Apologizes for doing this, but does anyone know the answers to these two
questions:
1) How many bytes of entropy does fips_get_entropy() get? 32 (i.e.
security_strength) or 40?
2) Is there any way to combine multiple sources of entropy (such as
/dev/urandom and egd)?
Thank you!
On Tue, Oct 1,
> From: owner-openssl-us...@openssl.org On Behalf Of Troyanker, Vlad
> Sent: Wednesday, October 02, 2013 20:17
> In response to David: If I do not set VERIFY_PEER flag, then client does
> NOT deliver its certificate to server. At least SSL_Peer_Certificate()
> returns null.
>
You do need VERIFY i
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Wednesday, October 02, 2013 16:57
> I fetched StartCom's ca-bundle from http://www.startssl.com/certs/. I
> then connected to api.pagepeeker.com, which uses StartCom.
>
Aside: you don't actually need the whole bundle, onl
Assuming by "get it signed" you mean signing the CSR, not getting a cert
issued
from the CSR which many people wrongly think is "signing the CSR":
yes OpenSSL has APIs for both X509 (cert) and X509_REQ.
You can read in a cert (PEM or DER), extract fields/extensions from it as
desired
and
On Thu, Oct 3, 2013 at 5:14 PM, Jeff Trawick wrote:
> E.g., run
>
> echo GET / | openssl s_client -connect host:port
>
> It does the handshake then stalls until you press a key (which will be
> left unused in the buffer when openssl exits), then it sends the input. I
> guess the kbhit() in the s
Almost certainly something corrupted in your heap. It could be that code
between the create and the free
gets a pointer into a field/element in the X509 (like Subject name, or an
individual AVA in Subject name,
or some particular extension, etc. etc.) and uses that pointer to store
something it
E.g., run
echo GET / | openssl s_client -connect host:port
It does the handshake then stalls until you press a key (which will be left
unused in the buffer when openssl exits), then it sends the input. I guess
the kbhit() in the s_client code is what is waking it up.
I've played around with var
So, this does not work either (placing the PEM encoded cert in the variable):
$ export SSL_CERT_FILE=`cat startcom-ca-bundle.pem`
$ echo "GET / HTTP\1.1" | openssl s_client -connect api.pagepeeker.com:443
$ echo $SSL_CERT_FILE
-BEGIN CERTIFICATE-
MIIGnzCCBIegAwIBAgIBPTANBgkqhkiG9w0BAQsFADB
Is it because x509 is a local variable in 1 function & freed in another?
PK
On Thu, Oct 3, 2013 at 5:22 PM, Sanjay Kumar (sanjaku5)
wrote:
> Hi,
>
> ** **
>
> I have below 2 functions
>
> ** **
>
> **1. **Received the certificate data is DER format and convert to
> X509 format
Hello,
I have later found that the fail behavior may be due to the insufficient
memory available for the target device .
I have seen that "-stream" option is added in smime application in openssl
version 1.0.0 .
1.) Can i have the access to the change set for this particular
functionality onl
Hi,
I have below 2 functions
1. Received the certificate data is DER format and convert to X509 format
RetCode convert_der_to_x509(uint8_t *cert_der, uint32_t cert_len)
{
const unsigned char *bptr = NULL;
X509 *x509 = NULL;
bptr = (unsigned char *)cert_der;
x509 = d2i_X509(NULL
Hi,
Is it possible to generate a new CSR from old certificate and combine it
with the newly generated private key and get it it signed?
The use case is, we get the certificates from customers to troubeshoot
their issues. As they will not provide the private key, we need to open and
check the cert
12 matches
Mail list logo
