st in the server's supported group list. But that
> would be a new feature and wouldn't be backported to 1.1.1.
>
> PRs to make that change welcome.
Thanks, done.
> Matt
>
Sebastian
r1'. Is there a way to tell
openssl to prefer `x25519' over `secp256r1'?
Sebastian
module wrongly or is not compatible to OpenSSL
1.0.2 when it comes to EC crytpography?
If 1.0.2 is not supported by FIPS 2.0.10, are there any plans to get
another, compatible version of the FIPS object module validated?
Thanks!
Sebastian
___
openssl
SL_new()?
>
>
>
> *Erik Tkal**
> *Juniper OAC/UAC/Pulse Development
>
>
>
> ** **
>
> *From:* owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *Sebastian Raymond
> *Sent:* Tuesday, July 31, 2012 4:18 PM
Its not yet clear for me.
What should be done to disable the compression? Since, the server is not
going to be the openssl s_server.
On Tue, Jul 31, 2012 at 7:35 PM, Sebastian Raymond wrote:
> Hello,
>
> I have tried following:
> 1.
> $openssl s_server -accept 443 -cert
eflate compression and this time, *server
selected null method.*
On Tue, Jul 31, 2012 at 7:16 PM, Dr. Stephen Henson wrote:
> On Tue, Jul 31, 2012, Sebastian Raymond wrote:
>
> > Hello,
> >
> > I have written a SSL client program to talk with SSL server.
> >
> > I
mod_ssl.html#sslinsecurerenegotiation
> documentation.
>
>
> On Mon, Jul 16, 2012 at 11:37 AM, Sebastian Raymond wrote:
>
>> Hello,
>>
>> I was investigating the SSL renegotiation in Openssl.
>>
>> When I emulate the server with s_server and the client with s_client
following error.
*3077585640:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:591*
Can anyone tell me why does this happen? Is there any way to enable SSL
renegotiation in the Apache web server?
Thank You!
--
Regards,
*Sebastian*
o firewall
restrictions.
On Tue, Jul 10, 2012 at 2:38 AM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of Sebastian Raymond
> >Sent: Saturday, 07 July, 2012 05:31
>
> >I have set-up the apache2 on my linux machine. Everything worked fine
> previously.
>
(COMP_CTX *ctx, unsigned char *out,
unsigned int olen, unsigned char *in, unsigned int ilen)
Thank You!
--
Regards,
*Sebastian*
, I
understood that server sends alert messages and connection closes.
When I try to connect to standard websites like www.google.com, connection
does not closes automatically.
What must be going wrong here?
Thank You!
--
Regards,
*Sebastian*
, I
understood that server sends alert messages and connection closes.
When I try to connect to standard websites like www.google.com, connection
does not closes automatically.
What must be going wrong here?
Thank You!
--
Regards,
*Sebastian*
Hi,
is it safe to call functions declared in ssl_locl.h? I'm talking about
SSL_verify_cert_chain() in particular. Is there any policy what should
and should not be assumed to exist in the final lib?
Cheers
Sebastian
__
Op
? I use
only IPv4. If it is so, is there any way that I could add an argument so that
the server listens on udp(without 6 at the end)?
Thank you and best regards!
Sebastian
with 23232 port:
~# openssl s_client -connect 127.0.0.1:23232 -dtls1
CONNECTED(0003) // That's all I receive.
Is there any default port for a DTLS session that openssl opens/uses?
Thanks again!
Sebastian
> Hi Sebastian,
>
> On Jan 17, 2011, at 4:12 PM, Sebastian Proca wrote:
>
> > It's strange for me how comes that, depending on the
> specified arguments, I get two different errors:
> >
> > I case :
> >
> > # ./dtls_udp_echo 127.0.0.1
> >
(0):func(0):reason(0)
Connected to 127.0.0.1
Segmentation fault
Wireshark shows the beginning of dtls negotiation, but it's clear that after
these errors, it stops.
Does someone know the correct usage of this sample? I
t this is something related to my new Openssl
installation, that's why, I made the same test with "ssl2", instead of "dtls1"
and worked, so I guess that this is something nasty happening just in dtls'
case.
Is there something else that should be done here, or somethi
lly working.
Could someone tell me another way of testing dtls capabilities than this one?
Or, do you think that this way of testing is enough to trust the good behaviour
of this functionality?
Thank you in advance,
Sebastian
___
ature and 799562928.crt contains the certificate.
I got only this:
Error reading S/MIME message
28968:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content
type:pk7_mime.c:296
Can someone please help me?
Thanks
regards
Seba
urns the above error. When I continue reading
from the socket, I only get "html HTTP/1.1\r\nHost:
www.foo.bar:443\r\n\r\n". The "GET admin." is lost for my application
and I cannot redirect to https://www.foo.bar:443/admin.html.
Is there a wa
ey values
mismatch:x509_cmp.c:411
suntest07.cer contains the (also selfsigned) x.509-Cert of the server,
mycert.pem contains my private key and certificate.
I'm quit sure, that it can only be a little problem...
Any
Hi,
the block size is always the same as the key length in AES (and the most block
ciphers, I think). You are using 128-AES -> 128 bits key == 16 bytes block size
(q.e.d).
Good luck,
Sebastian
Eric S. Eberhard wrote:
Kyle,
Thank you ... I thought I was missing something (actually
Hi,
didn't used it yet, but OpenSSL seems to work. Why do want to build it yourself,
usally openssl is part of a distribution?! I looked at one of our zLinux
installations - there is an OpenSSL 0.9.6g (not the freshest, is it ;-))
Sebastian
Fan, Zhenqiang wrote:
Hi,
Has anybody buil
Hi,
did you link against the openssl-libs (eg. crypto / sll)? Did you use an (ANSI-)
c compiler or a c++ compiler?
Try
cc(?) prueba.c -I/usr/local/ssl/include -L/path/to/openssl/libs -lcrypto -lssl
Good luck,
Sebastian
Silvia Gisela Pavon Velasco wrote:
I have sent this before and got no
Hmmm,
is your app builded in a debug version (eg. active configuration -> Debug)? If
so, I would expect that windows will automatically start VC++ with a debug
session when your app crashes. In such a session you can determine the crash
point in the call stack.
Good luck,
Sebastian
Layla wr
Hi Layla,
there a no special settings for RSA. What are your problems to run your app -
please tell us the errors / abends you get to help us locating the cause(s).
Sebastian
Layla wrote:
Angel,
Thank you sooo much for the function, I really appreciate it, but as
I've expected it didn
Sure,
take a look at http://www.openssl.org/docs/crypto/crypto.html.
Renember to link against libcrypto...
Sebastian
cranium2003 wrote:
hello,
I want to write a RSA encryption decryption
program in C that encrypt data on one pc sends that
encrypted data to other pc and get it decrypted on
is caused by calling RSA_size() with a null pointer -
unfortnunfortunately RSA_size() doesn't like null pointers.
See: http://www.openssl.org/docs/crypto/RSA_size.html
Good luck,
Sebastian
Hi all,
I'm trying to develop a C++ application to encrypt and decrypt data
using RSA pub
data type created by 'i2d_DIST_POINT_NAME' ?
- An openssl-standard function, that is able to extract the string?
- Another approuch to extract the CRL-Distpoints from an X509v3-cert?
TIA,
Sebastian
--
char *getCrlDistPoint(X509 *xcert, unsigned char *filter) {
X509_EXTENSION * ext
> It's good to check this for NULL. Actualy, it's good to check
> EVERY
> function if it behaves normally.
>
> subject = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0)
> I don't know what this exactly do, there's no doc
convert an existing file between DER and PEM formats. And I
haven't found another command with that functionality. Maybe
you would want to expand openssl there.
Anyway, thanks for your attention.
Sebastian
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
t; example to study certificates and PKI and
openssl, which I need to do.
Sebastian
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
st regards,
Sebastian
julien Bournelle (10/10/2001 10:33 AM):
>On Wed, 10 Oct 2001, Alper Oezmacun wrote:
>
>> this link you gave is not valid anymore (unfortunately).
>
>go to teamware.com and search for OpenSSL there's a document :
>
>Inetgrating
ouble of modifying fields back and forth.
Please try and use a different commonName parameters in openssl.cnf for different
certificates.
>By definition, if it is Self-Signed it is trusted.
I am not aware of such a thing. But, again, I am not very experienced so I will let
others conf
Hi,
Of course you can (or should, actually) do that. I wast just talking about the
pre-defined list of CAs that the browser trust. Sorry if I wasn't clear. English is
not my native language.
Best regards,
Sebastian
Michael Sierchio (9/16/2001 6:48 PM):
>Sebastian Paul Avarvar
drivers for the reader are not installed. In
Services I have "Smart Card Helper" and "Smart Card Resource Manager" but they show
dependencies to an unexistent "Smart Card Reader" service.
Can anyone please help? Thank you.
Best regards,
Seba
f index.txt is empty (no certificates issued), the serial file should contain the
string "01" (without quotation marks).
Hope this helps.
Best regards,
Sebastian
E-mail: [EMAIL PROTECTED]
Michael Howard (8/13/2001 2:49 PM):
>OpenSLL Folks,
>
>I am using OpenSSL 0.9
rnel sources from HDD, to have some more
space. Do I need to put the sources back?
Also, can someone tell me how can I check if my kernel is actually compiled with
support for elf binaries?
Thank you very much for helping a poor beginner.
Best regards,
Sebastian Paul Avarvarei
E-mail: [EMAIL
yptlib.h:70,
from cryptlib.c:61:
/usr/include/bits/errno.h:25: linux/errno.h: No such file or directory
make[1]: *** [cryptlib.o] Error1
Can someone please suggest what migth be wrong?
Thank you in advance!
Best regards,
Sebastian Paul Avar
40 matches
Mail list logo