering if has any examples (either pasted or links) on
> using file descriptors (i.e. standard socket type operations) with
OpenSSL.
> I tried some basic c
Sorry about the HTML but Outlook refuses to convert this for some reason.
_
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Yang Chun-Kai
Sent: Saturday, 17 December, 2011 14:18
To: openssl-users@openssl.org
Subject: openssl genpkey command not
Sorry for the delay, I misplaced this temporarily.
> From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro
> Sent: Thursday, 08 December, 2011 12:02
>I am now working with 1.0.0.e and am able to get the
> anonymous DH going. There is only one small problem.
> From: owner-openssl-us...@openssl.org On Behalf Of rey sebastien
> Sent: Wednesday, 14 December, 2011 07:33
> I have some problem with nested subdomain and wildcard openssl
> certificate..
> When i create the self signed certificate, i enter CN =
> *.parisgeo.cnrs.fr,
> From: owner-openssl-us...@openssl.org On Behalf Of
hamid.sha...@sungard.com
> Sent: Monday, 12 December, 2011 10:53
> I am trying to create SSL connection with a remote server using
OpenSSL
> in visual C++ (Visual Studio-2008, Win-7). I am getting the following SSL
errors.
>
> From: owner-openssl-us...@openssl.org On Behalf Of Joss T
> Sent: Tuesday, 13 December, 2011 04:16
> In the context of sending requests, I've seen a number of people
> using SSL_VERIFY_PEER in combination with SSL_VERIFY_FAIL_IF_NO_PEER_CERT
> e.g. (SSL_VERIFY_PEER | SSL_VERI
> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar
> Sent: Tuesday, 13 December, 2011 14:37
> >I am looking for OpenSSL api to parse pkcs7 bag of
> certificate file that
> >has two certificates a SubCA and the other the leaf cert.
> Is there an openssl api that would en
> From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson
> Sent: Saturday, 03 December, 2011 20:44
> > 2. Is there any way to decrypt Application data (HTTP
> > data) on wireshark itself ?
>
> If using kRSA and you have/get the server's private k
> From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro
> Sent: Saturday, 03 December, 2011 23:23
> I would like to generate my own DH private/public keys and
> have the client/server exchange these values. The problem I am
> having is that the openssl build I have is
> From: owner-openssl-us...@openssl.org On Behalf Of Nico Flink
> Sent: Monday, 05 December, 2011 06:31
> To avoid the padding problem I tried the AES OFB and CFB
> streaming modes. Indeed this solves the padding problem. But
> if I understand the concept of stream ciphers correctly every
> bit
> From: owner-openssl-us...@openssl.org On Behalf Of pankajy
> Sent: Monday, 05 December, 2011 10:26
> I am doing SSL Communication having no certification
> validations on client
> and server side. So I skipped this validation and tried
> SSL_connect with
> host. Here I can successfully connect
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Saturday, 03 December, 2011 02:56
> My TLS client can validate both CN and SN & i need to test both the
> scenario.
>
> I don't know how to create certificate with "subjectAltName
> extension" using openssl commands.
>
> In th
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Saturday, 03 December, 2011 02:59
Aside: this item was apparently delayed in master.openssl.org
from 03.0758Z to 03.1907Z and delivered to my mailhost 03.1914Z.
> Can somebody please clarify my silly questions ? I need to
> un
Accidentally sent privately, copying to list for anyone else interested
> From: Dave Thompson [mailto:dthomp...@prinpay.com]
> Sent: Friday, 02 December, 2011 17:47
> To: 'Ashok C'
> Subject: RE: Usage of CAPath/CAFile options in int
> SSL_CTX_load_verify_locations Reg.
> From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro
> Sent: Thursday, 01 December, 2011 20:59
> I used the built in s_server and s_client (command line) as follows
> and the ssl connection is established.
> openssl s_server -nocert -cipher aNULL
>
> From: owner-openssl-us...@openssl.org On Behalf Of Nico Flink
> Sent: Friday, 02 December, 2011 02:32
> I am aware of CipherFinal() but I wonder why CipherUpdate()
> writes anything into the final buffer at all if the buffer size
> is a multiple of the padding size. Additiona
> From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro
> Sent: Thursday, 01 December, 2011 16:17
> I would like to turn off certificates and use anonymous DH for
> a DTLS exchange. What flags do I use in the s_server and s_client
programs?
> I set the -no
> From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> Sent: Wednesday, 30 November, 2011 00:51
> Some more followup questions here:
> In case of a server application, it is expected to send
> > the intermediate certificates to the client. And in this case,
> From: owner-openssl-us...@openssl.org On Behalf Of Jonas Schnelli
> Sent: Wednesday, 30 November, 2011 09:57
> I try to pre-calculate the size of a EVP_Seal encrypted buffer
> (just the seal, exkl. keys). How do i precalculate that? I assume
> with some blocksize stuff (i'm a
> From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> Sent: Monday, 28 November, 2011 00:35
> One more question here:
> In case of a server application, it is expected to send
> the intermediate certificates to the client. And in this case,
> is this API -- SSL_C
> From: owner-openssl-us...@openssl.org On Behalf Of Craig
> Sent: Monday, 21 November, 2011 11:56
> I'm fairly new to C/C++ so please bear with me.
Warning: beware of people who tell you C++ is a superset of C.
It's not. C++, deliberately, includes MOST of C -- maybe
80-90%, d
> From: owner-openssl-us...@openssl.org On Behalf Of Aravind GJ
> Sent: Tuesday, 22 November, 2011 23:32
> I use BIO_new_mem_buf and PEM_read_bio_X509 to convert
> the certificate in memory buffer to X509 certificate format.
> Finally the certificate is then added to the CA sto
> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta
Majumdar
> Sent: Thursday, 17 November, 2011 19:44
> There is a requirement to process a pkcs7 bag of certificate chain.
> Is there an OpenSSL API to parse the certificates in a PKCS7
> bag and get
> each of the certificates in
Correcting myself for the record:
> From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson
> Sent: Thursday, 17 November, 2011 18:53
> As I said, I don't believe any openssl commandline
> function will create a 'degenerate' (cert-only) PKCS#7, which
> From: owner-openssl-us...@openssl.org On Behalf Of Laerte Junior
> Sent: Wednesday, 16 November, 2011 06:23
> First, thanks for your answer.
> But I using crypt processor to generate key pair (rsa 1024),
> and the structure of certificate I implement the ASN.1 manually
> From: owner-openssl-us...@openssl.org On Behalf Of Benoit Rouleau
> Sent: Friday, 11 November, 2011 12:19
> I have a problem. I am attempting to generate a self-signed
> (for internal use) certificate with multiple SAN and all I can get
> is a V1 certificate with no SAN at al
> From: owner-openssl-us...@openssl.org On Behalf Of Laerte Junior
> Sent: Saturday, 12 November, 2011 14:22
>I'm working with embedded system project and I need to receive
PKCS7
> and store the fields(DN, signature, public key, etc.). Before, I generate
> a CSR to test (atta
> From: owner-openssl-us...@openssl.org On Behalf Of Wim Lewis
> Sent: Friday, 04 November, 2011 15:44
> On 4 Nov 2011, at 7:12 AM, Mr.Rout wrote:
> > Can any body please let me know "what is the difference between TLS
> > Connection and TLS Session ?
>
> If a client makes a connection to a serv
> From: owner-openssl-us...@openssl.org On Behalf Of Abdulhadi
Abulzahab
> Sent: Saturday, 05 November, 2011 12:32
> 1 - I want to use the " sha1" command but I need the result to go
> into txt file not only to appear on the screen
> otherwise I need to print the result o
> From: owner-openssl-us...@openssl.org On Behalf Of Akanksha Shukla
> Sent: Thursday, 03 November, 2011 11:25
> I want to summarize
> I am using the SSL API's for client application to get connect
> to server and that worked fine over IPv4. Now my requirement is to
> ha
> From: owner-openssl-us...@openssl.org On Behalf Of ramaswamy
> Sent: Thursday, 03 November, 2011 07:44
> Try this...if you need some extensions you can add those in
> openssl.cnf.
>
Several minor errors, and some infelicities.
>
> export OPENSSL_CONF=./openssl.cnf
> PATH=.:$PATH
>
> # Root C
> From: owner-openssl-us...@openssl.org On Behalf Of Evans, Darren E (IS)
> Sent: Thursday, 03 November, 2011 17:04
> I build both the 0.9.8k and 0.9.8r from the source. They are
> configured the same way, ./Configure solaris-sparcv9-cc
> no-shared no-ecdh
>
> It is installed in /usr/local/ssl
> From: owner-openssl-us...@openssl.org On Behalf Of Michael S. Zick
> Sent: Tuesday, 01 November, 2011 09:15
> On Mon October 31 2011, Dave Thompson wrote:
> > compiled without error, and gave the symptom reported --
> > because CRYPTO_cfb128_1_encrypt treats the length
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Monday, 31 October, 2011 13:43
> I am newbie to Openssl. I am confused about Chained ROOT
> certificates?
> Could someone please guide me the step by step approach for generating
> Chained ROOT certificate?
>
> e.g. My Server
> From: owner-openssl-us...@openssl.org On Behalf Of re.est
> Sent: Tuesday, 01 November, 2011 10:22
> > I am a newbie in the cryptography area and learning by writing some
> > test code.
> > I have setup the apache server and capturing packets using
> wireshark.
> > I have a query specific to R
> From: owner-openssl-us...@openssl.org On Behalf Of evansda
> Sent: Tuesday, 01 November, 2011 11:43
> My customer(Government) wants to block use of SSLv2 with the
> INN server due
> to security vulnerabilities. I recompiled the INNews source
Good for them (and you), although several years la
> From: owner-openssl-us...@openssl.org On Behalf Of Michael S. Zick
> Sent: Sunday, 30 October, 2011 06:36
> On Sun October 30 2011, Ananthasayanan Kandiah wrote:
> > #include
> > #include
> > #include
> > #include
> >
> > #define KEY_SIZE 16
> Ask the compiler to help you:
>
> mszick@wol
> From: owner-openssl-us...@openssl.org On Behalf Of Akanksha Shukla
> Sent: Monday, 31 October, 2011 08:48
> {
>FILE * pFile1;
>char mystring [500];
>pFile1 = fopen ("result.txt","a");
>i
> From: owner-openssl-us...@openssl.org On Behalf Of David Durham
> Sent: Thursday, 27 October, 2011 16:48
> I'm new to C++ and libssl, but nevertheless trying to write an SSH
> server. I have gone through tutorials and believe I have a working
> server that initializes and SSL context, binds and
> From: owner-openssl-us...@openssl.org On Behalf Of Ratin, Yuliya S.
> Sent: Wednesday, 26 October, 2011 09:55
> Connection to SQL Server 2008 R2 database (cluster install)
> We're seeing the connection reset while testing from multiple
> sources and applications - it see
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Wednesday, 19 October, 2011 06:04
> On 10/19/2011 6:10 AM, Mohan Radhakrishnan wrote:
> >
> > Hi,
> >
> > Is there any material available that shows flows of one-way/two-ssl
> > and different types of CA architectures ? We us
> From: owner-openssl-us...@openssl.org On Behalf Of Lucas Clemente Vella
> Sent: Wednesday, 19 October, 2011 22:44
> Then I found this directory in my system, "/etc/ssl/certs", containing
> my installed CA roots, which I provided to OpenSSL, instead of the
> certificate file:
> It seems to me t
> From: owner-openssl-us...@openssl.org On Behalf Of TSCOconan
> Sent: Tuesday, 18 October, 2011 14:57
>I'm trying to implement certificate signature verification
> on a Microchip pic controller.
>After reading PKCS#1 V2.1
> I realized that encryption is essentially the same as
> si
> From: owner-openssl-us...@openssl.org On Behalf Of nilesh
> Sent: Thursday, 13 October, 2011 09:17
> I have a query related to decrypting the packets when
> Diffie-Hellman is
> used for key exchange.
> I know wireshark cannot decode these packets, as it will not know the
> random secret gene
> From: owner-openssl-us...@openssl.org On Behalf Of Ruiyuan Jiang
> Sent: Thursday, 13 October, 2011 18:13
> I have a certificate generated with RSA format for Apache web
server.
> Now I have a need to convert the key and cert or generate a new key,
> csr with same URL name us
> From: owner-openssl-us...@openssl.org On Behalf Of nilesh
> Sent: Monday, 10 October, 2011 07:35
> I have an issue related to RSA decryption while using https.
> I have setup a dummy https server and captured packets on wireshark.
>
If you just want to decrypt a session and aren't aware of it,
> From: owner-openssl-us...@openssl.org On Behalf Of brajan
> Sent: Tuesday, 04 October, 2011 10:58
> can any one tell me why the signature verification in
> openssl fail when the
> message is signed bu java IBM fips compliant.i am using
> openssl 0.9.8g in
> power Pc. i am getting error in
>
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Friday, 30 September, 2011 13:27
> On 9/30/2011 5:04 PM, michael lush wrote:
> > On Fri, Sep 30, 2011 at 3:07 PM, Jakob
> Bohm wrote:
> >> Linkable shared libraries "lib/libcrypto.so" and
> "lib/libssl.so" (.DLL if
> >> Wi
> From: owner-openssl-us...@openssl.org On Behalf Of jb-open...@wisemo.com
> Sent: Thursday, 29 September, 2011 18:46
> Because the attributes mentioned are only meaningful if covered by the
> digital signature on the certificate, it cannot change in any format
> conversion that keeps the certifi
> From: owner-openssl-us...@openssl.org On Behalf Of Rajib Karmakar
> Sent: Thursday, 29 September, 2011 07:22
> The problem was with the install path. When we don't mention
> "--prefix",
> OpenSSL is installed in some other path. And does not update
> the already
> installed binaries. Thus I wa
> From: owner-openssl-us...@openssl.org On Behalf Of Mauricio Klein
> Sent: Monday, 26 September, 2011 17:15
> I'm using a SOAP toolkit called gSoap and this toolkit provide
> an interface to create SSL context.
> Using tha samples released in the toolkit, i have
x27;t look for the actual RFC status. Of course
you can do anything both/all endpoints agree to even if nonstandard.
But if you want those two you need to patch s3_lib.c also.
> From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson
> Sent: Friday, September 23, 2011 8:
601 - 700 of 1134 matches
Mail list logo
