Hello All, I am working with OpenSSL 0.9.7i on HPUX. I have a configure script which performs the following operations 1. Starts the prngd rc script # /sbin/init.d/prngd.rc start 2. Creates self signed certificate # /opt/openssl/bin/openssl req -new -x509 -out /opt/openssl/certs/host.
Hello All, Is both the static and shared crypto libraries FIPS compliant. 0.9.7e=The static crypto library is fips compliant.The integrity of libcrypto.a is checked using its HMAC-SHA1 fingerprint libcrypto.a.sha1 There is no checking for shared library libcrypto.so 0.9.7j-dev==
Hello All,I am using the OpenSSL 0.9.7j-fips-dev on HPUXI built the above version by enabling the fips optionI have a 512 bit rsa key in a file rsakey.pem # cat rsakey.pem-BEGIN RSA PRIVATE KEY-MIIBPAIBAAJBAJvyW3C7htCJYQ2sjXM1r4EgOc5uQFN6N62UstEn+8A8+YShdQ2wFcM7gRKNmTAtizyFP1i8sHO6YGEgkiA8
Hello All, I am using OpenSSL 0.9.7e with fips configure option. I edited one of the fips source files and tried to build OpenSSL and I got the error"Your source code does not match the FIPS validated source." This error can be overcome as follows i. Edit the fips source files.ii. Gener
Hello All, I came to know that OpenSSL is in its final stage of getting FIPS certification. http://trends.newsforge.com/trends/06/01/23/0429219.shtml Congrats to all the developers and contributors from the OpenSource community for making this happen. I have a couple of question in this
Hello All, I am working on HP-UX and using OpenSSL 0.9.7i I used the speed command to measure the performance of the crypto graphic algorithms I compared the results with that of 0.9.7e For rc4 the performance has increased around 3 times. 0.9.7e : rc4(16 byte block) : 62718.04k (kb processed pe
Hi,
I have relevant question in this regard
I have set the value of commonName_max = 5 in openssl.cnf
Generate self signed certificate using -subj option# openssl req -x509 -out cacert.pem -new -keyout cakey.pem -subj /C=INN/ST=TamilNadu/L=CBE/O=test/CN=xx -nodes
Successful
Here the c
Hello Josh,
The problem I suspect is AES_cbc_encrypt function is defined in aes_cbc.c and that is not compiled and added to the libcrypto library.
You can either edit the openssl-0.9.8a/Makefile
Line 92:
Before : AES_ASM_OBJ= aes-ia64.o
After : AES_ASM_OBJ= aes_core.o aes_cbc.o aes-ia64.o
Hello Bob
The problem is that your private key does not match the certificate.
Though you specified the password correctly,the key specified using the -inkey optiondoes not match the certificate specified using the -in option.
I think you have specified the opposite values for -in and -certf
Hello All,
I am using OpenSSL 0.9.8.
I created a self signed certificate using # openssl req -x509 -out cacert.pem -new -keyout cacert.pem -days 365 -nodes -subj /C=US/ST=California/L=Cupertino/O=test/CN=ca
I tried to setup the CA using# echo "cacert.pem"|perl /opt/openssl/misc/CA.pl -newca
Hello all,
I have a few clarifications regarding OpenSSL 0.9.8's compatibility
1. Is OpenSSL 0.9.8 compatible with 0.9.7 (i.e) will all the existing applicationswritten for 0.9.7 will continue to work with 0.9.8 without any source code changes ?
2. Does 0.9.8 have all the functionality of 0
Hello Rajeshwar ,
let cacert.pem be your CA certificatelet ksbcert.pem and ksbkey.pem be your certificate and private/public key pair
To verify you certificate #openssl verify -CAfile cacert.pem ksbcert.pem
To verify the consistency of your private key#openssl rsa -in ksbkey.pem -check
-- P
Hi
The index.txt is an ascii file consisting of four fields
eg ) V 051213070133Z B3500880020644B6 unknown /C=IN/ST=TamilNadu/O=cbe/CN=test
where:
V - Certificate is Valid (R for revoked certificates ) 051213070133Z - Date upto which the certificate
Hi,
I would suggest you two solutions
Solution 1 :
Create a symbolic link in the system directory for libcrypto.so and libssl.so
ln -s /usr/local/openssl-0.9.7g/lib/libcrypto.so /usr/lib/libcrypto.soln -s /usr/local/openssl-0.9.7g/lib/libssl.so /usr/lib/libssl.so
Solution 2
Specify a embedde
Hi,
The -Vafile option is used for explicitly trusting the responder certificate of the ocsp serverSo if you omit this option you will get the "unable to get local issuer certificate" error.
To get this command workingopenssl ocsp -url http://ocsp.verisign.com:8080 -issuer ROOT_CA.pem -VAfile OCS
Hi,
While creating self signed certificates and certificate requests use -subj to specify the the subject name and -nodes for not prompting for password (private key will not be encrypted)
If you want the password to be encrypted generate the rsakey using genrsa command with -passout option and u
brary and i have to put thesource directory?thanksignacioOn 8/17/05, prakash babu <[EMAIL PROTECTED]>wrote:> Hi Ignacio , > > I think that the problem is that your are not linking the appropriate> libraries.> > Try the following steps > # ./config zlib> # gmake>
ssl library,to compile it i do: gcc -o master master.c -lssl -lcrypto -lpthread(same as you do it)i've compiled the library configurating using "./config zlib" thelibrary is compiled with this parameter...thanks prakash,ignacioOn 8/16/05, prakash babu <[EMAIL PROTECTED]>wrote:
Hello Ignacio,
I tried the program you attached and it seems to work fine .
#include #include int main(){COMP_METHOD *comp_method;comp_method = COMP_zlib();if(comp_method != NULL) { printf("compression name: %s\n", (comp_method->name !=NULL? comp_met
Hello Robert,
I think the problem is with your Pseudo Random Number Generator and not OpenSSL 0.9.8
i. Check if you system has the /dev/random or /dev/urandom ii. If /dev/random and /dev/urandom are not present then make sure prngd is running iii. If your answer is yes to question i or ii then
Hello Dave,
Try setting your environment variable HOME since the seed file will be written to the file $HOME/.rnd or set the variable RANDFILE in the openssl.cnf file to an existing location.
Thanks,
Prakash Dave Peterson <[EMAIL PROTECTED]> wrote:
I hope this isn't a repeat of a
BIO_printf(bio_err,"%s is too long, it needs to be less than %d bytes
long\n",longname,n_max);
goto
error;
}
// ---
//
2137
if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i],
-1,-1,mval[i]))
2138
goto error;
2139
}
Thanks,
Prakash Babu
Start your day with Yahoo! - make it your home page
-
//
2137
if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i],
-1,-1,mval[i]))
2138
goto error;
2139
}
Thanks,
Prakash Babu
Start your day with Yahoo! - make it your home page
Hello Nils,
The configure option you suggested works fine for Linux.
For HPUX it did not work. It worked only after adding -DENGINE_DYNAMIC_SUPPORT to the configure option.
Thanks,
PrakashNils Larsch <[EMAIL PROTECTED]> wrote:
prakash babu wrote:> Hello All,>
Hello All,
I am using OpenSSL version 0.9.8 beta. I built this version successfully in
HPUX.
While using the engine command I am able to load all the
engines except libgmp.so
1. openssl engine - dynamic -pre
SO_PATH:/usr/lib/engines/lib4758_cca.so -pre LOAD(dynamic) Dy
Hello All,
I find some unreachable codes in OpenSSL 0.9.7f . Their details are
as follows.
File:pk7_lib.cLine:
187break;p7->d.signed_and_enveloped->enc_data->content_type
=OBJ_nid2obj(NID_pkcs7_data); break;
File : evp_enc.cLine : 250
default: return 0; break;
Hello All,
I find some unreachable codes in OpenSSL 0.9.7f . Their details are
as follows.
File Name
Line No
Code Snippet
pk7_lib.c
187
break;p7->d.signed_and_enveloped->enc_data->content_type
= OBJ_nid2obj(NID_pkcs7_da
Hello All,
In the change log of OpenSSL 0.9.7f . I see the following line
Prompt
for pass phrases when appropriate for PKCS12 input format
Can someone explain what it exactly means ?
Is
there any test that I can run inorder to see the
Hello All,
i. The following program prints the hexadecimal and
decimal encoding of a big number
***#include
#include int main() { RSA
*public; unsigned int bits, len; char *buf, *uu;
unsigned char *blob; public = RSA_generate_key(1024
Hello All,
I
am working on an IPF(Itanium Processor Family) HPUX machine. Using the configure
option
hpux-ia64-cc would be the appropriate configure option while
building OpenSSL in this platform.
But I
have problems with OpenSSH authentication when I use this
Hello All,
I
am working on an IPF(Itanium Processor Family) HPUX machine. Using the configure
option
hpux-ia64-cc would be the appropriate configure option while
building OpenSSL in this platform.
But I
have problems with OpennSSH authentication when I use thi
Hello All,
I
am working on an IPF(Itanium Processor Family) HPUX machine. Using the configure
option
hpux-ia64-cc would be the appropriate configure option while
building OpenSSL in this platform.
But I
have problems with OpennSSH authentication when I use this
Hello All,
I
am working on an IPF(Itanium Processor Family) HPUX machine. Using the configure
option
hpux-ia64-cc would be the appropriate configure option while
building OpenSSL in this platform.
But I
have problems with OpennSSH authentication when I use this
Hello All,
i. OpenSSL 0.9.7e supports FIPS-140.
ii. OpenSSL contains the FIPS 140 specific
cryptographic API and algorithm implementations only for low level algorithms
(RSA, AES, 3DES, DSA, SHA-1) in the fips
subdirectory.
iii. When we build OpenSSL with FIPS support the
FIPS implem
Hello all,
1.
When we enable fips in our configure option,will only the FIPS supported
algorithms like (aes, des, dh, dsa, rsa, sha1) get added to crypto library
or
whether all
ciphers get added to the crypto
library.?
2. If the answer to
questi
Hello All,
The following is a snippet from the code that creates a
crl.
*
for (i=0; idb->data);
i++)
{
pp=(char **)sk_value(db->db->data,i)
Hello all,
I run a SSL server that does CRL verification
for the client
certificates. **
Load CRL and CA
file
//X509_LOOKUP_load_file();
for(;
;)
{
Hello
Steve,
Thanks for your reply but a few doubts still
exist,
> 1. Suppose we request for
the revocation status of many certificates in a
> single request >
> eg
(openssl verify -crl_check -CAfile demoCA/crl/chain cert1 cert2
Hello Steve,
Thanks for your explanation. It
was very informative,
In OpenSSL 0.9.7e while
doing the CRL checking, the following steps are
performed a. Caching the original CRL list
into cache b. Sorting the CRL
list. c. Searching the given certificate in the
sorted CRL
Hello all,
There has
been a tremendous performance during CRL check between 0.9.7d and
0.9.7e
I measured the time
for checking the crl with 1,00,000 entries using the following
command
time openssl
verify -crl_check -CAfile $ssl_crl_dir/
Hello Developers,
The prime option that has been added
to openssl 0.9.7e core dumps when no argument is given.
eg) openssl prime Memory
fault(coredump)
The reason for
this is BN_dec2bn in apps/prime.c
function returns a null structure when no argument is passed.We we
Hello all,
In 0.9.7d the serial number file is created as follows
1. Create a certificate request
Hello Developers,
In OpenSSL 0.9.7e links(libfips.sl,libfips.sl.0) for the new library libfips.sl.0.9.7 is created in the lib directory during gmake install. lrwxrwxrwx 1 root sys 12 Oct 30 10:18 libfips.sl -> libfips.sl.0 lrwxrwxrwx 1 root sys
Hello All, I get 3 core dump errors while using the openssl command line tool. Error 1:1) I generated a self signed certificate using the following commandopenssl req -x509 -out ca_cert.pem -new -keyout cacert_priv_key.pem -subj /C=US/ST=California/L=Cupertino/O=test/CN=myname -nodes 2)I
n key exchange does not authenticate the participants
Reference:
http://www.hack.gr/users/dij/crypto/overview/diffie.html
regards,
Prakash Babu
www.visolve.com
Olia Kerzhner <[EMAIL PROTECTED]> wrote:
Hi all,I have a question about DH parameters. From what Iunderstand, they can either b
45 matches
Mail list logo