How to validate DSA and DH generated keys from openssl command line
interface.
Since we can validate the rsa keys using '-check' option in rsa command .
Do we have same provision for DSA and DH keys.
--
Thanks & Regards
Jitendra Pawar
Hi Jeff,
Thanks for the reply. I don’t want to enable SSLv2, but would like to support
SSLv3, TLS 1.0. Code where I am creating the SSL context and setting the
options looks as shown below
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if (ssl_ctx != NULL)
SSL_CTX_set_options(ssl_ctx,
Hi Jeff,
Thanks for the reply. I don’t want to enable SSLv2, but would like to support
SSLv3, TLS 1.0. Code where I am creating the SSL context and setting the
options looks as shown below
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if (ssl_ctx != NULL)
SSL_CTX_set_options(ssl_ctx,
On Mon, Oct 29, 2012 at 4:02 PM, Erwann Abalea
wrote:
> Where's the failure here?
> hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization, and in
> case of a NULL hostname or certificate it is returned by the function,
> unmodified.
My bad - you were right. I fetched the document ag
On Mon, Oct 29, 2012 at 4:02 PM, Erwann Abalea
wrote:
> Where's the failure here?
> hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization, and in
> case of a NULL hostname or certificate it is returned by the function,
> unmodified.
HOSTNAME_VALIDATION_ERR is not mentioned in
https:
Aha! Got it, I think. Thanks. Was not aware that one could do this sort of
thing. Neat trick. GetProcAddress() is documented only for locating
functions in a DLL, but I guess __declspec(dllexport) causes the name to be
exported in such a way that GetProcAddress() can find it.
> OpenSSL_Applink is
> From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de
Almeida
> Sent: Monday, 29 October, 2012 16:20
> The problem I've got is quite simple. The callback I pass
> throught this
> function is not called.
> Someone could please help me figure out why? I've wrote as
> OpenSSL pag
@Gerardo,
I'm having a problem with this function and I will use your thread for some
support.
@All
The problem I've got is quite simple. The callback I pass throught this
function is not called. I inserted a breakpoint into cb and it's not called
at all.
I'm using OpenSSL 1.0.1c. I'm sure abou
Bonjour,
In the 4.2 paragraph, talking about revocation, you explicitely write
that your code examples don't check for revocation. Depending on your
target audience, this might not be a wise choice.
In the same part, you're referring to a post by Ben Laurie about how
hard it is to detect revok
Where's the failure here?
hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization,
and in case of a NULL hostname or certificate it is returned by the
function, unmodified.
--
Erwann ABALEA
Le 27/10/2012 21:00, Jeffrey Walton a écrit :
On Sat, Oct 27, 2012 at 11:00 AM, Alban D.
In the previous version of the FIPS module (openssl-fips-1.2.3), the
incore script had an incore_adjust value. The new version
(openssl-fips-2.0.1) is a perl script and I cannot see how to adjust
the offset for our processor. Can anyone point me in the right
direction here?
___
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Friday, 26 October, 2012 11:08
> 1. Pardon my ignorance. So _Applink is a generic Windows facility, not
> OpenSSL-specific? Can you point me to a link or something
> that explains. I could not find anything.
OpenSSL_Appli
> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar
(anmajumd)
> Sent: Friday, 26 October, 2012 19:13
> To: openssl-users@openssl.org
> Subject: Re: sslv3 alert bad certificate:s3_pkt.c:1065:SSL alert number 42
> This is a close box without a server operator.
> Is there a
> From: owner-openssl-us...@openssl.org On Behalf Of flowher
> Sent: Saturday, 27 October, 2012 09:03
> To: openssl-users@openssl.org
> Subject: Certificate lookup
>
> I'm using 'openssl verify -CApath /something/cert CERT_TO_VERIFY' to
> verify certificate chains.
> I just found out that some ce
On Mon, Oct 29, 2012, Gerardo Ganis wrote:
>
> Dear OpenSSL Users,
>
> Could someone confirm that when loading private keys in memory using
> PEM_read_PrivateKey
>
> EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0);
>
> the full key is filled in, i.e. evpp points to a com
On Mon, Oct 29, 2012 at 11:04 AM, Jakob Bohm wrote:
> On 10/27/2012 10:58 PM, Jeffrey Walton wrote:
>>
>> On Sat, Oct 27, 2012 at 11:00 AM, Alban D. wrote:
>>>
>>> Hi everyone,
>>>
>>> iSEC Partners just released a paper that provides detailed guidelines
>>> and sample code on how to properly do
On 29 Oct 2012, at 8:44 AM, Miroslav Mikluš wrote:
> The xmldsig (http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue)
> use the first form of RSA representation with respect to the :
> http://tools.ietf.org/html/rfc3447#section-3.2
The RSAKeyValue element contains a public key, but the quintuple
> SSL_CTX_set_options, should I indicate protocols using this function?.
Before you do that, please realize TLS 1.0 is the least broken of the
protocols you are trying to enable. You really want all TLS 1.2
clients, but its not widely implemented in clients and servers. I can
tell you that a number
Hi Charles,
I was under the assumption that I can turn of protocols using this options.
Since I wanted to give a try, without turning off any protocol, did not give
attention towards this call. Let me give a try.
Thank you
Jaya
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@
Hi,
I have CCM chiper suite in the openssl and for some other requirement I
have write my own simple webserver... Can somebody help me to develop
simple openssl based webserver ..
I just need to support the POST operation at my server side
i.e , in my requirement , client will post the data to we
Dear OpenSSL Users,
Could someone confirm that when loading private keys in memory using
PEM_read_PrivateKey
EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0);
the full key is filled in, i.e. evpp points to a complete
(public+private) key?
By analyzing the structure aft
Hi all,
The xmldsig (http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue)
use the first form of RSA representation with respect to the :
http://tools.ietf.org/html/rfc3447#section-3.2
It looks like rsa.h use the quintuple representation only,
is there a way how to work with the (n, d) form in ope
(Remember to start a new thread, not replying to some ancient
thread).
(Remember to put a non-blank subject in your mails, so we all
have an idea what is about)
On 10/22/2012 6:51 PM, Kevin Butters wrote:
Is there an SSL command that can be used to display CA cert information
extracted from the
You should at least look into it. I am not sure what the defaults are
without looking at the docs. Try setting SSL_OP_ALL (sounds good to me) |
SSL_OP_NO_SSLv2 (SSL v2 is considered to be badly flawed). That should
(IIRC) leave you able to accept SSL v3, TLS v1, and TLS v1.1.
Charles
From: ow
On 10/27/2012 10:58 PM, Jeffrey Walton wrote:
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10
Hi Charles,
Thank you for the reply. I am not setting any option using
SSL_CTX_set_options, should I indicate protocols using this function?.
Regards
Jaya
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Charles Mills
Sent: Monday, October 29, 2012 7:
Thanks,
Also it can be usefull to go back to the book 'Network Security with
OpenSSL', pages 128 to 138.
Michel.
Le 27/10/2012 17:00, Alban D. a écrit :
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate valid
Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL,
SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept?
BTW, openssl-users (not -dev) is the proper forum for this sort of
questions.
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@
Hi All,
I have a client application that uses SSL23_client_method(). When the client is
getting connected to server that supports TLS 1.0 there are no issues. When the
client is getting connected to server that supports only SSLv3.0, connection is
getting aborted with protocol number error.
I
29 matches
Mail list logo
