Oh, I see,
I should have used SSL_library_init() rather than OPENSSL_init_library().
Thanks everyone! Great help!
David
On Tue, May 20, 2014 at 1:38 PM, David Li wrote:
> Rich,
>
> I did the following calls:
>
> OpenSSL_add_all_algorithms();
> OPENSSL_init_library();
> SSL_load_error_
Rich,
I did the following calls:
OpenSSL_add_all_algorithms();
OPENSSL_init_library();
SSL_load_error_strings();
Are these enough?
On Tue, May 20, 2014 at 1:32 PM, Richard Moore wrote:
> On 20 May 2014 20:13, David Li wrote:
>
>> So obviously my SSL_CTX object wasn't created properly
On 20 May 2014 20:13, David Li wrote:
> So obviously my SSL_CTX object wasn't created properly. Now I have to
> figure out what it means by "library has no ciphers".
>
>
You haven't called the functions to initialise openssl.
Rich.
Dave,
Thanks for the suggestion! I took a look at the low-hanging fruit first -
my SSL ctx object. So I modified the code a little bit by checking the SSL
CTX first:
ctx = SSL_CTX_new(SSLv23_method()); // handle only SSL v2 and v3
if (!ctx) {
int_error("Error in creating SSL ctx\n");
r
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dustin Oprea
> Sent: Tuesday, May 20, 2014 14:07
> On Tue, May 20, 2014 at 1:04 PM, David Li wrote:
> The code that you cited doesn't use SSL_CTX_use_certificate_chain_file.
You're right; I missed
Dustin,
Yes, I was trying SSL_CTX_use_certificate_file to see what happened and it
still crashed. The original code looks like:
if (SSL_CTX_use_certificate_chain_file(ctx, SERVER_CERT) != 1) {
}
The manpage says:
SSL_CTX_use_certificate_chain_file() loads a certificate chain fro
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of David Li
> Sent: Tuesday, May 20, 2014 13:05
> I am using SSL_CTX_use_certificate_chain_file() to load my server certificate
> files at initialization.
> The PEM file is created by concatenating serv
Hello,
I have some question:
http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html
What part is global, what part need be do by connexion?
On that's:
https://github.com/alphaonex86/CatchChallenger/blob/master/tools/epoll-with-buffer/main.cpp
I have edited it to try do simple echo server.
On Tue, May 20, 2014 at 1:04 PM, David Li wrote:
> Hi,
>
> I am new to openssl programming. My goal is trying to get a simple server
> up and running. I am using OpenSSL 1.0.1e-fips 11 Feb 2013 on Centos6.5.
>
> I am using SSL_CTX_use_certificate_chain_file() to load my server
> certificate files
Looking at http://www.openssl.org/docs/apps/ca.html you can designate the
-passin option whose argument has several options including environment
variable and direct input with pass: which should be fine for your
local tests.
Cheers,
Ben
> On 20 May 2014, at 17:45, "Dalisay, Christopher V"
>
Using this cmd, from openssl's CA app:
openssl ca -revoke certs/07.pem -config ca.cnf
I am able to revoke a cert. Since I have a pass phrase attached to it, I need
to manually enter the passphrase everytime I revoke this cert (purely for
testing purposes). Trying to either leverage a windows ba
Hi,
I am new to openssl programming. My goal is trying to get a simple server
up and running. I am using OpenSSL 1.0.1e-fips 11 Feb 2013 on Centos6.5.
I am using SSL_CTX_use_certificate_chain_file() to load my server
certificate files at initialization. The PEM file is created by
concatenating se
On 20 May 2014 15:17, Ken Goldman wrote:
> On 5/20/2014 7:24 AM, Ben Laurie wrote:
>>
>>
>> There is already a strndup replacement: BUF_strndup(). Switching to
>> use that would be better.
>
>
> However
>
> - if that function points to strndup, don't you still have the problem if
> strndup doesn't
On 20 May 2014 15:42, Rahul Godbole wrote:
> Hi
>
> Is OpenSSL thread safe by default? How can I find out if a particular
> OpenSSL binary had been compiled with thread support?
>
http://www.openssl.org/support/faq.html#PROG1
Matt
_
Hi
Is OpenSSL thread safe by default? How can I find out if a particular
OpenSSL binary had been compiled with thread support?
Thanks
Rahul
> -Original Message-
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Ken Goldman
> Sent: Tuesday, 20 May, 2014 10:16
> To: openssl-users@openssl.org
> Subject: Re: test/heartbleed_test.c
>
> It's logical to me.
>
> If the tool chain has a s
It's logical to me.
If the tool chain has a strndup, use it. If it doesn't, here it is.
There won't be a namespace clash if the function doesn't exist.
On 5/20/2014 8:14 AM, Michael Wojcik wrote:
External symbols beginning with "str" are reserved to the library by
the C standard (ISO 9899-199
On 5/20/2014 7:24 AM, Ben Laurie wrote:
There is already a strndup replacement: BUF_strndup(). Switching to
use that would be better.
However
- if that function points to strndup, don't you still have the problem
if strndup doesn't exist?
- if that function is a reimplementation of strndup
On 20 May 2014 06:40, The Doctor,3328-138 Ave Edmonton AB T5Y
1M4,669-2000,473-4587 wrote:
> Found that strndup would not work.
>
> I had to add
>
> #if !HAVE_STRNDUP
>
> #include
> #include
> #include
> #include
>
> /* Find the length of STRING, but scan at most MAXLEN characters.
>If no
External symbols beginning with "str" are reserved to the library by the C
standard (ISO 9899-1999 et seq). It's a violation of the standard to define
them outside the implementation. You should use function names in the user
namespace and if necessary use value-style macros to replace the reser
Hi,
Our application experienced a serious performance drop in FIPS mode. The
connection per second (CPS) dropped about 50% in FIPS mode than in non-FIPS
mode.
We run the oprofile and find that there are lock contentions in FIPS mode:
FIPS oprofile system wide report
samples %app
Found that strndup would not work.
I had to add
#if !HAVE_STRNDUP
#include
#include
#include
#include
/* Find the length of STRING, but scan at most MAXLEN characters.
If no '\0' terminator is found in that many characters, return MAXLEN. */
size_t
strnlen (const char *string, size_t ma
22 matches
Mail list logo