Julien Demoor wrote:
Hello,
I'm getting an error with the DSA_sign() function : data too large for
key size. I have inputed a 40-byte-long string representing a
hexadecimal SHA-1 digest. I can't find what the correct digest format
is, nor if anything else may lead to that error.
DSA_sign()
Greetings!
On Thu, 2 Mar 2006, Venkata Sairam wrote:
Hi
Does anyone encounter this issue stated below before? I am stuck with my
development. Can any one help\p?
I've encountered a problem seems to be the same. If a memory leak occurs
and the library has already freed the data need to
Julien Demoor wrote:
Hello,
I'm getting an error with the DSA_sign() function : data too large for
key size. I have inputed a 40-byte-long string representing a
hexadecimal SHA-1 digest.
I think the acceptable size would be size of 'q' in ur dsa key and i
guess the o/p of the sha digest
DearfriendsI use OpenSSL's speed command testing the speed of Blowfish and AES,find bf-cbc faster than aes-128-cbc.But when I download a large file from intranet of OpenVPN,find bf-cbc seems slower than aes-128-cbc,why? Can you give help? thanks! ---download rate--- aes-128-cbc 6.5Mbps bf-cbc
维宾 宋 wrote:
Dear friends
I use OpenSSL's speed command testing the speed of Blowfish and
AES,find bf-cbc faster than aes-128-cbc.But when I download a large
file from intranet of OpenVPN,find bf-cbc seems slower than
aes-128-cbc,why? Can you give help? thanks!
---download rate---
Hello!
On the Website there is a Link to www.opensslbook.com where Example Code
from the Book should be present.
The site is down and in the Google Cache and on archive.org I can only
find the links to the file.
Can anybody send me the tar.gz of the examples which was located at
I'm tryingto write a script able to create a self-signed certificate automaticaly. I'm using the command:openssl req -new -key${KEY} -x509 -out ${CERT}Unfortunately, I have to enter the DN information manualy.How can I get through the manual request to get the script to do it itself?
Nouveau :
This may seem a stupid question, but why do you want or need to do this?
You can generate an SS cert with a validity of (say 1 year) and just use it
without needing to generate a new one every time the system starts up. Is
there something special about the environment that I'm not aware of?
D.
jimmy wrote:
Julien Demoor wrote:
Hello,
I'm getting an error with the DSA_sign() function : data too large for
key size. I have inputed a 40-byte-long string representing a
hexadecimal SHA-1 digest.
I think the acceptable size would be size of 'q' in ur dsa key and i
guess the o/p of
Shulman Alexandre wrote:
I'm trying to write a script able to create a self-signed certificate
automaticaly. I'm using the command:
openssl req -new -key ${KEY} -x509 -out ${CERT}
Unfortunately, I have to enter the DN information manualy.
How can I get through the manual request to get the
Greetings!
On Thu, 2 Mar 2006, Shulman Alexandre wrote:
I'm trying to write a script able to create a self-signed certificate
automaticaly. I'm using the command:
openssl req -new -key ${KEY} -x509 -out ${CERT}
Unfortunately, I have to enter the DN information manualy.
How can I get
On Thu, Mar 02, 2006 at 11:52:50AM +0100, Shulman Alexandre wrote:
I'm trying to write a script able to create a self-signed certificate
automaticaly. I'm using the command:
openssl req -new -key ${KEY} -x509 -out ${CERT}
Unfortunately, I have to enter the DN information manualy.
Julien Demoor wrote:
jimmy wrote:
Julien Demoor wrote:
Hello,
I'm getting an error with the DSA_sign() function : data too large for
key size. I have inputed a 40-byte-long string representing a
hexadecimal SHA-1 digest.
I think the acceptable size would be size of 'q' in ur dsa key and
On Thu, Mar 02, 2006, Shulman Alexandre wrote:
I'm trying to write a script able to create a self-signed certificate
automaticaly. I'm using the command: openssl req -new -key ${KEY} -x509 -out
${CERT}
Unfortunately, I have to enter the DN information manualy. How can I get
through the
On Thu, Mar 02, 2006, ?? wrote:
Dear friends I use OpenSSL's speed command testing the speed of Blowfish and
AES,find bf-cbc faster than aes-128-cbc.But when I download a large file
from intranet of OpenVPN,find bf-cbc seems slower than aes-128-cbc,why? Can
you give help? thanks!
On Thu, Mar 02, 2006, Venkata Sairam wrote:
Hi
I have the PKCS7 object signed by a certificate. The certificate is revoked
and I have the corresponding CRL. I have the certificate in the certs
variable and the CRL in the store variable. I am using the method below:
int PKCS7_verify(PKCS7
Using openssl as a CA, I'm wondering what the best way is to renew a
certificate without first revoking the previous one. Revoking the previous
one would leave a window of vulnerability where a machine may be trying to
use the old certificate, as it hasn't yet downloaded the new one, but other
The best way is to have the unique_subject = no, and then allow for
the download and installation of the new cert. Once that's done,
revoke the old one.
As for why it's not the default, it's because there are other
applications besides just web server certification that require
additional
AFAIK Blowfish key setup times are very high. That
might account for the difference.
All things being equal AES certainly gives you more
security than any other cipher.
And AES was chosen also because it was found fit for
implementation on severely constrained embedded
devices. So you get both
I have tested n times,but the result is same. OpenVPN renegotiate keys every ahour. Bf-cbc should be faster or fastest.but...Bernhard Froehlich [EMAIL PROTECTED] 写道: songwb wrote: Dear friends I use OpenSSL's speed command testing the speed of Blowfish and AES,find bf-cbc faster than
Brian Candler [EMAIL PROTECTED] a écrit:On Thu, Mar 02, 2006 at 11:52:50AM +0100, Shulman Alexandre wrote: I'm trying to write a script able to create a self-signed certificate automaticaly. I'm using the command: openssl req -new -key ${KEY} -x509 -out ${CERT} Unfortunately, I have to enter
My bad. I typed 'openssl help' and didn't see sha256 listed under any of the digest commands. That is probably an old menu that hasn't been updated yet. Now that I used your syntax I got the same result. Thanks for the help!
On 3/1/06, Brian Candler [EMAIL PROTECTED] wrote:
On Wed, Mar 01, 2006 at
What about the 'copy' parameter og get_session_cb() ?
Probably you're using it, but haven't noticed in your question...
--
View this message in context:
http://www.nabble.com/Session-Memory-Leek--t594071.html#a3205710
Sent from the OpenSSL - User forum at Nabble.com.
Hello, when setting-up external caching management, I got to set also the
get_session_cb() for my context. But I have no ide, how to select the
session to return.
E.g. I can read a session using PEM_read_session() into a SSL_SESSION
object, but i need to compare it's session-id with that one
In the FIPs version I see
that you can set a key and a seed for PRNG. I have been looking around for how
to set a key in the non-FIPS (0.9.8a) version and if I read the man pages
correctly (which is suspect J)
it looks like this is not supportted in non-FIPS (that is, is the way you
Hello,
I want my application to trust certificates sign by the major CAs out
there. Does anyone know of a way to hook up to the place where Windows
stores its list of CAs? Or maybe just a place where I can download the
keys of the standard CAs (like Verisign, Thawte...). Is there such thing
On Thu, Mar 02, 2006, Mikhail Kruk wrote:
Hello,
I want my application to trust certificates sign by the major CAs out
there. Does anyone know of a way to hook up to the place where Windows
stores its list of CAs? Or maybe just a place where I can download the
keys of the standard CAs
27 matches
Mail list logo