In linux, I can call FIPS_mode, if return value is zero, then I can call FIPS_mode_set( 1 ) to set FIPS mode; however, in windows, call FIPS_mode, the return value is zero, but when I call FIPS_mode_set(1), it still return the ERROR message : 2496:error:2A069066:FIPS routines:FIPS_mode_set:fips
Hi all
Can anyone please tell me what I might be doing wrong when trying to verify
a signature using openssl. We are using the same digest, signature and
certificate in Java and then it verifies ok. But it fails on (errorcode 0)
in openssl.
I am including the code as well as the signature, digest
Hi,
Our application sends/receives audio/video streams on a ssl connection. The
i/o is done by our application and we communicate with the ssl library via
BIO_read/BIO_write and SSL_write/SSL_read. All operations are non blocking.
Everything works fine until the processed packets per second
Henrik Thuermer wrote:
If we receive some data we process it via one BIO_write call followed by
SSL_read calls until the call to SSL_read fails with SSL_get_error() ==
SSL_ERROR_WANT_READ or SSL_read returns no more data (SSL_ERROR_WANT_WRITE
is also handled correctly - I hope). Then we stop
Following the example in the openssl book,
I generated a cert request
$C:\caopenssl req -newkey rsa:1024 -keyout blkey.pem -keyform PEM
-out blreq.pem
-outform PEM
Then tried to generate the certificate (with openssl.cnf set to the CA
configuration).
C:\caopenssl ca -in blreq.pem
Using
On Mon, Jul 17, 2006, Dave Pawson wrote:
wrong number of fields on line 1 (looking for field 6, got 1, '' left)
I'm unsure which file it's telling me is wrong, the request or the config
file?
Neither it is saying the CA index.txt file is in an invalid format.
I'd suggest using the CA.pl
I got the same error:C:\OpenSSL\openssl-0.9.7j\out32dllopenssl.exe3300:error:2A069066:FIPS routines:FIPS_mode_set:fips mode already set:fips.c:239:(Last week, when I run openssl wihtout OPENSSL_FIPS set, it's running OK. Recently,I looked the source code, openssl.c calls FIPS_mode_set
On 17/07/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
I'm unsure which file it's telling me is wrong, the request or the config
file?
Neither it is saying the CA index.txt file is in an invalid format.
I'd suggest using the CA.pl script instead for this, it makes things
considerably
On Mon, Jul 17, 2006, Dave Pawson wrote:
On 17/07/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
I'm unsure which file it's telling me is wrong, the request or the config
file?
Neither it is saying the CA index.txt file is in an invalid format.
I'd suggest using the CA.pl script
On 17/07/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
I'd suggest using the CA.pl script instead for this, it makes things
considerably easier.
CA.pl just does the right thing without the user having to worry about it.
Later if you want to understand how everything works or for more
At 11:59 17.07.2006 +0100, you wrote:
Henrik Thuermer wrote:
If we receive some data we process it via one BIO_write call followed by
SSL_read calls until the call to SSL_read fails with SSL_get_error() ==
SSL_ERROR_WANT_READ or SSL_read returns no more data (SSL_ERROR_WANT_WRITE
is also
Hello,
When I try to sign CSRs for my CA to create client certificates the
openssl command-line tool returns 0, regardless of whether it succeeded
or failed. Should it not be returning a non-zero value if it failed to
sign the CSR for some reason?
This is crucial when wrappering the openssl tool
For some reason I didn't get the original post, so I'm replying to the
reply.
In a blocking socket when a network read freezes, it
is normal. It only means that nothing arrived on the
socket.
You got to take a look at the MSN protocol. With HTTP,
it might be sending a TCP FIN or
Hello,
For some reason I didn't get the original post, so I'm replying to the
reply.
In a blocking socket when a network read freezes, it
is normal. It only means that nothing arrived on the
socket.
You got to take a look at the MSN protocol. With HTTP,
it might be sending a
To clarify: HTTP 1.0 do not have persistent connection so connection
has no meaning for HTTP 1.0 and server should drop connection after
servicing such client request.
This is true under the official specification, but is not true as to how
the protocol is used. Persistent connections
Hello,
To clarify: HTTP 1.0 do not have persistent connection so connection
has no meaning for HTTP 1.0 and server should drop connection after
servicing such client request.
This is true under the official specification, but is not true as to how
the protocol is used. Persistent
David Schwartz wrote:
Notice the two persistent connection headers returned? And, in practice,
the connection is in fact persistent. If you were correct, the server would
ignore the Connection header since it has no meaning. Try it without a
connection header and you will see the
Hello,
Many applications generate a static one, can the same exact key be
re-used without any security considerations for unrelated sessions ?
Should a highly secure application generate a new one for every connection?
In this case (export restriction) generating RSA 512 bit key is not
Excuse me if I am saying the obvious.
But did you factor the fact that an SSL renegotiation
or handshake can happen anytime during the
conversation?
Irrespective of whether you are doing SSL_read or
SSL_write... That is why you have to check for pending
write during a SSL_read and vice versa
Hello,
When I try to sign CSRs for my CA to create client certificates the
openssl command-line tool returns 0, regardless of whether it succeeded
or failed. Should it not be returning a non-zero value if it failed to
sign the CSR for some reason?
This is crucial when wrappering the openssl
I came across a mistake in one of the HOWTO documentshttp://www.openssl.org/docs/HOWTO/proxy_certificates.txt - in all other cases, proxy certificate validation can be enabled before starting the application by setting the envirnoment variable OPENSSL_ALLOW_PROXY with some non-empty value.This
21 matches
Mail list logo