: Monday, July 30, 2007 6:55 AM
To: openssl-users@openssl.org
Subject: Re: i2d_DSAPublicKey
Hi,
Edward Chan wrote:
When I call this function, I can see from the generated binary data
that
the format is the public key, followed by the P param, followed by 3
bytes which I don't know what
Anybody have any idea which assembler is preferred when building with
VC8?
Message-
From: [EMAIL PROTECTED] [mailto:owner-openssl-
[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Wednesday, July 25, 2007 4:22 AM
To: openssl-users@openssl.org
Subject: Re: nasm vs. masm
On Wed, Jul 25, 2007, Edward Chan wrote:
Anybody have any idea which assembler
Hi there,
Wondering if anybody has built debug version of openssl? I tried doing
this, in the hopes that I could step into the code if I had the symbols.
I recall doing this successfully back when I was using 0.9.7, but I just
tried with 0.9.8e and I'm unable to step into any openssl
Hi there,
Just curious if anybody has done any profiling of openssl's memory
usage? Is there much heap contention? Has anybody tried plugging in a
3rd party memory manager such as Hoard, or SmartHeap to see if there is
any performance improvement?
Thanks,
Ed
on this!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christophe Devine
Sent: Saturday, April 21, 2007 2:03 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
Edward Chan [EMAIL PROTECTED] wrote:
But I think this always returned me 128 bytes. So am I
I thought I tried this, but let me try again.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christophe Devine
Sent: Saturday, April 21, 2007 2:03 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
Edward Chan [EMAIL PROTECTED] wrote:
But I
:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Friday, April 20, 2007 9:31 PM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Fri, Apr 20, 2007 at 03:43:41PM -0700, Edward Chan wrote:
I apologize for the confusion. I thought I had stated the problem
before. I'm basically trying
@openssl.org
Subject: Re: BIGNUM library
On Fri, Apr 20, 2007 at 01:12:29PM +0530, jimmy wrote:
Edward Chan wrote:
I have more info on this now. I just tried openssl with bsafe
crypto-c
me. Again, I get sporadic failures. When I compare the 2 computed
shared secrets, I see that they are actually
But I think this always returned me 128 bytes. So am I supposed to
bzero the output buffer first?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christophe Devine
Sent: Friday, April 20, 2007 12:00 PM
To: openssl-users@openssl.org
Subject: Re: BIGNUM
on the ASN.1 format for BIGNUM's over
the wire?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Thursday, April 19, 2007 3:14 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Wed, Apr 18, 2007, Edward Chan wrote:
I
PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Tuesday, April 17, 2007 4:40 PM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Tue, Apr 17, 2007, Edward Chan wrote:
The problem with CryptoAPI is that it doesn't give you direct access
to
the shared secret. But I suspect it is wrong since
Thanks for the reply. So I'm a bit confused as to how different crypto
packages interoperate. I've been having a problem with MS CryptoAPI
doing a DH key exchange with OpenSSL. There are some quirks such as
byte order, and a couple other things. But for the most part, I have it
working. But
: Tuesday, April 17, 2007 8:49 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Tue, Apr 17, 2007 at 08:42:12AM -0700, Edward Chan wrote:
Thanks for the reply. So I'm a bit confused as to how different
crypto
packages interoperate. I've been having a problem with MS CryptoAPI
doing
find. Thanks!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Tuesday, April 17, 2007 11:03 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Tue, Apr 17, 2007, Edward Chan wrote:
Right, I see what you're saying
] On Behalf Of Edward Chan
Sent: Tuesday, April 17, 2007 11:15 AM
To: openssl-users@openssl.org
Subject: RE: BIGNUM library
The problem with CryptoAPI is that it doesn't give you direct access to
the shared secret. But I suspect it is wrong since the
encryption/decryption fails (I encrypt something
, 2007 at 11:15:23AM -0700, Edward Chan wrote:
BN_bn2bin(dh-pub_key, buf);
ReverseBytes(buf, size); // MS CAPI requires this in little-endian
Reversing the BER encoded bytes of a big endian integer does not yield
the BER encoding of the correspoding little-endian integer.
--
Viktor
, Edward Chan wrote:
BN_bn2bin(dh-pub_key, buf);
ReverseBytes(buf, size); // MS CAPI requires this in little-endian
Reversing the BER encoded bytes of a big endian integer does not yield
the BER encoding of the correspoding little-endian integer.
But of course BN_bn2bin() does not return BER
How easy or difficult would it be to extract just the BIGNUM library
from OpenSSL? Are there any documents on how to do this?
Thanks,
Ed
:[EMAIL PROTECTED] On Behalf Of Edward Chan
Sent: Monday, April 16, 2007 4:27 PM
To: openssl-users@openssl.org
Subject: BIGNUM library
How easy or difficult would it be to extract just the BIGNUM library
from OpenSSL? Are there any documents on how to do this?
Thanks,
Ed
Is it ok to pass the same input buffer for the output buffer when using
EVP_EncryptUpdate with RC4?
PROTECTED] On Behalf Of Jens Doenhoff
Sent: Sunday, January 14, 2007 12:48 AM
To: openssl-users@openssl.org
Subject: Re: SSL_CTX_load_verify_locations on linux
Hi.
--On Friday, January 12, 2007 11:24:42 PM -0800 Edward Chan
[EMAIL PROTECTED] wrote:
Does anybody know where the trusted root
uses the OpenSSL
crypto APIs.
On 12/20/06, Edward Chan [EMAIL PROTECTED] wrote:
Has anybody done this? I can get it to work when both ends are the
same. But I can't do it when they are different. I also notice the
public key computed by CryptoAPI is 16 bytes larger than that computed
by OpenSSL
a DH key exchange between OpenSSL and MS CryptoAPI
On Sat, Jan 13, 2007, Edward Chan wrote:
I do call the OpenSSL DH crypto API's in my openssl client. But in my
Microsoft CryptoAPI client, the way they show you how to do a DH key
exchange seems like it only works between two MS CryptoAPI end
Hi there,
Does anybody know where the trusted root certificates can be found on
linux? I'm basically looking for the equivalent to the Windows
certificate store on Linux so I can point
SSL_CTX_load_verify_locations() to these trusted root ca certs. Or is
there a way I can use a default
? If it is different for different libs, how do
libs inter-operate with each other?
Thanks,
Ed
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edward Chan
Sent: Friday, December 22, 2006 11:28 PM
To: openssl-users@openssl.org
Is the cert PEM or ASN1 encoded? I think
SSL_use_certificate_chain_file() only works with PEM. Are you passing
SSL_FILETYPE_ASN1 for the type parameter to SSL_use_certificate_file()?
If so, that might explain why one works and the other doesn't.
Ed
I'm playing with various crypto libraries to encrypt/decrypt in
AES-128-CTR. 2 of the 3 libs inter-operate fine with each other; i.e. I
can encrypt with one and decrypt with the other and vice versa.
However, when I use openssl with any of these libs, I am having
problems. It seems like up to
Has anybody done this? I can get it to work when both ends are the
same. But I can't do it when they are different. I also notice the
public key computed by CryptoAPI is 16 bytes larger than that computed
by OpenSSL which I assume is due to some hdr information in the KEYBLOB
that MS generates?
Can anybody point me to some examples on how to use AES-128 in counter
mode? Is this supported thru the EVP interface, or do I need to use the
lower-level API's, such as AES_128ctr_encrypt/decrypt()?
Also, looking at the signature of these API's in aes.h, I don't see a
return code, or anything
Is ECC only used where public key crytography would be used? As a
replacement for DH, for example? Or can it be used where symmetric
cryptography would be used?
Also, are there any IP issues related to using it? I thought I read
that many aspects of ECC has been patented by various people and
Title: BSafe vs. OpenSSL
Has anyone done any performance measurements with Bsafe vs. OpenSSL for AES encryption? Or even for general SSL performance? Would you recommend Bsafe over OpenSSL for some things and not others, or vice versa?
I'm sure OpenSSL is faster :) But just curious what
server like that.
Thanks,
Ed
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Olaf Gellert
Sent: Thursday, November 02, 2006 1:25 AM
To: openssl-users@openssl.org
Subject: Re: How to do client verification?
Hi,
Edward Chan wrote:
I want to verify
Title: How to do client verification?
Hi there,
I'm wondering what is the usual criteria for doing client verification? I've got everything coded to ask the client for a cert, and I get the cert by calling SSL_get_peer_certificate(). But I don't know what to check for to verify the
I want to verify that whoever the client is claiming to be, is actually
allowed to connect. However, I don't know where to find this
information in the cert. Are there standard fields where this
information can be found. For example, in the book, Network Security
with OpenSSL, there is sample
);
}
}
}
}
X509_free(cert);
}
return X509_V_ERR_APPLICATION_VERIFICATION;
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edward Chan
Sent: Wednesday, November 01, 2006 9:27 PM
To: openssl-users@openssl.org
Subject: RE
I think that would be a very useful feature to have! I could definitely
benefit from this in my application. I look forward to when this
becomes available :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz
Sent: Thursday, October
Title: How to get an X509* from a PEM encoded certificate file
I've got some questions about the following API's:
SSL_CTX_use_certificate_chain_file()
SSL_CTX_use_certificate_file()
SSL_CTX_add_extra_chain_cert()
If I have a single PEM encoded file that contains multiple certs, I
I'm sure David will have more to say about how the locking callbacks are
used in OpenSSL. But my understanding is that just because you
implement these, you still cannot freely call SSL_read/SSL_write from
different threads without the proper locking. The reason is because you
have direct access
/s_server.c
Edward Chan wrote:
SSL_accept() is returning = 0. And when I trace out the err msg
using the following code
int iRet = SSL_accept(m_pSSL);
if (iRet = 0)
{// handshake failed
char buf[256];
ERR_error_string_n
Title: Can SSL_accept() return SSL_ERROR_WANT_READ/WRITE for blocking sockets?
SSL_accept() is returning = 0. And when I trace out the err msg using the following code
int iRet = SSL_accept(m_pSSL);
if (iRet = 0)
{// handshake failed
char buf[256];
Title: ERR_get_error() or SSL_get_error()?
If SSL_accept() returns = 0, and I want to see what the error is, should I be calling this to get a string description of the error:
int ret = SSL_accept();
if (ret = 0)
{
char buf[256];
ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
Title: Can OpenSSL be built as static libs?
I was wondering if OpenSSL can be built as static libs as I don't want people to be able to simply replace the dll's with their own.
Thanks,
Ed
Title: Getting public key out of an X509 object
Can someone point me to how I can get the public key out of an X509 object? Basically, what I am trying to achieve is to sign something using the EVP interface and either a DSA or RSA private key, where the associated public key is in the cert.
, or is there another or better way?
_
From: Edward Chan
Sent: Saturday, July 23, 2005 10:25 AM
To: 'openssl-users@openssl.org'
Subject: Getting public key out of an X509 object
Can someone point me to how I can get the public key out of an X509 object
,
Ed
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr.
Stephen Henson
Sent: Thursday, July 21, 2005 4:12 AM
To: openssl-users@openssl.org
Subject: Re: d2i_RSAPublicKey doesn't work
On Wed, Jul 20, 2005, Edward Chan wrote:
Hmm, well, I
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr.
Stephen Henson
Sent: Thursday, July 21, 2005 10:23 AM
To: openssl-users@openssl.org
Subject: Re: d2i_RSAPublicKey doesn't work
On Thu, Jul 21, 2005, Edward Chan wrote:
The code is basically like this:
int len
Horray...that is it. Thanks!!!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edward Chan
Sent: Thursday, July 21, 2005 11:00 AM
To: openssl-users@openssl.org
Subject: RE: d2i_RSAPublicKey doesn't work
So I need to save buf to a tmp first
,
Ed
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr.
Stephen Henson
Sent: Wednesday, July 20, 2005 5:48 PM
To: openssl-users@openssl.org
Subject: Re: d2i_RSAPublicKey doesn't work
On Tue, Jul 19, 2005, Edward Chan wrote:
That part
] On Behalf Of Nils Larsch
Sent: Tuesday, July 19, 2005 12:36 AM
To: openssl-users@openssl.org
Subject: Re: d2i_RSAPublicKey doesn't work
Edward Chan wrote:
If you're referring to http://www.openssl.org/support/faq.html
3. How do I read or write a DER encoded buffer using the
ASN1 functions
Title: d2i_RSAPublicKey doesn't work
What am I doing wrong here? I generate an RSA key. Then I DER encode it. Then try to decode it, but the decode fails. The error says, error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
RSA* rsa = RSA_generate_key(2048, RSA_F4, 0, 0);
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nils Larsch
Sent: Monday, July 18, 2005 1:10 PM
To: openssl-users@openssl.org
Subject: Re: d2i_RSAPublicKey doesn't work
Edward Chan wrote:
What am I doing wrong here? I generate an RSA key. Then I
DER encode
it. Then try to decode
Title: Question about BIO-num_read BIO-num_write
Just want to confirm that these are a running total of number of bytes read and written by this BIO, and not the number of bytes last read or written. Is that correct?
Thanks,
Ed
Title: Compile error in n_pkey.c with 0.9.7g on Win32 using ntdll.mak and nasm
I get the following compile error:
cl /Fotmp32dll\f_string.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2
/Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDI
AN -DDSO_WIN32
Title: Compile error in n_pkey.c with 0.9.7g on Win32 using ntdll.mak and nasm
Crap. Nevermind. I forgot to
run
perl Configure VC-WIN32
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edward
ChanSent: Wednesday, June 08, 2005 1:51 PMTo:
For what it's worth, I've built OpenSSL several times (using VC6), each time
just following the instructions in INSTALL.W32 with NASM and it built fine.
Ed
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr.
Stephen Henson
Sent: Monday, May 09,
Title: Does nFast800 work with OpenSSL on Windows?
Looking at their website, they say that software support for this card includes OpenSSL on Linux. But on Windows, they only mention CryptoAPI. Does anybody know if this means it doesn't work with OpenSSL on Windows? I've sent them an email
Title: Anybody using SafeNet Luna PCI crypto acclerator card?
I've got a C program that uses OpenSSL and I'm trying to use the SafeNet Luna card with it. I've downloaded a modified version of OpenSSL from them which includes support for this LunaCA3 engine, but am still having trouble getting
Thanks for the info. One last question :) So if I am using blocking
sockets, than would I ever get a WANT_WRITE error? I'm guessing no?
But if I am using BIO pairs, and blocking sockets, is it possible to get a
WANT_WRITE error?
Sorry, that was two more questions.
Ed
-Original
Yes, I think I understand what you are saying. If I get a
WANT_READ
from a call to SSL_write, that means I need to read some
data before I
can send.
Not quite, it means the OpenSSL engine must read some
data (from the
socket) before you can perform the 'write' logical
First of all, I want to thank everyone for all the information, especially
David with his excellent explanations. I know this thread is getting long,
but I really think I'm getting it now :) Just a few more questions and
comments...
There may not be any application data, but there should
and
the shutdown is incomplete. Call SSL_get_error()
with the return
value ret to find out, whether an error occurred
or the connection
was shut down cleanly (SSL_ERROR_ZERO_RETURN).
-Joe
On Apr 17, 2005, at 9:12 PM, Edward Chan wrote:
Does SSL_read
Ok, this is getting much clearer. Last question (hopefully)...so if an
SSL_write gets a WANT_READ, is it ok for the read thread to do an SSL_read
before I retry the SSL_write? Does it matter who does the requested
operation as long as it is done? Or does the read thread have to wait until
the
performing the other operation elsewhere. Just make sure that
two threads aren't trying to do this at the same time on the
same connection.
On Apr 16, 2005, at 10:22 AM, Edward Chan wrote:
Ok, this is getting much clearer. Last question
(hopefully)...so if
an SSL_write gets
Title: Confusion about SSL_ERROR_WANT_READ/WRITE
I have an app where reads and writes happen from different threads. Now, ideally, one would envision that I just replace the reads/writes with SSL_read/SSL_write. Now I know it is not as simple as that.
What exactly is the meaning of the
Thanks for this explanation. As I read more, I think I am getting a better
understanding of this. So unlike normal tcp connections, where a read juts
reads, and a write just writes, SSL_read may write, and SSL_write may read.
This is all done under the hood, so I don't need to be concerned with
for the
definitions.
-Tan Eng Ten
Edward Chan wrote:
Is it required to call ENGINE_init()?
Or is this sufficient
ENGINE* e = ENGINE_by_id(id);
ENGINE_set_default(e, ENGINE_METHOD_ALL);
I have looked in various code, and I mostly see the latter. But in
the stunnel code, I see them
whatever crypt accelerator card the user has.
Thanks for all the help.
Ed
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Friday, April 08, 2005 4:23 AM
To: openssl-users@openssl.org
Subject: Re: Use of Engines
On Thu, Apr 07, 2005, Edward Chan wrote
I don't know if /dev/random is available on all linux machines. But I think
it is. But as for Windows, which does not have /dev/random, I believe
OpenSSL seeds the PRNG on Windows automatically using a variety of clever
ideas and sources of entropy. It is probably better than what you could
Title: Use of Engines
Is it required to call ENGINE_init()?
Or is this sufficient
ENGINE* e = ENGINE_by_id(id);
ENGINE_set_default(e, ENGINE_METHOD_ALL);
I have looked in various code, and I mostly see the latter. But in the stunnel code, I see them doing
ENGINE* e =
Title: SSL_read()
I have a question about SSL_read(). Am I correct in my understanding that SSL_read() will not read from the socket as long as there is data in the ssl buffers available for processing? And if there is data in the ssl buffer but it cannot be processed because we don't have a
is complete and SSL_read() can succeed.
it speaks to what you are inquiring about
Edward Chan wrote:
I have a question about SSL_read(). Am I correct in my
understanding
that SSL_read() will not read from the socket as long as
there is data
in the ssl buffers available
Title: Support for CryptoSwift PCI cards
I was told that the CryptoSwift card from SafeNet is no longer being marketed and has been replaced with something called Luna PCI. Does OpenSSL 0.9.7d support this card? And if so, do you use the same engine string as used for the CryptoSwift card?
Title: Question about bio pairs
I know it's been talked about many times before, and I've read thru the archives, but I still don't quite get it. If I want to use I/O completion ports on Windows, I can perform the I/O as I normally would. But after reading the encrypted data off the socket, I
Title: Using CryptoAPI to verify a cert
Does anybody know how to use the Microsoft Crypto API's to verify a cert. Given an X509 object, I've created a CERT_CONTEXT using the Crypto API, CertCreateCertificateContext(). And I've got a handle to the Windows certificate store, using
And do what length is it truncated? Thanks.
Ed
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nils Larsch
Sent: Saturday, March 05, 2005 1:48 AM
To: openssl-users@openssl.org
Subject: Re: What does the subject name's hash mean?
Edward Chan
Ah, cool. Thanks!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nils Larsch
Sent: Saturday, March 05, 2005 11:10 AM
To: openssl-users@openssl.org
Subject: Re: What does the subject name's hash mean?
Edward Chan wrote:
And do what length
verification
Edward Chan wrote:
I've been trying to follow the examples in Network Security with
OpenSSL. But I just don't get it. I know, I'm an idiot. Can
somebody point me in the right direction with the
appropriate API's to
use for doing the following:
I have a digital
, 2005 1:09 PM
To: openssl-users@openssl.org
Subject: Re: Does anybody know where certs are installed on Windows?
On Thu, Mar 03, 2005, Edward Chan wrote:
Is there a Win32 API or something that can tell me where certs get
installed on Windows?
They are installed in the registry
.
The file would contain one or more CA public keys and the
directory is ca public keys with the name of the file being a
hash of the ca name with a .0 extension.
Darya
-Original Message-
From: Edward Chan [mailto:[EMAIL PROTECTED]
Sent: Friday, March 04, 2005 11:23 AM
To: openssl-users
as it goes. The rest is
up to you.
Jim
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edward Chan
Sent: Friday, March 04, 2005 2:58 PM
To: openssl-users@openssl.org
Subject: RE: Does anybody know where certs are installed on Windows?
I understand
@openssl.org
Subject: Re: Does anybody know where certs are installed on Windows?
Edward Chan wrote:
I understand the usage of the API. What I mean is, how do you know
what directory or file to specify, if this is not easily known? Dr.
Henson said that the certs are stored in the Windows
Title: What does the subject name's hash mean?
Sorry for all the questions today. But I'm looking at the SSL_CTX_load_verify_locations() API and the 3rd arg. This specifies, The name of a directory containing CA certificates. Each file in the directory must contain only a single CA
Title: Does anybody know where certs are installed on Windows?
Is there a Win32 API or something that can tell me where certs get installed on Windows?
Thanks,
Ed
Title: Questions about digital signatures
Below is code that I got from the Network Security with OpenSSL book to sign a piece of data using a certificate generated and signed by a CA I created (error checking left out). It seems to work. But I'm curious about what sort of information goes
Title: Questions about cert verification
I've been trying to follow the examples in Network Security with OpenSSL. But I just don't get it. I know, I'm an idiot. Can somebody point me in the right direction with the appropriate API's to use for doing the following:
I have a digital signature
Title: Using SSL_read with Windows Overlapped I/O
Can somebody describe how, if possible, to use OpenSSL with Windows overlapped I/O?
Title: Using SSL_read with Windows Overlapped I/O
Nevermind, I found some info in the acrhives. Again,
I should have looked before I posted.My
apologies.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edward
ChanSent: Sunday, February 13, 2005 12:22 AMTo:
I was also having some problems with SSL_read() and SSL_write(). My
application does read and write from different threads. My problems seem to
have gone away after reading David's comment that 2 threads can't be reading
and writing at the same time on the same SSL connection. So I've added a
Title: PEM_write_DSA_PUBKEY
I'm trying to write the public/private keys to a PEM file. I'm using the book Network Security with OpenSSL as a reference which says I need to use PEM_write_DSA_PUBKEY, but I can't find this anywhere in the openssl source. I'm using 0.9.7d. I see
Title: Cryptographic accelerators
Hi there,
Of the accelerator's that OpenSSL supports, which are the more popular? And what are people's experiences with these cards?
I want to get 1 or 2 to test with and was wondering which ones you would recommend to get.
Thanks,
Ed
Title: SSL_read SSL_write and retry
Hi there,
I've been trying to figure out the correct way to use SSL_read and SSL_write with retry and auto retry mode, etc. I'm a little confused. I've got a program that uses blocking sockets, and select (I only use select to check for readability of
My understanding is that SSL_read is similar to the regular read() call in
its semantics. That means the m_length arg you supplied is the max number
of bytes to read (so this obviously should be = size of the buffer
supplied). It will read what ever is available, up to a max of m_length.
So if
on Windows
Edward Chan wrote:
Hi there,
Just wondering what people typically use to seed the PRNG
on Windows.
On linux, there is /dev/random. But there is no such device for
Windows. I've heard of EGADS, but when I installed the
EGADS service,
I found it to be a huge memory
Great. Thanks for the info.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Bernhard Froehlich
Sent: Monday, January 31, 2005 11:39 PM
To: openssl-users@openssl.org
Subject: Re: Seed PRNG on Windows
Edward Chan wrote:
Thanks. I guess I
Title: Seed PRNG on Windows
Hi there,
Just wondering what people typically use to seed the PRNG on Windows. On linux, there is /dev/random. But there is no such device for Windows. I've heard of EGADS, but when I installed the EGADS service, I found it to be a huge memory hog. Are there any
Title: Does anyone use egads?
Hi there,
Just wondering if anyone uses Entropy Gathering And Distribution System (EGADS)? I'm using it on Windows. But I just noticed, it is a HUGE memory hog. Just starting up the egads service, it immediately takes up almost 150Mb of RAM.
Does that sound
error
Use the openssl x509 -dates option to view the actual dates
in the certificate.
Also check your system clock.
On Sep 7, 2004, at 5:09 PM, Edward Chan wrote:
Hi there,
I had created a certificate to test with using OpenSSL. It is
supposed to expire in Aug. 2005. I have been
Title: Certificate expired error
Hi there,
I had created a certificate to test with using OpenSSL. It is supposed to expire in Aug. 2005. I have been using it for the past few weeks. Then all of a sudden, I'm getting sslv3 alert certificate expired from SSL_accept().
What's going on?
Title: Few general questions
Is it possible to do gather writes with OpenSSL? For example, instead of SSL_write(), is there something like SSL_writev()?
When doing SSL_read(), the bytes read have already been unencrypted. Is there a way to figure out how much data was read before decrypting?
1 - 100 of 125 matches
Mail list logo