Dear Michael,
> Am 29.10.2020 um 22:55 schrieb Michael Richardson :
>
>> Yes, the signed message is contained in a HTTP(S) multipart request
>> with more payload and header information, sure. The only different part
>> is the signed content, all other content has been manually checked,
>> they ar
Dear Michael,
> Am 29.10.2020 um 14:12 schrieb Michael Richardson
>> - "Unable to verify content integrity: Missing data"
>> - "The system is unable to find out the sign algorithm of the inbound
>> message"
>
>> I digged a bit deeper into the ASN1 data („cat signature.base64 | base64 -d
>> | o
Hello,
my task is to sign a message in C for SMIME exchange, which works as expected
and openSSL is self-fulfilling with itself in successful verification (and
unsuccessful in produced errors as expected). I've tested PKCS7 SMIME
functions, as well as CMS ones, leading to the same result: the r
/libcrypto.so: file format not recognized
>
> Is there anything else I can try?
>
>
>
> Thibaut
>
>
>
> On 28/10/2020 13:00, Harald Koch wrote:
>>
>> This email from r...@c-works.net <mailto:r...@c-works.net> originates from
>> outside Imp
. Actually, I’m using the
latest openSSL version 1.1.1 with funtions for PKCS7 signing (PKCS7_sign,
PKCS7_sign_add_signer, SMIME_write_PKCS7).
Regards,
Harald Koch
> Am 16.04.2020 um 22:17 schrieb Benjamin Kaduk :
>
> On Thu, Apr 16, 2020 at 09:41:23PM +0200, Harald Koch wrote:
>> Am 16.04.2020 um 17:54 schrieb Tomas Mraz :
>>>
>>> error queue of openSSL stays empty. The same code works with
>>>> ope
Am 16.04.2020 um 17:54 schrieb Tomas Mraz :
>
> error queue of openSSL stays empty. The same code works with
>> openSSL with gzip support („./config enable-zlib ...“, for support of
>> compressed SMIME contents in other application).
>> Do you call the OPENSSL_init_ssl from the main thread or from
> Am 16.04.2020 um 17:07 schrieb Tomas Mraz :
>
> On Thu, 2020-04-16 at 15:42 +0200, Harald Koch wrote:
>> Hello list,
>>
>> I have a TLS server which is started on demand in a multithreaded
>> (pthread) application. The TLS server is one thread which is being
Hi Matt,
> Am 16.04.2020 um 16:29 schrieb Matt Caswell :
> On 16/04/2020 14:42, Harald Koch wrote:
>> Hello list,
>>
>> I have a TLS server which is started on demand in a multithreaded (pthread)
>> application. The TLS server is one thread which is being started a
Hello list,
I have a TLS server which is started on demand in a multithreaded (pthread)
application. The TLS server is one thread which is being started and stopped.
At first start, the TLS server initialized with SSL_CTX_new with
TLS_server_method works as expected, after cleaning up, eliminat
Hello,
> Am 22.11.2016 um 23:25 schrieb Dr. Stephen Henson :
>
> On Tue, Nov 22, 2016, Harald Koch wrote:
>
>> Hello,
>>
>> I???m facing a critical situation in my application when creating a signed
>> SMIME message using SHA1 as message digest algorith
point.
I’m sure I’m using the correct LD_LIBRARY_PATH environment variable value for
every test in Linux. The platforms I tested are Linux 32bit & 64bit, Mac OS
10.12.1.
Thank you for any help.
Harald Koch
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> It would take some extensions to the certificate verification code
> to change the behaviour. I don't know how large the interest is
> in such an extension.
Pick me!
--
Harald Koch <[EMAIL PROTECTED]>
"It takes a child to raze a village."
gly easy to graft
support for CRLs and CDPs onto the outside of the OpenSSL verifier.
--
Harald Koch <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mai
would need to program this into your verify callback function.
> The man pages are pretty clear on how to do this.
Which I had already done; I was just hoping there was a better way,
like (for example) setting trust parameters on the sub-ca certificate.
--
Harald Koch <[EMAIL PR
e, the authorization decision is: Trust transactions
authenticated with certificates issued by my own sub CA. Unfortunately,
that's the only option available in many environments (web-browsers, for
example).
I guess the issue is that I'm trying to avoid having to inspect the
certificate chain sep
> Baltimore have a free toolkit called Key Tools Pro you can use to code
> your own clients. And valicert have a hosted OCSP responder.
Key Tools *Lite* is free. KeyTools Pro costs real dollars. And,
naturally, OCSP is only supported in the Pro version...
--
Harald Koch <[EMAIL
lifies
signature verification.
--
C. Harald Koch <[EMAIL PROTECTED]>
"It takes a child to raze a village."
-Michael T. Fry
__
OpenSSL Project http://www.openssl.or
code until after the signature has been verified. If I've
modified the code to to bad things, I can just as easily modify it to always
verify a signature on the tarball.
--
C. Harald Koch <[EMAIL PROTECTED]>
"It takes a child
19 matches
Mail list logo