I am still a little unclear by what exactly TLS_FALLBACK_SCSV option would
do.
What if the server only supports SSLv3 + TLSv1 and client only connects
with SSLv3? Without the patch, both would agree to SSLv3. So this is a
problem.
What happens with the patch only on the server? And what happens
ide this tunnel, issues a HTTP
CONNECT call.
4) We now need to do a SSL handshake inside the first tunnel
The application is an HTTPS proxy server with support for transparent
decryption of HTTP connect calls.
--
*David Hinkle*
*Senior Software Developer*
*Phone:* 800.243.3729x3000
;
> --
> Principal Security Engineer
> Akamai Technologies, Cambridge MA
> IM: rs...@jabber.me Twitter: RichSalz
>
--
*David Hinkle*
*Senior Software Developer*
*Phone:* 800.243.3729x3000
*Email:* hin...@cipafilter.com
*Hours:* Mon-Fri 8:00AM-5:00PM (CT)
Just so I make sure I understand, I just need to do something like:
while ((err = ERR_get_error()));
When I switch work and everything will be ok?
On Thu, Aug 14, 2014 at 4:44 PM, David Hinkle wrote:
> This is where I would have expected to find it:
> https://www.openssl.org/docs/
this as well.
>
>
>
> Yes, suboptimal and you have to do this. A patch to update the doc (where
> should we put it?) would be appreciated.
>
>
>
> --
>
> Principal Security Engineer
>
> Akamai Technologies, Cambridge MA
>
> IM: rs...@jabbe
mented anywhere? Or am I wrong and this shouldn't be happening?
--
*David Hinkle*
*Senior Software Developer*
*Phone:* 800.243.3729x3000
*Email:* hin...@cipafilter.com
*Hours:* Mon-Fri 8:00AM-5:00PM (CT)
>
> Confidentiality Statement:
>
> This message is intended only for the use of the Addressee and may contain
> information
> that is PRIVILEDGED and CONFIDENTIAL: If you are not the intended
> recipient, dissemination of this communication is pro
= {sk = 0x0, dummy = 862740789}}
(gdb) print *connptr->sbuffer->ssl->wbio
$7 = {method = 0x7f136db8a5e0, callback = 0, cb_arg = 0x0, init = 1,
shutdown = 0, flags = 9, retry_reason = 0, num = 91, ptr = 0x0, next_bio =
0x0, prev_bio = 0x0, references = 1, num_read = 7752, nu
d the scene?
For example, I need to break a long string into blocks to use
EVP_EncryptUpdate but I only need to feed the ciphertext into
EVP_DecryptUpdate once.
David
On Fri, Aug 1, 2014 at 8:36 PM, Salz, Rich wrote:
> Just wanted to say that Thulasi’s explanations and advice are exactly
&
t the finalization added 11 more bytes. So the total
decrypted len is 43.
Can you explain where the 11 more bytes are coming from after finalization?
Also It seems OK even if I don't use finalization,
David
On Thu, Jul 31, 2014 at 8:22 PM, Thulasi Goriparthi <
thulasi.goripar...@gmail.com> wr
p;tmplen)) == 0) {
printf (" Finalization error: %d\n", rc);
return -1;
}
Can anyone explain why?
David
I am developing an application similar to a VPN which uses OpenSSL for DTLS
and am trying to sort out path MTU discovery. The first issue I am having
is that the man pages for SSL_write and SSL_read provide the following
warning:
> When an SSL_write() [or SSL_read()] operation has to be repeated
hese two APIs might have
internally picked the ones they need and ignore the rest in the file. Maybe
it's just a convenient way to use a single file for both.
David
Oh, I see,
I should have used SSL_library_init() rather than OPENSSL_init_library().
Thanks everyone! Great help!
David
On Tue, May 20, 2014 at 1:38 PM, David Li wrote:
> Rich,
>
> I did the following calls:
>
> OpenSSL_add_all_algorithms();
> OP
Rich,
I did the following calls:
OpenSSL_add_all_algorithms();
OPENSSL_init_library();
SSL_load_error_strings();
Are these enough?
On Tue, May 20, 2014 at 1:32 PM, Richard Moore wrote:
> On 20 May 2014 20:13, David Li wrote:
>
>> So obviously my SSL_CTX object wa
27, Error in creating SSL ctx
139658508588992:error:140A90A1:SSL
routines:SSL_CTX_new:library has no ciphers:ssl_lib.c:1770:
So obviously my SSL_CTX object wasn't created properly. Now I have to
figure out what it means by "library has no ciphers".
David
On Tue, May 20, 2014 at 11:47 AM,
y I used a concatenated chain of certificates: server cert -
server key - CA cert (self signed). It's strange to me that
openssl s_server command can load the same cert chain no problem. So I am
leaning towards that it's in my code not the cert chain problem.
David
On Tue, May
detailed errors printed out but only:Segmentation fault
(core dumped)
I searched the old mailing list and on the web but found no clues so far.
Can anyone suggest how to debug this issue?
Thanks.
David
Hi,
is anyone out there developing or planning an implementation of EST
(Enrollment over Secure Transport) in C/C++, making use of OpenSSL?
Best,
David
__
OpenSSL Project http
\n", *delen); // 16
printf (" Finalizing \n");
if ((rc = EVP_DecryptFinal_ex(&ctx, debuf, &datalen)) == 0) {
printf (" Finalization error: %d\n", rc); // This is the failure! rc = 0
return -1;
}
David Li
On 9/25/2013 2:19 PM, Roberto Spadim wrote:
>
>hi david!
>do you have a patch about this hack?
Actually Fedora 18 fixes the primary problems. It has an update to rngd
so that it uses RdRand and it gets invoked properly. I passed
information on to RedHat about the problems and they fi
On 9/24/2013 11:58 AM, Roberto Spadim wrote:
There's space to create a new random device at /dev if you want too =)
/dev/nbrandom ? no block random? :)
2013/9/24 Richard Könning :
Am 24.09.2013 02:05, schrieb starlight.201...@binnacle.cx:
At 12:59 9/23/2013 -0700, Michael Sierchio wrote:
I'
Hello,
I'm interested in having 'openssl' version 1.0.1e
make use, by default, of hardware generated
true random numbers for creating session keys.
So far I've configured a STElectronics ST33
TPM as the majority source of /dev/random
entropy by configuring and starting the
'rngd' daemon from 'rng
eng_cryptodev.c file under
> >> crypto/engine folder. Why is this not working?
> >>
> >> I am using the following git - git://git.openssl.org/openssl.git
> >>
> >> $ openssl engine
> >> (dynamic) Dynamic engine loading support
> >&g
I am trying to implement functionality similar to what ssh does with
authorized_keys. I have a list of valid public keys (really public key
fingerprints in my case) and I want to verify whether the peer has one of
the valid keys.
My attempt to do this is to use SSL_CTX_set_cert_verify_callback to
pted (larger benefits cryptodev)
If you are using a HW accelerator then even if it is slower to do the
crypto there can be benefits in CPU offloading.
What you are seeing is quite likely correct. So the best answer is,
choose the solution that solves your problem the best :-)
Cheers,
Davidm
--
D
algorithm:pmeth_lib.c:164:
Has there been an incompatible change in the engine interface, such that
engine_pkcs11 needs an update?
regards, David Lamkin
__
OpenSSL Project http
Careful about this. The technically correct answer is misleading.
Yes, MD5 is used in the PRF, but it is XORed with SHA1. So you get at
least the strength of stronger of the two.
--David Jacobson
On 4/23/13 3:31 AM, Erwann Abalea wrote:
MD5 is used in TLS1.0 for RSA signing and random
hi all..
I've been able to build the FIPS Object Module according to the directions
starting in Appendix E.2 Apple iOS Support of the Jan. 25 2013 version of the
User Guide with one small change:
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk
LS functionality
work". But you should be careful not to give the impression that DTLS
will magically give you an in-order, guaranteed-delivery data stream.
It won't; it's still a datagram protocol at heart.
--
David WoodhouseOpen Sour
You can't use strerror for OpenSSL errors. Look into ERR_get_error() and
ERR_error_string().
I think what's happening with your code is that you set a recv timeout on
the listen socket, so you listen for one second and then hit the timeout
and the socket returns EWOULDBLOCK/EAGAIN to OpenSSL which
This led
me to improperly conclude that there was an option I was missing in the
code.
So, thanks very much for you time and effort in helping to dispel my
confusion.
- David
On Tue, Jan 22, 2013 at 3:39 PM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of David H
7:de:c0:21:eb:3d:2a:a7:23:49:01:04:86:42:7b:fc:ee:7f:
a2:16:52:b5:67:67:d3:40:db:3b:26:58:b2:28:77:3d:ae:14:
77:61:d6:fa:2a:66:27:a0:0d:fa:a7:73:5c:ea:70:f1:94:21:
65:44:5f:fa:fc:ef:29:68:a9:a2:87:79:ef:79:ef:4f:ac:07:
77:38
--
*David Hinkle*
*Senior Software
lient hello, and from
there decide if I want to engage the openssl library on the connection.
Any recommendations for how I can stuff the client hello that I've
previously read into the SSL object so that when I call SSL_accept
everything is cool?
--
*David Hinkle*
*Senior Software Develope
Hi Dave,
Thank you very much.
You just answered all my questions.
That helped a lot!!
Regards,
David William
On Tue, Sep 25, 2012 at 9:15 PM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of David William
> >Sent: Tuesday, 25 September, 2012 07:
Can it be
done with a self signed certificate?
Thanks,
David William
On 8/9/2012 14:54, Erik Tkal wrote:
> I don't believe OpenSSL has any mechanism to directly calculate P and
> Q; this requires an iterative process. Once you have those, however,
> calculating the rest are simple calculations using the BN library.
Thanks, Erik.
I wrote the following code to calc
Hi, I have an RSA key { D, E, N } generated by another library. I can
use OpenSSL to encrypt & decrypt interoperably, but I would like to
extend the key with the other factors OpenSSL uses to work faster
(factors P, Q, DMP1, DMQ1, IQMP). Is there a library function that
computes these other facto
Hi,
I am trying to sign a file using dgst but not sure why I got this "unable to
load key file". Here is the original command:
openssl dgst -sha384 -out xyz.sig -sign $PWD/keys/my_private.pem
xyz.to-be-signed
The private key file my_private.pem DOES exist in the directory.
The openssl versi
Dave,
Sorry I forgot. I do also have the EC public key (the point Qx and Qy) in hex.
I also know the curve P-384.
So the only step I am not sure is how to convert the EC private and public keys
into the DER format, i.e., step 2.
- David
From: owner
steps:
1. convert it to a binary key
2. convert the binary key into DER format (which openssl cmd?)
3. use openssl ec to convert the key in DER format to PEM format
4. use open dgst to sign the message.
Does this make sense?
David
>-Original Message-
>From: owner-open
Hi,
How does openssl dgst know which signing algorithm it's supposed to use in
openssl dgst? For example how does it figure out if this signing private key is
a ECDSA key or RSA key? Is this information hidden in the "priv_key.pem" of
the option -sign ?
David
be the "d" in the test vector. The questions
are:
How should I use "d" in openssl dgst command line? Should it be converted to
PEM format? If so how do I do that?
Thanks in advance.
David
I am getting individual messages. Is it possible to subscribe in batch
(diagest) mode?
David
That's good news.
Where can I find a simple example how to use AES-GCM using EVP-* apis?
David
>-Original Message-
>From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
>us...@openssl.org] On Behalf Of Dr. Stephen Henson
>Sent: Wednesday, May 23, 2012 12:05 PM
&
ptInit_ex(&ctx,
EVP_aes_128_ecb(), //can't find
EVP_aes_256_gcm
- David
-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Matt Caswell (fr...@baggins.org)
Sent: Tuesday, May 22, 2012 10:
Hi All,
I can't find this function in the source tree? It seems pointing to
FIPS_aes_256_gcm. All I see is:
grep -r FIPS_evp_aes_256_gcm .
./crypto/evp/evp_fips.c:const EVP_CIPHER *EVP_aes_256_gcm(void) { return
FIPS_evp_aes_256_gcm(); }
Anyone know where it is?
David
Dr. Hensen,
If, for instance, a key in the NIST test vector is:
Key = 84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96
What byte is the LSB (0x96?) and which is the MSB (0x84?)?
- David
From: owner-openssl-us...@openssl.org [owner
from NIST
vector but tag value didn't. I obtained the tag value by:
Unsigned char tag[16];
memcpy(tag, ctx.Xi.c, 16);
Anyone can think of a reason what might have gone wrong?
- David
The test vectors from NIST look like:
[Keylen = 256]
[IVlen
On 04/27/12 02:29 AM, Dr. Stephen Henson wrote:
Hmm never seen any error messages myself, using GNU tar 1.25.
The distribution tarballs are always created by doing:
make -f Makefile.org dist
from any source tree. As you can see from the files this makes use of "tar"
and "tardy". The tar versi
server and using
OpenSSL directly on the terminals.
Anyone who has some experience with this kind application?
David Kong
"This communication is confidential and may be legally privileged. If you are
not the intended recipient, (i) please do not re
1 32 37-2e 30 2e 30 2e 31 .127.0.0.1
ERROR
4150167176:error:14094456:SSL routines:SSL3_READ_BYTES:tlsv1 unsupported
extension:s3_pkt.c:1240:SSL alert number 110
shutting down SSL
CONNECTION CLOSED
ACCEPT
David Holmes | Technical Marketing Manager - Security
F5 Networks
P 206.272.
F 206
From: "cam"
I'm having a problem generating a signed SMIME message.
I have to interface with a CAC card reader that implements a subset of the
pkcs11 standard. I pass the message to the card API and it returns a
signed
digest and now I need to pass this signed digest to openSSL to create the
From: "Jakob Bohm"
> On 2/16/2012 11:42 PM, David H. Lipman wrote:
>> From: "Johan Samyn"
>>
>> 48 hours later my replies have NOT made it to Gmane.
>> Mark: 2/16/12 @ 1742 hrs
>>
>>
> I guess that would be 2012-02-16 17:42
From: "Johan Samyn"
48 hours later my replies have NOT made it to Gmane.
Mark: 2/16/12 @ 1742 hrs
--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
__
OpenSSL Proj
Personally, I find sslscan (http://sourceforge.net/projects/sslscan/) an
invaluable tool to see just what the server accepts and what it does not
Dave
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jakob Bohm
Sent: Thu
I finally figured this out:
./config set the platform as debug-linux-elf
I ran a "Configure linux-elf shared" and that solved the problem, no electric
fence debug messages.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of David B
Looks like there is a relevant discussion here
http://groups.google.com/group/mailing.openssl.users/msg/fa55b6bac4f91d8f
_
_
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On
Behalf Of David Weidenkopf [dweidenk...@cococorp.com]
Sent
for replacement
and extension of supported algorithms. Why couldn't the fips canister be
incorporated into a kernel module?
Appreciate any wisdom that anyone is willing to share!
Thanks
David
__
OpenSSL Pr
for replacement
and extension of supported algorithms. Why couldn't the fips canister be
incorporated into a kernel module?
Appreciate any wisdom that anyone is willing to share!
Thanks
David
__
OpenSSL Pr
Hi all,
I'm a newbie, so please be kind :)
I just did a "make" on the new 1.0 beta and configured for shared libraries. I
noticed that during a "make test" there are several debug messages coming from
Electric Fence. I also see this just doing a "openssl version"...
I'm wondering how to comp
On Fri, Oct 28, 2011 at 12:26 PM, David Durham
wrote:
>
> I'm just sending the message to cout. If you can point me to
> information on outputting the full OpenSSL error stack, I'd appreciate
> it.
replied too soon, looks like this is what I want:
ERR_prin
On Thu, Oct 27, 2011 at 4:55 PM, Dave Thompson wrote:
> If you just want confidentiality with truly no authentication,
> SSL/TLS (and OpenSSL) can do that with the anonymous-DH and
> anonymous-ECDH suites. I assume you understand and accept the
> vulnerabilities you are creating by not authenticat
On Thu, Oct 27, 2011 at 4:09 PM, Eric S. Eberhard wrote:
> I believe the last function, the write, is missing a return false with the
> error message?
Doesn't matter though, it's not an issue. Thanks.
__
OpenSSL Project
Hi all,
I'm new to C++ and libssl, but nevertheless trying to write an SSH
server. I have gone through tutorials and believe I have a working
server that initializes and SSL context, binds and listens on a TCP
socket, and accepts a connection. Using a debugger I see that if I
try to "ssh myserve
On 8/25/2011 6:04 AM, Arjan Filius wrote:
Hello,
today i ran into a situation, where i notice firefox/chrome and
gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl
s_client takes only one.
one tcp session is what i expect, and i hope someone may have an
explanation.
comp
On 7/26/2011 10:16 PM, Katif wrote:
Can you tell me what are the application dependency factor here so we'll be
able to chase a limit?
It is used as an RSA key exchange certification/private key pairing.
Thanks...
Maximum RSA key size supported.
Extensions supported.
DS
__
On 7/26/2011 4:38 AM, Katif wrote:
I need to know in advance the maximum length of the following three PEM
formatted files (excluding the -BEGIN/END lines):
It's application-dependent. There is no answer in general.
DS
_
On 7/14/2011 6:17 AM, Amit Kumar wrote:
Hi team,
I am using SSL_Connect() in one of my projects and this SSL_connect
is returning a value of -1.
With SSL_get_error() i can see it is *SSL_ERROR_WANT_READ ?*
*
*
* Now i am not understanding why this can come and if this is there
then sho
On 7/11/2011 3:18 PM, Carla Strembicke wrote:
The server recieves the encrypted data and sends to the lower level
and where it is pumped into the SSL structure ( which is using these
memory buffers) using the BIO_write call ( I acutally see that bytes are
written into it) and the buffer looks
On 6/22/2011 3:20 AM, ml.vladimbe...@gmail.com wrote:
Where can I find this example with BIO pairs? I can't understand only
with openssl's documentation how to work with BIO pairs.
I will be grateful for the help.
Look in ssl/ssltest.c, in the doit_biopair function.
DS
_
Any clues on how to make it use the right one?
Thanks,
David
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated Li
On 6/21/2011 2:53 AM, ml.vladimbe...@gmail.com wrote:
Jim, for me the main goal to replace functions that operate with sockets
is performance. I want to use OpenSSL with Windows IO Completion ports.
The method that you suggest is very interesting but the main is not
achieved - OpenSSL is still w
On 6/21/2011 2:40 AM, ml.vladimbe...@gmail.com wrote:
The fourth function is SSL_EncryptUserData, which encrypt our own
application data before we can send their to secure channel:
int SSL_EncryptApplicationData(char *buf_in, int buf_in_len, char
buf_out, int buf_out_len, int *need_buf_out_len)
On 6/15/2011 11:57 AM, ml.vladimbe...@gmail.com wrote:
Hello.
By default OpenSSL itself works with sockets. I would want to implement
operation with sockets without admitting it to OpenSSL. I.e. for
example, when OpenSSL wants to write down something in a socket, it
should cause my function and I
On 6/11/2011 8:52 AM, kali muthu wrote:
I have Linux Server which has been connected with a Windows XP client
using SSL Sockets. I am able to read and write through those sockets.
Good.
Recently my calls to SSL_Connect() waits for long time. And yes I am
using in Blocking mode. My search on
On 05/31/2011 03:02 PM, David Mitchell wrote:
>
> On May 31, 2011, at 2:32 PM, Dave Thompson wrote:
>
>>> From: owner-openssl-us...@openssl.org On Behalf Of David Mitchell
>>> Sent: Friday, 27 May, 2011 12:35
>>
>>> I'm having some problems with EAP
On May 31, 2011, at 2:32 PM, Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of David Mitchell
>> Sent: Friday, 27 May, 2011 12:35
>
>> I'm having some problems with EAP-TLS in FreeRadius 2.1.10. I
>> have a client
>> where authen
rtificate
Fri May 27 10:17:51 2011 : Error: SSL: SSL_read failed inside of TLS (-1), TLS
session fails.
Fri May 27 10:17:51 2011 : Debug: TLS receive handshake failed during operation
-----
| David Mitchell (mitch...@ucar.edu) Netwo
On 5/23/2011 1:59 AM, Harshvir Sidhu wrote:
David,
So are you suggesting that i change the approach in my Code.
Hard for me to give you a useful answer without seeing your code. If
your code tries to treat OpenSSL as a filter, expecting input and output
to correlate, then yes. If your
On 5/22/2011 5:10 PM, Harshvir Sidhu wrote:
Previously I have used SSL_XXX functions for performing SSL
operations. Now i have am working on an application which is written in
Managed C++ using callback functions(BeginReceive and EndReceive), and
SSL_Read function is not working for that. So
On 5/18/2011 3:27 AM, G S wrote:
I'm probably being obtuse here, but I don't see how encrypting your
request with a public key would help you with your original problem.
What stops a rogue app from doing the same encryption?
They can't see what the parameters are. So what are they
On 5/10/2011 2:10 AM, John Hollingum wrote:
I have a service written in Perl, running on Linux that presents a very
simple SSL listener. When this service is hit, it identifies the
connecting node from its certificate/peer address and just sends some
xml to them containing data from some files i
On 5/9/2011 1:45 PM, Eric S. Eberhard wrote:
> int setblock(fd, mode)
> int fd;
> int mode; /* True - blocking, False - non blocking */
> {
> int flags;
> int prevmode;
>
> flags = fcntl(fd, F_GETFL, 0);
> prevmode = !(flags & O_NDELAY);
> if (mode)
> flags &= ~O_NDELAY; /* turn blocking on */
>
On 5/9/2011 6:27 AM, Harshvir Sidhu wrote:
Also i suspect, that if i change the socket to non blocking, then
my current read write code will not work. i mean the one in which i use
FD_SET and select to perform operations.
Thanks.
It's very easy to get things wrong and it won't work unless
On 5/5/2011 10:01 AM, Chris Dodd wrote:
Is the OpenSSL library supposed to be at all reentrant? I've had odd
problems (intermittent errors) when trying to use OpenSSL in a
multithreaded
program (multiple threads each dealing with independent SSL connections),
and have apparently solved them by
On 5/4/2011 9:14 AM, Ashwin Chandra wrote:
Okay I read the complete bug report and it looks like there is a fix in
the latest openssl. However I checked it out and it limits the maximum
time RAND_poll will take to a second. 1000ms. Is there any other way to
speed this up?
Populate the OpenSSL
On 5/3/2011 11:31 AM, derleader mail wrote:
Hi,
I found OpenSSL server code which uses threds in order to process
clients. Is it possible to create connection pool with OpenSSL. There is
no information about this on openssl.org
How I can add threaded pool to this code?
http://pastebin.com/pkDB7
On 5/1/2011 3:31 AM, derleader mail wrote:
So I need a high performance solution that can handle many connections
with little server load.
1. SSL is a good solution but is not high performance - it's more
suitable for encryption of a web page. When establishing connection more
that 100 connecti
On 5/1/2011 1:34 AM, derleader mail wrote:
I'm going to use stream protocol - TCP/IP. Here is the template source
code of the server without the encryption part
We mean application protocol.
while (1) {
sock = accept(listensock, NULL, NULL);
printf("client connected to child thread %i with p
On 4/30/2011 10:48 AM, derleader mail wrote:
Thank you very much for the reply. The problem is that the encryption
and decryption must be on separate machines. I need a way to take the
size of the encrypted message using language function like strlen(). Is
there other solution?
Are you designi
On 4/20/2011 1:18 AM, Luc Perthuis wrote:
Hi all,
I'm specially interested on finding a way to uniquely identify rather
small data chunks (less than or equal to 128*1024 bytes in size) without
using a byte per byte compare.
Is there any theoretical proof for a "good" selection of 2 HASH
(comput
On 4/13/2011 2:35 AM, pattabi raman wrote:
*1. If I can't use sprintf then how can I copy the enrypted message to a
character buffer. Bcoz so far I am sending the request to middleware in
Char Buffer using TCP /IP socket. How can I able to achieve now.*
**
If you don't know how to copy bytes o
On 4/11/2011 6:36 PM, Adrian D. Sacrez wrote:
> I'm fairly new to OpenSSL. How do I convert the rsa generated
> ry rsa_keygen_ex() into a public and private key?
> Is there a way to do that?
I assume you mean RSA_generate_key_ex. It already is. The purpose of
this function is to generate a new
On 4/10/2011 3:03 PM, Anton Vodonosov wrote:
The question: if I provide locking_callback, will it be called only from the
threads where I invoke OpenSSL functions,
or OpenSSL may call it from some private/internal threads not created by me?
Since there's no callback to create a thread, OpenSS
command to install or 'present' the
client cert now...
Client key AND cert. See my reply 03-29 21:56.
> - Original Message -
> From: "David Patricola"
> To: openssl-users@openssl.org
> Sent: Wednesday, March
On 3/30/11 8:33 AM, Crypto Sal wrote:
David:
Firefox caches that information, so that it can use them later if you
view a similar certificate hierarchy.
If you view the Firefox Certificate Manager you should see "Software
Security Device" vs. that of "Built in Object"
riginal Message -----
From: "David Patricola"
To: openssl-users@openssl.org
Sent: Wednesday, March 30, 2011 9:32:36 AM
Subject: RE: Truststore or Cacerts file?
Ok, I've modified my import as follows: E:\JRun4\jre\bin>keytool -importcert
-alias dca -file E:\Jrun4\jre\lib\security\ro
ject: Re: Truststore or Cacerts file?
David,
You may get some ambiguous answers to - ultimately - a PG question on the
SSL list... Yes, in a _standard_ PostgreSQL SSL setting, in which libpq is
reading the certs from _default_ positions, the root.crt, postgresql.crt and
postgresql.key are
bscribe to!
_
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Lou Picciano
Sent: Wednesday, March 30, 2011 8:55 AM
To: openssl-users@openssl.org
Subject: Re: Truststore or Cacerts file?
David,
You may get some ambiguous answers to - ulti
101 - 200 of 1807 matches
Mail list logo