Hi,
I believe I've had the same problem. My problem was that I'd forgotten to load
the CA certificate:
SSL_CTX_load_verify_locations(ctx, root.cert, NULL);
Wish you luck
Peter
__
OpenSSL Project
On Mon, Jul 09, 2001 at 05:23:01PM -0400, Shane Titus wrote:
If anyone can help me, it would be greatly appreciated. I am trying to take the
peer certificate passed from the server:
peer = SSL_get_peer_certificate(ssl);
//if I have received a certificate chain
//I use the
Title: Sign and encrypt question
Hi all,
my general purpose decrypt function (based upon OpenSSL code), decrypts a piece of data and removes the padding (if available). So, when creating a PKCS#7 signed and enveloped message, I calculate the signature using the plain data, but I do the
Hi all,
I am trying to use the RSA_public_decrypt function but I need to set up the
public key manually I have the public exponent and modulus in the form of
an array of unsigned char and have converted these to BIGNUM format using
BN_bin2bn. However, this is where I have started hitting
Title: RE: Question on RSA public decryption
What version of the library are you using? And have you tried it on another machine?
I am working on Windows 95 with VC++ 6.0 and use library 0.9.5a. No problems appear. Although I must admit that I have never called RSA_check_key(), but
Title: RE: Question on RSA public decryption
I am
using 0.9.6a. Can you perhaps tell me how to set up the public key using
an existing public exponent and modulus?
thanks,
carl
-Original Message-From: Alexander op de Weegh
[mailto:[EMAIL PROTECTED]]Sent: 10 July 2001
Title: RE: Question on RSA public decryption
Well,
I guess you did it the correct way. But ok, let's give an
example.
unsigned char n[] = \xa5\x62\xb9\xc2;
unsigned char e[] =
\x01\x00\x01;
RSA* rsa = RSA_new();
rsa-n = BN_bin2bn(n, sizeof(n)-1,
NULL);
rsa-e = BN_bin2bn(e, sizeof(e)-1,
Hi
I have a question about passphrase callbacks. They should have the type
pem_password_cb, which according to pem.h is
typedef int pem_password_cb(char *buf, int size, int rwflag, void
*userdata);
What does the 'rwflag' argument stand for and how is it used in the
callback? I DID try to RTFM
Hello,
is it possible to extract a public key out of a pem/p7b-file and save it as
p7b?
Thanks
Stefan Westner
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Carl Wanting wrote:
Hi all,
I am trying to use the RSA_public_decrypt function but I need to set up the
public key manually I have the public exponent and modulus in the form of
an array of unsigned char and have converted these to BIGNUM format using
BN_bin2bn. However, this is where I
hi,
does anybody know howto send and receive encrypted mail via openssl?
the public and private keys of the sender and the receipient are
accessible via the key3.db and cert7.db
of the .netscape directories of the users.
programming language can be anything. perl, c, java ...
--
From: Martin Sjögren [EMAIL PROTECTED]
martin typedef int pem_password_cb(char *buf, int size, int rwflag, void
martin *userdata);
martin
martin What does the 'rwflag' argument stand for and how is it used
martin in the callback? I DID try to RTFM this time, but I didn't
martin find anything. I
Greets all,
This is a little bit aside from normal user discussion, but I've just about run out of
other resources to try :)
I was perusing the PKCS12 code from the OpenSSL source, but having trouble finding an
answer to my question, so I thought I'd ask here.
I'm attempting to do a little
I have created a Certificate Authority for non public use. The authority
has expired. Is there a way to unexpire or reissue the CA certificate
(which is self signed) so that I do not have to re sign the certificates
that I have signed with my certificate? I have looked through the man
I have created a client certificate with the openssl ca command and noticed
that a SSL code
which I have broke when it parsed the cert data.
The reason was that it expected a PrintableString tag 0x13 instead of the
T61String (Teletex)
tag 0x14 which openssl apparently inserted. The whole field
I know this has been discussed, but I still am having no luck figuring out
my problem.
In the following code, encryption works fine, but decryption sometimes
doesn't work.
I have to use RSA_NO_PADDING for this application. I am using a 512 bit key
length.
any ideas?
--
steve
key =
Justin Wienckowski wrote:
However, the structure of Netscape's message is boggling me. The AuthenticatedSafe
sequence doesn't seem to conform to the PKCS#12 spec, with a bazillion one-byte octet
strings with some longer ones included. Obviously the key and certificate info is in
here,
Hello.
I'm a bitt disappointed, because nobody answered on my last few letters. But I'll try it again. Maybe this time I'll have a better luck.
So, I'm trying to use the PKCS7_sign function, and I'm wondering what could be those flags (the last parameter). Can anyone help me out ?
Thanks.
Hi,
I'm encountering a problem with SSL_write when writing a large amount of
data (about 1Mb) using non-blocking sockets.
For smaller amounts of data (about 1kb), the return code (bytes written)
what you would expect.
For the larger amount of data, the return code is -1. When checking
I am new to the openssl library. I am trying to write
a simple program to illustrate how to verify
certificates using the openssl library. I cannot seem
to get the program to work, although I have taken most
of the code from the verify.c file in the apps
directory. I know my certificates
On Tue, Jul 10, 2001 at 03:55:24PM +0100, Shaw, George wrote:
I'm encountering a problem with SSL_write when writing a large amount of
data (about 1Mb) using non-blocking sockets.
For smaller amounts of data (about 1kb), the return code (bytes written)
what you would expect.
For the
On Tue, Jul 10, 2001 at 12:28:58PM -0700, Michelle T wrote:
I am new to the openssl library. I am trying to write
a simple program to illustrate how to verify
certificates using the openssl library. I cannot seem
to get the program to work, although I have taken most
of the code from the
Stefan Westner wrote:
Hello,
is it possible to extract a public key out of a pem/p7b-file and save
it as
p7b?
Hmm... I combined a pem cert and pem RSA key with the cat command...
PEMis base64 encoded with a header and footer... just use a text
editor
I think.
Thanks
Stefan Westner
On Tue, Jul 10, 2001 at 01:39:59PM -0700, Michelle T wrote:
Is there a way to turn on some level of debug messages
in the openssl libraries? Thanks, Michelle
No. You have to live with the hard errors from the error queue or have
to go the direct way to use a debugger to trace through the
Thanks for the input. I forgot to mention that the
error I receive is certificate signature failure. I
will look back through the archives and at the man
page you suggested to see if I can find any clues.
--- Lutz Jaenicke [EMAIL PROTECTED]
wrote:
On Tue, Jul 10, 2001 at 12:28:58PM -0700,
I'm trying to read an x509 certificate which was issued by a private
Verisign OnSite CA.
The Sun JDK 1.2 keytool is able to read it, but OpenSSL, run with the command
openssl x509 -text -in cert filename
gives the error message:
unable to load certificate
29041:error:0D0A2007:asn1
Hi
I was reading thru the code in req.c and noticed that if keyform is
FORMAT_ENGINE, then ENGINE_load_private_key() is called with a the keyfile
name as argument and NULL for the passphrase.
Is it only supposed to work with nCipher as the other 3 providers (cswift,
openssl and atalla) do not
Hi,
I have a problem. I generated a CSR from AIX ikeyman and import certificates from Verisign and created a key. Now I need to change platform from AIX to an Intel model 7110e for processing SSL. I went to export the key from AIX and I only have 3 format types: CSM database, pkcs12 and keyring.
Michelle T wrote:
Thanks for the input. I forgot to mention that the
error I receive is certificate signature failure. I
will look back through the archives and at the man
page you suggested to see if I can find any clues.
Hint: try the FAQ first.
Steve.
--
Dr Stephen N. Henson.
Steve Hartt wrote:
I know this has been discussed, but I still am having no luck figuring out
my problem.
In the following code, encryption works fine, but decryption sometimes
doesn't work.
I have to use RSA_NO_PADDING for this application. I am using a 512 bit key
length.
any ideas?
Lucresia Cunningham wrote:
Hi,
I have a problem. I generated a CSR from AIX ikeyman and import
certificates from Verisign and created a key. Now I need to change
platform from AIX to an Intel model 7110e for processing SSL. I went
to export the key from AIX and I only have 3 format
31 matches
Mail list logo