RE: refresh validity dates on a certificate

> I just saw the "RE: Changing the expiry date of a cert" thread > but I think > my question is a little different. > > My certs are not CA certs they are user certs where the only thing I > really need to preserve are subject, issuer, key & cert extensions. The > serial # doesn't matter. > > The

Re: SSL Error connecting to cia.gov

Isolating the problem is more or less simple: openssl s_client -connect www.cia.gov:443 shows the intermittent failures as well, so we can rule out all applications (curl, wget, ...). Has to be some basic thing. I tend to observe the failure with s_client not on the first attempt but on the nth

Encrypt with a password

I'm looking for this, and i find in the IAIK API the following, that is part of PKCS7 standard: 1. Use the |EncryptedData(byte[] data)|

Problem verifying x509 certificates: with command line OK, but not working with the C API

Hello all, I am using the openssl 0.9.8d and the following procedure to verify certificates. The procedure gives an error, whereas if I try to verify the same certificates with the command line it succeedes. I will appreciate any hint to solve this problem. The C API procedure: /*!Procedure to

Re: SSL Error connecting to cia.gov

On Tue, 2007-10-23 at 22:02 -0700, Alex Lam wrote: > That's TLSv1, not SSLv2. > > : 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 c..9..8. > 0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 > 00 .5.. > 0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .3..2

Re: AES_cbc_encrypt - data differs on first 16 bytes.

I know the answer, the problem was with initialization vector - it is changed during encryption... Thanks, Koza Koza wrote: > > Hi, > > I have problem with AES_cbc_encrypt function. I use code you can see below > and unfortunately my function that compares arrays gives an error. The > data f

Re: OpenSSL 0.9.8f Win32 Compile Error

Alex Pokotilo wrote: > > I used following instruction to build the release(I used MSVC 2005 but > I think it will work with 2003 too). > > 1) Create build.bat with following content: > > @echo off > rem the following path point to your MSVC 2005 or 2003 > call "E:\Program Files\Microsoft Visua

BN_LLONG use in pq_compat.h

Dear list users, sorry i'm a bit confused due to the meaning of BN_LLONG. We recently changed over to version 0.9.8. On a Windows environment with an old compiler that doesn't support 64 bit-integers (Borland C 5.01), we get compiling errors due to type PQ_64BIT (and SHA_LONG64 also) which seem

rsa_sign () and SHA-256

Hi All, Does openssl RSA_sign() functionality support digest algorithm SHA-256? If yes, which version onwards is SHA-256 supported for RSA_sign () and what is the value of argument "type" to this function? We are using OpenSSL 0.9.7g Pls reply Thanks Rani The information contained in this ele

Re: please help me.....

Hi, Tried the given function, it compiles but throws error "Run-Time Check Failure #3 - The variable 'rsa' is being used without being defined.". Any clue?? And the char * buf contains the key right?? Thanks & Regards Shalmi Marek Marcola wrote: > > Hello, >> ok i l try that.let me know u

Re: SSL Error connecting to cia.gov

Try this.. ./openssl s_client -tls1 -connect www.cia.gov:443 On 10/24/07, Lutz Jaenicke <[EMAIL PROTECTED]> wrote: > > Isolating the problem is more or less simple: > openssl s_client -connect www.cia.gov:443 > shows the intermittent failures as well, so we can rule out all > applications (cur

Re: Problem verifying x509 certificates: with command line OK, but not working with the C API

** file cpfp_ssl.c: line 2752 Error verifying signature on issued certificate: 8134:error:0D0C50A1:lib(13):func(197):reason(161):a_verify.c:141: After looking into "a_verify.c" line 141, this corresponds to the following error: ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM The way to figure out th

OpenSSL for 16 bit microcontroller

Hi, We are using Keil compiler for 16-bit C167 infineon microcontroller and wishes to integrate DES encryption and DSA digital signature (i.e. SHA1, DES, and DSA modules). 1) Does OpenSSL provide 16-bit platform? Or rather, what is the best compilation/build options platform? Currently, we we

RE: refresh validity dates on a certificate

I found this in the pkcs#12 FAQ: 2. Extend the CA expiry date with e.g.: openssl x509 -in demoCA/cacert.pem -days 1024 -out cacert.pem -signkey demoCA/private/cakey.pem ... This is almost correct for me, and it even preserves the extensions, but it always produces a self-signed cert by

Re: refresh validity dates on a certificate

What I would do is a pair of commands: $ openssl x509 -in currentcertificate.pem -out selfsigned.pem -days 1024 -signkey currentkey.pem $ openssl x509 -in selfsigned.pem -days 1024 -CA ca.pem -CAserial serial -out refreshedcert.pem -outform PEM Since you're creating a self-signed cert in the firs

Re: refresh validity dates on a certificate

Great idea! That certainly should work but didn't for me. My openssl is "OpenSSL 0.9.8b 04 May 2006" The 1st command worked fine and gave a self-signed cert that looked fine. See below for a dump of it. openssl x509 -in sslcln.pem -days 1024 -out sslcln2.pem -signkey sslcln.pem The

Re: refresh validity dates on a certificate

I just noticed in the extensions of the certificates that the "Subject Key Identifier" and "Authority Key Identifier" match in the one which works and are different in the one which fails. This may explain the verification failure. Looks like openssl has just copied the extensions without looki