We have some code that was working with OpenSSL 0.9.6d this morning. Now
that I've upgraded to 0.9.6g it's failing.
OBJ_txt2nid(2.5.29.17) is now returning 0 instead of the expected 85
(NID_subject_alt_name).
OBJ_nid2sn(NID_subject_alt_name) does return subjectAltName.
It seems that the
Averroes,
Examining a certificate stored inside an executable will be much more
difficult than examining one that is is stored in a PEM file.
However, there should be no risks with either approach because a certificate
is considered public and it should not contain any private data. The
As the other two Stephen commented, look for the top-most structures, that
is the higher-level structures that contain other structures. From your
output below, it looks like the top-most structure is the one allocated at
ssl_sess.c:114. This is the SSL_SESSION object allocated by
I think you want stunnel which allows you to setup an SSL link to your
existing POP3 server.
It's at: http://www.stunnel.org/
-Original Message-
From: Gazi Altafin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 17 July 2001 4:27 AM
To: [EMAIL PROTECTED]
Subject: Re: pop3+ssl
Marko Asplund
I once
saw something similar when using the Win32 pthreads library for the
multithreaded app. pthread_self calledTlsGetValue (I think) which
resets the error value. pthread_self was being called when the error stack
logged the error.
-Original Message-From: Thomas Jongepier
Underscore is not a valid character for PRINTABLESTRING's, however it is for
IA5STRING. It seems that keytool has encoded the component of the name that
contains the underscore as a PRINTABLESTRING, and therefore has produced an
illegal ASN.1 encoding. Perhaps you should avoid using the
You need to write a function named verify_callback. Look at apps/s_cb.c for
an example.
-Original Message-
From: Marcus Carey [SMTP:[EMAIL PROTECTED]]
Sent: Friday, April 27, 2001 11:35 AM
To: [EMAIL PROTECTED]
Subject: Error calling Verify Callback
#include ssl.h
Yes, SSL_new() copies several items, including the verify callback, from the
SSL_CTX into the SSL object. This is so that these members can be altered
in the SSL object without altering the SSL_CTX which may be used for
creating other SSL's.
-Original Message-
From: Colin Fox
Have a look at the -pubout option of the "openssl rsa" command.
-Original Message-
From: Satish Krishnan [SMTP:[EMAIL PROTECTED]]
Sent: Monday, April 09, 2001 3:28 PM
To: [EMAIL PROTECTED]
Subject: public key
hi
i have generated a private key using rsa with openssl.how do
Did you do a select() after the BIO_do_connect()?
Steven
--
Steven Reddie [EMAIL PROTECTED]
Senior Software Engineer
Computer Associates Pty Ltd (Australia)
-Original Message-
From: Wirta, Ville [SMTP:[EMAIL PROTECTED]]
Sent: Monday, April 02, 2001 11:54 PM
To: '[EMAIL PROTECTED]'
Does "openssl x509 -in cert.def -inform DER -text" work? If it fails too,
maybe you've got an invalid certificate.
-Original Message-
From: Natarajan Swaminathan [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, March 29, 2001 5:10 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL
From other discussions on this list over the last few weeks it sounds like
the modulus read from the smartcard can be byte reversed. If the 1024-bit
modulus is 0x87..43 but your smartcard is giving it to you byte reversed
then you could be trying to use the modulus 0x43.87 which would is
of recovering the 16 byte original data from
the 128 byte signiture block I get a 128 byte block of rubbish.
Any clues as to what I can try?
thanks
bruce
- Original Message -
From: "Reddie, Steven" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 09, 200
You got it. Call RSA_new() to allocate and initialize the RSA struct, the
BN_bin2bn to generate the BIGNUM's. Something along the following lines
should do it:
RSA* rsa = RSA_new();
rsa-n = BN_bin2bn(modulus, modulus_size, NULL);
rsa-e = BN_bin2bn(exponent,
The RSA key components are as follows:
n - modulus, mandatory for public and private
e - public exponent, mandatory for public
d - private exponent, mandatory for private
p, q, dmp1, qmp1, iqmp - optional for private
If the key contains (n, e,
this.
Steven
-Original Message-
From: Andrey Kubyshev [SMTP:[EMAIL PROTECTED]]
Sent: Monday, February 26, 2001 12:16 PM
To: Reddie, Steven
Subject: Re[2]: RSA_check_key (pub_rsa) crashes
Hello Steven,
Thank you for quick answer!
Steven RSA_check_key checks the consistency
PKCS#1 padding type 1 pads with 0xff bytes, and padding type 2 pads with
random data (terminated with a 0x00 byte). You probably observed that
RSA_eay_public_encrypt uses padding type 2 (random data), though
RSA_eay_private_encrypt uses padding type 1. Since "RSA encryption"
typically means
I haven't seen this problem, though I've only used the stable releases.
d2i_RSAPrivateKey is in crypto/asn1/d2i_r_pr.c and should obviously be
compiled and linked into the library.
Steven
--
Steven Reddie [EMAIL PROTECTED]
Senior Software Engineer
Computer Associates Pty Ltd (Australia)
An RSA private key, in addition to containing the private key components,
contains the components of the associated RSA public key. A public key
consists of the following components:
n, e
A private key consists of the following components:
n, e, d, p, q, dmpq, dmq1, iqmp
So, when
Try www.rsa.com and click through to "RSA Labs" then "PKCS".
-Original Message-
From: John Gebbie [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 10:15 AM
To: [EMAIL PROTECTED]
Subject: RE: Looking for ASN.1 specification for PKCS7
Do you have any specific links
To test if a particular RSA private key matches a particular RSA public key,
you need to compare the modulus (evp_pkey-pkey.rsa-n) and public exponent
(evp_pkey-pkey.rsa.e) components of the keys (these components will match
is the keys are a pair).
I don't know of an OpenSSL function that will
How have you generated the key? With a function, or with the openssl
executable?
An RSA private key typically includes the key material of the associated
public key, so you probably have both the public and private key combined.
-Original Message-
From: Hernan Campo [SMTP:[EMAIL
Check that the parameters to this memcpy call are satisfactory (ie. pointers
to valid memory, and that the length doesn't extend into invalid memory).
If they aren't satisfactory then there is obviously a problem with the wr
structure. If the parameters are satisfactory, then perhaps memory has
I think he means that when a non-SSL client connects to some SSL server that
uses the OpenSSL code, the SSL version number check causes the connection to
be dropped due to an incorrect version. I've seen this myself when some
data made its way down the socket ahead of the SSL handshake. I think
24 matches
Mail list logo