> From: owner-openssl-us...@openssl.org On Behalf Of (me)
> Sent: Wednesday, 31 October, 2012 18:22
> An "incoming" connection is usually, at least by connection,
> an SSL server.
>
_by convention_
> In general: if an SSL connection/session uses an akRSA suite,
> knowledge of the packets on th
> From: owner-openssl-us...@openssl.org On Behalf Of redpath
> Sent: Thursday, 01 November, 2012 13:07
> I have written AES encryption which uses salt
>
*password-based* with salt, as you correctly say for Java below.
> int nrounds=5;
> unsigned char salt[]= {1,2,3,4, 5,6,7,8};
> unsigned
> From: owner-openssl-us...@openssl.org On Behalf Of Abhiram Shandilya
> Sent: Thursday, 01 November, 2012 21:31
-dev added
> I configured my openssl RSA CA to add the key usage extension
> for key agreement to the ECC certificate but even then it
> does not work. Pre-TLS 1.2 cipher suites such
> From: owner-openssl-us...@openssl.org On Behalf Of Mauricio Tavares
> Sent: Friday, 02 November, 2012 16:53
> On Fri, Nov 2, 2012 at 4:23 PM, Ken Goldman
> wrote:
> > I create a self signed certificate using
> >
> >> openssl req -new -x509 -key ... -out ... -days ...
> >
> > It then prompts fo
>From: owner-openssl-us...@openssl.org On Behalf Of Taraniteja Vishwanatha
>Sent: Friday, 02 November, 2012 18:29
Answering only -users, this is not a -dev question.
>I want to generate a RSA key pair in x509 format and pem encoded
>( BEGIN PUBLIC KEY .END PUBLIC KEY).
>Can anyone give m
>From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Manoj
>Sent: Saturday, 03 November, 2012 06:48
>Is any configure option available to enable SHA256 by default
>in OpenSSL 0.9.8l.
The *algorithm* is included by default in 0.9.8 as far back as I have,
and it should work as a plain d
> From: owner-openssl-us...@openssl.org On Behalf Of Frediano Ziglio
> Sent: Saturday, 03 November, 2012 10:26
> I'm searching for a way to pass a TLS session between two programs
> under Unix. I can use unix sockets to send the file descriptor but I
> don't know how to request to OpenSSL crypto
>From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Manoj
>Sent: Tuesday, 06 November, 2012 22:56
>I wanted to parse the x509 certificate using openssl-0.9.8l
>which is signed by sha256WithRSAEncryption algorithm.
>I am not explicitly calling EVP_DigestInit_ex() to initailse EVP_sha2
> From: owner-openssl-us...@openssl.org On Behalf Of thorso...@lavabit.com
> Sent: Tuesday, 06 November, 2012 23:15
> To: openssl-users@openssl.org
> Subject: CA.pl, TLS encryption, Postfix
>
> Hello,
>
> I need help with CA.pl and this [1] guide in general.
>
> (I've already tried to ask here [
> From: owner-openssl-us...@openssl.org On Behalf Of Graham Leggett
> Sent: Friday, 16 November, 2012 10:08
> To: openssl-users@openssl.org
> Subject: Re: Usage of d2i_RSA_PUBKEY function!!
>
> On 16 Nov 2012, at 4:37 PM, PraveenPVS
> wrote:
>
> > I need to load RSA Public key which is stored i
> From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao (Aaron,
HPSW-R&D-SH)
> Sent: Tuesday, 20 November, 2012 10:42
> In our product, we are still using OpenSSL 0.9.7d (on Windows
> platform) for certificate validation. Recently we suffered an
> issue about certificates based SHA256,
>From: owner-openssl-us...@openssl.org On Behalf Of Peter Parker
>Sent: Tuesday, 20 November, 2012 20:59
>Subject: This is one for the Pros
Not really. This is pretty basic.
>I've been trying to generate a public/private key pair after
>generating the certificates, but OpenSSL
than 0.9.7h so it SHOULD NOT be in 0.9.7d.
It IS in the code for 0.9.7m, therefore it was added sometime
after 0.9.7h and before or at 0.9.7m. That's what ">7h <=7m" means.
> Best Regards,
> Aaron
>
> -Original Message-
> From: owner-openssl-us...@open
> From: owner-openssl-us...@openssl.org On Behalf Of dwipin
> Sent: Thursday, 22 November, 2012 23:20
> I am trying to develop a java utility based on Bouncy Castle
> that should be
> able to sign and encrypt data which can later be decrypted
> and verified on
> the server side (openssl).
>
> D
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Thursday, 22 November, 2012 04:07
> (Since you top-posted, I will do so too in this thread)
>
But I won't, because I answer multiple points from both of you.
> The certificate does not include the private key, only the pub
>From: owner-openssl-us...@openssl.org On Behalf Of Hermes Flying
>Sent: Tuesday, 27 November, 2012 07:13
>To: openssl-...@openssl.org; openssl-users@openssl.org
Answering only -users, this is not a -dev question.
>How can I test if my server is vulnerable for SSL renegotiation?
>I tried the fo
> From: owner-openssl-us...@openssl.org On Behalf Of Edward Shishkin
> Sent: Monday, 26 November, 2012 13:56
> I'd like to use new openssl features (GCM, CMAC, etc), but have
> troubles: with standard flags (-lssl -lcrypto) compilation failed:
>
Compilation did not fail; linking did. Your questio
>From: owner-openssl-us...@openssl.org On Behalf Of Kumar Ghanta
>Sent: Wednesday, 28 November, 2012 14:47
>Can somebody please tell me what default sizes for RSA and DHE
>are being used for the below ciphers in openssl?
>DHE-RSA-AES128-SHA
>DHE-RSA-AES256-SHA
I don't know what you mean by "def
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Thursday, 29 November, 2012 14:57
> > I need to know, first, what "Secure Renegotiation" is, and
> then, if it is a
> > legitimate way to configure a secure server, why it is used.
> Secure Renegotiation is a variant of
> From: owner-openssl-us...@openssl.org On Behalf Of Rainer Rill
> Sent: Sunday, 25 November, 2012 08:04 [in zone -5]
I don't know what happened to this post. Headers (as resent)
show originator stamp Nov 25 14:04 +1 and initial transmission
.superkabel.de to .hosteurope.de to master.openssl.org
>From: owner-openssl-us...@openssl.org On Behalf Of Jeremy Mortis
>Sent: Friday, 30 November, 2012 14:24
>I'm having an issue where wget (and curl) segfaults in libcrypto
>when trying to access a particular https site.
>The site can be accessed via IE or Firefox without problems.
>I'm
> From: owner-openssl-us...@openssl.org On Behalf Of TJ
> Sent: Sunday, 02 December, 2012 22:26
> Can someone please explain these concepts to me? I can't find much
> that explains it in plain English in the docs...
>
> I have been tasked with altering application code that uses an
> embedded web
>From: owner-openssl-us...@openssl.org On Behalf Of Baker, Darryl
>Sent: Thursday, 06 December, 2012 14:45
>I have a website I am monitoring and the tool uses the CURL library
>which in turn uses the OpenSSL library. While all the browsers I've
>tried accept the certificate OpenSSL does not. The
> From: owner-openssl-us...@openssl.org On Behalf Of Baker, Darryl
> Sent: Friday, 07 December, 2012 11:30
> > Dave Thompson said:
> >
> > The problem is not in accepting the cert, the problem is
> you received no response (serverhello) at all, much less a cert.
>From: owner-openssl-us...@openssl.org On Behalf Of Michael Mueller
>Sent: Tuesday, 11 December, 2012 15:45
>Could I get a nudge. I'd like to get the SANs to show up in my certs.
>in my request:
>what I get in the resulting certificate:
It depends on the CA, i.e. the person or organization wh
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Thursday, 13 December, 2012 16:31
> On Thu, Dec 13, 2012 at 12:34 AM, jeetendra gangele
> wrote:
> I have not really been following this thread, so please forgive my
> dumb questions.
>
> Are you using a NIST curve? If
>From: owner-openssl-us...@openssl.org On Behalf Of Hailei Hu
>Sent: Thursday, 13 December, 2012 06:27
>Thanks to your reply.
>The first solution:
>"you can set the length parameter on the decrypt operation to be 16 which
will
>provide you with a result that is your original 10 bytes plus 6 bytes
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Friday, 14 December, 2012 02:59
> I run the below two command and generated the private key for
> ecdsa sign .
Actually you generated two keypairs and ignored one of them.
But what the hey, they're cheap (unlike say l
>From: owner-openssl-us...@openssl.org On Behalf Of Matt Caswell
(fr...@baggins.org)
>Sent: Friday, 14 December, 2012 08:42
>On 14 December 2012 13:36, jeetendra gangele wrote:
>> Can u do that from command line?
>As far as I know you can't use custom curves from the command line -
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Sunday, 16 December, 2012 22:57
> Actaully I was trying to generate the signature of lenght 56 bytes but
> its failing.
> When I check the code it said lenght of the sig should not
> lessa than 56.
> can anybody help m
> From: owner-openssl-us...@openssl.org On Behalf Of Salz, Rich
> Sent: Monday, 17 December, 2012 00:01
> >Can you be a bit more specific about what you mean by "being
> used"? By default OpenSSL can use any built in ECC curve
> though it can be limited in range by those of the peer.
>
To be mo
>From: owner-openssl-us...@openssl.org On Behalf Of Indtiny s
>Sent: Sunday, 16 December, 2012 11:04
This is not a -dev question.
> I am using root certiciate which is there in DER format at client ,
>to verify the peer .
>When I execute my cCURL clinet code I get the below error .
>223: SSL
> From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
> Sent: Saturday, 15 December, 2012 12:48
> On Fri, Dec 14, 2012, simon charles wrote:
>
> > Which works but when using openssl ca routine - it is not
> able to find / load the keys
> >
>
> I can't see why ca shouldn't wor
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Monday, 17 December, 2012 01:58
> Its generating 64 bytes when I print with ECDSA_size(eckey)
> But i neeed 56 bytes signature. [for secp224r1]
>
ECDSA_size is the *maximum* length of the encoded signature,
see the ma
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Monday, 17 December, 2012 02:48
> Yes i am talking about signature.
> ECDSA_SIG this ouptput structure will have r and s componet
> of 28 bytes each. [for 224-bit curve]
> So if I merge both r and s I will get 56 bytes
>From: owner-openssl-...@openssl.org On Behalf Of Thirumal, Karthikeyan
>Sent: Monday, 17 December, 2012 13:12
I don't believe this belongs on -dev or -cvs.
>We added the OpenSSL to our TCP Windows application, for Client -
>Server communication.
>Looks like few machines are not able to access
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Monday, 17 December, 2012 13:17
> HI for ECDH can I use the HAs256 algorithm.
>
> I have gone through the inside DS and written this piece of code and
> it worked also.
> But here how can U sesha256 ,when i used i am g
> From: owner-openssl-us...@openssl.org On Behalf Of Salz, Rich
> Sent: Monday, 17 December, 2012 12:45
> Thanks for the detailed response, Dave.
>
> > As the authenticator you know your own cert already. As the
> verifier you can get the cert and look at it.
> > ... You should be able to know w
>From: owner-openssl-us...@openssl.org On Behalf Of
massimiliano.m...@gmail.com
>Sent: Monday, 17 December, 2012 12:00
>Sorry, wrong error. The actual error is:
> ./openssl smime -verify -in message.txt.signed -text -CAfile
cacert.pem
>Verification failure
>2897402476:error:0D0D50CE:asn1 encodi
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Monday, 17 December, 2012 08:26
> To: openssl-users@openssl.org
> Subject: Re: Need help in loading private key for ECDSA
>
> Thanks for ur help .
>
>
> Can you guide me how can I use ECDH for exachnaging of the
>
> From: owner-openssl-us...@openssl.org On Behalf Of engineereeyore
> Sent: Monday, 17 December, 2012 15:52
> Anyone have any ideas? Still haven't found a solution.
> View this message in context:
> http://openssl.6102.n7.nabble.com/Problem-reading-public-key-f
> rom-PEM-tp42657p42794.html
> Se
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Monday, 17 December, 2012 21:48
> Yes i used [KDF1_SHA1 for ECDH_compute_key] from ec/ecdhtest.c.
> If you see the ECDH_compute_key in last argument It need some hash
> function to sign the shared secret.
The last argu
>From: owner-openssl-us...@openssl.org On Behalf Of David Hinkle
>Sent: Wednesday, 19 December, 2012 14:07
>I have a system where I want to selectively man in the middle
>some SSL connections. My proxy server currently has the capability
>to man in the middle all connections using openssl, or
> From: owner-openssl-us...@openssl.org On Behalf Of Robert Moskowitz
> Sent: Wednesday, 19 December, 2012 22:24
> ... I am trying better to understand ...
> creating a mailserver (postfix) cert.
>
> I am looking at a couple templets. The one at postfix.org creates a
> 'unsigned public key cert
> From: owner-openssl-us...@openssl.org On Behalf Of Robert Moskowitz
> Sent: Thursday, 20 December, 2012 08:24
> Left out response to -nodes option...
>
> On 12/20/2012 03:44 AM, Dave Thompson wrote:
> >> openssl req -new -nodes -keyout foo-key.pem -out
> foo-
>From: owner-openssl-us...@openssl.org On Behalf Of
miles.zh...@aliyun-inc.com
>Sent: Thursday, 20 December, 2012 22:10
>I want to load a certs chain from memory ( ie. From a std::string variable
>with the certs chain's content loading from the mysql db ).
>The content of certs chain is like a C
> From: owner-openssl-us...@openssl.org On Behalf Of goggel
> Sent: Saturday, 22 December, 2012 17:17
> I get an error message when I try to generate a private key.
> I can't figure
> out what the error message is and I have tried to google it.
> But there is
> noone that I can find that has the
> From: owner-openssl-us...@openssl.org On Behalf Of goggel
> Sent: Sunday, 23 December, 2012 12:17
> To: openssl-users@openssl.org
> Subject: RE: Error message when generating private key
>
> I'm using debian (linux) with a ssh+terminal shell.
>
> I got it to work with the passout command, but
> From: owner-openssl-us...@openssl.org On Behalf Of Robert Moskowitz
> Sent: Monday, 31 December, 2012 17:02
> I am running on Centos 6.3 where it looks like Openssl is 1.0.0-25
>
> I am creating my cert with:
>
> openssl req -new -outform PEM -out certs/test.htt-consult.com.crt
> -newkey rsa:
cert. But the BasicConstraints
> problem is still needed to work out.
>
> On 12/31/2012 07:18 PM, Dave Thompson wrote:
> >> From: owner-openssl-us...@openssl.org On Behalf Of Robert Moskowitz
> >> Sent: Monday, 31 December, 2012 17:02
> >> I am trying to f
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Monday, 07 January, 2013 10:26
> void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
> size_t length, const AES_KEY *key,
> unsigned char *ivec, int *num)
>
> What will be the value for
>From: owner-openssl-us...@openssl.org On Behalf Of Massimiliano Masi
>Sent: Monday, 07 January, 2013 10:18
>On Mon, Jan 7, 2013 at 3:11 PM, Dr. Stephen Henson
wrote:
>./openssl smime -nooldmime -sign -signer cert.pem -inkey key.pem
>However, I have [verify] errors (I'm using CAfile). With 1
>From: owner-openssl-us...@openssl.org On Behalf Of Srivardhan Hebbar
>Sent: Tuesday, 08 January, 2013 08:34
>X509_STORE_add_cert() would add a certificate to the list of trusted
>certificates in the ctx. What is the way to remove a certificate from
>this trusted store? Am not finding any functi
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Wednesday, 09 January, 2013 01:28
> when I use AES_ofb128_encrypt for decrpyting 2 bytes of data.
> Actually I have 18 bytes of data so 16 bytes I am decryting with CBC
> and 2 bytes with OFB mode.
> For this 2 bytes I
>From: owner-openssl-us...@openssl.org On Behalf Of Ribhi Kamal
>Sent: Thursday, 10 January, 2013 17:51
>Never mind, the application (virtualbox) was incorrectly trying to use
>the 32bit version of openssl. But I still don't understand why a 32bit
>version has different symbols that the 64bit on
> From: owner-openssl-us...@openssl.org On Behalf Of Hanxi Zhang
> Sent: Tuesday, 15 January, 2013 15:33
> Hi forum, I would appreciate comments on if what I am trying
> to do is feasible.
>
> Problem: I am using recent version of openssl to encrypt
> large amount of data being transferred betw
> From: owner-openssl-us...@openssl.org On Behalf Of Nayna Jain
> Sent: Friday, 18 January, 2013 14:52
> I have been trying [wireshark]. it shows handshake for TLSv1 for
> some sites and not for others.
>
It works for me on all sites. Note wireshark usually selects the protocol
to decode by por
>From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
>Sent: Friday, 18 January, 2013 17:54
>I am having problem with server certificate verification
>the SSL_get_verify_result() returns Error code 20.
>I add a (xx.cert) file to the window certificate store as follow.
>On OpenSSL sta
>From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
>Sent: Friday, 18 January, 2013 17:54
Additional to previous sent prematurely:
>On OpenSSL startup, the file is read from window certifcate store
>and saved into the X509 certificate store.
>1) File is read from window certifi
> From: owner-openssl-us...@openssl.org On Behalf Of kapetr
> Sent: Monday, 21 January, 2013 05:27
> I'm trying to manually verify signature in some SignedData
> ASN.1 structures, which is used in most cases in signature -
> e.g. S/MIME, Timestamps, ... using x.509 certificates.
>
> Lets see th
> From: owner-openssl-us...@openssl.org On Behalf Of PA3MEP
> Sent: Sunday, 20 January, 2013 11:13
> I`am creating a Custom Credentials Provider for Windows 7/8,
> which uses
> axis2c library with openSSL support to communicate with SOAP
> service, which
> provides authentification information.
> From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
> Sent: Friday, 18 January, 2013 20:02
> Pls, see my comments below.
>
> -Original Message-
> From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson
> Sent: Friday, January 18, 2013 7:55 P
> From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
> Sent: Monday, 21 January, 2013 20:08
> With "openssl s_client -connect yourhost:port -CAfile
> xx.cert" I am getting error 21.
>
If you are looking at the last but one or two lines displayed,
that is usually the verify error lef
>From: owner-openssl-us...@openssl.org On Behalf Of David Hinkle
>Sent: Monday, 21 January, 2013 19:48
>So I've got my ssl client working pretty well. It does great with
>most websites, but some of them it doesn't verify the certificate chain
>for, returning the above error. The CA root cert
>From: owner-openssl-us...@openssl.org On Behalf Of ask
>Sent: Tuesday, 22 January, 2013 21:39
>Is there a way to tell what size of session key was chosen by
>two peers after a successful handshake, and what encryption method chosen?
http://www.openssl.org/docs/ssl/SSL_get_current_cipher.html
ht
> From: owner-openssl-us...@openssl.org On Behalf Of Wim Lewis
> Sent: Wednesday, 23 January, 2013 16:57
> On Jan 23, 2013, at 1:12 PM, Tovey, Dwight (LaserJet R&D FW
> Eng.) wrote:
> > Hello all -
> >
> > I have a need to send a bit of RSA encrypted data to a
> device. The device will provid
> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni
> Sent: Thursday, 24 January, 2013 13:25
> On Thu, Jan 24, 2013 at 05:25:48PM +, Tovey, Dwight
> (LaserJet R&D FW Eng.) wrote:
> > So, my next question is, how did you add the public key
> header? What does this header l
> From: owner-openssl-us...@openssl.org On Behalf Of Tovey, Dwight (LaserJet
R&D FW Eng.)
> Sent: Thursday, 24 January, 2013 10:55
> On Jan 23, 2013, at 3:56 PM, Dave Thompson
> wrote:
>
> > Most utilities, yes, although the library supports both.
> > (The rou
> From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
> Sent: Thursday, 24 January, 2013 18:19
> On Thu, Jan 24, 2013, Jeffrey Walton wrote:
>
> > On Wed, Jan 23, 2013 at 1:20 PM, Smith, Russell (Shane), Contractor
> > wrote:
> > > I am looking for a way to disable weak ciphers
>From: owner-openssl-us...@openssl.org On Behalf Of Goulet, Brian
>Sent: Friday, 25 January, 2013 15:53
>I'm trying to create an SSL certificate for
>and keep getting the error "No certificate matches private key".
>These are the steps I have taken:
>1. Generate the private key and CSR with
> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni
> Sent: Friday, 25 January, 2013 12:21
> On Fri, Jan 25, 2013 at 05:10:03PM +, Viktor Dukhovni wrote:
>
> > On Fri, Jan 25, 2013 at 04:13:02PM +, Ken Allen wrote:
> >
> > > Hi All, I'm having a bit of a problem. I need
> From: owner-openssl-us...@openssl.org On Behalf Of Tovey, Dwight (LaserJet
R&D FW Eng.)
> Sent: Friday, 25 January, 2013 17:50
> On Jan 24, 2013, at 8:13 PM, Dave Thompson
> wrote:
>
> > If you want to do it actually in Python:
> > - get m and e from the publ
> From: owner-openssl-us...@openssl.org On Behalf Of redpath
> Sent: Monday, 28 January, 2013 14:33
> I read the public ECKEY in shown below from the x509
>
> x509= PEM_read_bio_X509(bio,NULL, 0, NULL); //...
> EVP_PKEY *evpkey = X509_get_pubkey(x509);
> pubeckey= EVP_PKEY_get1_EC_
RETRY (previous attempt 01-31 19:34 EST not seen)
>From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
>Sent: Thursday, 31 January, 2013 18:12
>I am running the openssl tool from the FIPCA utility kit to check
>the server certificate. I am getting error 20 and 21.
>The certificate is
>From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
>Sent: Thursday, 31 January, 2013 18:12
>I am running the openssl tool from the FIPCA utility kit to check
>the server certificate. I am getting error 20 and 21.
>The certificate is retrieved successfully from the server and displa
>From: owner-openssl-us...@openssl.org On Behalf Of Jon Evers
>Sent: Friday, 01 February, 2013 17:45
>I'm trying to link an application that will use openssl and fips.
>I'm getting linker errors [using] MS Visual Studio 2008.
>I'm trying to link the DLL, lib32eay.dll.
Did you put libeay32.dll in
> From: owner-openssl-us...@openssl.org On Behalf Of Tage Korsdal Nielsen
> Sent: Friday, 01 February, 2013 03:19
> New to OpenSSL, but designing a PC application that must encrypt a
> stream of 48 bytes message blocks to a USB device with aes128.The iv's
> gets generated and synchronized when t
> From: owner-openssl-us...@openssl.org On Behalf Of redpath
> Sent: Friday, 01 February, 2013 14:55
> I am using ECDSA to create and verify a signature for a document.
> I apparently cannot use the ecdsa.PEM directory and so here
> is my question.
>
Nit: ecdsa.pem is a file, containing (parame
> From: owner-openssl-us...@openssl.org On Behalf Of Nathan Smyth
> Sent: Friday, 01 February, 2013 08:47
> Is it possible to have null, untrusted, or shared
> certificates, to simplify deployment for apps that don't care
> about SSL?
>
> Basically I have an infrastructure that uses OpenSSL for
>From: owner-openssl-us...@openssl.org On Behalf Of Srivardhan Hebbar
>Sent: Tuesday, 29 January, 2013 04:57
>I have a string which has the certificate in PEM(Base64) format.
>I want to convert it to DER format(unsigned char). How can I do it?
>I wrote the following code:
>This code is fail
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Wednesday, 06 February, 2013 16:59
> To: openssl-users@openssl.org
> Subject: Re: fipslink
>
> On Wed, Feb 6, 2013 at 2:40 PM, Memmott, Lester
> wrote:
> > Jon,
> >
> > I'm having trouble with fipslink as well and thought
> From: owner-openssl-us...@openssl.org On Behalf Of Thomas Koeller
> Sent: Thursday, 07 February, 2013 15:54
> On Thursday 07 February 2013 07:31:55 you wrote:
> > On Wed, February 6, 2013 23:47, Thomas Koeller wrote:
> > > bash-4.0$ openssl verify -x509_strict -CAfile cacert/root_ca.pem
> > > -
>From: owner-openssl-us...@openssl.org On Behalf Of Sreekanth Sukumaran
>Sent: Monday, 11 February, 2013 07:04
>For usage on my server application,
>1. I tried to create a CA certificate using the command
>openssl req -new -x509 -days 730 -extensions v3_ca
>-keyout cacert.key -out cacert.pem
> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni
> Sent: Monday, 11 February, 2013 00:41
> On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote:
>
> > >> I'm trying to extract a public key (subjectPublicKeyInfo)
> > >> form an X509 certificate.
> > >
> > > from apps
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Monday, 11 February, 2013 01:12
> I'm trying to memory map a file. Does OpenSSL BIO's allow this?
>
> I seem to be failing on BIO_read_filename with a `ret` of 0. The docs
> state I should expect `ret` of 1. When I look f
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Monday, 11 February, 2013 23:04
Some minor points:
> On Mon, Feb 11, 2013 at 5:15 PM, Dave Thompson
wrote:
> >> On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote:
> > To "wri
> From: owner-openssl-us...@openssl.org On Behalf Of Joel Bion
> Sent: Monday, 18 February, 2013 13:57
> The issue I have been reporting has never been on the client
> side, as the
> problem is seen when connecting into a server that is booted into a
> 1.0.1e-environment vs. a 1.0.1c based enviro
>From: owner-openssl-us...@openssl.org On Behalf Of David Geib
>Sent: Monday, 18 February, 2013 09:45
>You can't use strerror for OpenSSL errors. Look into
>ERR_get_error() and ERR_error_string().
After *most* OpenSSL errors. Errors (only) on an underlying
I/O operation, in particular a socket
> From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
> Sent: Tuesday, 19 February, 2013 07:20
> On Tue, Feb 19, 2013, Eisenacher, Patrick wrote:
>
Aside: the original of that message shows as empty (no text)
in my Outlook. I can look at headers and they seem reasonable
(text/
> From: owner-openssl-us...@openssl.org On Behalf Of Matthew Hall
> Sent: Wednesday, 20 February, 2013 15:05
> Use the dumpasn1 utility on it, it's in almost every Linux
> distro, or from its
> website:
>
> http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c
>
Or openssl asn1parse, likely availab
> From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
> Sent: Wednesday, 20 February, 2013 19:06
> On Tue, Feb 19, 2013, Ulises S. wrote:
>
> > There is this odd behavior in which one in many signed
> files with PKCS#7 on JAVA won't
> > pass the validation with Openssl, all Op
See below.
> -Original Message-
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
> Sent: Wednesday, February 20, 2013 3:51 PM
> Or openssl asn1parse, likely available to anyone asking here
> even on non-Lin
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Friday, 22 February, 2013 05:06
> On 2/21/2013 11:12 AM, Mozes, Rachel wrote:
[other reports say issue]
> > affects just "The TLS protocol *_1.1 and 1.2_ *and the DTLS
> protocol 1.0
> > and 1.2", but in the OpenSSL announce
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Friday, 22 February, 2013 06:03
> On 2/21/2013 2:29 PM, ashish2881 wrote:
> > I have a certificate chain in a file chain.pem .it also has root
> > certificate(self signed) .
> > How can i verify the chain,if all certificates a
> From: owner-openssl-us...@openssl.org On Behalf Of saurav barik
> Sent: Friday, 22 February, 2013 00:41
I think this fits better on -users and put that first, but if you
ask both lists please indicate in the message (as I did) because
people don't necessarily read both and see the duplication.
> From: owner-openssl-...@openssl.org On Behalf Of David Woodhouse
> Sent: Monday, 25 February, 2013 05:54
> On Sun, 2013-02-24 at 22:26 -0500, Dave Thompson wrote:
> > TLS depends on TCP's reliable in-order transport. DTLS basically
> > re-implements enough of TCP to m
> From: owner-openssl-us...@openssl.org On Behalf Of ashish2881
> Sent: Wednesday, 27 February, 2013 06:05
> I have a .pem file say : chain.pem
> chain.pem == server certificate-> intermediate CA certificate
> -> self signed root certificate .
>
> Now i am writing the code in C using opensl Api
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Monday, 25 February, 2013 03:18
> On 2/25/2013 4:26 AM, Dave Thompson wrote:
> > The one limitation, implicit above, is "a" chain, singular.
> > If there is more than one chain above a given c
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Monday, 25 February, 2013 03:07
> On 2/25/2013 4:26 AM, Dave Thompson wrote:
> The attack is against the specific timing differences that occur when
> directly implementing the RFC suggested countermeasure aga
>From: owner-openssl-us...@openssl.org On Behalf Of azhar jodatti
>Sent: Wednesday, 13 March, 2013 13:44
>I was trying to implement the diffie Hellman algorithm in Java
>which makes use of JCF and as well as in c with openssl...
I assume you mean JCE, or maybe JCA. JCF is completely unrelated.
701 - 800 of 1134 matches
Mail list logo
