Pls, see below.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dave Thompson
Sent: Friday, January 18, 2013 8:11 PM
To: openssl-users@openssl.org
Subject: RE: Openssl server certificates validation error
>From: owner-openssl
>From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
>Sent: Friday, 18 January, 2013 17:54
Additional to previous sent prematurely:
>On OpenSSL startup, the file is read from window certifcate store
>and saved into the X509 certificate store.
>1) File is read from window certifi
Pls, see my comments below.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dave Thompson
Sent: Friday, January 18, 2013 7:55 PM
To: openssl-users@openssl.org
Subject: RE: Openssl server certificates validation error
>From: o
Nayna,
I am not sure what you are trying to analyze. Not all servers are
configured with TLSv1, some sites may only support SSLv2 or SSLv3.
Wireshark does support analyzing https by default, you donĀ¹t have to
configure separately.
I use Wireshark all the time to analyze packet captures.
Santhosh
>From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
>Sent: Friday, 18 January, 2013 17:54
>I am having problem with server certificate verification
>the SSL_get_verify_result() returns Error code 20.
>I add a (xx.cert) file to the window certificate store as follow.
>On OpenSSL sta
I am currently doing the suggested steps:
1- Loading your certificate (in PCCERT_CONTEXT structure) from Windows Cert
store using Crypto APIs
CertGetCertificateChain().
2- Get encrypted content of it in binary format as it is.
[PCCERT_CONTEXT->pbCertEncoded].
3- Parse this bin
On Fri, Jan 18, 2013 at 5:53 PM, Hazrat Shah wrote:
>
> I am having problem with server certificate verification the
> SSL_get_verify_result() returns
>
> Error code 20.
>From http://www.openssl.org/docs/apps/verify.html, that is
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
> I add a (xx.cert) f
Hi,
I am having problem with server certificate verification the
SSL_get_verify_result() returns
Error code 20.
I add a (xx.cert) file to the window certificate store as follow.
1) The file supported encoding types are X509_ASN_ENCODING and
PKCS_7_ASN_ENCODING
The file is converted from bas
Hi,
I am having some difficulties linking my application to an openssl-fips static
library. My development environment is VS2012 / Windows 8. I am able to build
/install the openssl-fips distribution and I am able to enter fips mode in the
openssl.exe application that comes with the distribution
> I have been trying that. it shows handshake for TLSv1 for some sites and
> not for others.
>
> I might be using it wrong.. but am not also sure if it supports analyzing
> https by default..
>
> Have you tried it ?
If Wireshark doesn't work, try Microsoft Network Monitor (NetMon).
Wireshark is
> From: owner-openssl-us...@openssl.org On Behalf Of Nayna Jain
> Sent: Friday, 18 January, 2013 14:52
> I have been trying [wireshark]. it shows handshake for TLSv1 for
> some sites and not for others.
>
It works for me on all sites. Note wireshark usually selects the protocol
to decode by por
I have been trying that. it shows handshake for TLSv1 for some sites and
not for others.
I might be using it wrong.. but am not also sure if it supports analyzing
https by default..
Have you tried it ?
Thanks & Regards,
Nayna Jain
From: Santhosh Kokala
To: "openssl-users@openssl.org"
How about wireshark?
On 1/18/13 11:38 AM, "Nayna Jain" wrote:
>
>Hi,
>
>I want to analyze the actual SSL handshake happening over the wire.
>Does anyone know a good open source analyzer tool for Windows ?
>
>Thanks & Regards,
>Nayna Jain
>
>___
Hi,
I want to analyze the actual SSL handshake happening over the wire.
Does anyone know a good open source analyzer tool for Windows ?
Thanks & Regards,
Nayna Jain
__
OpenSSL Project http://www.
On Fri, Jan 18, 2013 at 11:01 AM, Memmott, Lester
wrote:
>>All modern Versions of Microsoft's C Runtime are thread safe. That occurred
>>around Visual Studio 6.0 (circa 2000 or so).
> >From http://msdn.microsoft.com/en-us/library/abx4dbyh.aspx: "The
> >single-threaded CRT (libc.lib, libcd.lib) (
On 01/18/2013 09:25 AM, Jakob Bohm wrote:
> On 1/18/2013 1:25 AM, Jeffrey Walton wrote:
>> ...
>> That's actually covered in the FIPS User Guide.
>>
>> 3.2.3 Assembler Optimizations
>> ...
>>
>> For the x86/x86-64 and ARM processors several levels of optimization
>> are support by the code.
>> Note
>All modern Versions of Microsoft's C Runtime are thread safe. That occurred
>around Visual Studio 6.0 (circa 2000 or so).
>From http://msdn.microsoft.com/en-us/library/abx4dbyh.aspx: "The
>single-threaded CRT (libc.lib, libcd.lib) (formerly the /ML or /MLd
>options) is no longer available. Inste
On Fri, Jan 18, 2013 at 10:21 AM, Memmott, Lester
wrote:
> I'm in the process of incorporating FIPS enabled OpenSSL into an application
> when I realized that by default the FIPS module is built by dynamically
> linking the C runtime, not statically linking. In my case, for Windows using
> Mic
I'm in the process of incorporating FIPS enabled OpenSSL into an application
when I realized that by default the FIPS module is built by dynamically linking
the C runtime, not statically linking. In my case, for Windows using Microsoft
Visual Studio it uses the /MD option, instead of /MT. This
On 1/18/2013 1:25 AM, Jeffrey Walton wrote:
...
That's actually covered in the FIPS User Guide.
3.2.3 Assembler Optimizations
...
For the x86/x86-64 and ARM processors several levels of optimization
are support by the code.
Note that most such optimizations, if compiled into executable code,
ar
From: "Jeffrey Walton"
That's actually covered in the FIPS User Guide.
Oh, I didn't imagine that the way of disabling AES-NI was described in FIPS
document.
The runtime environment variable OPENSSL_ia32cap=~0x202
disables use of
AES-NI, PCLMULQDQ, and SSSE3 optimizations for x
Hi
> The error codes "WANT_READ" and "WANT_WRITE" help you determine which
> of those 4 is most likely ready, but as soon as all 4 API entrypoints
> say they can do no more until you provide them with more data/extract
> some data from them, then you know that to be true.
>
> Someone please correc
22 matches
Mail list logo
