Hello
wow this is pretty awesome you should give it a look http://www.finance15dynews.net/biz/?read=9799495 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
FWD:
wow this is crazy check it out http://www.finance15elnews.net/biz/?page=7115048 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Hey
wow this is awesome give it a look http://www.finance15cinews.net/biz/?employment=0410777 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
fwd:
wow this is pretty crazy you should check it out http://www.thanews.net/biz/?employment=8003005 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RE: OpenSSL 1.0.1a
This error has caught a lots of people, I think it deserved a new version release to fixed this bug. Or at least saying 1.0.1a is not suitable for not x86 platform on the web page and offering the daily snap as a work around. As from the website, 1.0.1a is the latest released, and it contains such an fatal error, seems it will damage the image of the project. -- qun-ying - Original Message - > From: Peter Heimann > To: openssl-users@openssl.org > Cc: "Spence, Thomas CIV USAF AFDW 844 CS/SCOX" > Sent: Wednesday, April 25, 2012 12:08:45 AM > Subject: Re: RE: OpenSSL 1.0.1a > > On 01/-10/-28163 08:59 PM, Spence, Thomas CIV USAF AFDW 844 CS/SCOX wrote: >> I am using AIX 5.3 with gcc 4.3.5. > >> ld: 0711-317 ERROR: Undefined symbol: OPENSSL_ia32cap_P > > I had the same problem with the file crypto/evp/e_rc4_hmac_md5.c. > Linking on non-x86 hardware failed. > Try to replace this file with a newer version from > openssl-1.0.1-stable-SNAP-20120420.tar.gz (or a later snapshot). > > -- > Peter Heimann > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
would like to get some clearification on CVE-2011-4619
Hi, Regarding this SGC-Restart DoS Attack (CVE-2011-4619), does it require the server to use the SGC certificate or it doesn't matter what kind of certificate is used by the server? -- Qunying
Re: Why CVS?
Hi, It seems there is an effort to provide a git repository: http://repo.or.cz/w/mirror-openssl.git Qunying __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Should DTLS causing program abort when getting an incorrectly formatted fragment?
Hi,
While working on DTLS, in d1_both.c:dtls1_get_message_fragment():787~866
There are calls to OPENSSL_assert (line 787):
/* read handshake message header */
i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,
DTLS1_HM_HEADER_LENGTH, 0);
if (i <= 0) /* nbio, or an error */
{
s->rwstate=SSL_READING;
*ok = 0;
return i;
}
OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
...
and line 866:
/* XDTLS: an incorrectly formatted fragment should cause the
* handshake to fail */
OPENSSL_assert(i == (int)frag_len);
The two calls causing program to abort when incorrectly formatted fragment is
received. Does it really so serious that a program restart is needed?
At the end of the function, there is an error label (line 904)
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
s->init_num = 0;
*ok=0;
return(-1);
}
The above two test could goto f_err in stead of aborting the whole program.
>From a user point of view, the abort is not good, it is not so an fatal error
>from my understanding. Please enlighten me if I miss something.
--
qun-ying
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
About client certification verification
Hi, I would like to clarify if SSL server request client to send certification, and does not do the verification in OpenSSL (verification error is ignored, and certificate is verified somewhere else), will the client certificate still participate in the negotiation of keys? Thanks -- qun-ying __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: where is the memory being held
I found a solution without hacking into the library itself. Since my system is running glibc, I forced all mem request to use mmap with mallopt(M_MMAP_THRESHOLD, 0), which release the memory back to the system when free is called, testing shows so far so good. -- qun-ying - Original Message > From: David Schwartz > To: openssl-users@openssl.org > Cc: Scott Neugroschl > Sent: Tue, September 28, 2010 3:08:48 PM > Subject: Re: where is the memory being held > > On 9/27/2010 4:13 PM, Scott Neugroschl wrote: > > As David said, yes. > > On the other hand, you could re-implement malloc() and free() for your > > platform. > > There's really no way to make that help very much. It might help a little, > but >the fundamental problem is this: > > If you want to implement each 'malloc' so that a later 'free' can return the >memory to the operating system, you can. But that requires rounding up even >small allocations to at least a page, which increases your memory footprint. > > If you don't implement each 'malloc' that way, you still wind up with the >problem that one small allocation that has not been freed in the middle of a >bunch of larger allocations that have been freed prevents you from returning >any of the memory used by the larger allocations to the operating system. > > Generally, what you need are algorithms designed for low memory footprint > and >a way to 'group' allocations that will tend to be freed as a unit (such as >those related to a single SSL session) such that when they are all freed, the >memory can be returned to the OS. OpenSSL simply is not designed this way. > > You could probably hack OpenSSL to pass a pointer to a session object to > calls >to malloc/free (perhaps using TSD) and use that TSD pointer as an allocation >context. That might increase the chances that the whole allocation context is >freed. It may even be sufficient (or at least helpful) just to hook all >OpenSSL >calls to malloc/free and process them from their own arena. > > DS > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: where is the memory being held
Does it mean that it is hard to change the behavior? -- qun-ying --- On Fri, 9/24/10, David Schwartz wrote: > > Sounds like OpenSSL wasn't what you wanted. OpenSSL is > intended for use on general-purpose computers with virtual > memory. It is not designed to return virtual memory to the > system, which in your case means it won't return physical > memory to the system. Ouch. > > DS > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: where is the memory being held
Hi, I think I should clarify something here. The app is running in a small device that does not have virtual memory (no swap space) and the memory is limited (256/512 M). In peek connections, it may use up to 90% of the system memory, and when connection goes down, memory usage is not coming down. This leave very little memory for other part of the system, as this app is only a small part of a bigger system. The memory usage is a big concern as it is always running with the box. So far periodically restart the app is not a good solution. -- qun-ying > This all seems normal. Virtual memory is not normally > considered a > scarce resource and unless the consumption is really > absurd, it's not > worth worrying about. > > Unless your virtual memory use grows linearly with constant > load, it's > generally not worth worrying about. If it grows in an > exponentially > decreasing way with constant load or grows linearly with > increasing peak > load, I wouldn't worry about it at all. > > DS > > __ > OpenSSL Project > > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > > majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
where is the memory being held
Hi, I have an SSL apllication, that it suppose to run for a long time. After some time of running, I found the usage of the memory is growing. I stop all SSL connections and checked all SSL * has been freed but it could not release the memory back to the system. After some investigation, I found there is no memory leak, but seems lot of memory are unable to release back to system. mtrace found out there are quite a lot of fragmented memory being held by the SSL library. I would like to know what could I do to reduce the memory held by SSL library after all connections have been dropped? I am handling the SSL session through share memory myself and that part of the memory is allocated from the start. mallinfo() reports after some test and no connection for a while: system bytes = 28271952 in use bytes = 1809184 non-inuse bytes = 26462768 non-inuse chunks = 81 mmap regions =4 mmap bytes = 1773568 Total (incl. mmap): system bytes = 30045520 in use bytes = 3582752 releasable bytes = 462496 -- qun-ying __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLSv1.2 in openssl
If you just want to study it, gnutls has support TLS1.2, I suppose now most Linux distributions include it by default also. -- qun-ying --- On Tue, 7/14/09, Akos Vandra wrote: > From: Akos Vandra > Subject: Re: TLSv1.2 in openssl > To: openssl-users@openssl.org > Received: Tuesday, July 14, 2009, 1:52 AM > I understand. I know this was intended > as a hint, unfortunately I am but a student, so I cannot > fund the project. > > So I suppose the latest version is TLSv1.0? Or is there > support for TLSv1.1 also? > > Regards, > > Vandra Ákos > > > > 2009/7/13 Dr. Stephen Henson > > On Mon, Jul > 13, 2009, Akos Vandra wrote: > > > > > Hello! > > > > > > How can I invoke openssl s_server and s_client so that > they communicate in > > > TLSv1.2 mode? I can see options only for -tls1, but I > am currently > > > studying&analizing&implementing tls1.2, so I > would need them to communicate > > > with that protocol. > > > > > > > Not currently supported by OpenSSL. Due to the > need to pay the bills funded > > tasks take priority and nobody so far had offered to fund > TLS v1.2 support. > > > > Steve. > > -- > > Dr Stephen N. Henson. OpenSSL project core developer. > > Commercial tech support now available see: http://www.openssl.org > > __ > > OpenSSL Project > http://www.openssl.org > > User Support Mailing List openssl-us...@openssl.org > > Automated List Manager > majord...@openssl.org > > > > __ Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
verifying CRL with critical extensions
Hi, May I know is the current version of OpenSSL supports verification for CRL with critical extensions? I am currently runing 0.9.7m. Thanks -- qun-ying __ The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: IE could not connect to a chaine-cert's ssl server
Ah, I miss that one. Thanks. -- qun-ying --- On Wed, 2/4/09, Giang Nguyen wrote: > From: Giang Nguyen > Subject: RE: IE could not connect to a chaine-cert's ssl server > To: openssl-users@openssl.org > Received: Wednesday, February 4, 2009, 2:02 PM > i think it's because your "my-cacert.pem" is > not considered a CA: it has "CA:FALSE" > > arch [temp]$ openssl x509 -in my-cacert.pem > -BEGIN CERTIFICATE- > MIIC9jCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJDQTET > MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ > dHkgTHRkMRAwDgYDVQQDEwdteS1yb290MR8wHQYJKoZIhvcNAQkBFhByb290QHdp > ZGdpdHMuY29tMB4XDTA5MDIwNDAxNTA1MloXDTEyMDIwNDAxNTA1MloweDELMAkG > A1UEBhMCQ0ExEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0 > IFdpZGdpdHMgUHR5IEx0ZDEQMA4GA1UEAxMHbXktcm9vdDEfMB0GCSqGSIb3DQEJ > ARYQcm9vdEB3aWRnaXRzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA > sFZr5Htj5VUc69iYiFaRGGCQvsgrCw6kJFo9DZVRkMvmDYwpZ8vVg6H/l1xL+mWA > Ur2T/z32JvLKPEH7DyXzQehdVFjVxS2zmfdIOI8P7CMH3pOuhiko8vPc+xhS5a4q > 6Khvryx0n88RB1xj58WKtW9Op9FsG0ASE33Kh4oRhtMCAwEAAaOBjzCBjDAJBgNV > HRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDAsBglghkgBhvhCAQ0EHxYdT3BlblNT > TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDKh9W+fw4bPij+S9LXC > m/RIl2xEMB8GA1UdIwQYMBaAFDKh9W+fw4bPij+S9LXCm/RIl2xEMA0GCSqGSIb3 > DQEBBQUAA4GBAKt7JnTmCzTQTw+bKtgkpR50Dw2wpQwL2pjYtVfRXX4eBcvgvLtY > BAktaD03TN1ZKurZX6dWY0n9GP2nwUIQfkkQdXVlkOE//EiObPj6A0knzn2Rc/Cl > nVgkYYWsQ122359RC8/1N+piN0XZrxM9JIfl9wcij71HZAeueddl3olF > -END CERTIFICATE- > arch [temp]$ > arch [temp]$ openssl x509 -in my-cacert.pem -text | grep > -A1 Constra > X509v3 Basic Constraints: > CA:FALSE > arch [temp]$ > > the openssl verify command succeeds, but i think it's > because it's more lenient > (http://openssl.org/docs/apps/verify.html#) > _ > Windows Live™: E-mail. Chat. Share. Get more ways to > connect. > http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_allup_howitworks_022009__ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > majord...@openssl.org __ Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
IE could not connect to a chaine-cert's ssl server
Hi, I try to test out some chained certificates with web server. My setup is as follow: my-cacert.pem <== my ca certificate level1.cert <= my level1 certificate signed by my ca level1.key <= my level1's key file level2.pem <= my level2 certificate use as a server side certificate ca.pem <= include my-cacert.pem and level1.cert as a chained CA source for the sslserver. I have installed my-cacert.pem into IE/firefox as trusted CA. When using IE7 to connect, I always get "Internet Explorer cannot display the webpage". and nothing happened. When using firefox, it informs me that it is "an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown." I would like to know is there anything wrong with my generated certificates? Attached also the network capture for IE7 connection. It seems IE FIN the connection. Server: Linux lighttpd 1.4.19 Client: Windows XP, IE7, firefox 3.0.3 Actually, I try Aapche 2.x also, same result. Thanks for your help! -- qun-ying __ Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com ca.pem Description: Binary data chained-cert.pcap Description: Binary data level1.cert Description: Binary data level1.key Description: Binary data level2.pem Description: Binary data my-cacert.pem Description: Binary data lighttpd.conf Description: Binary data
Re: Time Diff?
Averroes wrote: > Hi all, > > Perhaps someone noticed this: > > When I create a certificate there is difference > between system (OS) time and creation time of certificate. > Approximately one hour. > > > certificate info: > Validity > Not Before: Sep 14 09:57:24 2001 GMT > Not After : Sep 13 09:57:24 2006 GMT --> GMT time > and immediately after signing: > Fri Sep 14 10:58:32 BST 2001 ---> local time zone > > Any ideas? > > Regards > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: JAVA/JNI Wrapper for OpenSSL.
the Java thread dump gives a lot of information unralted(I don't know how to interprete it either). try to insert a lot of debug print in your C code and find out exactly where it fails and check every return code from the OpenSSL library calll, from there it is much easier to find the problem.. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: JAVA/JNI Wrapper for OpenSSL.
app_RAND_load_file() is not in the library. it is only a function used in the openssl command tool. you can get the function definition in apps/app_rand.c __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: JAVA/JNI Wrapper for OpenSSL.
what platform/compiler are you running? take note of the order you supply the library. move the -lcrypto to the last of your link command may solve your problem. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Netscape 6.01 and SSL: crash?
Don't use Netscape 6.01! Use Mozilla in stead (latest milestone is 0.8). It is much more stable and with features that Netscape does not have. -- (~._.~) Öì Ⱥ Ó¢ ¦¶ ¸s ^ (Qun-Ying) (65) 874-6643 ( O ) ()~*~() (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Installation problem with mingw32 on NT4 SP4
I used to get this kind of error. Active perl seems not working quite well together with cygwin/mingw32. Try to get a perl version for cygwin. QUERAN LOIC wrote: > > --- Reçu de CMB.QUERALO 0298002339 13-12-00 10.29 > > I try to install OpenSSL 0.9.6 with gcc 2.95.2, make 3.76.1 and Active Perl > 5.6.0 620 as indicated in install.w32. > > I obtain the followin error message : > "gcc: .cryptocryptlib.c: No such file or directory" > although make issues "gcc -o tmp\cryptlib.o -Ioutinc -Itmp -O3 -fomit- > frame-pointer -DDSO_WIN32 -c .\crypto\cryptlib.c" and crypto\cryptlib.c > exists. Why can't it properly read the "\"s ? > > Thanks in advance for any help. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
strange result from i2d_X509()
Hi, I am trying to create a X509 certificate and store the result in a memory location for later usage. But the result return from i2d_X509() is wrong. I can get the correct result if I write the X509 structure through either PEM_write_X509() or i2d_X509_bio(). I am running OpenSSL 0.9.6 under Slackware 7.1 with gcc 2.95.2. The process: X509 *x; char *buffer; int len; . X509 contain a valid certificate len = i2d_X509(x, NULL); buffer = malloc(len); len = i2d_X509(x, &buffer); ... The result in buffer is not correct. Is anything wrong with the process? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Q: not understand the meaning of codes in apps/x509.c
Hi, While going through the code in apps/x509.c, in line:979, function x509_certify(). What does the 3 lines do? It seems useless for the upkey is free after parameters being copied to? As int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); is defined as copy from the second argument to the first. What are the normal sequences of function calls (roughly) to certify a certificate request? Thanks __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: signed after/before encryption?
I am sorry for my unclear questions. In a scenario that the signature is stored in PKCS#7 format which is encrypted with the recipient's public key. While the data is encrypted with 3DES. If the data are to be stored in its encryption form and only decrypted when its in use, does the verification of encrypted data's signature have the same level of security of the decrypted data's signature? The reason for this is that if the data have been corrupted, there is no point to decrypt them. -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6643 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
signed after/before encryption?
While normally the original data before encryption gets signed, what is the effect of signing the encrypted data? In this form, the verification can take place without decrypting the data. Any pros and cons of this method? Thanks -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6643 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Base64 in MIME file...is really required?
After you create the base 64 BIO, set the following flag, BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); to parse the input without linefeed. -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Newbie question: Compiling OpenSSL under VC++ 6.0
In your VC installation, you should be able to found a batch file under C:\progra~1\micros~2\vc98\bin, it is named "vcvars32.bat", just run the batch file under your DOS prompt, it will setup all the environment for you. -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Private Keys and PKCS#12
Marco Donati wrote: > > > I generate the key, then use it to sign a certificate request (PKCS#10). > The PKCS#10 is sent to a CA. > When the certificate is issued by the CA it is downloaded (via LDAP) and > stored into the original P12 with its key > > I need it in PKCS12 for compatibility with onother application. > You may create a PKCS12 file without a cert. But I am not sure how well it works regards with compatibility and not sure whether it will break anything. I modified the origin p12_crt.c to remove the requiement of a cert. You can see from the attached file that I just commented out the cert. related code. -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] p12_crt.c
Re: Beta1 fail on cygwin32/mingw32 on NT4
As more information on the mingw32 platform: The code needed tlhelp32.h is for win95 only not for NT. the tlhelp32.h is suppose only work in Win95 and later, not in NT at least 4.0. It is said to to be supported under NT 5.0. -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
BIO and proxy?
Hi, I have not dug into the source code yet, but I want to know how to use the proxy support? Does it work transparently with those web proxy server, acting as a tunnel for communication between two sites? Thanks -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) ()~*~() (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ??: RSA pri key storage format
?? wrote: > > no default format. > if you use openssl, pem is default.It is DER encode of you private key, then >base64 it. with addtion alogorithm information, it became .pem file. > PKCS is another format to store one' s certificate of private key or crl. Not >strange, often used by IE, Netscape. It can just store private key. > > The reason you lost your password in converting you private key file because you >have not assign a aloghrithm and a psssword > But the default behavior of the 'openssl rsa' only output PBE on PEM format, for DER is only the plain DER of the key. What are the common format to store private key? Is PKCS12 without cert a particle way? or use PKCS5? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
how to make dynamic library for Linux
It seems OpenSSL only support dynamic library on solaris system and dll under Windows. How do I make a dynamic library for Linux? Is there other issue to take care other than change the relevent compile options? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
conver PKCS7 *p7 to DER string?
Hi, If I have the signature generated, how do I convert the p7 into a DER string without writing out to a file? How do I know the size of the buffer to prepare? Thanks -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) ()~*~() (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS7 usage?
Dr S N Henson wrote: > Well it doesn't have to be a file. Any BIO will do. > > The S/MIME API doesn't currently have an init/update/final equivalent > though. > I am facing a problem here: the decrypted data is stored in some strange format (beyond my control), and I have to read in the data into buffer block by block to verify the data. How do I setup such operations? Regards -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs ()~*~() 21 Heng Mui Keng Terrace, Singapore 119613 (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PKCS7 usage?
Hi All, I am little bit confuse on the usage of the PKCS7_* functions. If I have a file that need to be signed and I want the signed data to be separately from the file and store else where. I follow the sign.c example, but get lost a little bit, should I get the digest using EVP_digest*() functions or just use the PKCS7_* functions? Which sequence should I follow? For a sending and receiving scenario, is the X509 * the cert. of the receiver? and EVP_PKEY * the sender's private key? (Referring to signed.c example) Is the sender's cert also need to include in the PKCS7? -- (~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743 ( O ) ()~*~() (_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
