and
concentrate on the way it is used in practice, which often differs. And
as they say don't attribute to malice which can be explained by sheer
incompetence! ;-)
So my advice: on sending use MIME headers and MIME boundaries (and H
pered!!- original data, and you will
> waste your time. You will be able to do this ONLY with YOUR OWN DATA, THE
> DATA YOU YOURSELF SIGN, or the data your friends sign honestly without
> tricks.
I wholeheartedly agree with your sentiments in general here but really
the calculation of t
everyone always uses the exact form
in which it was sent; this corresponds to the "--binary" option of the
smime(3) utility.
So summarizing: the way you calculated the MDN is correct, you just
calculated if over too few bytes.
--
Marco Roeland
___
rting to become a real
annoyance in some practical circumstances. So perhaps if Stephen Henson
should develop the feature further one day we can volunteer as testers? ;-)
--
Marco Roeland
__
OpenSSL Project
man page. As far as I
know this is independent from using an engine or not.
Sometimes, depending if your application allows this, compressing before
encrypting can help somewhat.
In the 0.9.9 snapshots of OpenSSL there is experimental code to fix this
limitation.
-
r encrypting helps limit the
amount of memory needed, but it depends on your S/MIME requirements and
the data involved.
--
Marco Roeland
__
OpenSSL Project http://www.openssl.org
User Support Mailing
exactly
your reported manner. If however we put the following:
BIO_set_mem_eof_return(signedEncryptedBio, 0);
suddenly it starts working. I leave it to the experts if the default is
the most wanted behaviour, but at least you have a workaround now.
The man page is in BIO_s_mem(3ssl).
--
Marco
issue. It occurs on "smime -encrypt" in general in that version.
--
Marco Roeland
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-use
rberos in non-standard locations. Try adding them manually:
Inside your Makefile:
INCLUDEPATHS+=-I/usr/kerberos/include
LDFLAGS+=-L/usr/kerberos/lib
LDLIBS+=-lkrb5
Or manually:
gcc -g -Wall -I/usr/kerberos/include -c -o wclient.o wclient.c
-L/usr/kerberos/lib -lkrb5
You&
like EVP
(see the man page for EvpEncryptInit) instead of directly using the
blowfish routines, but that is not the main problem here.
--
Marco Roeland
__
OpenSSL Project http://www.openssl.or
have to verify the signature using those first
and then change them later if they bother you.
--
Marco Roeland
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
_dec.c:1282:", so that might
mean for example getting confused by a "T61STRING" instead of a
"PRINTABLESTRING" or a "IA5STRING". Building OpenSSL with debug
information and running it through the debugger with this input file
would perhaps pinpoint the exac
ave no idea either, but you might want to run
openssl asn1parse -in decoded.b64
which does work on this input and compare the resulting fields and
identifiers with a PKCS7 file that you _can_ read. Perhaps the file was
created with different parameters than OpenSSL exp
f), "%s", neg);
result += buf;
for (i=0; i < serial_number->length; i++) {
sprintf(buf, "%02X%c", serial_number->data[i], ((i + 1
== serial_number->length) ? '\0' :':'));
at you are inadvertently using an older or mixed version
of openssl and/or libraries if you have remnants of pieces under
/usr/local say.
> the same command (same version of openssl) but on different linux
> kernel works.
./configure shared
You _can_ build a .so from the .a 's you already have, but using
"./configure shared" in a clean directory probably is easiest!
--
Marco Roeland
__
OpenSSL Project
meout value.
As far as I know there isn't an OpenSSL library function for this.
You can put the BIO socket in non-blocking behaviour though, and then
wait for a connection or data using select(2). In the select call you
can then use your co
atest features it's much easier just
to get a "snapshot-tarball" from the ftp sources once in a while.
--
Marco Roeland
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Java libraries that functionaly can cooperate
fine with OpenSSL clients and servers.
Again try searching the Ubuntu packages first.
--
Marco Roeland
__
OpenSSL Project http://www.openssl.org
User
like this:
cc hello.c -o hello -I/home/paul/ssl/include -L/home/paul/ssl/lib -lssl -lcrypto
--
Marco Roeland
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listo
t the input in unsigned char* format. How can I make this conversion?
Yes the encryption should work on any binary data. But be careful how
you read and write blocks of data. The routines you use should be 8-bit
clean, so be able to deal with '\0' characters.
--
M
of the message, and feed this to
RSA_sign. And you might be better off using more higher level routines
in OpenSSL that can do this.
--
Marco Roeland
__
OpenSSL Project http://www.openssl.org
User
onfigure aix43-cc' instead of './config'.
--
Marco Roeland
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
werful and flexible.
--
Marco Roeland
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
gners certificate himself somehow, in order to perform the
> verification.
Yes.
--
Marco Roeland
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMA
faster executable. So I'd say the compiler does
make a difference, but the default options are quite alright.
And using executables compiled for specific processors can sometimes
result in strange bugs when run on other processors.
--
Marco Roeland
26 matches
Mail list logo