Requiring a private key to be embedded into the binary is almost
always a flawed design, because you're handing secret information to a
computer controlled by someone you want to avoid having that data.
Including 'trusted' moduli in the binary is also generally a flawed
design, for the same reason.
Hi,
I am working on a client/server application. I am using RSA and need
to ship keys in my binary, however I would rather generate key pairs
on binary execution that get signed by the login server. Correct me if
I am wrong but can I simply create my CA and keys and place the moduli
of the
Hi Every body,
I am working on securtiy issues , my job is sign, compress, encrypty the
file as CMS package. In order to fullfill conditions I have to use pkcs7
API's . but I did not understand how they will envelope the signed ,
compressed , encrypted data , and how they will be usefull for receiv
Hi,
I am working on a client/server application. I am using RSA and need
to ship keys in my binary, however I would rather generate key pairs
on binary execution that get signed by the login server. Correct me if
I am wrong but can I simply create my CA and keys and place the moduli
of the
I managed to get Apache 2 up and running with an ECC
keypair(httpd-ssl.conf was set to SSLCipherSuite
ECDHE-ECDSA-AES256-SHA), and I was able connect to the
server with openssl s_client -connect 10.1.0.1:443
-cipher ECDHE-ECDSA-AES256-SHA, though when I connect
with my browser (Firefox 2.0.0.13), I
On Tue, Apr 08, 2008 at 08:43:51PM -0400, Big BDI wrote:
> Is something wrong with my certificates(Pasted below)?
> I generated them with ECCcertgen.sh bundled with
> openssl... Apache does not generate any errors. One
> of my test keypairs is pasted below (I used a
> secp521r1 curve, but I didn'
Seems like the problem disapeared now, even thought I cannot exactly
tell why. Seems like I messed up some of that ugly pointer stuff that
now works fine after some changes in the code.
Again, thanks for your help.
Thanks and regards
Till Elsner
Am 08.04.2008 um 09:04 schrieb shankar ks:
H
I patched the Apache 2.2.2 source and followed the
instructions(https://issues.apache.org/bugzilla/attachment.cgi?id=18657&action=edit
), and installed many versions of openssl, including
the stable 0.9.8g version, and I also tried current
snapshots as of april 2008. I managed to get Apache 2
up a
Hi,
I am running openssl 0.9.7 on an MP-RAS Unix box with 32 bit Intel hardware.
Very occassionally (four times in eight months) I have seen a segmentation
fault in the big number code, when CRYTPO_malloc calls malloc. I understand
that heap corruption can arise from just about anywhere, but it is
People keep sending me ".ent" files (example at the bottom of this
message). They look to me a lot like Privacy-Enhanced Mail (remember
Privacy-Enhanced Mail?) files. I've got all my S/MIME stuff set up and
working with "pgg" under Emacs "pgg", but I'm not making much headway
with these proprieta
--- <[EMAIL PROTECTED]> wrote:
>
> #0 0xfee8ec23 in sk_value () from /usr/local/ssl/lib/libcrypto.so.0.9.8
> #1 0xfef5b05b in ssl3_output_cert_chain () from
> /usr/local/ssl/lib/libssl.so.0.9.8
> #2 0x in ?? ()
>
> This appears to be version 0.9.8e
Sorry for wasting your time
Openssl team,
I've had a recurring problem utilizing postgresql over SSL on our Solaris
platform (had a similar
problem on FreeBSD but one thing at a time).
Essentially, when client's connect and read/write using SSL to our database,
the result is a
segfault.
It was happening predominantly wit
Thanks for your advice, by reading the key from a previously loaded
X509 object I can get it from the certificate file. But the problem
that the result of the decryption is not the same as the original data
still exists. What could be the problem? The same operation works fine
with openssl
The most important thing to look at are the BIO_* functions. These
are the functions that abstract out the underlying transport layer (be
it TCP, UNIX sockets, memory) so that the library itself doesn't need
to know about them.
The easiest way to understand how to do it, if you have a custom TCP
Yes, there is copy&paste-in-email failure :)
- Original Message
From: "Ger Hobbelt"
To: openssl-users@openssl.org
Date: Tue, 8 Apr 2008 12:36:27 0200
Subject: Re: CRYPTO_add_lock() segmentation fault (core dump included)
On Tue, Apr 8, 2008 at 12:10 PM, Ion Scerbatiuc wrote:
> Oh :)
[..
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi, guys!
I spent a whole night to configure my postfix to relay on Gmail's smtp
server. However, I found that the TLS verification has some weird
problems.
First, I found that the postfix can't verify the server:
>certificate verification failed f
To get the sources from the CVS repository, you should log in as
anonymous user, i.e. use user
anonymous
and no password at all (empty password).
This you can also see in the original commandline I specified:
> > > > cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R .
--
Met vriendelijke
On Tue, Apr 8, 2008 at 12:10 PM, Ion Scerbatiuc <[EMAIL PROTECTED]> wrote:
> Oh :)
[...]
> for (i = 0; i < CRYPTO_num_locks(); i ) {
Erm, shouldn't those two loops have an increment (i++ instead of just
'i') there, or is this a copy&paste-in-email failure? ;-)
--> for (i = 0; i < CRYPTO_n
We have a multi-platform (Linux-Windows-Mac-PSP-Wii-NDS-PS2 as per
right now) game engine, and wanted to add SSL to the networking layer.
I'd like to know what do we need to do in order for OpenSSL to use our
TCP implementation, or where to look for.
I'm struggling through the documentation and ex
jimmy bahuleyan wrote:
Ion Scerbatiuc wrote:
Thank you for your reply!
I didn't find any refferences to CRYPTO_set_add_lock_callback() in
openssl man pages nor the meaning of this functions/callbacks.
I didn't understand what does CRYPTO_add_lock () do.
CRYPTO_add_lock() does atomic addition
Ion Scerbatiuc wrote:
Thank you for your reply!
I didn't find any refferences to CRYPTO_set_add_lock_callback() in
openssl man pages nor the meaning of this functions/callbacks.
I didn't understand what does CRYPTO_add_lock () do.
CRYPTO_add_lock() does atomic additions (or subtractions). It
On Tue, 2008-04-08 at 10:04 -0500, Ion Scerbatiuc wrote:
> Thank you for your reply!
You're welcome :-)
> I didn't find any refferences to CRYPTO_set_add_lock_callback() in
> openssl man pages nor the meaning of this functions/callbacks.
Ahh, well once you start to understand this stuff better,
Thank you for your reply!
I didn't find any refferences to CRYPTO_set_add_lock_callback() in openssl man
pages nor the meaning
of this functions/callbacks.
I didn't understand what does CRYPTO_add_lock () do.
Can you provide some information on this functions and maybe some code examples.
Thanks i
On Tue, 2008-04-08 at 03:35 -0500, Ion Scerbatiuc wrote:
> Hello!
> I wrote a multithreaded server using OpenSSL v 0.9.7a (running on a RH
> Enterprise Linux 2.6.9-55.0.2.ELsmp).
> The problem is my server is crashing at random times (it could stay
> alive for 24 hours or can crash within 4 hours).
Hi ,
I want to use the cms fuctions in my application program ( which is in C -
language), my goal is to sign the document using the RSA_sign function then
want to envelope the signature with the original data . so can any one
explain me how to envelope this using CMS funtions . and also how to ve
Hi Hobbelt,
I downloaded the tortoiseCMS and tried to checkout the data , but it was
asking for a password , and giving connection error like to many
authentication was failed for shankar ... ...
-- Shankar
On 4/8/08, Ger Hobbelt <[EMAIL PROTECTED]> wrote:
>
> On Tue, Apr 8, 2008 at 5:48 AM, sha
There seems to be an error in my email client. There is an i(plus)(plus).
- Original Message
From: [EMAIL PROTECTED]
To: openssl-users@openssl.org
Date: Tue, 8 Apr 2008 12:50:07 0200
Subject: RE: CRYPTO_add_lock() segmentation fault (core dump included)
Hello,
> Oh :)
> I forgot to ment
Yes! There was an mistake when I copied the code. There is i as you said.
for (i = 0; i < CRYPTO_num_locks(); i ) {
pthread_mutex_init(&mutex_buf[i], NULL);
}
- Original Message
From: [EMAIL PROTECTED]
To: openssl-users@openssl.org
Date: Tue, 8 Apr 2008 12:50:07 0200
Subject: R
Hello,
> Oh :)
> I forgot to mention that I instantiated those variables (it was like
obvious for me).
> Here is the initialization code:
>
> int Server::TLS_init()
> {
> int i;
>
> mutex_buf = (pthread_mutex_t*) malloc(CRYPTO_num_locks() *
sizeof(pthread_mutex_t));
> if (mutex_bu
Oh :)
I forgot to mention that I instantiated those variables (it was like obvious
for me). Here is the
initialization code:
int Server::TLS_init()
{
int i;
mutex_buf = (pthread_mutex_t*) malloc(CRYPTO_num_locks() *
sizeof(pthread_mutex_t));
if (mutex_buf == NULL) {
return -
> I wrote a multithreaded server using OpenSSL v 0.9.7a
> (running on a RH Enterprise Linux 2.6.9-55.0.2.ELsmp).
> The problem is my server is crashing at random times (it
> could stay alive for 24 hours or can crash within 4 hours).
> Inspecting the cores file I found that it crashes in the sam
Hello!
I wrote a multithreaded server using OpenSSL v 0.9.7a (running on a RH
Enterprise Linux
2.6.9-55.0.2.ELsmp).
The problem is my server is crashing at random times (it could stay alive for
24 hours or can crash
within 4 hours). Inspecting the cores file I found that it crashes in the same
l
Hi Till,
The error u got is you can not read the public key as in the certificate it
is not finding the lines as "BEGIN RSA CERTIFICATE"
so here i am giving you the code , use it directly , it will work fine as i
refined it many times ...
pubk = RSA_new();
if(pubk == NULL)
printf("error to create
Shankar,
When you have trouble using CVS, please search the net for information
or a good book about it, because many projects use this revision
control system.
You will not find CMS in any 0.9.8 source tree; you will need to use
OpenSSL 0.9.9 sources - which are available through CVS or, when yo
On Tue, Apr 8, 2008 at 5:48 AM, shankar ks <[EMAIL PROTECTED]> wrote:
> Hi Hobblet,
>
> Sorry for the late reply as I was busy with searching of other things . You
> have given a command regarding my question, but i did not understand that
> and how to use it to get the information of CMS from open
35 matches
Mail list logo
