Re: Unabe to create multiple certificates from a single self-signed CA.
Hi Mick, I want to create 5 certificates from a single self-signed CA. I 've been able to create 3 certificates as of now. However, only the first certificate of mine is working with the root certificate, the other 2 are not working. Could you please explain what do you mean by not working? The certificate sent in the message to the phone is not getting accepted by the phone. The phone must respond to the certificate message if it has received the certificate. In the case with the first working certificate the phone responds to this message and hence is a proof that the first certificate is correct. So the problem is with the 2nd and 3rd certificate. The later 2 certificates are created from the same CA.crt and CA.key as were used to create the first certificate. The differences that lie with all the 3 certificates are as below: 1. Common Name 2. Subject and DNS name in the SubjectAltName 3. Serial Number of the certificates. (with number 2 and 3 choosen for the later created 2 certificates) Frankly. I do not how to create multiple certifiacates from a single self-signed CA. Please some one guide me in this. Also, my CA.crt and CA.key have already been flashed to the device, so I do not have any option of re-creating the CA.crt and CA.key. I saw some where on a post that separate CA.keys need to be developed as well for creating multiple certificates. Is this true? Not as far as I know - what you need is separate user keys. You generate a new user key and you use this to sign a csr, e.g.: $ openssl genrsa -des3 -out user2_key.pem 2048 $ openssl req -new -key user2_key.pem -out user2_req.pem Infact, I did exactly the same with the same commands. I generated the new user keys and the new csrs for the 2nd and 3rd certificate. Then you use your CA.crt and your CA.key to sign the user2_cert.csr with: $ openssl x509 -req -in user2_req.pem -days 365 -CA CA.crt -CAkey \ CA.key -set_serial 01 -out user2_cert.pem That should create a new SSL certificate, signed by your CA, valid for one year, for user2. Repeat for user3 to user5. Of course, there's more than one ways to skin a cat - the above is just one of them. It depends how many certs you will be creating over time; setting up a /etc/ssl/openssl.cnf file with your default settings will help automate the process and minimise the option entries on the command line. -- Regards, Mick Did exactly the same. Would you like to have a look of the certificates to find out what exactly is missing? Regards, Rajat
Problem with liebeay32d.lib (Link error in VS 2002)
Hi, I am trying to compile a project in VS 2002 that has openSSL 0.9.7b dependency. I could generate the lib files from the openSSL source. But, I could not find any libeay32d.lib file in c:\openssl\out32dll folder. I have rename the libeay32.lib file to libeay32d.lib and added the out32dll as VC++ directory, but when I am trying to compile it from VS 2002, it's giving link error that it can't open libeay32d.dll file. I am trying to compile a legacy code that used Visual Studio 2002 and has dependency on openSSL 0.9.7b. I also tried later versions of openSSL 0.9.7 without success. Can you help me there? Thanks. Joydip -- Life is Beautiful __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Unabe to create multiple certificates from a single self-signed CA.
On Wednesday 23 May 2007 08:05, Rajat Dudeja wrote: Could you please explain what do you mean by not working? The certificate sent in the message to the phone is not getting accepted by the phone. The phone must respond to the certificate message if it has received the certificate. In the case with the first working certificate the phone responds to this message and hence is a proof that the first certificate is correct. So the problem is with the 2nd and 3rd certificate. Just a thought: Have you imported and accepted the root CA.crt in the phone? Any further certs signed by the accepted CA *should* be readily accepted by the client. Did exactly the same. Would you like to have a look of the certificates to find out what exactly is missing? If you parse each user.crt with e.g.: $ openssl x509 -text -in user1.crt you should be able to make the comparisons your self. The man page suggests different parsing options to check the contents of certs; e.g. -purpose, etc. -- Regards, Mick pgpJiK8c2mMIZ.pgp Description: PGP signature
RE: Newbie questions
Hi, I downloaded and installed open-ssl on a windows environment. I then used the openssl application to start the s_client and s_server. I ran the client and server with the following commands. I then attempted to connect my client to the s_server. I managed to connect to the server but failed to transmit data. Can anybody point me to a simple example I can use to get me rolling on this? I don't think this are any simple examples for OpenSSL ;-) The best bet IMHO is to buy a few books and read them thoroughly before attempting to anything. I have Network Security with OpenSSL, and SSL and TLS by Eric Rescorla. M __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to improve the performance of SSL_Read
Hi Rick, Thanks for your reply. I want to reduce the reading the response time, so that the performance will get improve. I want to read all the bytes at a time. SSL_read API is taking much time to read all the bytes of the response from the server. First time it is going to read 112 bytes, then 1300 bytes,1460 bytes...etc. Instead of this reading the bytes in chunks in while loop, i want to read all the bytes at a time. Could you please suggest me any other API to read all the bytes at a time. Please send me any example code of this scenario where i can read all the bytes at a time. Thanks in Advance, Ghouse... On 5/22/07, Rick Jones [EMAIL PROTECTED] wrote: ghouse mohiddin wrote: Hi, How to improve the performance of the SSL Read call?. Is there any call to increase the Buffercapacity. I am able to read around 1300 bytes at a time. It is taking 5 to 6 seconds for reading the whole response (Header and Body)from the server which is very slow. 1300 bytes at a time sounds like one TCP segment at a time. How much data in total are you reading in those 5 to 6 seconds? If there really isn't all that much data, perhaps the sender is having to retransmit some of it. Check the netstat statistics and link-level statistics on both ends and look for drops, errors, retransmissions and the like. rick jones __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Problem in BIO_gets( )
Hi All, I am getting problem in BIO_gets( ) API. I am able to read only Header part of the response. After that it is giving some exception before it starts to read the body content.I am not able to read the body content. Whether I have to set any flags before reading the huge nubmer of bytes such as the body contents. Please help me to solve this issue. Thanks in Advance, Ghouse. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: CRL management pb
Hello all, I build a ssl server with client authentication ( I use openssl 0.9.8d) I wanted to know why I have the error no certificate returned when the client certificat is revoked and not a more explicit one. I decided to compile the openssl code to check where my pb is : in s3_srvr.c , I found the code executed: i=ssl_verify_cert_chain(s,sk); if (!i) { al=ssl_verify_alarm_type(s-verify_result); SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); goto f_err; } and ssl_verify_cert_chain function performs a lot of control including the peer crl check ( I have seen it with printf...) Is there a way to get a more appropriate stack error like SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED which is a variable not used now ? Or shall I wait a new version of Openssl ? thank you for your response, Jf __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Sending data to s_server?
Hello, I want to see a message from my test client to the openssl s_server. I connect fine. However when I send a message to the server I see from the following: C:\www\opensssl\bin\openssl.exe s_server -accept 2000 -debug -nocert Loading 'screen' into random state - done Using default temp DH parameters Using default temp ECDH parameters ACCEPT read from 0xa4a380 [0xa54bb0] (11 bytes = 11 (0xB) - 68 65 6c 6f 20 77 6f-72 6c 64hello world ERROR 2272:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:.\ssl\s23_srvr.c:562: shutting down SSL CONNECTION CLOSED ACCEPT It looks like its just printing the first 11 characters of the message. Not sure why it clipped the what the hell is going on part but I'm sure its pretty obvious. Not to me. Could somebody be so kind to enlighen me on what is going on. Thanks, Garyc __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Multi-threaded SSL Socket Usage
Hi Andrew Get SSL and TLS Designing and Building Secure Systems, read section 8.9 ( page 274). Get Network Security with OpenSSL, read example 5-16. I hope it will clear a little bit for you. TD -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Armstrong Sent: Tuesday, May 15, 2007 6:18 To: openssl-users@openssl.org Subject: Multi-threaded SSL Socket Usage Hi Everyone, I hope I have found the right place to ask for some advice. An application we have developed is responsible for handling concurrent connections from multiple SSL Sockets. While the application works fine for a while; there will sometimes be an issue where a socket blocked on write. So we switched to non-blocking IO, and handled (supposedly) WANT_READ and WANT_WRITE correctly. We also have attempted to handle the other oddities correctly (detecting EAGAIN and retrying the write, etc), however sometimes while it is working fine for the most part, will eventually have sockets drop or not get written/read from correctly. It's a bit complicated to explain. The design of the application is that there are worker threads which pick up data and send them out via the sockets. This works for the most part, however as mentioned it will sometimes no longer appear to work (data is not received in a timely fashion for example). I would think this is just do to how complex the read/write logic is for openssl, nonblocking multi-threaded applications. Is there anyone out there with experience in using OpenSSL in a multi-threaded application that can provide some sample code or anything to help address these issues? It would be really appreciated if anyone can point me in the direction or even yet provide a basic sample application that handles concurrent connections from SSL Sockets correctly. It's terrible that there are so many pitfalls one needs to account for, yet there is no documentation about this (or example) in the OpenSSL library. Thanks, Andrew __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
trying to get valid SSL cert working with uw-imap server.
hey list, I have a uw-imap server installed on a solaris box. We currently have a working SSL certificate thats about to expire on our server. On top of that, our internal team that issues the certificates is changing their root certs, so we need to update that as well. so I have a new cert for my server and Im trying to get pine and mutt to connnect to it, but pine complains that its a self signed cert.. as does the openssl client SSL-Session: Protocol : TLSv1 Cipher: AES256-SHA Session-ID: 9878A3F0C550C7124A6FD64FC809E10971EFA324230151955A4CD64C5CEDFF52 Session-ID-ctx: Master-Key: 2E11F61B9BA160292DD85683983AFB20BAEFB9430E8ABDBE6819CBD7AC877BD1503C82D170DEFC2FFC7FA759F64728AF Key-Arg : None Start Time: 1179932976 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) What should I do to troubleshoot this? regards, Jason __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
relationship between cipher suites and encoders
Hi, I'm trying to work out the relationship between a cipher suite, and the encrypters available in OpenSSL. For example, in OpenSSL 0.9.8e I see there is blowfish encryption available (in `openssl enc`), yet none of the bf variants appear in the cipher suite list (`openssl ciphers`). So, where does the cipher suite list come from, and how would one proceed if one wanted a cipher that's not already available in that list (specifically, I'm interested in cfb and ofb modes)? Cheers, Y. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Newbie questions
Hey Mark, Yep I think your right. Ordered the Network Security with OpenSSL book. Thanks, Garyc --- Mark [EMAIL PROTECTED] wrote: Hi, I downloaded and installed open-ssl on a windows environment. I then used the openssl application to start the s_client and s_server. I ran the client and server with the following commands. I then attempted to connect my client to the s_server. I managed to connect to the server but failed to transmit data. Can anybody point me to a simple example I can use to get me rolling on this? I don't think this are any simple examples for OpenSSL ;-) The best bet IMHO is to buy a few books and read them thoroughly before attempting to anything. I have Network Security with OpenSSL, and SSL and TLS by Eric Rescorla. M __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: trying to get valid SSL cert working with uw-imap server.
[EMAIL PROTECTED] wrote: hey list, I have a uw-imap server installed on a solaris box. We currently have a working SSL certificate thats about to expire on our server. On top of that, our internal team that issues the certificates is changing their root certs, so we need to update that as well. so I have a new cert for my server and Im trying to get pine and mutt to connnect to it, but pine complains that its a self signed cert.. as does the openssl client SSL-Session: Protocol : TLSv1 Cipher: AES256-SHA Session-ID: 9878A3F0C550C7124A6FD64FC809E10971EFA324230151955A4CD64C5CEDFF52 Session-ID-ctx: Master-Key: 2E11F61B9BA160292DD85683983AFB20BAEFB9430E8ABDBE6819CBD7AC877BD1503C82D170DEFC2FFC7FA759F64728AF Key-Arg : None Start Time: 1179932976 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) What should I do to troubleshoot this? regards, Jason __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Maybe this isn't the correct list to ask for uw-imap... But you must add your new root certs to the CA certs databases where pine and mutt are searching for. For pine, the default path is embedded in the code (for mutt I don't know), during the build phase you can tell him ./build SSLCERTS=/path/to/CA root certs directory (hashed!!) With openssl s_client, you must tell him to point out the same dir with the option -CApath /path/to/CA root certs directory (hashed!!) Good luck! -- Ing. Sergio Rabellino Head of ICT Services Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: trying to get valid SSL cert working with uw-imap server.
aha! so this is what I was suspecting actually. Please tell me where I can RTFM about setting up the root certs in my CA root certs dir? and how to do the hash thing? if theres a howto, please point me to it. thanks/regards, Jason But you must add your new root certs to the CA certs databases where pine and mutt are searching for. For pine, the default path is embedded in the code (for mutt I don't know), during the build phase you can tell him ./build SSLCERTS=/path/to/CA root certs directory (hashed!!) With openssl s_client, you must tell him to point out the same dir with the option -CApath /path/to/CA root certs directory (hashed!!) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie questions
I believe a PDF is available for free on the Internet. I googled for it a few weeks ago thinking I would find an abstract of it and instead found the entire book. Chaz On 5/23/07, gary clark [EMAIL PROTECTED] wrote: Hey Mark, Yep I think your right. Ordered the Network Security with OpenSSL book. Thanks, Garyc --- Mark [EMAIL PROTECTED] wrote: Hi, I downloaded and installed open-ssl on a windows environment. I then used the openssl application to start the s_client and s_server. I ran the client and server with the following commands. I then attempted to connect my client to the s_server. I managed to connect to the server but failed to transmit data. Can anybody point me to a simple example I can use to get me rolling on this? I don't think this are any simple examples for OpenSSL ;-) The best bet IMHO is to buy a few books and read them thoroughly before attempting to anything. I have Network Security with OpenSSL, and SSL and TLS by Eric Rescorla. M __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to improve the performance of SSL_Read
ghouse mohiddin wrote: Hi Rick, Thanks for your reply. I want to reduce the reading the response time, so that the performance will get improve. I want to read all the bytes at a time. SSL_read API is taking much time to read all the bytes of the response from the server. First time it is going to read 112 bytes, then 1300 bytes,1460 bytes...etc. Instead of this reading the bytes in chunks in while loop, i want to read all the bytes at a time. Could you please suggest me any other API to read all the bytes at a time. Please send me any example code of this scenario where i can read all the bytes at a time. That does presume I suspect you know in advance how many bytes there are going to be. What you need is support for the water marks in the socket layer. Not all sockets implementations actually support them. On those which do, you can tell the stack the socket is not to be considered readable until N bytes are present. That you are getting the data in bits and peices suggests that your receiver is fast enough to stay ahead of the network, which is a good thing. That your code does those reads for 5 to 6 seconds suggests that it is taking 5 to 6 seconds to get the data to your receiver. Even if you read in on one swell foop (one fell swoop) it would still be 5 to 6 seconds. Depending on the specifics of the connection (can youshare details/) perhaps there are some packet losses happening. rick jones Thanks in Advance, Ghouse... On 5/22/07, Rick Jones [EMAIL PROTECTED] wrote: ghouse mohiddin wrote: Hi, How to improve the performance of the SSL Read call?. Is there any call to increase the Buffercapacity. I am able to read around 1300 bytes at a time. It is taking 5 to 6 seconds for reading the whole response (Header and Body)from the server which is very slow. 1300 bytes at a time sounds like one TCP segment at a time. How much data in total are you reading in those 5 to 6 seconds? If there really isn't all that much data, perhaps the sender is having to retransmit some of it. Check the netstat statistics and link-level statistics on both ends and look for drops, errors, retransmissions and the like. rick jones __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie questions
Hey Chas, You dont happen to know the link. Did a quick search and just got the pdf with just the first 5 chapters? Much appreciated, Garyc --- Chas. [EMAIL PROTECTED] wrote: I believe a PDF is available for free on the Internet. I googled for it a few weeks ago thinking I would find an abstract of it and instead found the entire book. Chaz On 5/23/07, gary clark [EMAIL PROTECTED] wrote: Hey Mark, Yep I think your right. Ordered the Network Security with OpenSSL book. Thanks, Garyc --- Mark [EMAIL PROTECTED] wrote: Hi, I downloaded and installed open-ssl on a windows environment. I then used the openssl application to start the s_client and s_server. I ran the client and server with the following commands. I then attempted to connect my client to the s_server. I managed to connect to the server but failed to transmit data. Can anybody point me to a simple example I can use to get me rolling on this? I don't think this are any simple examples for OpenSSL ;-) The best bet IMHO is to buy a few books and read them thoroughly before attempting to anything. I have Network Security with OpenSSL, and SSL and TLS by Eric Rescorla. M __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie questions
When I get back to my house this evening I will send you the file. Will that be alright? Chas. On 5/23/07, gary clark [EMAIL PROTECTED] wrote: Hey Chas, You dont happen to know the link. Did a quick search and just got the pdf with just the first 5 chapters? Much appreciated, Garyc --- Chas. [EMAIL PROTECTED] wrote: I believe a PDF is available for free on the Internet. I googled for it a few weeks ago thinking I would find an abstract of it and instead found the entire book. Chaz On 5/23/07, gary clark [EMAIL PROTECTED] wrote: Hey Mark, Yep I think your right. Ordered the Network Security with OpenSSL book. Thanks, Garyc --- Mark [EMAIL PROTECTED] wrote: Hi, I downloaded and installed open-ssl on a windows environment. I then used the openssl application to start the s_client and s_server. I ran the client and server with the following commands. I then attempted to connect my client to the s_server. I managed to connect to the server but failed to transmit data. Can anybody point me to a simple example I can use to get me rolling on this? I don't think this are any simple examples for OpenSSL ;-) The best bet IMHO is to buy a few books and read them thoroughly before attempting to anything. I have Network Security with OpenSSL, and SSL and TLS by Eric Rescorla. M __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie questions
Excellent Chas. Thanks, Garyc --- Chas. [EMAIL PROTECTED] wrote: When I get back to my house this evening I will send you the file. Will that be alright? Chas. On 5/23/07, gary clark [EMAIL PROTECTED] wrote: Hey Chas, You dont happen to know the link. Did a quick search and just got the pdf with just the first 5 chapters? Much appreciated, Garyc --- Chas. [EMAIL PROTECTED] wrote: I believe a PDF is available for free on the Internet. I googled for it a few weeks ago thinking I would find an abstract of it and instead found the entire book. Chaz On 5/23/07, gary clark [EMAIL PROTECTED] wrote: Hey Mark, Yep I think your right. Ordered the Network Security with OpenSSL book. Thanks, Garyc --- Mark [EMAIL PROTECTED] wrote: Hi, I downloaded and installed open-ssl on a windows environment. I then used the openssl application to start the s_client and s_server. I ran the client and server with the following commands. I then attempted to connect my client to the s_server. I managed to connect to the server but failed to transmit data. Can anybody point me to a simple example I can use to get me rolling on this? I don't think this are any simple examples for OpenSSL ;-) The best bet IMHO is to buy a few books and read them thoroughly before attempting to anything. I have Network Security with OpenSSL, and SSL and TLS by Eric Rescorla. M __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl how to remove BEGIN PUBLIC KEY/ END PUBLIC KEY p
Hi, Are there ways to remove the -BEGIN PUBLIC KEY/ END PUBLIC KEY- heading from a public key? I have a public key that I extracted from my x509 certificate, but it gave me BEGIN PUBLIC KEY/ END PUBLIC KEY in the public key, I want to remove it and have the encoded base64 text all in one line. For ex: I don't want this: -BEGIN PUBLIC KEY- ZIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg8yo6rDhsNiwUfVR37HgF4bWq oG13Nd9XLT+Z0VLzCkWJZOdzGNQnnm7ujoQ8gbxeDvIo9RG5I3eZteBwD91Nf6P/ E9lvJQDL2Qnz4EXH/CVW9DeEfvY1UJN9kc6q6KkYEPWssvVvlDOp2slbEKZCJtaP vVuGCAqfaps8J0FjOQIDAQAZ -END PUBLIC KEY- I want this format instead: ZIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg8yo6rDhsNiwUfVR37HgF4bWqoG13Nd9XLT+Z0VLzCkWJZOdzGNQnnm7ujoQ8gbxeDvIo9RG5I3eZteBwD91Nf6P/E9lvJQDL2Qnz4EXH/CVW9DeEfvY1UJN9kc6q6KkYEPWssvVvlDOp2slbEKZCJtaPvVuGCAqfaps8J0FjOQIDAQAZ Any help is much appreciated. -Janet
Re: openssl how to remove BEGIN PUBLIC KEY/ END PUBLIC KEY p
Hello, Are there ways to remove the -BEGIN PUBLIC KEY/ END PUBLIC KEY- heading from a public key? I have a public key that I extracted from my x509 certificate, but it gave me BEGIN PUBLIC KEY/ END PUBLIC KEY in the public key, I want to remove it and have the encoded base64 text all in one line. For ex: I don't want this: -BEGIN PUBLIC KEY- ZIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg8yo6rDhsNiwUfVR37HgF4bWq oG13Nd9XLT+Z0VLzCkWJZOdzGNQnnm7ujoQ8gbxeDvIo9RG5I3eZteBwD91Nf6P/ E9lvJQDL2Qnz4EXH/CVW9DeEfvY1UJN9kc6q6KkYEPWssvVvlDOp2slbEKZCJtaP vVuGCAqfaps8J0FjOQIDAQAZ -END PUBLIC KEY- I want this format instead: ZIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg8yo6rDhsNiwUfVR37HgF4bWqoG13Nd9XLT+Z0VLzCkWJZOdzGNQnnm7ujoQ8gbxeDvIo9RG5I3eZteBwD91Nf6P/E9lvJQDL2Qnz4EXH/CVW9DeEfvY1UJN9kc6q6KkYEPWssvVvlDOp2slbEKZCJtaPvVuGCAqfaps8J0FjOQIDAQAZ Any help is much appreciated. $ cat cert.pem | sed '/^-/d' | awk '{printf %s, $1}' Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl how to remove BEGIN PUBLIC KEY/ END PUBLIC KEY p
Thanks! This works. On 5/23/07, Marek Marcola [EMAIL PROTECTED] wrote: Hello, Are there ways to remove the -BEGIN PUBLIC KEY/ END PUBLIC KEY- heading from a public key? I have a public key that I extracted from my x509 certificate, but it gave me BEGIN PUBLIC KEY/ END PUBLIC KEY in the public key, I want to remove it and have the encoded base64 text all in one line. For ex: I don't want this: -BEGIN PUBLIC KEY- ZIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg8yo6rDhsNiwUfVR37HgF4bWq oG13Nd9XLT+Z0VLzCkWJZOdzGNQnnm7ujoQ8gbxeDvIo9RG5I3eZteBwD91Nf6P/ E9lvJQDL2Qnz4EXH/CVW9DeEfvY1UJN9kc6q6KkYEPWssvVvlDOp2slbEKZCJtaP vVuGCAqfaps8J0FjOQIDAQAZ -END PUBLIC KEY- I want this format instead: ZIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg8yo6rDhsNiwUfVR37HgF4bWqoG13Nd9XLT+Z0VLzCkWJZOdzGNQnnm7ujoQ8gbxeDvIo9RG5I3eZteBwD91Nf6P/E9lvJQDL2Qnz4EXH/CVW9DeEfvY1UJN9kc6q6KkYEPWssvVvlDOp2slbEKZCJtaPvVuGCAqfaps8J0FjOQIDAQAZ Any help is much appreciated. $ cat cert.pem | sed '/^-/d' | awk '{printf %s, $1}' Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to improve the performance of SSL_Read
I want to reduce the reading the response time, so that the performance will get improve. I want to read all the bytes at a time. SSL_read API is taking much time to read all the bytes of the response from the server. First time it is going to read 112 bytes, then 1300 bytes,1460 bytes...etc. Instead of this reading the bytes in chunks in while loop, i want to read all the bytes at a time. Could you please suggest me any other API to read all the bytes at a time. Please send me any example code of this scenario where i can read all the bytes at a time. SSL_read is giving you as many bytes as it has. The problem is not in the SSL_read but either in the sending side or the network between them. You can confirm this with a tool like 'tcpdump'. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]