;, "SHA256", it shows "unknown
message digest"
Tried to do doc and google search, couldn't find the list of valid strings.
Can someone please help me with this ?
Thanks & Regards,
Nayna Jain
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi all,
I am programmatically generating the self signed certificate and need to
specify the Not Before and Not After date,
Wanted to understand what all formats are acceptable by this API ?
Also, similarly while using API , what exactly is the time format
expected by
the private key with which certificate was signed, or
the public key which this certificate signs.
Sorry, I think I am still bit not clear on purpose of the API.
Thanks Regards,
Nayna Jain
From: Viktor Dukhovni openssl-us...@dukhovni.org
To: openssl-users@openssl.org, openssl-...@openssl.org
Thanks Victor,
I want to match the certificate with the private key for whose public key
that certificate is provided.
If this verifies who signed the certificate, then how do I verify whether
the certificate provided is for the private key which was generated,
Thanks Regards,
Nayna Jain
Hi,
I am trying to verify X509 certificate against two private keys such that
atleast one of them it should match.
I used the API as
X509_verify(x509, pkey) where pkey is of EVP_PKEY type
However, for one of the private key it is failing with error block type is
not 01// And this key is
Hi,
Thanks Victor, I am going to try these..
I have similar concern for private key.
If I have a pem file with private key in that, how do I check if that is
RSA/DSA ?
Thanks Regards,
Nayna Jain
From: Viktor Dukhovni openssl-us...@dukhovni.org
To: openssl-users@openssl.org, openssl
Thanks to you all,
So, I understand that when I am adding cert to the store, I should
explicilty increment the count using CRYPTO_add, so that when I
X509_STORE_free(), it doesn't delete my cert. This should be enough.
Thanks Regards,
Nayna Jain
From: Thulasi Goriparthi thulasi.goripar
Hi all,
I am using X509_STORE and X509_LOOKUP to verify the certificate and its
chain.
But at the end when I do X509_STORE_free(store) and X509_LOOKUP_free
(lookup), it is also doing free of the X509* certificate which I added.
But I don't want that, because after that when I immediately try
Thanks Jacob,
So, does that API do not increment reference count internally itself.
I mean if I have to explicitly do that, what is the API for that ?
Thanks Regards,
Nayna Jain
From: Jakob Bohm jb-open...@wisemo.com
To: openssl-users@openssl.org
Date: 06/10/2015 09:49 AM
Subject
PEM APIs. or there are DER specific APIs also, I
didn't find though, unless they are d2i_xxx types.
Thanks Regards,
Nayna Jain
From: Viktor Dukhovni openssl-us...@dukhovni.org
To: openssl-users@openssl.org
Date: 06/09/2015 10:34 AM
Subject:Re: [openssl-users] Is there openssl
Hi,
I need to verify if the certifiate I have received is having its content in
PEM/DER format.
Is there any API which if given file pointer like (fp) will tell me whether
it has valid format of certificate and if yes then whether it is PEM/DER
format ?
If no API, then what is the other way to
that it is showing only 2048. Can someone help me to
explain this ?
Is there also an option to set the key length manually and check if it will
negotiate that. ?
Thanks Regards,
Nayna Jain
From: Jakob Bohm jb-open...@wisemo.com
To: openssl-users@openssl.org
Date: 05/25/2015 06:02 AM
Subject
Hi,
With the latest logjam attack, as I was trying to verify if my server
(lighttpd) accepts DHE_xxx ciphers, I saw that it accepted and I didn't
do any configuration setting done for DH parameters explicitly.
But I couldn't verify what is the key length did it use by default
512/1024/2048 ?
Hi,
I have a privatekey file written using the call PEM_write_bio_RSAPrivateKey
(...)
The file write operation has been successful.
However, when i am trying to read it via calls PEM_read_bio_PrivateKey(..)
or PEM_read_bio_RSAPrivateKey(..) , it is always returning NULL.
There is no encryption
Is there any other way to store private key and public key rather than in
PEM format in file ?
I mean API to store public and private key separately in memory.
Thanks Regards,
Nayna Jain
From: Matt Caswell m...@openssl.org
To: openssl-users@openssl.org
Date: 04/28/2015 08:29 PM
,
Nayna Jain
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
couldn't get much information.
Since the error seems to be too much code level, sending it to openssl dev
group also, along with openssl users group.
Thanks Regards,
Nayna Jain
__
OpenSSL Project
Hi,
It takes some time for my server to respond to openssl s_client connection
request.
However, openssl s_client timesout before the response.
Is there some way to give a timeout argument to s_client command for
waiting for response ?
Thanks Regards,
Nayna Jain
is loaded by default ?
Thanks Regards,
Nayna Jain
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
,
Nayna Jain
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
this error. earliar I was getting Digest
to big in size for rsa
Can someone please explain this ?
Thanks Regards,
Nayna Jain
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
by:owner-openssl-us...@openssl.org
On Wed, Feb 27, 2013 at 11:18:19PM +0530, Nayna Jain wrote:
I had asked few questions related to SSLv23_xxx_method API to understand
its internals.
http://stackoverflow.com/questions/3938824/what-books-will-help-me-learn-everything-i-can-about-ssl-pki
?
If possible, also if someone can explain that how SSLv23 is able to
handshake with both TLSv1_2 related APIs as well as SSLv3 related APIs.
Thanks Regards,
Nayna Jain
__
OpenSSL Project http
. This
might be required to maintain the compatibility issues.
My understanding is that this error happens on client side, when it
tries to sign the CertificateVerify message, where digest output comes
too big for RSA to encrypt. Let me know if this is correct.
Thanks Regards,
Nayna Jain
. Or is it some other
command for this configuration.
Thanks Regards,
Nayna Jain
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
Hi,
I want to analyze the actual SSL handshake happening over the wire.
Does anyone know a good open source analyzer tool for Windows ?
Thanks Regards,
Nayna Jain
__
OpenSSL Project http
I have been trying that. it shows handshake for TLSv1 for some sites and
not for others.
I might be using it wrong.. but am not also sure if it supports analyzing
https by default..
Have you tried it ?
Thanks Regards,
Nayna Jain
From: Santhosh Kokala santhosh.kok...@riverbed.com
Hi Jeffrey,
Thanks for clarification.
I have one question in this. What did you mean by Suite B Algorithms ?
Secondly, the ciphers which you mentioned are available in Standard openssl
package, or for that we need to have FIPS 140-2 module linked ?
Thanks Regards,
Nayna Jain
Nexus Tools
Hi,
I want to use FIPS compliant algorithms and keys. For that I understand, I
need to have Openssl FIPS object library along with default openssl.
However, I am not understanding how to install them. My questions are :
1. Both are tar.gz. Should I run ./Configure, make and make install for
correct algos /keys from
standard openssl lib ( without FIPS lib) to satisfy NIST SP 800-131 A
requirements ?
Thanks Regards,
Nayna Jain
From: Jeffrey Walton noloa...@gmail.com
To: openssl-users@openssl.org
Date: 01/10/2013 04:01 PM
Subject:Re: How to link openssl FIPS 140-2 object
30 matches
Mail list logo