I am trying to sign a cert I created using Cleo Lexicom, but get the below
error.
C:\OpenSSL\bin>openssl x509 -req -days 1825 -in owi_inter_root.csr -CA
owi_inter
_root.cer -CAkey owi_inter_root.pem -set_serial 01 -out owi_server.crt
Loading 'screen' into random state - done
Signature ok
subj
Are JSEE and openssl compatible? Googling has failed me
(note that I'm new to SSL)
I'm trying to connect a C++ client to a JBoss web server using JSSE, and
having problems.
At the moment, I'm attempting to get the openssl s_client to connect,
and getting this error:
> openssl s_cl
Md Lazreg wrote:
> Actually the same question is valid even if I am not using SSL sockets.
> So is there a way to distinguish between if a socket was closed because
> of a client crash or because of a netwrok issue?. If yes, is there an
> equivalent under SSL sockets?
You have three choices:
1)
Hello,
In appendix B of the openssl FIPS security policy it is stated that the module
must be built with a particular tar file (openssl-fips-1.1.2.tar.gz) and a hmac
hash value for the tar file is specified. Furthermore it is stated that there
shall be no additions, deletions, or alterations o
> Hello,
>
> In appendix B of the openssl FIPS security policy it is stated
> that the module must be built with a particular tar file
> (openssl-fips-1.1.2.tar.gz) and a hmac hash value for the tar
> file is specified. Furthermore it is stated that there shall be
> no additions, deletions, or alt
Roger No-Spam wrote:
Hello,
In appendix B of the openssl FIPS security policy it is stated that
the module must be built with a particular tar file
(openssl-fips-1.1.2.tar.gz) and a hmac hash value for the tar file is
specified. Furthermore it is stated that there shall be no
additions, dele
David Schwartz wrote:
...
Build the FIPS module, then fix the higher-level code, then build the rest
of OpenSSL. So long as don't modify the source before building the FIPS
module, you are fine. You can fix the code that doesn't go in the FIPS
canister without violating FIPS, then link your fix
That's how FIPS 140 certification works. If *any* change is made to the thing
that was certified, then it must reviewed and re-certified. If the change is
small, then the review process can be short. The certifying lab has to ensure
that the change didn't intentionally or unintentionally comp
Thanks David.
Unfortunately option 1) and 3) are not possible for my clients.
option 2) seems the way to go for me, but so far it proved unreliable. Here
are some scenarios I have been playing with:
1)Crash a client running on unix:
The SSL_read returns 0 . The SSL error code is SSL_ERROR_SYSCA
Hi.
Thank you for your explanation, I did what you said and it worked fine
on a simple text file I use for the tests. When I tried to encrypt a >
400mb tgz file, though, I got this error message:
11980:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too
large for key size:rsa_pk1.
Hi All,
I am getting an error while building the DLL while using the fipslink.pl.
***
Error:-
X:/test/fips_premain_dso.exe test_t.dll
3800:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared li
brary:.\crypto\dso\dso_win32.c:172:filename(test_t.dll)
3800:e
> Thanks David.
> Unfortunately option 1) and 3) are not possible for my clients.
In other words, you cannot engineer a sensible option and have to fake it.
That's fine, but solutions that aren't engineered tend to be poor.
> option 2) seems the way to go for me, but so far it proved unreliable
Anyone know what could be the cause of this error?This error occurs on a
Windows system. The calling system (which shouldn't matter) is Solaris.
However, other Windows systems that call to this system succeed, although
the only notable error is here.
Calling SSL_accept.
Error code: 5
erro
Actually the same question is valid even if I am not using SSL sockets. So
is there a way to distinguish between if a socket was closed because of a
client crash or because of a netwrok issue?. If yes, is there an equivalent
under SSL sockets?
Thanks
On Wed, Oct 29, 2008 at 2:09 PM, Md Lazreg <[E
Hello,
I've built OpenSSL 0.9.8i on a Solaris 9 SPARC system, using a fully
patched Sun Studio 11.
It builds fine, however, «make test» fails (see below).
Version 0.9.8h built on the same system with the same parameters doesn't
fail.
Version 0.9.8i built with Studio 12 on S10 x86 doesn't fail, e
> Calling SSL_accept.
> Error code: 5
> error::lib(0):func(0):reason(0)
> Error: SSL_ERROR_SYSCALL, errlist: No such file or directory
> WSAGetLastError, rc=0
>
> This is basically the APIs I call to get the above information.
>
> err = SSL_get_error(ssl, rc);
> printf("Error code: %d", er
I am using a new javacard with the musclecard applet.
I have been able to generate and sign with 1024 bit keys but when I got
to use 2048 bit keys I can only generate them not sign with them.
I get the following error:
6068:error:8006C06D:lib(128):RSA_PRIV_ENC:msc invalid call:e_musclecard.c:502
You are correct, it returns 0. RC=0 is a handshake failure?I think I
need to debug this on the Solaris side then. Which makes sense.Thanks
for the help!
Calling SSL_accept.
SSL_accept rc=0
Error code: 5
error::lib(0):func(0):reason(0)
Error: SSL_ERROR_SYSCALL, errlist: No such
On Tue, Nov 04, 2008, Justin A wrote:
> Hi All,
>
> I am getting an error while building the DLL while using the fipslink.pl.
>
>
>
> ***
>
> Error:-
>
> X:/test/fips_premain_dso.exe test_t.dll
>
> 3800:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared
>
So I can now see the Solaris side. It appears it gets "gibberish", probably
encrypted data. Does anyone know why it would appear that the socket is
not decrypting the data? This same code works fine on a Windows system.
SSL_ca_file: /opt/bf-567/Platform/keystore/CA.pem
SSL_cert_file: /opt/b
Hi,
I'm currently using the openssl utilities for computing MD5 sums on
files. Until now I have always done these operations in the main thread.
Now I want to use the same code in a working thread to be able to update
GUI while computing the MD5.
The main thread will only update GUI and wait
Hi,
I'm trying create a mutually authenticated SSL connection using a proxy
certificate[1] generated by MyProxy server for the client side. The server
contains the certificate of the CA, but does not contain the certificate of
the user who issued/signed the proxy certificate. Hence the proxy
certif
Hi Dr Stephen,
Thanks for your response.
This is what I am trying to do.
I have an application which is test.exe while executing it will load the DLL
(t.dll) . In the DLL I have one of the file which calls the FIPS_mode_set.
1) So while creating the DLL ( t.dll) I used the fipslink.pl jus
Hi Dr Stephen,
Thanks for your response.
This is what I am trying to do.
I have an application which is test.exe while executing it will load the DLL
(t.dll) . In the DLL I have one of the file which calls the FIPS_mode_set.
1) So while creating the DLL ( t.dll) I used the fipslink.pl jus
How do I get my email address of this list? You guys are killing me with
all this email!
Tks
Mark Missigman
EMA Inc
Information Assurance
Certification and Accreditation
Cross-Domain Solutions
(904) 282-3831
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROT
From: [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Monday, 03 November, 2008 11:38
I am trying to sign a cert I created using Cleo Lexicom, but get the below
error.
C:\OpenSSL\bin>openssl x509 -req -days 1825 -in owi_inter_root.csr -CA
owi_inter
_root.cer -CAkey owi_inter_root.pem
On Tue, Nov 04, 2008, Justin A wrote:
>
> This is what I am trying to do.
>
> I have an application which is test.exe while executing it will load the
> DLL (t.dll) . In the DLL I have one of the file which calls the
> FIPS_mode_set.
>
> 1) So while creating the DLL ( t.dll) I used the fips
Hello,
I'm programming an application to know the number of Unread Mail in my Gmail
Account.
It use openssl for the ssl protocol
below are the lines code when I want to communicate :
SSL_read(SSL_fd,buf1,200);i = sprintf(buf, "USER %s\n", login);
SSL_write(SSL_fd,buf,i);Sleep(100);
SSL
Hi Dr Stephen,
>>Well the fipslink.pl error is caused by a call to LoadLibraryA() failing on
>>that DLL. What happens if you call fips_premain_dso test.dll?
X:/fips/fips_premain_dso.exe test.dll
2992:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared li
brary:.\crypto\dso\ds
> So I can now see the Solaris side. It appears it gets
> "gibberish", probably
> encrypted data. Does anyone know why it would appear that the socket is
> not decrypting the data? This same code works fine on a Windows system.
>
> SSL_ca_file: /opt/bf-567/Platform/keystore/CA.pem
> SSL_cert
30 matches
Mail list logo