[openssl-dev] Not Before and Not After Date format for openssl API X509_gmtime_adj

Hi all, I am programmatically generating the self signed certificate and need to specify the "Not Before" and "Not After" date, Wanted to understand what all formats are acceptable by this API ? Also, similarly while using API , what exactly is the time format expected by X509_cmp_time(X509_ge

Re: [openssl-dev] [openssl-users] X509_verify() error - block type is not 01

private key with which certificate was signed, or the public key which this certificate signs. Sorry, I think I am still bit not clear on purpose of the API. Thanks & Regards, Nayna Jain From: Viktor Dukhovni To: openssl-us...@openssl.org, openssl-dev@openssl.org Date: 06/22/2015 08:0

Re: [openssl-dev] [openssl-users] X509_verify() error - block type is not 01

Thanks Victor, I want to match the certificate with the private key for whose public key that certificate is provided. If this verifies who signed the certificate, then how do I verify whether the certificate provided is for the private key which was generated, Thanks & Regards, Nayna

[openssl-dev] X509_verify() error - block type is not 01

Hi, I am trying to verify X509 certificate against two private keys such that atleast one of them it should match. I used the API as X509_verify(x509, pkey) where pkey is of EVP_PKEY type However, for one of the private key it is failing with error "block type is not 01"// And this key is s

Re: [openssl-dev] [openssl-users] Is there openssl API to verify certificate content is DER or PEM format ?

Hi, Thanks Victor, I am going to try these.. I have similar concern for private key. If I have a pem file with private key in that, how do I check if that is RSA/DSA ? Thanks & Regards, Nayna Jain From: Viktor Dukhovni To: openssl-us...@openssl.org, openssl-dev@openssl.org Date:

[openssl-dev] X509_STORE_free() and X509_LOOKUP_free() also frees the X509 certificates inside it

Hi all, I am using X509_STORE and X509_LOOKUP to verify the certificate and its chain. But at the end when I do X509_STORE_free(store) and X509_LOOKUP_free (lookup), it is also doing free of the X509* certificate which I added. But I don't want that, because after that when I immediately try to

Re: [openssl-dev] [openssl-users] Is there openssl API to verify certificate content is DER or PEM format ?

PEM APIs. or there are DER specific APIs also, I didn't find though, unless they are d2i_xxx types. Thanks & Regards, Nayna Jain From: Viktor Dukhovni To: openssl-us...@openssl.org Date: 06/09/2015 10:34 AM Subject:Re: [openssl-users] Is there openssl API to verify ce

[openssl-dev] Is there openssl API to verify certificate content is DER or PEM format ?

Hi, I need to verify if the certifiate I have received is having its content in PEM/DER format. Is there any API which if given file pointer like (fp) will tell me whether it has valid format of certificate and if yes then whether it is PEM/DER format ? If no API, then what is the other way to

Re: [openssl-dev] What key length is used for DHE by default ?

Ok, I think this is what I didn't know. I was using openssl 1.0.1g client. I still didn't have openssl 1.0.2 . Thanks.. Thanks & Regards, Nayna Jain From: "Salz, Rich" To: "openssl-dev@openssl.org" Date: 05/22/2015 09:31 PM Subject:Re: [op

Re: [openssl-dev] What key length is used for DHE by default ?

Hi Hubert, Thanks.. I tried the command you mentioned i.e. openssl s_client -connect hostname:443 -cipher EDH /dev/null | grep 'Server Temp Key' But it didn't output anything. Thanks & Regards, Nayna Jain From: Hubert Kario To: openssl-dev@openssl.org Cc: N

[openssl-dev] What key length is used for DHE by default ?

Hi, With the latest logjam attack, as I was trying to verify if my server (lighttpd) accepts DHE_xxx ciphers, I saw that it accepted and I didn't do any configuration setting done for DH parameters explicitly. But I couldn't verify what is the key length did it use by default 512/1024/2048 ?

SSL connection broken after upgrading from 0.9.8a to 1.0.1e version of openssl

& Regards, Nayna Jain __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org

Re: SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

reason comes is as - it as mismatch issue between server and client SSL connection either protocol or certificates like that.. Thanks & Regards, Nayna Jain From: Brad House To: openssl-dev@openssl.org, Date: 04/21/2014 04:48 PM Subject:Re: SSL negotiation failed: error:

SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

couldn't get much information. Since the error seems to be too much code level, sending it to openssl dev group also, along with openssl users group. Thanks & Regards, Nayna Jain __ OpenSS

Are Openssl Random Number Generator NIST compliant ?

loaded by default ? Thanks & Regards, Nayna Jain __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Man

Need understanding of SSLv23_xxx_method() API.. It is failing when SSLv23_client_method() connects to TLSv1_2_server_method()

error. earliar I was getting "Digest to big in size for rsa" Can someone please explain this ? Thanks & Regards, Nayna Jain __ OpenSSL Project http://www.openssl.org Developmen

How SSLv23_xxx_method() is able to handle all the protocols SSLv3, TLS1.x

& Regards, Nayna Jain __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org

What is the reason for error "SSL negotiation failed: error:04075070:rsa routines:RSA_sign:digest too big for rsa key"

rror ? If possible, also if someone can explain that how SSLv23 is able to handshake with both TLSv1_2 related APIs as well as SSLv3 related APIs. Thanks & Regards, Nayna Jain __ OpenSSL Project