> From: openssl-dev On Behalf Of Nayna Jain
> Sent: Wednesday, June 10, 2015 20:31
> If I have a pem file with private key in that, how do I check if that is
RSA/DSA ?
If it uses a "legacy" format, the BEGIN line specifies the algorithm
-BEGIN RSA PRIVATE KEY-
-BEGIN DSA PRIVATE KEY--
> From: openssl-dev On Behalf Of satish.kumarya...@cognizant.com
> Sent: Wednesday, January 28, 2015 00:08
This is a basic user question, not dev.
> I want to connect with different SSL servers. So I need to load different
Server CA certs into SSL Context.
If the servers are (or may be) using d
> From: openssl-dev On Behalf Of Salz, Rich
> Sent: Thursday, December 18, 2014 07:42
> Are you trying to be proscriptive (say what people should use) or
descriptive
> (document what is in use)?
>
> Yes, PKCS8-based PRIVATE KEY is better. But RSA PRIVATE KEY is in (wide)
> use and should be desc
> [DSAPublicKey] defined where you would expect, in dsa/dsa_asn1.c .
> But it's defined as a "choice" that does either the standard INTEGER
> (from internal BIGNUM) *OR* the above SEQUENCE which is named
> 'dsa_pub_internal' suggesting that it should be internal to OpenSSL
> i.e. not interoperable
> From: openssl-dev On Behalf Of Douglas E Engert
> Sent: Tuesday, December 16, 2014 11:40
> On 12/16/2014 12:18 AM, Philip Prindeville wrote:
> > Is there an easy way to get at the parameter 'y' (DSA->pub_key, which is
a
> BIGNUM *) in ASN.1 format? (See (2) below.)
> > Better yet, how to take t
> From: owner-openssl-...@openssl.org On Behalf Of Stephan Mueller
> Sent: Friday, November 14, 2014 15:00
> I agree allowing to choose an arbitrary e is not so good. However, what
kind
> of threats do you see when we would:
>
> - use 2**16+1 per default
>
> - allow 17 (-F4) as a legacy
>
F4 is
> From: owner-openssl-us...@openssl.org On Behalf Of Marcus Meissner
> Sent: Wednesday, November 05, 2014 04:10
> On Wed, Nov 05, 2014 at 08:28:40AM +, Mody, Darshan (Darshan)
> wrote:
> > Hi,
> >
> > Does Openssl support IPv6 officially?.
>
> AFAIK the libssl and libcrypto libraries do not u
> From: owner-openssl-...@openssl.org On Behalf Of Jeremy Farrell
> Sent: Monday, October 27, 2014 18:23
> This is a question about using OpenSSL, it should be discussed on
> openssl-users not openssl-dev.
> You do not appear to be linking your program against the OpenSSL libraries.
> You need
> From: owner-openssl-...@openssl.org On Behalf Of Kurt Roeckx via RT
> Sent: Thursday, September 11, 2014 13:12
> On Thu, Sep 11, 2014 at 09:32:26AM -0400, Salz, Rich wrote:
> > I think the bug is that we need to ouput a leading zero to avoid confusing
> the number as negative.
>
*On the wire* y
This is not a –dev question, and there’s no need to send three times.
scp uses the SSH protocol. OpenSSL does not implement SSH.
OpenSSH, which is a different product from a different source, implements
SSH, although in their design the scp program doesn’t do any comms at all,
it just pipe
> From: owner-openssl-...@openssl.org On Behalf Of Igor Levicki via RT
> Sent: Monday, August 18, 2014 15:10
> [serial number sometimes has extra 00 byte]
> depending on whether the sign bit is set or not.
>
Yes. Decades ago X.509 defined serialNumber in ASN.1 as INTEGER,
which is two's-compleme
> From: owner-openssl-...@openssl.org On Behalf Of Benny Baumann
> Sent: Sunday, August 10, 2014 08:44
> Am 09.08.2014 19:24, schrieb Annie Yousar:
> > Hi Ben, you can generate keys with arbitrary exponents using the
> > genpkey command:
> >
> > openssl genpkey -algorithm rsa \ -pkeyopt rsa_keygen
This is almost certainly belongs in -users only, but if I restrict reply it
looks unanswered.
> From: owner-openssl-us...@openssl.org On Behalf Of Nayna Jain
> Sent: Thursday, July 31, 2014 17:37
> We got one of our openssl version upgraded to openssl 1.0.1e version.
> But after that I am facing
I had occasion to check the dgst(1) manpage and found several minor flaws
(in 1.0.1h, haven't tried 1.0.2 yet and don't do repository), a few of which
might benefit from discussion
header and synopses: The list of alg names, (correctly) used as both
dash-options
and (sub)command-names, also us
> From: owner-openssl-...@openssl.org On Behalf Of Shane Stump
> Sent: Wednesday, May 28, 2014 20:43
> When I use the CSR (root.pem) file a customer gave me and a converted PFX
> file, I am getting the following eror:
>
Do you really mean a CSR? Although people can use misleading filenames,
a fil
The working keys are not saved directly. Instead enc_{write,read}_ctx are
EVP_CIPHER_CTX’s
which are initialized with the selected cipher and derived key -- and the
derived IV for the cases
which use it (CBC modes in versions before TLS1.1, and partially for GCM modes
in TLS1.2).
Depending
The commandline utilities including apps/genrsa.c are in the “FIPS-capable”
OpenSSL,
not in the FIPS module, and so should work the same as non-FIPS; the output of
genrsa
is ‘classic’ (PKCS#1) format. genpkey, since 1.0.0, is PKCS#8.
I don’t think there is any FIPS-related standard for sto
> From: owner-openssl-...@openssl.org On Behalf Of Dmitry Belyavsky via RT
> Sent: Wednesday, April 23, 2014 12:29
> Cc: openssl-dev@openssl.org
> Subject: [openssl.org #3325] Problem with client certification authorization
> I've got a problem testing s_client/s_server authorization.
> I expect
Yes this should work and does for me. The only setup for RSA_verify itself is
that the inputs are correct,
and possibly locking works if you are using multithreading. On most platforms
OpenSSL’s provided
locking works already, but on some weird systems you might need to tweak it.
If you w
> From: owner-openssl-...@openssl.org On Behalf Of Viktor Dukhovni
> Sent: Monday, March 31, 2014 09:09
> To: openssl-dev@openssl.org
> Subject: Re: Insecure DEFAULT cipher set
>
> On Mon, Mar 31, 2014 at 08:49:37AM -0400, Hubert Kario wrote:
> > Problem is that RC4 is providing comparable securi
Are you looking at x,y values or an encoded (external) point?
If the latter, it might be different encoding format, there are 3.
Otherwise, you probably have something wrong, since OpenSSL
successfully interoperates with other EC implementations.
Post details - if you want to keep K secre
> From: owner-openssl-...@openssl.org On Behalf Of Alberto R.
> Sent: Friday, February 21, 2014 08:52
> I'm trying to use openssl with eclipse (using MinGW as compiler), and
> the code compiling but when I try to run the following message appears
> "No source available for ERR_load_crypto_string()
h per policy you can't modify at all even when it makes no difference.
> Thanks in advance,
> Parag Doke
>
> On 2/8/14, Dave Thompson wrote:
> > I'm not a dev or even a real FIPSian, but I'll take a stab:
> >
> >
> >
> > The commit itself
I'm not a dev or even a real FIPSian, but I'll take a stab:
The commit itself says branch_0_9_8_stable, and see it in 0.9.8 v and later.
But I don't think it does any good
there, because you don't want to build a FIPS module from a normal tarball.
(It's not validated, so it's no better
and
DSA_generate_parameters_ex is newer/current and also accepts seed, but
EVP_PKEY_paramgen* does not.
If you use EVP_PKEY with an engine it appears to be up to the engine.
Otherwise dsa_builtin_paramgen
when seed is NULL/0, which it always is for EVP_PKEY, uses a pseudorandom
seed and AFAICS you ca
(These are really -users questions.)
Server Key Exchange is used only for ephemeral and anonymous DH and ECDH
(and PSK) suites.
Anonymous suites aren't enabled by default In openssl, or most clients I
know of,
and I hope you wouldn't be using PSK without saying so, so that leaves
ephemeral.
> From: owner-openssl-...@openssl.org On Behalf Of Kurt Roeckx via RT
> Sent: Monday, January 13, 2014 13:35
> On Mon, Jan 13, 2014 at 05:25:55PM +0100, Jeff Hodges via RT wrote:
> > We've been testing clients using OpenSSL against
> > https://howsmyssl.com/a/check and noticed that those using
>
> From: owner-openssl-...@openssl.org On Behalf Of Gabriel Aubut-Lussier
> Sent: Monday, January 13, 2014 20:37
> I have integrated OpenSSL in a small client/server prototype recently
> and I've been left wondering about two issues I've encountered.
>
> 1. I have successfully created a certificat
> From: owner-openssl-...@openssl.org On Behalf Of stefano.cata...@gmail.com
> via RT
> Sent: Friday, January 10, 2014 03:53
> Hello, sorry for my poor english, i installed both 1.0.1e and 1.0.1f
> version of openssl but in both versions the cipher
> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> does not
> From: owner-openssl-...@openssl.org On Behalf Of Som M via RT
> Sent: Sunday, January 12, 2014 02:05
(reordered)
> On Sat, Jan 11, 2014 at 10:46 PM, da...@familyboyce.co.uk via RT <
> r...@openssl.org> wrote:
>
> > I suspect there may be a discrepancy of the meaning of RSA_Size() on the
> > two
> From: owner-openssl-dev On Behalf Of Kurt Roeckx via RT
> Sent: Monday, January 06, 2014 04:22
> I received an smime signed email but I had a problem verifying the
> signature. What I get was 3 certificates in the chain, but it
> didn't look for the certificate in my CApath.
>
> The orders of
> From: owner-openssl-dev On Behalf Of Jeroen Pluimers via RT
> Sent: Thursday, October 31, 2013 14:32
> This is probably the same bug as mentioned at
> http://comments.gmane.org/gmane.comp.encryption.openssl.user/40609
>
It's not exactly the same problem. Your lines are not > 76.
> The .eml f
> From: owner-openssl-...@openssl.org On Behalf Of noloa...@gmail.com via RT
> Sent: Monday, October 07, 2013 04:53
> While experimenting with CIPHER_LIST:
>
> "kEECDH:kEDH:kRSA:AESGCM:AES256:AES128:SHA256:SHA84:SHA1:!aNULL:!
> eNULL:!EXP:!LOW:!MEDIUM!MD5";
>
I assume SH84 is a typo.
> Wireshar
> From: owner-openssl-...@openssl.org On Behalf Of Krzysztof Kwiatkowski
> Sent: Tuesday, September 10, 2013 05:32
> I've general question about how session renegotiation is initiated.
> Are there cases where openSSL library can decide to renegotiate SSL/TLS
> session (automatically) or such deci
> From: David Jacobson [mailto:dmjacob...@sbcglobal.net]
> Sent: Tuesday, 27 August, 2013 23:28
> On 8/27/13 1:33 AM, Dave Thompson wrote:
> >> From: owner-openssl-...@openssl.org On Behalf Of Yuan Kang
> >> Sent: Tuesday, 27 August, 2013 00:54
> >
> &
> From: owner-openssl-...@openssl.org On Behalf Of Kurt Roeckx via RT
> Sent: Saturday, 31 August, 2013 12:54
> It seems that s_server by default use 512 bit for the DHE if it's
> not specified, and s_client just accepts that.
>
> Is there a way to set a minimum size? I think think 512 really
>
>From: owner-openssl-...@openssl.org On Behalf Of Yuan Kang
>Sent: Tuesday, 27 August, 2013 00:54
>I don't think that it is true that "(signed char)(*p) >= 0"
>is always true,
Mr Weimer didn't say it IS always true, he said a compiler
IS ALLOWED TO ASSUME it is. As I adjusted, the comp
> From: owner-openssl-...@openssl.org On Behalf Of Florian Weimer
> Sent: Monday, 26 August, 2013 10:58
> To: openssl-dev@openssl.org
> Cc: PMHager
> Subject: Re: UTF8 decoding, unneeded byte masking
>
> On 08/25/2013 12:23 PM, PMHager wrote:
> > If your intention is performance optimization you c
> From: owner-openssl-...@openssl.org On Behalf Of Kurt Roeckx
> Sent: Tuesday, 18 June, 2013 18:50
> On Tue, Jun 18, 2013 at 05:25:06PM -0400, Dave Thompson wrote:
> > > My conclussions:
> > > - One of the 2 sides doesn't implement
> > > DES-CBC-SHA/D
>From: owner-openssl-...@openssl.org On Behalf Of Ajith Mamachan
>Sent: Tuesday, 18 June, 2013 03:03
>When I generated the cert thru openssl, It not starting with BEGIN
CERTIFICATE,
>rather with
>Certificate:
>Data:
>This creates problem in importing the cert to my server.
>Anyone knows , wh
> From: owner-openssl-...@openssl.org On Behalf Of Kurt Roeckx via RT
> Sent: Tuesday, 18 June, 2013 12:30
> On Tue, Jun 18, 2013 at 12:30:58AM -0400, Dave Thompson wrote:
> >
> > Looking at your state_debug.log (which tries 1.2) I see:
> > read/write prelimina
> From: owner-openssl-...@openssl.org On Behalf Of Kurt Roeckx via RT
> Sent: Saturday, 15 June, 2013 11:08
> On Fri, Jun 14, 2013 at 08:09:56PM -0400, Dave Thompson wrote:
> > > From: owner-openssl-...@openssl.org On Behalf Of Kurt Roeckx
> > > Sent: Th
> From: owner-openssl-...@openssl.org On Behalf Of Kurt Roeckx
> Sent: Thursday, 13 June, 2013 03:13
> > When talking to an exchange server I get some weird behaviour when
> > using the 1.0.1e version. I get a TLS 1.0 connection, but the
> > problems go away when using -no_tls1_2
> >
If you got
>From: owner-openssl-...@openssl.org On Behalf Of Paul Pazandak
>Sent: Tuesday, 21 May, 2013 21:58
>To: openssl-dev@openssl.org
I don't think this is a -dev question, but not worth changing.
>We want to be able to handle long-lived connections/sessions,
>and we are therefore wondering ab
>From: owner-openssl-us...@openssl.org On Behalf Of Salz, Rich
>Sent: Tuesday, 09 April, 2013 12:55
-dev added, I think this is a bug
>This pair of commands used to work as expected, but in 1.0.0 and
>later the resulting cert is self-signed, and not signed by the CA key.
ITYM 1.0.1 as per subje
> From: owner-openssl-us...@openssl.org On Behalf Of Dirk-Willem van Gulik
> Sent: Wednesday, 06 March, 2013 06:01
-dev added as a possible minor bug/enhancement, see end
> A simple
>
> echo foo | openssl smime -encrypt/sign | openssl smime
> -decrypt/verify
>
> works dandy. But was surp
>From: owner-openssl-...@openssl.org On Behalf Of Brandt Kruger
>Sent: Monday, 25 February, 2013 06:22
>I get the following error on SSL_accept - SSL_accept -
>[error::lib(0):func(0):reason(0) ].
If ERR_get_error returns 0 you should ignore it.
If SSL_get_error returns SSL_ERROR_SYSCALL
> From: owner-openssl-...@openssl.org On Behalf Of David Woodhouse
> Sent: Monday, 25 February, 2013 05:54
> On Sun, 2013-02-24 at 22:26 -0500, Dave Thompson wrote:
> > TLS depends on TCP's reliable in-order transport. DTLS basically
> > re-implements enough of TCP to m
> From: owner-openssl-us...@openssl.org On Behalf Of saurav barik
> Sent: Friday, 22 February, 2013 00:41
I think this fits better on -users and put that first, but if you
ask both lists please indicate in the message (as I did) because
people don't necessarily read both and see the duplication.
>From: owner-openssl-...@openssl.org On Behalf Of Stefan Schindler
>Sent: Sunday, 03 February, 2013 17:00
>I'm setting up 3 servers for mobile clients. Because the data is
>allways very small, i think the curve sect571r1 fit's best.
If you mean SSL/TLS (connections to) server(s), the size of
th
> From: owner-openssl-...@openssl.org On Behalf Of Mihalenko, Walter via RT
> Sent: Wednesday, 30 January, 2013 16:30
> I am curious as to the difference between loading a
> validating a server certificate such as found on
> https://innovation01.acs-ops.com using the "openssl s_client"
> comman
>From: owner-openssl-...@openssl.org On Behalf Of Gopakumar Pillai
>Sent: Friday, 18 January, 2013 14:36
>I had posted a mail about porting OpenSSL 0.9.8x to Windows 8 ARM
>platform, haven't received any response.
>Let me ask another question.
>What is the purpose of OPENSSL_UplinkTable in ms\up
> I Sent: Monday, 14 January, 2013 16:56
> For ECDH key agreement, each party should generate (or have) a
> keypair, and send the public key to the other party (or provide it
> some other way such as publication in a directory). There are
> several possible representations of a public key, but
> From: owner-openssl-...@openssl.org On Behalf Of Pankracy
> Sent: Saturday, 12 January, 2013 13:33
(I don't think this is a -dev question.)
> How long is key_length (int) in RSA_generate_key ?
> Can I put here a 1000,1001,1002 etc or
> (1024*3) or other values?
>
Yes, but. By default (i.e. not
>From: owner-openssl-...@openssl.org On Behalf Of Nazeer S
>Sent: Sunday, 13 January, 2013 20:24
This is not a -dev question.
>I am working with OpenSSL ECDH function to generate the required
>Key Material. When I am sending the Private data of 32 bytes with
>32nd byte as 0x00, Key Material gen
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Monday, 07 January, 2013 10:26
> void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
> size_t length, const AES_KEY *key,
> unsigned char *ivec, int *num)
>
> What will be the value for
> From: owner-openssl-...@openssl.org On Behalf Of Dr. Stephen Henson
> Sent: Wednesday, 02 January, 2013 11:13
> On Mon, Dec 31, 2012, Sial Nije wrote:
>
>
> Ugh, that's a bug. OpenSSL should switch to PKCS#8 format in FIPS mode and
> just work. It does that in OpenSSL 0.9.8 but the relevant c
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Monday, 17 December, 2012 21:48
> Yes i used [KDF1_SHA1 for ECDH_compute_key] from ec/ecdhtest.c.
> If you see the ECDH_compute_key in last argument It need some hash
> function to sign the shared secret.
The last argu
e key for ECDSA
On 17 December 2012 23:06, Dave Thompson wrote:
> aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(ecdh2),
> ecdh, KDF1_SHA1);
What is KDF1_SHA1? If it's copied from ec/ecdhtest.c or apps/speed.c,
that's designed to use SHA1; if you want somethin
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Monday, 17 December, 2012 13:17
> HI for ECDH can I use the HAs256 algorithm.
>
> I have gone through the inside DS and written this piece of code and
> it worked also.
> But here how can U sesha256 ,when i used i am g
>From: owner-openssl-...@openssl.org On Behalf Of Thirumal, Karthikeyan
>Sent: Monday, 17 December, 2012 13:12
I don't believe this belongs on -dev or -cvs.
>We added the OpenSSL to our TCP Windows application, for Client -
>Server communication.
>Looks like few machines are not able to access
>From: owner-openssl-us...@openssl.org On Behalf Of Indtiny s
>Sent: Sunday, 16 December, 2012 11:04
This is not a -dev question.
> I am using root certiciate which is there in DER format at client ,
>to verify the peer .
>When I execute my cCURL clinet code I get the below error .
>223: SSL
> From: owner-openssl-...@openssl.org On Behalf Of redpath
> Sent: Thursday, 13 December, 2012 10:00
> This list of commands will help you
> openssl ecparam -out ec_key.pem -name secp224r1 -genkey
>
> Generate the certificate x509
> Your certificate will be in ecdsapublic.x509 and
> the corres
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Thursday, 13 December, 2012 16:31
> On Thu, Dec 13, 2012 at 12:34 AM, jeetendra gangele
> wrote:
> I have not really been following this thread, so please forgive my
> dumb questions.
>
> Are you using a NIST curve? If
> From: owner-openssl-us...@openssl.org On Behalf Of Abhiram Shandilya
> Sent: Thursday, 01 November, 2012 21:31
-dev added
> I configured my openssl RSA CA to add the key usage extension
> for key agreement to the ECC certificate but even then it
> does not work. Pre-TLS 1.2 cipher suites such
>From: owner-openssl-...@openssl.org On Behalf Of Indtiny s
>Sent: Thursday, 11 October, 2012 01:20
This is not a bug and doesn't really belong on -dev .
>I have converted my certificates which are in DER form
>to PEM using below openssl command (because curl wants
>that certificates to be in
> From: owner-openssl-...@openssl.org On Behalf Of redpath
> Sent: Tuesday, 11 September, 2012 09:05
[in previous post]
> Code is presented without error recovery such as checking
> the file point
> for nil
> as to be clear to what is being executed. Sure there is
> plenty of code with
> error
> From: owner-openssl-...@openssl.org On Behalf Of redpath
> Sent: Monday, 10 September, 2012 16:33
> To give out my public key, I need to be put it into a certificate with
> my name, and signed by my own private key etc.. This process is call
> generating a self-signed public key certificate. Ope
> From: owner-openssl-...@openssl.org On Behalf Of redpath
> Sent: Tuesday, 04 September, 2012 09:27
> Testing the i2d_ECPrivateKey to buffer and then back d2i_ECPrivateKey
> and it fails. I checked the forum and one guy was passing NULL at least I
> missed that mistake but thats not my issue.
>
> From: owner-openssl-...@openssl.org On Behalf Of redpath
> Sent: Monday, 03 September, 2012 07:45
> Well thats what I thought it seems to have its own keys but I
> saw functions
> such as setting the points and BIGNUM and thought maybe the
> PEM could be
> used which uses 2048 RSA.
>
PEM is a
> From: owner-openssl-...@openssl.org On Behalf Of redpath
> Sent: Saturday, 01 September, 2012 12:53
> Currently I am reading a PEM file which contains a test RSA key
> and create a SHA1 message digest
>
> unsigned char *result=SHA1((unsigned char *)sample,
> strlen(sample), md);
>
Aside: t
>From: owner-openssl-...@openssl.org On Behalf Of Mithun Kumar
>Sent: Wednesday, 08 August, 2012 16:53
Note: individual recipient dropped; that's poor netiquette
unless requested, which AFAICS it wasn't.
I think this should be -users not -dev, so I added -users back.
>i will elaborate, for
>X509_
> From: owner-openssl-...@openssl.org On Behalf Of Kamlesh Mishra
> Sent: Wednesday, 13 June, 2012 09:27
> The error that I get is below
> OPENSSL_Uplink(100EC020,08): no OPENSSL_Applink
>
> I am using the "privkey.pem" with the passphrase.
This is an issue with (most?) Windows file I/O
by Open
> From: owner-openssl-...@openssl.org On Behalf Of KamleshM
> Sent: Tuesday, 12 June, 2012 00:42
> I have an application that is used to sniff the windows https streams.
If you just need the capability, www.wireshark.org already does this
(for akRSA only, which is all that can be done with only
>From: owner-openssl-...@openssl.org On Behalf Of Senthil Balachandran
>Sent: Sunday, 20 May, 2012 10:57
> Here is the simple program i am trying to do but unfortunately i got
> errors on decrypting side and the error is as shown below, so can anyone
> please fix the issue. Thanks in advance.
>From: owner-openssl-...@openssl.org On Behalf Of kthiru...@inautix.co.in
>Sent: Monday, 21 May, 2012 10:31
(-dev and owner- !! dropped)
>I tried to load the .p12 certs to the code directly, but it got
>failed at SSL_CTX_use_PrivateKey_file
>1. err = SSL_CTX_use_certificate_chain_file(
> From: owner-openssl-...@openssl.org On Behalf Of MatejTomcik
> Sent: Friday, 27 April, 2012 04:28
> my application uses openssl to protect the communication, to
> allow acces
> only for the users who have a certificate signed by my CA but
> I also need to
To be exact: you have a server that d
> From: owner-openssl-...@openssl.org On Behalf Of Aiswarya.Sridharan
> Sent: Thursday, 26 April, 2012 22:05
> I am currently working on a project for my course where we
> are performing
> authentication. We are providing security using SSL. We want
> to perform key
> exchange between client and
> From: owner-openssl-...@openssl.org On Behalf Of mahant
> Sent: Saturday, 31 March, 2012 15:22
> I am trying to make a Gsoap call to a HTTPS service,
> ... using "soap_ssl_client_context" ...
> if (soap_ssl_client_context
> (&lp_Soap,
> SOAP_SSL_DEFAULT,
> "./JT-PROD.prvkey.1024.pem", // This i
> From: owner-openssl-...@openssl.org On Behalf Of Marius Peschke
> Sent: Thursday, 23 February, 2012 10:09
> I want to change from a self-programmed dh-implementation for
> ike on a embedded device to openssl/dh.
> As far as I understood, DH_generate_parameters() creates a
> dh_st object.
It c
> From: owner-openssl-...@openssl.org On Behalf Of ??? via RT
> Sent: Monday, 20 February, 2012 11:12
> 2 error LNK2019: ??? __imp__connect@12???÷
> Can you tell me how to solve it?
To link a program using the Windows Socket library,
link with
> From: owner-openssl-...@openssl.org On Behalf Of Jordi Baylina via RT
> Sent: Tuesday, 31 January, 2012 12:45
> Cc: openssl-dev@openssl.org
> Subject: [openssl.org #2699] openssl dgst -sha1 -verify ...
> sais verification failure whet it is ok in a concrete set of data
> $ echo "SEjTquEPcqY0V
> From: owner-openssl-...@openssl.org On Behalf Of Marshall Clow
> Sent: Thursday, 12 January, 2012 09:48
> On Jan 12, 2012, at 6:14 AM, Andy Polyakov via RT wrote:
> > This actually goes beyond just warning. toupper accepts 'int' as
> > argument and if you pass 'char' from upper half of ASCII ta
nce normally the purpose
of certs is to be interoperable, anyone using a nonstandard
sigalg in a cert may be suspect anyway.
> 2011/12/9 Dave Thompson
> Just use x509->sig_alg->algorithm and maybe OBJ_obj2nid .
___
> From: owner-openssl-...@openssl.org On Behalf Of Tatiana Evers
> Sent: Wednesday, 07 December, 2011 08:17
> Is there any function in OpenSSL (library) to get signature
> algorithm from a certificate? I need to block MD5 certificates.
No; a good deal of the X509_ interface dat
> From: owner-openssl-...@openssl.org On Behalf Of nilesh
> Sent: Tuesday, 08 November, 2011 01:35
I finally had some time over the holiday to look at this.
> I have setup the apache server and capturing packets using Wireshark.
> I have a query specific to RC4. With the given server private
> k
> From: owner-openssl-...@openssl.org On Behalf Of Manish Jain
> Sent: Thursday, 17 November, 2011 00:30
> I am new to openssl and trying to create a demo client
> and server which use SSL v3. But the server, for some reason
> I cannot figure out, always refuses connections wth
> From: owner-openssl-...@openssl.org On Behalf Of Sam SunSon
> Sent: Wednesday, 05 October, 2011 04:07
> Yes, SHA1 digest computed on the BB using it's API (class SHA1Digest)
> whatever equals the SHA1 of the same data computed by OpenSSL (SHA1
> function, not commandline).
>
> Here's the piece
> From: owner-openssl-...@openssl.org On Behalf Of Sam SunSon
> Sent: Monday, 03 October, 2011 08:10
> I`m working on RSA sign functionality for my application:
> RSA signature
> should be generated on device using Blackberry (Certicom) API
> and verified on PC using OpenSSL.
>
> Code of Sign
> From: owner-openssl-...@openssl.org On Behalf Of Edgar Malagon via
RT
> Sent: Monday, 22 August, 2011 03:49
> I'm using OpenSSL's Diffie-Hellman implementation, I'm using
> a 1024 bits P prime, sometimes when i try to obtain the size of
> a public key with the following code
> From: owner-openssl-us...@openssl.org On Behalf Of Colin Rice
> Sent: Thursday, 04 August, 2011 15:43
> [including applink.c] fixes the sample program.
> But it doesn't fix all of the original bug. We have an issue with
> X509_print_name_ex_fp called with flags
You mean
> From: owner-openssl-...@openssl.org On Behalf Of Chenchu, Rakesh R
> Sent: Thursday, 26 May, 2011 14:46
> Recently we identified a following issue when snmpwalk is being done
on some tables:
> The problem is in freebsd crypto function - EVP_DecryptFinal_ex().
> (n
> From: owner-openssl-...@openssl.org On Behalf Of Brian Bruce via RT
> Sent: Wednesday, 18 May, 2011 04:13
(This is not a dev question.)
> I downloaded Win32OpenSSL-1_0_0d.exe and installed to C:\Program
Files\OpenSSL-Win32.
I assume you mean the ShiningLight build (www.slprow
> From: owner-openssl-...@openssl.org On Behalf Of dave via RT
> Sent: Wednesday, 18 May, 2011 16:54
> Thanks; that made it worse, though, and it doesn't build:
>
> .\apps\s_cb.c(731) : error C2027: use of undefined type 'in6_addr'
> .\apps\s_cb.c(731) : see declaration of 'in6_addr'
> (w
_
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Ger Hobbelt
Sent: Tuesday, 10 May, 2011 07:06
On Mon, May 9, 2011 at 9:15 PM, Michael Gale wrote:
I checked OpenSSL 1.0.0d release and the same comment is there "does not
happen". If it does
> From: owner-openssl-...@openssl.org On Behalf Of Stephen Henson via RT
> Sent: Monday, 02 May, 2011 19:35
> > [selbitsc...@gmail.com - Wed Apr 20 11:02:34 2011]:
> > 21070064:PKCS7 routines:PKCS7_dataDecode:decrypted key is wrong length
> > CMSAlgorithm.DES_EDE3_CBC ... works fine.
> >
> > Fin
> From: owner-openssl-...@openssl.org On Behalf Of Stefan Selbitschka via RT
> Sent: Wednesday, 20 April, 2011 05:03
(Sorry for the delay, I didn't have much time last week)
> I'm just writing a smime encryption/decryption program for
> Android using
> BC 1.46 and getting error during decryption
Some basic ideas in case you haven't already tried them:
> From: owner-openssl-...@openssl.org On Behalf Of Gordon Talge via RT
> Sent: Thursday, 31 March, 2011 03:22
> [stuck on] Debian/GNU 2.2 [want] lynx 2.8.7 [needs] X509_get_ext_d2i
> I downloaded the new openssl library and it seems to com
> From: owner-openssl-...@openssl.org On Behalf Of TE Alex
> Sent: Friday, 04 March, 2011 17:20
> Dear OpenSSL dev
This is not a development (of OpenSSL) question.
> I am trying to connect to my gmail account using OpenSSL in the
windows xp command prompt
>
> From: owner-openssl-...@openssl.org On Behalf Of P Fudd via RT
> Sent: Thursday, 03 February, 2011 10:42
> I'm testing smtp auth login using the command line. One step is to
> encode the username and password with "/bin/echo -ne myusername |
> openssl enc -base64". The opposite step would be "/
1 - 100 of 129 matches
Mail list logo
