Hello,
# openssl errstr 140A90F1
error:140A90F1:SSL routines:SSL_CTX_new:unable to load ssl2 md5 routines
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 04/22/2013 06:00:37 PM:
> Venkataragavan Vijayakumar
> Sent by: owner-openssl-us...@openssl.org
>
>
l+seed" in main code.
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 04/12/2013 06:36:49 PM:
> Sergei Gerasenko
> Sent by: owner-openssl-us...@openssl.org
>
> 04/12/2013 08:14 PM
>
> Please respond to
> openssl-users@openssl.org
>
> To
Hello,
Output from attached code:
admin# ./mcl_tls1_PRF
0x8b 0x13 0xc7 0x58 0xc3 0x4f 0x99 0x3a
0x18 0x7d 0x29 0x45 0xed 0x5b 0x69 0x1d
Best Regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 04/11/2013 09:48:51 PM:
> Sergei Gerasenko
> Sent by: owner-open
Hello,
This looks like declaration mismatch, you should send more info (used
compilers, environment),
maybe simple test code.
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 05/21/2012 02:52:15 PM:
> grajapra...@inautix.co.in
> Sent by: owner-open
and at library initialization set this callback:
/* callback for connection information on SSL/TLS session negotiation */
SSL_CTX_set_info_callback(ctx, ssl_connection_info_cb);
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 05/16/2012 05:15:40 PM:
> kthiru...@i
Hello,
$ openssl version
OpenSSL 1.0.0 29 Mar 2010
$ openssl ciphers -V
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 05/13/2012 12:57:40 PM:
> Krzysztof Jercha
> Sent by: owner-openssl-us...@openssl.org
>
> 05/14/2012 01:46 PM
>
> Please re
Hello,
Do not pad with spaces, look at:
http://en.wikipedia.org/wiki/Padding_%28cryptography%29
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 05/11/2012 11:08:52 PM:
>
> Sent by: owner-openssl-us...@openssl.org
>
> 05/11/2012 11:11 PM
>
>
> enc.bin
# openssl aes-256-cbc -in enc.bin -K
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -iv
000102030405060708090A0B0C0D0E0F -d
marek
I other words, when you prepare source buffer for excryption you shoud
manualy pad this data.
Best regards,
--
Marek Marcola
own
key dG = d*G
using chosen EC curve.
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 04/14/2012 12:32:22 PM:
> opensshelpmeplz
> Sent by: owner-openssl-us...@openssl.org
>
> 04/15/2012 02:24 PM
>
> Please respond to
> openssl-users@openssl.org
Hello,
Maybe there is library initialization problem, try to add:
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 04/06/2012 07:06:22 PM:
> crk
> Sent by: owner-openssl-us...@openssl.org
>
> 04/0
is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher: RC4-SHA
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 04/06/2012 06:17:38 PM:
> crk
> Sent by: owner-o
plementation is good for learning but
not in real life.
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 04/02/2012 05:09:57 PM:
> Theodore Tolstoy
> Sent by: owner-openssl-us...@openssl.org
>
> 04/02/2012 05:11 PM
>
> Please respond to
> opens
with value 8).
After decryption "remove" last 8 bytes (filed with value 8).
For printf() you may fill this last 8 bytes to 0.
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 03/29/2012 04:02:17 PM:
> Prashanth kumar N
> Sent by: owner-openssl-us...@open
Hello,
Maybe attached simple example will help.
Use:
# gcc -o evp_enc evp_enc.c -lcrypto
# cat /etc/group | ./evp_enc
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 03/28/2012 09:02:59 AM:
> Prashanth kumar N
> Sent by: owner-openssl-us...@openssl.org
>
Hello,
Try some test connections:
# openssl s_client -connect hostname:443 -debug -msg
# openssl s_client -connect hostname:443 -debug -msg -bugs
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 03/28/2012 06:02:01 PM:
> James Earl
> Sent by: owner-open
/Block_cipher_modes_of_operation
Example of using AES_cbc_encrypt() attached (pay attension of block
padding).
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 03/28/2012 09:01:25 AM:
> Prashanth kumar N
> Sent by: owner-openssl-us...@openssl.org
>
> 03/28/2
Hello,
$ echo "obase=16;336151528" | bc
140943E8
$ openssl errstr 140943E8
error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000)
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 03/27/2012 01:09:56 AM:
> Blake Mizerany
> Sent by: owner-openssl-u
Hello,
I'm sure you know that but just to remind:
After sending to the list the output of command:
$ openssl rsa -in server.key -text -noout
you can not use this key (and certificate) for production.
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 03/23/2012
.
You may also test this files using simple openssl ssl server:
1) Run server on one terminal
$ openssl s_server -accept 1212 -key key.pem -cert crt.pem -debug -msg
2) Connect to server from another terminal
$ openssl s_client -connect localhost:1212 -debug -msg
Best regards,
--
Mar
DA7E70FC2E2149FC00481816650E799AAEC...
and check if output maches.
Best regards,
--
Marek Marcola
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hello,
Agree, or even:
SSL_load_error_strings();
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 02/25/2011 03:10:45 PM:
> lzyzizi
> Sent by: owner-openssl-us...@openssl.org
>
> 02/25/2011 03:13 PM
>
> Please respond to
> openssl-user
Hello,
Maybe you may try something like this:
int log_err(void)
{
char buf[256];
u_long err;
while ((err = ERR_get_error()) != 0) {
ERR_error_string_n(err, buf, sizeof(buf));
printf("*** %s\n", buf);
}
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl
routines:RSA_EAY_PRIVATE_DECRYPT:internal error
You can experiment.
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 02/24/2011 10:30:17 PM:
> "Shaheed Bacchus (sbacchus)"
> Sent by: owner-openssl-us...@openssl.org
>
> 02/24/2011 10:32 PM
>
> Please respond to
> op
Hello,
Remember, you do not need to recover this parameters to decrypt message.
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 02/24/2011 05:19:30 PM:
> "Shaheed Bacchus (sbacchus)"
> Sent by: owner-openssl-us...@openssl.org
>
> 02/24/201
Hello,
Try to disable RSA blinding with:
RSA_blinding_off(new_key);
before RSA_private_decrypt().
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 02/24/2011 03:46:53 AM:
> "Shaheed Bacchus (sbacchus)"
> Sent by: owner-openssl-us...@openssl.org
)
dmq1= d mod (q?1)
iqmp = q^?1 mod p
you have recomputed.
You do not need d on the receiving site if you have this parameters.
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 02/24/2011 05:48:19 AM:
> Victor Duchovni
> Sent by: owner-openssl-us...@openssl.org
&
is in the proper format already.
admin# echo 100 > /tmp/p.txt
admin# sleep `cat /tmp/p.txt` &
[1] 21988
admin# ps -ef | grep sleep | grep -v grep
root 21988 3150 0 22:29 pts/0 00:00:00 sleep 100
Best regards,
--
Marek Marcola
Hello,
Use RAND_bytes().
This function uses hashes for you.
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 02/26/2009 07:59:14 PM:
> hello
> i want to create a some random values (N values )using SHA1, ( like
lamport
> authentication protocol)
> how c
Hello
owner-openssl-us...@openssl.org wrote on 02/19/2009 08:30:04 PM:
> We are using OpenSSL 0.9.7e and would like to know if it supports SSL
3.0?
Yes.
Best regards,
--
Marek Marcola
__
OpenSSL Proj
pt() some BN files needed for
Montgomery method may are not required (bn_mont.c).
The most complicated part is to properly define header files
depending on you platform architecture (8bit/16bit/32bit).
Best regards,
--
Marek Marcola
_
> And Nk*round# keys are also produced well in it.
> But how about Nb, the number of column in state?
> (in 128, 192 and 256 bits block plaintext, the Nb, column# of state is
4,6,8.)
Yes, but AES implementation used in OpenSSL supports only 128 bit block
(16 bytes).
So, in this impl
1.tar.Z | tar xvf -
# installp -ac -Y -d /var/tmp/sw/openssl all
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
sl x509 -in crt.pem -text -noout
$ openssl x509 -in crt.pem -outform der -out crt.der
$ openssl x509 -in crt.der -inform der -text -noout
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project
for /dev/urandom and to call genrsa as
>
> openssl genrsa -rand /dev/qrandom 2048 ?
>
> I am not shure about the role of /dev/urandom: does it deliver a
> (pseudo) random number or the salt for the PRNG?
Salt (32 bytes) for the PRNG
Best regards
written to the buffer specified in out, and will have the length
> specified by keylen?
Yes, example attached.
> What is the meaning of the int that this function returns?
This function always returns 1.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
pkcs5.c
Description: Binary data
nd doesn't give a clue as to
> which openssl function should be used to derive a key in a compliant
way.
>
> Does openssl support RFC2898, and if so, what function should I be
> looking at?
PKCS5_PBKDF2_HMAC_SHA1()
Bes
utable) this is not possible.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@opens
its not important if your key is proper or not.
But when you call EVP_DecryptFinal_ex() at the end of decryption you get
error
because this function checks proper last block padding.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
data may come to you with 20 TCP packets too.
Merging this two packets may work for decryption but will break MAC
(message authentication code) because when MAC is calculated implied
message number is used. When you merge this packet - one packet
will be lost
g character if required - only at end of data)
As you see, there can not be '-' character inside base64 encoded data.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project
l or not.
> >>
> > What about just reading your .pem file with simple read() to char
table
> > and send this to server ?
> >
> > Best regards,
> > --
> > Marek Marcola <[EMAIL PROTECTED]>
> >
> >
k1.c:151:
With 2048 bit key (256 bytes) you may encrypt max 256-11 bytes of data
(11 bytes for PKCS1).
Because of this RSA encryption is not use for encryption whole files
but for encryption symmetric keys (for AES or DES) that encrypt files
wit
s a
> rsa public key from another pem file and return, comparing keys, is are
> egual or not.
What about just reading your .pem file with simple read() to char table
and send this to server ?
Best regards,
--
Marek Ma
ion).
So, in case of Finised packet, record layer puts handshake header and
data,
add MAC and PAD, encrypt this, encapsulate encrypted data with 5 byte
protocol header and sent to peer:
protocol_header, {handshake_header,handshake_data,MAC,PAD}
^^ ENCRYPTED ^^^^^^^
after ChangeCipherSpec should use encryption, this is something
like switch witch turn on encryption.
So, Finished packet should be decrypted before analysed.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL P
library:fopen:No such file or directory
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
after sending client_hello, server
do not accept some data in this packet.
With SSLv2/v3 client in reality sends SSL2 client_hello and this may
not be acceptable by server. You may add "-ssl3" or "-tls1" flags
to use exactly one of this protocol (without SSL2 client_hell
0003)
> 24664:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake
> failure:s23_clnt.c:562:
Try to add "-debug -msg -state" flags to this command to get more verbose
output.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
yption side.
You may use NO PADDING and look at decrypted data to check that this data
looks reasonable or not.
You should consider also that data encrypted with private key may by
decrypted
by anyone with public key (if pu
xt I get:
$ openssl md5 < /tmp/zz.txt
611af9d8272a34478514927b922f53b6
after reading this line to ZZ variable:
$ ZZ=`cat /tmp/zz.txt`
$ echo $ZZ | openssl md5
611af9d8272a34478514927b922f53b6
but when printing ZZ without new line:
$ echo -n $ZZ | openssl md5
8
not "char *"
- use -Wall at compile time and look at any warnings like "passing
argument 2 of ‘RSA_sign’ differ in signedness"
- do not use strlen() on signatures, signatures are binary data, not
strings
- you can not create RSA signature from 160 bit hash using 128 bit RSA
key.
- add SSL_load_error_strings() and SSL_library_init().
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
:��I"Ϯ��r�m
(Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���
object header
hp8510# openssl errstr 0D07803A
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project
orithms may come from other source.
You may use some other library (gmp for RSA or IPP for RSA/EC/AES) ...
You may use your customer crypto library ...
You may use some crypto hardware ...
In this case you do not need any software algorithms which comes with
OpenSSL.
Best regards,
--
Marek Marcola
m --print-file-name *.o | grep d2i_DSAPrivateKey
dsa_asn1.o:01c0 T d2i_DSAPrivateKey
$ gcc -E dsa_asn1.c | grep d2i_DSAPrivateKey
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
\nConnection: Keep-Alive\r\nAccept: */*\r\n"
>
>
> It would have any other apps I can do this test?
You may use "wget" (with ssl support compiled in) instead.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
^^
This can not be satisfied and loop can not end.
if(!BN_GENCB_call(cb, 2, n++))
goto err;
}
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
_
ed in one byte as:
ASN_CLASS_UNIVERSAL | ASN_TYPE_CONSTRUCTED | ASN_OBJECT_SEQUENCE
where:
ASN_CLASS_UNIVERSAL = 0x00
ASN_TYPE_CONSTRUCTED = 0x20
ASN_OBJECT_SEQUENCE = 0x10
which gives you 0x30
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
_
t; I get (from a conversion to hexadecimal thanks to : cout << setw(2) <<
> setfill('0') << right << hex << (int) key->data[c]; )
> 30:82:01:0A:02:82:01:01:___the_public_key___:02:03:01:00:01
>
> How can i get only the
Hello,
> One thing I will conform you is " we can not get public key from a
private key ". I do
> not remember where i studied , but it is true.
> So do not try to get a public key from private key.
This is not true.
Best regards,
--
Marek Marcol
ytes before end instead of end of
md1).
Use memcpy, does not relay of strlen() on such data too.
> SHA1(&m1, str len(&m1), m2);
>
> I don't know why the output of the second SHA1 is not the same when I
> run the program several times. But I think the problem is in the m1
> storing, but I don't know how to resolve that.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
e its output to the C, I
> don't get the expected output.
>
> Did I miss something?
Expression above looks good, but there is too little information
of real implementation to say something reasonable.
Best regards,
to do the https, but for
the time i want
> to test my client & server people are working of the certificate, so
that will be sorted
> out in meantime.
Try something like:
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
Be
return (0);
}
instead of one call to ERR_error_string().
In OpenSSL you have stack of errors and you should print them all.
Next errors may be more informative.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL P
3FF1A7F2D5CE798B993E01CCEBB697687FFB40697601A813250170892A6C2932CFF92497DAED843715DB3E5C1
> 543:d=1 hl=2 l= 65 prim: INTEGER
>
:F63374004B31D79C5B13BBADB1E4F18784ACE883A74DEDE041E0926838A4D7C2A92D96FAD5A4E4024EF47D562A3614F23E46158036302A5FC00631A80EA468F8
Ok. So we have correct RSA
;SSL_CTX_use_PrivateKey_ASN1()
> OR
>SSL_CTX_use_certificate_ASN1()
Yes, indeed. According to OP second function works (after conversion).
But first function has bad key type specified.
I think that output from command:
$ openssl asn1parse -in pekey.der -inform der
may be very helpful in this case.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
> > It worked.
> > >
> > > Does anybody have any ideas what is wrong with
> > SSL_CTX_use_PrivateKey_ASN1 ?
> > Try EVP_PKEY_RSA for RSA key instead of SSL_FILETYPE_ASN1.
>
> Is the OP's file a private key or an X.509 certificate?
Line:
fp = f
; err !=
SSL_ERROR_WANT_WRITE)
> { soap_set_sender_error(soap, soap_ssl_error(soap, r), "SSL
connect failed in
> tcp_connect()", SOAP_SSL_ERROR);
> soap->fclosesocket(soap, fd);
> return SOAP_INVALID_SOCKET;****** My program is
return
e any ideas what is wrong with
SSL_CTX_use_PrivateKey_ASN1 ?
Try EVP_PKEY_RSA for RSA key instead of SSL_FILETYPE_ASN1.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project h
gt;
> CRYPTO_set_locking_callback(NULL);
> CRYPTO_set_id_callback(NULL);
>
> for (i = 0; i < CRYPTO_num_locks(); i ) {
> pthread_mutex_destroy(&mutex_buf[i]);
> }
Maybe chan
ENCRYPT);
>
> std::cout << "aes::encrypt_file: Writing..." << std::endl;
>
> out.write((char *)fbuf_out, len);
> }
> }
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
___
; numbers on this too? I plan to use one of -
In general: use AES instead of DES3, its faster.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User
lication developer
can pass a password and as a result he becomes a password of the
specified length".
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openss
e using 3DES algorithm
i m confused
> which is the way to go ..using ciphers EVP apis like EVP_des_ede3_cbc()
or built in
> custom functions like DES_ede3_cbc_encrypt()
Use EVP with EVP_des_ede3_cbc() - high level API.
DES_ede3_cbc_encrypt() is low level API
Best regards,
--
Mar
ter transformations)
is truncated to 224 bytes.
SHA384 uses the same algorithm as SHA512 but with different
init constants witch initiates 8 64-bit state variables
and output (8 64-bit state variables after transformations)
is truncated to 384 bytes.
Best regards,
--
Marek Marcola <[EMAIL PRO
L library messages).
Establishing tcp connection is one thing while initializing OpenSSL
library,
creating client_hello packet is another. Log files may answer your
question.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
_
SSL3/TLS1 will work fine.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
A
the pass phrase protected private key, is it
possible for other
> persons to steal and decrypt that key.
>
> Or do you have more feasible ways to implement it?
Smartcards.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
t;
> And finally is there a public interface where an application developer
> can pass a password and as a result he becomes a password of the
> specified length?
Try: PKCS5_PBKDF2_HMAC_SHA1()
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
_
.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
A
ons, use SSL3 or TLS1.
SSL2 client_hello may be used for negotiations SSL3 or TLS1 (only one
handshake
packet).
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
nput, should i receive the same result
on both sides?
Yes.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
n call.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
s both?
Key exchange method is dependent of chosen ciphersuite.
Look at:
$ openssl ciphers -v
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.o
> p192.c:(.text+0x3e): undefined reference to `BN_new'
> p192.c:(.text+0x5c): undefined reference to `BN_set_word'
> p192.c:(.text+0x71): undefined reference to `PEM_write_DHparams'
> collect2: ld returned 1 exit status
Add -lcrypto to gc
Hello,
> I have to connect to my OpenSSL server through proxy server. How can I
establish this connection?
Establish tcp connection through proxy (connect, socks5, transparent,
reverse or any other)
and next run SSL on this tcp connection.
Best regards,
--
Marek Marcola <[EMAIL PRO
ans you may execute:
$ openssl ciphers -v ALL
or to test what "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" means:
$ openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
and next you may build your own ciphers list.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
_
2001: unresolved external symbol
[EMAIL PROTECTED]
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL
> PROTECTED]
> digestclient.obj : error LNK2001: unresolved external symbol [EMAIL
> PROTECTED]
example for ascii compare or so.
(from performance point of view sprintf() should be replaced
with simple function which covert byte to hex form).
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project
y application/system.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
:��I"Ϯ��r�m
(Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���
erprise linux 5/openssl 0.9.8b-8
Add -new option to "openssl req ..." command.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User S
n
this is practically not possible (or very complicated) and result
may be not satisfied. All what you may try is to use some defines
to disable some crypto algorithms. Look at source code for NO_
preprocessor definitions.
Best regards,
--
Marek Marcola <[EMA
e):
$ pwd
/tmp/openssl-0.9.8g
$ find . -name "*.o" -exec nm -o --defined-only {} \; | grep
d2i_ASN1_INTEGER
../crypto/asn1/tasn_typ.o:1060 T d2i_ASN1_INTEGER
$ cd ./crypto/asn1/
$ gcc -E tasn_typ.c | grep d2i_ASN1_INTEGER | indent
Best regards,
--
Marek Marcola <[EMAIL PROTECTE
es-ofb -in c:\Openssl\Test_ofb_data.txt
-in
> c:\o
> penssl\encrypted_data.enc -k/-iv
> 0123456789abcdef0123456789abcdef/1234567890abcd
> ef - 8
> unknown option '-k/-iv'
Try:
... -k 0123456789abcdef0123456789abcdef -iv 1234567890abcd ...
Be
et.
> Using the salt would be an added benefit.
Look at PKCS#5 document (especially PBKDF2 function),
this function is implemented in OpenSSL as PKCS5_PBKDF2_HMAC_SHA1()
function.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
ation.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Auto
tate_string_long(ssl));
}
if (type & SSL_CB_ALERT) {
log_tra("tls_alert: %s:%s: %s",
type & SSL_CB_READ ? "read" : "write",
SSL_alert_type_string_long(val), SSL_alert_desc_string_
nd to you by server with certificate.
> > You may use smartcard if TLS server requires client verification, then
> > your (client) private key from smartcard is used to prove your
identity.
> >
> > Best reg
smartcard is used to prove your identity.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-
VERSION, for example:
--prefix=/usr/local/openssl-0.9.8g
Then, feature/past versions may be installed in its own directory and you
be able to switch between them.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
move any of the libraries which the previous server has
installed ? or will
> it install all components inside --prefix directory.
"make install" will install libraries inside --prefix
Best regards,
--
Mar
1 - 100 of 794 matches
Mail list logo