on how to allow unsafe
legacy renegotiation?
I have attempted " process.env.NODE_OPTIONS = '--tls-min-v1.0';" in my node
script.
Thanks,
Brian
****
--Brian Pilati
http://www.linkedin.com/in/brianpilati
*The information contained in this communication is co
installed!
Do I need to remove the existing openssl first?
Or is there another package I need?
Thank you,
Brian
1gL-SJmDE=cNoUfknWBgsh-JRnghh6TVNsW72g89P7uuSrJLnLn8g=>)
Table 1.Test under Winsvr 2016/Win10
Openssl version
Connect by "s_client -connect IP:Port"
1.0.2g
Fail
1.0.2h
Fail
1.0.2i
Pass
1.0.2o
Pass
1.0.0d
Pass
Figure 1
[cid:image002.jpg@01D40273.2D91C710]
Best regards,
Brian Chou
I have updated my iOS scripts to build for all archs now using the latest
fips-2.0.14 and openssl-1.1.0e.
Before I was using 1.0.2h I believe and fips-2.0.12 and didn't have armv7s
support added. I needed to add it so I upgrade and adjusted my script
accordingly
Ok thanks, so there isn't a generic declaration that applications using
openssl standard encryption like GCM can use? Each application will have to
get self declared?
On Thu, Dec 1, 2016 at 12:12 PM, Peter Sylvester Edelweb <
peter.sylves...@edelweb.fr> wrote:
> Hi
>
> There are news since about
I see that it was discussed many years ago about getting a French
Declaration for openssl. Was this ever successful? If so is there a place I
can download the declaration as it seems to be required when submitting to
the iOS appstore.
--
openssl-users mailing list
To unsubscribe:
** [all-recursive] Error 1
It compiles fine with 1.0.1j, but I am curious what I need to change to get
1.1.0b working…
(this may be for the httpd mailing list, but since it was specific to v1.1.0 I
thought I would start here.
OS is Mac OS X 10.11.6.
Thank you,
Brian
--
openssl-users mailing
We ran into an issue where we were selecting 'Include bitcode' when
submitting to apple and when doing ad-hoc builds. It seems doing this with
the fips_premain.c file included in the xcode compile sources phase causes
an instant crash on start up. What is the proper way to get past this
bitcode
ableString* f2 = [NSMutableString stringWithCapacity:MAGIC_20*2 + 8];
for(unsigned int j = 0; j < MAGIC_20; j++)
[f2 appendFormat:@"%02x", calculated[j]];
NSLog(@"Calculated sig: %@", f2);
On Wed, Aug 3, 2016 at 10:39 AM, Brian Jost <br...@virtru.com> wrote:
> I mo
I modified a script to get a FIPS compliant iOS library and am having
issues with the fingerprint. I had to add a CPU adjustment to the
incore_macho but I wouldn't think that would cause a FIPS fingerprint
mismatch.
https://gist.github.com/jostster/ebbc6925c668b632d8b185293080256c
Does anyone
>
> I have been trying for the life of me to get the FIPS module to compile
> for those supported platforms. Our app compiles for those platforms so
> without a compatible version of the openssl FIPS it causes errors.
>
> Is there any plans to have the FIPS module support those architectures?
>
--
change it to:
# Extension copying option: use with caution.
copy_extensions = copy
--
Brian Reichert <reich...@numachi.com>
BSD admin/developer at large
___
openssl-users mailing list
To unsubscribe: https://mta.op
what I'm implementing would take a while...
Rich.
--
Brian Reichert reich...@numachi.com
BSD admin/developer at large
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
/mailman/listinfo/openssl-users
--
Brian Reichert reich...@numachi.com
BSD admin/developer at large
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I've found one on-line tester for CVE-2014-8730 here:
https://www.ssllabs.com/ssltest/
But, I was looking for an offline test I could perform in our dev
environment.
Does anyone know of one? I've had no luck as of yet...
--
Brian Reichert reich...@numachi.com
BSD
-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
--
Brian Reichert reich...@numachi.com
BSD admin/developer at large
___
openssl-users mailing list
openssl-users
December 2014 at 22:05, Brian Watson bwats9...@gmail.com wrote:
I checked and ENGINE_set_RAND function is being called. What I can't
figure out is the following:
1. RAND_get_rand_method() is called to get the random method and in a
normal case default_RAND_METHOD would be null which would cause
Brian,
Do you call ENGINE_set_RAND function?
On Tue, Dec 9, 2014 at 11:19 PM, Brian Watson bwats9...@gmail.com wrote:
I thought that's what the following does:
ENGINE_set_default(engine, ENGINE_METHOD_RAND).
I'm also trying to figure out in rand_lib.c and RAND_get_rand_method()
what causes
ideas?
On Wed, Dec 10, 2014 at 8:25 AM, Brian Watson bwats9...@gmail.com wrote:
I didn't call that one, but I'll give it a try. I also read that if
someone subsequently calls ENGINE_load_builtin_engines()that it'll reset
things back to how they were so I'll look at that also.
Thanks,
BW
Hi,
I am doing the following:
1. I have a dynamic engine that I would like to use to produce random
numbers on Android (aosp).
2. I can successfully load the dynamic engine by using the Android
OpenSSLEngine.getInstance() which takes care of loading the engine and I
can see that the binding is
:
Hello!
Do you set your RNG as default when the engine is loaded?
On Tue, Dec 9, 2014 at 10:44 PM, Brian Watson bwats9...@gmail.com wrote:
Hi,
I am doing the following:
1. I have a dynamic engine that I would like to use to produce random
numbers on Android (aosp).
2. I can successfully
invocation]
Or even expressly disabling all other protocols:
# openssl s_client -connect localhost:8100 -cipher ALL -no_ssl2 -no_ssl3
-no_tls1 -no_tls1_1 -tls1_2 /dev/null ; echo $?
I guess I'm misusing this tool somehow, and would appreciate a clue...
--
Brian Reichert
that prohibits me from patching
third-party software, so I have to wait for an official release :(
Thanks,
Brian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl
such that HelloRequest from servers is
ignored, as well as ClientHello from clients.
Thanks,
Brian
-Original Message-
From: Brian Hassink [mailto:brian.hass...@oracle.com]
Sent: Friday, August 22, 2014 6:28 PM
To: 'openssl-users@openssl.org'
Subject: Possible to disable re-authentication?
Hi
We see the same problem with DTLS over SCTP.
In our application, there are messages as large as 60K, so we are interested in
knowing if there is a way to send them over DTLS.
-Brian
-Original Message-
From: Iñaki Baz Castillo [mailto:i...@aliax.net]
Sent: Thursday, August 21, 2014 1
I do mean DTLS/SCTP (HYPERLINK http://tools.ietf.org/html/rfc6083RFC6083).
In our application, we have Diameter (HYPERLINK
http://tools.ietf.org/html/rfc6733RFC6733) traffic which can involve large
messages.
-Brian
-Original Message-
From: Iñaki Baz Castillo [mailto:i
the other?
Thanks,
Brian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord
anything conclusive.
Thanks,
Brian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord
mailto:r...@openssl.orgr...@openssl.org
about an hour ago and still see nothing.
I'm following the procedure documented HYPERLINK
https://www.openssl.org/support/rt.htmlhere. Have I missed something?
Regards,
Brian
-Original Message-
From: Salz, Rich [mailto:rs...@akamai.com
Just got a reply on the RT about 10 minutes ago :)
Looks like things are just slow.
-Brian
-Original Message-
From: Salz, Rich [mailto:rs...@akamai.com]
Sent: Tuesday, July 22, 2014 5:22 PM
To: openssl-users@openssl.org
Subject: RE: DTLS aborts
My guess (and its purely speculation
from within
dgram_sctp_read() because the socket descriptor has been rendered invalid by
the disconnect.
We ran the same scenario against TLS, but it is not affected.
Is the development team aware of this? Should we open an RT?
Thanks,
Brian
I am trying to help a client convert his SSL certificate to a .p12 format so it
can be installed in a Java keystore on a server running Apache. Based on the
various error messages I am getting, I think that the root certificate needs to
be a part of the conversion command (sample shown below):
this for about a week so
any assistance is greatly appreciated.
Brian Goulet
Wireless Communications Engineer
Enterprise Network Engineering
Harris IT Services
298 Seavy Street, Portsmouth, NH 03804
Cell: 207-317-1459
bgou...@harris.com
CONFIDENTIALITY NOTICE: This email and any attachments may
I have an openssl generated CA and I want to change the passphrase on
the CA certificate/key. I can't seem to find any documentation on how
to go about that.
Any ideas or hints?
Cheers,
b.
signature.asc
Description: OpenPGP digital signature
;
}
/* Let PKCS7 code prepend any needed BIOs */
p7bio = PKCS7_dataInit(p7, out);
...
Was that intentional?
Brian
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hello,
Last year we deployed a root and intermediary CA's to support a web service
- We have now found some issues with the root CA and need to fix them.
We have many clients in many organisations which have installed the old
root cert - There is currently one service being verified by this root.
/ not even starting via inittab. It was a
running program already , only by including openssl headerfiles its getting
stopped.
Is your program in the $PATH that inittab uses? Make sure your'e using
absolute path names for executables.
--
Brian Reichert reich
...
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
Brian Reichert reich...@numachi.com
BSD admin
something wrong here. Am I misunderstanding what
'verify' is for? Am I mis-invoking it?
FWIW, my environment:
# cat /etc/redhat-release
CentOS release 5.4 (Final)
# rpm -qf /etc/pki/tls/cert.pem
openssl-0.9.8e-12.el5_4.6
Thanks for any feedback...
--
Brian Reichert
?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
Brian Reichert reich
. Has anyone else run into this?
thanks much,
-Brian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
dgst -sign privkey.pem -SHA1 -out data.sig data.txt
openssl dgst -sign privkey.pem -out data.sig data.txt
# both work
To write code that can use either new or old versions of openssl, you'll
need to probe openssl version and switch on the output.
thanks,
-Brian
and 64 bit versions are
called libeay32.dll. If not, is there something I could be doing wrong or need
to overwrite in order to name them as libeay64.dll?
The version of of openssl we are using is openssl-0.9.8j.
Thanks,
Brian Parker
On Thu, 2010-07-08 at 18:54 +0200, Dr. Stephen Henson wrote:
On Thu, Jul 08, 2010, Brian Makin wrote:
Ahh, got it.
in crypto/evp/evp_pbe.c:EvP_PBE_alg_add
pbe_tmp isn't initialized which means sometimes it has a bogus value.
119c119
EVP_PBE_CTL *pbe_tmp = NULL, pbelu
On Wed, 2010-07-07 at 21:28 +0200, Dr. Stephen Henson wrote:
On Wed, Jul 07, 2010, Brian Makin wrote:
The snapshots all seem to be failing in make test...
Is this a known issue or might it be a problem on my end?
Testing key generation with NIST Binary-Curve K-571 ok
(core dumped) $cmd enc
$test $test.cipher
./testenc: line 11: 26684 Segmentation fault (core dumped) $cmd enc
$test.cipher $test.clear
cmp: EOF on ./p.clear
On Sat, 2010-06-26 at 14:56 +0200, Dr. Stephen Henson wrote:
On Thu, Jun 24, 2010, Brian Makin wrote:
On Thu, 2010-06-24
Hah!
reverted EVP_PBE_alg_add
$ make
$ make test
everything passed :)
I'll try to get at least a stack.
On Wed, 2010-07-07 at 21:28 +0200, Dr. Stephen Henson wrote:
On Wed, Jul 07, 2010, Brian Makin wrote:
The snapshots all seem to be failing in make test...
Is this a known issue
is misbehaving?
--
BRIAN MAKIN
Senior Software Engineer
ma...@vivisimo.com
Vivisimo [Search Done Right™]
1710 Murray Avenue
Pittsburgh, PA 15217 USA
tel: +1.412.422.2499
vivisimo.com
__
OpenSSL Project
.
Is this a bug or do I just not understand that bit of code?
--
BRIAN MAKIN
Senior Software Engineer
ma...@vivisimo.com
Vivisimo [Search Done Right™]
1710 Murray Avenue
Pittsburgh, PA 15217 USA
tel: +1.412.422.2499
vivisimo.com
, but remember... Cave canem! (And this one has a /serious/ bite
to it!)
On Wed, Jun 30, 2010 at 4:11 PM, Brian Makin ma...@vivisimo.com
wrote:
I am seeing a very slow initialization on a single Windows
2003 box with
openssl-0.9.8l.
During initialization
This is Windows 2003, 64 bit, and it's definitely in RAND_screen.
I'm trying to move things to 1.0.0a now.
On Wed, 2010-06-30 at 20:47 +0200, Dr. Stephen Henson wrote:
On Wed, Jun 30, 2010, Ger Hobbelt wrote:
:-( I hope I recall correctly that what I mention next is indeed stuff
happening
On Thu, 2010-06-24 at 15:22 +0200, Dr. Stephen Henson wrote:
On Tue, Jun 22, 2010, Brian Makin wrote:
snip
Can you check to see if PKCS12_PBE_add() is called multiple times using the
debugger? It is only supposed to be called once before threads are started but
a bug means
On Tue, 2010-06-22 at 19:00 +0200, Dr. Stephen Henson wrote:
On Tue, Jun 22, 2010, Brian Makin wrote:
Using curl 7.16.1 and 7.20.0
with openssl 0.9.8l and 0.9.8o
I am getting intermittent crashes. Apache is setup with a pkcs12 cert
and when this fails it is always early in the process
Question -
Can OpenSSL be used offline - meaning without an Internet connection to
check if cert's are valid with a CA?
Thanks
Brian
functions.
#ifndef OPENSSL_NO_HW_NCIPHER
ENGINE_load_chil();
#endif
#ifndef OPENSSL_NO_HW_NURON
ENGINE_load_nuron();
#endif
#ifndef OPENSSL_NO_HW_SUREWARE
ENGINE_load_sureware();
#endif
brian
--
Brian Lavender
http://www.brie.com/brian
be a multiple of 128 bits or whatever
its block size is.
brian
we are using the TripleDES cipher.
--
Brian Lavender
http://www.brie.com/brian/
__
OpenSSL Project http://www.openssl.org
User
I'm using OpenSSL to generate EC key pairs for use in an embedded application.
As such, I need to extract and use the raw key values, and I notice that the
length of the keys as displayed by OpenSSL are exactly one byte longer than
expected. I assume the first byte listed for both public and
seen 0x04, 0x75, 0x22. That
would in fact change the value of the number ;-)
As long as I can ignore them and interpret the remaining digits as the priv and
public key values, I'm good to go.
-Brian
From: Kyle Hamilton aerow...@gmail.com
To: openssl-users
, but can't figure out how to map it...
I'd appreciate any feedback...
--
Brian Reichert reich...@numachi.com
55 Crystal Ave. #286Daytime number: (603) 434-6842
Derry NH 03038-1725 USA BSD admin/developer at large
grown up.
-- C.S. Lewis
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
Show me a young conservative and I'll show you someone with no heart.
Show me an old liberal and I'll show
(void);
const EVP_CIPHER *EVP_aes_256_cfb8(void);
const EVP_CIPHER *EVP_aes_256_cfb128(void);
# define EVP_aes_256_cfb EVP_aes_256_cfb128
const EVP_CIPHER *EVP_aes_256_ofb(void);
brian
On Wed, Dec 31, 2008 at 09:55:41AM +0200, Dayagi Yaron wrote:
Hello,
Does OPENSSL support AES
to automate the extract process from.
Anyway, the root CA DB doesn't change very often, so code can be written
around this for now.
~BAS
On Wed, 11 Apr 2007, Brian A. Seklecki wrote:
These scripts are great thank you very much to all involved who contributed
(no e-mail address for 'mastrboy
precisely what it's coded to do. Get a byte, then write that byte
out, then get that byte then write it out. (Perhaps you meant to 'gets' from
a different 'BIO' than you 'write' to?)
It's supposed to be a simple echo server. gets reads data until it
reaches a carriage return, correct?
brian
';
p = BIO_write(bio,buf, n + 1 );
while ( n = BIO_gets(bio, buf2,
sizeof(buf2) ) )
{
printf(%s, buf2);
}
}
--
Brian Lavender
http://www.brie.com/brian/
__
OpenSSL Project
even with blocking IO, I ought to be able to have a simple
server that receives a connection, receives the input from a client and
sends it back? The OpenSSL book only has the client send data and the
server prints it out. :( Any cooked examples out there?
brian
--
Brian Lavender
http
that the
corresponding keys match? I'm guessing rsa-n would suffice for RSA, would
dsa-p and dsa-q be an appropriate choice?
Thanks!
Brian
?
brian
=== simple_client.c ===
#include openssl/ssl.h
#include openssl/bio.h
#include openssl/err.h
#include stdio.h
#include string.h
int main()
{
BIO * bio;
int p;
char * request = Some new things coming today\n;
char * request2 = Tomorrow is a new day\n;
char r[1024
This code just goes into a loop and keeps writing the first piece
of info it reads. What am I doing wrong here?
while (nread = BIO_gets(out, buf, sizeof(buf) ) )
{
err = BIO_write(out,buf,nread );
}
--
Brian Lavender
http://www.brie.com/brian
Does anyone know of any substantial documentation/coding examples that may
be available (similar to the Networking with OpenSSL book) for using OpenSSL
as an OCSP Server/Responder as well as a requestor? Any help would be
appreciated!
Thanks,
Brian
This is a follow-up to my previous post. I have discovered that when using
X509_REQ_set_subject_name on my IA-64 system, that it will cause a segfault
in x509_name_ex_d2i much the very same as the post linked below. When
compiling the OpenSSL library in debug mode, the function operates properly,
Thank you for your input Dr. Henson, the following seems to work without
error. What is the procedure from here to get the relevant changes into the
baseline?
http://cvs.openssl.org/chngview?cn=16662
Thanks,
Brian Smith
On 5/23/08, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Thu, May 22
, I'd much appreciate it. As I
said, this has run on other platforms multiple times without even a hint of
failure with the exact same data. Additionally, I have done an strace and
nothing seems to be out of order that I can notice.
Thanks!
Brian
this with ERR_get_errors
following the failed verification, but nothing is printed to stdout. If I am
using the wrong function for this purpose, please let me know!
Thanks!
Brian
. For instance IIS and Apache will negotiate
slightly different as far as what each considers 'stronger'.
If your definition of random is each web server platform being a bit
different in negotiation, then yes it is random ;) (sarcasm)
Hope that helps,
Brian Trzupek
On Mar 4, 2008, at 5:28 AM
Architecture question:
Do certificate serial numbers within a multi-trier certificate authority
chain need be globally unique?
A Thunderbird user recently received the following error because his
cert serial number, as signed by one CA, matched the serial number of
the server, both of which
!
Brian Ghigiarelli
-Original Message-
From: [EMAIL PROTECTED] on behalf of Rossen Lambrinov
Sent: Thu 12/6/2007 11:13 AM
To: openssl-users@openssl.org
Subject: problems with shell openssl
I am trying to create a certificate request with the comand:
OpenSSL req -new -key usuari_B.key -sha1
. Is there a configuration parameter at all for this?
Thanks,
Brian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
From a brief look at the cert validation code, it appears that there's
no way to do non-blocking IO while performing on-line revocation checks,
e.g. querying a CDP or an OCSP responder.
Is that correct? Specifically, I see in ssl_cert.c a call is made to
X509_verify_cert(), or a user-supplied
/certdata.txt
Thoughts?
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
with SSL/TLS completely disabled. Maybe it's the
certificate verification step that's causing the Thunderbird delays. The
CA and the certificate we're using on the server side are self-generated
by openssl.
-Brian
__
OpenSSL Project
not be read and retranslated into
plaintext provided a sufficiently secure ciphersuite has been negotiated.
Reference:
http://www.sendmail.org/~ca/email/starttls.html
-Brian
__
OpenSSL Project http
or something similar? I'm not
too openssl savvy, so any details would be greatly appreciated.
Thanks for any info.
-Brian
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
does not define how to use a salt. Therefore, you will need to take
apart your Java application, and work out exactly how it combines the
password and salt before passing them to the HMAC function. Then you can
implement the same in your C program.
HTH,
Brian
, then you could post that too,
as it probably only needs a few tweaks to turn it into a certificate-based
one.
Regards,
Brian.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
, and the CA certificate, in the right places. When the isakmp
exchange takes place, each side will present its certificate to the other
side. So you don't need to store the other side's certificate anywhere.
Brian.
__
OpenSSL Project
On Wed, Mar 08, 2006 at 01:20:15PM +, Stuart Halliday wrote:
When you create the user .P12 files, then include the CA certificate
into it, i.e.
use a certfile that contains the user cert and the self signed CA
certificate.
The p12 file contain thus the private key of a user, the
. I find a second USB pen is useful
for copying CSRs to the CA and copying the certificates back again.
HTH,
Brian.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
of root certificates, then openssl
itself comes with some - see the 'certs' subdirectory of the openssl source
bundle. Of course, you'd be wise to establish an appropriate degree of trust
in each one individually.
Regards,
Brian
. The certificates are used to prove the identities to each side,
so that you know the data you read is from the right place, and so you don't
send data to someone who shouldn't be seeing it.
That's a very rough and ready description, but maybe accurate enough for
your purposes :-)
Regards,
Brian
On Fri, Mar 03, 2006 at 02:02:46PM -0500, OpenSSLGRT wrote:
When calling RAND_pseudo_bytes is it correct that the PRNG will not
give the same result even though I have the same seed (I thought if I
had the same seed I could get the same results each time)?
From 'man RAND_seed'
On Thu, Mar 02, 2006 at 11:52:50AM +0100, Shulman Alexandre wrote:
I'm trying to write a script able to create a self-signed certificate
automaticaly. I'm using the command:
openssl req -new -key ${KEY} -x509 -out ${CERT}
Unfortunately, I have to enter the DN information manualy.
but with a conflicting
subject (not OK)
Thanks,
Brian.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
On Wed, Mar 01, 2006 at 06:06:22PM +0530, Ambarish Mitra wrote:
The openssl command line tool works fine. However, I have to use this in a
C program. Therefore I was asking the API function name which can extract
these information from within the C code.
$ cd openssl-0.9.8a/apps
$ less x509.c
the LD_RUN_PATH. This ensures that the 'openssl' binary knows where to
find the correct openssl libraries, and doesn't end up picking up some
random libssl.so.* found elsewhere on the system.
Regards,
Brian.
__
OpenSSL Project
the chain. I'd be very grateful if someone could
point me in the right direction.
The certificates and their decoding are attached below.
Regards,
Brian.
Here are the two certificates, which currently are appended together in
server.example.com-cert.pem, although it seems only the first one is used
in this case?
Regards,
Brian.
-BEGIN CERTIFICATE-
MIIHAjCCBOqgAwIBAgIJAP5hXQM6l3J+MA0GCSqGSIb3DQEBBAUAMIGJMQswCQYD
VQQGEwJHQjEPMA0GA1UEBxMGTG9uZG9uMS8wLQYDVQQKEyZDYW5kbGVyIEluc2Vj
dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkGA1UEAxMScm9vdC5jYS5saW5u
show you that libssl in turn depends on some other library which it
can't find.
Regards,
Brian.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
On Mon, Feb 27, 2006 at 08:05:59PM +0100, Dr. Stephen Henson wrote:
On Mon, Feb 27, 2006, Brian Candler wrote:
On Mon, Feb 27, 2006 at 01:41:33PM +0100, Dr. Stephen Henson wrote:
Since you didn't include the root CA it isn't possible to say why it isn't
excluded.
I notice
On Mon, Feb 27, 2006 at 07:36:16PM +, Brian Candler wrote:
Ah. I had just used -cert ../server.example.com-cert.pem (where this file
contains all the certificates). So now I've added -CAfile as well, pointing
to the same file:
#!/bin/sh
cd content
openssl s_server -cert
to the correct offset and
start the signature validation. If it helps at all both the
PKCS7_SIGNED data and the signed content will already be loaded into
memory (however there's not enough memory to allocate space for the
ASN1 parsing of both).
thanks,
brian
1 - 100 of 209 matches
Mail list logo