On Thu, Nov 06, 2008, BiGNoRm6969 wrote:
Hi, here is my problem:
I first created a private RSA key with the argument -passout pass:123456
After that I create the certificate with this the argument -passin: 123456
In my code I do that:
static char keyfile[] = C:/MyKeyFile.pem;
On Fri, Nov 07, 2008, Roger No-Spam wrote:
Furthermore, there seems to be FIPS changes required in openssl outside the
FIPS module. This is my conclusion after having studied the FIPS_098_TEST_8
branch in openssl's cvs server. When are these changes scheduled to be
merged into the main
Hello Normand,
so here is the tricky part of openssl's command line.
You create your key file with genrsa and the passout option. Now you could
think that your keyfile is encrypted but it isnt. You have to configure the
encryption algorithm:
-desencrypt the generated key with DES
I will be out of the office starting 30.10.2008 and will not return until
09.11.2008.
I will respond to your message when I return. If you have urgent need
please contact [EMAIL PROTECTED]
-
DISCLAIMER
This email and any files
Ben Sandee wrote:
On Thu, Nov 6, 2008 at 9:11 PM, David Schwartz [EMAIL PROTECTED]
wrote:
There needs to be a call to fcntl(fd,F_SETFL,O_NONBLOCK) just after
the socket() call and error status check.
That will just waste CPU. The code will spin in each loop
while (!success) loop until
Hi, here is my problem:
I first created a private RSA key with the argument -passout pass:123456
After that I create the certificate with this the argument -passin: 123456
In my code I do that:
static char keyfile[] = C:/MyKeyFile.pem;
FILE* fp = fopen( keyfile, r);
pem_password_cb* pem_cb
On Fri, Nov 7, 2008 at 9:38 AM, David Schwartz [EMAIL PROTECTED] wrote:
Sounds like the interface is badly thought out. Perhaps the best
reasonable
compromise, short of changing the interface, is to set a limit (maybe 3
seconds or so) to how long RANG_egd can block (this would mean it will
Hi,We have included openssl in our product, a proprietary OS and development
environment. Customers have requested that we include the FIPS validated
version of openssl. We have included the openssl 0.9.8 base line and I am now
trying to clarify what the implications are of including the 0.9.8
Hi,
I would like to know if there is any reason why the patch provided by
wpasupplicant to enable EAP-FAST has not been included in openssl? Or are there
any plans to include this functionailty soon?
Thanks!
Regards,
Adrian Quek
First of all: heed David's [Schwartz] advice, especially in his last email.
This stuff is /not/ meant to fix broken designs but only to be used
when you absolutely have to:
what you can use, when you need to detect clients crashing or networks
failing, is add a 'heartbeat' (as was mentioned
On November 7, 2008 06:08:19 am Aravinda babu wrote:
Hi all,
First of all thanks for all of your suggestions and information.I got a
clear idea of how to do the required thing.
I forgot to mention one thing.
We are making one library for certificate management which will be used by
This is not a sure thing, but from a quick scan of your code, it looks
like you are constructing an incomplete certificate in memory, which
might hurt you further down the road, i.e. when transmitting the cert,
which is then checked by the other party.
Specifically, check the code to construct
Hi,
I am looking for a solution to add X509v3 Subject Alternative Name into the
cert with openssl. The subject Alternative Name I need to add is in the
format of
Other Name:
Principal [EMAIL PROTECTED]
Can any one show me how to achieve it? I really appreciate your help.
Thanks,
Yang
Posting a solution to this issue just in case it helps others with the same
issue. The problem was solved by setting the socket to be non-blocking and
then looping when the error is SSL wants a read first. I try limit the
number of loops to 10 before I give up. It takes 2 times in the loop
Yang Wang wrote:
Hi,
I am looking for a solution to add X509v3 Subject Alternative Name into the
cert with openssl. The subject Alternative Name I need to add is in the
format of
Other Name:
Principal [EMAIL PROTECTED]
Can any one show me how to achieve it? I really appreciate your
hi all,
I'm currently working on OpenVPN which I found out that it uses openssl
for its encryption. So I looked into openssl source code and found a file
eng_padlock.c So my currently my openssl (version 0.9.8g) does support
padlock AES function. Im not sure how to activate it from
On Fri, Nov 7, 2008 at 3:56 PM, Kyle Hamilton [EMAIL PROTECTED] wrote:
There should be some means of determining how much entropy is actually
in the information obtained from the EGD. The return values should
reflect the number of bits stirred in, with 0 being we haven't gotten
anything yet.
17 matches
Mail list logo