Shoot, I need that functionality. Can I perhaps use the X509 *load_cert(BIO
*err, const char *file, int format, const char *pass, ENGINE *e, const char
*cert_descrip) function then? If yes, then can someone elaborate on how to use
this function? Thanks.
On Tuesday, 21 July 2015 10:56 PM,
Thanks for the quick response. I am currently working with smart cards and am
using the engine provided by openSC to access the private key in the smart
card. Long story short I have the EVP_PKEY object with me. Can I use this to
sign a certificate or some file which can be used for SSL client
On Wed, 22 Jul 2015 09:17:43 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:
Hello,
I have used rsault -sign option to sign a text file which gives me a
binary file. I would like to convert this to X509 so that I can use
it in a ssl handshake. I understand the command:
Thank you for the extremely elaborate answer. Now I understand the big picture.
I want to attach a file from the server side which can be collected in the
client program(the test) and I want to sign it and send it back. I have the ssl
server client connection ready through socket and ssl code.
What you want is application-specific, not part of the TLS protocol. So you
have to use SSL_read/SSL_write and pull the data out as needed.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Wed, Jul 22, 2015 at 6:40 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 22/07/2015 01:21, Jeffrey Walton wrote:
For the stragglers, I don't think its a stretch to ask C99 in 2015.
Visual Studio is often used on Windows, and it is not C99.
Oh my, I was not aware it was still struggling
But is there a way to send text files through SSL_write()?
No.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 21/07/2015 22:07, Michaela Schoenbauer wrote:
Hi,
I'm currently working on my Master thesis, and the topic is about
ECDSA implementations and DSA implementations in the context of small
embedded systems.
I'd like to try out OpenSSL but I'm not sure if I can configure it to
be small
Hello all,
I have a ssl server client connection set up which I have written in C using
sockets and openssl. I understand that I can attach a certificate of the server
and send it to the client by attaching it to the SSL_CTX object. I used the
SSL_CTX_use_certificate_file to do so. Now I can
But there is a way in which the server sends a test( for example a random
number) and the client signs it with his private key right?
On Wednesday, 22 July 2015 1:30 PM, Anirudh Raghunath
anirudhraghun...@rocketmail.com wrote:
But is there a way to send text files through
Bonjour,
An X.509 certificate is:
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
What you produced with « openssl rsautl -sign » is the content of the «
signatureValue »
Hi,
I my opinion the only way to securely handle your keys is the usage of
some kind of Hardware Security Module, e.g.
www.smartcard-hsm.com
www.yubico.com
These lightweight HSMs provide a PKCS#11 interface which can be
integrated using the PKCS#11 engine of OpenSSL. In addition the
But is there a way to send text files through SSL_write()? If so, can you
please give a small example? Thanks.
On Wednesday, 22 July 2015 1:27 PM, Salz, Rich rs...@akamai.com wrote:
What you want is application-specific, not part of the TLS protocol. So you
have to use
Hello,
I have used rsault -sign option to sign a text file which gives me a binary
file. I would like to convert this to X509 so that I can use it in a ssl
handshake. I understand the command:
openssl x509 -inform format -in certfile -out cert.pem
is used. I want to know what the parameters
(top posting for consistency)
Look at the functions named X509_sign(), X509_CRL_sign() and
X509_REQ_to_X509(), those should get you started.
On 22/07/2015 11:57, Anirudh Raghunath wrote:
Thanks for the quick response. I am currently working with smart cards
and am using the engine provided
Long response short, yes, you can.
Prepare and fill in your X509 object, perform the signature with your EVP_PKEY
private key, format the resulting signature into a BIT STRING, place this BIT
STRING into your previous X509 object, complete it with the AlgorithmIdentifier
you choose when signing
On 22/07/2015 01:27, Jeffrey Walton wrote:
Like I said, its learning to play well with your tools :)
Well I think what your saying is that we should play well with other
people's tools! My tools (and presumably the rest of the dev team's as
well) don't report this warning.
Ah, OK. So its being
On 22/07/2015 01:21, Jeffrey Walton wrote:
For the stragglers, I don't think its a stretch to ask C99 in 2015.
Visual Studio is often used on Windows, and it is not C99.
Oh my, I was not aware it was still struggling for C99 :) I guess
Microsoft is still putting their energies into the
But there is a way in which the server sends a test( for example a random
number) and the client signs it with his private key right?
It's called mutual (or client-side) authentication and is part of the TLS
protocol. The client must have an X.509-style certificate.
On 22/07/2015 13:14, Jeffrey Walton wrote:
On Wed, Jul 22, 2015 at 6:40 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 22/07/2015 01:21, Jeffrey Walton wrote:
For the stragglers, I don't think its a stretch to ask C99 in 2015.
Visual Studio is often used on Windows, and it is not C99.
Oh my,
On 22/07/2015 14:12, jonetsu wrote:
Hello,
Our Nessus version 6.4.1 is detecting a BEAST vulnerability against OpenSSL
1.0.1e. The source code defines SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as
0x0800L and several tests are made for this value in the code. The CHANGES
mentions though that
On Tue, Jul 21, 2015 at 9:46 PM, Salz, Rich rs...@akamai.com wrote:
Actually that isn't quite right. A properly configured and
tuned RBAC policy, when combined with PaX, can very effectively limit all
userspace activity (including root access!).
How do you know that the module is
The following commit changed the behavior of checking the extended key
usage bits in a server certificate when using X509_PURPOSE_SSL_SERVER:
http://marc.info/?l=openssl-cvsm=132759007026375w=2
This commit was put into 1.0.2 on April 6, 2012. Therefore, 1.0.1 and
1.0.2 behave differently in
Hello,
Our Nessus version 6.4.1 is detecting a BEAST vulnerability against OpenSSL
1.0.1e. The source code defines SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as
0x0800L and several tests are made for this value in the code. The CHANGES
mentions though that this had some side effects, the
24 matches
Mail list logo
