X509_digest() and X509_pubkey_digest().

The OpenSSL library includes two very similar functions: int X509_digest( X509 *cert, const EVP_MD *digest, unsigned char *md, int *len); int X509_pubkey_digest( const X509 *cert, const

RE: session key

>From: owner-openssl-us...@openssl.org On Behalf Of ask >Sent: Tuesday, 22 January, 2013 21:39 >Is there a way to tell what size of session key was chosen by >two peers after a successful handshake, and what encryption method chosen? http://www.openssl.org/docs/ssl/SSL_get_current_cipher.html ht

session key

Is there a way to tell what size of session key was chosen by two peers after a successful handshake, and what encryption method chosen? Thanks in advance, A

Re: Verify Failing for some CA's with 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, Cert in question is in the store.

Thanks for taking the time to look into my problem, I just now figured it out. The short answer is I was mistaken about the root cert being in the store. There was another root cert in the store from verisign with the exact same name, but it had a different serial number. I didn't realize my mi

Clarifying OpenSSL 0.9.8L Concurrency Support - Can SSL Instances Be Used By Multiple Threads If Done Non-Concurrently?

We have a multi-threaded network application that has been using sockets for 10 years and now we're trying to secure the application with OpenSSL 0.9.8L. Over the years, the application's network protocols have been designed to take advantage of the duplex nature of a single socket connection;

Re: id-smime-aa-signingCertificate - attribute definition

RFC 2630 page 8: Attribute ::= SEQUENCE { attrType OBJECT IDENTIFIER, attrValues SET OF AttributeValue } -- Kind Regards / S pozdravom Jaroslav Imrich http://www.jimrich.sk On Tue, Jan 22, 2013 at 10:25 AM, kapetr wrote: > Hello, > > I can not see it in RFC 2634 :-( >

RE: Clarifying OpenSSL 0.9.8L Concurrency Support - Can SSL Instances Be Used By Multiple Threads If Done Non-Concurrently?

Reading (writing) over an SSL connection may result in the transport writing (reading). Concurrent use of the same SSL structure will cause things to break. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA

Clarifying OpenSSL 0.9.8L Concurrency Support - Can SSL Instances Be Used By Multiple Threads If Done Non-Concurrently?

We have a multi-threaded network application that has been using sockets for 10 years and now we're trying to secure the application with OpenSSL 0.9.8L. Over the years, the application's network protocols have been designed to take advantage of the duplex nature of a single socket connection;

RE: Verify Failing for some CA's with 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, Cert in question is in the store.

>From: owner-openssl-us...@openssl.org On Behalf Of David Hinkle >Sent: Monday, 21 January, 2013 19:48 >So I've got my ssl client working pretty well. It does great with >most websites, but some of them it doesn't verify the certificate chain >for, returning the above error. The CA root cert

RE: Openssl server certificates validation error

> From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah > Sent: Monday, 21 January, 2013 20:08 > With "openssl s_client -connect yourhost:port -CAfile > xx.cert" I am getting error 21. > If you are looking at the last but one or two lines displayed, that is usually the verify error lef

Re: openssl-fips-2.0.2 and VxWorks

On 01/21/2013 08:28 AM, Roger No-Spam wrote: > Hi, > > VxWorks is listed in the "User Guide for the OpenSSL FIPS Object Module" > as a valid platform. > > The "User Guide for the OpenSSL FIPS Object Module" is also very clear > on that the build instructions must be followed precisely in order fo

RE: how to (more manually) verify signature in SignedData ?

... just little P.S.: the -pkeyopt digest:sha256 is probably (?) necessary while the signatureAlgorithm in SIgnerInfo is "sha256WithRSAEncryption" I have another TS reply (from Comodo) and there is only "rsaEncryption" I thing there the verification will work vice versa only without the -pkeyop

RE: how to (more manually) verify signature in SignedData ?

Hello, - PŮVODNÍ ZPRÁVA - Od: "Dave Thompson" Komu: openssl-users@openssl.org Předmět: RE: how to (more manually) verify signature in SignedData ? Datum: 22.1.2013 - 0:33:35 > > > The RSA-signed value is not just the hash, but a small > structure encoding it, and pkeyutl needs to be to

Re: id-smime-aa-signingCertificate - attribute definition

Hello, I can not see it in RFC 2634 :-( There is only on page 47 (as discussed before) id-aa-signingCertificate OBJECT IDENTIFIER and the attribute is defined as SigningCertificate ::= SEQUENCE { certsSEQUENCE OF ESSCertID, policies SEQUENCE OF PolicyInformation

Issue compiling openssl-1.0.0i - libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1 - wrong ELF class: ELFCLASS32

After compiling and installing openssl-1.0.0i on Solaris 10 getting 32 bit (instead of 64 bit) class for libgcc_s.so.1 (see below). If I export below, no issues. But it is just a workaround. #export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/sfw/lib/64 Sounds to me I need to specify this somehow i

Re: id-smime-aa-signingCertificate - attribute definition

It is defined in RFC 2634. -- Kind Regards / S pozdravom Jaroslav Imrich http://www.jimrich.sk On Wed, Jan 16, 2013 at 2:22 PM, kapetr wrote: > m sorry - I was blind ?! :-/ > > The both ESSCertIDs are in same Signing Certificate entity. > > But -I'm still interesting to find RFC with def of

Re: How to specify an architecture for Configure?

On 20 January 2013 00:09, Jeffrey Walton wrote: > Hi All, > > How does one specify and architecture for Configure? I don't think there is an approved way to do it in general. Probably you have to edit Configure to specify a new target. However, your problem appears to be that you can';t put CFLA