Hi , my application can not use the socket calls . The data would be fed
to the application directly by a sniffer.
Hence socket based calls should not be used in our application. Hence I
guess BIO calls abstracted over the memory buffer need to be used for our
application. (the application
Hello,
I also created the same kind of Server that handle the different
clients but the only difference that i have different threads for
reading and writing as my application needed...
May be u need to check SSL structure for both read and write for
different connections.
There is no problem in
Hello Ajeet,
I think .PEM format is OK.
As i also used the same format for my application and used the same
API's as u mentioned and everything is fine..
Also u need to check your system date.. is that ok??
On Wed, Sep 24, 2008 at 9:08 PM, Lutz Jaenicke <[EMAIL PROTECTED]> wrote:
> Ajeet kumar
Hi, My requirement is like this:
I have the access to the server certificate and hence the private, public
key associated with the certificate are known to me.
When the payload carying the encrypted Pre Master Secret arrives from the
client, I(our application) need to fetch the encrypted
PMS and t
> I am new to the OpenSSL environment. I would like to know from
> the experts here about the BIO_read and BIO_write and the
> SSL_read and SSL_write.
The BIO_read and BIO_write functions read from or write to a BIO, which is
an abstraction for a buffered I/O object. The SSL_read and SSL_write
fu
prashanth s joshi:
> Hi I have got a query to make here. So if I know the private
> key(permanant) of the server is it possible to decrypt the SSL traffic?
You cut the answer to this exact question. It may or may not be possible,
depending on many factors. The permanent server key is just one of
Hi all,
I am new to the OpenSSL environment. I would like to know from the experts
here about the BIO_read and BIO_write and the SSL_read and SSL_write.
After a BIO object is created and associated with the i/o, only BIO_read
and BIO_write may be used. However why is that the SSL_read and SSL_writ
Hi I have got a query to make here. So if I know the private key(permanant)
of the server is it possible to decrypt the SSL traffic?
On Thu, Sep 25, 2008 at 7:47 AM, David Schwartz <[EMAIL PROTECTED]>wrote:
>
> > Dave,All
> >I would also like to be able to recreate a "session" by
> > recordin
> Dave,All
>I would also like to be able to recreate a "session" by
> recording (i.e with TCPDump -w) and playing the databack
> Through the proxy? If I understand the remarks below that might
> not be possible?
>
> Thanks
> Ed
It may or may not be possible, depending on many factors. At a m
> Dave,
> It appears that my take on this was really off, thank you for
> your explanation, what I am trying to do
> is to create a utility like ssltap that will allow me the ability
> to pull decrypted data out of a
> connection between a browser and Apache. So it appears I need to
> build s
Dave,All
I would also like to be able to recreate a "session" by recording (i.e with
TCPDump -w) and playing the databack
Through the proxy? If I understand the remarks below that might not be
possible?
Thanks
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
David Schwartz wrote:
> In many cases, FIPS actually results in (you might reasonably think, at
> least) reduced security. ...
>
> C) Quasi-FIPS. All FIPS rules are followed, except where it is genuinely
> believed that these rules reduce security or are unreasonably impractical.
> For example,
On Wed September 24 2008, Ed Wolfram wrote:
> Dave,
> It appears that my take on this was really off, thank you for your
> explanation, what I am trying to do
> is to create a utility like ssltap that will allow me the ability to pull
> decrypted data out of a
> connection between a browser
Dave,
It appears that my take on this was really off, thank you for your
explanation, what I am trying to do
is to create a utility like ssltap that will allow me the ability to pull
decrypted data out of a
connection between a browser and Apache. So it appears I need to build some
kind of
> I am trying to use a memory BIO to decrypt data
> from a TCP stream I am processing,
> I have followed the following steps and for some reason
> I am still not able to get the
> SSL_READ function to return anything but -1?
> I have looked at the archives and it
> appears that this method has w
All,
I am trying to use a memory BIO to decrypt data from a TCP stream I am
processing,
I have followed the following steps and for some reason I am still not able to
get the
SSL_READ function to return anything but -1? I have looked at the archives and
it
appears that this met
> I am rather confused why people need to drop out of FIPS mode. The
> Federal Information Processing Standard dictates that FIPS-validated
> cryptography be used for everything that requires cryptographic
> transformation for storage (or really anything that enters or leaves
> the cryptograpic s
Hi,
I encountered a strange error. I have a single thread server running in
linux which use epoll for multiple nonblocking connections. There is
only one server context, each SSL is created with SSL_new() from the
same context.
1. When I have one SSL connection setup, and have traffic going
In a word: no.
That's one of the goals of the FIPS 1.2.0 release and 0.9.8-fips branches.
-Kyle H
On Wed, Sep 24, 2008 at 7:38 AM, joshi chandran
<[EMAIL PROTECTED]> wrote:
> Is it possible to create FIPS enabled openssl shared library(openssl 0.9.7m)
> ? I am not able to build shared library .I
This is a known issue.
This workflow fails:
FIPS_mode_set(1);
FIPS_mode_set(0);
FIPS_mode_set(1); /* fails */
This workflow succeeds:
FIPS_mode_set(1);
FIPS_mode_set(0);
RAND_set_rand_method(NULL);
FIPS_mode_set(1); /* succeeds */
The reason is that the 1.1.x series of FIPS did not properly hand
Hello,
Program that want use Engine should enable it.
It's posible enable engine for all program without the program request
without patch?
Any plan to use linux kernel engine support in openssl software?
__
OpenSSL Project
Ajeet kumar.S wrote:
>
> Dear All,
>
> I want to verify the peer certificate (server
> certificate). For that we need CA Certificate, Let me know we required
> ROOT CA certificate in PEM format or in any other format, open ssl
> will support.
>
> Actually I called *SSL_CTX_load_verify_l
Is it possible to create FIPS enabled openssl shared library(openssl 0.9.7m)
? I am not able to build shared library .I am using AIX unix system
Thanks
Joshi
On Wed, Sep 24, 2008 at 6:47 PM, joshi chandran
<[EMAIL PROTECTED]>wrote:
> when i have done FIPS_mod_set(1),it goes into the fips mode an
The first command is to show the content of the PEM-formated certificate
The second command is to convert the certificate
The third command is to show the content of the DER-formated certificate
Ajeet kumar.S schrieb:
> Dear All;
> Thank you Marek Marcola for your help.I tried your suggestion. I g
Yesterday ther was the some question ...
openssl x509 -in crt.der -inform DER -out crt.pem -inform PEM
Ajeet kumar.S ha scritto:
Dear All;
Thank you Marek Marcola for your help.I tried your suggestion. I got out put
but it displayed in command window. But I want to save it in form of file
.crt
Dear All;
Thank you Marek Marcola for your help.I tried your suggestion. I got out put
but it displayed in command window. But I want to save it in form of file
.crt. Please advice me on that also.
Thank you.
Regards,
--Ajeet Kumar Singh
Sarve Bhavantu Sukhina ,Sarve Santu NiramayaSarve
Hello,
[EMAIL PROTECTED] wrote on 09/24/2008 03:19:20 PM:
> Dear All,
> Thank you Vineeta for your help.
> >hi..
> >you can simply rename the .pem format to .crt. It will work fine..
> As above you mention conversion from .pem to .der but .PEM format
having
> only certificate having like given
Dear All,
Thank you Vineeta for your help.
>hi..
>you can simply rename the .pem format to .crt. It will work fine..
As above you mention conversion from .pem to .der but .PEM format having
only certificate having like given below:
-BEGIN CERTIFICATE-
--
-
when i have done FIPS_mod_set(1),it goes into the fips mode and when i am
doing FIPS_mod_set(0), it come out of fips mode but when i again apply
FIPS_mod_set(1) ,it does not goes to fips mode
can u please help me out
Thanks
Joshi
On Wed, Sep 24, 2008 at 3:55 AM, Tim Hudson <[EMAIL PROTECTED]> w
hi..
you can simply rename the .pem format to .crt . It will work fine..
On Wed, Sep 24, 2008 at 3:12 PM, Ajeet kumar.S
<[EMAIL PROTECTED]> wrote:
> Hi All,
>
>Can we convert .der to .crt file? Please suggest me. How we can
> convert it using open ssl?
>
>
>
>
>
> Thank you.
>
> Regar
Dear All,
I want to verify the peer certificate (server certificate). For
that we need CA Certificate, Let me know we required ROOT CA certificate in
PEM format or in any other format, open ssl will support.
Actually I called SSL_CTX_load_verify_locations() after that I called
SSL_CTX
Hi All,
Can we convert .der to .crt file? Please suggest me. How we can
convert it using open ssl?
Thank you.
Regards,
--Ajeet Kumar Singh
<>
The functions I've used to send my OCSP request ('req') are the
following:
--
#define HOST "http://ocsp-server/ocsp/";
OCSP_parse_url(HOST, &host, &port, &path, &use_ssl);
cbio = BIO_new_connect(host);
BIO_set_conn_port(cbio, port);
resp = OCSP_sendreq_bio(cbi
33 matches
Mail list logo