On Thu, Apr 10, 2008 at 10:15:07PM -0700, Kyle Hamilton wrote:
> Once this is done, the channel is 'secure' and user data can start
> flowing, without having to worry about anyone else being able to get
> anything intelligible from the conversation.
The channel is only secure against passive eave
If you're using TLS, the protocol does all of this for you. You don't
have to worry about it.
Long-winded explanation:
The public/private keypairs that each peer creates have a public part
(the part that is signed by the CA, and made available to the peer
that they want to communicate with) and
On Thu, Apr 10, 2008 at 09:22:37PM -0700, Julian wrote:
> Here is what I came up with:
>
> Peer A, B, C.
>
> Peer A, B, C generates 2 2048 bit RSA keys.
>
> Peer A, B, C connects to Login server over TLS.
>
> Login server signs each key and signs only one for key signing.
>
> Peer A generates
Here is what I came up with:
Peer A, B, C.
Peer A, B, C generates 2 2048 bit RSA keys.
Peer A, B, C connects to Login server over TLS.
Login server signs each key and signs only one for key signing.
Peer A generates a session key and signs it.
Peer A connects to Peer B over TLS.
Peer A exch
Thanks for the reply. I really appreciate it ! I have tried initializing the
library, but still facing same problem.
- Is there anyway to decode the error string "error:0001::lib(0)
:func(0) :reason(1)", to find out what is actually going wrong ? means what
does reason(1) stands here for ?
- Is
I believe that you have to explicitly allow the SSLv2 ciphers if you
want to enable the use of the old, insecure, hackable, crackable, and
almost-completely-worthless-from-a-security-standpoint protocol that
is SSLv2.
Please don't use SSLv2. The sooner everyone moves away from it the
sooner its e
#12#3#4#5#6#7#8
Problem description:
openssl-fips-1.1.2 "make install" fails in fips-1.0/Makefile for
hpux64-ia64-cc, HP-UX 11.
#12#3#4#5#6#7#8
#12#
Quick question that I can't seem to find any info about.
I've got a server implementing SSLv23_server_method. However, on
Windows 2000 < Service Pack 4 the server returns a failed handshake
right after the SSLv2 Client Hello and then FIN/ACKs the client.
If I force the server into SSLv2_ser
Quick question that I can't seem to find any info about.
I've got a server implementing SSLv23_server_method. However, on
Windows 2000 < Service Pack 4 the server returns a failed handshake
right after the SSLv2 Client Hello and then FIN/ACKs the client.
If I force the server into SSLv2_server
Hello,
[EMAIL PROTECTED] wrote on 04/10/2008 11:56:50 PM:
> On Thu, Apr 10, 2008 at 11:44:23PM +0200, [EMAIL PROTECTED] wrote:
>
> > Hello,
> >
> > > On Thu, Apr 10, 2008 at 10:46:45PM +0200, [EMAIL PROTECTED]
wrote:
> > >
> > > > > I have converted that key to pem format with openssl command
On Thu, Apr 10, 2008 at 11:44:23PM +0200, [EMAIL PROTECTED] wrote:
> Hello,
>
> > On Thu, Apr 10, 2008 at 10:46:45PM +0200, [EMAIL PROTECTED] wrote:
> >
> > > > I have converted that key to pem format with openssl commandline
> tool
> > > and
> > > > loaded with
> > > > SSL_CTX_use_certificat
Hello,
> On Thu, Apr 10, 2008 at 10:46:45PM +0200, [EMAIL PROTECTED] wrote:
>
> > > I have converted that key to pem format with openssl commandline
tool
> > and
> > > loaded with
> > > SSL_CTX_use_certificate_ASN1(ctx, len, (unsigned char*)in_buf)
> > > It worked.
> > >
> > > Does anybody h
On Thu, Apr 10, 2008 at 10:46:45PM +0200, [EMAIL PROTECTED] wrote:
> > I have converted that key to pem format with openssl commandline tool
> and
> > loaded with
> > SSL_CTX_use_certificate_ASN1(ctx, len, (unsigned char*)in_buf)
> > It worked.
> >
> > Does anybody have any ideas what is wrong
Hello,
> I am facing some problem when trying to use a https service.
SSL_connect() is failing
> with error -1 (in stub code ...generated using gsoap ... code snippet
below), which
> means some fatal error occured at the protocol level or connection
failure occured.
> Further getting the SS
Hello,
> I need to load ASN1/DER private key. To do this i use
>
> FILE *fp;
> char in_buf[1000];
> fp = fopen("../keys/prkey.der", "r");
> len = fread(in_buf, sizeof(char), 1000, fp);
> fclose(fp);
> if (!len)
> return 0;
>
> if (!SSL_CTX_use_PrivateKey_ASN1(SSL_FILETYPE_ASN1, ctx, (unsigned
This is not a question but a solution to a problem that I and many others it
seems have run into and no solution seems to be on the internet. So I found
a solution at least in my case and wanted it to be archived in this list so
that it can help others who run into this problem in the future.
The
Hi EveryBody,
I want to know a small hint on compression as a CMS package in 0.9.8 and
later versions . Here my concern is we can compress the data using zlib
funtions , but how we can implement the same as CMS envelope. Is there any
Api's are there for CMS compression ?
Thanks in Advance
--
--B
On Thu, Apr 10, 2008, Mohd Saleem wrote:
> Hi ,
>
> I have char buffer in base64 encoded format. The client should read the
> buffer, decode it and get the result in X509 structure, i am facing issues
> with this.
> I am getting an error, error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN
I need to load ASN1/DER private key. To do this i use
FILE *fp;
char in_buf[1000];
fp = fopen("../keys/prkey.der", "r");
len = fread(in_buf, sizeof(char), 1000, fp);
fclose(fp);
if (!len)
return 0;
if (!SSL_CTX_use_PrivateKey_ASN1(SSL_FILETYPE_ASN1, ctx, (unsigned
char*)in_buf, len))
ERR_prin
* Kyle Hamilton wrote on Thu, Apr 10, 2008 at 02:34 -0700:
> > (That means the CA remotely signs online submitted CSRs and sends
> > back a Cert immediately? Maybe such a CA would not be that
> > trustworthy...)
>
> First: it is as trustworthy as the application seems to
> require. It's not
If E got the public key of the server, then he would be able to
authenticate certificates signed by the server. The 'secret' or
'private' key is what's needed to create a signature for a
certificate, and without it it's impossible to perform the proof that
the private key is known to E. (sure, E
Hi,
I wanted to compile Openssl for ARM platform. So how can we proceed
to achieve this?.
--
Thanks & Regards
Tomy Devasia
Product Devpt & Support
Kalki Communication Technologies Ltd
Bangalore
India
__
OpenSSL Project
Hi ,
I have char buffer in base64 encoded format. The client should read the buffer,
decode it and get the result in X509 structure, i am facing issues with this.
I am getting an error, error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag.
Could you help me in resolving this.
Any help
If E got ahold of this key it could complete a handshake to the server
get sensitive data?
The 'key' that you need to include with your binary is actually the
CA's certificate (which contains the CA's public key). You don't need
to include any 'trusted' information in the client other than th
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is used to thwart some CBC attacks.
check out this link for details
http://www.openssl.org/~bodo/tls-cbc.txt
Thanks
--Gayathri
> Hi,
>
> The client is configured with SSLv3_client_method.
>
> *ctx = SSL_CTX_new(SSLv3_client_method());*
>
> Whenever the client
Hi,
this is a question from a total newbie of OpenSSL. I am trying to install
OpenSSL on my PC but it won't work. By the way I am using Windows XP
Professional and Visual Studio 2005. I downloaded ActivePerl 5.8.8 and MASM.
I think all system and environment variables are correctly set. And the
f
David Schwartz wrote:
> And with respect to the other thread, I agree with you. The level of
> security should be the highest that doesn't require sacrificing things that
> are more important than security. Sometimes all you need is to keep out your
> kid sister, sometimes you have to keep out
On Thu, Apr 10, 2008 at 3:36 AM, David Schwartz <[EMAIL PROTECTED]> wrote:
>
> Kyle Hamilton wrote:
>
> > You can have B contact the server and obtain a signed "authorization
> > certificate" for its key that uses custom extensions to specify 'is
> > authorized to connect to A' for a given time
Kyle Hamilton wrote:
> You can have B contact the server and obtain a signed "authorization
> certificate" for its key that uses custom extensions to specify 'is
> authorized to connect to A' for a given timeframe, and have that be
> the certificate that B presents when connecting to A. Then, A
On Thu, Apr 10, 2008 at 2:00 AM, Steffen DETTMER
<[EMAIL PROTECTED]> wrote:
> * Kyle Hamilton wrote on Wed, Apr 09, 2008 at 14:22 -0700:
> > Each peer goes through this process:
> > 1) peer creates a keypair
> > 2) peer generates a CSR (certificate signing request) for its public key.
> > 3) pe
* Kyle Hamilton wrote on Wed, Apr 09, 2008 at 14:22 -0700:
> Each peer goes through this process:
> 1) peer creates a keypair
> 2) peer generates a CSR (certificate signing request) for its public key.
> 3) peer connects to server, submits CSR along with whatever
> information necessary to determin
Hello,
I am facing some problem when trying to use a https service. SSL_connect()
is failing with error -1 (in stub code ...generated using gsoap ... code
snippet below), which means some fatal error occured at the protocol level
or connection failure occured. Further getting the SSL error code (
32 matches
Mail list logo
