Re: [openssl-users] scripting creating a cert

2017-03-13 Thread Robert Moskowitz
Viktor, On 03/09/2017 05:53 PM, Viktor Dukhovni wrote: On Mar 9, 2017, at 8:43 PM, Robert Moskowitz wrote: $ umask 077 # avoid world-readable private keys Perhaps (no perhaps about it) this is old information, but I picked up that I needed: chmod 640 for the

Re: [openssl-users] Extracting Handshake Information

2017-03-13 Thread Dr. Stephen Henson
On Tue, Mar 14, 2017, Vijayakumar Kaliaperumal wrote: > Hello, > > Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake > information, like in clienthello, the protocol version, ciphersuites > offered, Random, session id etc. > You can get some useful information with

Re: [openssl-users] Extracting Handshake Information

2017-03-13 Thread Salz, Rich via openssl-users
> Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake > information, like in clienthello,  the protocol version, ciphersuites > offered, Random,  session id etc. Look at the code in apps/s_client and apps/s_server and see what it prints in various debug modes. --

[openssl-users] Extracting Handshake Information

2017-03-13 Thread Vijayakumar Kaliaperumal
Hello, Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake information, like in clienthello, the protocol version, ciphersuites offered, Random, session id etc. Regards, Vijay -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Cannot read exported PKCS12 cert and private key

2017-03-13 Thread Gary L Peskin
Thanks again. Very clear. I’m thinking maybe of a small utility or even a web site were you could upload the thing and it would tell you what it was looking it. I’ll add that to my never-ending to do list on the off chance that I’ll ever have spare time. Gary From: openssl-users

Re: [openssl-users] Cannot read exported PKCS12 cert and private key

2017-03-13 Thread Michael Wojcik
Glad I could help. To be honest, I had to play around with it for a bit before I remembered that RACF can export PEM-encoded PKCS#12, and how I had handled that the last time I went through this myself. Also, having experience with figuring out what a file is using openssl asn1parse definitely

Re: [openssl-users] Cannot read exported PKCS12 cert and private key

2017-03-13 Thread Kyle Hamilton
Enhancement request: make 'pkcs12' support -inform and -outform. On Mon, Mar 13, 2017 at 9:26 AM, Gary L Peskin wrote: > Thanks VERY much Michael. That did the trick. This was a homegrown CA > cert and I needed it to sign a certificate request for testing purposes. > > >

Re: [openssl-users] Cannot read exported PKCS12 cert and private key

2017-03-13 Thread Gary L Peskin
Thanks VERY much Michael. That did the trick. This was a homegrown CA cert and I needed it to sign a certificate request for testing purposes. I didn’t realize that the openssl pkcs12 utility didn’t support PEM encoding for input. I was a little confused I guess by the documentation which

Re: [openssl-users] Cannot read exported PKCS12 cert and private key

2017-03-13 Thread Michael Wojcik
I'll assume you mean you exported it "from a mainframe system" using RACF. RACF has half a dozen export formats for certificates and keys; they're not all supported by OpenSSL. In particular (and despite the PEM delimiters), I suspect what you have here is a PKCS#12 file in PEM format. The

Re: [openssl-users] Cannot read exported PKCS12 cert and private key

2017-03-13 Thread Gary L Peskin
My original message accidently included an attachment. Please ignore the attachment. That was not related to this issue. Thanks, Gary From: Gary L Peskin [mailto:ga...@firstech.com] Sent: Monday, March 13, 2017 2:28 AM To: 'openssl-users@openssl.org'

[openssl-users] CRL implementation caching

2017-03-13 Thread Mody, Darshan (Darshan)
Hi, We have modified our codebase to have CRL verification on the incoming certificates. While doing a negative testing with load of certificates I find that the resident memory for the module. My query is when we have CRL verification enabled does openssl caches incoming certificates?

[openssl-users] Visual Studio 2015 build failure

2017-03-13 Thread pepone.onrez
I trying to build openssl 1.0.2 from OpenSSL_1_0_2-stable branch and keep getting this error perl Configure VC-WIN32 no-asm enable-static-engine ms\do_ms nmake -f ms\ntdll.mak link /nologo /subsystem:console /opt:ref /debug /dll /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def

Re: [openssl-users] mingw 64-bit build of 1.1.0e

2017-03-13 Thread Matt Caswell
On 12/03/17 07:57, sisyph...@optusnet.com.au wrote: >> But where did it find libz ? > > Heh ... this compiler ships with libz.a (x86_64-w64-mingw32/lib/libz.a). > I don't know how long they've been doing that - probably for years. > Remove (or rename) that file and 'make' fails because -lz

Re: [openssl-users] OpenSSL handshake failure with RSA bad signature error

2017-03-13 Thread Senthil Raja Velu
Hi, Could someone shed some light on this above mentioned RSA bad signature issue. Thanks, Senthil. On Thu, Feb 23, 2017 at 12:31 AM, Senthil Raja Velu wrote: > Hi, > I have recently updated my openssl server version from 1.0.1m to 1.0.2j. > After updating the handshake