Re: Converting ECC public key point-compressed and uncompressed
I did dig arround more on the ecparam and ec options. Having a limited knowledge on cryptograpy and specifically ecc key algorithm, and experimenting with the CLI, I would like to clarify my understanding on coverting the form of ecc key from compressed to uncompressed and vice versa. My understanding is that to convert the form of ecc key from compressed to uncompressed and from uncompressed to compressed require the knowledge of the ECC private key. Is my understanding correct? Thanks in advance Erwin On Fri, Jul 15, 2011 at 9:06 PM, Erwin Himawan ehima...@gmail.com wrote: Hi All, I would like to know whether openssl API has function call for generating ECC point-compression given that only the uncompressed ECC public key. Likewise, given the point-compressed ECC Key, I would also like to recover the uncompressed ECC key. Thanks for the help Regards, Erwin
Re: Converting ECC public key point-compressed and uncompressed
My understanding is that to convert the form of ecc key from compressed to uncompressed and from uncompressed to compressed require the knowledge of the ECC private key. Is my understanding correct? You might want to have a look at sections 2.3.3 and 2.3.4 in http://www.secg.org/download/aid-780/sec1-v2.pdf No knowledge of the private key is needed. Regards, Martin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Converting ECC public key point-compressed and uncompressed
Marti, thanks for your response. Erwin -- From: Martin Boßlet martin.boss...@googlemail.com Sent: Sunday, July 17, 2011 7:21 AM To: openssl-users@openssl.org Subject: Re: Converting ECC public key point-compressed and uncompressed My understanding is that to convert the form of ecc key from compressed to uncompressed and from uncompressed to compressed require the knowledge of the ECC private key. Is my understanding correct? You might want to have a look at sections 2.3.3 and 2.3.4 in http://www.secg.org/download/aid-780/sec1-v2.pdf No knowledge of the private key is needed. Regards, Martin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Trying to Link Statically to Libcrypto
Okay, I am in to my office for few minutes to get the details. Here is how I am compiling and linking, and the error message I am getting. I have placed elipses (...) where the file and object names were. What do I need to do to get static linking to libcrypto.a to work? g++ ... -O3 -Wall -static -c -fmessage-length=0 g++ -o ... -lz -lssl -lcrypto -lxml2 -lm -lldap and get the error: /usr/bin/ld: warning: libcrypto.so.8, needed by /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libssl.so, not found (try using -rpath or -rpath-link) /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libldap.so: undefined reference to `RSA_generate_key' /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libldap.so: undefined reference to `DH_generate_parameters' collect2: ld returned 1 exit status -Original Message- From: brandonshw brandon...@aol.com To: openssl-users openssl-users@openssl.org Sent: Sat, Jul 16, 2011 11:40 am Subject: Re: Trying to Link Statically to Libcrypto Thanks. This is some very useful information and more than I knew. When I get back to work on Monday, or possibly before if I go in for a few minutes, I will send the full g++ command I am using as well as the error messages.. -Original Message- From: Michael S. Zick open...@morethan.org To: openssl-users openssl-users@openssl.org Sent: Sat, Jul 16, 2011 6:53 am Subject: Re: Trying to Link Statically to Libcrypto On Sat July 16 2011, brandon...@aol.com wrote: I am already linking in -lldap. Will -lopenldap work better? It is hard to say without seeing your full command input and he output of where the linker is looking for libraries and n what order. __order matters__ link to OpenSSL first, and then OpenLdap (order matters): gcc ... -lcrypto -lopenldap If doing the linking with the compiler driver, add: Wl,-t o the command options so the linker will output each library s it searches for symbols. If calling the linker directly, just add: t o the link command options The -t option is the trace option to the linker. Mike Jeff _ penSSL Project http://www.openssl.org ser Support Mailing Listopenssl-users@openssl.org utomated List Manager majord...@openssl.org
Re: Trying to Link Statically to Libcrypto
On Sun July 17 2011, brandon...@aol.com wrote: Okay, I am in to my office for few minutes to get the details. Here is how I am compiling and linking, and the error message I am getting. I have placed elipses (...) where the file and object names were. What do I need to do to get static linking to libcrypto.a to work? g++ ... -O3 -Wall -static -c -fmessage-length=0 g++ -o ... -lz -lssl -lcrypto -lxml2 -lm -lldap and get the error: /usr/bin/ld: warning: libcrypto.so.8, needed by /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libssl.so, not found (try using -rpath or -rpath-link) The linker is a single pass linker, symbols must be defined by the library(ies) before then can be referenced (resolved). I.E: Read message, then put -lcrypto __before__ -lssl __order matters__ And where did you tell the linker you wanted a static link? Mike /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libldap.so: undefined reference to `RSA_generate_key' /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libldap.so: undefined reference to `DH_generate_parameters' collect2: ld returned 1 exit status -Original Message- From: brandonshw brandon...@aol.com To: openssl-users openssl-users@openssl.org Sent: Sat, Jul 16, 2011 11:40 am Subject: Re: Trying to Link Statically to Libcrypto Thanks. This is some very useful information and more than I knew. When I get back to work on Monday, or possibly before if I go in for a few minutes, I will send the full g++ command I am using as well as the error messages.. -Original Message- From: Michael S. Zick open...@morethan.org To: openssl-users openssl-users@openssl.org Sent: Sat, Jul 16, 2011 6:53 am Subject: Re: Trying to Link Statically to Libcrypto On Sat July 16 2011, brandon...@aol.com wrote: I am already linking in -lldap. Will -lopenldap work better? It is hard to say without seeing your full command input and he output of where the linker is looking for libraries and n what order. __order matters__ link to OpenSSL first, and then OpenLdap (order matters): gcc ... -lcrypto -lopenldap If doing the linking with the compiler driver, add: Wl,-t o the command options so the linker will output each library s it searches for symbols. If calling the linker directly, just add: t o the link command options The -t option is the trace option to the linker. Mike Jeff _ penSSL Project http://www.openssl.org ser Support Mailing Listopenssl-users@openssl.org utomated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Trying to Link Statically to Libcrypto
I'll try changing the order of the libraries as you suggest. As for telling the linker that I wanted a static link, I am doing the project in Eclipse and put it in the flags area. It comes out in the compile: g++ ... -O3 -Wall -static -c -fmessage-length=0 I do want the executable to be as nearly self-contained as possible. Should I do something to get it into the link statement as well? I don't honestly know much about Linux, Eclipse, or OpenSSL, but I would like to learn. Do I need the static flag both places? Thanks to all of you for your continuing help. Brandon -Original Message- From: Michael S. Zick open...@morethan.org To: openssl-users openssl-users@openssl.org Sent: Sun, Jul 17, 2011 1:48 pm Subject: Re: Trying to Link Statically to Libcrypto On Sun July 17 2011, brandon...@aol.com wrote: Okay, I am in to my office for few minutes to get the details. Here is how I m compiling and linking, and the error message I am getting. I have placed lipses (...) where the file and object names were. What do I need to do to get tatic linking to libcrypto.a to work? g++ ... -O3 -Wall -static -c -fmessage-length=0 g++ -o ... -lz -lssl -lcrypto -lxml2 -lm -lldap and get the error: /usr/bin/ld: warning: libcrypto.so.8, needed by /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libssl.so, ot found (try using -rpath or -rpath-link) The linker is a single pass linker, symbols must be defined by he library(ies) before then can be referenced (resolved). I.E: Read message, then put -lcrypto __before__ -lssl __order matters__ And where did you tell the linker you wanted a static link? Mike /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libldap.so: undefined reference o `RSA_generate_key' /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libldap.so: undefined reference o `DH_generate_parameters' collect2: ld returned 1 exit status -Original Message- From: brandonshw brandon...@aol.com To: openssl-users openssl-users@openssl.org Sent: Sat, Jul 16, 2011 11:40 am Subject: Re: Trying to Link Statically to Libcrypto Thanks. This is some very useful information and more than I knew. When I et back to work on Monday, or possibly before if I go in for a few minutes, I ill send the full g++ command I am using as well as the error messages.. -Original Message- From: Michael S. Zick open...@morethan.org To: openssl-users openssl-users@openssl.org Sent: Sat, Jul 16, 2011 6:53 am Subject: Re: Trying to Link Statically to Libcrypto On Sat July 16 2011, brandon...@aol.com wrote: I am already linking in -lldap. Will -lopenldap work better? It is hard to say without seeing your full command input and he output of where the linker is looking for libraries and n what order. __order matters__ link to OpenSSL first, and then OpenLdap (order matters): gcc ... -lcrypto -lopenldap If doing the linking with the compiler driver, add: Wl,-t o the command options so the linker will output each library s it searches for symbols. If calling the linker directly, just add: t o the link command options The -t option is the trace option to the linker. Mike Jeff _ penSSL Project http://www.openssl.org ser Support Mailing Listopenssl-users@openssl.org utomated List Manager majord...@openssl.org _ penSSL Project http://www.openssl.org ser Support Mailing Listopenssl-users@openssl.org utomated List Manager majord...@openssl.org
Re: Trying to Link Statically to Libcrypto
On Sun July 17 2011, brandon...@aol.com wrote: I'll try changing the order of the libraries as you suggest. As for telling the linker that I wanted a static link, I am doing the project in Eclipse and put it in the flags area. It comes out in the compile: g++ ... -O3 -Wall -static -c -fmessage-length=0 I do want the executable to be as nearly self-contained as possible. Should I do something to get it into the link statement as well? I don't honestly know much about Linux, Eclipse, or OpenSSL, but I would like to learn. Do I need the static flag both places? No. Only on the linker command line - usually in LDFLAGS variable. If your project manager (Eclipse) doesn't have a place for that, then you can have your call to g++ (the driver front end to the compiler, assembler and linker) pass the option to the linker by using: -Wl,options. You have it only on the compiler command line, where it isn't needed. In a command terminal window, you might try: g++ --help as a good starting point. ;-) And depending on your meaning of: nearly self-contained as possible you might want to only be doing a partial link to those libraries that you need to control the versions used. Then let the others be run-time linked (dynamic linked) by the loader. Mike PS: When totally lost about library order, try this model: lib3 lib2 lib1 lib0 lib1 lib2 lib3 Which is sometimes actually needed with inter-dependant libraries. (Which the driver front end is doing for you with the standard libraries.) Hint: put -W,-t into the linker's command line, let it tell you what it is doing. Thanks to all of you for your continuing help. Brandon -Original Message- From: Michael S. Zick open...@morethan.org To: openssl-users openssl-users@openssl.org Sent: Sun, Jul 17, 2011 1:48 pm Subject: Re: Trying to Link Statically to Libcrypto On Sun July 17 2011, brandon...@aol.com wrote: Okay, I am in to my office for few minutes to get the details. Here is how I m compiling and linking, and the error message I am getting. I have placed lipses (...) where the file and object names were. What do I need to do to get tatic linking to libcrypto.a to work? g++ ... -O3 -Wall -static -c -fmessage-length=0 g++ -o ... -lz -lssl -lcrypto -lxml2 -lm -lldap and get the error: /usr/bin/ld: warning: libcrypto.so.8, needed by /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libssl.so, ot found (try using -rpath or -rpath-link) The linker is a single pass linker, symbols must be defined by he library(ies) before then can be referenced (resolved). I.E: Read message, then put -lcrypto __before__ -lssl __order matters__ And where did you tell the linker you wanted a static link? Mike /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libldap.so: undefined reference o `RSA_generate_key' /usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libldap.so: undefined reference o `DH_generate_parameters' collect2: ld returned 1 exit status -Original Message- From: brandonshw brandon...@aol.com To: openssl-users openssl-users@openssl.org Sent: Sat, Jul 16, 2011 11:40 am Subject: Re: Trying to Link Statically to Libcrypto Thanks. This is some very useful information and more than I knew. When I et back to work on Monday, or possibly before if I go in for a few minutes, I ill send the full g++ command I am using as well as the error messages.. -Original Message- From: Michael S. Zick open...@morethan.org To: openssl-users openssl-users@openssl.org Sent: Sat, Jul 16, 2011 6:53 am Subject: Re: Trying to Link Statically to Libcrypto On Sat July 16 2011, brandon...@aol.com wrote: I am already linking in -lldap. Will -lopenldap work better? It is hard to say without seeing your full command input and he output of where the linker is looking for libraries and n what order. __order matters__ link to OpenSSL first, and then OpenLdap (order matters): gcc ... -lcrypto -lopenldap If doing the linking with the compiler driver, add: Wl,-t o the command options so the linker will output each library s it searches for symbols. If calling the linker directly, just add: t o the link command options The -t option is the trace option to the linker. Mike Jeff _ penSSL Project http://www.openssl.org ser Support Mailing Listopenssl-users@openssl.org utomated List Manager majord...@openssl.org _ penSSL Project http://www.openssl.org ser Support Mailing Listopenssl-users@openssl.org utomated List Manager majord...@openssl.org
Query regarding OpenSSL 0.9.8
Hi, I have few queries regarding OpenSSl 0.9.8 : 1. Does it have 64-bit support? If not, which version(s) support 64-bit arch? 2. RHEL version(s) supported 3. GCC version(s) supported Thanks and regards, Nilesh -- This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. By messaging with Sender you consent to the foregoing.
ECDSA public key token to/from binary
I have to extract a binary (unsigned char *) representation of a public key from an ECDSA openssl key structure. Later, I want to use that binary to reconstruct an openssl public key structure that I can use to verify a signature. The curve is fixed - P521. I don't need any certificates, just a public key that I can embed in the verifier. Can someone point me toward sample code? Or, can someone give me some hints? -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Re: Trying to Link Statically to Libcrypto
Brandon, Am 16.07.2011 um 10:59 schrieb brandon...@aol.com: Actually, I believe it said that openldap.so was complaining that they were It would certainly help if you actually knew what it was saying, not just believed it! And wasn't it rather libldap.so, not openldap.so. Of course, libldap.so is usually provided by some openldap package. I am already linking in -lldap. Will -lopenldap work better? He certainly meant -lldap (the library is called libldap.so, so the linker flag is called -lldap). If your library really is called openldap.so (which I very much doubt), then you can not link it with the -l option, you have to add the fully qualified path name of that library to the linker command line. Any idea what library I can link in to define the above two references? Link to OpenSSL first, and then OpenLdap (order matters): gcc ... -lcrypto -lopenldap What was meant is -lldap -lcrypto. Libraries later in later flags have to satisfy references left open by earlier libraries. I am writing some C++ on Linux with g++. When I try to link statically to libcrypto, by using the libcrypto.a library, it complains that You are linking statically to a library that some other library, namely libldap, want's to link dynamically. How's that supposed to work? Static linking means you have a copy of libcrypto in your binary, with the symbols of that library removed, because they have already been resolved. Then libldap gets linked, and wants to know about the same symbols once again, so a shared copy of the library libcrypto has to be added to the address space. What a mess. So the real question is: WTH are you trying to link statically! Mit herzlichem Gruss Andreas Müller -- Prof. Dr. Andreas Müller, Beratung und Entwicklung Bubental 53, CH - 8852 Altendorf Email: andreas.muel...@othello.ch Voice: +41 55 4621483 Fax: +41 55 4621482 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Trying to Link Statically to Libcrypto
Although I've been programming on various platforms for quite awhile, I don't know much about the principles involved here - i.e. Linux or static vs dynamix linking. You are right, it is linking to libldap. What I am trying to do is remove all dependencies on libraries on the diverse target machines, so that it works right out of the box without the necessity of the user installing libraries. On several machines where people have installed my program, it complained that it couldn't find libcrypto.so.8. I fixed that on those occasions by creating a symbolic link to their actual version of libcrypto, but I just want it to stop looking for any library at all on the box where I'm putting it, and this is one step towards that. I had hoped that by forcing it to take libcrypto.a, rather than libcrypto.so, it would stop looking for libcrypto.so.8. -Original Message- From: Andreas Mueller andreas.muel...@othello.ch To: openssl-users openssl-users@openssl.org Sent: Sun, Jul 17, 2011 2:45 pm Subject: Re: Trying to Link Statically to Libcrypto Brandon, Am 16.07.2011 um 10:59 schrieb brandon...@aol.com: Actually, I believe it said that openldap.so was complaining that they were t would certainly help if you actually knew what it was saying, ot just believed it! And wasn't it rather libldap.so, not penldap.so. Of course, libldap.so is usually provided by some penldap package. I am already linking in -lldap. Will -lopenldap work better? e certainly meant -lldap (the library is called libldap.so, so he linker flag is called -lldap). If your library really is alled openldap.so (which I very much doubt), then you can not ink it with the -l option, you have to add the fully qualified ath name of that library to the linker command line. Any idea what library I can link in to define the above two references? Link to OpenSSL first, and then OpenLdap (order matters): gcc ... -lcrypto -lopenldap hat was meant is -lldap -lcrypto. Libraries later in later lags have to satisfy references left open by earlier libraries. I am writing some C++ on Linux with g++. When I try to link statically to libcrypto, by using the libcrypto.a library, it complains that ou are linking statically to a library that some other library, amely libldap, want's to link dynamically. How's that supposed o work? Static linking means you have a copy of libcrypto in our binary, with the symbols of that library removed, because hey have already been resolved. Then libldap gets linked, and ants to know about the same symbols once again, so a shared copy f the library libcrypto has to be added to the address space. hat a mess. So the real question is: WTH are you trying to link tatically! Mit herzlichem Gruss Andreas Müller -- rof. Dr. Andreas Müller, Beratung und Entwicklung ubental 53, CH - 8852 Altendorf mail: andreas.muel...@othello.ch oice: +41 55 4621483 Fax: +41 55 4621482 __ penSSL Project http://www.openssl.org ser Support Mailing Listopenssl-users@openssl.org utomated List Manager majord...@openssl.org
Re: Trying to Link Statically to Libcrypto
On Sun July 17 2011, brandon...@aol.com wrote: Although I've been programming on various platforms for quite awhile, I don't know much about the principles involved here - i.e. Linux or static vs dynamix linking. You are right, it is linking to libldap. What I am trying to do is remove all dependencies on libraries on the diverse target machines, so that it works right out of the box without the necessity of the user installing libraries. On several machines where people have installed my program, it complained that it couldn't find libcrypto.so.8. I fixed that on those occasions by creating a symbolic link to their actual version of libcrypto, but I just want it to stop looking for any library at all on the box where I'm putting it, and this is one step towards that. I had hoped that by forcing it to take libcrypto.a, rather than libcrypto.so, it would stop looking for libcrypto.so.8. When you pass -static to the linker as part of the link command, it will search for libcrypto.a rather than the default (dynamic) libcrypto.so (which should be a sym-link to the current version named libcrypto.so.VERSION-NUMBER). Also remember that the application: /usr/bin/g++ which you are calling is just the front end of that toolchain. It calls the sub-components (pre-processor, compiler, assembler, linker, etc) as required based on the options and files it is passed. Note also when you did: g++ --help in a terminal window that the order is: g++ options files not: g++ files options Also try: info g++ in a terminal window. Mike -Original Message- From: Andreas Mueller andreas.muel...@othello.ch To: openssl-users openssl-users@openssl.org Sent: Sun, Jul 17, 2011 2:45 pm Subject: Re: Trying to Link Statically to Libcrypto Brandon, Am 16.07.2011 um 10:59 schrieb brandon...@aol.com: Actually, I believe it said that openldap.so was complaining that they were t would certainly help if you actually knew what it was saying, ot just believed it! And wasn't it rather libldap.so, not penldap.so. Of course, libldap.so is usually provided by some penldap package. I am already linking in -lldap. Will -lopenldap work better? e certainly meant -lldap (the library is called libldap.so, so he linker flag is called -lldap). If your library really is alled openldap.so (which I very much doubt), then you can not ink it with the -l option, you have to add the fully qualified ath name of that library to the linker command line. Any idea what library I can link in to define the above two references? Link to OpenSSL first, and then OpenLdap (order matters): gcc ... -lcrypto -lopenldap hat was meant is -lldap -lcrypto. Libraries later in later lags have to satisfy references left open by earlier libraries. I am writing some C++ on Linux with g++. When I try to link statically to libcrypto, by using the libcrypto.a library, it complains that ou are linking statically to a library that some other library, amely libldap, want's to link dynamically. How's that supposed o work? Static linking means you have a copy of libcrypto in our binary, with the symbols of that library removed, because hey have already been resolved. Then libldap gets linked, and ants to know about the same symbols once again, so a shared copy f the library libcrypto has to be added to the address space. hat a mess. So the real question is: WTH are you trying to link tatically! Mit herzlichem Gruss Andreas Müller -- rof. Dr. Andreas Müller, Beratung und Entwicklung ubental 53, CH - 8852 Altendorf mail: andreas.muel...@othello.ch oice: +41 55 4621483 Fax: +41 55 4621482 __ penSSL Project http://www.openssl.org ser Support Mailing Listopenssl-users@openssl.org utomated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Trying to Link Statically to Libcrypto
Some incredibly helpful advice, which I appreciate very much. I'll apply it all tomorrow morning. It makes a lot of sense to find out that I've been putting the -static flag in the wrong place, because I had to develop scripts to temporarily hide shared libraries from the linker, whenever I made a version of my executable to be used or tested elsewhere, to force the linker to chose the static versions. I wondered why the -static flag wasn't working. In my present job, I only have time to research new things briefly, and not at length as I would prefer. Brandon -Original Message- From: Michael S. Zick open...@morethan.org To: openssl-users openssl-users@openssl.org Sent: Sun, Jul 17, 2011 4:48 pm Subject: Re: Trying to Link Statically to Libcrypto On Sun July 17 2011, brandon...@aol.com wrote: Although I've been programming on various platforms for quite awhile, I don't now much about the principles involved here - i.e. Linux or static vs dynamix inking. You are right, it is linking to libldap. What I am trying to do is remove all dependencies on libraries on the diverse arget machines, so that it works right out of the box without the necessity of he user installing libraries. On several machines where people have installed y program, it complained that it couldn't find libcrypto.so.8. I fixed that on hose occasions by creating a symbolic link to their actual version of ibcrypto, but I just want it to stop looking for any library at all on the box here I'm putting it, and this is one step towards that. I had hoped that by orcing it to take libcrypto.a, rather than libcrypto.so, it would stop looking or libcrypto.so.8. When you pass -static to the linker as part of the link command, t will search for libcrypto.a rather than the default (dynamic) ibcrypto.so (which should be a sym-link to the current version amed libcrypto.so.VERSION-NUMBER). Also remember that the application: /usr/bin/g++ which you are alling is just the front end of that toolchain. t calls the sub-components (pre-processor, compiler, assembler, inker, etc) as required based on the options and files it is passed. Note also when you did: ++ --help n a terminal window that the order is: ++ options files ot: ++ files options Also try: nfo g++ n a terminal window. Mike -Original Message- From: Andreas Mueller andreas.muel...@othello.ch To: openssl-users openssl-users@openssl.org Sent: Sun, Jul 17, 2011 2:45 pm Subject: Re: Trying to Link Statically to Libcrypto Brandon, Am 16.07.2011 um 10:59 schrieb brandon...@aol.com: Actually, I believe it said that openldap.so was complaining that they were t would certainly help if you actually knew what it was saying, ot just believed it! And wasn't it rather libldap.so, not penldap.so. Of course, libldap.so is usually provided by some penldap package. I am already linking in -lldap. Will -lopenldap work better? e certainly meant -lldap (the library is called libldap.so, so he linker flag is called -lldap). If your library really is alled openldap.so (which I very much doubt), then you can not ink it with the -l option, you have to add the fully qualified ath name of that library to the linker command line. Any idea what library I can link in to define the above two references? Link to OpenSSL first, and then OpenLdap (order matters): gcc ... -lcrypto -lopenldap hat was meant is -lldap -lcrypto. Libraries later in later lags have to satisfy references left open by earlier libraries. I am writing some C++ on Linux with g++. When I try to link statically to libcrypto, by using the libcrypto.a library, it complains that ou are linking statically to a library that some other library, amely libldap, want's to link dynamically. How's that supposed o work? Static linking means you have a copy of libcrypto in our binary, with the symbols of that library removed, because hey have already been resolved. Then libldap gets linked, and ants to know about the same symbols once again, so a shared copy f the library libcrypto has to be added to the address space. hat a mess. So the real question is: WTH are you trying to link tatically! Mit herzlichem Gruss Andreas Müller -- rof. Dr. Andreas Müller, Beratung und Entwicklung ubental 53, CH - 8852 Altendorf mail: andreas.muel...@othello.ch oice: +41 55 4621483 Fax: +41 55 4621482 __ penSSL Project http://www.openssl.org ser Support Mailing Listopenssl-users@openssl.org utomated List Manager majord...@openssl.org _ penSSL Project http://www.openssl.org ser Support
Re: Query Regarding usage of SSL_Connect()
On 7/14/2011 6:17 AM, Amit Kumar wrote: Hi team, I am using SSL_Connect() in one of my projects and this SSL_connect is returning a value of -1. With SSL_get_error() i can see it is *SSL_ERROR_WANT_READ ?* * * * Now i am not understanding why this can come and if this is there then should i call SSL_Connect again. * I am really new to OpenSSL API's and learning it. Please consider me as a beginner while replying. Any help will be greatly appreciated. It means SSL_Connect has made as much forward progress as it can right now and will be able to make further forward progress when it reads some data from the server. Since you asked it not to block, it is not blocking. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Adding Multiple Root certificates in Openssl
Hi Ciprian, Thanks for the immediate reply . I have some questions on both the approaches suggested. You can create a file where you may concatenate all your trusted certificates in PEM format and use that file for verification. [Mayur]--- Is there any openSSL api which helps parsing this file[say myStorageFile] which has all my root certificates in it. ? Also my intention as mentioned in the scenario in previous mail is that I ll be passing a chain A --B and would like to find C [self signed ,root certificate] from myStorageFile .* * Another way is to store your trusted certificates in PEM format in filesystem and create a folder from where you create symbolic links to every certificate. The symbolic link name should be named as HASH.0. HASH can be obtained from the certificate using -hash option like: openssl x509 -in root.cer -hash [Mayur]After storing links to my PEM format Certificate files how do I parse the folder having links to get root C for my chain A --B ? Regards, Mayur On Fri, Jul 15, 2011 at 10:05 PM, Ciprian Pavel ciprian.pa...@gmail.comwrote: Hi Mayur, You can create a file where you may concatenate all your trusted certificates in PEM format and use that file for verification. Another way is to store your trusted certificates in PEM format in filesystem and create a folder from where you create symbolic links to every certificate. The symbolic link name should be named as HASH.0. HASH can be obtained from the certificate using -hash option like: openssl x509 -in root.cer -hash If you need CRL checking the same procedure can be applied with the exception that the symbolic link name has to be HASH.r0. Regards, Ciprian On Fri, Jul 15, 2011 at 3:01 PM, Mayur Premi premi.ma...@gmail.comwrote: Hi , I am using openssl for signature verification of the files in my application. For supporting multiple root certificates , Is there a db or storage area[file] which openssl searches while finding the root of the passed input certificates ? I am using X509_Verify_cert api of openssl to verify certificates. The scenario is as below : Say I have 2 certificates A and B in my application , A's Issuer is B and B 's issuer is C. Here C is the [self signed] root certificate. Can I store C somewhere in openssl and find it to complete the chain A--B--C Regards, Mayur
