Jim Fox schrieb:
Is it possible to have one (self-signed) SSL certificate for a server
that is known as foo.bar.org (internal LAN name) and bar.org (FQDN on
the Internet)? A wildcard certificate doesn't seem to be a solution
since it seems to be a subdomain only solution.
Include all
In the doc of SSL_CTX_set_cert_store I only found the hint, that the doc
of the X509_STORE object are not ready. But I will connect my own to
OpenSSL. When will be the doc of the X509_STORE object ready, so that I
can continue my library?
Thanks
Frank
smime.p7s
Description: S/MIME Cryptographic
Hello, I am working on my own cert storage.
At the part to feed OpenSSL with the cert's I have the problem that
PEM_read_bio_X509 returns every time NULL.
Here the code that I have used:
BIO *buffer = BIO_new(BIO_s_mem());
X509 *cert;
QByteArray data;
Sorry I have found my error.
I have written the cert in the wrong format into my cert storage.
The code I have posted work's correct.
I thing it was to late yesterday.:(
Thanks.
smime.p7s
Description: S/MIME Cryptographic Signature
[EMAIL PROTECTED] schrieb:
Hello,
The following URL gives information about x509 certificate management.
http://www.columbia.edu/~ariel/ssleay/x509_certs.html
Regards,
Thanks this look very good.
smime.p7s
Description: S/MIME Cryptographic Signature
Hello again my app run fine on windows, but crash on Linux at the call
of EVP_DigestInit_ex(Hash,EVP_sha256(),NULL)
any special on Linux?
gdb tell me:
#0 0x4124a26d in engine_unlocked_finish () from /lib/libcrypto.so.6
#1 0x4124a3bb in ENGINE_finish () from /lib/libcrypto.so.6
#2 0x4125febe in
Some news about the crash.
On Windows this code will work:
EVP_MD_CTX Hash;
EVP_DigestInit_ex(Hash,EVP_sha256(),NULL);
On Linux it be this to work:
EVP_MD_CTX Hash;
EVP_MD_CTX_init(Hash);
EVP_DigestInit_ex(Hash,EVP_sha256(),NULL);
Why must I call EVP_MD_CTX_init(Hash) only under Linux???
Kaushalye Kapuruge schrieb:
All you have to do is to declare an EVP_CIPHER_CTX.
See the example code.
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(ctx);
EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, key, iv);
See the manual page for more information.
Now it work. I have forgotten to initialize the pointer:(
I think I was blind because of the hundreds of code lines.
smime.p7s
Description: S/MIME Cryptographic Signature
Hello, when I call EVP_CIPHER_CTX_init() in my application it crash.
Must I call anything before?
Thanks,
Frank
smime.p7s
Description: S/MIME Cryptographic Signature
Hello, I want to implement my own certificate storage.
But I can't find information about the OpenSSL X509 and the X509_STORE
object. But this is need to feed OpenSSL with the certs and key's of
my Certificate storage.
Have anybody some documentatoion about these object's?
Thanks.
smime.p7s
Marek Marcola schrieb:
Hello,
When I call BIO_free() in my app after clean-up the SSL object the app
will crash:(
Any ideas?
If you use SSL_free() then read/write BIOs (created indirectly or
set by SSL_set_bio()) are freed. So if you call BIO_free() on such
BIO after SSL_free() then you
When I call BIO_free() in my app after clean-up the SSL object the app
will crash:(
Any ideas?
Frank
smime.p7s
Description: S/MIME Cryptographic Signature
Hello, knows anyone the letter codes of the function SSL_state_string()?
The the doc I only can read:
RETURN VALUES
Detailed description of possible states to be included later. :(
Thanks
Frank
smime.p7s
Description: S/MIME Cryptographic Signature
Nils Larsch schrieb:
Frank Büttner wrote:
Hello, knows anyone the letter codes of the function SSL_state_string()?
The the doc I only can read:
RETURN VALUES
Detailed description of possible states to be included later. :(
try SSL_state_string_long() for a more detailed description
Nils Larsch schrieb:
Frank Büttner wrote:
So now I think it is an bug in the version 0.9.8b. Because with lib
0.9.8a it will not happened. Can some one verify it?
I've just tested openssl ciphers trash with openssl 0.9.8a, 0.9.8b
and the cvs version (openssl ciphers calls
Hello, I have an problem with the SSL_set_cipher_list() function, I send
trash to it and it returns 1.
Sample:
SSL_set_cipher_list(ptrSSL,trash);
But in the SSL doc is written that it returns only 1 when if any cipher
could be selected.
smime.p7s
Description: S/MIME Cryptographic Signature
Some news.
It only happens on Windows(0.9.8b) on Linux(0.9.8a) it works.:(
smime.p7s
Description: S/MIME Cryptographic Signature
So now I think it is an bug in the version 0.9.8b. Because with lib
0.9.8a it will not happened. Can some one verify it?
smime.p7s
Description: S/MIME Cryptographic Signature
David Schwartz schrieb:
I have try this, but it fails, because the is no way to find out when
the write buffer BIO has data that must send. I have try it with the
callback function. But this will not work, because the function must be
static. And than I can not acces the network object form
Now it will work better.
The problem was to that all must be event trigger.
Thanks a lot. Next I must add some error handling:)
Frank
smime.p7s
Description: S/MIME Cryptographic Signature
Richard Koenning schrieb:
Frank Büttner wrote:
Non blocking is not possible because Qt returns only an non blocking fd.
What is the problem?
What do you mean with the select() function. In the openSSL doc I can't
David Schwartz schrieb:
The only signals that I have is readyRead() (emit when I can read data
form socked) and bytesWritten() (emit when data was written to the
socked). I seen that OpenSSL will only have data for read when an Record
was complete transmitted. How can I find out the size of an
Krishna M Singh schrieb:
Not sure whether it failed with bio.. But for non-blocking sockets u
must use the select call else it would be too complex to handle the
sockets.. Have u tried that..?
I can't use the select() call, because I only have an fd for the socket.
But no direct connection
Krishna M Singh schrieb:
Hi Frank
Don't know anything about Qt socket system but I feel there must be
some other API in place of select in that. Non-blocking sockets cant'
be handled without select easily and efficiently..
Its very crude way but u can sort of implement select functionality
David Schwartz schrieb:
So I found out that SSL don't take teh data from the socket:(
The Qt buffer will grow and grow, but SSL don't read the data:(
If you use bio pairs, SSL doesn't have to touch the network at all ever. You
can read and write data to and from the network and to and from
Richard Koenning schrieb:
Frank Büttner wrote:
So I found out that SSL don't take teh data from the socket:(
The Qt buffer will grow and grow, but SSL don't read the data:(
It seems to me that you have an architecture problem. As i understand
your descriptions you have OpenSSL and Qt
Non blocking is not possible because Qt returns only an non blocking fd.
What do you mean with the select() function. In the openSSL doc I can't
found something like that.
smime.p7s
Description: S/MIME Cryptographic Signature
Krishna M Singh schrieb:
Hi
In non-blocking mode, for client we call
SSL_connect
In case SSL_connect returns -1 with SSL_ERROR_WANT_READ u need to wait
in Select and once the sock fd is readable, u again need to all
SSL_connect till the SSL_connect returns success or some other error
David Schwartz schrieb:
So call it after. This is not an error but an indication, similar to
EWOULDBLOCK. It is telling you that the operation cannot complete without
blocking and you asked it not to block, so it can't complete now.
When I then call SSL_read I will get the same error:(
Krishna M Singh schrieb:
Hi
You need to call SSL_Connect (if client) or SSL_accept( if server) and
not the SSL_read.. SSL_Connection or ssl_accept internally performs
that..
If u do SSL_read before SSL handshake completion, the SSL connection
can't be established..
HTH
-Krishna
Krishna M Singh schrieb:
Hi
This is not an issue. U are using a non-blocking socket and thus u
need to have a select call and put this socket on readable list and
call SSL_read whenever this sockets becomes readable..
Other way round, make ur socket fd non-blocking (ioctl call) and than
it
Hello, I try to set up an SSL connection, but it fails when I call
SSL_connect() with SSL_ERROR_WANT_READ.
I have written it it is show in the openSSL doc.
To test it I run
openssl s_server -accept 1234 -cert server.pem -state
In my sample app I call
SSL_CTX* K_OpenSSLVerbindung;
SSL*
I know that that work. But then the lib is slower.
smime.p7s
Description: S/MIME Cryptographic Signature
Yes now all is ok.
Thanks
smime.p7s
Description: S/MIME Cryptographic Signature
The first error about the deprecated option still exists in 0.9.8b and
the build error also. Are there plains to fix this to problems?
smime.p7s
Description: S/MIME Cryptographic Signature
This patch will not fix it. But I will build one and send to the list.
smime.p7s
Description: S/MIME Cryptographic Signature
Since 0.9.8 the generated make file is wrong.
The dependency to x86cpuid.o for libcrypt is mising.
The second is that the deprecated -mcpu= option is used by gcc
smime.p7s
Description: S/MIME Cryptographic Signature
To fix the error with the deprecated option
change in the file
util\pl\Mingw32.pl
in line
{ $cflags=-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486
-Wall; }
to
{ $cflags=-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -march=i486
-Wall; }
smime.p7s
Description: S/MIME Cryptographic
No I only use mingw without MSYS because other lib's that I mus use can
not run with MSYS.(The Qt lib).
In the INSTALL.W32 file of the package it call's
GNU C (MinGW)
-
ms\mingw32
but this have to Bug's the first is simple to fix with the line change.
But the second is harder, I
That is the problem when I use MSYS I can't compile apps using Qt
because Qt can only be used with mingw and without MSYS.
and 0.9.7 works with mingw only.
smime.p7s
Description: S/MIME Cryptographic Signature
41 matches
Mail list logo