Re: rand in Windows

2012-07-05 Thread Thomas J. Hruska
On 7/5/2012 8:07 PM, John wrote: Hello. I have OpenSSL-Win64 version 1.0.1c installed on 64-bit Win7. I am trying to use it to create a random generated file for use in stunnel, using this command openssl rand -out filexyz.rnd -hex 2048 from the Windows CLI. Although it appears to succeed, but

Re: rand in Windows

2012-07-06 Thread Thomas J. Hruska
On 7/5/2012 8:56 PM, John wrote: Thomas J. Hruska shineli...@shininglightpro.com wrote in message news:4ff658d9.2010...@shininglightpro.com... On 7/5/2012 8:07 PM, John wrote: Hello. I have OpenSSL-Win64 version 1.0.1c installed on 64-bit Win7. I am trying to use it to create a random

Re: Building an exportable OpenSSL application

2012-10-16 Thread Thomas J. Hruska
On 10/16/2012 7:25 AM, Charles Mills wrote: I have a Windows-only OpenSSL application developed in VS 2010. I have now been tasked with creating parallel regular and exportable (from the US) distributions of the application. I UNDERSTAND YOU CAN'T GIVE LEGAL ADVICE. I'M ONLY LOOKING FOR

Re: error while generating Certificate Signing Request

2012-10-23 Thread Thomas J. Hruska
On 10/23/2012 7:22 AM, Sanford Staab wrote: It looks like your missing the openssl.cnf file or maybe the my_key.key file. Double check your config file and command line parameters. From: PRIYARANJAN NAYAK Sent: Tuesday, October 23, 2012 3:03 AM To: openssl-users@openssl.org Subject: error

Re: I can't believe how much this sucks

2012-11-18 Thread Thomas J. Hruska
On 11/13/2012 11:34 AM, Sanford Staab wrote: I have been struggling with openssl for a few months now writing batch scripts on windows trying to make a .net web client with a client certificate work with 2-way ssl against an apache web server. Do you guys just want to continue to answer

Re: End of the line for OpenSSL Fips?

2013-07-18 Thread Thomas J. Hruska
On 7/18/2013 12:14 PM, Steve Marquess wrote: On 07/18/2013 12:53 PM, Nou Dadoun wrote: Just as a short comment, our fips/non-fips usage could probably satisfy this requirement; we wrap openssl in an external api that routes through a function pointer table. Then at run-time we can fill in the

Re: DLL hell

2013-08-16 Thread Thomas J. Hruska
On 8/15/2013 10:24 AM, Nico Williams wrote: Hi, I'm sorry if this has all been discussed extensively before. A brief search for DLL hell in the archives turns up disappointingly (and surprisingly) little. I do see a thread with messages from my erstwhile colleagues at Sun/Oracle, so I know

Re: applying openssl patch

2014-01-07 Thread Thomas J. Hruska
On 1/7/2014 5:50 AM, Sravanthi wrote: Hi, I'm using binary of the openssl for windows. I download the binary from the openssl site. How should I be applying the vulnerability patches on windows if I use binaries? Thanks, Sravanthi New binaries are available now. Might have to refresh the

Re: Permanent error with binary OpenSSL installed

2014-01-27 Thread Thomas J. Hruska
On 1/26/2014 12:39 PM, Norbert Kailan wrote: Whatever I want to do appears an error message and the command is not executed: “Unable to load config info from /usr/local/ssl/openssl.cnf “. There is no such file after installation! Reboot your computer. This is a known but rare issue that only

Re: Installation Win32 Borland5.5 openssl-1.0.1f

2014-02-09 Thread Thomas J. Hruska
On 2/9/2014 5:27 AM, Ian Rye wrote: I am new to the mailing list so please forgive me if this request is inappropriate. I have followed the instructions from INSTALL.W32 as follows Borland C++ builder 5 - * Configure for building with Borland Builder: perl Configure

Re: [Bulk] Re: Installation Win32 Borland5.5 openssl-1.0.1f

2014-02-10 Thread Thomas J. Hruska
On 2/9/2014 9:18 PM, Gisle Vanem wrote: Thomas J. Hruska shineli...@shininglightpro.com wrote: If this ends up being a bug that won't be fixed, then my recommendation is to build it against VC++. Borland has two command-line tools called 'impdef' and 'implib' bundled with their compiler suite

Re: Facing issues: executing openssl cmd in Windows 2012 server alone

2014-02-26 Thread Thomas J. Hruska
On 2/25/2014 6:21 AM, pachaiyappan R wrote: Hi , snip but the same cmd executing successfully in windows 2008 server. the successfully run cmd like as below *C:\Users\Administratoropenssl* *WARNING: can't open config file: E:\pachi\openssl/ssl/openssl.cnf* *OpenSSL version* *OpenSSL

Re: Openssl 1.01f installs broken headers using VC++ 2013

2014-03-05 Thread Thomas J. Hruska
On 3/5/2014 3:36 PM, Jeremy Farrell wrote: From: Michael Wojcik [mailto:michael.woj...@microfocus.com] Sent: Wednesday, March 05, 2014 9:33 PM From: Robin Rowe Sent: Wednesday, 05 March, 2014 14:55 Trying to build Qt with openssl. Built openssl with VC++ 2013 without incident. However, the

Is the OpenSSL Foundation website's SSL setup configured incorrectly?

2014-04-03 Thread Thomas J. Hruska
This works fine: http://opensslfoundation.org/ This raises a certificate warning (Firefox): https://opensslfoundation.org/ opensslfoundation.org uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. The certificate is only valid for the

Re: OpenSSL version 1.0.1g fails to link on Win32

2014-04-10 Thread Thomas J. Hruska
On 4/9/2014 8:03 PM, Jeremy Farrell wrote: Googling check_winnt suggests openssl/e_os.h. findstr /sic:check_winnt * Is, IMO, easier and more informative than using Google. Results in: apps\apps.c:if (check_winnt()) crypto\bio\bss_log.c: if (check_winnt()) crypto\cryptlib.c:

Re: [FWD] openssl command propt

2008-07-04 Thread Thomas J. Hruska
Lutz Jaenicke wrote: Forwarded to openssl-users for public discussion Best regards, Lutz - Forwarded message from richard jonik [EMAIL PROTECTED] - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;

Re: [FWD] Not able to use openssl

2008-07-04 Thread Thomas J. Hruska
Lutz Jaenicke wrote: Forwareded to openssl-users for public discussion Best regards, Lutz - Forwarded message from Satya Narayan [EMAIL PROTECTED] - DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;

Re: x509 bug? unable to load certificate

2008-07-10 Thread Thomas J. Hruska
Frank J. Iannarilli wrote: Hi, I tried using both the Win32 v0.9.8g and v0.9.8h (along with Shining Light's Visual C++ 2008 Redistributable install) binaries, to no avail. Here's the problem: openssl x509 -inform DER -in smime.p7s -text unable to load certificate

Re: Win32 OpenSSL v.0.9.8g

2008-08-05 Thread Thomas J. Hruska
Ariel Sanchez wrote: Good afternoon, sir. Using v.0.9.8g, on Windows XP SP3 (FTP Server), logged in as Local Administrator account. I was hoping to get some insight as to why I am getting the following errors (I hope you can see these screen shots) I tried the g version since v.0.9.8h was

Re: OpenSSL executable for Windows 2003 (32 bit)

2008-09-08 Thread Thomas J. Hruska
Earhart, Darrel wrote: Hello, We are trying to mass install the Win32OpenSSL-0_9_8g.exe OpenSSL program on 3000+ Windows 2003 server systems across multiple datacenters using a combination of SMS and group policy. The problem is that SMS/group policy launches a cmd.exe process to kick off the

Re: Dynamically loading openSSL dlls

2008-09-10 Thread Thomas J. Hruska
Raymond Zhou wrote: Hi there, My goal is to modify axis2/c so that I can load the openSSL dlls at runtime, this means that I will need the dlls to exist in the class path only if my web service calls require SSL communication. The AXIS2/c mainly calls the openSSL apis starting with SSL_, like

Re: OpenSSL executable for Windows 2003 (32 bit) - Unattended Install

2008-09-10 Thread Thomas J. Hruska
Joe Steorts wrote: Hi, I am trying to install Win32OpenSSL-0_9_8g.exe on Windows 2003 server with an uattended install. I saw the exchange shown below at http://www.nabble.com/OpenSSL-executable-for-Windows-2003-(32-bit)-td19367245.html . I downloaded Win32OpenSSL-0_9_8g.exe and

FIPS fail

2008-10-01 Thread Thomas J. Hruska
Feel free to follow along with this e-mail: http://www.slproweb.com/download/bad_openssl.zip I just zipped up the contents of the 'out32dll' directory. What you see is what I've got in my out32dll directory. And now onto the main part of the e-mail. This is my first time building FIPS

FIPS 0.9.8

2008-10-02 Thread Thomas J. Hruska
One thing I forgot to ask about my FIPS issues: Is FIPS 0.9.8x-compatible/compliant? Based on everything I've read, I am under the impression that only 0.9.7m is compatible/compliant and that the team is still working on 0.9.8. -- Thomas Hruska Shining Light Productions Home of BMP2AVI,

Re: FIPS fail

2008-10-02 Thread Thomas J. Hruska
Thomas J. Hruska wrote: Feel free to follow along with this e-mail: http://www.slproweb.com/download/bad_openssl.zip I just zipped up the contents of the 'out32dll' directory. What you see is what I've got in my out32dll directory. And now onto the main part of the e-mail. This is my

Re: FIPS fail

2008-10-03 Thread Thomas J. Hruska
Dr. Stephen Henson wrote: On Thu, Oct 02, 2008, Thomas J. Hruska wrote: Thomas J. Hruska wrote: Needless to say, given the lack of response and further web searching reveals issues with older VC++ linkers core dumping(?) against the latest MinGW and I've already put forth 30+ hours

Re: Year 2038 problem

2008-10-06 Thread Thomas J. Hruska
Philipp Gühring wrote: Hi, The biggest Problem with the Y2038 problem I see is that most people believe that it will go away due to the migration to 64 Bit machines. But this isn't going to happen. We have to start fixing 2038 now, also for all our 32 Bit platforms, 16 Bit platforms and 8 Bit

Re: OpenSSL 0.9.7m Link Failure w/FIPS

2008-10-09 Thread Thomas J. Hruska
pbirk wrote: I'm getting the following error after following the steps in the FIPS users guide to compile on Windows at this link: http://openssl.org/docs/fips/UserGuide-1.1.1.pdf. I'm using FIPS 1.1.2 with OpenSSL 0.9.7m. I do ms\do_ms (tried with ms\do_nasm as well), then nmake -f

Re: Microsoft Visual C++

2008-10-10 Thread Thomas J. Hruska
Michael Luich wrote: Hello, I'm trying to compile in Microsoft Visual C++ Express and I'm getting linker errors like: error LNK2019: unresolved external symbol _BIO_gets referenced in function char * __cdecl sr_encrypt(char *,struct _iobuf *) (?sr_encrypt@ @YAPADPADPAU_iobuf@@@Z) I got the

FIPS 1.2 Security Policy issues

2008-11-24 Thread Thomas J. Hruska
According to the FIPS 1.2 Security Policy, Appendix A, Platform 8 cannot be built as FIPS compliant because 'x84-64 asm' is a non-existent platform. There is no such thing as x84. It should say 'x86-64 asm'. Validation, from what I understand, only covers those platforms listed.

Re: FIPS 1.2 Security Policy issues

2008-11-25 Thread Thomas J. Hruska
Steve Marquess wrote: Thomas J. Hruska wrote: According to the FIPS 1.2 Security Policy, Appendix A, Platform 8 cannot be built as FIPS compliant because 'x84-64 asm' is a non-existent platform. There is no such thing as x84. It should say 'x86-64 asm'. Validation, from what I understand

Re: does this multi-domain cert config work?

2008-12-14 Thread Thomas J. Hruska
Tom Worster wrote: kyle, thank you for your comments. that's very helpful. i'm unsure now which name to use as common name and which names to put in subjectAlternativeName. what are the considerations? thanks for mentioning startcom. i looked at them a few weeks ago but couldn't determine if

Interesting article

2008-12-30 Thread Thomas J. Hruska
I know MD5 was broken ages ago but this article expands on the theme - make your own legitimate-looking root CA: http://www.crunchgear.com/2008/12/30/md5-collision-creates-rogue-certificate-authority/ -- Thomas Hruska Shining Light Productions Home of BMP2AVI, Nuclear Vision, ProtoNova, and

Re: Interesting article

2009-01-02 Thread Thomas J. Hruska
Kyle Hamilton wrote: The fact that root certificates are NEVER trusted, under X.509, unless they're already in the client store (or are added as a specific security exception). These are a special class of certificates called trust anchors (technically, the trust anchor is the public key; the

Re: OpenSSL Security Advisory

2009-01-07 Thread Thomas J. Hruska
Kyle Hamilton wrote: I got the notice of the release several hours after the security advisory. Not sure what happened, but I've since received it. Thank you, Dr Henson and everyone who works on OpenSSL! -Kyle H On Wed, Jan 7, 2009 at 5:23 PM, Giang Nguyen cau...@hotmail.com wrote: Does the

Re: Problems with decrypting using openssl-0.9.8b and windows 64 (x64). Same test works on windows 32 bit os

2009-01-09 Thread Thomas J. Hruska
Mark Allison wrote: Problems with decrypting using openssl-0.9.8b and windows 64 (x64). Same test works on windows 32 bit os. My first recommendation would be to try the LATEST version of OpenSSL. A lot of things have changed since that version and the version you are linking against has

Re: Uninstall Problems

2009-01-11 Thread Thomas J. Hruska
Ben Dimick wrote: I hope I'm coming to the right place for this. I installed OpenSSL on my Vista box and found after I uninstalled that SSL no longer worked on any of my apps besides Firefox (https on I.E., WebEx, etc). I found this odd, but I haven't yet found a way to fix it. Is this

Re: Uninstall Problems

2009-01-12 Thread Thomas J. Hruska
Ben Dimick wrote: Thanks for the tips. I thought this seemed strange, but it was the only culprit I could produce. I had previously tried reinstalling the binaries and had no success. I decided to try again because I think it was the light installed I tried the second time. I did the full

Re: About OpenSSL 0.9.8d to 0.9.8h Upgrade

2009-02-09 Thread Thomas J. Hruska
Chidambar Kulkarni1 wrote: Hello, We are planning for upgrading the OpenSSL libraries which are used in our application. Currently we are using OpenSSL version 0.9.8d and now we are planning for a upgrade. What would you suggest us to upgrade to 0.9.8h or 0.9.8j? Will that be backward

Re: OpenSSL - libeay32.dll

2009-03-29 Thread Thomas J. Hruska
shankar wrote: Hi All, could you please point me to a link where i can get openssl dll LIBEAY32.DLL, built with VC++ 2006 . Note that all latest versions available are built using VC++ 2008 which is not compatible with my application, Regards, Shankar You can always build it

Re: OpenSSL 1.0.0 beta 1 released

2009-04-01 Thread Thomas J. Hruska
OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0 Beta 1 OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ OpenSSL is currently in a release cycle. The first beta is now released. The beta release

Re: OpenSSL 1.0.0 beta 1 released

2009-04-01 Thread Thomas J. Hruska
Kyle Hamilton wrote: I will simply remind you of the following piece of the (signed) announcement: Oh and to those who have noticed the date... the joke is that it isn't a joke. -Kyle H Doesn't matter if it is signed (I noticed that, BTW). April 1st is all about looking as legit as

Re: openssl in apache on windows

2009-04-21 Thread Thomas J. Hruska
Tirtza Bernstein wrote: Hello, I installed apache with openssl on windows. When I try to use openssl command line I get the following error Can't open config file /usr/local/ssl/openssl.cnf How do I change the location where it looks for the config file? Thanks Set OPENSSL_CONF.

Re: stunnel crashes with weak certificates... could it be OpenSSL?

2010-02-12 Thread Thomas J. Hruska
Roger Cruz wrote: I posted the following message in the stunnel group. I'm following that posting here because I believe this may be an issue with the underlying library which is OpenSSL. Is there a known issue with certificates for version 0.9.8b that are aware of? What version of OpenSSL

Re: OpenSSL 1.0.0 released

2010-03-29 Thread Thomas J. Hruska
OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0 released == Congratulations! It has been many years in the making, but this is a HUGE milestone for OpenSSL and everyone has worked hard to get this product to its current

Crash bug in 0.9.8n

2010-04-25 Thread Thomas J. Hruska
Running 'openssl s_client' on 0.9.8n without any additional arguments crashes openssl.exe. -- Thomas Hruska Shining Light Productions Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. http://www.slproweb.com/ __

Re: Crash bug in 0.9.8n

2010-04-25 Thread Thomas J. Hruska
Victor Duchovni wrote: On Sun, Apr 25, 2010 at 06:58:06PM -0700, Thomas J. Hruska wrote: Running 'openssl s_client' on 0.9.8n without any additional arguments crashes openssl.exe. On a Linux system it reports a connection refused (to localhost:4433) I realized after sending the e-mail

Re: Why 2 DLL's for building OpenSSL

2010-07-05 Thread Thomas J. Hruska
Anil Tambe wrote: by 2 dlls .. do you mean libssl and libcrypto ? Actually they are named: ssleay32.dll and libeay32.dll. To get 'libssl', I copy ssleay32.dll to libssl32.dll during installation (they are the same thing). -- Thomas Hruska Shining Light Productions Home of BMP2AVI and

Re: openssl-0.9.8q.tar.gz corrupted.

2010-12-04 Thread Thomas J. Hruska
On 12/3/2010 6:28 AM, Brent Evans wrote: It would appear that the opensll-0.9.8q.tar.gz file is corrupt. un-tar fails. Cheers, Brent I can confirm this with an out-of-date version of 7-Zip (v4.65 - yeah, don't ask) as well as the latest stable version of 7-Zip (v9.20) - I get a There are

Re: Error with Win32OpenSSL-1_0_0d and net-snmp-5.5.0-1.x86 on Windows.

2011-03-18 Thread Thomas J. Hruska
On 3/18/2011 10:10 AM, Samuel Mutel wrote: Hello, I have installed Win32OpenSSL-1_0_0d and net-snmp-5.5.0-1.x86 on a Windows server. When I launch Net-SNMP, it stop immediately and I have this message on event log : Faulting application snmpd.exe, version 0.0.0.0, faulting module unknown,

Re: Questions: Building crypto libraries to link with Visual C++

2011-07-13 Thread Thomas J. Hruska
On 7/12/2011 6:34 AM, Jeffrey Walton wrote: On Tue, Jul 12, 2011 at 9:03 AM, rick freitagquizzki...@gmail.com wrote: Questions include: Why do I need ActivePerl not plain Perl? I am only using the Cryptolibrary functions from Visual C++. Sorry to go offlist - I don't know the answer. But

TLS 1.0 cracked...

2011-09-21 Thread Thomas J. Hruska
The Register published an article yesterday that some people here might be interested in on TLS 1.0 being cracked: http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ The Register points their Finger of Blame right at OpenSSL. Of course, a lot of places then blew this out of

Re: OpenSSL Security Advisory

2012-01-19 Thread Thomas J. Hruska
On 1/19/2012 10:59 AM, John A. Wallace wrote: The windows binaries do not appear to have been upgraded yet. It is possible that some of them are affected, I should think. Thanks. They are up now. -Original Message- From: owner-openssl-annou...@openssl.org [mailto:owner-openssl-

Re: Successfully building openssl-1.0.1 with Microsoft Visual Studio.

2012-03-23 Thread Thomas J. Hruska
On 3/23/2012 12:53 AM, jeremy hunt wrote: This posting is to help people to build OpenSSL 1.0.1 with Microsoft Visual Studio. It may also indicate a required change to the build instructions for Microsoft Visual Studio. Summary: -- I found I needed to install the Windows SDK and

Re: OpenSSL 1.0.1b released

2012-04-26 Thread Thomas J. Hruska
On 4/26/2012 5:10 AM, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1b released === Heads up warning: This archive under 7-Zip 9.20 (latest stable) displays a There are no trailing zero-filled records error dialog but

Re: Windows Installation of OpenSSL

2012-05-11 Thread Thomas J. Hruska
On 5/11/2012 9:00 AM, John wrote: Hello. When using the Win32 OpenSSL v1.0.1c 16Mb Installer from here http://slproweb.com/products/Win32OpenSSL.html, I am given the option ner the very end of the installation to Copy OpenSSL DLLs to either the Windows system directory or the OpenSSL binaries

Re: Win32OpenSSL.html

2012-06-20 Thread Thomas J. Hruska
On 6/20/2012 11:12 AM, John wrote: John A. Wallace jw72...@verizon.net wrote in message news:00a701cd4f01$2b569ab0$8203d010$@net... Hello. In this instance I am using 64-bit Win7 on a laptop in a home network. When I downloaded this version of OpenSSL

Re: Hiding headers for OpenSSL

2006-08-21 Thread Thomas J. Hruska
David Schwartz wrote: The long version: We run security check software, which makes connections with various services, calls up the header, and then tells us that based upon the version it read in the header, this service has certain vulnerabilities. You mean it might have certain

Re: Hiding headers for OpenSSL

2006-08-21 Thread Thomas J. Hruska
Thomas J. Hruska wrote: David Schwartz wrote: The long version: We run security check software, which makes connections with various services, calls up the header, and then tells us that based upon the version it read in the header, this service has certain vulnerabilities. You mean

Re: Hiding headers for OpenSSL

2006-08-21 Thread Thomas J. Hruska
[EMAIL PROTECTED] wrote: Blocking the version number is worse than reporting stale version information. At least they can determine a minimum security level. Incorrect information cuts both ways, helping the hacker and legitimate user at the same time. Better to prefer the legitimate user's

Re: 2 is not prime?

2007-03-07 Thread Thomas J. Hruska
Stephan V Bechtolsheim wrote: To be sure we should use another library: $ cat gmp5.c #include stdio.h #include gmp.h ... To be sure one needs to go back to the mathematical definition of what is a prime. To use a program as proof is really not a proof. What you have proven is that GMP is

Re: 2 is not prime?

2007-03-07 Thread Thomas J. Hruska
Thomas J. Hruska wrote: Stephan V Bechtolsheim wrote: To be sure we should use another library: $ cat gmp5.c #include stdio.h #include gmp.h ... To be sure one needs to go back to the mathematical definition of what is a prime. To use a program as proof is really not a proof. What you have

Re: Visual C++ and openssl

2007-04-06 Thread Thomas J. Hruska
gary clark wrote: Hiya, I am trying to build a simple client and server which is proving not to be so simple in visual c++. I am using the s_server.c file in openssl/apps and have pulled in the following libs. wsock32.lib advapi32.lib gdi32.lib user32.lib what other libs and possibly .dll do

Re: use ssl for ssh transport layer (not proxy bypassing)

2007-07-02 Thread Thomas J. Hruska
David Latil wrote: I have a somewhat bizarre project on my plate. I have been tasked to come up with a secure proxy of sorts that uses SSH over SSL (I mean to actually encrypt SSH with SSL, not just tunnel through a proxy). In the end, we would be using port forwarding over SSH for HTTP

Re: use ssl for ssh transport layer (not proxy bypassing)

2007-07-03 Thread Thomas J. Hruska
David Latil wrote: The problem: we simply have a web application running that we are trying to provide encryption and authentication. An idea was pitched of a proxy of sorts that would allow not just http traffic, but others through this tunnel securely. It was pitched specifically as ssh over

Re: cross platform issues with openssl-fips

2007-07-16 Thread Thomas J. Hruska
Elia, Leonard F. wrote: Hello All, I built OpenSSL with the FIPS module, and after a few issues built it successfully on Solaris 10 (using Sun cc) and on Windows using MinGW. Each works fine on its own platform, but if I encrypt on Solaris 10, I get decryption errors on Windows, and vice

Re: FIPS

2007-07-18 Thread Thomas J. Hruska
Stan wrote: Hi guys, We used to use 0.9.8 Openssl on Linux platform. We want to use FIPS now. We did following to make FIPS mode work: - library is linked statically because FIPS cannot be implemented as shared library - we had to make little work around to link FIPS using C compiler because

Re: How to create an open-ssl executable file?

2007-08-14 Thread Thomas J. Hruska
jimmy bahuleyan wrote: Ines Alvarez wrote: Hi all, I searched in the site and I couldn´t find an executable of the files, they are all source code Is there any website where I can download this executable file, or a tutorial telling the instructions to compile the code? download source code

SSL_peek vs. SSL_pending...

2007-08-24 Thread Thomas J. Hruska
Here's what I want to do: select() on the underlying socket. IF select() says data is available to be read, let OpenSSL manage processing that data but not block even if the socket is blocking. Check to see if SSL_read() will succeed instantly by calling SSL_pending(). IF SSL_pending()

Re: SSL_peek vs. SSL_pending...

2007-08-24 Thread Thomas J. Hruska
David Schwartz wrote: What I want to know is how do I tell OpenSSL that it is okay to do some processing of socket data but not block even with blocking sockets? You are asking for the impossible. There is no way to be sure a socket operation will not block other than to set the socket

Re: SSL_peek vs. SSL_pending...

2007-08-24 Thread Thomas J. Hruska
David Schwartz wrote: MSDN Library documents select() as being exactly as I describe: http://msdn2.microsoft.com/en-us/library/ms740141.aspx (See the description of when readfds returns). So now that the matter you describe has been cleared up, answer the question. You misunderstand the

Re: SSL_peek vs. SSL_pending...

2007-08-24 Thread Thomas J. Hruska
David Schwartz wrote: Which part of For other sockets, readability means that queued data is available for reading such that a call to recv, WSARecv, WSARecvFrom, or recvfrom is _guaranteed not to block_. do you not understand? It means a hypothetical concurrent call, not a future actual call.

Re: SSL_peek vs. SSL_pending...

2007-08-24 Thread Thomas J. Hruska
David Schwartz wrote: David Schwartz wrote: Which part of For other sockets, readability means that queued data is available for reading such that a call to recv, WSARecv, WSARecvFrom, or recvfrom is _guaranteed not to block_. do you not understand? It means a hypothetical concurrent call,

Re: SSL_peek vs. SSL_pending...

2007-08-28 Thread Thomas J. Hruska
Darryl Miles wrote: Steffen DETTMER wrote: this is an interesting topic. I hope it is OK to bother again even if off-topic. This topic has been covered before on this list. I do not share David's beliefs on this matter, the select() readability and writability indicators are indeed sticky.

Re: Short question about freeing memory

2007-08-31 Thread Thomas J. Hruska
Martin Salo wrote: Hello Mailinglist, I have a RSA key written to memory. How can I free the memory? oBIO = BIO_new(BIO_s_mem()); PEM_write_bio_RSAPrivateKey(oBIO, oRsaKey, 0, 0, 0, 0, 0); char *cMem; iBytesWritten = BIO_get_mem_data(oBIO, cMem); cMem[iBytesWritten] = '\0'; // How can I

Re: C++ compatability

2007-09-11 Thread Thomas J. Hruska
Saju Paul wrote: is the compile error on the header file (asn1.h) or at the call ? copy and paste the error include any necessary code. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin - ACD Sent: Tuesday, September 11, 2007 2:55 PM To:

Re: C++ compatability

2007-09-11 Thread Thomas J. Hruska
Saju Paul wrote: It is very clear that you Thomas have never ever used the hmac routines !! Oops. And you're right. I've never used them. Just looked them up (lazy me). Definitely requires the openssl/hmac.h file (but it never hurts to include the others - particularly the err.h file).

Re: OpenSSL 0.9.8f Win32 Compile Error

2007-10-21 Thread Thomas J. Hruska
I am trying to compile version 0.9.8f for Windows, using VC++ 6.0, ActivePerl, and MASM 6.15.8803. I am following the instructions in INSTALL.W32, which works fine for the previous 0.9.8f build, but when I get to the point of running nmake -f ms\ntdll.mak I get the following errors in 0.9.8f:

Re: OpenSSL 0.9.8f Win32 Compile Error

2007-10-22 Thread Thomas J. Hruska
Thomas J. Hruska wrote: I am trying to compile version 0.9.8f for Windows, using VC++ 6.0, ActivePerl, and MASM 6.15.8803. I am following the instructions in INSTALL.W32, which works fine for the previous 0.9.8f build, but when I get to the point of running nmake -f ms\ntdll.mak I get

Re: OpenSSL How to redistribute as part of our application

2007-10-29 Thread Thomas J. Hruska
Bernhard Froehlich wrote: Dave Bound schrieb: Hi Can anyone tell me how to deploy the necessary OpenSSL files as part of a Win32 application? The app is deployed using a Windows Installer EXE. I’m not particularly familiar with how this works, but it has been suggested that an OpenSSL

Re: OpenSSL How to redistribute as part of our application

2007-10-30 Thread Thomas J. Hruska
Dave Bound wrote: Is there a way to use Win32 OpenSSL in silent mode? The installer is Innosetup-based. Read the docs for Innosetup on several command-line switches that Innosetup has for silent installs. You should make sure you display a compatible license agreement to your users when

Re: OpenSSL How to redistribute as part of our application

2007-10-30 Thread Thomas J. Hruska
Dave Bound wrote: Not everyone can use the default build of OpenSSL. Can you point me at some docs which will allow me to ascertain whether I fall into the 'not everyone' category? -Original Message- From: Thomas J. Hruska [mailto:[EMAIL PROTECTED] Sent: Tuesday 30 October 2007 10:56

Re: Vista 64 bit

2007-12-31 Thread Thomas J. Hruska
Gunivortus Goos wrote: Hello yueyue, it could be compiled as 64 bit version. That would be great. I compiler openSSL as 64bit for Vista, but the performance is nearly half of 32 bit version. Hmm... Why is that? I can't do it myself, don't know anything about such technical things, am

Re: Vista 64 bit

2007-12-31 Thread Thomas J. Hruska
Gunivortus Goos wrote: Hello Thomas, You could try building a 64-bit target using Visual C++ 2008 Express (free) and NASM (also free). ??? I'm sorry, I never did any programming, never any compiling, I'm just an enduser, using payware, shareware and freeware programs, that are already

Re: Vista 64 bit

2008-01-01 Thread Thomas J. Hruska
G.W. Haywood wrote: Hi there, On Mon, 31 Dec 2007, Thomas J. Hruska wrote: If you absolutely have to have a 64-bit build (i.e. 32-bit doesn't work), wait a few weeks. I'm planning on purchasing and installing Microsoft Visual Studio Professional 2008 out of my own pocket (since almost no one

Re: Vista 64 bit

2008-01-01 Thread Thomas J. Hruska
Gunivortus Goos wrote: Hello Thomas, After downloading I ran the install and ready it was. However, being a MS Windows user, I usually don't read all textfiles, supposing it works too without that. ;-) It should. Just installing it should cause any software that depends on it to function

Re: Vista 64 bit

2008-01-01 Thread Thomas J. Hruska
Jeffrey Altman wrote: Thomas J. Hruska wrote: I'm holding back from a 64-bit build of the Win32(?) OpenSSL installer for another couple weeks because I need to purchase Visual Studio Professional 2008 (i.e. I can't use VC++ Express) for various reasons and my development computer gets unhappy

Re: [!! SPAM] RE: Re[2]: Vista 64 bit

2008-01-07 Thread Thomas J. Hruska
David Schwartz wrote: Of course, for the reasons I told, I did not subscribe to: openssl-dev open subscribers Discussions on development of the OpenSSL library. Note that this is for development *of* *OpenSSL*. Just like the OpenSSL users list is for users *of* *OpenSSL*. Pretty sure you're

Re: SSL != HTTPS ???

2005-04-02 Thread Thomas J. Hruska
a perfectly secure anonymous connection to a server. Richard was quite right in saying you can have the server require a client certificate to connect (making it a non-anonymous client). Thomas J. Hruska [EMAIL PROTECTED] Shining Light Productions Home of the Nuclear Vision scripting language

Re: Windows instalattion

2005-04-18 Thread Thomas J. Hruska
the discussion off-list. This list is OpenSSL-specific and you are discussing details of the Win32 OpenSSL default-build binaries. Once you are up and running with the Win32 binaries, then this list becomes handy for the programming end of things. Thomas J. Hruska [EMAIL PROTECTED] Shining Light

Win32 OpenSSL is recommended by PayPal...

2005-04-18 Thread Thomas J. Hruska
some people here might also find it interesting. Maybe we could formalize this into a press release of some sort for the main page (and maybe the binaries page) - it is really good PR material for both OpenSSL and Win32 OpenSSL. Thomas J. Hruska [EMAIL PROTECTED] Shining Light Productions Home

Unusual NMAKE warning.

2005-06-01 Thread Thomas J. Hruska
Platform SDK, using a MASM build. This is part of a huge automated build sequence, but the warning occurs when attempting to run nmake -f ms\nt.mak. OpenSSL seems to build just fine, but the warning could be meaningful. Thomas J. Hruska [EMAIL PROTECTED] Shining Light Productions Home

Re: question about compiling in windows XP

2005-06-06 Thread Thomas J. Hruska
Mark wrote: I am using MS Visual Studio 2003, and am trying to compile OpenSSL 0.9.7g. I am following the instructions provided in the file - INSTALL.W32. I get to the point where the instructions say: Then from the VC++ environment at a prompt do: nmake -f ms\ntdll.mak I am not sure how

0.9.8 ideas and a minor bug found in Beta4.

2005-06-07 Thread Thomas J. Hruska
Whoever added the RC resource information to the source tree for the 0.9.8 Win32 build, major kudos from my corner. That will get a number of people off my case on the Win32 binaries. Of course, the natural thing people are going to want next is version information for all of the .exe files.

Re: Getting sockaddr_in structures from a BIO or SSL struct.

2005-06-26 Thread Thomas J. Hruska
mclellan, dave wrote: Unless you have a specific reason to use BIOs, you can do a regular accept() Typical reason to use BIOs: Cross-platform portability. I recommend using BIOs whenever someone uses the pre-built Win32 OpenSSL Installation Project binaries and they have difficulties.

Re: Creating certs for others (without their private keys)

2005-07-03 Thread Thomas J. Hruska
Tan Eng Ten wrote: But how??? Could you give an example please (of [a] creating, and [b] signing a req)? How is in the HOWTO (http://www.openssl.org/docs/HOWTO/) Or just use the Perl script that ships with OpenSSL called CA.pl (Required at least Perl 5.6.x to be installed). Thomas Hruska

Re: [ANNOUNCE] OpenSSL 0.9.8 released

2005-07-06 Thread Thomas J. Hruska
Richard Levitte - VMS Whacker wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8 released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce

Re: BC-32 dll

2005-07-06 Thread Thomas J. Hruska
[EMAIL PROTECTED] wrote: Hi there, I've finaly compiled 0.9.8 under BCB win32 (Yay!) and now wondering is there any way do make dlls instead of .libs? If you are using the default build of OpenSSL: http://www.slproweb.com/products/Win32OpenSSL.html It comes with pre-built binaries and

Re: openssl-0.9.8 will not compile on MinGW

2005-07-06 Thread Thomas J. Hruska
Jim Mosier wrote: I am not sure what I did different, but my environment is: WindowsXP Pro MinGW 3.1.0 ActiveState Perl 5.8.7 ms\mingw32 no-asm complies cleanly and produces the DLL files. Hmm... On 7/6/05, Frank Buttner [EMAIL PROTECTED] wrote: So here the output:

Re: openssl-0.9.8 will not compile on MinGW

2005-07-06 Thread Thomas J. Hruska
Frank Buttner wrote: I have try Version openssl-0.9.7g this compile without any problems. So i think it is not a problem with the path ms\mingw32 no-asm complies cleanly and produces the DLL files. C:\c++\OpenSSL\openssl-0.9.8ms\mingw32 Okay, assume the paths are fine. The two command

  1   2   >