Hi,
Thanks for your explanation
1. In apache server, Where i specify which message digest algorithm is used
(MD5/SHA)
H = HMAC(packet_proto+ssl_version+data_len+M, server_write_mac)
W = ENCRYPT(M+H+pad, server_write_key)
2. Is Message digest process to be done after encryption() ? if no, whic
> Oh I see, I used wrong function. All I want is to know if I have
> in buffer some another data to read. In final step I want to have
> client that have e.g. 10 connections to several servers. I want
> to guard with function select() the file descriptors. And when
> select() awakes my thread i wa
On Wed, Dec 13, 2006 at 08:45:50PM +0100, Marek Marcola wrote:
> Hello,
> > H = HMAC(packet_proto+ssl_version+data_len+M, server_write_mac)
> Should be:
> H = HMAC(packet_sequence+packet_proto+ssl_version+data_len+M,
> server_write_mac)
>
Marek,
You forgot to mention that HMAC has a
Hi Sowjanya,
> hope I am not bugging u.
I don't mind a few questions but you probably should ask them on the
openssl-user mailing list. Hope you don't mind me posting my answer there,
with your questions since it may benefit other ocsp users.
> did u anytime observed (or tried to send through
On Sunday 10 December 2006 00:19, Michal Trojnara wrote:
> Calling SSL_connect() and SSL_accept() from a critical section helps a
> little. Instead of core dumps I get the following errors:
>
> SSL_connect: 1408C095:
> error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed
I've found an
At 16:29 -0500 2006/12/13, Alicia da Conceicao wrote:
It is looking like I will have to make separate builds for PPC & i386
and manual glue them together myself.
I thought XCode could do Makefile and script based builds. I'm
pretty sure you can set-up your project to do the separate builds,
Please note that the open source code used for the included binaries
with MacOSX is available from http://developer.apple.com/opensource/
-- http://developer.apple.com/opensource/buildingopensourceuniversal.html
is the page I found when I was looking at the manual glue process. I
believe that the
> The build process for Universal binaries on the Mac explicitly demands
> separate building, and then gluing the parts together. Xcode does
> this automatically for its projects, but for Makefile-based projects
> you pretty much have to do it yourself.
> Please see http://developer.apple.com/ for
Hi all,
I am trying to establish a connection with selfsigned
certificates (for server AND client). So I use a self-
signed certificate for the client, put this into the
CAfile for the server, take a self-signed cert for the
server and use this as CAfile for the client.
Now I use s_client and s_s
Hello,
> H = HMAC(packet_proto+ssl_version+data_len+M, server_write_mac)
Should be:
H = HMAC(packet_sequence+packet_proto+ssl_version+data_len+M,
server_write_mac)
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSS
Hello,
> 1. In symmetric cryptography process, server and browser both are
> negotiate to chooses cipher algorithms for encrypt/decrypt data right ?
Yes, but precisely speaking there are negotiated two algorithms
one for encrypt/decrypt SSL packets (DES/AES/...) and one for
ensuring SSL packet int
The build process for Universal binaries on the Mac explicitly demands
separate building, and then gluing the parts together. Xcode does
this automatically for its projects, but for Makefile-based projects
you pretty much have to do it yourself.
Please see http://developer.apple.com/ for more in
Greetings:
Does anyone have any experience configuring openssl-0.9.8d to compile
Universal (PowerPC + i386) static libraries for Darwin (MacOSX)?
Although MacOS 10.4 has a port of openssl universal, it's openssl
library is dynamic, and I would much prefer to use static.
The configure script for o
On Wed, Dec 13, 2006, Nestor Volpe wrote:
> Good point. Actually we are looking to use 2105 as the expiration date. May
> you please confirm if I can generate a certificate using GeneralizedTime
> format using OpenSSL toolkit? I will check into our system libraries.
>
If you mean the openssl com
Hi,
Sorry for asking so many basic question.. I am reading reading lot of
document... but i want to confirm from expects.
1. In symmetric cryptography process, server and browser both are
negotiate to chooses cipher algorithms for encrypt/decrypt data right ?
2. Cipher algorithms is not used
Steve/All, when I write "toolkit" I am meaning "Win32OpenSSL-v0.9.8a"
package.
On 12/13/06, Nestor Volpe <[EMAIL PROTECTED]> wrote:
Good point. Actually we are looking to use 2105 as the expiration date.
May you please confirm if I can generate a certificate using GeneralizedTime
format using O
Good point. Actually we are looking to use 2105 as the expiration date. May
you please confirm if I can generate a certificate using GeneralizedTime
format using OpenSSL toolkit? I will check into our system libraries.
Thanks/Nestor
On 12/13/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
On
All,
Is there a way to simply extract the message digest from a PKCS #7
signature? Here is a little back ground to hopefully explain the
context.
We have separate data and signature. In order to reduce memory
requirements, we'd like to generate our digest while we decompress the
image. Af
On Wed, Dec 13, 2006, Nestor Volpe wrote:
> I have OpenSSL toolkit v0.9.8a and I am needing to generate a Server
> certificate using GeneralizedTime for the "notBefore" and "notAfter" dates.
> Is it doable with the toolkit or does it support UTCTime only? Please
> advise!
>
OpenSSL obeys the sta
I have OpenSSL toolkit v0.9.8a and I am needing to generate a Server
certificate using GeneralizedTime for the "notBefore" and "notAfter" dates.
Is it doable with the toolkit or does it support UTCTime only? Please
advise!
Thanks,
Nestor
Hi Mazher,
> I need CA file to use in OpenSSL.
You can export a list of "Trusted Root Certificate Authorities" from the
Windows XP Certificate Manager by going here:
Control Panel > Internet Options > Content > Certificates
Then you can convert it from PKSC7 to PEM format with this command line
I`m confused with it.
Have this situation. I send a request to server. And the server answer me. The
lenght of servers answer is 10240. I wait some time until the server sends all
data. Well now i have in buffer 10240b of data, that are avaiable to read.
I use the BIO_read(bio, myOutputBuffer,
Oh I see, I used wrong function. All I want is to know if I have in buffer some
another data to read. In final step I want to have client that have e.g. 10
connections to several servers. I want to guard with function select() the file
descriptors. And when select() awakes my thread i want to re
Hello,
> As an addition to my previous mail,
> I can decrypt the data that are encrypted by my application. (It's a
> WS-Security Implementation).
> But it is not inter-operable with the WSS4J. WSS4J uses bouncy castle
> crypto package. The reason is that they use ISO 10126 padding.
> Since I'm u
Hi,
As an addition to my previous mail,
I can decrypt the data that are encrypted by my application. (It's a
WS-Security Implementation).
But it is not inter-operable with the WSS4J. WSS4J uses bouncy castle
crypto package. The reason is that they use ISO 10126 padding.
Since I'm using openssl a
On Wed, Dec 13, 2006, bsenthil wrote:
> Hi,
>
> I am using only server certificate file and not using client
> authentication. In that case how it works ?
> (public/private key pair is generated only for server end)
>
> 1. User connect to the server https://server
>
> 2. server will send its c
Hi Patrick Patterson,
First i thank you for your response
/When the session is established, the client generates a key-pair and
self-signed certificate... this is why the mode that you are describing is
called "anonymous". So, after the SSL Session is negotiated, the server will
use the brow
Hello,
> I am using only server certificate file and not using client
> authentication. In that case how it works ?
> (public/private key pair is generated only for server end)
>
> 1. User connect to the server https://server
>
> 2. server will send its certificate to browser for examines its
>
> I have a problem in the section (Read in the response). For my
> futher work i need to know if in the internal openssl buffer are
> still some data. I thing that best method to recognize it will be
> the BIO_pending(), but this function gives me everytime number 0,
> that there aren`t any data.
Hi,
I need CA file to use in OpenSSL.How to get or generate this list and how can i
include my certificate in it which i generated from openssl?
To use in this function : SSL_load_client_CA_file.
Tell me whether it will be list of the Local CA or some other thing.
Reply me and tell me some way to
Hi Senthilkumar,
responses inline...
On Wednesday 13 December 2006 07:44, bsenthil wrote:
> Hi,
>
> I am using only server certificate file and not using client
> authentication. In that case how it works ?
> (public/private key pair is generated only for server end)
>
> 1. User connect to the se
Hi,
I am using only server certificate file and not using client
authentication. In that case how it works ?
(public/private key pair is generated only for server end)
1. User connect to the server https://server
2. server will send its certificate to browser for examines its
certificate cre
I try to learn how to work with Opensll library. I make this simple client
#include
#include
#include
#include
int main()
{
/* Define varialbles */
SSL * ssl;
SSL_CTX * ctx;
X509 * server_cert;
int p,err;
char * request = "GET / HTTP/1.1\x0D\x0AHost:
www.verisign.com
On 2006.12.13 at 14:22:12 +0530, bsenthil wrote:
> Hi,
>
> I want to create CA/Server certificate from library libssl.so. could you
> please help me any code snippet / url..
You'll need libcrypto.so rather than libssl.so. All basic cryptographic
functions are in the libcrypto.
> I want to crea
Hi,
I want to create CA/Server certificate from library libssl.so. could you
please help me any code snippet / url..
I want to create certificate from my application function call().
Is there any API() for creating CA/Server certificate?
Thanks,
Senthilkumar.
_
35 matches
Mail list logo
