Jorey Bump wrote:
[...]
OK, if someone acquired your CA's key you're deep in the dirt,
regardless wether you use CRLs or not, since the evil one can build
his/her own CRLs with the signature of your CA. ;)
But only with the passphrase of the CA private key, correct?
Yes, correct, the bad
> Doing this now, but since my app is a server, it never really reaches
> the end, and the leaks build up during its lifetime, which I'd rather
> hoped could be more than a day or so. As it is now, the process'
> virtual memory size quickly reaches 3.5 GB, and then malloc() starts
> failing.
Somet
If you're referring to http://www.openssl.org/support/faq.html
3. How do I read or write a DER encoded buffer using the ASN1 functions?
...
The opposite assumes we already have len bytes in buf:
unsigned char *p;
p = buf;
p7 = d2i_PKCS7(NULL, &p, len);
At this point p7 contains a valid PKCS
Jorey Bump wrote:
Bernhard Froehlich wrote:
The idea behind a CRL is to have the possibility to publicly revoke a
certificate before it expires (so setting default_crl_days equal to
default days is not very sensible, you should just work without a CRL
in such a case).
Is this as simple as
Edward Chan wrote:
What am I doing wrong here? I generate an RSA key. Then I DER encode
it. Then try to decode it, but the decode fails. The error says,
"error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long"
RSA* rsa = RSA_generate_key(2048, RSA_F4, 0, 0);
if (rsa)
{
Bernhard Froehlich wrote:
Jorey Bump wrote:
Is this as simple as commenting out default_crl_days? I've noticed
that a certificate with a longer default_days will be treated as
expired when default_crl_days is reached. Yet, I don't see the CRL
period in the signed certificate when I view it w
On Jul 18, 2005, at 18:57, Simon Edwards wrote:
I don't know if it helps you much, but since the FAQ is a bit
cryptic it may
help. I've used...
ERR_remove_state()
...at the end of each thread.
Doing this.
Plus...
CRYPTO_cleanup_all_ex_data()
CONF_modules_free()
ERR_free_strings()
EVP_c
Title: d2i_RSAPublicKey doesn't work
What am I doing wrong here? I generate an RSA key. Then I DER encode it. Then try to decode it, but the decode fails. The error says, "error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long"
RSA* rsa = RSA_generate_key(2048, RSA_F4, 0,
Hi Axel,
I don't know if it helps you much, but since the FAQ is a bit cryptic it may
help. I've used...
ERR_remove_state()
...at the end of each thread.
Plus...
CRYPTO_cleanup_all_ex_data()
CONF_modules_free()
ERR_free_strings()
EVP_cleanup()
... at the end of the application.
I have no le
Yes, You need to call other functions as well.
-Amar
Axel Andersson wrote:
Yes, thank you, indeed I have read that, and I am using
ERR_remove_state() at the end of the thread. Looks to me like the
other functions should be used before terminating the application,
not for per-thread cleanu
[EMAIL PROTECTED] writes:
as far as I read the text from the RFC, they are talkin about non-negative
numbers. So the range is from 0 to 2^(159)-1 because the one bit missing
indicates a negative number.
True. That doesn't change my point, though :-).
Cheers,
Richard
-
Please conside
Hi,
I have a question regarding how to compile Openssl to make it thread safe.
What MACROS have to be enabled for this.
Regards
Suram
__
OpenSSL Project http://www.openssl.org
User Support Mail
On Jul 18, 2005, at 14:11, Amar Desai wrote:
http://www.openssl.org/support/faq.html
Search for the words *memory leak*
Yes, thank you, indeed I have read that, and I am using
ERR_remove_state() at the end of the thread. Looks to me like the
other functions should be used before terminati
We have an Apache web server installed on a Windows server.
We are trying to get SSL to work on this site but have been unsuccessful. We
created the certificate file and have received our key file from Verisign. We
have downloaded OpenSSL.
First, where can I find the install.w32 instructi
Richard,
as far as I read the text from the RFC, they are talkin about non-negative
numbers. So the range is from 0 to 2^(159)-1 because the one bit missing
indicates a negative number.
Best regards
Thomas Beckmann
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PR
Jorey Bump writes:
And RFC 3280 has this to say:
4.1.2.2 Serial number
The serial number MUST be a positive integer assigned by the CA to
each certificate. It MUST be unique for each certificate issued by a
given CA (i.e., the issuer name and serial number identify a unique
cer
Jorey Bump wrote:
There is one caveat: the number of characters must be even:
unable to load number from /etc/ssl/CA/serial
error while loading serial number
3068:error:0D066091:asn1 encoding routines:a2i_ASN1_INTEGER:odd number
of chars:f_int.c:162:
Therefore, I needed to modify my command:
Bernhard Froehlich wrote:
The idea behind a CRL is to have the possibility to publicly revoke a
certificate before it expires (so setting default_crl_days equal to
default days is not very sensible, you should just work without a CRL in
such a case).
Is this as simple as commenting out defau
http://www.openssl.org/support/faq.html
Search for the words *memory leak*
-Amar.
Axel Andersson wrote:
Hello,
I'm investigating a leak in a server application, which I've managed
to reduce to a test case which involves OpenSSL and threads. I've put
the code up at http://www.zankasoftwar
BTW, that was for compiling 0.9.7e
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Franz, Paul
Sent: Monday, July 18, 2005 6:16 AM
To: openssl-users@openssl.org
Subject: Re: OpenSSL 0.9.8 with AIX 5.2
I have but, it has been awhile. I was able to do it un
Title: PKCS12_parse() fails (0.9.8.)
PKCS12_parse() fails (returns 0) in my case, although PKCS12_verify_mac() succeed (return 1).
I have tried to export cert & key into .pfx file in two ways:
- using Internet Explorer GUI,
- using java's keytool.
but still the same. What should I do?
Excatly!!! That's why, I can't use OpenSSL 0.9.8 so I have to stay with 0.9.7g for now.
But I don't understand this one... I have 21 servers... Only one server (AIX 5.2 with GCC) accepted with OpenSSL 0.9.8 but 20 servers can't... Isn't strange? :-(
TomJacques Lebastard <[EMAIL PROTECTED]>
I have but, it has been awhile. I was able to do it under AIX 5.1 and I ran
"configure" using custom options. They are:
./config no-idea no-threads -fPIC
The original system that was running 5.1 is now upgraded to 5.3 and have to
switch to the IBM C/C++ compiler due to no gcc compiler being ava
Hello,
I'm investigating a leak in a server application, which I've managed
to reduce to a test case which involves OpenSSL and threads. I've put
the code up at http://www.zankasoftware.com/ssltest/server.c if
anyone would be willing to take a look and see what I'm doing wrong.
Every time
Milan Tomic wrote:
Thank you Ted. It compiles now. :>
How can I set client certificate for SSL connection? I keep cert in
sslclient.pfx file.
Best regards,
Milan
You should have a look at the sample code for the SSL book, which is
downloadable on http://www.opensslbook.com/code.html
The cl
Thank you Ted. It compiles now. :>
How can I set client certificate for SSL connection? I keep cert in
sslclient.pfx file.
Best regards,
Milan
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Bernhard Froehlich
> Sent: Friday, July 15, 2005 1:
Tom Spence a écrit :
Hello,
I have very small problem but it won't running... Please help me...
Here is what I got:
# ./Configure aix-gcc
(no problem)
# make
gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
-DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c -o aix_pp
27 matches
Mail list logo
