s 1k ... the output is buffered through BIO_f_buffer() which uses a 4k
buffer ...
may be the buffering is buggy? so that the data gets corrupted every 4k?
Any idea or hints are welcome ...
André Weber
which just reads 1k and
writes 1k ... the output is buffered through BIO_f_buffer() which uses a 4k buffer ...
may be the buffering is buggy? so that the data gets corrupted every 4k?
Any idea or hints are welcome ...
André Weber
uestion remains: How to handle this issue?
Thanks In Advance
--
Christian Weber
Am 28.01.2022 um 13:58 schrieb Russ Housley:
RFC 3161 says:
2.3. Identification of the TSA
The TSA MUST sign each time-stamp message with a key reserved
specifically for that purpose. A TSA MAY have
in advance
--
Christian Weber
--
Christian Weber
(X509AT_ATTRIBUTE)
What's the proper substitute in 1.1.1c?
Thanks in advance
-- Christian Weber
Am 27.06.2017 um 14:18 schrieb Salz, Rich via openssl-users:
1.0.2 does not have full RSA-PSS support; you can’t use it.
Thanks Rich, in my case it works, because we partially do the
verification (and algo selection) work externally.
We just need to access the public key which is rsa in
limitation we avoid updating to 1.1.0 as we assume that
there will be several adaptations neccessary ...
-- Christian Weber
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
Christian Weber
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
measures or even successfully
using verification with indirect crls?
BTW: The current version, 1.0.1g, seems to make no difference in
behavior since the relevant
portions of the code seem to be untouched.
Thanks in advance
--
Christian Weber
--
openssl-users mailing list
To unsubscr
Sorry, my fault. The file to de signed couldn't be hashed correctly due
to an error while applying a patch
to the original sources.
Please ignore the issue.
--
Christian Weber
Am 09.03.2016 um 15:13 schrieb we...@infotech.de:
Dear openssl users,
we're using openssl since quite a longer time
within the users mailing
list nor we traced down
the issue itself.
Heard about this issue before? Any idea?
Thanks in advance
--
Christian Weber
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Am 09.01.2015 um 01:11 schrieb Matt Caswell: On 09/01/15 00:05,
Christian Weber wrote:
Thanks Matt, i just assumed the BIGNUMs were the coordinates without any
projection - obviously that assumption was wrong - mislead by the funtions name.
What interests me is to how you accessed the BIGNUMs
-- Chris
Am 08.01.2015 um 22:43 schrieb Matt Caswell m...@openssl.org:
On 08/01/15 17:16, Christian Weber wrote:
Dear OpenSSL-Users,
recently i found a pitfall using EC_KEY_get0_public_key(key-pkey.ec).
The function just returns a copy to a pointer to key-pub_key which is a
EC_POINT
Dear OpenSSL-Users,
recently i found a pitfall using EC_KEY_get0_public_key(key-pkey.ec).
The function just returns a copy to a pointer to key-pub_key which is a
EC_POINT pointer.
The key itself is taken from a certificate using EVP_PKEY *key =
X509_get_pubkey(cert);
Fine, i assumed, these
-WIN32.
The compiled libraries remain being build against the 32-bit versions.
So what am i missing? Is there any real support for Win64?
Thanks in advance
--
Christian Weber
Security Software
Abteilungsleiter Entwicklung
mailto:we...@infotech.de
--
Infotech Gesellschaft für
Informations- und
contain the code for multiple platforms like fat
libraries under osx.
Thank you
--
Christian Weber
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
in apps/s_cerver.c?
Any opinions about possible security weakening against implementing
the lookup within the callback?
TIA
-- Christian Weber
__
OpenSSL Project http://www.openssl.org
User Support
, professionOIDs, ASN1_OBJECT),
Steve.
Yes, your're absolutely right. Applying your definition, the proposed path
becomes obsolete.
Thank you.
--
Christian Weber
__
OpenSSL Project http://www.openssl.org
User
(), just as in the old manner, but then the contents happens to
be processed twice (hash calculation and signature processing) when the
data is written, because the output routine heavily depends on the new
auxiliary asn1 callback.
Any hint? What am i missing?
TIA
--
Christian Weber
be revised.
If the former, i would appreciate to see them in the mainstream.
Christian Weber wrote on 10.03.2011 at 18:40:
...
--- C:/wrk/openssl-1.0.0d/crypto/asn1/tasn_dec.cTue Jun 15
18:25:06 2010
+++ S:/Build/SAK-2.1/openssl-1.0.0d/crypto/asn1/tasn_dec.cThu Mar
10 01:26:40 2011
@@ -188,6
,
ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
goto err;
We wonder if this critical in any aspect? With the patch the lib still seems to
work for us.
What are we missing? Any hints?
TIA
--
Christian Weber
On 02/15/2011 05:01 PM, Dr. Stephen Henson wrote:
It can be done in the openssl.cnf file but not in general for all
openssl utility subcommands.
Steve.
Thanks, that worked. In my engines section I can write:
MY_PARAMETER = value
MY_PARAMETER2 = EMPTY
One additional (meta-)question:
Who
Hello,
I have written a dynamic engine that implements digest algorithms. The
engine got an entry in the openssl.conf file to make it replace the
default digest implementation:
./openssl dgst -sha1 my_file.dat
I also added support for some command-line parameters in the engines
code. Now I
Dear OpenSSL users,
lately I ran into a problem when trying to parse attributecertificates (ACs).
ACs contain a sequence of attributes which look like x509v5 attributes.
I've decided to use parts of the AC implementation from Daniel Díaz-Sánchez
(downloable at
Hi,
up to now the error message is still the same - thats the last lines of
repeater before the repeat thread crashes
Server: bytesReceived: 1024 / bytesSent: 1024 / sumS: 1022335
Server: bytesReceived: 1024 / bytesSent: 1024 / sumS: 1023359
Server: bytesReceived: 1024 / bytesSent: 1024 /
Hi,
Yes, the code is prone to deadlock. The code implements the I will not
start doing X until I finish doing Y logic. This is known to cause
deadlocks in proxies, as one end or the other of the connection proxied
inevitably has an I will not start doing Y until I finish doing X logic.
You
keys will be different, and the rolling HMAC key
will be different. This will make the other endpoint give up with a
decryption_failed or bad_record_mac alert. (I still can't figure
out why you'd be seeing an unexpected_message alert.)
-Kyle H
On Fri, Oct 31, 2008 at 4:04 AM, Weber Antonio
Dear participators,
trying to add some x509v3 extension awareness tu openssl
we've become a bit short for solutions.
x509 extensions are as versatile as asn1 permits. As extension
to certificates there are an object id and a critical flag
followed by whatsoever.
If it comes to unknown oids at
at check_issued, but the search was in vain.
Any hints?
TIA
--
Christian Weber
mailto:[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl
at check_issued, but the search was in vain.
Is there any function to do a comparation of two ASN_TIME values
correctly though different formats and timezones may be in use?
Any hints?
TIA
--
Christian Weber
__
OpenSSL Project
Hi again,
sorry, we just found the error in using the Macros.
When an asn structure is being parsed, the pointer to the funding
ASN_OCTET_STRING becomes modified and thus points no no freeable
memory.
Christian Weber schrieb am 10.07.2008 13:41:
...
To implement a validity checking which
x509_vfy.c,
perhaps at check_issued, but the search was in vain.
Is there any function to do a comparation of two ASN_TIME values
correctly though different formats and timezones may be in use?
Any hints?
TIA
--
Christian Weber
__
OpenSSL
is included in pq_compat.h
so the PQ_64BIT remains undefined.
Is this a typo in ph_compat.h?
How is BN_LLONG to be read? If defined
- BNs shall be used instead of native 64-bit integers - or -
- use native 64-bit integers (that are hopefully supported)?
TIA
--
Christian Weber
Business Service
Hi All,
I developed an SSL-enabled web server. I'm firing up SSL on incoming
connections with SSL_accept().
Now, if someone connects to my webserver not using SSL, but sending the
GET ... without the SSL handshake, I get an SSL Error
(error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http
the code in
that module, but it's a hit and miss approach. Upgrading to a newer
compiler should fix the problem (since this builds fine under VC6 and up).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christian Weber
Sent: Wednesday, 13 July 2005 4
file for more information
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.
Is there any cure known?
TIA
--
Christian Weber
mailto:[EMAIL PROTECTED]Tel: 02361/91300
For information on InfoTech visit http://www.InfoTech.de
nnG1d9aULRodW3iVbSkSOPXsECPb7u9D5WWs8OS3TZ7PvEKHEmVt3Qmd44hJsbXW
2yfLUrptSC1DcGrvvc9eRSb2g1o=
.
-- snapp --
Thanks in advance
--
Christian Weber
mailto:[EMAIL PROTECTED]Tel: 02361/91300
For information on InfoTech visit http://www.InfoTech.de/
__
OpenSSL Project
SOLVED, thank you Michael D'Errico
Cutaway
Michael D'Errico wrote:
g++ -o hasher hasher.o form1.o moc_form1.o -L/usr/qt/3/lib
-L/usr/X11R6/lib -lqt -lXext -lX11 -lm
You need to add -lcrypto and maybe -lssl.
Mike
__
I am not sure why I am geting the following errors when I try to call
functions that are included by OpenSSL. I basically copied the code out
of the O'Reilly OpenSSL book, so the code should be okay. I have
included the OpenSSL EVP headers (and even tried to include all the
digest headers) but I
lib into the borland projects.
Since the latest version 0.9.7e of 10/25 we get
an error message from the linker:
Unresolved external EVP_sha1
EVP_md5() and EVP_dss() both do work (with the same lib.
Is this a known problem? Any Solution?
Thanks in advance
--
Christian Weber
mailto:[EMAIL PROTECTED
/mmoZGxDRMM4Nwt7+YPJ83u7+7LGnEM3uueyx4z/nu5LFAyIHE
uEdaVNnjdem40j/6hjxd64ayBB6CuZyVC5I5GWE7TYjr5kP/hu9E1w4tzrP08C5V
kb7vu2Cz
Sorry, i had to code it this way to get it into the list.
Thanks in advance
--
Christian Weber
mailto:[EMAIL PROTECTED
==
thanks in advance again
--
Christian Weber
mailto:[EMAIL PROTECTED]Tel: 02361/91300
For information on InfoTech visit http://www.InfoTech.de/
__
OpenSSL
?
Thanks for hints.
--
Christian Weber
mailto:[EMAIL PROTECTED]Tel: 02361/91300
For information on InfoTech visit http://www.InfoTech.de
__
OpenSSL Project http://www.openssl.org
User Support Mailing
of
the memory data through the filter BIO be triggered?
Thanks in advance
--
Christian Weber
mailto:[EMAIL PROTECTED]Tel: 02361/91300
For information on InfoTech visit http://www.InfoTech.de
__
OpenSSL Project
After building openssl for HPUX11 using aCC, I get the
following error when running the test suite:
bash-2.04$ ./bntest /dev/null
test BN_add
test BN_sub
test BN_lshift1
Left shift one test failed!
The last few lines (with stdout included) are:
test BN_lshift1
On Fri, Oct 06, 2000 at 03:46:01PM -0400, Aram Khalili wrote:
So I've read RFC2459 to some enlightenment, as I now use
crlDistributionPoints=DNS:crl.name.com, cRLIssuer:issuer, DNS:cert.name.com
or
crlDistributionPoints=DNS:crl.name.com, fullName:issuer, DNS:cert.name.com
for both
Hello OpenSSL-Developers !
While playing with "ca" in openssl-SNAP-2209 i recognize that the value
of days is not printed correct during certification, e.g.:
Using the following command to sign a request
openssl ca -in req.pem -out cert.pem -outdir certs \
-startdate
On Thu, Oct 21, 1999 at 11:13:07AM +0200, Florian Baier wrote:
Hi Steve,
The two files causing trouble are attached.
Greets, Florian
At 13:10 20.10.99 +0100, you wrote:
Florian Baier wrote:
Hello,
i tried to find a qd "workaround" for
On Tue, May 11, 1999 at 06:13:16PM -0800, Michael wrote:
Can someone point me to a more comprehensive description of the
openssl command line documentation. The stuff on the web site is not
very illuminating.
I don´t think that there is such a description. But you can do
something like
On Fri, May 07, 1999 at 02:04:25PM +, Michael Ströder wrote:
Hmm, but most times the client does not have OpenSSL to calculate that.
Most times you have Netscape Communicator or something like this on the
requester's side. I think PKIX proposes to send a master secret to the
requester
On Fri, May 07, 1999 at 12:28:33AM +0200, Massimiliano Pala wrote:
1) Fingerprint for requests
It would be nice to see an option "fingerprint" for the "req" application,
like in the "x509" application.
For example:
openssl req -fingerprint -in req.pem
This should
On Fri, Mar 26, 1999 at 08:59:48PM +0100, [EMAIL PROTECTED] wrote:
I have the need to revoke a certificate, anyway I cannot find the revoke
facility to manage the job ( including altering the index.txt that I think
is used to manage the CRL (??)).
Where do I find it?? ( command line
53 matches
Mail list logo