Re: [openssl-users] big endian vs little endian
It’s not endianness, it’s random data in the encrypted stream. Try encrypting the same file (and password) twice on the same host. Try decrypting it. Everything will work right. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] big endian vs little endian
When I attempt to encrypt the same text file with the command " openssl bf tfile.bin" I get different results on big endian machines vs little endian machines. Is this the expected result? If so how do you share encrypted data between big endian and little endian machines Thanks -- *Samuel A Horwitz* *sahorw...@gmail.com * -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] It reported verify error:num=20:unable to get local issuer certificate in my embedded linux device, when I used the openssl command
Hi Jakob & Michael & openssler, The openssl can work well now. I just used the date command to reset my system time. And then it can return OK value now. Although I didn't try it in the latest openssl1.1.0c. In my embedded linux device, I didn't initialize the time. And there is no RTC. This issue can be closed. Thank you for all -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] It reported verify error:num=20:unable to get local issuer certificate in my embedded linux device, when I used the openssl command
Hi Jakob & Michael & opensslers, I'm sorry to ask a stupid question. That I found when I used the openssl1.0.1f, it said the error log: --log-- /tmp # ./openssl s_client -connect curl.haxx.se:443 -CAfile ./cacert.pem CONNECTED(0003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify error:num=9:certificate is not yet valid ///new error notBefore=Sep 30 21:12:19 2000 GMT verify return:0 --- Certificate chain 0 s:/CN=anja.haxx.se i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -BEGIN CERTIFICATE- .. -END CERTIFICATE- subject=/CN=anja.haxx.se issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 --- No client certificate CA names sent --- SSL handshake has read 3148 bytes and written 445 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES128-GCM-SHA256 Session-ID: FD6ABFB426CC33309DBEA4078A4D24A07D5A80A5093AB771504CEBEFDE022706 Session-ID-ctx: Master-Key: 49725D111EC25DD193FB59E485CE32D5E0F3AD6E3269FF6617B2BC4E44ED7E4CCDDC6B05D799B69EA0FF6D974C54EBDE Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: Start Time: 2002 /// time 2002 Timeout : 300 (sec) Verify return code: 9 (certificate is not yet valid) --- closed - Is this error occurred by the system clock of my platform? Actually, I didn't do anything to synchronize time in my platform(no NTP). Would this be a reason for my first issue and this issue? I'm trying to do NTP now. Thanks -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] It reported verify error:num=20:unable to get local issuer certificate in my embedded linux device, when I used the openssl command
Hi Michael & opensslers, > So: either there's more than one certificate in cacert-2016-11-02.pem, or OpenSSL on the PC is searching its default CA certificate directory in addition to cacert-2016-11-02.pem. Since we don't know what's > actually in cacert-2016-11-02.pem, we can't provide much further help. It seems there are many certificates in the cacert-2016-11-02.pem. A lot. -cacert-2016-11-02.pem GlobalSign Root CA == -BEGIN CERTIFICATE- ... -END CERTIFICATE- GlobalSign Root CA - R2 === -BEGIN CERTIFICATE- .. -END CERTIFICATE- Verisign Class 3 Public Primary Certification Authority - G3 -BEGIN CERTIFICATE- -END CERTIFICATE- Entrust.net Premium 2048 Secure Server CA = -BEGIN CERTIFICATE- ... -END CERTIFICATE- Baltimore CyberTrust Root = -BEGIN CERTIFICATE- ... -END CERTIFICATE- ..so on... -- > Note that if there are multiple certificates in cacert-2016-11-02.pem, you'll have to split them up into separate files and create the correct hash link for each one, if you want to use a certificate directory. Should I need to do this? >"< Because other people(in the internet) used this pem file, have no problem. They didn't separate it. And there are so many certificates. And is this step right ? 1. /tmp # ./openssl x509 -hash -fingerprint -noout -in /home/georgeyang/workspace/speech_code/openssl/openssl/final /certs/cacert-2016-11-02.pem 5ad8a5d6 SHA1 Fingerprint=B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52: A4:1D:82:9C 2. /etc/ssl/certs # ln -s /home/georgeyang/workspace/spe ech_code/openssl/openssl/final/certs/cacert-2016-11-02.pem 5ad8a5d6.0 I will split them like this later. > Did you actually capture that, or did you retype it? Because it's not valid openssl x509 output. Note that it doesn't match what you reported from the PC: In the paltform, the openssl version is 1.1.0c. And in my PC, the openssl version is 1.0.1f. Today, I have rebuild the openssl1.0.1f for my paltform again. Although it was still NG. And the log is the same as the PC now: /tmp # ./openssl x509 -subject -noout -in /home/georgeyang/workspace/ speech_code /openssl/final/openssl/certs/cacert-2016-11-02.pem subject= /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA /tmp # Thank you very much -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users