Hi ,
I am building FIPS compliant OpenSSL in HP-UX PA
11.11 architecture. I was build the FIPS module from the source with the
security policy 140-2 suggested in the FIPS user guide.
The steps followed to build the FIPS module
are
./config fips
make
make install
The steps followed t
On Wed, Jun 14, 2006 14:33:35 PM -0700, david kine
([EMAIL PROTECTED]) wrote:
> You're missing the -CAfile option in s_client.
I have no access to that server right now, so I can't run the test
right away, but:
ok as far as openssl s_client is concerned, but what about using the
cert when the se
You're missing the -CAfile option in s_client."M. Fioretti" <[EMAIL PROTECTED]> wrote: On Wed, Jun 14, 2006 12:11:55 PM +0200, io ([EMAIL PROTECTED])wrote:> Hello,> > I am configuring a remote x86 Centos 4.3 box (running in UML) as> personal web and email server. Openssl version is openssl-0.9.7a-
On Wed, Jun 14, 2006 12:11:55 PM +0200, io ([EMAIL PROTECTED])
wrote:
> Hello,
>
> I am configuring a remote x86 Centos 4.3 box (running in UML) as
> personal web and email server. Openssl version is openssl-0.9.7a-43.8.
> I want it to be able to serve https pages and to securely
> forward/email
Hi,
I'm creating a download manager with the library wxWidgets, and until now the
program supports multithread download by HTTP and FTP protocol. Now I
want to implement downloads by HTTPS.
Asking in some mail list, they recommend the use of OpenSSL to do
this. Some people said that I need establ
Hello,
> > The version of openssl that seems to be working correctly is 0.9.7a.
>
> The problems I reported previously are with 0.9.7a, and there is no
> other version installed anywhere on my box.
Maybe you should connect to your SSL mail server with "openssl s_client"
for test ?
Best regards,
On Wed, Jun 14, 2006 14:52:38 PM -0400, Darryl Cook
([EMAIL PROTECTED]) wrote:
> The version of openssl that seems to be working correctly is 0.9.7a.
The problems I reported previously are with 0.9.7a, and there is no
other version installed anywhere on my box.
Ciao,
Marco
PS for Darryl
Well after a great deal of work I finally got it work. It seems that the
problem is with dovecot configuration and openssl. I got to poking around and
found that I had both an rpm for openssl and had installed it in /usr/local/ssl
manually as well. The two were different versions. I took the
Hi
I´m trying to remove
features not used by our project from openssl (0.9.8b) but some options do
not work.
First, i´ve tried
use only "perl Configure VC-WIN32 no-hw". When linking libeay, the .def
file export
functions that do
not exists due no-hw switch giving a linker error.
Seco
On Wed, Jun 14, 2006 18:46:37 PM +0200, Dr. Stephen Henson
([EMAIL PROTECTED]) wrote:
> The CA.pl script should be installed as part of OpenSSL somewhere.
No, not on Centos:
ls -l /usr/share/ssl/misc/
total 28
-rwxr-xr-x 1 root root 3520 Jun 13 07:06 CA
-rwxr-xr-x 1 root root 119 Mar 8 20:
On Wed, Jun 14, 2006, M. Fioretti wrote:
> On Wed, Jun 14, 2006 13:15:42 PM +0200, Dr. Stephen Henson
> ([EMAIL PROTECTED]) wrote:
> > On Wed, Jun 14, 2006, M. Fioretti wrote:
> > >
> > > Therefore, I have generated a certificate following, on the server,
> > > the procedure at
> > > http://wande
Thanks so much for the input ... at least I know whether to devote more time
to ssl or dovecot now.Quoting Marek Marcola
<[EMAIL PROTECTED]>:> Hello,>>>
write:errno=104> This errno means: Connection reset by peer>> Best regards,> --> Marek Marcola
<[EMAIL PROTECTED]>>>
_
On Wed, Jun 14, 2006 10:32:18 AM -0400, Darryl Cook
([EMAIL PROTECTED]) wrote:
> I am having problems getting Dovecot and SSL to work correctly.
> I feel like I am really close but just cant quite get there.
> Im running the following:
>
> Redhat Linux Enterprise Edition version 4 update 3
> open
I am having problems getting Dovecot and SSL to work correctly.
I feel like I am really close but just cant quite get there.
Im running the following:
Redhat Linux Enterprise Edition version 4 update 3
openssl version 0.9.8a
Dovecot version 1.0.beta7
I have created the certificates and am trying
Hello,
> write:errno=104
This errno means: Connection reset by peer
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hello,
> I am having problems getting Dovecot and SSL to work correctly.
> I feel like I am really close but just cant quite get there.
> Im running the following:
>
> Redhat Linux Enterprise Edition version 4 update 3
> openssl version 0.9.8a
> Dovecot version 1.0.beta7
>
> I have created the c
I am having problems getting Dovecot and SSL to work correctly.I feel
like I am really close but just cant quite get there.Im running the
following:Redhat Linux Enterprise Edition version 4 update 3openssl version 0.9.8aDovecot version 1.0.beta7I have created
the certificates and am trying to conne
Sendil kumar wrote:
Hi,
I think box A be the owner of the certificate so when u revoke it in
box A it works fine.Box B may not be the owner(issuer) and when revoking
the certificate , it is verified whether it is revoked by the
corresponding person who issued the certificate by checking CN fi
On Wed, Jun 14, 2006 13:15:42 PM +0200, Dr. Stephen Henson
([EMAIL PROTECTED]) wrote:
> On Wed, Jun 14, 2006, M. Fioretti wrote:
> >
> > Therefore, I have generated a certificate following, on the server,
> > the procedure at
> > http://wanderingbarque.com/howtos/mailserver/mailserver.html, but it
Hello,
> >>> Please let me know if further particulars are desired because it is
> >>> significant.
> >> in case you've done some crypto operations requiring random numbers
> >> (for example rsa with blinding) this is normal as openssl uses some
> >> uninitialized memory as an additional source o
On Wed, Jun 14, 2006, M. Fioretti wrote:
> Hello,
>
> I am configuring a remote x86 Centos 4.3 box (running in UML) as
> personal web and email server. Openssl version is openssl-0.9.7a-43.8.
> I want it to be able to serve https pages and to securely
> forward/email to and from my home computer.
Marek Marcola wrote:
Hello,
Erik Leunissen wrote:
I've run under valgrind an application which has been linked to
libcrypto.a from the openssl0.9.8b release. Valgrind reports some
warnings which all relate to "uninitialized values". I really do not
know whether that's significant, but just in
Hello,
> Erik Leunissen wrote:
> > I've run under valgrind an application which has been linked to
> > libcrypto.a from the openssl0.9.8b release. Valgrind reports some
> > warnings which all relate to "uninitialized values". I really do not
> > know whether that's significant, but just in case
Hello,
I am configuring a remote x86 Centos 4.3 box (running in UML) as
personal web and email server. Openssl version is openssl-0.9.7a-43.8.
I want it to be able to serve https pages and to securely
forward/email to and from my home computer.
Therefore, I have generated a certificate following,
孙 金龙 wrote:
> thanks! i only want to read ec privatekey
> my ec privatekey is below
> -BEGIN EC PRIVATE KEY-
> MGACAQEEGAu0lmj+Fgurl8m7Tpwi4+wZk9GRSgdyjKALBgkqgRzXYwEBAgGhNAMy
> AQS0/wY++sZk+W3QERcmJ+5m1l+PKkaFhJelGBfWaDN4vmSZg7ltf8YtRaUVvyaS
> m1I=
> -END EC PRIVATE KEY-
> so i use
孙 金龙 wrote:
> when i watch the
> EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
> {
> int ok=0;
> EC_KEY *ret=NULL;
> EC_PRIVATEKEY *priv_key=NULL;
>
> if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
> {
> ECerr(EC_
Kyle Hamilton wrote:
It will violate the FIPS security policy. That much has been stated,
but there's been no workaround that I'm aware of to select alternate
options like that.
Right, not with openssl ./config. However, some folks might want to consider
if their compiler environment can be a
Erik Leunissen wrote:
I've run under valgrind an application which has been linked to
libcrypto.a from the openssl0.9.8b release. Valgrind reports some
warnings which all relate to "uninitialized values". I really do not
know whether that's significant, but just in case I attach the valgrind
o
when i watch the
EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
{
int ok=0;
EC_KEY *ret=NULL;
EC_PRIVATEKEY *priv_key=NULL;
if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
{
ECer
By the way, we are using mod_ssl (OpenSSL) with Apache2, is there a way to
change the "openssl x509" command somwhere (we wish to add some -nameopt
parameter ;-)) in Apache ?
Thank u!
BASTIEN Gauthier
Service Informatique - Administration Communale de Sambreville
071/260.247
http://www.sambrevi
PEM_read_PrivateKey
call
PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void
*u)
{
if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
return NULL;
p = data;
if (strcmp(nm,PEM_STRING_RSA) == 0)
ret=d
It will violate the FIPS security policy. That much has been stated,
but there's been no workaround that I'm aware of to select alternate
options like that.
(yay lack of foresight and a required-to-be-closed validation process.)
-Kyle H
On 6/13/06, Haridharan <[EMAIL PROTECTED]> wrote:
Hi,
I
32 matches
Mail list logo
