Re: Best Practices for private key files handling

> On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users > wrote: > >> From: openssl-users On Behalf Of Philip >> Prindeville >> Sent: Thursday, 15 September, 2022 15:41 > >> I was thinking of the case where the directory containing the keys (

Re: Best Practices for private key files handling

> On Sep 13, 2022, at 8:10 PM, Shawn Heisey via openssl-users > wrote: > > On 9/13/22 14:17, Philip Prindeville wrote: >> But what happens when the file we encounter is a symlink? If the symlink is >> owned by root but the target isn't, or the target permissions

Best Practices for private key files handling

, etc. So... what's the Best Practices list for handling private key materials? Has anyone fleshed this out? The specific bug, if anyone is interested, is: https://issues.asterisk.org/jira/browse/ASTERISK-30213 Thanks, -Philip

Non-heap based structures

But I just wanted to make sure. Thanks, -Philip

Re: AES and EVP_CIPHER question

> On May 17, 2022, at 4:32 AM, Matt Caswell wrote: > > > > On 16/05/2022 23:48, Philip Prindeville wrote: >> Sorry, I shouldn't have phrased that inartfully. >> There is no EVP_CIPHER_CTX_get_padding(), so how does one achieve something >> analogou

Re: AES and EVP_CIPHER question

Sorry, I shouldn't have phrased that inartfully. There is no EVP_CIPHER_CTX_get_padding(), so how does one achieve something analogous? > On May 16, 2022, at 1:00 PM, Philip Prindeville > wrote: > > Thanks. That fixed the return value of EVP_CipherFinal(). > > Is

Re: AES and EVP_CIPHER question

led after the > EVP_CipherInit() to have an effect. > > Also what is the AST_CRYPTO_AES_BLOCKSIZE value? Is it in bits (i.e, > 128)? > > Also res should be initialized to -1 so you do not return uninitialized > value on error. > > Tomas Mraz > > On Fri, 2022-05-1

Bad exit code with pkeyutl -verify in 1.0.2f

sues" in Github, or were bugs tracked somewhere else? I can't remember... Thanks, -Philip

Re: Compiling OpenSSL using a different SDK

Openssl already supports cross-compiles, since OpenWRT and Yocto/OpenEmbedded use it as-is. https://github.com/openwrt/openwrt/blob/master/package/libs/openssl/Makefile#L328..L357 > On May 6, 2022, at 6:25 AM, ~ Kunal Sharma ~ wrote: > > Hi friends, > > My objective is to compile OpenSSL

Re: AES and EVP_CIPHER question

Here's a simple/stupid test program and its output, running on Ubuntu 20.04 LTS: OpenSSL 1.1.1f 31 Mar 2020 EVP_CIPHER_CTX_new returns 0x5627171042a0 EVP_CipherInit returns 1 EVP_CipherUpdate returns 1, outlen = 0 buf: 'Mary had a littl' EVP_CipherFinal returns 0, finallen = 0 buf: 'Mary had a

Re: AES and EVP_CIPHER question

> On May 13, 2022, at 10:55 AM, Philip Prindeville > wrote: > > > >> On May 13, 2022, at 10:34 AM, Matt Caswell wrote: >> >> >> >> On 13/05/2022 16:49, Philip Prindeville wrote: >>> Hi, >>> I'm trying to rewrite some legacy

Re: AES and EVP_CIPHER question

> On May 13, 2022, at 10:34 AM, Matt Caswell wrote: > > > > On 13/05/2022 16:49, Philip Prindeville wrote: >> Hi, >> I'm trying to rewrite some legacy AES_* code to use EVP_CIPHER_* so it's >> forward compatible into 3.x. >> My code, i

AES and EVP_CIPHER question

tes decrypted into "out" on success. Thanks, -Philip

Re: [EXTERNAL] Using openssl-rsautl for verifying signatures.

ith RSA_PKCS1_PADDING. > > Tomas > > On Thu, 2022-05-05 at 10:35 -0600, Philip Prindeville wrote: >> Bonjour. Et milles mercis. >> >> That was helpful. >> >> One more question: if I want to reproduce RSA_sign() (and >> RSA_verify()) using evp_key_s

Re: [EXTERNAL] Using openssl-rsautl for verifying signatures.

if that's the case)? -Philip > On May 4, 2022, at 3:45 AM, Erwann Abalea wrote: > > Bonjour, > > The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding > for signature operations. > PKCS#1v1.5 is rewritten in RFC2313. > > Using the command l

Using openssl-rsautl for verifying signatures

signing besides rsautl? Thanks, -Philip

Re: RSA test vectors, etc.

and 3.0? > On Apr 27, 2022, at 10:43 AM, Philip Prindeville > wrote: > > Hi, > > I've been trying to rewrite the res_crypto.so support in Asterisk to use > Openssl-1.1.x and the EVP_PKEY interface, rather than the AES_* and RSA_* > stuff. > > The AES stuff uses

RSA test vectors, etc.

stion: how do other people deal with this? Thanks, -Philip

Re: Cross-project request... looking for input on a rewrite of Asterisk's res_crypto.c module

> On Mar 30, 2022, at 10:25 AM, William Roberts > wrote: > > On Tue, Mar 29, 2022 at 3:40 PM Philip Prindeville > wrote: >> >> Hi, >> >> I'm trying to develop a newer replacement module for Asterisk's res_crypto >> that is (for now) 1.1.

Cross-project request... looking for input on a rewrite of Asterisk's res_crypto.c module

. Anyway, more eyes on the problem are always a good thing. Thanks, -Philip

Autoconf and detecting if bio_st is defined or not

Hi, I was wondering if there was some sort of sentinel variable that tells us if is exporting access to the bio_st structure, or not. Thanks, -Philip

Porting asterisk to Openssl-3.0

*) into a EVP_PKEY canonically in 1.1.0? I can't find an example in the docs. Thanks, -Philip

Coverity failures on github

I'm getting daily reports about static analysis failures: https://github.com/pprindeville/openssl/runs/5060866030?check_suite_focus=true Which says: Run wget https://scan.coverity.com/download/linux64 \ wget https://scan.coverity.com/download/linux64 \ --post-data

Re: PKCS#10 CSR generation and bulky crypto library - Re: Questions about legacy apps/req.c code

remember how I > figured it out, but I think I might have had to look at req.c rather than > finding documentation. > Should supporting openssl.cnf be part of the library API, or externally handled in the command-line utility where it then passes in the values extracted from that file? I'm inclined to KISS and going with the latter. -Philip

Re: Questions about legacy apps/req.c code

nularity of libraries. Maybe even libasn1 being carved out as its own library, even if other things like libssl and libx509 having dependencies on it. -Philip > On Dec 22, 2021, at 11:58 AM, Kyle Hamilton wrote: > > From a conceptual perspective, I think "creating a CSR

Questions about legacy apps/req.c code

? The latter would allow me to move the CSR code into a library and have the app exercise that API. The only downside I can see is that the self-signed certificate path might need to duplicate some of the library code. Is that acceptable? Thanks, -Philip

Examples of adding Private Enterprise Numbers (PEN's) Extensions to CSR

... Is this code even correct? What am I missing? Ditto for X509_REQ_add_extensions(). Thanks, -Philip

Re: Creating a CSR using OpenSSL v1.1.1

> On Apr 29, 2021, at 8:15 AM, Matt Caswell wrote: > > > On 29/04/2021 15:04, Joe Eremita wrote: >> datasig_len = i2d_X509_REQ_INFO( req->req_info, NULL ); > > You can achieve this by instead doing: > > datasig_len = i2d_re_X509_REQ_tbs(req, NULL); > > See: > >

Re: Parsing subject/issuer strings in X.509

multi-valued RDNs if canmulti > * and characters may be escaped by \ > */ > X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const char > *desc) > > Would be good to have such a function as part of the X.509 API. > > David > > On 23.07.

Re: Parsing subject/issuer strings in X.509

s in X509_NAME_oneline(3), x509(1), ... So a public API for > that format may not be a good idea. Perhaps there could be parsers for > the "rfc2253", "rfc2254" and "oneline" formats (or a single parser with > flags to select the format). > > -- > Viktor. > And "rfc4514"... yeah, that would work too. -Philip

Re: Parsing subject/issuer strings in X.509

multi-valued RDNs if canmulti > * and characters may be escaped by \ > */ > X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const char > *desc) > > Would be good to have such a function as part of the X.509 API. > > David > > On 23.07.

Parsing subject/issuer strings in X.509

Hi, I'm wondering what the function is that takes a string and returns X509_NAME with the attribute/value pairs of the parsed DN. Thanks, -Philip

iOS app attest server side

Hi all, Does anyone have any reference code for implementing server-side App Attest for iOS clients? Thanks, -Philip

Re: [openssl-users] Verifying Android hardware attestation certificates with OpenSSL

Did you ever get to the root of this? -Philip > On Oct 30, 2018, at 5:52 PM, Pietu Pohjalainen wrote: > > Dear all, > > I have been trying to verify hardware attestation certificates originating > from different Android phones with the OpenSSL tool. There seems to

Re: [openssl-users] Multi client DTLS server on OpenSSL 1.1.x broken?

> On Aug 15, 2018, at 2:09 PM, Richard Weinberger wrote: > > Philip, > > Am Mittwoch, 15. August 2018, 21:36:30 CEST schrieben Sie: >> >>> [snip] >> >> >> Have you tried using Libevent? It supports SSL/TLS/DTLS connections. > > C

Re: [openssl-users] Multi client DTLS server on OpenSSL 1.1.x broken?

ll hope I miss something. > Can you please help me to figure what the correct approach for multiple > clients is? > > Thanks, > //richard Have you tried using Libevent? It supports SSL/TLS/DTLS connections. -Philip -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Shutdown details

wn can be implemented in Libevent. Thanks, -Philip > On Aug 1, 2018, at 1:46 PM, Alex H wrote: > > [...] The other party MUST respond with a close_notify alert of its own and > close down the connection immediately, discarding any pending writes. > > I've read this befor

[openssl-users] Updating (re-issuing) self-signed cert with keyid, issuer, serial AKI

;copy through" the AKI into the request with -x509toreq? Also attaching the script I’m using. And yes, it’s a 1024-bit key… It’s probably worth scrapping the old key and generating a new one, but before I do that I want to solve the AKI issue... Thanks, -Philip example.crt D

Re: [openssl-users] DSA with OpenSSL-1.1

Well, since we will never go to 1.1, I guess we don't have to worry about it. From: openssl-users on behalf of Kurt Roeckx Sent: Saturday, July 2, 2016 5:53:20 AM To: openssl-users@openssl.org Subject: Re:

[openssl-users] Looking for the Changelog in openssl-fips-2.0.12

Hello, I am looking for the Changelog that explains the changes between openssl-fips-2.0.9 and 2.0.12. The README.FIPS that comes with 2.0.12 points here: https://www.openssl.org/docs/fips but I cannot find the changes. Any help would be most appreciated. Thanks, Phil

Re: [openssl-users] Getting a compilation error on openssl 1.0.1 branch

This was because one of my application makefiles wasnt updated to include the crypto/modes/ folder in its INCLUDES definition. On Thu, Feb 18, 2016 at 8:51 PM, Bobby Philip <bobbyphi...@gmail.com> wrote: > Hi, > I am trying to compile openssl 1.0.1r for android and statically

[openssl-users] Getting a compilation error on openssl 1.0.1 branch

Hi, I am trying to compile openssl 1.0.1r for android and statically link to my application. I am getting a compile error in the file https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/crypto/evp/e_aes.c at line 61 # include "modes_lcl.h" This modes_lcl.h is present at

[openssl-users] Key Deriviation Function Tests for TLS

Hello, In pursuit of FIPS validation using OpenSSL 1.0.2a/ FIPS 2.0.9, we are required by our testing lab to perform KDF tests for TLS (see document NIST SP800-135, Rev 1 section 4.2). Could you please point us to where the source for the KDF TLS test(s) are available. Thank you, Phil

[openssl-users] FIPS test parse error?

One more item of note: The code appears to be erroring out on the keyword SEED. Looking at the source code there appears to be no provision to accept that word, hence the parse error. Hello, We are testing our FIPS implementation which is based on openssl-1.0.2a and openssl-fips-2.0.9.

[openssl-users] FIPS test parse error?

Hello, We are testing our FIPS implementation which is based on openssl-1.0.2a and openssl-fips-2.0.9. We are executing tests on the target machine (which doesn't support running perl scripts so we cannot run fipsalgtest.pl) that are included in the openssl-fips-2.0.9/fips directory, using

[openssl-users] FIPS Validation questions

Hello, We use OpenSSL-1.0.2a and FIPS 2.0.9 and have questions we need to answer in conjunction with the FIPS validation process. One question is whether SHA1 accepts NULL (zero-length) messages? I couldn't find anything on the OpenSSL wiki so I thought I'd ask here. Also, another questions is

[openssl-users] FIPs validation questions

Hello, We use OpenSSL-1.0.2a and FIPS 2.0.9 and have questions we need to answer in conjunction with the FIPS validation process. One question is whether SHA1 accepts NULL (zero-length) messages? I couldn't find anything on the OpenSSL wiki so I thought I'd ask here. Also, another

[openssl-users] FIPS wrapper to lock low level AES calls in FIPS mode

Hello, We are using Openssl-1.0.2a with FIPS 2.0.9 on Linux PPC environment. We have code that we assume needs updating, to avoid using low level routines in FIPS. For example, our snmp v3 implementation currently decrypts/encrypts using AES_set_encrypt_key() and AES_cfb128_encrypt(). The old

Re: [openssl-users] FIPS wrapper to lock low level AES calls in FIPS mode

-boun...@openssl.org] On Behalf Of Philip Bellino Sent: Monday, April 06, 2015 8:03 AM To: openssl-users@openssl.org Subject: [openssl-users] FIPS wrapper to lock low level AES calls in FIPS mode Hello, We are using Openssl-1.0.2a with FIPS 2.0.9 on Linux PPC environment. We have code that we assume

Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithm, and OpenSSL_add_all_ciphers questions

/index.php/EVP_Symmetric_Encryption_and_Decryption Hope this helps, Regards, Michel. De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Philip Bellino Envoyé : jeudi 26 mars 2015 15:53 À : openssl-users@openssl.orgmailto:openssl-users@openssl.org Objet : [openssl-users

[openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions

I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords with cipher des_ede3_cbc as follows: encrypt routines: EVP_CIPHER_CTX_init EVP_EncryptInit_ex EVP_EncryptUpdate EVP_EncryptFinal_ex EVP_CIPHER_CTX_cleanup decrypt routines: EVP_CIPHER_CTX_init EVP_DecryptInit_ex

[openssl-users] AES CBC approved encryption algorithm/option in FIPS

Hello, I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question? If AES CBC Encryption is considered vulnerable to an attacker with the capability to inject arbitrary traffic into the plain-text stream, then why is it listed as an approved algorithm/option in table 4A on page 14

[openssl-users] HMAC-SHA1-96 in FIPS

Hello, I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question. In the FIPS-198-1 document, Chapter 5 discusses truncation with MACs. http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf I believe HMAC-SHA1-96 falls under this category, but I do not see its

[openssl-users] make depend error in openssl-1.0.2/crypto

Hello, We built OpenSSL-1.0.1j (and OpenSSL-fips-2.0.7) within my PowerPC-target build environment and have been using it successfully. We now have upgraded to use OpenSSL-1.0.2 (and OpenSSL-fips-2.0.9). It cannot successfully build because of the following error (which occurs identically 16

[openssl-users] FIPS JCE cryptographic modules usage with Openssl-1.0.1j and openssl-fips-2.0.7

Hello, I apologize if this is not the correct forum for my questions, so here goes. 1. Are the RSA JSafeJCE and the IBM' IBMJESFIPS cryptographic modules being used widely against Openssl in FIPS mode? 2. If so, have these modules kept pace with the latest Openssl FIPS

Re: [openssl-users] OpenSSL mail outage tomorrow 1200-1400UTC

And that's back up and working, right? I've not seen any messages today, but then again it's the holidays... On 12/22/2014 08:56 AM, Steve Marquess wrote: We've been experiencing some issues with the system that handles @openssl.org E-mail and the mailing lists. The hardware vendor will be

Re: [openssl-users] Freeze to mailing list memberships

is Bcc’d. -Philip ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users

Re: X.509 Public Key Fingerprints

Did you ever get anywhere on this? I’m also looking for a function to generate a fingerprint (either MD5 or SHA-1 digest) over a public key DER string. Thanks. On Aug 15, 2012, at 2:53 AM, Curt Sampson c...@cynic.net wrote: I'm designing a protocol that requests certificates for specific

Differences between openssl-fips-2.0.7 and 2.0.8

Hello, I am currently using openssl-fips-2.0.7 and I noticed that 2.0.8 is available on the website. Neither distribution contain a changelog, so I was wondering what changes were made to 2.0.8. Thanks, Phil Phil Bellino Principal Software Engineer | MRV Communications Inc. 300 Apollo Drive |

Looking for an updated programming book...

for something more current. Anyone have any recommendations? Thanks, -Philip __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated

CMS question on encrypting and signing

not documented... Can someone point me in the right direction to do this efficiently? Even though I’m not passing a lot of data in these messages, I do need to keep the latency from processing down. Thanks, -Philip P.S. Back in May it sounded like Kevin Le Gouguec was trying to do something

RE: Query: Disabling SSLv3

Jeffrey, May I ask why you included no-ssl2 as an option to config? Is only adding no-ssl3 not sufficient enough to fully disable SSLv3? Thanks, Phil -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton Sent:

hearbeat_test in openssl-1.0.1j

Hello, Using an FC core Linux 2.6.x i686 system. In openssl-1.0.1h, we were able to build/execute the heartbeat_test as is. In Openssl-1.0.1j, we are now required to add a Configure option enable-unit-test to use the heartbeat_test. Also, the heartbeat_test executable in 1.0.1h was 14K in

RE: Make depend issue in Openssl-1.0.1j/ssl

system search paths. This will get the correct header files from the source tree. If you do something like '-nostdinc -I${SYSROOT}/usr/include -Ipath', then the reverse will happen. Ref https://gcc.gnu.org/onlinedocs/cpp/Search-Path.html. Jay On 10/30/2014 12:40 PM, Philip Bellino wrote: Hello

Make depend issue in Openssl-1.0.1j/ssl

Hello, I am running in the following issue when I do a make depend (after the ./config shared no-ssl3): making depend in ssl... make[3]: Entering directory '.../openssl-1.0.1j/ssl' s3_lib.c:3370:4: #error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.

openssl-fips-2.0.7/test make errors

Hello, I am attempting to use the tests provided in the 'test' directory of the openssl-fips-2.0.7 software. I am under the impression that I should be able to build these tests, transport them to our target hardware and execute them in order to test our port of the openssl and fips software.

Openssl-1.0.1h/test ssltest

Hello, I am attempting to use the tests provided in the 'test' directory of the openssl-1.0.1h software. I have successfully built and ran the tests on our target hardware. There is one test in particular, ssltest, that appears to have a multitude of optional arguments/options that could be

Make issue with openssl-1.0.0f and openssl-1.0.0j

PM To: openssl-users@openssl.org Cc: Barone, Philip Subject: Re: Make issue with openssl-1.0.0f and openssl-1.0.0j The error message is all important. ar: ../../libcrypto.a: cannot write: Bad address Bad address is an invalid pointer, cannot write means some access or system error

Make issue with openssl-1.0.0f and openssl-1.0.0j

Hi, I am having issues make'ing openssl-1.0.0j, f fails as well, on Solaris Patch level 5.10 Generic_147440-13 sparc. It works fine at OS patch level 5.10 Generic_125100-10 sparc. I am compiling this using solaris64-sparcv9-cc like I have always done. It fails trying to create libcrypto.a,

RE: Make issue with openssl-1.0.0f and openssl-1.0.0j

, Barone, Philip wrote: Hi, I am having issues make'ing openssl-1.0.0j, f fails as well, on Solaris Patch level 5.10 Generic_147440-13 sparc. It works fine at OS patch level 5.10 Generic_125100-10 sparc. I am compiling this using solaris64-sparcv9-cc like I have always done. It fails trying

no subject

remove

RE: java to openssl

. The encrypted file .txt is not readable(not alpha numeric) also when I add -a it will output a blank .txt file. Thank you for your help again. Philip Landreth -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent

java to openssl

error if I use -nopad but does not decrypt the file. Also no error with -des-ede-cfb. I am not all that familiar with java and don't know how to finish the partial jumbled code that I was sent either. I would greatly appreciate any help with openssl or the partial java code. Philip Landreth

OT: Using openssl commands to generate VPN (ipsec-tools) self-signed certificates for authentication

this, and could save me re-inventing the wheel by sharing the steps they had done. Thanks, -Philip __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users

Munging ssh key formats

I have a key file that looks like: BEGIN SSH2 PUBLIC KEY Comment: rsa-key-20100318 ... END SSH2 PUBLIC KEY How do I use openssl rsa ... to munge this into the format suitable for ~/.ssh/authorized_keys ? Thanks, -Philip

The question about the Apache SSL

Hello, I have a question about the apache SSL,please help me. Thanks.(httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi) Operation： 1、I made a SSL certification files by myself, and start the openssl s_server； OpenSSL s_server -cert server.pem -key server_nokey.pem -accept -state -debug

Broken getaddrinfo

Hello, I previously emailed this issue to the ([EMAIL PROTECTED]) and was told to email openssl instead, so here goes: Linux 2.6.22.9 Openssl-0.9.8e Ipsec-tools-0.7 When I run the configure script for ipsec-tools-0.7 as follows: ./configure -with-openssl=/usr/local/ssl -enable-ipv6 produces

Block cipher pad is wrong

I am trying to use OpenSSL to secure communications between 2 little apps that I am writing myself. I am trying to use TLSv1, and have tried many different approaches using ADH, as well as authenticating both ends of the connection, but no matter what I try, I always seem to get the error:

RE: signedandenveoped + encryption from commandline

I don't think you're wrong there Alok. The E(KDE)PUBK is A random Des key taken as _data_ and encrypted asymmetrically With the recipient's public key. Only the recipient will be Able to decrypt it, with her private key. Philip Painter Hewlett-Packard Company 07747456508 http://ecardfile.com/id

Re: Session not re-used when exported then re-imported.

Lutz Jaenicke wrote: On Wed, Dec 17, 2003 at 03:37:19PM +, Philip L Smith wrote: I connect fine from one process, display it's details using a version of SSL_SESSION_print(out,x) (taken from sess_id.c), then save the session in use to a file ... This is the output from

Re: Session not re-used when exported then re-imported.

Hi Lutz Have run with ssldump, there doesn't seem to be any session_id being sent from the client. I presume it would show up something like session_id[32]=... under the CS Handshake section. What else might I be doing wrong, or have not set ? In overview this is what I do: --- startup

Re: Session not re-used when exported then re-imported.

This may not be the problem but that PEM stuff looks decidedly dodgy. Just do: s = PEM_read_SSL_SESSION(filePtr, NULL, NULL, NULL); Hi Steve This was it ! Not sure where I got it from anyway. All is now running fine with the client sending the session_id in the resume string.

Session not re-used when exported then re-imported.

I'm having a problem with a client reusing an ssl session between processes. I connect fine from one process, display it's details using a version of SSL_SESSION_print(out,x) (taken from sess_id.c), then save the session in use to a file === // save the session to disk FILE* filePtr; char

Random number??

I have to do to generate random number under Tandem. It works under Windows, but not under tamdem. Anyone can help?? Thanks :( Philip St-Pierre Programme IRIS - Atelier Logiciel Loto-Québec 1801 McGill Collège, 10 ième étage H3A 2N4 Tel: 514-987-2057 ext. 5072

Error code?

Title: Error code? Hi, I wrote the following lines: if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) { errCode = ERR_get_error(); ERR_error_string(errCode, errString); printf(RAND_bytes Error: %s\n, errString); And here is what i get from the printf: RAND_bytes Error:

Re: SSL.PM question

, hence it cannot be bound to the substitution operator. Philip Shanks [EMAIL PROTECTED] - If you find a solution and become attached to it, the solution may become your next problem. (more wisdom from /usr/games/fortune) __ OpenSSL

Problem with seed

result. Any help would greatly help the migraine I'm experiencing! Philip J. Zaleski Software Engineer ITT Industries - Advanced Engineering Sciences 775 Daedalian Drive Rome, NY 13441 Phone: (315) 330-2560 DSN: 587-2560 Email: [EMAIL PROTECTED

problem run test after installing ssleay 0.8.1b

Title: problem run test after installing ssleay 0.8.1b Hi, I am new to openssl and I install ssleay 0.8.1b on to NT4, the compiler is VC++6. Following is what I encounter. perl Confirure VC-WIN32 nmake -f ms\ntdll.mak (everything is fine so far) cd ms test and get the following error:

PEM_write_SSL_SESSION() and Perl

that. Basically, I want to save a SSL session in such a way that I can continue it from within another process and the documentation says that this is the way to do that. Any help will be greatly appreciated. Sincerely, Philip Stoev

Re: OpenSSL on HP/UX

Yes! You may need to use a file "$HOME/.rnd" and stick some random data in it, but it does work. Philip Chase Senior Technical Specialist DST Canada Inc. (416

How to write a client to let the SSL_get_peer_certificate call on server side return a X509 point

Hi: Do you know how to write a client program with certification? I don't know how to setup my client program to use a pem file and let the server side get the certification. In one words, how to write a client program to let the SSL_get_peer_certificate() function call on server side not

Re: Re:How to write a client to let the SSL_get_peer_certificate call on server side return a X509 point

on server side. Philip F. Qi - Original Message - From: "Marcos Rogerio" [EMAIL PROTECTED] To: "Philip F. Qi" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, June 02, 2000 7:46 AM Subject: Re:How to write a client to let the SSL_get_peer_certificate call on server side

RSAglue and mod_ssl

: OpenSSL 0.9.3a 29 May 1999 + SSL library type: installed package (stand-alone) Error: Cannot find OpenSSL's RSAglue library under /usr/local/ssl/lib % I would appreciate any help I can get. Thanks a ton! -Philip __ OpenSSL

ssl handshake failure (was Re: 386 problems)

basically just want to use ssleay as a lynx client. Never thought it would be this difficult. Regards, Philip Ulf Möller wrote: The CVS contained an assembler file that should not have been there. Please remove crypto/bf/asm/bx86unix.cpp and run "make&q