The OpenSSL library includes two very similar functions:
int X509_digest(
X509 *cert,
const EVP_MD *digest,
unsigned char *md,
int *len);
int X509_pubkey_digest(
const X509 *cert,
const
>From: owner-openssl-us...@openssl.org On Behalf Of ask
>Sent: Tuesday, 22 January, 2013 21:39
>Is there a way to tell what size of session key was chosen by
>two peers after a successful handshake, and what encryption method chosen?
http://www.openssl.org/docs/ssl/SSL_get_current_cipher.html
ht
Is there a way to tell what size of session key was chosen by two peers after a
successful handshake, and what encryption method chosen?
Thanks in advance,
A
Thanks for taking the time to look into my problem, I just now figured it
out. The short answer is I was mistaken about the root cert being in the
store. There was another root cert in the store from verisign with the
exact same name, but it had a different serial number. I didn't realize my
mi
We have a multi-threaded network application that has been using sockets
for 10 years and now we're trying to secure the application with OpenSSL
0.9.8L. Over the years, the application's network protocols have been
designed to take advantage of the duplex nature of a single socket
connection;
RFC 2630 page 8:
Attribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
attrValues SET OF AttributeValue }
--
Kind Regards / S pozdravom
Jaroslav Imrich
http://www.jimrich.sk
On Tue, Jan 22, 2013 at 10:25 AM, kapetr wrote:
> Hello,
>
> I can not see it in RFC 2634 :-(
>
Reading (writing) over an SSL connection may result in the transport writing
(reading).
Concurrent use of the same SSL structure will cause things to break.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
We have a multi-threaded network application that has been using sockets
for 10 years and now we're trying to secure the application with OpenSSL
0.9.8L. Over the years, the application's network protocols have been
designed to take advantage of the duplex nature of a single socket
connection;
>From: owner-openssl-us...@openssl.org On Behalf Of David Hinkle
>Sent: Monday, 21 January, 2013 19:48
>So I've got my ssl client working pretty well. It does great with
>most websites, but some of them it doesn't verify the certificate chain
>for, returning the above error. The CA root cert
> From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
> Sent: Monday, 21 January, 2013 20:08
> With "openssl s_client -connect yourhost:port -CAfile
> xx.cert" I am getting error 21.
>
If you are looking at the last but one or two lines displayed,
that is usually the verify error lef
On 01/21/2013 08:28 AM, Roger No-Spam wrote:
> Hi,
>
> VxWorks is listed in the "User Guide for the OpenSSL FIPS Object Module"
> as a valid platform.
>
> The "User Guide for the OpenSSL FIPS Object Module" is also very clear
> on that the build instructions must be followed precisely in order fo
... just little P.S.:
the -pkeyopt digest:sha256 is probably (?) necessary while the
signatureAlgorithm in SIgnerInfo is "sha256WithRSAEncryption"
I have another TS reply (from Comodo) and there is only "rsaEncryption"
I thing there the verification will work vice versa only without the -pkeyop
Hello,
- PŮVODNÍ ZPRÁVA -
Od: "Dave Thompson"
Komu: openssl-users@openssl.org
Předmět: RE: how to (more manually) verify signature in SignedData ?
Datum: 22.1.2013 - 0:33:35
> >
> The RSA-signed value is not just the hash, but a small
> structure encoding it, and pkeyutl needs to be to
Hello,
I can not see it in RFC 2634 :-(
There is only on page 47 (as discussed before)
id-aa-signingCertificate OBJECT IDENTIFIER
and the attribute is defined as
SigningCertificate ::= SEQUENCE {
certsSEQUENCE OF ESSCertID,
policies SEQUENCE OF PolicyInformation
After compiling and installing openssl-1.0.0i on Solaris 10 getting 32 bit
(instead of 64 bit) class for libgcc_s.so.1 (see below).
If I export below, no issues. But it is just a workaround.
#export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/sfw/lib/64
Sounds to me I need to specify this somehow i
It is defined in RFC 2634.
--
Kind Regards / S pozdravom
Jaroslav Imrich
http://www.jimrich.sk
On Wed, Jan 16, 2013 at 2:22 PM, kapetr wrote:
> m sorry - I was blind ?! :-/
>
> The both ESSCertIDs are in same Signing Certificate entity.
>
> But -I'm still interesting to find RFC with def of
On 20 January 2013 00:09, Jeffrey Walton wrote:
> Hi All,
>
> How does one specify and architecture for Configure?
I don't think there is an approved way to do it in general. Probably
you have to edit Configure to specify a new target.
However, your problem appears to be that you can';t put CFLA
17 matches
Mail list logo