I'm using 64-bit Ubuntu 9.04's ssh:
$ ssh -V
OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
I use password-less logins with ssh-agent. I seem to be occasionally
getting this error when trying to ssh into other hosts (which I never
experienced before upgrading from Ubuntu 8.10):
Hi All!
When we are decoding the crash which we received with debug openssl
image built. We could see that in X509 stack there is an entry of CERT
present in the structure. I could see that this X509 stack is built on
the packet received in init_msg. We are running 0.9.7l I could see there
See inlined answers. Next time don't truncate the thread.
To make it clearer. Select or poll will return as soon as the socket is
writable. However, SSL still needs to negotiate keys and
encryption with the
peer before you can exchange any data. This is handled
transparently for you
in each
Hi,
The cert of the CA has expired. I've renewed the CA cert using:
openssl x509 -in cacert-old.pem -days 3650 -enddate -out cacert.pem
-signkey private/cakey.pem
I've also deleted the old CA cert from the mail client (thunderbird) and
install the
new CA cert. My existing personal cert
Hi experts,
I am completely new to encrytion / ssl.
I am trying to compile the demos from /openssl-0.9.8j/demos/ssl on CentOS
4.5
My objective is to setup a client and server using ssl to ensure secure
communication :). Needless to say I am getting a lot of errors:
[swu...@mpvmpc19 ssl]$ g++
Small correction - the return type error came with the default file - with
void main. Now, only this error on compilation
[swu...@mpvmpc19 ssl]$ g++ -lssl -lcrypto cli.cpp
cli.cpp: In function `int main()':
cli.cpp:106: error: `close' was not declared in this scope
[swu...@mpvmpc19 ssl]$ vi
Hello,
I would like to convert a data file plus its seperate PKCS#7 detached
signature (.p7s file) into a single .pk7 encapsulated file.
First I tried with the openssl command line tool (Linux, version 0.9.8d and
current 1.0.0beta2 which behaves the same):
openssl smime -pk7out -in
On Tue 12/05/09 10:52 AM , mail man mailman.inter...@gmail.com sent:
Small correction - the return type error came with the default file - with
void main. Now, only this error on compilation
[swu...@mpvmpc19 ssl]$ g++ -lssl -lcrypto cli.cpp
cli.cpp: In function `int main()':
cli.cpp:106:
Many thanks.
On Tue, May 12, 2009 at 3:34 PM, carlyo...@keycomm.co.uk wrote:
On Tue 12/05/09 10:52 AM , mail man mailman.inter...@gmail.com sent:
Small correction - the return type error came with the default file - with
void main. Now, only this error on compilation
[swu...@mpvmpc19 ssl]$
Nikos Balkanas wrote:
To make it clearer. Select or poll will return as soon as the socket is
writable. However, SSL still needs to negotiate keys and
encryption with the
peer before you can exchange any data. This is handled
transparently for you
in each SSL_write call. Therefore
Hi guys
Which version of mod_ssl is compatible with apache 2.0.54?
Neerav
==
i-choose online store at www.tataindicom.com
Your Comfort.Your Convenience.YourChoice.
==
DISCLAIMER:
The information contained in this message
On Tue May 12 2009, PETER LIN wrote:
Hi all,
I need to generate some problematic cert so as to test whether my app
will reject these certs or not. Such x509 cert are like without Issuer
field, Version field, or etc. Is there any command line available to
do the job? Or alternatively I can
Hi,
As known on the openssl mailinglists there is a difference in byte order
between openssl and MS cryptoAPI, when doing RSA encryption.
Googling around I find many references to claims that openssl is PKCS#1
compliant (big-endian) MS is wrong just reverse your bytes.
I was about to settle with
Hi All!
We are running into an important and critical customer issue where
we see some entry in the X509 stack entry when being freed is found to
have a value of 0x / -1 and as a result of the same there is a
crash. Found few other issues where different element is there in X509
On Tue 12/05/09 1:14 PM , Harm Verhagen harm.verhagen+web...@gmail.com sent:
As known on the openssl mailinglists there is a difference in byte order
between openssl and MS cryptoAPI, when doing RSA encryption.
Googling around I find many references to claims that openssl is PKCS#1
compliant
Hi All,
This is a basic question. But can anyone please clarify if this is correct?
These are the steps iam doing for a read on SSL socket for http requests.
I ) wait on select call on socket descriptor, until read hit occurs
(on timeout param)
2) read incrementally with SSL_read() from that
Hi,
I am wondering how Blowfish is implemented in OpenSSL, with regards to
key size used. What is the default key size used, and how is this
overridden? For example, if I wanted to use the algorithm with a
256-bit length key, would I simply pass in a key of that length? I am
somewhat concerned
When I try to upgrade my buildsystem on my sun box from openssl h to k I get
following complaints from gcc:
gcc -I.. -I../.. -I../../include -KPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
On Tue, May 12, 2009 at 05:16:50PM +0200, Simon Wilkinson wrote:
Hi,
I am wondering how Blowfish is implemented in OpenSSL, with regards to
key size used. What is the default key size used, and how is this
overridden? For example, if I wanted to use the algorithm with a
256-bit length
I've got the impression that the DTLS part of OpenSSL is based on an
incorrect understanding of the term MTU (Maximum Transmission Unit).
My understanding is that the MTU refers to the size of the IP packet
including the IP header (usually 20 bytes) and the UDP header (usually 8
bytes) in
Hi,
Latest beta version doesn't compile on VAX/VMS (with DEC C).
Compilation just hangs at seed.c, doing absolutely nothing except
using CPU time.
__
OpenSSL Project http://www.openssl.org
Sudarshan Soma
Hi All,
This is a basic question. But can anyone please clarify if this
is correct?
These are the steps iam doing for a read on SSL socket for http requests.
I ) wait on select call on socket descriptor, until read hit occurs
(on timeout param)
That's a mistake. Suppose,
I'm getting the following errors in an application log. The Library
Error lines look to be coming from OpenSSL. I can't seem to find them.
I've looked in Google, the err.h file, etc.
[info] SSL Library Error: 2148044919
error:80089077:lib(128):PK11_DESTROY_OBJECT:C_DestroyObject failed
On Tue, May 12, 2009, French, David wrote:
I'm getting the following errors in an application log. The Library
Error lines look to be coming from OpenSSL. I can't seem to find them.
I've looked in Google, the err.h file, etc.
[info] SSL Library Error: 2148044919
Although the last line is an OpenSSL error thre previous two are not.
The
library numbers (= 128) indiecate that . My guess from that error is
a
PKCS#11 engine of some sort is producing the error.
I'd suggest you post the query to wherever you got that engine from.
Steve.
--
Dr
Hi Daniel,
yes, you are right. The command line arg is passed to
SSL_set_mtu() which just sets d1-mtu.
The rest of the code assumes that d1-mtu does
only covers the UDP payload. So we need to fix
the handling of SSL_CTRL_SET_MTU to reduce the
value by 20+8.
Regarding path MTU discovery there
Hi Daniel,
I looked at the code for path MTU discovery, which is pretty
broken.
crypto/bio/bss_diagram.c contains
#define IP_MTU 14 /* linux is lame */
if ((ret = getsockopt(b-num, IPPROTO_IP, IP_MTU, (void
*)sockopt_val,
sockopt_len)) 0 || sockopt_val 0)
Well, the manual clearly states about looping the SSL_write call. You can
say what you want about it, but i have verified it in practice. Also it
doesn't say anything about sched_yield, that's something you have to figure
out on your own. You can either loop endlessly around the SSL_write call,
From: owner-openssl-us...@openssl.org On Behalf Of Kent Tong
Sent: Tuesday, 12 May, 2009 04:20
The cert of the CA has expired. I've renewed the CA cert using:
'the' CA being a private or internal one, obviously.
(I assume this CA is also trusted by some/all people you communicate
with,
From: owner-openssl-us...@openssl.org On Behalf Of PETER LIN
Sent: Tuesday, 12 May, 2009 01:26
I need to generate some problematic cert so as to test
whether my app will reject these certs or not. Such x509 cert
are like without Issuer field, Version field, or etc. Is
there any command
Is there an easy way to test that my code is handling the WANT_READ and
WANT_WRITE cases properly?
e.g. when:
1.) SSL_read() returns WANT_READ
2.) SSL_read() returns WANT_WRITE
3.) SSL_write() returns WANT_READ
4.) SSL_write() returns WANT_WRITE
Case #1 seems to be easy to test by reading small
31 matches
Mail list logo