Hi,
U can loop through every PKCS7_RECIP_INFO object in
P7-d.enveloped-recipientinfo stack and print the issuer and serial like:
X509_NAME_print(bio, recp_info-issuer_and_serial-issuer, )
i2a_ASN1_INTEGER(bio, recp_info-issuer_and_serial-serial, .)
Hadmut Danisch wrote:
Hi,
a
Hi all,
This is a general crypto question and I hope someone could help me out.
Often we use RSA of 512, 1024, 2048, 4096, etc. bit lengths. Are other
sizes such as 520/1045 bit valid? Mathematically, it should work, but
are there reasons why odd sizes are not to be used?
A local certification authority has issued a cert and the public is as
below (parsed with openssl) :
-
Modulus (1023 bit):
5d:10:63:d3:d8:00:2a:50:ab:65:8a:f0:92:83:b0:
6a:39:e3:0c:38:aa:f5:32:23:71:25:8e:4a:8d:50:
fd:80:a3:95:59:33:27:92:88:d0:1d:28:dd:05:7c:
the number of bits.
To answer our second question: A real 1024-bit-key must have at least 1017
bit, so it consits of 128 byte (= 1024 bit) with 7 leading zeros.
Regards
Thomas Beckmann
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Auftrag von Tan Eng Ten
Gesendet
, NULL, NULL);
-Tan Eng Ten
James Whitwell wrote:
Hi,
Can anyone tell me if it's possible to embed a client certificate inside
my executable, and what calls I should use to tell OpenSSL to use it? I
think I'll also need to do it for the CA, since we use self-signed
certificates, and I want
This is another example of the problem I highlighted a few days ago. You
need to be very careful with which getter methods return a new instance
(or inc the ref count), and which ones do not.
Definitely not a bug but a matter of consistency.
Nils Larsch wrote:
Alexandre Belloni wrote:
Hi,
to do a *_free on the
returned object.
Is there a general guideline on which getter methods return new
instances (or inc ref), and which do not?
Tan Eng Ten
__
OpenSSL Project http://www.openssl.org
Hi,
You may be in for some luck, the FAQ says ...OpenSSL ASN1 decoders can
process BER.
Give it a try and see if OpenSSL is able to decode what your HSM
exports. No guarantees and don't quote me.
Lincoln wrote:
Hello all,
Does OpenSSL have a routine to convert BER encoded
blob into
Hi Rohan,
Why do you need if (!bio_err) at the start if program?
rohan shrivastava wrote:
Hello,
I have written a program in C C++, for testing OpenSSL.
The C program works fine, whereas in C++ I receive
segmentation fault error while executing SSL_CTX_use_certificate_file()
function.
Hi,
U could try:
BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE);
ASN1_TIME_print(bio, X509_get_notBefore(cert));
BIO_free(bio);
Tell me if it works.
Pj wrote:
Hi All,
How can I print localised, human readable certificate dates into a null
terminated string buffer?
';
fclose(fp);
}
_unlink(tmpFile);
free(tmpFile);
//
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tan Eng Ten
Sent: Thursday, 26 May 2005 10:30 AM
To: openssl-users
Before PKCS7_dataInit(), try adding:
PKCS7_content_new(thePKCS7, NID_pkcs7_data)
U might also want to explore PKCS7_set_detached() to see if this applies
for you.
-ET Tan
Luis Alberto Pérez Paz wrote:
Hi everybody,
I need your help, I'm trying to make a PKCS7 signedAndEnveloped.
I have read some
I'm no expert either, but could u show some code snippets on how u
handle threads and these 2 very important structures -- SSL and SSL_CTX.
I suspect that your threads might be re-initializing SSL_CTX. And when
that happens under heavy load, the problem you described might occur.
dan trainor
I think u get libcrypto.so and libssl.so instead
Manel Rodero wrote:
Hello,
I'm trying to compile OpenSSL 0.9.7f under Windows 2000 (using Cygwin) but I
don't know if I get all the files after the compilation process. For
example, I don't have libeay32.dll nor ssleay32.dll.
To setup the
need to compile OpenSSL with VC too?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tan Eng Ten
Sent: Wednesday, May 04, 2005 8:37 AM
To: openssl-users@openssl.org
Subject: Re: How to get SSL DLL's compiling from Cygwin?
I think u get libcrypto.so
Hi,
I need to set app data to an RSA object encapsulated in an EVP_PKEY, so
I did the following:
void set_app_data(EVP_PKEY *pkey)
{
...
rsa = EVP_PKEY_get1_RSA(pkey);
RSA_set_app_data(rsa, app_data);
RSA_free(rsa);
...
}
We shouldn't access
Start with certificates.txt and keys.txt in docs/HOWTO
Prashant Sodhiya wrote:
Hi All,
pls help in setting up PKI environment in unix.
i've downloaded openssl-0.9.7f configured /installed it.
Now how should i proceed...(configuring CA, generating certificates etc)
thnx in advance
Prashant
How abt adding decreasing the iterator (i--) in the if-block so it looks
like:
for(i=0; i num_crls; i++) {
crl = sk_X509_CRL_value(crl_stack, i);
.
X509_verify_CRL();
if (above check fails) {
sk_X509_CRL_delete(crl_stack, i)
i--;
}
}
Does it work for you?
ret must have been allocated prior DES_random_key(ret);
Angel Martinez Gonzalez wrote:
Hello:
I want to generate a symmetric key with DES. But I don´t know very well, how
do it.
I tried the following:
void GenerateKey()
{
DES_cblock *ret ;
RAND_screen();
printf(Staus of PRNG:
Thanks for highlighting this. I see that cmd's of type
ENGINE_CMD_FLAG_STRING, ENGINE_CMD_FLAG_NUMERIC and
ENGINE_CMD_FLAG_NO_INPUT could be expressed easily as strings ('EMPTY'
for ENGINE_CMD_FLAG_NO_INPUT) in the conf file, but how about
ENGINE_CMD_FLAG_INTERNAL? How do I express a function
into the ubsec engine codes for the
definitions.
-Tan Eng Ten
Edward Chan wrote:
Is it required to call ENGINE_init()?
Or is this sufficient
ENGINE* e = ENGINE_by_id(id);
ENGINE_set_default(e, ENGINE_METHOD_ALL);
I have looked in various code, and I mostly see the latter. But in
the stunnel code, I see
engine codes for the definitions.
-Tan Eng Ten
Edward Chan wrote:
Is it required to call ENGINE_init()?
Or is this sufficient
ENGINE* e = ENGINE_by_id(id);
ENGINE_set_default(e, ENGINE_METHOD_ALL);
I have looked in various code, and I mostly see the latter. But in the
stunnel code, I see them doing
why did you have to manually (or separately) compile the
/crypto/rsa/rsa_test.c? that should be done when you compile the entire
openssl package with nmake; and subsequently nmake test.
okay, maybe you decided to try it out on your own VC workspace. have you
included libeay32.lib and
try: gcc -Wall foo.c -o foo -lcrypto -lssl
[EMAIL PROTECTED] wrote:
Hi,
I tried to compile my program and ran into trouble. I am new to both: cygwin
and openssl, I don't know what I do wrong. Can someone please help me? I am
happy to provide any information needed.
I have installed the cygwin
Back to your original problem -- You said you were accessing the web
server by using IE, was that client machine in the same private network
(as the server)?
Have you tested accessing the web server from another client machine?
Maybe you should start looking from the client-end.
Vu Pham wrote:
Netscape on Solaris even shows You have
attempted to establish a connection with abc.mydomain.com. However the
security certificate presented belongs to abc.mydomain.com
Uhhh.. I'm clueless
__
OpenSSL Project
I think one of them is the default that came along with your OS. This is
to avoid conflict when user installs a different version of the lib
later on. Just my guess.
tj wrote:
I am condused, really a normal state for me :-). I have a slackware
install and it has libssl.so.0, but some apps
Hi,
remember the entire openssl is open-source? if you would like to know
how to code certain things the openssl command line utility can perform,
look right into its source codes in apps\
as for the enc/dec functions, look in the file apps\enc.c
i'm sure u can figure out from there
Brian
Maybe this is what you're actually looking for: www.matrixssl.com
Jon Bendtsen wrote:
i'm working on an embedded micro computer, and i would like to have a
webservice. However the data needs to be encrypted. I was thinking of
using SSL for that, but i only have 32K for everything. OS, tcp/ip,
Before seq no, there should be either the client MAC or server MAC
(depending on who you are).
Avinash Agarwal wrote:
Hello dragos,
I think you are referring to the problem with decrypting/encrypting
the TLS app data...I faced the problem but i was finally successful in
decrypting/encrypting
Look at the Appendix -- Sample Code in http://www.ietf.org/rfc/rfc2104.txt
Avinash Agarwal wrote:
Hello all,
I'm trying to figure out how to generate the MAC for application data in TLS
v1.
The rfc (2246) says at § F.2 protecting application data
Outgoing data is protected with a MAC before
Hmm, i think that depends on which BN_ functions. In your example,
BN_bin2bn() returns a new BIGNUM object, so you do not need to BN_new().
b l wrote:
Hi,
If i reuse a BIGNUM created with BN_new() without
freeing it first will i cause a memory leak?
does the BIGNUM dynamically allocate memory
First of all, you need to write functions that do serialization and
de-serialization of your own C structure.
Think about network programming, how do you send a C structure using
sockets to a receipient? And having the receipient assemble it back into
a C structure?
Without such functions,
33 matches
Mail list logo
