Just a note, I've found documents like
http://ietfreport.isoc.org/all-ids/draft-ietf-ediint-compression-08.txt
which in secction 2.1 says to calculate MIC on the original data that was
signed as PER [AS1] (but 4130 is AS2)
In section 7.3.1.3 of 4130, first paragraph in bullets it is said:
For
Thanks for the wait:
Well, these are the steps followed
Encrypted body with Mime headers.- body decrypted and multipart/signed
message obtained
Signature in binary, so processed with openssl pkcs7 to convert the binary
signature to b64 (script in perl to extract that process it and put it ba
What version of the library are you using ?
On Fri, Jun 20, 2008 at 9:01 PM, Siddhartha Chhabra <
[EMAIL PROTECTED]> wrote:
> I tried that but I think it has to do with the cast applied to the
> functions as it says
>
> cannot convert parameter 1 from 'int (__cdecl *)(void)' to 'i2d_of_void
> (__
I tried that but I think it has to do with the cast applied to the functions
as it says
cannot convert parameter 1 from 'int (__cdecl *)(void)' to 'i2d_of_void
(__cdecl *)'
This conversion requires a reinterpret_cast, a C-style cast or
function-style cast
cannot convert parameter 1 from '
Check your include statements. You might need either or both of:
#include
#include
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Siddhartha Chhabra
Sent: June 20, 2008 8:39 PM
To: openssl-users@openssl.org
Subject: Re: DSA signing
On trying the macros, it gives the following errors
c:\se_simulation2\verificationserver\verifier\verifier\verifier.cpp(201) :
error C2664: 'PEM_ASN1_write' : cannot convert parameter 1 from 'int
(__cdecl *)(void)' to 'i2d_of_void (__cdecl *)'
This conversion requires a reinterpret_cast, a
I will try the method that Bill just mentioned and hope that it works,
Thanks again, but I would still like to know the problem with the way I am
trying to do stuff.
Thanks
On Fri, Jun 20, 2008 at 4:58 PM, Siddhartha Chhabra <
[EMAIL PROTECTED]> wrote:
> Thanks for your quick replies, however, I
Thanks for your quick replies, however, I did not understand it clearly, I
am very new to OpenSSL
Here is what I am doing in my code
dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
DSA_generate_key(dsa)
Now I have the keys generated. Now if I say
SHA1(sigbuf,11,dgst);
/
Hi jkoehring:
Thanks a lot for the help, (ah just noticed another reply from you on this
question placed in another way, thanks). I tried that part too but did not
get the expected checksum. Not that I doubt what you say, but perhaps I'm
mistaken at some point. When I do the verify, the openss
I had a similar problem. I found I had to define my own macros for this
as they were not in the OpenSSL set.
#define PEM_write_DSAPublicKey(fp,x) \
PEM_ASN1_write((int (*)())i2d_DSAPublicKey,\
PEM_STRING_DSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
#define PEM_read_
Hi Siddhartha:
It's never a problem, but the procedure is as follows:
1.- You sign with private key and certificate connected with that key
2.- If you then encrypt, you encrypt with the certificate of your
counterpart or recepient
When the recepient gets the encrypted block of data, he decrypts
Hi all,
I am trying to use DSA_sign and DSA_verify functions to generate a signature
and verify it. If I do this in the same file, that is signing and then
verifying using the public key, things go on smoothly. However, if I try to
save the DSA structure, that is by saving each of the values other
Hello Patrick,
Thanks for the detailed information.
Regards
Alok Bhatnagar
- Original Message -
From: "Patrick Patterson" <[EMAIL PROTECTED]>
To:
Sent: Friday, June 20, 2008 7:26 PM
Subject: Re: Server Authentication
> Hi Alok;
>
> On June 20, 2008 09:02:15 am AlokBhatnagar wrote:
>
Can anyone help me with the procedure to calculate the message integrity
check in this RFC?
it's about calculating the sha1 checksum over a multipart message.
This is the text in the RFC (http://www.ietf.org/rfc/rfc4130.txt), chapter
7.1, paragraph 8)
The EC Interchange and the RFC 1767 MI
Hi, there are some references which suggest that webservers and mail
servers can ask the SSL layer to implement compression? I see some
references to this scattered about the internet, but no notes on what is
required to enable this?
Can someone please shed some light? Is support required spe
On Thu, Jun 19, 2008 at 11:31:39PM -0700, Sendroiu Eugen wrote:
> If the files are stored locally in a directory,
> then you can specify to the CTX the hash directory (
> X509_STORE_load_locations(store,hashdir,rootfile) ), but you need to
> name your certificate file(s) with the hash of the subje
I do have to point out, no CA pays Mozilla to be in Firefox's
database. What the CA pays for is the auditing required to pass
Mozilla's criteria for inclusion in the database.
That said, my personal opinion is that the CA model is broken from the
start, and I am pushing for a way to opt out of Mo
As I said you usually can't. For instance Firefox has a database with
certificates from many trust anchors ( they pay to be in that database),
so when wants to validate a certificate it asks the db about it. If you have
an HTTPS server which has a self-signed certificate that isn't in Firefox's
db
Hello Sendroiu,
Thats what i was asking
How can i get the certificates of CAs i turst?
Regards
Alok Bhatnagar
- Original Message -
From: Sendroiu Eugen
To: openssl-users@openssl.org
Sent: Friday, June 20, 2008 7:12 PM
Subject: Re: Server Authentication
From what
Hi Alok;
On June 20, 2008 09:02:15 am AlokBhatnagar wrote:
> Thanks david,
>
> I know that the domain name should be same as the common name in server
> certificate which is sent by the server to the client.
>
> As I know, The SSL client verifies the server's certificate against the CA
> certifica
I am seeing some strange behaviour with openssl, versions 0.9.8e, f, g
and h on a Gentoo Linux 2.6.22 machine Intel Core2 (amd64 architecture).
Following some googling with gentoo, I have built each version with
and without enable-tlsext.
The problem that I am seeing is that an openssl server, us
>From what I understand, you need the trust anchors certificate( eg Verisign )
so that you can check the server's certificate against the probably self-signed
Verisign certificate. It is supposed that you have already have the
certificates of
CAs you trust.
If your question is how to find online
Thanks david,
I know that the domain name should be same as the common name in server
certificate which is sent by the server to the client.
As I know, The SSL client verifies the server's certificate against the CA
certificate loaded in the client.
Suppose i trust Verisign CA. So my client must
Thanks Urjit.
Regards
Alok Bhatnagar
MicroWorld Technologies Inc,
- Original Message -
From: Urjit Gokhale
To: openssl-users@openssl.org
Sent: Friday, June 20, 2008 5:23 PM
Subject: Re: Encryption/Decryption
These functions do perform the encryption / decryption along w
> So i want to know how will my client authenticate the server
> since i don't have the server's root certificate?
> Thanks in Advance..
> Regards
> Alok Bhatnagar
That is completely application-dependent. The answer will depend on what
makes the legitimate server different from an imposter.
Y
These functions do perform the encryption / decryption along with some other
functionality. So you don't have to encrypt the message before you pass the
buffer to SSL_write, or decrypt the data in the buffer you use with SSL_read.
- Original Message -
From: AlokBhatnagar
To: openssl
Hi,
Do SSL_Write() and SSL_Read() functions perform the encryption and decryption
respectively or we need to do it before calling these functions?
Regards
Alok Bhatnagar
Subscribe to MicroWorld's free security newsl
Hello all,
I am trying to statically compile omniORB-4.1.2 over MinGW
(mingw32-gcc-3.4.5, mingw32-make-3.81).
I compiled flawlessly openssl-0.9.8h using the above mentioned
configuration. When the linking
process on the ORB source code reaches SSL code I obtain the following
errors:
g++.exe: adva
Your client needs to have a certificate issued by a CA that the server
trusts, and the server must request client authentication by
name-of-CA-that-it-will-accept. The client can then provide its
certificate (it knows which one based on the requested issuer name)
and prove ownership of the private
Hi,
I have created my test client and server application. For that i also created a
Root CA Certificate and using that certificate i created client and server
certificates. Using those certificates the handshaking has been done between
the client and server and they are communicating properly.
> From: [EMAIL PROTECTED] On Behalf Of Eric
> Chamberlain
> Sent: Wednesday, 18 June, 2008 15:26
>
> I am trying to build and install openssl via Cygwin. I followed the
> instructions and I only hit a bump when I attempt
>
> make install
>
> During which I get a boatload of errors. T
31 matches
Mail list logo
