On 6/25/21 8:08 PM, Frans de Boer wrote:
LS,
I keep getting the message "
You need Gnome Color Management installed in order to calibrate
devices" when I select Color Management in the System Setting under KDE.
The thing is, colord as well as the gnome-color-manager are both
ins
the latter program?
Anybody experience with it?
Regards, Frans.
--
A: Yes, just like thatA: Ja, net zo
Q: Oh, Just like reading a book backwards Q: Oh, net als een boek
achterstevoren lezen
A: Because it upsets the natural flow of a story A: Omdat het de natuurl
t zo
Q: Oh, Just like reading a book backwards Q: Oh, net als een boek
achterstevoren lezen
A: Because it upsets the natural flow of a story A: Omdat het de natuurlijke
gang uit het verhaal haalt
Q: Why is top-posting annoying? Q: Waarom is Top-posting zo
irritant?
Hi,
I'm searching on the internet for an OpenSSL version 1.1.1. RPM package for
CentOS 7.
However, I cannot find this. Perhaps one of the users in the mailing list has
this package already available.
Thanks
> You reprocessed all of the hundreds of test vectors? I'm impressed. That
> must have taken many days of compute time.
Sorry, the download script I set up seg faulted after some time, and I didn't
noticed. In fact it only tested a few tarballs.
> The most recent set of test vectors used for a
> The FIPS module and test suite software (fipsalgtest.pl) are designed to work
> with exactly those algorithm tests relevant to the associated validations
> (#1747/2398/2473). The test labs generate a unique set of test vectors for
> each platform validation; those test vectors must be of the e
I am trying to validate the FIPS Object Module.
I have built the test tools as specified in [1] Appendix B.1 and I have
downloaded and extract the test vectors from [2].
At that point I run the following:
perl fipsalgtest.pl --dir=/run/media/sda1/fips_tv/OSF_JN2859_OE46.results
(where /run/m
e same.
where am i wrong ?
best regards and thnaks for your kind support.
Abel
Artiste en herbe,musicien , informaticien, roliste , tout et son contraire
Blog Perso
karel-de-ma...@wanadoo.fr
___
openssl-users mailing list
To unsubscribe: https:
OK, I compiled a new kernel for the 13.2 release and was installing it.
I have to manually copy bzImage and System.map because I do not use the
make install which requires the perl-Bootloader to be available.
Before I just did mkinitrd -B and the initrd file was made. Now that is
part of dracu
Great Dave this did the trick.
Thanks,
Mark
Van: openssl-users [openssl-users-boun...@openssl.org] namens Dave Thompson
[dthomp...@prinpay.com]
Verzonden: vrijdag 1 mei 2015 6:59
Aan: openssl-users@openssl.org
Onderwerp: Re: [openssl-users] Error signing d
Dear Openssl,
I have the following case:
I am trying to sign a file with a private key from an CA.
I converted the pfx file to a pem file using the following command
openssl pkcs12 -in CustKeyIcBD001.pfx -out CustKeyIcBD001.pem -nodes
After this I trying to sign a file using this key with the fo
On 04/25/15 15:34, dE wrote:
On 04/21/15 15:22, dE wrote:
On 04/20/15 00:10, Salz, Rich wrote:
Sometimes, the program crashes when doing an SSL_CTX_free; before the
crash, ctx is an invalid pointer, that's why I can get a valid
value from
SSL_CTX_get_max_cert_list (ctx), so it's no
On 04/21/15 15:22, dE wrote:
On 04/20/15 00:10, Salz, Rich wrote:
Sometimes, the program crashes when doing an SSL_CTX_free; before the
crash, ctx is an invalid pointer, that's why I can get a valid value
from
SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
You
On 04/20/15 00:10, Salz, Rich wrote:
Sometimes, the program crashes when doing an SSL_CTX_free; before the
crash, ctx is an invalid pointer, that's why I can get a valid value from
SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
You mean it's a VALID pointer?
We'll need a mo
On 04/20/15 00:10, Salz, Rich wrote:
Sometimes, the program crashes when doing an SSL_CTX_free; before the
crash, ctx is an invalid pointer, that's why I can get a valid value from
SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
You mean it's a VALID pointer?
We'll need a mo
I got a program which does the following sequence of operations --
SSL_shutdown(ssl)
SSL_free (ssl);
SSL_CTX_free ( ctx );
close(socket)
Where 'socket' is the underlying non-blocking socket the ssl connection
is established over. bio is also set to non-blocking.
Sometimes, the program crashes
I'm using SSL over non-blocking socket. As a result SSL_shutdown returns
immediately with error code 5 (underlying socket issue), sometimes after
doing this, the program crashes on SSL_CTX_free.
So I was wondering about closing the socket without doing an
SSL_shutdown. Is this safe? Any securi
On 03/17/15 22:29, Salz, Rich wrote:
Ok, so TLS does not handle this.
The current draft of the TLS 1.3 specification includes a field to pad every
data record.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/ope
On 03/13/15 20:56, Salz, Rich wrote:
> I'm using TLS 1.2 with compression and was wondering if OpenSSL
implements ways to hide the exact length of the message (may be using RFC
6066).
No. What in 6066 were you thinking of trying to use?
___
openss
Hi!
I'm using TLS 1.2 with compression and was wondering if OpenSSL
implements ways to hide the exact length of the message (may be using
RFC 6066).
Thanks for any hints.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman
On 03/07/15 22:33, Dr. Stephen Henson wrote:
On Sat, Mar 07, 2015, dE wrote:
Suppose, I write a small amount of data with SSL_write. Will openssl
accumulate these writes to make a single big fragment and then send
it, or will it send it the moment it receives the data, as a single
fragment
On 03/07/15 19:43, Salz, Rich wrote:
As far as I know SSL_read will only return data from 1 record.
But there is no requirement that each write translates into one record.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/l
On 03/07/15 18:46, Kurt Roeckx wrote:
On Sat, Mar 07, 2015 at 11:47:12AM +, Salz, Rich wrote:
So this is preserving message boundaries. How do I get the complete
message just like with TCP?
No, it just happened that way. TLS does not preserve message boundaries.
As far as I know SSL_read
It appears that SSL_read does not work like a stream protocol.
This is the server part of the program --
char c[] = "Hello";
SSL_write (sslconnection, &c[0], 1);
SSL_write (sslconnection, &c[1], 1);
SSL_write (sslconnection, &c[2], 1);
SSL_write (sslconnection, &c[3], 1);
SSL_write (sslconnectio
On 03/01/15 19:43, Dr. Stephen Henson wrote:
On Sun, Mar 01, 2015, dE wrote:
Hi!
I'm trying to create a certificate using openssl library. Here is
the code --
void main () {
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
char err
Hi!
I'm trying to create a certificate using openssl library. Here is the
code --
void main () {
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
char err[1000];
RSA* keypair = RSA_new();
BIGNUM *e = BN_new();
X509 *certificate = X509_new(
On 02/20/2015 11:42 AM, Frans de Boer wrote:
Hi,
I have a server running 12.3 and want to install on a different
partition the newer 13.2 distribution. Alas, after installation I can't
boot 12.3 anymore because of wrong references. Every time I install a
fresh kernel I have to manually edi
Hi,
I have a server running 12.3 and want to install on a different
partition the newer 13.2 distribution. Alas, after installation I can't
boot 12.3 anymore because of wrong references. Every time I install a
fresh kernel I have to manually edit the grub.cfg files to get 12.3
booted again.
Hi!
I'm trying to make a certificate chain using the following commands --
openssl genpkey -out issuer.key -algorithm rsa
openssl genpkey -out intermediate.key -algorithm rsa
openssl req -new -key issuer.key -out issuer.csr
openssl req -new -key intermediate.key -out intermediate.csr
openssl x50
5PM +0200, Jeroen de Neef wrote:
>
> > I think that 3K-RSA is the next step after 2K-RSA, and I am sure that the
> > computational costs of a 4K-RSA certificate is much of an obstruction
> with
> > current hardware and I think that it isn't a problem at all a couple
> ye
I can see RC4 going in the list of low security ciphers within a couple of
years anyways, so we can better discourage the usage right now.
2014-09-09 18:14 GMT+02:00 Salz, Rich :
> We disagree. I've got two IETF WG's coming to the same conclusion so
> making post-1.0.2 follow IETF practices seem
I think that 3K-RSA is the next step after 2K-RSA, and I am sure that the
computational costs of a 4K-RSA certificate is much of an obstruction with
current hardware and I think that it isn't a problem at all a couple years
in the future.
2014-09-09 14:18 GMT+02:00 Salz, Rich :
> > May I suggest
I am also quite curious.
Also, how long has this exploit been around, and could hackers have
exploited this already?
2014-06-05 22:46 GMT+02:00 Jeffrey Walton :
> CVE-2014-0224 looks like an interesting issue
> (https://www.openssl.org/news/secadv_20140605.txt):
>
> An attacker using a caref
On 05/29/2014 09:52 PM, Jeremy Gray wrote:
government of North Korea... Even if no strings, it would damage the
perception people have of OpenSSL just being associated with that
entity. So, just be mindful of people's perceptions when accepting
anything.
+1.
Dennis Rodman goes
On 05/29/2014 02:52 AM, Salz, Rich wrote:
Please don't feed the troll
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
Being cynical is equal to being a troll?
The initial remarks made by an openssl representative was that that most
con
On 05/28/2014 10:05 PM, Steve Marquess wrote:
Please accept our thanks as you have saved
us a lot of time and money
Yes, quite an understatement :\
Now a state sponsored company is sponsoring openssl.org? The bigger the
country, the higher the stakes and thus also the measures to safeguard th
Man, I really like to look at all these logos.
Phong, can you make the images bigger? Because the resolution is quite
small.
Kind regards,
Jeroen de Neef
--
pgp/gpg key:
https://jeroendeneef.eu/publickeys/pubkey.4B074162EC3601F7.Jeroen_de_Neef.asc
2014-05-09 4:38 GMT+02:00 Phong Long
I had the same idea, what about designing a new logo with this new sponsor?
To begin a new era for OpenSSL, one where people donate more and OpenSSL
will have more full time devs.
Kind regards,
Jeroen de Neef
--
pgp/gpg key:
https://jeroendeneef.eu/publickeys/pubkey.4B074162EC3601F7
I would do it for free if I could work with photoshop, because it would
feel like an honor to do it, but sadly I can't.
Kind regards,
Jeroen de Neef
--
pgp/gpg key:
https://jeroendeneef.eu/publickeys/pubkey.4B074162EC3601F7.Jeroen_de_Neef.asc
2014-05-08 18:43 GMT+02:00 Mauricio Ta
for the chosen logo.
Kind regards,
Jeroen de Neef
--
pgp/gpg key:
https://jeroendeneef.eu/publickeys/pubkey.4B074162EC3601F7.Jeroen_de_Neef.asc
2014-05-08 17:21 GMT+02:00 Jeroen de Neef :
> Maybe there can be multiple entries, and have Nokia, you or the mailing
> list decide which the
Maybe there can be multiple entries, and have Nokia, you or the mailing
list decide which they like.
Kind regards,
Jeroen de Neef
2014-05-08 17:17 GMT+02:00 Steve Marquess :
> On 05/08/2014 11:04 AM, Stacy Devino wrote:
> > I would be happy to do so and I sure there are several o
/* or cast to ECPublicKey if you need to be specific */
>
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Marcio Campos de Lima
> Sent: Monday, March 10, 2014 10:24
> To: openssl-users@openssl.org
> Subject: *** Spam *** Re
2_bio(certFile, nullptr);
>
>if (!p12) {
>goto done;
>}
>
>if (!PKCS12_parse(p12, "P12 password", &g_pk, &cert, nullptr)) {
>goto done;
>}
>
> done:
>X509_free(cert);
>
Hi
How can I get the Public Key from a PKCS12 keystone?
Do I need to parse the certificate ? Is there a way to store the public key
into the PKCS12 keystone?
Thanks
__
OpenSSL Project http://www.
Hi
How can I get the Public Key from a PKCS12 keystone?
Do I need to parse the certificate ? Is there a way to store the public key
into the PKCS12 keystone?
Thanks
__
OpenSSL Project http://www.
Hi all.
Why does the AES key wrap feature does not work in FIPS mode of the latest
FIPS-approved OpenSSL anymore?
Thank you
De
From: "Dr. Stephen Henson"
To: openssl-users@openssl.org
Date: 02/28/2014 04:26 AM
Subject:Re: FIPS Openssl for Mac OSX 32 bit
Sent by:
Hi, Herat.
Take a look at fcntl() and setsockopt() functions. You may set the socket to
nonblocking using them.
I've also got blocking state using select() function, even setting it for
unblocking before. I solved incrementing timeout.
Leonardo
De: owner-openssl-us...@openss
-Mensagem original-
De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Em
nome de Ken Goldman
Enviada em: quarta-feira, 23 de janeiro de 2013 13:13
Para: openssl-users@openssl.org
Assunto: Re: Openssl versions compability
On 1/23/2013 9:51 AM, Jeffrey Walton
Hi,
I'd like to know about it. I have a software developed in 1.0.0b version. I
think it might be better to use some other newer release version, like
1.0.1c.
Will I have any trouble doing this?
I don't know if changes the answer, but it's for arm processor.
Thanks,
Leonardo
Hi Walter,
thank you very much for your answer.
I finally found the solution yesterday, but I did not know how to
"close" this issue I submitted.
I explain my solution just to check if is seems Ok to you :
- I changed the openssl smime command to remove all header part
- I insert the header afte
Hi,
I used to send openssl SMIME with no problem.
I needed to add a header : Disposition-Notification-To : [email adress]
But I could not figure out how to send it correctly.
If I use sendmail, it removes the header Disposition-Notification-To,
and when I tried other mailer (Mutt) it adds the cryp
Solved!
Thanks, Steve.
Leonardo
-Mensagem original-
De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
Em nome de Dr. Stephen Henson
Enviada em: terça-feira, 30 de outubro de 2012 20:04
Para: openssl-users@openssl.org
Assunto: Re: RES: PEM_read_PrivateKey
On
Hi,
The code for my project example is attached. The error code is as well.
The error remains. For generating Key, the callback is called. For getting
Private Key, the callback is not called.
What's wrong here?
I really appreciate any help.
Thanks.
Leonardo
<>#include
using namespace std
e, then I reply here.
Anyway, from DOS prompt I can check and get private key. The original code
generates the key pair and save the private Key. Then, get the key again to
save the public key.
Without password and encryption, it works.
:)
-Mensagem original-
De: owner-openssl-us
@Gerardo,
I'm having a problem with this function and I will use your thread for some
support.
@All
The problem I've got is quite simple. The callback I pass throught this
function is not called. I inserted a breakpoint into cb and it's not called
at all.
I'm using OpenSSL 1.0.1c. I'm sure abou
>Exactly! Welcome to the club. A good number of the products one trials or
>purchases over the years install their own copy of the OpenSSL DLLs
>*somewhere*. Use the Windows Start search function and key in ssleay32.dll
>and/or libeay32.dll and see how many hits you get! You could start by
>uninsta
Hi,
>That doesn't prove it's finding the *correct* openssl. Most (and
>usual) kinds of SSL connections work on older versions. Do you get
>TLSv1.1 or TLSv1.2 connections, or at least request them properly
>even if your server doesn't agree? That would prove version 1.0.1.
My lib is server for
Hi, Dave.
The answers are bellow.
>> I was following the main function in genpkey.c file and
>> following the same
>> sequence for generating key pair. I've got some executing
>> erros that took me
>> some hours to get it. I still have the problem and I think it
>> might be some
>> errors in
Hi all,
Just if anybody needs it, this is working:
RSA *rsa = NULL;
const EVP_CIPHER *enc=NULL;
unsigned long f4=RSA_F4;
char outfile[20];
char passout[10];
BIO *bio = NULL;
int num;
num = 1024;
memcpy(&passout[0],"teste",5);
passout[5] = '\0';
memcpy(&ou
Thanks for reply, Dave.
I was trying to understand the functions EVP_* last week, and your
suggestion is pretty usefull because now I know it's possible make it work.
I was following the main function in genpkey.c file and following the same
sequence for generating key pair. I've got some execut
Hi all,
I have an application which already establishes SSL Socket connection using
OpenSSL as lib. Now, my application needs to able the user create a RSA key
pair, sign documents and verify signatures. This it will be needed in some
features of my application, managed by user for signing doc
at
the hostname (in your case "test.mydomain.com") must match with certificate
common name (CN).
I hope it helps.
Leonardo
-Mensagem original-
De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Em
nome de Supratik Goswami
Enviada em: terça-feira, 11 de se
Hi,
I have some doubt about the Engine OpenSSL. If i load it, does it have a
timeout to unload the engine?
For example, I want to make a webservice that may use the openssl any time,
so i need to load the engine and let it loaded all the time.
Thanks for your atention,
--
Rick Lopes de Souza
,
> I got a problem with
> EC_KEY_new_by_curve_name: it always return NULL. Here is how I used it:
> EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_ecdsa_with_SHA256);
> If(eckey == NULL)
> {
> printf("ERROR: NULL ECKEY!\r\n");
> }
> Do you happen to know the reas
h), point,
> > POINT_CONVERSION_COMPRESSED, pubkey, ECDH_SIZE, NULL); with a NULL value.
> > The program exists and gives no segFAULT or any erros messages.
> >
> > Any suggestions?
> >
> > Thanks,
> >
> > --
> > Fabio Resner.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
--
Rick Lopes de Souza
Hi,
I have some doubts about the formats that openssl use with ECDSA and RSA.
I know that openssl implemments PKCS#1 and PKCS#8 to RSA, but ECDSA only
uses PKCS#8 ? And PKCS#13 ?
Thanks,
--
Rick Lopes de Souza
es it has the same features? I know it doesn't
needs the hash algorithm, but the message needs to be smaller than the size
of the key? ECDSA signs a message with any size?
Example: an ecdsa key with 192 bits signing a hash sha 512. It could be
signed or it is wrong?
Thanks,
--
Rick Lopes de Souza
Hi,
You can try this once.
Use socket library connect() to get the connected socket. Then use
BIO_new_socket() and pass the connected socket descriptor.
Then, on the socket BIO you can try BIO_set_nbio() and BIO_do_connect().
With regards,
Nilotpal
On Thu, Sep 22, 2011 at 2:15 PM, A
AM, Rick Lopes de Souza wrote:
> Maybe it's a simple question, but i want to know if there is any problem
> that i have a request using a ECDSA key with SHA-256 and i want to issue a
> certificate where the CA uses RSA with SHA 1.
>
> In some tests, a ECDSA with sha1 and a CA w
ertificate Authority has?
Thanks,
--
Rick Lopes de Souza
es without errors. Can anyone help me?
--
Rick Lopes de Souza
Hi,
This is my first mail to this Group. Consider me a novice in Openssl
since I am just getting used to the API's and understanding the behavior.
I am facing one problem. We have an MFP/Printer which acts as a client
and is trying to connect to a server through a Secure device. When the
c
Hi people!
I installed the service for time stamping with opentsa, now I want to try
the service for time stamping. I generate a query with the following
command:
. /openssl ts-reply-queryfile request.tsq-signer / root / tssCRT.pem-inkey /
root / tssKey.pem-out-token_out responde.tsr
And I get t
ure".
>
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
>
> On 2/23/2011 3:32 PM, Yessica De Ascencao wrote:
>
>> Hello!
>> Thanks for your help and monitoring.
>> Yes, I get the same error, I also throws the same when tested with the
u see if it is working for you?
>
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
>
> On 2/22/2011 3:11 PM, Yessica De Ascencao wrote:
>
>> Hi Mounir IDRASSI!
>> I generated the certificate with ONLY Digital Signature, Non Repudia
:93:62:d7:2c:29:87:cc:9c:72:97:19:
1a:2d:59:b8:fc:6c:86:22:ad:9c:ba:74:de:89:cb:55:c0:f8:
50:02:5d:7d:58:92:cb:0d:c9:9a:30:a9:2a:32:7e:2c:c6:a1:
19:eb:09:30:55:85:c8:30:d4:f1:51:9a:ca:77:58:8e:f8:a6:
b8:d9:92:63:10:fa:ad:06:79:aa:d9:5a:09:9c:5b:91:8b:7a:
04:66
le).
>
> Have you made sure that the permissions are correct? Are you absolutely
> sure that you have the right cert in the right location?
>
> Have fun.
>
> Patrick.
>
> On 2011-02-22, at 8:37 AM, Yessica De Ascencao wrote:
>
> > Hi!
> > This is the new c
Subject Alternative Name:
email:t...@company.com
X509v3 Extended Key Usage: critical
Time Stamping
Signature Algorithm: sha1WithRSAEncryption
02:d1:fd:44:de:1e:9f:e0:29:66:35:8f:43:da:e6:b5:20:43:
52:90:b0:dc:8a:0f:09:92:9e:c2:6b:dc:14:ab:2c
te you posted has critical mark on "X509v3 Subject Alternative
> Name" which is completely wrong in this case. It is "Time Stamping" that has
> to be marked as critical.
>
>
> --
> Kind Regards / S pozdravom
>
> Jaroslav Imrich
> http://www.jariq.sk
>
--
Saludos!
Yessica De Ascencao
0426-7142582
69:43:7e:d1:1f:5c:5f:60:58:f0:ea:37:b5:b0:0e:
ad:6d:f6:bd:2b:15:2a:bc:b8:16:53:2f:5c:25:ee:
9d:5f:99:ad:04:a0:d2:e7:73:2f:f0:f5:87:97:de:
3f:a5:79:13:9f:0e:f8:c4:be:bf:ef:76:64:39:d2:
4b:fd:5c:3e:4d:33:a6:8c:c1:05:23:9
Hi
TSA certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8d:0b:98:ba:f3:e4:5d:4c
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ve, ST=distrito capital, L=caracas, O=suscerte, OU=ac,
CN=acraiz/emailAddress=a...@dom.com
Hello!
I have days trying to install the timestamp service with openTSA, but I have
troubles with Step 14: Generate a private key and a certificate Including
the critical TimeStamping X.509v3 extended key usage extension for the TSA
and set-up options in the configuration mod_tsa httpd.conf, see th
hello!
I'm installing mod_tsa over apache2, i follow the configuration but show me
the error:
[Wed Feb 16 19:51:54 2011] [notice] mod_tsa:database driver is set to: None
[Wed Feb 16 19:51:54 2011] [warn] module tsa_module is already loaded,
skipping
[Wed Feb 16 19:51:54 2011] [warn] module tsa_mod
Hi people!
I'm new to the group and the openssl issue, I need to install openssl
with support for TSS on a machine with ubuntu 10.10. I downloaded the
source code http://www.openssl.org/source/, version openssl-fips-1.2.2
but when you make I get the following error:
Unable to find / usr/local/ssl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dear Steve,
Op 15-08-10 01:52, Dr. Stephen Henson schreef:
> OpenSSL 1.0.0 doesn't include any SSLv2 cipersuites by default and new logic
> means it doesn't send out an SSLv2 compatible client hello if it will never
> use SSLv2. That effectively dis
nsion: NONE
- ---
For some reason on systems with 0.9.8 this works. But fails for me, it
works for me if I manually specify -ssl2.
The site will have a downtime in the next 6 hours (some sort of daily
backup window), but I wonder if anyone can help me from the above log
pasted.
Yours Sincerely,
Thank you very much for the reply.
I'm using a new certificate, but initially I used the old one. I've replace
it because I thought that
might be the problem. At this happens on people's laptops, so I can't
perform much tests
as they are not usually available.
I can only show the logs from my c
Done that. It now seems to work! Thank you :)
S999D003:/home/ah/test # ./openssl ocsp -respin response-2.der -text
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = DE, O = D-Trust GmbH, CN = D-TRUST
Ah! That's exactly the point, where I tried to edit the code and recompile it.
But every time I tried to I became an error in make complaining about
[link_app.] and a false call of 'main' in _start...
Can I just replace the file and recompile openssl? Or do I have to edit
something in any type
I forgot to write, which versions are used.
For the client we are using 0.9.8L. But we also tested with M.
We are not sure about the responders but we are trying to find out.
Kind regards
Michel Pittelkow
> Hi everyone,
>
> we are currently trying to verify an ocsp response.
> The return is "Res
Sure! Here are the request and response files.
Kind regards
Michel Pittelkow
> Hi everyone,
>
> we are currently trying to verify an ocsp response.
> The return is "Response verify OK" but we need to verify the signature
> algorithm of the response signature.
> We tried putting the response in
t
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = DE, O = D-Trust GmbH, CN = D-TRUST OCSP-03 2008:PN
Produced At: Mar 12 09:58:31 2010 GMT
Responses:
Certificate ID:
Hash Algorithm: sh
On 09/27/09 22:36, Alan Buxey wrote:
The AMD Geode LX800 CPU has an on-chip AES 128-bit crypto accelerations
block and a true random number generator, but OpenSSL is not using it.
Please see the below link for test reports and openssl outputs
http://debian.pastebin.com/faeff2a3
Is there anybody
Hello everybody,
The AMD Geode LX800 CPU has an on-chip AES 128-bit crypto accelerations
block and a true random number generator, but OpenSSL is not using it.
Please see the below link for test reports and openssl outputs
http://debian.pastebin.com/faeff2a3
Is there anybody that know what is
Alright, I got it.
After inserting the structs etc. in order to hop through the extension, I got
down to the ASN1_OBJECT representing the professionOID.
OBJ_obj2txt(buf,buflen,obj,1) gives the OID I was looking for (first approach
was to create an object with that OID and use obj_cmp, which als
Hi and thanks for your continued help!
Meanwhile I did indeed define the syntax of the extension and get my way
through to the leaf being an ASN1_OBJECT representing the professionOID. Now my
lack of knowledge strikes back:
I want to check, whether a professionOID of "1.2.276.0.76.4.88" is incl
Hello,
what I've been doing lately is repeatedly grep-ing my way through OpenSSL
source code in order to find examples and definitions of such functions. Very
helpful to my mind. :)
Mit freundlichen Grüßen / Kind regards
Natanael Mignon
> -Ursprüngliche Nachricht-
> Von: owner-openssl
Hello,
ok, what I did so far is get the extension by OID. At least I know by now,
whether the extension is present or not:
[...]
X509 *client_cert = X509_STORE_CTX_get_current_cert(ctx);
const char *admoid = "1.3.36.8.3.3";
ASN1_OBJECT *admobj = NULL;
X509_EXTENSION *admext = NULL;
int
Dear list,
another trial. ;)
We need to validate the existence and value of an X.509 extension in a client
certificate from within Apache/mod_ssl. The extension "Admission" is described
by ISIS-MTT and has OID 1.3.36.8.3.3:
AdmissionSyntax ::= SEQUENCE {
admissionAuthority GeneralName OPTI
> -Ursprüngliche Nachricht-
> Von: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] Im Auftrag von Dr. Stephen Henson
> Gesendet: Dienstag, 28. Juli 2009 23:43
> An: openssl-users@openssl.org
> Betreff: Re: OCSP_basic_verify:root ca not trusted
>
> On Tue, Jul 28
1 - 100 of 244 matches
Mail list logo
