Hello to everybody!!
I'm writing a client/server app with communication over SSL. Every setup
can be a server or a client so I think I could benefit from using ocsp
for validation purposes!
I'm very new to openssl but i found that i can use bundled command-line
`ocsp` application for checking
Hi,
I need to do RSA encryption/decryption using OAEP according to rfc 3447/PKCS#1
v2.1. The documentation for RSA_public_encrypt states that with the
RSA_PKCS1_OAEP_PADDING padding flag you get 'EME-OAEP as defined in PKCS #1
v2.0 with SHA-1, MGF1 and an empty encoding parameter'. This is
I found the issue in my own code. It has nothing to do with OpenSSL. Sorry.
From: bs...@labtechsoftware.com
To: openssl-users@openssl.org
Date: Fri, 15 Jun 2012 16:47:46 -0400
Subject: DES_ede3_cbc_encrypt Maximum Text Length?
I am interacting with DES encryption at a fairly
Hello,
Would anybody be so kind to explain me how I can read the digest algorithm
(sha1, sha256, other) from a X509 struct that was used by a CA when issuing the
certificate (I am using version 0.9.8).
Thanks
Dirk
__
OpenSSL
On Mon, 18 Jun 2012 16:08:28 +0200
Dirk Menstermann noadsple...@web.de wrote:
Would anybody be so kind to explain me how I can read the digest
algorithm (sha1, sha256, other) from a X509 struct that was used by a
CA when issuing the certificate (I am using version 0.9.8).
openssl x509 -in
Thanks,
unfortunately I forget to include the information that I need to know it from a
c programm, not from the shell. Do you also know the solution here?
Thanks
__
OpenSSL Project
Hello,
In my application, I met some problem when verifying a certificate which
is expired.
It worked perfectly in 0.9.8 and I get the X509_V_ERR_CERT_HAS_EXPIRED
error code, and my verify call back is able to print the issuer and
subject of the current_cert.
The same code linked with
Odd problem, I've been overhauling our x509 certificate handling and I've run
into an issue where the standard openssl x509 verification mechanism fails to
verify a certificate with a 1024-bit key when run with the FIPS version of the
library loaded but which verifies it with the non-FIPS
On Mon, Jun 18, 2012, Dirk Menstermann wrote:
Thanks,
unfortunately I forget to include the information that I need to know it from
a
c programm, not from the shell. Do you also know the solution here?
At present you have to access the X509 structure directly. For example:
sig_nid =
On Mon, Jun 18, 2012, Nou Dadoun wrote:
Why is it failing with the fips library and passing with the non-fips library
- does it have anything to do with the 1024 bit key? (i.e. 2048 and 4096-key
certs both work, and the ca cert has a 2048-bit key)
Do you get an additional error from
I am getting individual messages. Is it possible to subscribe in batch
(diagest) mode?
David
Hi all,
This is my first question to the openssl community - apologies if its a bit
noobish.. but I am really stuck..
I am trying to build the Russian Gost engine on windows using openssl-0.9.8e
if you look at a translated version of link:
http://www.cryptocom.ru/opensource/openssl098.html
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
Sent: Monday, 18 June, 2012 12:06
In my application, I met some problem when verifying a
certificate which is expired. It worked perfectly in 0.9.8
and I get the X509_V_ERR_CERT_HAS_EXPIRED error code, snip
The same code
Here's the certificate which is failing:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=www.casofti.com, ST=BC,
C=CA/emailAddress=dniko...@casofti.com, O=Teradici CA
Validity
Sorry accidentally hit send, the oddity is (as I mentioned before) that
comparable certificates with larger keys using the same signing algorithm pass
verification. E.g. this one is passing:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature
On Mon, Jun 18, 2012, Nou Dadoun wrote:
Sorry accidentally hit send, the oddity is (as I mentioned before) that
comparable certificates with larger keys using the same signing algorithm
pass verification. E.g. this one is passing:
Can you reproduce this using the verify utility and the
It passes OK with the usual verify utility but that's not surprising since it
passes verification if I'm not using FIPS, I don't imagine there's any way to
force the verify utility to use the FIPS routines; in any case, I'm happy to
send them to you offline ... N
---
Nou Dadoun
On Mon, Jun 18, 2012, Nou Dadoun wrote:
It passes OK with the usual verify utility but that's not surprising since
it passes verification if I'm not using FIPS, I don't imagine there's any
way to force the verify utility to use the FIPS routines; in any case, I'm
happy to send them to you
18 matches
Mail list logo