Hi Bizhan,
> The command BN_num_bytes(rsa_public_key->e) returns the size
> of the exponent part of the public key, and it is 3 bytes. "10001".
> Could this be a valid value?
Yes. Typical values are 3, 17, and 65535.
> We have a system that requires public key exponent to be 4 bytes,
> could I pa
Hi All,
In our environment a secure server creates Private/Public RSA keys.
We Can never access the Private key but we are able to access the Public
Key.
The command BN_num_bytes(rsa_public_key->e) returns the size of the
exponent part of the public key, and it is 3 bytes. "10001".
Could this be
We have in apps/
in x509.c
print_name(STDout, "issuer= ",
X509_get_issuer_name(x), nmflag);
in crl.c
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
nmflag);
In order to make a fair change that will potentially hurt everyone, I
propos
On Fri, Oct 30, 2009, Dr. Stephen Henson wrote:
> On Fri, Oct 30, 2009, Daniel Marschall wrote:
>
> > 2009/10/30 Dr. Stephen Henson :
> > > On Fri, Oct 30, 2009, Daniel Marschall wrote:
> > >
> > >>
> > >> >
> > >> > 2) When you enable informational messages, you get accurate
> > >> > informatio
On Fri, Oct 30, 2009, Daniel Marschall wrote:
> 2009/10/30 Dr. Stephen Henson :
> > On Fri, Oct 30, 2009, Daniel Marschall wrote:
> >
> >>
> >> >
> >> > 2) When you enable informational messages, you get accurate informational
> >> > messages.
> >>
> >> Please tell me, why it isn't a bug! I don't
Hello,
Im tring to run a client/server application. Server is on Linux, and client in
on z/OS. Application will run for a couple of seconds, and then will receive
the following errors on the server side.
[r...@esa26_37 sles11]# HERESSL_accept() handshake error, dirty.
SSL_ERRO
2009/10/30 Dr. Stephen Henson :
> On Fri, Oct 30, 2009, Daniel Marschall wrote:
>
>>
>> >
>> > 2) When you enable informational messages, you get accurate informational
>> > messages.
>>
>> Please tell me, why it isn't a bug! I don't understand it. In my case
>> and also in the uncleared case of He
> > Ahh, that explains it. Thanks for looking into it.
> >
> > The documentation on iCRLs was a little cryptic to me. It said that no
> > lookup methods were used (?). Now you say the store is also not used.
> How
> > do I get the iCRL into the verification process? Also, does the current
> > 1
On Fri, Oct 30, 2009, Adam Rosenstein wrote:
> Ahh, that explains it. Thanks for looking into it.
>
> The documentation on iCRLs was a little cryptic to me. It said that no
> lookup methods were used (?). Now you say the store is also not used. How
> do I get the iCRL into the verification pr
On Fri, Oct 30, 2009, Daniel Marschall wrote:
>
> >
> > 2) When you enable informational messages, you get accurate informational
> > messages.
>
> Please tell me, why it isn't a bug! I don't understand it. In my case
> and also in the uncleared case of Helga Krause, the CRL was issued by
> Pers
We have successful deployed a FIPS build of OpenSSL 0.9.7m w/zlib compression
on Windows clients and linux servers in stunnel. Now we want to upgrade to a
FIPS build of 0.9.8k. We are running into a couple of issues. Here are my two
questions:
1. Should a 0.9.7m build work with a 0.9.
Ahh, that explains it. Thanks for looking into it.
My code only uses a store for verification. It is Perl glue developed
in-house. Perhaps we would be willing to donate it to contrib. It is a more
complete set of bindings to libcrypto than other modules on CPAN.
The documentation on iCRLs w
On Fri, Oct 30, 2009 at 02:50:55PM +0530, achint dudhwala wrote:
> 3. How can we configure the application for not using the export
> cipher suites.
If the application supports a configurable cipher list, use:
DEFAULT:!EXPORT:!LOW:!SSLv2
unless you need to support pre-historic SSL peers
2009/10/29 David Schwartz :
>
> Daniel Marschall:
>
>> Hello.
>>
>> I am not searching bugs in my code. I have a certificate and a CRL.
>> And the functionality -issuer_checks is buggy. My cert and CRL have
>> exactky the same DN as issuer.
>
> What is the bug then? All you've reported so far is:
*Good Morning, Achint!*
I think that you have to options, or you change your application, or your
openssl.
To you change your openssl, see this :
http://groups.google.com.br/group/mailing.openssl.dev/browse_thread/thread/65b27a723255435e/eb5dcb25ab57d737?lnk=gst&q=MARIHOFFART#eb5dcb25ab57d737
*
Hi all
I'm working with ID-based signature (SHAMIR 84) and I create a struct
as below:
struct sign
{
BIGNUM *s;
BIGNUM *d;
}
How do I export this key into
a file in a PEM format??
Thanks in advance
__
OpenSSL Project
Parimal Das wrote:
> The IMAP(2009) c-client library/API does its own socket I/O for
> non-SSL sessions, but in SSL the socket I/O is delegated to OpenSSL.
> When c-client does its own socket I/O, it sets a timeout (normally
> 15 seconds) on a select() call prior to doing any read() or write()
> c
Mark wrote:
> I may be making a wrong assumption but if the cypher used is a block
> cypher does it not wait until a full block of data is ready before it
> can encrypt and send the data? If a message does not consist of enough
> data to fill a block, could there be unencrypted data left in a bu
Sorry, I forgot to mention that c-client library/API is part of IMAP-2009
library (http://www.panda.com/imap/)
I am using IMAP library, which in turn using OpenSSL.
I am re-posting my last post here.
The IMAP(2009) c-client library/API does its own socket I/O for non-SSL
sessions, but in SSL the
If an application uses OpenSSL and doesn't set the Cipher suites explicitly,
1. Does it use the Openssl default cipher suite listed by "openssl ciphers -v"
2. As the default cipher suite contains export Cipher suites also, is there a
chance of application using one among the export cipher suite
Tinyca is the best others are also available like LuaCrypto you can go for it
but I like Tinyca.
-
https://www.thesslstore.com/ SSL Certificates
https://www.thesslstore.com/thawte.aspx Thawte SSL
https://www.thesslstore.com/extended-validation-ssl-certificates.aspx EV SSL
--
View this m
Jakob Grießmann wrote:
>
> Hello,
>
> does anyone have a howto on how to generate a self-signed extended
> validation certificate, or on how to set-up my own CA for local use
> that gives out EVN certificates?
>
> I know how to do this for normal certificates, but was unable to find
> more det
22 matches
Mail list logo