Re: How can I load a PEM key stored in a string instead from a file?
Thank you very much! I've used d2i_PrivateKey_bio() with the BIO I get from the key buffer. 2010/10/29 Erik Tkal : > How about using the d2i_ functions? > > > > Erik Tkal > Juniper OAC/UAC/Pulse Development > > -Original Message- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Leandro Santiago > Sent: Friday, October 29, 2010 7:26 AM > To: openssl-users@openssl.org > Subject: Re: How can I load a PEM key stored in a string instead from a file? > > Thanks to all. I've resolved my first problem, load the PEM from a string. > I've used BIO_new_mem_buf() and PEM_read_bio_PrivateKey(). > > But now I've seen that it works well with PEM keys, and now I'm trying > to use a DER key, again from a string. Is there something like > DER_read_bio_PrivateKey()? > > 2010/10/27 Dr. Stephen Henson : >> On Wed, Oct 27, 2010, Leandro Santiago wrote: >> >>> Ok. I've found the implementation of that function: >>> >>> EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb >>> *cb, void *u) >>> { >>> BIO *b; >>> EVP_PKEY *ret; >>> >>> if ((b=BIO_new(BIO_s_file())) == NULL) >>> { >>> PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); >>> return(0); >>> } >>> BIO_set_fp(b,fp,BIO_NOCLOSE); >>> ret=PEM_read_bio_PrivateKey(b,x,cb,u); >>> BIO_free(b); >>> return(ret); >>> } >>> >>> So if I need to implement a function which opens a char string as a >>> key I need to write something as the code above, but changing the >>> functions BIO_s_file() and BIO_set_fp(b,fp,BIO_NOCLOSE) to something >>> which load from that string instead from a FILE*? >>> >>> ps: yes, I'm very noob on openssl. OpenSSL is amazing, but it's very >>> hard to beginners. thx >>> >> >> As others have indicated you can use PEM_read_bio_PrivateKey() instead as >> this can be passed a BIO which is an OpenSSL I/O abstraction. You can create >> a >> BIO from a character string using BIO_new_mem_buf(). >> >> Steve. >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org >> > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How can I load a PEM key stored in a string instead from a file?
How about using the d2i_ functions? Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Leandro Santiago Sent: Friday, October 29, 2010 7:26 AM To: openssl-users@openssl.org Subject: Re: How can I load a PEM key stored in a string instead from a file? Thanks to all. I've resolved my first problem, load the PEM from a string. I've used BIO_new_mem_buf() and PEM_read_bio_PrivateKey(). But now I've seen that it works well with PEM keys, and now I'm trying to use a DER key, again from a string. Is there something like DER_read_bio_PrivateKey()? 2010/10/27 Dr. Stephen Henson : > On Wed, Oct 27, 2010, Leandro Santiago wrote: > >> Ok. I've found the implementation of that function: >> >> EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb >> *cb, void *u) >> { >> BIO *b; >> EVP_PKEY *ret; >> >> if ((b=BIO_new(BIO_s_file())) == NULL) >> { >> PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); >> return(0); >> } >> BIO_set_fp(b,fp,BIO_NOCLOSE); >> ret=PEM_read_bio_PrivateKey(b,x,cb,u); >> BIO_free(b); >> return(ret); >> } >> >> So if I need to implement a function which opens a char string as a >> key I need to write something as the code above, but changing the >> functions BIO_s_file() and BIO_set_fp(b,fp,BIO_NOCLOSE) to something >> which load from that string instead from a FILE*? >> >> ps: yes, I'm very noob on openssl. OpenSSL is amazing, but it's very >> hard to beginners. thx >> > > As others have indicated you can use PEM_read_bio_PrivateKey() instead as > this can be passed a BIO which is an OpenSSL I/O abstraction. You can create a > BIO from a character string using BIO_new_mem_buf(). > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How can I load a PEM key stored in a string instead from a file?
Thanks to all. I've resolved my first problem, load the PEM from a string. I've used BIO_new_mem_buf() and PEM_read_bio_PrivateKey(). But now I've seen that it works well with PEM keys, and now I'm trying to use a DER key, again from a string. Is there something like DER_read_bio_PrivateKey()? 2010/10/27 Dr. Stephen Henson : > On Wed, Oct 27, 2010, Leandro Santiago wrote: > >> Ok. I've found the implementation of that function: >> >> EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb >> *cb, void *u) >> { >> BIO *b; >> EVP_PKEY *ret; >> >> if ((b=BIO_new(BIO_s_file())) == NULL) >> { >> PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); >> return(0); >> } >> BIO_set_fp(b,fp,BIO_NOCLOSE); >> ret=PEM_read_bio_PrivateKey(b,x,cb,u); >> BIO_free(b); >> return(ret); >> } >> >> So if I need to implement a function which opens a char string as a >> key I need to write something as the code above, but changing the >> functions BIO_s_file() and BIO_set_fp(b,fp,BIO_NOCLOSE) to something >> which load from that string instead from a FILE*? >> >> ps: yes, I'm very noob on openssl. OpenSSL is amazing, but it's very >> hard to beginners. thx >> > > As others have indicated you can use PEM_read_bio_PrivateKey() instead as > this can be passed a BIO which is an OpenSSL I/O abstraction. You can create a > BIO from a character string using BIO_new_mem_buf(). > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ocsp through proxy
Hi, We use openssl ocsp to make certificate checks in an application inside our company and openssl has to do the check through the company proxy. We have seen that openssl doesn't use httt_proxy environment variable neither use any parameter to use proxy. Also, we have seen that squid (which is the proxy our company use) doesn't implement ocsp protocol (http://devel.squid-cache.org/ssl/), I think. Is there any way to use ocsp through a squid proxy ?? As openssl doesn't support proxy I've managed to tunnel it through our proxy with proxychains (http://proxychains.sourceforge.net/) and we received the following error message in our squid log: 127.0.0.1 - - [29/Oct/2010:12:27:39 +0200] "CONNECT 213.170.35.240:80 HTTP/1.0" 403 1440 "-" "-" TCP_DENIED:NONE We've tested it with the following commands and both gives the same results: proxychains openssl ocsp -CAfile /tmp/acraiz-dnie.cer -issuer /tmp/7c76ee6e3713d8a54bdcb39ff4237fc6cert_i.pem -cert /tmp/7c76ee6e3713d8a54bdcb39ff4237fc6cert_c.pem -url http://ocsp.dnie.es proxychains openssl ocsp -CAfile /tmp/acraiz-dnie.cer -issuer /tmp/7c76ee6e3713d8a54bdcb39ff4237fc6cert_i.pem -cert /tmp/7c76ee6e3713d8a54bdcb39ff4237fc6cert_c.pem -host ocsp.dnie.es:80 -url http://ocsp.dnie.es Thanks for any clue and regards, Fernando. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
[MinGW] undefined reference to `ERR_unload_strings'
Hi, Building recent openssl (0.9.8n, 0.9.8o) from source in the MSYS shell with the MinGW port of 6cc-3.4.5. When trying to build a shared library (dll), I do './config --shared && make'. Everything is fine until, during the 'make' stage, we switch to the 'engines' directory: make[1]: Entering directory `/c/_32/comp/openssl-0.9.8o/engines' [snip - e_4758cca.o, e_aep.o, e_atalla.o, e_cswift.o, e_gmp.o, e_chil.o, e_nuron.o, e_sureware.o, e_ubsec.o and e_capi.o were successfully compiled at this stage] make[2]: Entering directory `/c/_32/comp/openssl-0.9.8o/engines' e_4758cca.o:e_4758cca.c:(.text+0x40): undefined reference to `ERR_unload_strings' e_4758cca.o:e_4758cca.c:(.text+0x53): undefined reference to `ERR_unload_strings' e_4758cca.o:e_4758cca.c:(.text+0x75): undefined reference to `CRYPTO_free' e_4758cca.o:e_4758cca.c:(.text+0xb5): undefined reference to `DSO_load' [snip other similar errors] e_4758cca.o:e_4758cca.c:(.text+0x1724): undefined reference to `ENGINE_set_cmd_defns' e_4758cca.o:e_4758cca.c:(.text+0x173e): undefined reference to `ERR_get_next_error_library' e_4758cca.o:e_4758cca.c:(.text+0x176a): undefined reference to `ERR_load_strings' e_4758cca.o:e_4758cca.c:(.text+0x177d): undefined reference to `ERR_load_strings' e_4758cca.o:e_4758cca.c:(.text+0x14fd): undefined reference to `CRYPTO_free' collect2: ld returned 1 exit status make[2]: *** [link_o.cygwin] Error 1 make[2]: Leaving directory `/c/_32/comp/openssl-0.9.8o/engines' make[1]: *** [lib] Error 2 make[1]: Leaving directory `/c/_32/comp/openssl-0.9.8o/engines' make: *** [build_engines] Error 1 Any idea as to what's going wrong here ? The actual command that's causing the failures seems to be missing from the output. And there's that odd reference to link_o.cygwin near the end - what on earth is that ? (This is a native win32 build - not cygwin.) Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org