SSL_read performance problem
Hi, I have a client and a server using SSL to communicate. the crypto is 3DES-CBC-SHA When the client send message with length < 1989 bytes, the SSL_read on server spend about 10 ms. When the client send message with length > 1989 bytes, the SSL_read on server spend about 200 ms. This is a big difference that I can explain except that TCP cut message when they are to big ( > about 2000 bytes long) Do you have any ideas. Thanks, Jean Pierre _ GRAND JEU SMS : Pour gagner un NOKIA 7650, envoyez le mot IF au 61321 (prix d'un SMS + 0.35 euro). Un SMS vous dira si vous avez gagné. Règlement : http://www.ifrance.com/_reloc/sign.sms __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL_read performance problem
Hi, I have a client and a server using SSL to communicate. the crypto is 3DES-CBC-SHA When the client send message with length < 1989 bytes, the SSL_read on server spend about 10 ms. When the client send message with length > 1989 bytes, the SSL_read on server spend about 200 ms. This is a big difference that I can explain except that TCP cut message when they are to big ( > about 2000 bytes long) Do you have any ideas. Thanks, Jean Pierre _ GRAND JEU SMS : Pour gagner un NOKIA 7650, envoyez le mot IF au 61321 (prix d'un SMS + 0.35 euro). Un SMS vous dira si vous avez gagné. Règlement : http://www.ifrance.com/_reloc/sign.sms __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Rep:Client authentication
Hi, Did you give the location of your trusted CA certificates using SSL_CTX_load_verify_locations( ...) ? It's problably not the problem but you did not talk about that... Best regards, Jipé -Message d'origine- De: "Chandrasekhar R S" <[EMAIL PROTECTED]> A: <[EMAIL PROTECTED]> Date: 28/01/03 Objet: Client authentication I am to authenticate a client using his certificate. In my server program, I use SSL_CTX_set_verity(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0) to mandate that client cert should be present. If present, I use SSL_get_peer_certificate(ssl) to retrieve the client cert. In my client program, I use : SSL_CTX_use_certificate_file(CTX,CERTF,SSL_FILETYPE_PEM) SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) calls to load a cert and a key into the client. This is from the documentation I found, from Eric Rescorla's "An introduction to OpenSSL programming" notes. But, everytime, I run the client and the server, the server complains that client hasn't presented a cert. Is something else, needs to be done to get a client cert to the server. I am using openssl-0.9.7 on HPUX (Unix) systems. thankful for any help in this regard. Namaste, R S Chandrasekhar [EMAIL PROTECTED] ISD : 091-080-2051166 Telnet : 847-1166 Phone : 2052427 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] _ Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France _ GRAND JEU SMS : Pour gagner un NOKIA 7650, envoyez le mot IF au 61321 (prix d'un SMS + 0.35 euro). Un SMS vous dira si vous avez gagné. Règlement : http://www.ifrance.com/_reloc/sign.sms __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Rep:Re: IBM 4758 engine status?
Hello, I did not read your conversation from the start but did you try the driver from http://oss.software.ibm.com/developerworks/opensource/4758/index.html ? I very concerned by using the linux driver because I would like to use it under QNX V6 and I don't understand exactly what I need in addition to use the linux driver. Jipé -Message d'origine- De: Arne Ansper <[EMAIL PROTECTED]> A: [EMAIL PROTECTED] Date: 19/12/02 Objet: Re: IBM 4758 engine status? > Do you know if one exists in the open community? I've done a preliminary > port but there are still a few lingering problems... no i do not know. you might try to ask from ibm again. arne __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] _ GRAND JEU SMS : Pour gagner un NOKIA 7650, envoyez le mot IF au 61321 (prix d'un SMS + 0.35 euro). Un SMS vous dira si vous avez gagné. Règlement : http://www.ifrance.com/_reloc/sign.sms _ Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems compiling openssl on solaris 2.6
Hello, Verify if you have the command "ar" on your system. if yes, verify you have the rigth path in your PATH variable the make need it to create the library libcrypto.a Jipé [EMAIL PROTECTED] a écrit : > Hello > > I can not compile openssl-0.9.6g on Sun Solais 2.6. I use GCC 3.2 and make 3.80 > > One error message comes out then I do the make command. > > ./config --prefix=/opt/openssh > No Errors > Configured for solaris-sparcv9-gcc. > > then make command > > + rm -f libcrypto.so.0 > + rm -f libcrypto.so > + rm -f libcrypto.so.0.9.6 > + rm -f libssl.so.0 > + rm -f libssl.so > + rm -f libssl.so.0.9.6 > making all in crypto... > make[1]: Entering directory `/opt/utv/bin/openssl-0.9.6g/crypto' > ( echo "#ifndef MK1MF_BUILD"; \ > echo ' /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \ > echo ' #define CFLAGS "gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM"'; \ > echo ' #define PLATFORM "solaris-sparcv9-gcc"'; \ > echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \ > echo '#endif' ) >buildinf.h > gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM -c -o cryptlib.o cryptlib.c > gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM -c -o mem.o mem.c > gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM -c -o mem_dbg.o mem_dbg.c > gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM -c -o cversion.o cversion.c > gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM -c -o ex_data.o ex_data.c > gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM -c -o tmdiff.o tmdiff.c > gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM -c -o cpt_err.o cpt_err.c > gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM -c -o ebcdic.o ebcdic.c > gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM -c -o uid.o uid.c > ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o >cpt_err.o ebcdic.o uid.o > make[1]: ar: Command not found > make[1]: *** [lib] Error 127 > make[1]: Leaving directory `/opt/utv/bin/openssl-0.9.6g/crypto' > make: *** [sub_all] Error 1 > > ANYONE that no what to do??? > > * > Daniel Olsson > Applikationstekniker UNIX > Telia IT-Service AB Kalmar > Telefon: 0480 - 49 85 54 > Mobil: 0703 - 24 10 24 > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > __ > Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! > Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __ Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How can I get the public key from a key file?
why do you use "openssl genrsa " which only generates private key. Try to use "openssl rsa ..." : It generates RSA key pair (private & public) Jipé [EMAIL PROTECTED] a écrit : > Hello! > > I generate a private key using: > openssl genrsa -out xxx.key 1024 > It contains the private key, but I can get the public key this way: > openssl rsa -in xxx.key -pubout -out yyy.pub > > I can get the private key in a C program using > PEM_read_PrivateKey(..), but I can't find > PEM_read_PublicKey(..) function. > > So the question is, how could I get the public_key into an EVP_PKEY > structure from the generated key file. I would use DSA keys too, so I > would prefer EVP_PKEY struct. > > Thanks: > Peter > > ps.: is it possible, that the private key file contains the public key > too? > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > __ > Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! > Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __ Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]