Hi Willy,
Not seeing how to get the SafeNet patch working I switched to the
approach you mention just a few hours ago.
And indeed, this approach seems to be working fine. I am now able to
connect to the ProtectServer HSM through OpenSSL and perform
cryptographic operations.
Thanks a lot
Hi Frederik,
the patch you mention was - according to my knowledge - never an
officially released one, and it doesn't work, not only because of the
wrong directory where the shared library is stored. Unfortunately it
seems that no one at Safenet except for a single person seems to know
how to use
> From: owner-openssl-us...@openssl.org On Behalf Of Hihn, Jason
> Sent: Monday, 30 November, 2009 18:09
> I am trying to have a java 1.5 client connect to a OpenSSL
> TLS server. I
> can connect fine from other OpenSSL implementations.
>
By default for maximum compatibility across the world-wi
> From: owner-openssl-us...@openssl.org On Behalf Of yhilbert
> Sent: Tuesday, 01 December, 2009 05:26
> Hi I am new to Visual Studio and OpenSSL but how do I ensure
> the library
> libeay32.dll is merged into my console application so it
> doesnt complain at
> runtime. For example I have follow
Ah, but this hits at the crux of the openssl docs.
Of course, it is silly to presume a fixed library will handle open-ended
verification. And, indeed, I handle CRLs and OCSP in my own verify function.
The problem is when I read a vague admonishment to not supply my own
verification function bec
Hi Rene:
Rene Hollan wrote:
>
> 2) Things like OCSP, CRLs, and other SSL "extensions" have always
> stumped me. Is it something the user of the library is responsible
> for, when validating a cert, or can the library do it itself when I
> try to establish an SSL connection, and to what degree can
That works for *future* documentation for *new* code, but it doesn't address
the existing gaps.
Perhaps examining where the existing gaps are biggest would be productive.
For me, two areas have always been confusing:
1) What objects are dynamically allocated, appropriately reference counted, an
Thank you very much!
>
> In message <001101ca72e0$8a6fbd60$9f4f38...@com> on Tue, 1 Dec 2009
> 15:46:43 -0800, Scott Neugroschl said:
>
> redfloyd> I'm trying to build a custom ENGINE, and the docs are fairly
> sketchy as to
> redfloyd> how to do it.
> redfloyd>
> redfloyd> It doesn't have to be
On Wed, Dec 02, 2009 at 11:17:44AM -0800, Rene Hollan wrote:
>
> To someone who uses code, it doesn't matter a fig what the designer was
> thinking. It matter what the code does. Then you can decide if it does
> something correctly enough to be usable in the state it's in.
>
My sense is that
To someone who uses code, it doesn't matter a fig what the designer was
thinking. It matter what the code does. Then you can decide if it does
something correctly enough to be usable in the state it's in.
Now, if what you're trying to do is distill some overall global design details
from patte
Not quite. The docs may not indicate whether a returned reference is
dynamically allocated, statically allocated, reference counted, how to
deallocate, etc. The API will still be correct as far as a reference being
returned, but the documentation will be incomplete.
Often the library implemente
In message <001101ca72e0$8a6fbd60$9f4f38...@com> on Tue, 1 Dec 2009 15:46:43
-0800, Scott Neugroschl said:
redfloyd> I'm trying to build a custom ENGINE, and the docs are fairly sketchy
as to
redfloyd> how to do it.
redfloyd>
redfloyd> It doesn't have to be dynamic -- my application will have
On Wed, Dec 02, 2009, Scott Neugroschl wrote:
> Am I correct in assuming that an RSA structure is contains the encryption
> "context" for a particular instance of RSA, whereas RSA_METHOD contains the
> functions that the RSA instance will use?
>
The RSA structure contains the actual key to use w
Am I correct in assuming that an RSA structure is contains the encryption
"context" for a particular instance of RSA, whereas RSA_METHOD contains the
functions that the RSA instance will use?
ScottN
On Wed, Dec 02, 2009, Jan Danielsson wrote:
> Hello,
>
>I've been trying to wrap my head around certificate signing, and how
> it differs when using "x509" and "ca". Please correct me if I'm wrong:
>
Well they've been about since SSLeay so I can't comment on the precise
motivation.
I'd spe
Hello,
I've been trying to wrap my head around certificate signing, and how
it differs when using "x509" and "ca". Please correct me if I'm wrong:
(This is wild speculation on my part) x509 is the "traditional" way
to sign CSR's. Somewhere along the line, someone thought it was too
complica
Hi Frederik,
On Dec 2, 2009, at 7:27 AM, Frederik Mennes wrote:
> Hi everyone,
>
> I am trying to use OpenSSL’s EVP interface with as engine a SafeNet (formerly
> Eracom) ProtectServer HSM.
>
> I have received from SafeNet a patched version of OpenSSL 0.9.8d. This patch
> is called “ERAC-3
- Original Message -
From: "Dr. Stephen Henson"
To:
Sent: Tuesday, December 01, 2009 6:58 PM
Subject: Re: FIPS 140-2 and PBKD
On Tue, Dec 01, 2009, carlyo...@keycomm.co.uk wrote:
In openssl, if I try to use anything using PBKD (PKCS#5 PBKDF2 in
particular) when in FIPS enabled m
Sebastián Treu wrote:
> are thes equivalent to each others? or should I use the openssl
> toolkit? I ask this cause sha1sum results are 41 bytes long. the
> SHA-1() doc says 20bytes for output.
Check whether the binary sha1 hashes are being encoded along the way. A
common way to encode sha1 hashe
Sha1sum output has 40 hexadecimal symbols. Each hexadecimal is
represented by 4 bits. So sha1sum has 40*4=160bits/20bytes output.
Probably you made some confusion about the sha1sum output representation.
2009/12/2 Sebastián Treu :
> Hi,
>
> I'm reading this:
>
> http://www.openssl.org/docs/crypto
Hi everyone,
I am trying to use OpenSSL's EVP interface with as engine a SafeNet
(formerly Eracom) ProtectServer HSM.
I have received from SafeNet a patched version of OpenSSL 0.9.8d. This
patch is called "ERAC-3.30-openssl-0.9.8d.patch". I am working on Ubuntu
Linux with kernel version 2.6
Hi,
I'm reading this:
http://www.openssl.org/docs/crypto/sha.html
"[...]
DESCRIPTION
SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
160 bit output.
SHA1() computes the SHA-1 message digest of the n bytes at d and
places it in md (which must have space for SHA_DIGEST_LENG
Michal,
The link to stunnel-4.29-installer.exe is broken in both Firefox (error
505) and IE8. The other links I tried were ok.
Carter
Carter Browne
CBCS
cbro...@cbcs-usa.com
781-721-2890
Michal Trojnara wrote:
> The ChangeLog entry:
>
> Version 4.29, 2009.12.02, urgency: MEDIUM:
> * New feat
Great to hear from another former TOPS-20 userI worked on TOPS back in the
early 80s, then VMS of course.
Also reverse-engineered (to some degree, more like reverse-compiled) PDP-8
paper tape. All in all, I'll take the docs. :)
Randy
On Dec 2, 2009, at 6:42 AM, Mark H. Wood wrote:
> On T
On Tue, Dec 01, 2009 at 02:08:08PM -0800, Randy Turner wrote:
> As an investor, I would rather have my coders use a product with
> documentation to "make progress" on the actual goals of the product,
> rather than reverse-engineer the information they're trying to look
> for.
>
> With the former me
On Tue, Dec 01, 2009 at 03:23:15PM -0800, Rene Hollan wrote:
> The problem is that the documentation may not be correct, sending your coders
> on a wild goose chase.
Bah, if the code does not do what the documentation describes then the
*code* is incorrect. Documentation can only be incorrect if
> The problem is that the documentation may not be correct,
> sending your coders on a wild goose chase.
Anything may contain errors. I don't think this is a valid reason for
not
doing it.
> Think of the source code as a safe but boring investment
> (with little barrier to entry), and the d
On Wed, Dec 02, 2009, Victor B. Wagner wrote:
> When openssl ca command creates a certificate from SPKAC, it
> accepts option utf8, which theoretically should make it accept any
> utf8 characters and place them into certificate DN using apporpriate
> ASN1 STRING type (i.e. BMP_STRING or UTF8_STR
Script started on Wed Dec 2 05:54:45 2009
doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20091202$ egrep bsdi
Con
figure
"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3
-march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts
The ChangeLog entry:
Version 4.29, 2009.12.02, urgency: MEDIUM:
* New feature sponsored by Searchtech Limited http://www.astraweb.com/
- sessiond, a high performance SSL session cache was built for stunnel.
A new service-level "sessiond" option was added. sessiond is
available for downloa
I'm trying to build a custom ENGINE, and the docs are fairly sketchy as to
how to do it.
It doesn't have to be dynamic -- my application will have the code to build
the ENGINE and register it.
Are there any good pointers on building an ENGINE?
Scott Neugroschl
XYPRO Technology Corpo
When openssl ca command creates a certificate from SPKAC, it
accepts option utf8, which theoretically should make it accept any
utf8 characters and place them into certificate DN using apporpriate
ASN1 STRING type (i.e. BMP_STRING or UTF8_STRING).
However, function certify_spkac in apps/ca.c use
32 matches
Mail list logo
