Re: PEM to DER changes SubjectAltName

2014-05-25 Thread Jean Gelinas 
Thanks all! I believe I'm seeing a display format difference and, as Viktor 
mentioned, not a data format difference. 


Jean Gelinas, Jr. 
2 Paige Drive 
Merrimack, NH 03054 
(603) 370-7397 
jgelina...@comcast.net 

- Original Message -
From: "Viktor Dukhovni"  
To: openssl-users@openssl.org 
Sent: Sunday, May 25, 2014 9:56:58 PM 
Subject: Re: PEM to DER changes SubjectAltName 

On Mon, May 26, 2014 at 01:34:29AM +, Jean Gelinas wrote: 

> I've created a PEM CA/Key using Win32 OpenSSL. Looks great. Went 
> to convert the PEM formatted cert to DER and it seems to have 
> changed the format of the Subject Alternative Name. I'd like to 
> know if this is expected behavior. 

You're mistaken. This is impossible. Conversion from PEM to DER 
is just a matter of converting between base64 encoding of ASN.1 
data and a raw binary form of the same ASN.1 data. There are no 
conversion tools between PEM and DER that are capable of the 
kind of change you describe. Don't confuse differences between 
display formats with differences in the underlying data. 

-- 
Viktor. 
__ 
OpenSSL Project http://www.openssl.org 
User Support Mailing List openssl-users@openssl.org 
Automated List Manager majord...@openssl.org

Re: PEM to DER changes SubjectAltName

2014-05-25 Thread Viktor Dukhovni 
On Mon, May 26, 2014 at 01:34:29AM +, Jean Gelinas wrote:

> I've created a PEM CA/Key using Win32 OpenSSL. Looks great. Went
> to convert the PEM formatted cert to DER and it seems to have
> changed the format of the Subject Alternative Name. I'd like to
> know if this is expected behavior.

You're mistaken.  This is impossible.  Conversion from PEM to DER
is just a matter of converting between base64 encoding of ASN.1
data and a raw binary form of the same ASN.1 data.  There are no
conversion tools between PEM and DER that are capable of the
kind of change you describe.  Don't confuse differences between
display formats with differences in the underlying data.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: PEM to DER changes SubjectAltName

2014-05-25 Thread Salz, Rich 
It just looks like the windows cert viewer displays field names differently.  
No big deal.  Or am I missing something?
/r$


--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz

PEM to DER changes SubjectAltName

2014-05-25 Thread Jean Gelinas 
I've created a PEM CA/Key using Win32 OpenSSL. Looks great. Went to convert the 
PEM formatted cert to DER and it seems to have changed the format of the 
Subject Alternative Name. I'd like to know if this is expected behavior. 


Display of Subject Alternative Name in PEM File: 
X509v3 Subject Alternative Name: email:certify...@dev1.credibledirect-dev.com 


Display of Subject Alternative Name in DER file (read from Windows 7, default 
cert viewer): 
RFC822 Name=certify...@dev1.credibledirect-dev.com 




Used the following command to convert from PEM to DER: 
OpenSSL> x509 -outform der -in 
G:\Credible\49090\Certs\OpenSSLCerts\CertifyDev_Anchor.pem -out 
G:\Credible\49090\Certs\OpenSSLCerts\CertifyDev_Anchor.der 


I've attached the DER and PEM files, if helpful. 


Jean Gelinas, Jr. 
2 Paige Drive 
Merrimack, NH 03054 
(603) 370-7397 
jgelina...@comcast.net 



CertifyDev_Anchor.der
Description: application/x509-ca-cert


CertifyDev_Anchor.pem
Description: application/x509-ca-cert

RE: SSL_CTX_use_PrivateKey_file

2014-05-25 Thread Mody, Darshan (Darshan) 
Seems to be issue with the ceritificate and the oprivate key

SSL error 0 : error:0B080074:x509 certificate 
routines:X509_check_private_key:key values mismatch.

My bad

Thanks a million

Regards
Darshan

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Jeffrey Walton
Sent: Sunday, May 25, 2014 9:28 PM
To: OpenSSL Users List
Subject: Re: SSL_CTX_use_PrivateKey_file

On Sun, May 25, 2014 at 11:39 AM, Viktor Dukhovni  
wrote:
> On Sun, May 25, 2014 at 11:28:04AM -0400, Jeffrey Walton wrote:
>
>> > sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
>> > if ( sip_trp_ssl_ctx == NULL ) {
>> > ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
>> > return SSL_INIT_ERROR;
>> > }
>>
>> Well, EC support was added to SSL/TLS at TLS 1.2.
>
> That's not the case.  ECDSA and ECDHE predate TLSv1.2.  Full support 
> for EC in OpenSSL starts in OpenSSL 1.0.0, while support for TLSv1.2 
> was added in 1.0.1 IIRC.
>
Indeed. RFC 4492 (ECC for TLS) from May 2006 states it applies to TLS
1.0 and above.

My bad.

Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSL_CTX_use_PrivateKey_file

2014-05-25 Thread Jeffrey Walton 
On Sun, May 25, 2014 at 11:39 AM, Viktor Dukhovni
 wrote:
> On Sun, May 25, 2014 at 11:28:04AM -0400, Jeffrey Walton wrote:
>
>> > sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
>> > if ( sip_trp_ssl_ctx == NULL ) {
>> > ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
>> > return SSL_INIT_ERROR;
>> > }
>>
>> Well, EC support was added to SSL/TLS at TLS 1.2.
>
> That's not the case.  ECDSA and ECDHE predate TLSv1.2.  Full support
> for EC in OpenSSL starts in OpenSSL 1.0.0, while support for TLSv1.2
> was added in 1.0.1 IIRC.
>
Indeed. RFC 4492 (ECC for TLS) from May 2006 states it applies to TLS
1.0 and above.

My bad.

Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Re?: How to make a secure tcp connection without using certificate

2014-05-25 Thread Viktor Dukhovni 
On Sun, May 25, 2014 at 02:22:34PM +0200, Hanno B?ck wrote:

> > Typically, leaving SSLv3 enabled is just fine if both ends support
> > something stronger they'll negotiate that.
> 
> That's not always true.

In a browser fallback (only relevant here if the OP is implementing
an HTTP server) nothing stronger is advertised by the client.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSL_CTX_use_PrivateKey_file

2014-05-25 Thread Matt Caswell 


On 25/05/14 14:40, Mody, Darshan (Darshan) wrote:
> I use below command
> 
> openssl ecparam -out key.pem -name prime256v1 -genkey. I am using another 3rd 
> Party tool SIPp.  Below is the method that sets the SSL CTX
> 

Whilst I don't think its the cause of your problem, I would suggest
adding -noout to the above command (prevents both the parameters and the
key being written out separately to the key file, which is probably not
what you intended).

I took your code and stripped it down to just the code to load the
private key. I also created a key file using the command line you
provided. My code below.

This works fine. What error are you seeing, and what version of openssl
are you using.

Matt


#include 

#define ERROR   printf
#define SSL_INIT_ERROR -1
#define SSL_INIT_NORMAL 0

typedef int ssl_init_status;

static char *tls_key_name = "key.pem";

ssl_init_status FI_init_ssl_context (void)
{
SSL_CTX *sip_trp_ssl_ctx;

sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
if ( sip_trp_ssl_ctx == NULL ) {
ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
return SSL_INIT_ERROR;
}

if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx,
 tls_key_name,
 SSL_FILETYPE_PEM ) != 1 ) {
ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file failed");
return SSL_INIT_ERROR;
}

printf("Success\n");

return SSL_INIT_NORMAL;
}

int main(void)
{
ssl_init_status ret;

SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
ret = FI_init_ssl_context();
}
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSL_CTX_use_PrivateKey_file

2014-05-25 Thread Viktor Dukhovni 
On Sun, May 25, 2014 at 11:28:04AM -0400, Jeffrey Walton wrote:

> > sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
> > if ( sip_trp_ssl_ctx == NULL ) {
> > ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
> > return SSL_INIT_ERROR;
> > }
> 
> Well, EC support was added to SSL/TLS at TLS 1.2.

That's not the case.  ECDSA and ECDHE predate TLSv1.2.  Full support
for EC in OpenSSL starts in OpenSSL 1.0.0, while support for TLSv1.2
was added in 1.0.1 IIRC.

$ openssl ciphers -v 'aECDSA:!TLSv1.2'
ECDHE-ECDSA-AES256-SHA   SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-AES128-SHA   SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-ECDSA-RC4-SHA  SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128)  Mac=SHA1
ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None  Mac=SHA1

$ openssl ciphers -v 'aECDSA+TLSv1.2'
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128)  Mac=SHA256

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSL_CTX_use_PrivateKey_file

2014-05-25 Thread Jeffrey Walton 
> sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
> if ( sip_trp_ssl_ctx == NULL ) {
> ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
> return SSL_INIT_ERROR;
> }

Well, EC support was added to SSL/TLS at TLS 1.2.

You did not include the error you are receiving.

Jeff

On Sun, May 25, 2014 at 9:40 AM, Mody, Darshan (Darshan)
 wrote:
> I use below command
>
> openssl ecparam -out key.pem -name prime256v1 -genkey. I am using another 3rd 
> Party tool SIPp.  Below is the method that sets the SSL CTX
>
> ssl_init_status FI_init_ssl_context (void)
> {
> sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
> if ( sip_trp_ssl_ctx == NULL ) {
> ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
> return SSL_INIT_ERROR;
> }
>
> sip_trp_ssl_ctx_client = SSL_CTX_new( TLSv1_method() );
> if ( sip_trp_ssl_ctx_client == NULL) {
> ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
> return SSL_INIT_ERROR;
> }
>
> /*  Load the trusted CA's */
> SSL_CTX_load_verify_locations(sip_trp_ssl_ctx, tls_cert_name, NULL);
> SSL_CTX_load_verify_locations(sip_trp_ssl_ctx_client, tls_cert_name, 
> NULL);
>
> /*  CRL load from application specified only if specified on the command 
> line */
> if (strlen(tls_crl_name) != 0) {
> if(sip_tls_load_crls(sip_trp_ssl_ctx,tls_crl_name) == -1) {
> ERROR("FI_init_ssl_context: Unable to load CRL file (%s)", 
> tls_crl_name);
> return SSL_INIT_ERROR;
> }
>
> if(sip_tls_load_crls(sip_trp_ssl_ctx_client,tls_crl_name) == -1) {
> ERROR("FI_init_ssl_context: Unable to load CRL (client) file 
> (%s)", tls_crl_name);
> return SSL_INIT_ERROR;
> }
> /* The following call forces to process the certificates with the */
> /* initialised SSL_CTX*/
> SSL_CTX_set_verify(sip_trp_ssl_ctx,
>SSL_VERIFY_PEER |
>SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
>sip_tls_verify_callback);
>
> SSL_CTX_set_verify(sip_trp_ssl_ctx_client,
>SSL_VERIFY_PEER |
>SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
>sip_tls_verify_callback);
> }
>
>
> /* Selection Cipher suits - load the application specified ciphers */
> SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx,
>(void *)CALL_BACK_USER_DATA );
> SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx_client,
>(void *)CALL_BACK_USER_DATA );
> SSL_CTX_set_default_passwd_cb( sip_trp_ssl_ctx,
>passwd_call_back_routine );
> SSL_CTX_set_default_passwd_cb( sip_trp_ssl_ctx_client,
>passwd_call_back_routine );
>
> if ( SSL_CTX_use_certificate_file(sip_trp_ssl_ctx,
>   tls_cert_name,
>   SSL_FILETYPE_PEM ) != 1 ) {
> ERROR("FI_init_ssl_context: SSL_CTX_use_certificate_file failed");
> return SSL_INIT_ERROR;
> }
>
> if ( SSL_CTX_use_certificate_file(sip_trp_ssl_ctx_client,
>   tls_cert_name,
>   SSL_FILETYPE_PEM ) != 1 ) {
> ERROR("FI_init_ssl_context: SSL_CTX_use_certificate_file (client) 
> failed");
> return SSL_INIT_ERROR;
> }
> if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx,
>  tls_key_name,
>  SSL_FILETYPE_PEM ) != 1 ) {
> ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file failed");
> return SSL_INIT_ERROR;
> }
>
> if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx_client,
>  tls_key_name,
>  SSL_FILETYPE_PEM ) != 1 ) {
> ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file (client) 
> failed");
> return SSL_INIT_ERROR;
> }
>
> return SSL_INIT_NORMAL;
> }
>
> -Original Message-
> From: owner-openssl-us...@openssl.org 
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell
> Sent: Sunday, May 25, 2014 6:31 PM
> To: openssl-users@openssl.org
> Subject: Re: SSL_CTX_use_PrivateKey_file
>
> On 25/05/14 13:11, Mody, Darshan (Darshan) wrote:
>>
>> When I try to  read the EC Private Key file I get an error from the
>> openssl.
>>
>> Is there another way to use the Elliptic curved Private key. Please
>> note that I generate the Public and Private keys via the command lines
>> and use the public-private key in my program
>>
>
> I think we need a bit more to go on.
>
> Can you post the commands you used to generate your keys, the error you are 
> get

Where is PKCS7_free defined?

2014-05-25 Thread Han Sooloo 
Trying to understand how the crl2p7.c application allocates PKCS7 pointers.  I 
see the PKCS7_new() function and it makes sense.

However, I cannot find the definition of PKCS7_free().  The only place it shows 
up is in libeay.num as "PKCS7_free  444 
EXIST::FUNCTION:”

2 questions:
1. What does the above declaration in libeay.num mean?
2. What is the definition of PKCS7_free()?  How does it free memory pointed to 
by a PKCS7 data structure?


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: SSL_CTX_use_PrivateKey_file

2014-05-25 Thread Mody, Darshan (Darshan) 
I use below command

openssl ecparam -out key.pem -name prime256v1 -genkey. I am using another 3rd 
Party tool SIPp.  Below is the method that sets the SSL CTX

ssl_init_status FI_init_ssl_context (void)
{
sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
if ( sip_trp_ssl_ctx == NULL ) {
ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
return SSL_INIT_ERROR;
}

sip_trp_ssl_ctx_client = SSL_CTX_new( TLSv1_method() );
if ( sip_trp_ssl_ctx_client == NULL) {
ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
return SSL_INIT_ERROR;
}

/*  Load the trusted CA's */
SSL_CTX_load_verify_locations(sip_trp_ssl_ctx, tls_cert_name, NULL);
SSL_CTX_load_verify_locations(sip_trp_ssl_ctx_client, tls_cert_name, NULL);

/*  CRL load from application specified only if specified on the command 
line */
if (strlen(tls_crl_name) != 0) {
if(sip_tls_load_crls(sip_trp_ssl_ctx,tls_crl_name) == -1) {
ERROR("FI_init_ssl_context: Unable to load CRL file (%s)", 
tls_crl_name);
return SSL_INIT_ERROR;
}

if(sip_tls_load_crls(sip_trp_ssl_ctx_client,tls_crl_name) == -1) {
ERROR("FI_init_ssl_context: Unable to load CRL (client) file (%s)", 
tls_crl_name);
return SSL_INIT_ERROR;
}
/* The following call forces to process the certificates with the */
/* initialised SSL_CTX*/
SSL_CTX_set_verify(sip_trp_ssl_ctx,
   SSL_VERIFY_PEER |
   SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
   sip_tls_verify_callback);

SSL_CTX_set_verify(sip_trp_ssl_ctx_client,
   SSL_VERIFY_PEER |
   SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
   sip_tls_verify_callback);
}


/* Selection Cipher suits - load the application specified ciphers */
SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx,
   (void *)CALL_BACK_USER_DATA );
SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx_client,
   (void *)CALL_BACK_USER_DATA );
SSL_CTX_set_default_passwd_cb( sip_trp_ssl_ctx,
   passwd_call_back_routine );
SSL_CTX_set_default_passwd_cb( sip_trp_ssl_ctx_client,
   passwd_call_back_routine );

if ( SSL_CTX_use_certificate_file(sip_trp_ssl_ctx,
  tls_cert_name,
  SSL_FILETYPE_PEM ) != 1 ) {
ERROR("FI_init_ssl_context: SSL_CTX_use_certificate_file failed");
return SSL_INIT_ERROR;
}

if ( SSL_CTX_use_certificate_file(sip_trp_ssl_ctx_client,
  tls_cert_name,
  SSL_FILETYPE_PEM ) != 1 ) {
ERROR("FI_init_ssl_context: SSL_CTX_use_certificate_file (client) 
failed");
return SSL_INIT_ERROR;
}
if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx,
 tls_key_name,
 SSL_FILETYPE_PEM ) != 1 ) {
ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file failed");
return SSL_INIT_ERROR;
}

if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx_client,
 tls_key_name,
 SSL_FILETYPE_PEM ) != 1 ) {
ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file (client) 
failed");
return SSL_INIT_ERROR;
}

return SSL_INIT_NORMAL;
}

Thanks in Advance

Regards
Darshan

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Matt Caswell
Sent: Sunday, May 25, 2014 6:31 PM
To: openssl-users@openssl.org
Subject: Re: SSL_CTX_use_PrivateKey_file



On 25/05/14 13:11, Mody, Darshan (Darshan) wrote:
> Hi,
> 
>  
> 
> When I try to  read the EC Private Key file I get an error from the 
> openssl.
> 
>  
> 
> Is there another way to use the Elliptic curved Private key. Please 
> note that I generate the Public and Private keys via the command lines 
> and use the public-private key in my program
> 

I think we need a bit more to go on.

Can you post the commands you used to generate your keys, the error you are 
getting, and the code you are using to read the private key?

Thanks

Matt


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List

Re: SSL_CTX_use_PrivateKey_file

2014-05-25 Thread Matt Caswell 


On 25/05/14 13:11, Mody, Darshan (Darshan) wrote:
> Hi,
> 
>  
> 
> When I try to  read the EC Private Key file I get an error from the
> openssl.
> 
>  
> 
> Is there another way to use the Elliptic curved Private key. Please note
> that I generate the Public and Private keys via the command lines and
> use the public-private key in my program
> 

I think we need a bit more to go on.

Can you post the commands you used to generate your keys, the error you
are getting, and the code you are using to read the private key?

Thanks

Matt


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Re?: How to make a secure tcp connection without using certificate

2014-05-25 Thread Hanno Böck 
On Fri, 23 May 2014 16:32:15 +
Viktor Dukhovni  wrote:

> On Fri, May 23, 2014 at 06:11:05PM +0200, nicolas@free.fr wrote:
> 
> > use at the very least TLSv1 (and preferably TLSv1_2) protocol if
> > you want to use SSLv23_server_method(), don't forget to disable
> > SSLv2 and 3 protocols (and maybe TLSv1) with the command
> > 
> > SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
> 
> Typically, leaving SSLv3 enabled is just fine if both ends support
> something stronger they'll negotiate that.

That's not always true.

Some clients (e.g. all common browsers) do fallbacks that in fact
can invalidate all improvements of later tls versions.

These fallbacks also can happen by accident (e.g. bad connections) and
sometimes disable features like SNI.

That's why I recommend to everyone that we need at least to deprecate
SSLv3.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature

SSL_CTX_use_PrivateKey_file

2014-05-25 Thread Mody, Darshan (Darshan) 
Hi,

When I try to  read the EC Private Key file I get an error from the openssl.

Is there another way to use the Elliptic curved Private key. Please note that I 
generate the Public and Private keys via the command lines and use the 
public-private key in my program

Thanks
Darshan