Hi,
Appreciate any help on following.
In continuation with email sent earlier, for me FINGERPRINT_premain() is
not getting called after failure of FIPS_mode_set().
Background
My 32bit application (Myapp32.exe) uses myFips32.dll which statically links
to FIPS capable openssl and statically to win
*Appreciate any help on the following.*
1.
Built OpenSSL Fips Module and then 'static binaries' of FIPS capable
OSSL which 'statically link to the windows run-time'. Thus, my application
binary (FipsApp.exe) does not depend on OSSL DLLs.
2.
Consumed these static binaries namely
Hi,
Appreciate any help on the following.
1) Built static binaries of FIPS capable OSSL which statically link to the
windows runtime.
2) Consumed these binaries (libeaycompat32.lib, libeayfips32.lib and
ssleay32.lib) into myapp.dll using msincore.pl.
Result
1) FIPS mode gets set and working w
Dear Experts,
Can we build the FIPS object module with static CRT (/MT) on windows?
Can I run 'perl configure' before calling ms/do_fips.bat while building FOM?
Could not infer this from the documents.
Thank you.
Dear Experts,
Why can one not build the OpenSSL FIPS object module (FOM) with /MT on
windows officially?
I read that modifying any flags / steps while building FOM is not allowed.
Is there any complaint workaround for using FOM with an application which
is built with /MT?
Thank you.
static libcurl using 'FIPS capable OpenSSL'. These OpenSSL libs
were generated earlier as static libraries.
b) In my application, called SSL_Library_Init() followed by FIPS_mode_set()
and other APIs to confirm that FIPS mode is on.
c) Added curl API to do http post using the easy interface.
Hi,
For an application linked to FIPS capable OpenSSL,
1) After calls to FIPS_mode_set() and FIPS_mode() both succeed, is it good
practice to call FIPS_selftest()? Or is this redundant call?
2) Did come across documentation which only hinted that FIPS_mode_set()
calls FIPS_selftest() internall
Hi,
Had to downgrade the OpenSSL used in an application from 1.1.0k to 1.0.2s.
Due to this I have to remove the usage of OPENSSL_thread_stop(), want to
know the equivalent call in OpenSSL 1.0.2s? if applicable.
Did try the documents, change history and source code for help but could
not figure o
Hi,
Can anyone help me with following?
1) Calling FIPS_mode_set() from inside a DLL just after SSL_library_init()
fails with
[error:2D06B06F:lib(45):func(107):reason(111)]
2) This DLL links to
a] static libraries (libeay, libssl, libcompat)from FIPS capable OpenSSL.
b] static libcurl which is
Hi,
Thank you for the quick answer.
Both the questions have subtle difference. My apology they appear almost
same.
So, to clear my doubts, following is my understanding
a) An application is FIPS 140-2 certified if and only if it links directly
to 'fipscanister.lib'.
b) Application w
Dear Experts,
Can you please help with the following questions?
All inputs are appreciated.
a) Can we call an Win32 application built with FIPS Capable OpenSSL as FIPS
140-2 Certified in strict sense?
where FIPS Capable OpenSSL is OpenSSL built using the FOM (fipscanister.lib)
I am seeking clari
and 'Security
Policy' pdfs.
Plan:
a. After verifying HMAC-SHA1 of openssl-fips-2.0.16.tar.gz, build it to
generate fipscanister.lib (FOM) as windows static library.
b. Build libcurl as windows static library using above fipscanister.lib
c. Link my desktop application with above libcurl.
string?
Alternately, is there a process for taking an encrypted string, and
"backing in" to the details of how it was created? (ie what algorithm,
etc?)
Thanks,
Chris
On Mon, Jan 15, 2018 at 2:01 PM, Chris B
wrote:
> Hi Daniel,
>
> >Option #1 from the possibilities you m
Hi Daniel,
>Option #1 from the possibilities you mentioned below seems to be the most
logical to me.
Thank you, that's very helpful.
Thanks,
Chris
On Mon, Jan 15, 2018 at 1:29 PM, Sands, Daniel wrote:
> On Sun, 2018-01-14 at 18:26 -0500, Chris B wrote:
>
> Hi Matt,
>
&
s,
Chris
On Sun, Jan 14, 2018 at 6:03 PM, Matt Caswell wrote:
>
>
> On 14/01/18 15:26, Chris B wrote:
> > I'm trying to help someone recover his password for an older format
> > ethereum encrypted private key (EPK). My plan has been to use his best
> > guess a
11:21 AM, Viktor Dukhovni <
openssl-us...@dukhovni.org> wrote:
>
>
> > On Jan 14, 2018, at 10:26 AM, Chris B
> wrote:
> >
> > I'm trying to help someone recover his password for an older format
> ethereum encrypted private key (EPK). My plan has
Hi Rich,
Thank you very much for the reply.
I get the same error message using -aes256 as -aes-256-cbc
/usr/bin/openssl enc -d -aes256 -a -in enc_private_key.txt -out
recovered.key -pass pass:TheBig7ebowski
bad decrypt
140383648536480:error:0606506D:digital envelope
routines:EVP_DecryptFinal_
I'm trying to help someone recover his password for an older format
ethereum encrypted private key (EPK). My plan has been to use his best
guess at the password to brute force the actual password.
The EPK is a 132 character string, and it looks something like this:
U2FsdGV0X185M9YAa/27pmEvFzC5pqLI
,
Sharath B
On Wed, Jul 23, 2014 at 12:47 PM, Sharath B wrote:
> Admin,
>
> I have recently upgraded to openssl version 0.9.8za on windows server
> 2008, the client connections are failing at BIO_do_connect. Please suggest
> what need to be done.
>
> Regards,
> Sharath B
>
Admin,
I have recently upgraded to openssl version 0.9.8za on windows server 2008,
the client connections are failing at BIO_do_connect. Please suggest what
need to be done.
Regards,
Sharath B
Harshal,
Check parameter 2 on SSL_CTX_use_PrivateKey_file(). It should be a pointer to
the name of the file that contains the private key, not the certificate file.
As an example on my (working) prototype server I use the following:
// Define whatever ciphers you want. I used AES-128. Client
rg
Subject: RE: SSL Certificate cache
> From: owner-openssl-us...@openssl.org On Behalf Of Sharanagoud B D
> Sent: Tuesday, 09 October, 2012 06:25
> How to check in Linux client device whether the certificate used is
> cached or it's from the server? I am using openssl s_
openssl-us...@openssl.org]
On Behalf Of Dave Thompson
Sent: Thursday, October 11, 2012 1:18 AM
To: openssl-users@openssl.org
Subject: RE: SSL Certificate Caching
> From: owner-openssl-us...@openssl.org On Behalf Of Sharanagoud B D
> Sent: Tuesday, 09 October, 2012 06:39
> Is there a option
Hi All,
Is there a option to specify a source interface along with openssl s_cleint
option to establish multiple HTTP Connections from single linux device? This is
required to test certificate caching scenario where need to have multiple
clients trying to connect to a same server.
For Ex: speci
How to check in Linux client device whether the certificate used is cached or
it's from the server? I am using openssl s_client to establish http connection.
Thanks,
Sharan
__
OpenSSL Project http:
Hi All,
Can anyone tell me how to increase the SSL record layer length size?
Thanks,
Sharan
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@open
How can the ocsp responder be run non-interactively (e.g., run from
a script so that the person running the script does not have to type
in the OCSP signing key password)?
(Yes, I know that that generally isn't secure, but in this case it
doesn't need to be. (It's for an example/test setup scrip
On Sat, Sep 3, 2011 at 7:16 AM, Michael S. Zick wrote:
> On Fri September 2 2011, Michael B Allen wrote:
>> On Fri, Sep 2, 2011 at 4:07 PM, Dr. Stephen Henson wrote:
>> > On Fri, Sep 02, 2011, Coda Highland wrote:
>> >
>> >> > Well I was hoping there
On Fri, Sep 2, 2011 at 4:07 PM, Dr. Stephen Henson wrote:
> On Fri, Sep 02, 2011, Coda Highland wrote:
>
>> > Well I was hoping there was some kind of global configuration file
>> > directive that would affect the behavior of the openssl library and at
>> > least everything dynamically linked with
On Fri, Sep 2, 2011 at 2:09 PM, Dr. Stephen Henson wrote:
> On Fri, Sep 02, 2011, Michael B Allen wrote:
>
>> Hello,
>>
>> Is there a way to disable SSLv2 system-wide (assuming non-static
>> linking)? I am trying to get a CentOS 5.6 system to pass a PCI credit
>&g
Hello,
Is there a way to disable SSLv2 system-wide (assuming non-static
linking)? I am trying to get a CentOS 5.6 system to pass a PCI credit
card processing certification and the scanning company blindly flags
SSLv2 as non-compliant. Rather than try to disable SSLv2 in each
application (postfix,
I'm using snapshot, is it still required? if so, is there an updated
patch available?
On Thu, Jun 23, 2011 at 10:49 AM, Jeffrey Walton wrote:
> Hi mp3geek,
>
> On Wed, Jun 22, 2011 at 6:05 PM, Ryan B wrote:
>> Is this supported in OpenSSL trunk? Do I need any additional p
Is this supported in OpenSSL trunk? Do I need any additional patches
or updated patches?
http://rt.openssl.org/Ticket/Display.html?id=2065
__
OpenSSL Project http://www.openssl.org
User Support Mail
Using OpenSSL in a 64bit environment (Linux) makes any difference in
performance or speed?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl
>
> *From:* owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *g A b R i E L
> *Sent:* Friday, November 12, 2010 10:56 AM
> *To:* openssl-users@openssl.org
> *Subject:* compiling openssl dev-c++
>
>
>
> Hi Users.
>
> How
ry.
Go to 'Project->Project Options->Directories', and add
'C:\OpenSSL-Win32\include' directory.
In this way I could compile my project.
>From Chile, best regards.
gabriel
2010/11/12 g A b R i E L
> Hi Users.
>
> How I can compiling openssl in dev-c++ for Wi
Hi Users.
How I can compiling openssl in dev-c++ for Windows?
I tried with -lssl and -lcrypto in linker option (Project->Project
Options->Parameters->Linker), but it not work.
Part of Compile log is:
"
C:/Dev-Cpp/lib/libcrypto.a(bss_conn.o)(.text+0x40):bss_conn.c: undefined
reference to `conn.
Hi.
My name is Gabriel. I'm "newbie" in openssl and I need to develop a
aplication in C languaje using openssl. If anyone on this mailing list can
help me, and is interested in working in this mini project (for free or
not) Please contact me via e-mail.
Best regards
gabriel
ium Server CA",
and one self-signed. As if this mess wasn't confusing enough :).
It turns out my problem was specifying the SSLCertificateChainFile
directive in a virtualhost section that wasn't the default. When I moved
the config to the default ssl vhost it started working.
--
Paul
irtual
host config, that led me to believe the server was configured correctly
when it wasn't.
Thanks much to everybody that helped!
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | hen...@csupomona.edu
California S
re using, and what certificates in
what order are present in the intermediate ca file they are using? That
would be greatly appreciated :).
Thanks...
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | hen
happy with it. It's just openssl and applications
that use it that seem to be failing for reasons I haven't determined.
Thanks...
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | hen...@csupomona.edu
Californi
errors from firefox/IE/et al; whereas after I added it web
browsers seems to be working fine.
Also, gnutls-client works correctly and lists the entire CA chain, which
would also seem to indicate the server is supplying them.
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~
pomona.edu/
Resolving www.csupomona.edu... 134.71.177.148
Connecting to www.csupomona.edu|134.71.177.148|:443... connected.
HTTP request sent, awaiting response... 200 OK
Any help much appreciated, thanks...
--
Paul B. Henson
When openssl ca command creates a certificate from SPKAC, it
accepts option utf8, which theoretically should make it accept any
utf8 characters and place them into certificate DN using apporpriate
ASN1 STRING type (i.e. BMP_STRING or UTF8_STRING).
However, function certify_spkac in apps/ca.c use
On 2009.11.16 at 12:22:13 -0500, Crypto Sal wrote:
> On 11/16/2009 03:46 AM, H?cber C?rdova wrote:
>> Since 0.9.8f OpenSSL supports SNI (server name indication) TLS
>> extension. Support of this extension in mod_ssl is discussed on
>> httpd-...@apache.org for years, and even if it haven't yet got
On 2009.11.15 at 21:01:13 -0500, H??cber C??rdova wrote:
> Hi *,
>
> Certainly you can configure Apache to use virtualHosts based on domain
> names,
> and this works perfect with HTTP (1.1). However, this cannot be achieved
> using
> SSL, and the answer is simple, the SSL is estab
On 2009.11.13 at 04:44:02 -0800, Mansour Dagher wrote:
> Hi all,
>
>
> if certificates and associated keys are stored on HW (Sun crypto card for
> example), is there a way in openssl to specify the card as the location of
> these certificates/kets?
>
> It appears from the methods below, the o
On 2009.10.28 at 14:56:54 -0400, Victor Duchovni wrote:
> On Wed, Oct 28, 2009 at 09:09:59PM +0300, Victor B. Wagner wrote:
>
> > > > But for some setups, especially in OpenSSL 1.0, which supports EC
> > > > ciphersuites, dh parameters are not neccessary.
>
On 2009.10.28 at 11:05:22 -0400, Victor Duchovni wrote:
> On Wed, Oct 28, 2009 at 04:06:07PM +0300, Victor B. Wagner wrote:
>
> > But for some setups, especially in OpenSSL 1.0, which supports EC
> > ciphersuites, dh parameters are not neccessary.
>
> This is not entire
In the manual page for SSL_CTX_set_tmp_dh function it is recommended to
always set temporary Diffie-Hellman parameters for the server SSL_CTX,
in case if client would negotiate some ciphersuite which uses ephemeral
DH key agreement.
Some application authors choose to not compile these parameter
On 2009.10.25 at 19:18:15 -0400, Carl Harris wrote:
> True enough, this reduces the code snippet appreciably by eliminating
> the rather tedious extension lookup fragment. My issue, of course, was
> simply not knowing (and not being able to find any reference that
> documents) the data type
On 2009.10.20 at 16:50:59 +0530, Deepak Mundra wrote:
>Dear All,
>
>══ I have written a server client application in which im using self
>signed ssl certificates .. How can i make sure that only known clients can
>connect to my server using ssl connection?
There is three answ
On 2009.10.20 at 10:11:46 +0200, Peter Sylvester wrote:
>
> A better question is to match a given hostname
> against a certificate and determine whether it
> obeys the https rules.
> There can be multiple hostnames and wild cards.
>
> The code implemented by "curl" is a complete way to do this.
H
On 2009.10.19 at 21:55:09 +0200, Matthias G?ntert wrote:
> hello guys
>
> is anyone working on a replacement for the text based ca database? It
There are such projects as XPKI, which use openssl library to generate
certificates and database backend to store them. These projects also
provide nice
On 2009.10.19 at 13:35:32 -0700, John R Pierce wrote:
> Matthias G?ntert wrote:
>> hello guys
>>
>> is anyone working on a replacement for the text based ca database? It
>> seems the database functions are defined in apps/ca.c and apps/apps.h,
>> at least for version 0.9.8k. wouldn't it be nice if
On 2009.10.19 at 17:40:11 -0400, Victor Duchovni wrote:
> On Mon, Oct 19, 2009 at 01:34:38PM -0500, William wrote:
>
> > I am looking for the way to read a certificate from disk in C code and
> > get the hostname (CN) inside that certificate in the C code using the
> > openssl library.
>
> Sadly
On 2009.10.19 at 17:13:19 +0100, Steve Hay wrote:
> >
> > Note that if you are trying to build 64-bit application on solaris, it
> > should link with /lib/amd64/libcrypto.so rather than /lib/libcrypto.so
> > (on Solaris 64-bit libraries are stored in the ${prefix}/lib/`isainfo
> > -k` rather than
On 2009.10.19 at 16:30:14 +0100, Steve Hay wrote:
> I have a build script for some software that needs to locate the OpenSSL
> headers and libraries, and I have reports that it is failing to locate
> the libraries on some OSes.
>
> One example identifies itself (via 'uname') as:
>
> sunos open-s
On 2009.10.15 at 16:37:39 +0200, Alessandro Borga wrote:
>Well
>
>I must use RSA encrypt/decprypt functions in a target using Arm cpu.
>
>Other rsa source code doesn*t work right because target environment use
>big endian memory allocation for int and long
>
>Can openSLL cry
On 2009.08.03 at 12:26:31 -0700, larour wrote:
>
> I am trying to launch an ssh connection from a matlab environment (Matlab
> R2009), using the Cygwin OpenSSH_5.p1 ssh executable, on a windows xp 32
> platform.
> The command i'm running under matlab is:
>
> system('C:\cygwin\bin\ssh.exe -t -
On 2009.08.04 at 21:15:05 -0400, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of larour
> > Sent: Monday, 03 August, 2009 15:27
>
> > I am trying to launch an ssh connection from a matlab
> > environment (Matlab R2009), using the Cygwin OpenSSH_5.p1 ssh
> > executabl
On 2009.07.01 at 09:02:38 -0400, Russell Leake (leaker) wrote:
> Hello all,
> I'm trying to create an engine which interfaces to an HSM. I
> have successfully created a skeleton for my engine but I'm running into
> a fundamental problem with the argument "privkey." An example might
> help
On 2009.06.24 at 18:15:18 +0200, Dirk Reske wrote:
> Hello,
>
> I'm quite new to openssl.
> My question is, how can I sign a csr and add an extension to the
> certificate, that contains only a simple string (an url).
> Perhaps you have some samples for such a config file and the openssl calls.
H
On 2009.06.24 at 10:28:35 -0500, hdf sdesdh wrote:
> I recently tried to compile openssl 1.0.0-beta2 with apache to enable
> support for ECC crypto. It compiled fine, though I ran into errors
It is not so simple. Apache uses some very percular data structures
to handle keys and certificates insi
On 2009.06.04 at 16:00:38 +1000, Brad Mitchell wrote:
> The thing is, RFC3280 states...
>
> Implementors are warned that the X.500 standards community has
>developed a series of extensibility rules. These rules determine
>when an ASN.1 definition can be changed without assigning a new
>
On 2009.06.04 at 09:04:11 +1000, Brad Mitchell wrote:
>
> The reason we use command-line utilities to verify is for transparency.
> Data could be used in the courts for example and having that "hey.. go
> download openssl and verify it yourself" is a lot better than.. here is a
> util we wrote to
On 2009.06.04 at 08:13:05 +0800, jazeltq wrote:
> >I'm afraid that it is not a good code to study ecc.
> >
> >Implementation, which is currently in OpenSSL is full of obscure
> >performance hacks and is not well-documented.
> Yse, it's a problem . May be it will be relief afer my paper finish
On 2009.06.03 at 08:23:52 +0800, jazeltq wrote:
> >file ec_lcl.h, which present in the OpenSSL sources, but not included in
> which directory include file ec_lcl.h, is it in the ec directory ?but in my
> sources i can't find it.
It is in crypto/ec.
Which version of OpenSSL are you using? In
On 2009.06.02 at 12:15:54 +0100, Rob Stradling wrote:
> openssl-build for reporting build errors with the OpenSSL sources.
May be I should make our autobuilder post results of automated builds
and test on 50+ platforms there? Now I typically first investigate test
failures myself and then send
On 2009.06.01 at 22:05:48 +0800, jazeltq wrote:
>hello,
> where can i find the definition of ec_point_st and ec_group_st
>what i found are:
>typedef struct ec_point_st EC_POINT;
>typedef struct ec_group_st
>111 /*
>112 EC_METHOD *meth;
>113 -- field d
On 2009.05.29 at 17:16:00 +0530, tito wrote:
>the output i got from openssl
>=
>
>C:\OpenSSL\bin>openssl ca -policy policy_anything -config myopenssl.cfg
>-cert certs/ca.cer -in requests/spkac.txt -keyfile keys/ca.key -days 360
>-out
>certs/
On 2009.05.29 at 11:31:56 +0530, tito wrote:
>I want to make my project compatible for mozilla and opera too
>i want to do the same for mozilla too but i guess mozilla method doesnt
>generate PKCS10 format
There is window.crypto Javascript object in the Mozilla, opera and, I
think, Ko
On 2009.05.22 at 20:31:44 +0800, sofian sindhi wrote:
>
> By your suggestion, if I have BN a,1024bits, and b, 2048 bits, the
> only way I can do OR is using char *BN_bn2hex(const BIGNUM *a) to
> transform each one as 2 char*.
> Then do the OR byte by byte?
No, you completely m
On 2009.05.22 at 15:02:59 +0800, sofian sindhi wrote:
> Hi openssl friendsl:
> I can see BN operations from http://linux.die.net/man/3/bn_add
> but I cannot find any operation about XOR, OR and AND.
> And I cannot find any related functions defined in bn.h.
> Does that mean BN doesn't have these o
On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote:
> IMO a good approach is also to simple read and understand apps/x509.c
Unfortunately, it wouldn't help much. x509 utility does work only with
certificates in files (or stdin), so it uses d2i_X509_bio.
In this case certificate is stored in
On 2009.05.20 at 15:03:09 +0300, Lior Aharoni wrote:
>Hi Victor,
>
>Thank you for the quick reply.
>I did try to use d2i_X509 function but I get the following error:
>
> 2520:error:0D07207B:lib(13):func(114):reason(123):.\crypto\asn1\asn1_lib.c:150:
First of all, you shou
On 2009.05.20 at 06:16:49 -0700, jo wrote:
>
> that is definitely better but now it fails in make test:
>
> *** Testing openssl-0.9.8k (can take a while) ..failed
> *** Error: openssl-0.9.8k build error - make test failed
> exec(): 0509-036 Cannot load program ./destest because of the foll
On 2009.05.20 at 14:05:05 +0300, Lior Aharoni wrote:
>Hi All,
>═
>Can someone please direct me to the relevant OpenSSL API for decoding
>binary stream of the entire certificate content in ASN.1 format?
It is d2i_X509 function. It has same API as all other d2i functions and
return
On 2009.05.20 at 02:13:39 -0700, jo wrote:
>
> When I want to build the openssl 0.9.8k version on aix it fails as follows:
>
>
> /usr/local/bin/gcc -I../crypto -I.. -I../include -DZLIB -DOPENSSL_THREADS
> -qthreaded -DDSO_DLFCN -DHAVE_DLFCN_H -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -
> qroco
On 2009.05.19 at 16:46:14 +0530, naveen.bn wrote:
>What is the contents on which CA would have signed from his private key. I
>want to know it because if an attacker replaces his public key in the
>server certificate which i get than its game over for me .
See RFC3280.
Block of signe
On 2009.05.19 at 15:24:43 +0530, naveen.bn wrote:
>Thank you .
>
>Can i include the public key generated below to a certificate and if
>possible how can it be done.
>
>openssl rsa -pubout -in priv.pem -out pub.pem
I think there is no easy way to do it.
Certificates are typicall
On 2009.05.15 at 21:16:12 +0200, Lasse Kliemann wrote:
> Ok. There is another thing that I do not understand. The output
> of 'openssl smime -verify ...' is rather sparse in case that
> verification is successful. How can I know which certificate was
> responsible? I cannot see why verification w
On 2009.05.12 at 12:36:39 -0400, Ron Gewirtzman wrote:
>Hello,
>
>
>
>I was hoping you could help me. I was told by a Thawte and Verisign
>representative that if we create our own certificate that we would still
>need to use a "root file" is this correct.
Certificate is just p
On 2009.05.07 at 09:26:34 +0400, Andrey Koltsov wrote:
> And one remark. This file "engines/ccgost/readme.gost" has an example
> configuration for GOST engine
>
>[gost_section]
>engine_id = gost
>dynamic_path = /usr/lib/ssl/engines/libgost.so
>default_algorithms = ALL
>crypt_
On 2009.05.05 at 13:47:50 +0200, Dr. Stephen Henson wrote:
>
> Yes it's just a case of hacking util/mkmf.pl and/or some Makefiles. If OpenSSL
> is compiled without shared library engines (enable-static-engine) in the
> command line you *do* get the GOST engine under VC++.
And I think that static
On 2009.05.05 at 09:27:30 +0400, Andrey Koltsov wrote:
> As I understand, GOST engine works on Windows with mingw support only.
> Is it planned to make it to compile with VC++ also?
> If no, is it because technical problems or some legal issues?
There should be no techincal problems. Code is port
-> Content
-> Certificates -> Intended Purpose = Smart Card Logon, that my cert is
capable of this (actually, it says ""). Under my smart card suite
(where I was initially looking) though, it says that Logon is not enabled.
Is that at all significant?
Thanks in adv
ack?
Thank you very much,
Nate B.
--
View this message in context:
http://www.nabble.com/Creating-certs-used-for-smartcard-logon-in-windows-tp23338745p23338745.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
___
On 2009.04.29 at 05:03:00 -0700, siavash fallahdoost wrote:
>Hi all,
>I want to add new cipher algorithms to openssl library and rebuild openssl
>on Windows(VC++).
Really you don't need to rebuild OpenSSL just for adding a
cryptoalgorithm.
You can implement this algorithm as loadable
On 2009.03.18 at 17:04:33 -0700, Thomas Bonham wrote:
>As a new subscribe I hope that I'm using it to the right group.
>
>
>
>I'm working on trying to figure out how to create a CA within my C based
>program. I have found some information on create the certificates within
>the p
On 2009.03.18 at 14:08:24 +0300, mb0 wrote:
> Hello,
>
> I'm trying to build openssl-0.9.8j using MinGW compiler on WindowsXP 32bit.
> use command:
> ms\mingw32
>
> During build process ssleay32.dll is not created.
> Only libeay32, libssl32
>
> BUT if build using Visual Studio, all 3 dll libraries
On 2009.02.19 at 12:38:27 -0800, Database System wrote:
>
> Hi,
>
> I'm new to openSSL/SSL. I downloaded the file. It is
If you are new to openSSL, it is better to use version which is
provided by your Linux distribution. Every linux distribution out there
already includes OpenSSL, and applic
On 2009.02.19 at 09:48:20 +0100, m...@abp.pl wrote:
> Hello,
>
> I try to build static postgresql 8.3.6 with static openssl 0.9.8i.
>
> at config.log:
> configure:7695: checking for SSL_library_init in -lssleay32
> configure:7725: gcc -o conftest.exe -O2 -Wall -Wmissing-prototypes
> -Wpointer-ar
lying the
facilities offered by the openssl library to my own programs.
BTW: It's highly unlikely that I'll be able to reply to any new postings to
this thread for the coming 3 weeks. Please don't take silence from me
during that period for impoliteness or lack of interest.
Cheers
y, but I think I'm still looking for a general
(algorithmic) solution
Cheers,
--
Frank B. Brokken
Center for Information Technology, University of Groningen
(+31) 50 363 9281
Public PGP key: http://pgp.surfnet.nl
Key Fingerprint: 8E36 9F
--
Any suggestion I receive will of course greatly be appreciated.
Cheers,
--
Frank B. Brokken
Center for Information Technology, University of Groningen
(+31) 50 363 9281
Public PGP key: http://pgp.surfnet.nl
Key Fingerp
On 2008.12.18 at 11:41:58 -0700, Kolli, Sudha wrote:
>Hi
>
>
>
>Here is the problem:
>
>
>
>We have a php code which used open_ssl library to encrypt and decrypt.
>
>
>
>We are trying to write the equivalent java code for encryption but we are
>unable to use open_ssl l
On 2008.11.05 at 00:29:40 -0800, David Schwartz wrote:
> PRNG. This is better for several reasons:
>
> 1) You can rate-limit how much you mix in. Say you mix in 1KB at startup and
> 128 bytes every 10 seconds after that. This will provide the same quality of
> randomness for cryptographic purpose
On 2008.09.22 at 16:37:58 +0200, F. wrote:
> Any way to collect only from HRNG?
You can write your own RAND_METHOD
and encapsulate it in the engine module.
Then you can load this engine via openssl.cnf
and set default rand method to this engine.
Really, this is not very good idea, because hard
1 - 100 of 408 matches
Mail list logo
