Thanks Ken. Good information.
I setup my certificate for 10.x.x.x and when I try and access the site, i
use https://10.x.x.x and I get the error about the certificate being setup
for a different web site. I've read up on this and the example they usually
use is make sure you use
openssl-0.9.8g
SunOS www01.unix 5.10 Generic_118844-26 i86pc i386 i86pc
gcc version 3.4.6
# rm -rf /usr/local/ssl/
# gtar -zxvf openssl-0.9.8g.tar.gz
# ./config enable-tlsext
[snip]
Configured for solaris-x86-gcc.
# make depend
[snip]
# make
[snip]
make[2]: Entering directory
Hi,
I have the following certs
1) End user cert
subject: enduser whatever
issuer : Intermediate CA whatever
2) Intermediate CA cert
subject: Intermediate CA whatever
issuer : Actual CA whatever
3) Actual CA cert (self signed)
subject : Actual CA whatever
issuer : Actual CA
hi, I have three questions about block ciphers:
1) Is there a way to validate data of streamed block ciphers, As far as i
know when MITH occures there is no way to validate the data, there are few
technics, like reversing the data. Does OpenSSL has any sollution for this?
2) Is there a way to set
I setup my certificate for 10.x.x.x and when I try and access the site, i
use https://10.x.x.x and I get the error about the certificate being setup
for a different web site. I've read up on this and the example
they usually
use is make sure you use www.foobar.com and not just foobar.com.
openssl-0.9.8g
SunOS www01.unix 5.10 Generic_118844-26 i86pc i386 i86pc
gcc version 3.4.6
# rm -rf /usr/local/ssl/
# gtar -zxvf openssl-0.9.8g.tar.gz
# ./config enable-tlsext
[snip]
Configured for solaris-x86-gcc.
# make depend
[snip]
# make
[snip]
make[2]: Entering directory
Questions like this should not be sent to the OpenSSL developers
but should rather be sent to the openssl-users mailing list.
I would guess that you should add the dynamic loading functions with -ldl
when linking.
Best regards,
Lutz
On Wed, Nov 28, 2007, [EMAIL PROTECTED] wrote:
Hi,
Doing certs
Segmentation Fault - core dumped
RegTP-5R.pem = .0
Segmentation Fault - core dumped
WARNING: Skipping duplicate certificate RegTP-6R.pem
Segmentation Fault - core dumped
[snip]
# ./apps/openssl
Segmentation Fault (core dumped)
# gdb ./apps/openssl
This GDB was configured
Also happens with 0.9.8f,
Sunfreeware version works, but I need tlsext enabled.
Tried default gcc, then upgraded to latest gcc from sunfreeware. Then
tried another Solaris 10 server entirely.
Tried with shared and without. With threads and without.
0.9.7 compiles, but has no tlsext ;)
Hello
I have such problem. I generated private key(RSA1024) through openssl and
now I want to load it via BC in java or through Crypto ++.
But It seems that here is some incompatibility. I don't know to parse PKCS8
format from openssl through JAVA
and vice-versa.
What format is used in
Hello,
I'm currently auditing an application (my own) and have come up with a
question I cannot answer: how secure is a TLS session?
The app is the server side of a client-server communication protocol
using TLS. The socket is provided by socat, which I have configured to
delegate
Here's a java library for parsing PKCS8 private keys:
http://juliusdavies.ca/commons-ssl/pkcs8.html
You can download it from here:
http://juliusdavies.ca/commons-ssl/download.html
yours,
Julius
On Nov 29, 2007 7:01 AM, Metalpalo [EMAIL PROTECTED] wrote:
Hello
I have such problem. I
Hi,
The openssl User-Guide only mentions about how to create an application in
FIPS mode ( by calling FIPS_mode_set (1) ). The question is that is it
possible to have the openssl command line tool (generated from
openssl-fips-1.1.1) be in FIPS mode ? If yes, please can someone shed some
light on
Hi ,
I have client that would connects to a server for a long duration of time.
And i'm trying to refresh the session keys.
From what I have read for open ssl 0.9.7 and up the step to do the same are
pretty simple.
SSL_renegotiate(SSL *)
SSL_do_handshake(SSL *)
and then to confirm call
The following footnote is on page 23 of the
OpenSSL FIPS 140-2 User Guide
(http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf)
September 27, 2007
The OPENSSL_FIPS=1 environment variable will enable FIPS mode for an
openssl command built from a FIPS capable OpenSSL distribution.
Hi,
I require FIPS functionality in OpenSSL but I do NOT have a requirement
to run in FIPS mode.
What I would like is to build OpenSSL and have ALL functions available
to me so I can choose which ones I want to use. At the moment there are
some functions that are only available if the
The FIPS validation process is... odd. And not at all conducive to the
open-source development model.
There is no available OpenSSL FIPS Object Module v1.2. Until it passes
validation, anyway, at which point the openssl-fips-1.2.0.tar.gz file will
be made available. I don't think the source is
Where can I find information about OpenSSL FIPS Object Module v1.2 ???
Where can this be downloaded from? CVS only? Or are there tarballs
somewhere?
Where does FIPS related development/discussion take place? Just the
users mailing list?
Is there a spot on the website dedicated to FIPS
It's probably a combination of my misunderstanding and not wording
things correctly :-/
Let's say I want to use the function RSA_X931_generate_key(). Currently
it is surround by an #ifdef OPENSSL_FIPS conditional. Therefore with
the current build system I MUST specify the -fips option to
You are contradicting yourself. If you link against the
openssl-fips-1.1.1library, and are in FIPS_mode, then you have FIPS
functionality. If you are
not in FIPS mode, then the fips library trivially behaves as the traditional
openssl (with all functionalities). The former is called FIPS-validated
Kyle Hamilton wrote:
The FIPS validation process is... odd. And not at all conducive to the
open-source development model.
There is a certain dissonance, for sure :-)
There is no available OpenSSL FIPS Object Module v1.2.
Well, yes and no. Check out the OpenSSL-fips-0_9_8-stable branch.
Read will fail if write must be done. Write will fail if read must be
done. The bug is that you're not checking for the SSL_ERROR_WANT_READ
or SSL_ERROR_WANT_WRITE required error statuses -- if you get either
of those, you just need to retry the operation again (i.e., treat just
like EAGAIN in
It should be public, and probably must be public, given it is supposed
to be true open-source, etc. Everyone should be able to do test builds
(on all types of architectures and variants etc) to iron out bugs, etc,
before being submitted for validation. I'd be very surprised if it
wasn't
Ok, so it's kindof working now.
kinda because after a do_handshake, any read on the server server return -1,
but if you ignore this one and continue, subsequent read works.
And data transfer works if back to normal with the new session.
Any reason why the read would fail ?
Are there any
I have tried these versions:
drwxr-xr-x 22 root root1536 Nov 30 15:00 openssl-0.9.8b
drwxr-xr-x 22 root root1536 Nov 30 14:54 openssl-0.9.8c
drwxr-xr-x 22 root root1536 Nov 30 14:46 openssl-0.9.8d
drwxr-xr-x 22 root root1536 Nov 30 14:41
Hi there,
I am trying to do a DH key exchange between BSAFE and OpenSSL. The server
side uses BSAFE to generate DH parameters and server's public/private key,
and my client uses received DH parameters to generate its keys. Now my
problem is that I cant parse out the DH parameters properly at
26 matches
Mail list logo
