Dave, thanks.
calling code was supposed to replace d with a real value
You are right, of course. Stupid programmer tricks. Turns out d is not the
same thing as %d.
Got that one solved. My client and my server code now make it through a
certificate negotiation. Have not coded any farther as
Dave -
Thanks much!
If the filename can't be opened SSL_CTX_load_verify_locations returns
false. Your code does check for that, I hope.
Good to know. Thanks. (Sometime APIs just stash a name somewhere for use
later.) Yes, I check every return code and put out a good error message if
the call
OpenSSL s_server works without error if my client sends to localhost but not
if it sends to the hostname of the machine. (Other than a name error because
I have not re-done the server certificate.) I am calling that a totally
satisfactory outcome as it works for me for testing.
I consider this
Is there a correlation between the strength (size) of the asymmetric keys used
to do the authentication and the strength (size) of the ephemeral DH keys
generated/used to protect the session key (during the key exchange)?
On first glance, in s3_srvr.c, it seems like the tmp_dh_callback()
On Tue, Aug 14, 2012 at 12:23 PM, no_spam...@yahoo.com wrote:
Is there a correlation between the strength (size) of the asymmetric keys
used to do the authentication and the strength (size) of the ephemeral DH
keys generated/used to protect the session key (during the key exchange)?
Yes,
Bonjour,
Answers inline.
--
Erwann ABALEA
Le 14/08/2012 19:03, adrien pisarz a écrit :
Hi,
I have several questions about the ocsp functionnality. I read many
articles before asking those questions and unfortunetaly I still don't
have the answers. Maybe you can help me.
Fist of all, here
Hi, Thanks for your reply and all the information provided. regarding the 3.
question, you are right, I want to have an OCSP responder based on CRL. For
information, the index file is written by parsing a CRL file but I don't want
to write into this file all the valid certificates as an
Thank you for the information and links.
[stuff deleted]
I'm probably missing something in the OpenSSL implementation. The
documentation for SSL_CTX_set_tmp_dh_callback() says that the
tmp_dh_callback is called with the keylength needed... But surely
this can't be only 512 or
On Tue, Aug 14, 2012 at 3:00 PM, no_spam...@yahoo.com wrote:
Thank you for the information and links.
[stuff deleted]
I'm probably missing something in the OpenSSL implementation. The
documentation for SSL_CTX_set_tmp_dh_callback() says that the
tmp_dh_callback is called with the
Thanks Dave for your time and patience.
I am porting an existing Windows-based TCP/IP server (receive-only, not a
Web server) to OpenSSL.
The way it works with TCP/IP is it sets up a socket, binds it to the desired
port, sets up a timeval, and issues a select. When the select is satisfied
if
On Tue, Aug 14, 2012, no_spam...@yahoo.com wrote:
Is there a correlation between the strength (size) of the asymmetric keys
used to do the authentication and the strength (size) of the ephemeral DH
keys generated/used to protect the session key (during the key exchange)?
On first glance, in
On Tue, Aug 14, 2012, adrien pisarz wrote:
For information, the index file is written by parsing a CRL file but I
don't want to write into this file all the valid certificates as an
enrolment be done and my index file may not be synchronized. I have an
other question, why the engine
Eventually I solved this problem. Here is the set of commands I need to use to
generate the shared fips-capable openssl libraries:
su
cd fips // wherever that may be
./config
make
make install
// this installs fipscanister.o and adjacent files into /usr/local/ssl/fips-2.0/
cd openssl // still
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Tuesday, 14 August, 2012 08:09
snip
if your self-signed cert has a KeyUsage extension that does
not include certSign,
OpenSSL skips it for chain-building, resulting in verify 20.
Looks like the latter to me. Please
Before you call generate_key, you need to initialize your EC_KEY with a curve:
EC_GROUP *group = EC_GROUP_new_by_curve_name(curve);
EC_KEY_set_group(testKey, group);
For 'curve' you could use, for example, NIST P256 which is defined with the
macro: NID_X9_62_prime256v1
You can then use these
Last time I learnt how to generate ECC key, I use apps/ecparam.c as a
reference.
To get a feel on what the code is doing, I played with the openssl ecparam
utility.
Using the utility, I also created CSR (PKCS10), created self-signed
certificate, etc.
I hope this is helpful.
Erwin
On Tue, Aug
Wow can't believe I already got an answer! Thanks so much guys I should be good
to go.
On Aug 14, 2012, at 6:59 PM, Jason Goldberg jgoldb...@oneid.com wrote:
Before you call generate_key, you need to initialize your EC_KEY with a curve:
EC_GROUP *group = EC_GROUP_new_by_curve_name(curve);
17 matches
Mail list logo