On Tue, Mar 22, 2011 at 08:47:55PM -0700, Claus Assmann wrote:
> On Tue, Mar 22, 2011, Victor Duchovni wrote:
>
> > > client() has some code like this:
> > > SSL_CTX_set_ex_data(a_ctx->a_ssl_ctx, myidx, a_ctx->cb_arg);
> >
> > No, don't do that, the SSL_CTX application context object is global
On Tue, Mar 22, 2011, Victor Duchovni wrote:
> > client() has some code like this:
> > SSL_CTX_set_ex_data(a_ctx->a_ssl_ctx, myidx, a_ctx->cb_arg);
>
> No, don't do that, the SSL_CTX application context object is global.
I was demonstrating that the callback API has some problems.
If the commo
1)The exponent x in DH can be any number.It should be big enough to
bear attack.The source in DH told us what exponent x can be.
ref:dh_key.c
if (generate_new_key)
{
l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent
length */
if (!BN_rand(priv_key,
4 numbers to make signs curvilinear. make a 1 in the ratings this
made orthogonal form which brings up four primitive imagination. This
is the next civilization
Le mercredi 23 mars 2011 à 01:12 +0100, ikuzar a écrit :
> Hello,
> I 'd like to know :
> 1) if exponent x in g^x must be a great prim
Although the generator g can be any number, it is typically 2 or 5.
In fact, this is all that OpenSSL supports (values 2 or 5 for g). The
typical situation is this:
(1) Alice and Bob generate random secret values a and b. If a or b
happen to be prime, that is fine - but they need not be.
(2) Ali
Hello,
I 'd like to know :
1) if exponent x in g^x must be a great prime number. In some docs I saw, it
is said that x must b a GREAT number but no information about primality ..
2) May generation of 'x' run for hours like related here :
http://www.openssl.org/docs/crypto/DH_generate_parameters.ht
I have pushed a BIO_f_buffer onto my BIO stack to get output buffering, This
works fine. However, when I read from the BIO_f_buffer, it only returns when
the buffer I give it is full. This is unlike the normal behavor of the below
it in the stack, and different from a direct read.
Is this the expec
On 3/22/2011 9:07 AM, Steffen DETTMER wrote:
When some entity verifies a certificate, finds a valid signature
etc but the current date is not between "Valid From" to "Valid
To", meaning the certificate seems "not yet valid" or "expired",
what is recommended to do?
It depends what you're doing.
On Thu, Mar 10, 2011, Christian Weber wrote:
> Hi there,
>
> in the past we have implemented some templates for x509v3
> extensions for certificates due to being able to handle
> some attributes defined in common-pki 2.0.
>
> One of the more structured attributes is admission:
> >id-isismtt-at-a
I have a signed personal certificate and a list of CAs that chain
together. Towards the top of the chain, I run into problems because
the CAs are cross-signed. The Issuer: field for "CA1" is "CA2", and
the Issuer: field for "CA2" is "CA1".
When I run "openssl verify kdreyer.pem", OpenSSL is able t
Hi,
I though this was already discussed, but I cannot find pointers.
When some entity verifies a certificate, finds a valid signature
etc but the current date is not between "Valid From" to "Valid
To", meaning the certificate seems "not yet valid" or "expired",
what is recommended to do?
I think
Hello,
I 'd like to know what is the real signature of d2i_DHhparams. When I run my
appli, I have got this error :
error: cannot convert ‘unsigned char (*)[256]’ to ‘const unsigned char**’
for argument ‘2’ to ‘DH* d2i_DHparams(DH**, const unsigned char**, long
int)’
In openssl doc, we have :
DH
Hello,
1) I do not know when must I use pem or der format when I deal with data
encoding.
For example, now, I have to read DHparam file. I created it with command
line. I chose DHparam.pem because PEM is commonly used...
2) So, I am looking for PEM encode/decode functions which help me to perfor
Hi all
I am working on implementing hierarchical pki in java. For that i am using
openssl for certificate purpose.All work fine for me but i am struck at one
point.
*
1. openssl ca -config abhi1\rootca1\rootca1.conf -batch -notext -out
abhi1\i2\ca.crt -in abhi1\i2\ca.csr
ExitValue: 1*
Using con
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ikuzar
> Sent: Friday, March 18, 2011 5:41 AM
> To: openssl-users@openssl.org
> Subject: Re: data size issue with SSL_read( ) / SSL_write
>
> Ryan, what is the suitable cipher suite that works fine ( s
15 matches
Mail list logo
