Hi,
I have Openssl based TLS server where a java jsse (java secure socket
extention) client connects.
After a bit to exchange the server tries to renegotiate,
here's a sample code
ret = SSL_accept (ssl);
CHK_SSL_ERR(ret);
char buffer[256];
int count = 0;
static BIO
Hi ,
I have client that would connects to a server for a long duration of time.
And i'm trying to refresh the session keys.
From what I have read for open ssl 0.9.7 and up the step to do the same are
pretty simple.
SSL_renegotiate(SSL *)
SSL_do_handshake(SSL *)
and then to confirm call
Ok, so it's kindof working now.
kinda because after a do_handshake, any read on the server server return -1,
but if you ignore this one and continue, subsequent read works.
And data transfer works if back to normal with the new session.
Any reason why the read would fail ?
Are there any
Hi,
i'm interested in getting the certificate thumbprint, how do i get it from a
x509 structure ?
is the thumbprint the public key hash.
if so is there an easier way to getting it, other than first getting the public
key and then hashing it.
thanks any info would be appreciated !
Kunal
, tempFingerprintLen ) = 0)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of k b
Sent: Thursday, September 13, 2007
7:06 PM
To: openssl-users@openssl.org
Subject: Get public key
hash/Certificate thumbprint
Hi,
i'm interested in getting the certificate thumbprint, how do i get
Hi,how do i convert ASN1_INTEGER to either an int or long.thanks !
_
See what you’re getting into…before you go there.
http://newlivehotmail.com
Thanks Marek, so then how do i convert RSA to EVP_pkey ? Subject: Re:
Converting RSA to EVP_pkey From: [EMAIL PROTECTED] To:
openssl-users@openssl.org Date: Fri, 27 Jul 2007 01:09:59 +0200 Hello,
2) I was looking and found this d2i_RSAPrivateKey. From what it looks like,
this doesn't
is this the best way to do it ?
EVP_pkey *pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
thanks !
From: [EMAIL PROTECTED]
To: openssl-users@openssl.org
Subject: RE: Converting RSA to EVP_pkey
Date: Thu, 26 Jul 2007 16:16:36 -0700
Hi,I have a RSA * to a private key and want to convert it to an EVP_pkey. 1)
Is there a way to convert from RSA to EVP_pkey.would the following function
the right candidate to do the job EVP_PKEY *PEM_read_bio_PrivateKey(BIO
*bp, EVP_PKEY **x,
One other issue though the base64 encoded string contains new line character
at the end.
is there a way through the api to not include it.
From: k b [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: Base64 encoding with BIO_new_mem_buf
Date: Thu
Hi,
I'm trying to use BIO to do base64 encoding.
but here's the problem
in the sample code below,
if I comment out like 1 (which uses mem bio) and uncomment 2 (one
that uses file bio)
everything works and the encoded string is written the std out.
Which is good as it tells me that things are
Thanks for pointing it out Jim, actually that was a error in creating the
sample code for the post
the actual code looks more like the one show below
int main(int argc, char *argv[])
{
char ch[] = adsf;
char enc[128];
int encSize= 128;
b64encode(ch, strlen(ch), enc, encSize);
printf([%s]\n,
that was indeed the problem, a read only buffer. Thanks Jim !
From: Jim Fox [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: Base64 encoding with BIO_new_mem_buf
Date: Thu, 12 Jul 2007 11:21:28 -0700 (PDT)
And yeah even with the correct size
Hi,
I'm trying to figure out if a particular cert that i receive has SHA1 or
SHA256 as its signature algorithm.
I know this could be done by using either i2t_ASN1_OBJECT(buffer,
x509-sig_alg-algorithm) or i2a_ASN1_OBJECT(bio, x509-sig_alg-algorithm)
The problem is, if the cert has sha1 sign
Hi,
I'm trying to verify a cert chain against a trusted chain of cert,
and here's what i get
error 20 at 1 depth lookup:unable to get local issuer certificate
can someone shed some more light at the error, like
1) what doest it mean
2) and is the problem in the cert chain that i'm trying to
Hi,
I'm decrypting using the EVP api and
I'm encountering the following error when i do a EVP_DecryptFinal
hashVerify:: ERROR error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
I have 2 questions
1) what's hashVerify got to do in the decryption process ?
2) any ideas
Hi,
I'm decrypting using the EVP api and
I'm encountering the following error when i do a EVP_DecryptFinal
hashVerify:: ERROR error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
I have 2 questions
1) what's hashVerify got to do in the decryption process ?
2) any ideas
: RSA_padding_check_PKCS1_type_1
Date: Mon, 25 Sep 2006 13:23:48 +0200
On Sun, Sep 24, 2006, k b wrote:
Thanks for your prompt response Steve.
actually this the error i'm getting
6536:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
long:asn1_lib.c:150:
6536:error:0D068066
Hi ,
Sorry my bad again to post this on openssl-dev.
I'm running into this error
1823:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type
is
not 01:rsa_pk1.c:100:
1823:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.c:632:
just to quickly
that the CA is using.
Thanks
Kunal
From: Dr. Stephen Henson [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: RSA_padding_check_PKCS1_type_1
Date: Sun, 24 Sep 2006 22:21:54 +0200
On Sun, Sep 24, 2006, k b wrote:
Hi ,
Sorry my bad again to post
HI,
How do i tell if a X509 cert is a SHA256 cert.
Thanks
kb
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
Hi Marek,
Thanks for the reply,
How do i find it through the X509 struct ?
X509 *myX509 =
is this the field ?
myX509-sig_alg-algorithm-nid
and what value should i hold that would tell me that it's sha256
thanks
Bisla
From: Marek Marcola [EMAIL PROTECTED]
Reply-To:
Jaya,
You would have to use the EVP api that would do it for you.
see
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
-kbisla
From: Bhat, Jayalakshmi Manjunath [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: How do I remove padding during
Hi,
I'm trying to read a base64 encoded msg from an in memory buffer and decode
it (and possible write to a file or to mem)
I can't figure out what's wrong with the code snippet below.
From what I have read in the openssl book and other docs, looks like this is
how it should be done (see
Is there a way that i can get an X509 cert from an array holding a cert in
DER format.
I know to read PEM format cert you got to do the following.
static X509 *loadCertFromMem(char *pCert, int pLength)
{
STACK_OF(X509_INFO) *sk = NULL;
X509*returnCert = NULL;
BIO
Thanks for all the reponse,
i have a question about this following method
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
X509 *x509, STACK_OF(X509) *chain);
if i understand this correctly the argument 'x509' is the cert that u want
to be verified the
Hi,
How do i validate a certificate chain. is there a EVP api for it ?
thanks
Kunal
From: Marek Marcola [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: OpenSSL Generating Extra Packets
Date: Fri, 25 Aug 2006 23:51:45 +0200
Hello,
I am working
Marek, that was good pointer i'll add that . Thanks !
From: Marek Marcola [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: 3DES Encryption / Decryption using the EVP api
Date: Fri, 18 Aug 2006 11:08:55 +0200
Hello,
I want to decrypt using 3DES
hi ,
I want to decrypt using 3DES and want to use the EVP api.
Here's what i'm doing, it will be nice someone could validate if my approach
is correct. here's the code that i have come up with...
int 3desDecrypt(unsigned char * pEncData, int pDataSize)
{
int dec_data_size = 0;
+0200
On Mon, Jul 31, 2006, k b wrote:
Thanks Steve for pointing out that i posting to the wrong list, sorry my
bad for some reason i didn't read it right. anyways...
I've moved it now.
lemme give some background
i have a plain text file plain.txt
i call
# openssl rsautl -sign -inkey
30 matches
Mail list logo