function PEM_read_RSAPrivateKey not returning

2006-02-15 Thread Matthias
, Matthias __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]

Re: function PEM_read_RSAPrivateKey not returning

2006-02-15 Thread Matthias
for undisplayable characters. Thanks for the help, Matthias Kyle Hamilton wrote: One of the most important things about this is, when did you obtain the installer from slproweb.com? It's difficult to figure out if it's older, or a problem in a very recent build, or what. Did you attach a debugger

Re: function PEM_read_RSAPrivateKey not returning

2006-02-16 Thread Matthias
and worried the same time that it affects not only me... Did you use the precompiled binaries or compiled yourself? Do you consider it a bug? Do you plan to fix it? (in case you are able to do so) Bye, Matthias __ OpenSSL Project

Re: function PEM_read_RSAPrivateKey not returning

2006-02-17 Thread Matthias
symptoms, function simply does nothing. Afterwards I compiled the latest snapshot (openssl-0.9.8-stable-SNAP-20060217.tar.gz) but even there it does not work - same problem again. I really appreciate all your help here! Thanks. Matthias

false positive virus scanner alert on OpenSSL 0.9.8

2006-02-17 Thread Matthias
.Padodor.gen Datei: sha256t.exe Verzeichnis: C:\myProjects\openssl\out32dll sha256t.exe 6656 Bytes http://www.antiviruslab.com/search.php?v1=Backdoor.Win32.Padodor.gen I'll try to contact G DATA and send them a sample of that file. Bye, Matthias

Re: function PEM_read_RSAPrivateKey not returning

2006-02-20 Thread Matthias
Kyle Hamilton wrote: Did you make sure to remove %SYSTEMROOT%\system32\ssleay32.dll and libeay32.dll? Just running the uninstaller doesn't get rid of them. No, I forgot that. Sorry, my fault. I now replaced those two DLLs with the ones I compiled myself. Good news: in Release mode my

Re: function PEM_read_RSAPrivateKey not returning

2006-02-20 Thread Matthias
version information: C:\myProjects\opensslnmake -f ms\ntdll.mak Microsoft (R) Program Maintenance Utility Version 7.10.3077 Copyright (C) Microsoft Corporation. All rights reserved. Matthias __ OpenSSL Project

setting up an openssl client/server connection

2012-07-22 Thread Matthias Apitz
files in http://www.openssl.org/docs/HOWTO/ and they seems to be usefull, but the file certificates.txt makes in the critical point a refernce to ...another HOWTO formats.txt? which is not there :-( Thanks matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170

openssl client/server connection

2012-09-26 Thread Matthias Apitz
not need any key files to connect... The output of the openssl client about the connection is attached below as nohup.out. Why is this? Could some kind soul bring a bit light into this? Thanks in advance. matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign

Re: simple server with using openssl

2012-10-07 Thread Matthias Apitz
routines:SSL2_READ_INTERNAL:non sslv2 initial packet:s2_pkt.c:187: I think this is normal, because you did not contacted the server with some SSL client; At the client side : curl: (56) Recv failure: Connection reset by peer normal too; HIH matthias -- Matthias Apitz

Re: how to STORE encrypted string in database

2013-03-28 Thread Matthias Apitz
which allows storing binary actets, like BLOB (Sybase) or IMAGE (Oracle) or ... depends on your DBS. matthias -- Sent from my FreeBSD netbook Matthias Apitz | - No system with backdoors like Apple/Android E-mail: g...@unixarea.de | - Never being an iSlave WWW: http

connecting to (openssl-) server in SSL or clear text

2013-11-15 Thread Matthias Apitz
does or not does SSL after connecting the socket? Ofc the client could try any method and if it does not fit, drop the connection and do an new one. But I hope that there are better options. Thanks matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: www.asciiribbon.org

Re: connecting to (openssl-) server in SSL or clear text

2013-11-15 Thread Matthias Apitz
is there in clear text (like 220 SLNP) and if not it should handover this buffer and the socket fd for further SSL handshake... Is this possible? matthias -- Sent from my FreeBSD netbook Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211 UNIX since V7 on PDP-11, UNIX

Re: connecting to (openssl-) server in SSL or clear text

2013-11-18 Thread Matthias Apitz
) if there is the clear text goodmorning message coming in, if not it stops reading and initiates the SSL/TLS. If it can read the 220 ready in clear text, it will asume clear text and will talk the first command to the server. Vy 73 matthias -- Sent from my FreeBSD netbook Matthias Apitz, g

openssl interrupted read(2) call on socket

2014-04-04 Thread Matthias Apitz
, 0x810469b, 5) ... Why is this different on Solaris and Linux? matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: www.asciiribbon.org E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X - No proprietary attachments phone

Re: OpenSSL Security Advisory

2014-04-09 Thread Matthias Apitz
:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/t1_lib.c:2562: Thanks for clarification. matthias -- Sent from my FreeBSD netbook Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211 UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370

Re: OpenSSL Security Advisory

2014-04-10 Thread Matthias Apitz
-Original Message- From: Matthias Apitz [mailto:g...@unixarea.de] Sent: Thursday, April 10, 2014 6:41 AM To: Apitz,Matthias Subject: Fwd: RE: OpenSSL Security Advisory - Forwarded message from Salz, Rich rs...@akamai.com - Date: Wed, 9 Apr 2014 15:43:28 -0400

PEM_read PrivateKey gives illegal seek

2008-08-11 Thread Matthias Barmeier
why this does not work ? My openssl Version is a debian package named: 0.98c-4etch3. Thanks in ad. Ciao Matthias __ OpenSSL Project http://www.openssl.org User Support Mailing List

RE: PEM_read PrivateKey gives illegal seek

2008-08-11 Thread Matthias Barmeier
: Is it possible to make readable error message from this ? Ciao Matthias __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org

Re: PEM_read PrivateKey gives illegal seek

2008-08-11 Thread Matthias Barmeier
+GDpSF5bZwZO/u4ydSAI5EoreN9KmtMgDsnavnfjio55/WuWuEWH1 7xrCR88of0lHJyvb2fWDnHbxCwOLcgurmcMH/qcQFFk2VsXbmWWSTg2n+Pd2ADk1 rJAazSG24ax1CJZ+sIWsJEm8O0Cj2GyleqFKzMikcpoRbNkelMTT0Q== -END RSA PRIVATE KEY- this is a private key or am I wrong ? Ciao Matthias

Re: PEM_read PrivateKey gives illegal seek

2008-08-11 Thread Matthias Barmeier
Hi, ok, sorry for not understanding what happens. The call OpenSSL_add_all_algorithms() was missing. After adding it everything seems to work perfect. Shouldn't this be mentioned on the man page of the PEM functions ? Ciao Matthias

Re: PEM_read PrivateKey gives illegal seek

2008-08-13 Thread Matthias Barmeier
Hi Tim, after understanding what happens I found and understand FAQ. But if it is part of the FAQ why not putting a hint on the relevant man pages, Maybe after doing this this item is no FAQ any more ;). Ciao Matthias Matthias Barmeier wrote: Hi, ok, sorry for not understanding what

x509: adding extensions to CSRs

2009-08-08 Thread Matthias Güntert
adding the extensions later on while creating a certificate? BTW: In which RFC is the structure of a CSR described? Couldn't find anything within 2459, 3280 nor 5280. Regards, Matthias Güntert __ OpenSSL Project

[openssl verify] [lookup:unable to get issuer certificate]

2009-08-18 Thread Matthias Güntert
Hello guys I have created three certificates: a root CA cert, a subRoot CA cert and one client cert using M2Crypto. When I try to verify the trust chain I receive 'unable to get issuer certificate' This are the steps I walked: # my certificates $ ls *.crt client.crt rootCA.crt subRootCA.crt

Re: [openssl verify] [lookup:unable to get issuer certificate]

2009-08-19 Thread Matthias Güntert
Can someone please shed some light on this? This are the test-certificates I have been using. I figured it out: $ man 1 verify [...] -CAfile file: A file of trusted certificates. The file should contain multiple certificates in PEM format concatenated together. [...] $ cat rootCA.crt

OpenSSL CA and MySQL

2009-10-19 Thread Matthias Güntert
couldnt find? regards, matthias __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager

Adding non-root certificates to the list of trusted certificates?

2011-02-10 Thread Matthias Meixner
the brute force way of using the verify callback, reading all the certificates from CAfile and comparing them manually with the server certificate? Regards, Matthias Meixner __ OpenSSL Project http

AW: Adding non-root certificates to the list of trusted certificates?

2011-02-10 Thread Matthias Meixner
Hello Lou, my program should behave just like a browser, i.e. it should be capable of accepting certificates without having to install the root CA cert. - Matthias Meixner Von: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Im Auftrag

AW: Adding non-root certificates to the list of trusted certificates?

2011-02-17 Thread Matthias Meixner
-Original Message- From: Eisenacher, Patrick Matthias, search the archives for a thread named 'Terminate chain at intermediate certificate'. Stephan's post that Mounir cites, is from last year's 11th November. Thanks for this information, I will see how far I get

SSL session ID vs session ticket

2011-10-27 Thread Matthias Meixner
Hello! When upgrading to version 0.9.8r my system stopped supporting session resumption. It looks like session tickets are the reason for this. I was using some external session cache to support session resumption on a cluster of servers where it should be possible that each server in the

AW: SSL session ID vs session ticket

2011-10-28 Thread Matthias Meixner
this create some security risks? What is the advantage of using session tickets instead of session IDs? Can SSL session tickets be used with some kind of external cache? Thanks, Matthias Meixner -Ursprüngliche Nachricht- Von: owner-openssl-us...@openssl.org [mailto:owner-openssl

AW: expired ssl certificate

2012-04-20 Thread Matthias Meixner
The expiration time is checked by the client. If you want to turn checking off, you have to modify the client. But this is what you wanted to avoid. So the best thing you can do right now is to create a new certificate, this time with a long expiration time, e.g. 100 years. Matthias

AW: smaller openSSL library

2012-05-10 Thread Matthias Meixner
You can leave out some of the ciphers during configuration using something like e.g.: ./Configure gcc no-err no-bf no-camellia no-cast no-dsa no-idea no-krb5 no-md4 no-rc2 no-rc4 no-ripemd no-ripemd160 no-ec no-sha0 no-sha512 no-hw no-comp - Matthias

RE: OpenSSL 0.9.7f released

2005-03-23 Thread Matthias Miller
the compile errors. Thanks in advance. Matthias Miller stack_push(3); # 3 temp variables add( $d, 8); - and( $x, 0xff); + + # detect compressed schedule, see commentary section

Unexpected record when client renegotiates

2005-02-16 Thread Matthias Miller
, or of the s_server and s_client samples? Also, what is the appropriate way of dealing with this problem? Will OpenSSL eventually support this, or is this something that must be built in each application's protocol? Thank you. Matthias Miller

open

2001-07-27 Thread Matthias Süß
__ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]

the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Matthias Apitz
we have rumor, that the bug was used by NSA, of course the American Goverment says no. Thanks matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X- No proprietary

Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Matthias Apitz
for the git diff (and the other statements). Could you please be so kind and point to the exact place of the offending statement (or missing boundary check) in the 19 *.[ch] files? I only want (as a C programmer) to get my own impression of the nature of the issue. Thanks matthias

Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Matthias Apitz
El día Saturday, April 12, 2014 a las 09:30:22PM +0200, Matthias Apitz escribió: El día Saturday, April 12, 2014 a las 09:08:15PM +0200, Michael Tuexen escribió: What is the exact bug, can someone show a svn/git diff of the first source version having the bug? http://git.openssl.org

Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Matthias Apitz
amount a valid space... matthias -- Sent from my FreeBSD netbook Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211 UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5

Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Matthias Apitz
works in both directions; when a client with an openssl lib/DLL with this bug connects to a well prepared SSL server, the server can fetch up to 64 kbyte of memory from the client, for example the stored saved passwords in your browser... matthias -- Sent from my FreeBSD netbook Matthias

Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-14 Thread Matthias Apitz
some nice pictures how the bug works: http://www.xkcd.com/1354/ HIH matthias -- Sent from my FreeBSD netbook Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211 UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2

s_client to contact servers in clear and switch to SSL

2014-06-03 Thread Matthias Apitz
way to not start special servers to test with s_client... Any idea how to let accept s_client the clear text before using SSL? Thanks matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http

freeing SSL related memory

2014-10-17 Thread Matthias Apitz
allocated resources? The cycle establishSSLconnection() sendReceiveData() sslEnd() is not called only once due to the nature of the remote server, without going into these details. Thanks in adavance for reading the code and any hints. matthias static int sockFd

Re: Openssl IPv6 Support

2014-11-05 Thread Matthias Apitz
= SSL_new(ctx); SSL_set_bio(ssl, bio, bio); res = SSL_connect(ssl); This works fine with IPv4 and IPv6. HIH matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X

Re: Openssl IPv6 Support

2014-11-05 Thread Matthias Apitz
this, one has to pass a created IPv6 socket to the SSL layer routines. This should be fixed. matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X- No proprietary

Re: [openssl-users] Leading Zeros in ASN1_INTEGER?

2017-01-30 Thread Matthias Ballreich
penssl-us...@dukhovni.org> Gesendet: Samstag, 28. Januar 2017 17:00:53 An: openssl-users@openssl.org Betreff: Re: [openssl-users] Leading Zeros in ASN1_INTEGER? > On Jan 28, 2017, at 10:01 AM, Matthias Ballreich > <matthias.ballre...@outlook.de> wrote: > > is it normal that Ope

[openssl-users] Leading Zeros in ASN1_INTEGER?

2017-01-28 Thread Matthias Ballreich
Hi there, is it normal that OpenSSL removes the leading Zeros in an ASN1_INTEGER? I tried to read the Certificate Serial and the Certificate Serial in the AuthorityKeyID-Extension with C++, which works very well, but i noticed that OpenSSL removes the leading Zeros on it. The real ASN1-Value

Re: [openssl-users] openssl client v1.1.0 can not connect: handshake failure:ssl/record/rec_layer_s3.c:1385:SSL alert number 40

2017-02-17 Thread Matthias Apitz
El día Friday, February 17, 2017 a las 09:57:39AM +, Matt Caswell escribió: > > > On 17/02/17 07:46, Matthias Apitz wrote: > > New, TLSv1/SSLv3, Cipher is DHE-DSS-AES128-GCM-SHA256 > > Your server appears to be configured with a DSA certificate. > >

[openssl-users] openssl client v1.1.0 can not connect: handshake failure:ssl/record/rec_layer_s3.c:1385:SSL alert number 40

2017-02-17 Thread Matthias Apitz
-connect 10.23.33.55:58076 quit $ cat nohup.out depth=0 C = de, ST = Germany, L = Munich, O = unixarea.de, OU = gTech, CN = Matthias Apitz verify error:num=18:self signed certificate verify return:1 depth=0 C = de, ST = Germany, L = Munich, O = unixarea.de, OU = gTech, CN = Matthias Apitz

[openssl-users] libssl.so.1.0.0 -> Java1.6 net.ssl gives: dh key too small:s3_clnt.c:3617:

2016-08-25 Thread Matthias Apitz
ystore is generated with the Java keytool. It does not help generate the keystore with Java1.8 keytool and use this in the Java1.6 server. Is there some workaround? Thanks matthias -- Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045 -- openssl-users mailin

Re: [openssl-users] CVE-2016-2180

2016-09-16 Thread Matthias Apitz
lting string (as you do). However OBJ_obj2txt() might > truncate what it would otherwise produce if the supplied buffer isn't > big enough - but it still returns the length of the untruncated string. > > ... I would even suggest to change the wording in the man page to: "... representatio

Re: [openssl-users] CVE-2016-2180

2016-09-16 Thread Matthias Apitz
r must be, but does not specify what its return value is, only that it is 'int'. Maybe it does not return the length of the resulting string. matthias -- Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045 "Ohne die Mauer hätte es Krieg gegeben&quo

Re: [openssl-users] CVE-2016-2180

2016-09-16 Thread Matthias Apitz
is 1 then the numerical form will always be used. > > Above statement statement saying that *amount of space required is > returned*. I saw this, but 'amount of space required' is IMHO vague, I'd expect 'the length of the resulting string is returned' matthias -- Matthias

[openssl-users] Access Mozilla NSS (shared) Database / PKCS#11 Modules via OpenSSL?

2016-11-08 Thread Matthias Ballreich
Hi there, how can i access the Mozilla NSS (shared) Database (cert8 or cert9d.db) / PKCS#11-Modules via OpenSSL? I need read & write access to the NSS User Cert Database (softokn3) and to the Built-In Cert Database (nssckbi) under Windows. I tried it with Libp11 this way: int rc = 0;

[openssl-users] QcStatements with OpenSSL (C++)?

2017-04-18 Thread Matthias Ballreich
Hi there, can OpenSSL pasre QcStatement X509v3 Extension btw. Did OpenSSL Support these? Any Piece of example Code of how can i parse the data? Thanks Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

2017-07-11 Thread Matthias Ballreich
ning against each time)? Preferably as a github issue, but here is fine as well... Cheers, Richard In message <db6p195mb0182a9c918b5d06cf9a12fd8fb...@db6p195mb0182.eurp195.prod.outlook.com> on Mon, 10 Jul 2017 16:47:28 +, Matthias Ballreich <matthias.ballre...@outlook.de> said:

Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

2017-07-09 Thread Matthias Ballreich
Thanks. I tried it but i got the error Message that make update is not available. I am Building it on windows with nmake under the visual Studio Developer Shell. Why is nmake Update Not working there? Am 09.07.2017 um 08:40 schrieb Billy Brumley : >> i want to contribute

Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

2017-07-10 Thread Matthias Ballreich
)? Best regards Matthias Von: Richard Levitte<mailto:levi...@openssl.org> Gesendet: Montag, 10. Juli 2017 06:14 An: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Betreff: Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

[openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

2017-07-09 Thread Matthias Ballreich
Hi there, i want to contribute some more OIDs. Therefore i added the OIDs inside the „Objects.txt“ inside /crypto/objects Then i run these commands: perl objects.pl objects.txt obj_mac.num ../../include/openssl/obj_mac.h perl obj_dat.pl ../../include/openssl/obj_mac.h obj_dat.h perl objxref.pl

Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?

2017-05-09 Thread Matthias Ballreich
sl.org] Im Auftrag von Dr. Stephen Henson Gesendet: Dienstag, 9. Mai 2017 18:06 An: openssl-users@openssl.org Betreff: Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension? On Tue, May 09, 2017, Matthias Ballreich wrote: > Here are nor some more details, which may help

Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?

2017-05-09 Thread Matthias Ballreich
Thanks for reply. Ohh that's bad news. So I have will look at the various d2i_XXX and i2d_XXX functions you mentioned. Von: openssl-users [mailto:openssl-users-boun...@openssl.org] Im Auftrag von Salz, Rich via openssl-users Gesendet: Dienstag, 9. Mai 2017 15:55 An: openssl-users@openssl.org

Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?

2017-05-09 Thread Matthias Ballreich
+DyD2xViJCm5zEYg1m5x4znHJIMZsYAU/vJJIJQkPKVsIgm6vP/H1kXyAu0g2Ep z+VWPnhZK1uw+ay1KRXw8rw2mR8hQ2Ug6QZHYdky2HH3H/69rWSPp888G8CW8RLU uIKzn+GhapCuGoC4qWdlGLWqfpc= -END CERTIFICATE- Von: Matthias Ballreich <matthias.ballre...@outlook.de> Gesendet: Sonntag, 30. April 2017 13

[openssl-users] C++ How to parse Subject Directory Attributes Extension?

2017-04-30 Thread Matthias Ballreich
, NID_subject_directory_attributes, -1); X509_EXTENSION *ex = X509_get_ext(cert, loc); But i stuck on how to continue and get the TypeValue-Stuff. Would be very helpful if someone can help me. thanks and best regards Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo

Re: [openssl-users] QcStatements with OpenSSL (C++)?

2017-05-05 Thread Matthias Ballreich
et: Mittwoch, 26. April 2017 17:06:58 An: openssl-users@openssl.org Betreff: Re: [openssl-users] QcStatements with OpenSSL (C++)? On 04/17/2017 06:40 PM, Matthias Ballreich wrote: Hi there, can OpenSSL pasre QcStatement X509v3 Extension btw. Did OpenSSL Support these? Any Piece of example Code

Re: [openssl-users] Rückruf: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

2018-01-22 Thread Matthias Apitz
r:1417C086:SSL routines:tls_process_client_certificate:certificate verify > failed" zurückrufen. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users Nice idea recall an email which was sent to a mailing-list :-) -- Matthias Apitz, ✉ g...@unixarea.de, ⌂ http

[openssl-users] compiling cups-1.4.3 w/ OpenSSL 1.10 && BIO_METHOD

2018-03-01 Thread Matthias Apitz
}; Can I fix this somehow within the cups' code? Thanks matthias -- Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] BIO_printf with ASN1_BIT_STRING and ASN1_INTEGER?

2018-10-16 Thread Matthias Ballreich
Hi, thanks for this - what about the ASN1_BIT_STRING? Is there such a predefined function? Von: openssl-users im Auftrag von Dave Coombs Gesendet: Dienstag, 16. Oktober 2018 15:17 Uhr An: openssl-users@openssl.org Betreff: Re: [openssl-users] BIO_printf with

understand 'openssl dhparms ....'

2019-02-19 Thread Matthias Apitz
urd ephztXEmQ63XP4ULPlcaOXzYk6GLUXFYKVYuIHnpdcJLLRMFWZ0bAgEC -END DH PARAMETERS- How this is supposed to work? Thanks matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub

Re: understand 'openssl dhparms ....'

2019-02-19 Thread Matthias Apitz
El día Tuesday, February 19, 2019 a las 10:47:44AM +, Matt Caswell escribió: > > > On 19/02/2019 08:57, Matthias Apitz wrote: > > > > Two questions: > > > > 1. Why this has no input file? Shouldn't it have on, and which? The man > > page says, it

What does 'openssl ts -verify' verify exactly?

2021-02-15 Thread Matthias Buehlmann
If openssl ts -verify is used, what exactly is verified? For example, while the [-crl_check] [-crl_check_all] and [-extended_crl] verify options are supported, there is no way to pass CRLs to the call. So, is anything checked for revocation? How are timestamps verified for which the signing

Re: What does 'openssl ts -verify' verify exactly?

2021-02-16 Thread Matthias Buehlmann
times (1-3 years). If it was true that tokens would only remain valid within that period without being restamped, the whole point of PAdES LTV would be moot. Cheers and thank you for your help, Matthias On Tue, Feb 16, 2021 at 2:49 PM Hubert Kario wrote: > On Tuesday, 16 February 2021

Re: What does 'openssl ts -verify' verify exactly?

2021-02-16 Thread Matthias Buehlmann
On Tue, Feb 16, 2021 at 4:34 PM Hubert Kario wrote: > On Tuesday, 16 February 2021 15:54:24 CET, Matthias Buehlmann wrote: > > Hello Hubert (sorry, replied to your e-mail address directly before > instead > > of the mailing list), > > > > thank you for your r

Re: What does 'openssl ts -verify' verify exactly?

2021-02-16 Thread Matthias Buehlmann
On Tue, Feb 16, 2021 at 8:56 PM Viktor Dukhovni wrote: > > On Feb 16, 2021, at 1:34 PM, Hubert Kario wrote: > > > > the whole problem is that if you trust the date in the timestamp as the > date the timestamp was created, attacker can compromise the TSA key years > after > > it was last used

Re: PEM file line size

2021-02-25 Thread Matthias Buehlmann
„Parsers MAYhandle other line sizes.These requirements are consistent with PEM [RFC1421 ].“ It‘s not a bug, it‘s undefined behaviour. On Wed, 24 Feb 2021 at 20:20 Frank Liu wrote: > Hi, > > I noticed openssl 1.0.1 and 1.0.2 can't read a certificate PEM

How to compile OpenSSL 0.9.8 with MinGW successfully

2005-10-06 Thread Matthias Buecher / Germany
Matthias Maddes Bücher http://www.maddes.net/ Home: Earth / Germany / Ruhr-Area Compiling OpenSSL 0.9.8 with MinGW == This HowTo includes infos taken from http://www.mail-archive.com/openssl-users@openssl.org/msg40732.html 0. Use the latest MinGW runtime library

Re: Binary compatibility between 0.9.7g and 0.9.7h?

2005-10-11 Thread Matthias Buecher / Germany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Do I have to apply this to 0.9.8a too? Matthias Maddes Bücher On 11.10.2005 21:53, Richard Levitte - VMS Whacker wrote: Correct analysis. What's happened is that the FIPS functions for SHA224, SHA256, SHA384 and SHA512 were added

Re: [EMAIL PROTECTED]: pre compiled binarys]

2005-10-19 Thread Matthias Buecher / Germany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can get some here: OpenSSL 0.9.7 == http://sites.inka.de/ximera/hamster.html OpenSSL 0.9.8 == http://www.slproweb.com/products/Win32OpenSSL.html found on http://www.openssl.org/ : Related - Binaries Matthias Maddes Bücher

Re: [openssl-users] [openssl-announce] Forthcoming OpenSSL releases

2015-03-18 Thread Dr. Matthias St. Pierre
Thanks for the three line upgracde recipe in https://wiki.openssl.org/index.php/Code_reformatting It's as simple as you stated, indeed. The reformatting was a good thing to do. Also, it makes sense to me to apply it to all stable branches uniformly, in order to simplify cross-branch merging.

Re: [openssl-users] [openssl-announce] Forthcoming OpenSSL releases

2015-03-18 Thread Dr. Matthias St. Pierre
Hello, Here is a recipe to guide you through the reformatting. It worked nicely for me. I wrote a small bash shell script which helped me do the bulk conversion, see attachment Hope you'll find this information helpful. In following I briefly describe the steps how you can 1) get your patches

Re: [openssl-users] [openssl-announce] Forthcoming OpenSSL releases

2015-03-19 Thread Dr. Matthias St. Pierre
I just posted an updated version of my script in a new thread, titled Minimizing the pain of reformatting your OpenSSL patches Regards, msp On 03/19/2015 02:22 AM, Dr. Matthias St. Pierre wrote: Hello, Here is a recipe to guide you through the reformatting. It worked nicely for me. I

Re: [openssl-users] Minimizing the pain of reformatting your OpenSSL patches

2015-03-19 Thread Dr. Matthias St. Pierre
Copy Paste error: The name of the new branch is ${upstream}-post-auto-reformat not ${upstream}-pre-auto-reformat msp On 03/19/2015 09:40 AM, Dr. Matthias St. Pierre wrote: For every commit on the rebased branch, it does an automatic conversion, placing the results onto a new branch

Re: [openssl-users] Minimizing the pain of reformatting your OpenSSL patches

2015-03-19 Thread Dr. Matthias St. Pierre
Sorry for that, another typo: Please replace OpenSSL_1_0_1k by OpenSSL_1_0_1m below. On 03/19/2015 09:40 AM, Dr. Matthias St. Pierre wrote: 3) After the script has succeeded, you can rebase your reformatted branch to the head of the stable branch or to the tag of the most recent release, e.g

[openssl-users] Minimizing the pain of reformatting your OpenSSL patches

2015-03-19 Thread Dr. Matthias St. Pierre
Hello, the upcoming security update imposes a special challenge to all OpenSSL users who maintain their own patch sets. The reason is the code reformat which has taken place in between the last and the upcoming release, which renders existing patches useless.

Re: [openssl-users] FIXED: Minimizing the pain of reformatting your OpenSSL patches

2015-03-19 Thread Dr. Matthias St. Pierre
Hello, my original post contained two typos. Also, the script reversed the order of the commits due to a forgotten '--reverse'. (Probably, it was too late, last night ;) So here comes a repost with all corrections. Sorry for the inconveniences. Regards, msp -- Hello, the upcoming

Re: [openssl-users] question on Alternative chains certificate forgery (CVE-2015-1793)

2015-07-21 Thread Dr. Matthias St. Pierre
Precisely the versions as stated in https://openssl.org/news/secadv_20150709.txt are affected: This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d OpenSSL 1.0.1n/1.0.1o users should upgrade to

[openssl-users] FIPS_drbg_*() are not exported from FIPS capable libeay32.dll on Windows (OpenSSL 1.0.2x and 1.0.1x)

2015-08-26 Thread Dr. Matthias St. Pierre
Dear Mr. Henson, I noticed that for OpenSSL 1.0.2x and 1.0.1x on Windows the FIPS capable libeay32.dll does not export any of the FIPS_drbg_*() functions, although they are officially documented by the OpenSSL FIPS 2.0 User Guide. Is this an oversight or was this done on purpose? (IOW, is it a

Re: [openssl-users] FIPS_drbg_*() are not exported from FIPS capable libeay32.dll on Windows (OpenSSL 1.0.2x and 1.0.1x)

2015-09-02 Thread Dr. Matthias St. Pierre
developers? Thank you in advance, Regards, Matthias St. Pierre On 08/26/2015 05:14 PM, Dr. Matthias St. Pierre wrote: > > Dear Mr. Henson, > > I noticed that for OpenSSL 1.0.2x and 1.0.1x on Windows the FIPS capable > libeay32.dll > does not export any of the FIPS_drbg_*() f

Re: [openssl-users] Dynamically loading OpenSSL on Windows

2016-07-06 Thread Dr. Matthias St. Pierre
s would be to have an OpenSSL API call such as OPENSSL_register_applink(), which could be used by an executable or a shared library likewise. The only problem I see is to add the new api and stay compatible to the old hacky way. Maybe you should open a ticket on the rt for this. Regards, Matthi

Re: [openssl-users] OpenSSL DRBG in FIPS mode confusion.

2017-03-15 Thread Matthias St. Pierre
lags = OPENSSL_DRBG_DEFAULT_FLAGS; openssl-1.0.2k/crypto/rand/rand_lib.c:261:fips_drbg_flags = flags; and you can change it using void RAND_set_fips_drbg_type(int type, int flags). Regards, Matthias St. Pierre -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FIPS 3.0 Canister Status

2018-01-25 Thread Dr. Matthias St. Pierre
You might be interested in the following two blog posts: https://www.openssl.org/blog/blog/2017/07/25/fips/ https://www.openssl.org/blog/blog/2017/08/17/fips/ Matthias On 25.01.2018 16:34, xemdetia . wrote: > Hey all, > > Back in 2016 there was a news post found > https://www

Re: [openssl-users] error: void value not ingored as it to be crypto/err/err_all.c

2018-08-22 Thread Dr. Matthias St. Pierre
Hi Mark, I guess your problem is that you are trying to build OpenSSL 1.1.0 with FIPS. Only OpenSSL 1.0.2 has FIPS support. Regards, Matthias Von: openssl-users Im Auftrag von Mark via openssl-users Gesendet: Mittwoch, 22. August 2018 18:38 An: openssl-users@openssl.org Betreff: [openssl

Re: [openssl-users] openssl 1.0.2 and TLS 1.3

2018-09-11 Thread Dr. Matthias St. Pierre
ture in OpenSSL 1.1.1 which will be released today. OpenSSL 1.0.2 is an LTS release which will only receive security updates and no new features. HTH, Matthias See also https://wiki.openssl.org/index.php/TLS1.3 https://www.openssl.org/policies/releasestrat.html -- openssl-users mailing list

Re: [openssl-users] Enable the FIPS mode in the library level

2018-03-06 Thread Dr. Matthias St. Pierre
Am 05.03.2018 um 20:39 schrieb Alan Dean: > Thanks Matthias for your response. > > I have a different question: > > Per your suggestion in the previous email, FIPS_mode_set() can be > moved inside of OPENSSL_init(), in order to force the FIPS mode > enabled in the libra

Re: [openssl-users] OpenSSL 1.0.2n Build Failed on Windows 32bit Platform

2018-03-13 Thread Dr. Matthias St. Pierre
. https://github.com/openssl/openssl/commits/OpenSSL_1_0_2-stable Regards, Matthias > -Ursprüngliche Nachricht- > Von: openssl-users <openssl-users-boun...@openssl.org> Im Auftrag von Wang > Gesendet: Dienstag, 13. März 2018 10:14 > An: openssl-users@openssl.org > Be

Re: [openssl-users] OpenSSL 1.0.2n Build Failed on Windows 32bit Platform

2018-03-13 Thread Dr. Matthias St. Pierre
Note: If you don't have git available, you can download the sources as a zip archive using the following link: https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable.zip Matthias > -Ursprüngliche Nachricht- > Von: openssl-users <openssl-users-boun...@openssl.org>

Re: [openssl-users] Hashing public keys

2018-03-21 Thread Dr. Matthias St. Pierre
Hello Jan, the canonical way to create the hash of the public key is to use d2i_PUBKEY() to save the public key in (binary) DER format and then calculate the hash of that using EVP_DigestInit()/EVP_DigestUpdate()/EVP_DigestFinal(). Hope that helps, Matthias Am 21.03.2018 um 14:42 schrieb Jan

Re: [openssl-users] Enable the FIPS mode in the library level

2018-03-05 Thread Dr. Matthias St. Pierre
to ensure that the FIPS initialization succeeded. However, an application which is not FIPS-aware won't check the result. * It can happen that applications which have their own configuration and enable/disable FIPS mode explicitely, call FIPS_mode_set(0) afterwards. HTH, Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Enable the FIPS mode in the library level

2018-03-05 Thread Dr. Matthias St. Pierre
On 05.03.2018 11:57, Dr. Matthias St. Pierre wrote: > > However, I am sceptical whether this approach will be accepted, > because there are (at least) two potential problems: > > * Normally, it is mandatory to check the result of FIPS_mode_set() or > FIPS_mode() to en

Re: [openssl-users] Enable the FIPS mode in the library level

2018-03-05 Thread Dr. Matthias St. Pierre
Am 05.03.2018 um 19:55 schrieb Alan Dean: > Thanks a lot Matthias for the suggestion. > > I have few follow-up questions below: > Please see my other replies. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

  1   2   >