Looking at the implementation of CMS_get0_signers(), it looks like it
creates a new stack of X509 that I will have to free.
Isn't the convention to use a "1" if the return values needs to be freed,
and "0" if not? So shouldn't this function be named CMS_get1_signers()?
(Note that CMS_get1_crls()
I'm in the process of refactoring my code to use the new CMS API instead of
PKCS7.
In my code before I was able to determine the type of pkcs7, and even
distinguish between a signed data (.p7m), signature (.p7s) and cert chain
(.p7b), using this function:
PKCS7Type determine_pkcs7_type(PKCS7*
> From: owner-openssl-us...@openssl.org On Behalf Of Cipher
> Sent: Monday, 20 May, 2013 11:07
> I built and installed openssl 1.0.1e. When i try to connect
> using ssh with
> 2048 DSA keys, i get *bad sig size 32 32* error.
> Is this a bug?
> Here is how i created the keys.
>
openssh (through
>From: owner-openssl-us...@openssl.org On Behalf Of Michele Mase'
>Sent: Tuesday, 21 May, 2013 04:16
I was wrong!
>"Does it work with client=Firefox using client certs under both CAs?
>I would expect at least one to fail. Note that s_server -verify
>doesn't *require* client cert, it only *allows
1) I'm wondering why the FIPS_selftest_dsa() function in fips_dsa_selftest.c
uses EVP_sha384 with a 2048-bit DSA key during the fips_pkey_signature_test()?
If I'm reading the NIST standards (FIPS 186-3 and SP 800-57 Part 1) correctly,
it looks like it is more usual for 2048-bit DSA keys to be pa
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury wrote:
> Hi,
>
> I have compiled openssl-fips and openssl in Windows CE 6. But when I
> run "fips_premain_dso.exe libeay32.dll" in target environment I get
> following error:
>
> =
>
> 217450134:error:2507606A:DSO support rou
On 5/22/2013 11:54 AM, Lavanya Sundararajan wrote:
I am Lavanya working for Mistral solution, I am using openssl code in our
project, the function in pmeth_lib.c OBJ_bsearch_pmeth returns 0, May I know
the possible reasons for it, In FIPS mode our product fails on RSA signature
verificatio
In the past, I was not using Intermediate certificate and the code below
works with no problem.
/* Load the CAs we trust*/
if(!(SSL_CTX_load_verify_locations(ctx, *NULL*, CA_PATH)))
berr_exit("Couldn't read CA list/path");
SSL_CTX_set_verify_depth(ctx,*1*);
Now that I have a chain of inte
Hi,
I am Lavanya working for Mistral solution, I am using openssl code in our
project, the function in pmeth_lib.c OBJ_bsearch_pmeth returns 0, May I know
the possible reasons for it, In FIPS mode our product fails on RSA signature
verification throwing out unsupported algorithm, while tracin
On 5/18/2013 2:09 PM, Rajeswari K wrote:
Hello Users/dev Team,
Need some urgent help to program openssl for smart card/HSM.
Our smart card never shares private keys. All crypto operations such as
encryption,decryption will be performed by smart card. And any such actions
from openssl needs to
That question has been answered a few days ago. Here's an example:
openssl req -new -newkey rsa:2048 -keyout dumb.key -nodes -out dumb.req
-subj "/C=UT/O=Whatever/GN=Per/SN=Edlund"
--
Erwann ABALEA
Le 20/05/2013 16:47, Per Edlund a écrit :
Hello!
I need to create a key and a csr with SN=xxx
Please note that s_client is used for debugging connections not certs
and might connect EVEN IF the server certificate is not good.
http://www.openssl.org/docs/apps/s_client.html#item__verify
"Currently the verify operation continues after errors so all the
problems with a certificate chain can be
12 matches
Mail list logo