On Nov 19, 2008, at 11:24 PM, Max Pala wrote:
The software that I am writing is a multi-threaded OCSP responder.
Please make sure you initialize the engine correctly, and set up your
locking callbacks before you actually initialize the engine. If you
look at Apache:
http://svn.apache.
Hello Sande,
The software that I am writing is a multi-threaded OCSP responder.
Sander Temme wrote:
What software are you running that makes he calls into OpenSSL?
--
Best Regards,
Massimiliano Pala
--o
Massim
On Nov 19, 2008, at 10:36 PM, Max Pala wrote:
Anybody has experienced problems with this HSM on Linux + pThread ?
What software are you running that makes he calls into OpenSSL?
Thanks,
S.
--
[EMAIL PROTECTED] http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B
Hi all,
I am running into some problems with the nShield 500 HSM. It seems that
their ENGINE implementation is not very stable...
If I run the software with more than 12 threads, I get the following error:
../setup.c:517: nfast_hwch_doneconnection: Assertion
`hwctx->conndatas[r
On Wed, Nov 19, 2008, Kyle Hamilton wrote:
>
> Use exactly the same commands you would use on UNIX. OpenSSL does not
> interact with the Windows certificate store at all. It does not
> interact with CryptoAPI. It just deals with what's in the files that
> you hand to it.
>
Well unless it is
Thank you Kyle, excellent details.
I will inform the client.
Ion Buicliu
On Wed, Nov 19, 2008 at 1:34 PM, Buicliu, Ion VSA:EX
<[EMAIL PROTECTED]> wrote:
> If by CLI you mean Command Line Interface, yes, that's what I am using
> on UNIX (not a graphical interface). If not, please let me know wh
On Wed, Nov 19, 2008 at 1:34 PM, Buicliu, Ion VSA:EX
<[EMAIL PROTECTED]> wrote:
> If by CLI you mean Command Line Interface, yes, that's what I am using on
> UNIX (not a graphical interface). If not, please let me know what you mean
> by CLI.
Yes, command-line interface, invoked by cmd.exe.
>
> A
Thank you very much Chris, that's all I needed to know.
I will inform the client and let them deal with the rest.
Ion Buicliu
Hi Ion,
On Wed, 19 Nov 2008, Buicliu, Ion VSA:EX wrote:
> "Are you using OpenSSL CLI tools on UNIX?
> If so do the same on windows; compile OpenSSL and use th
Hi Ion,
On Wed, 19 Nov 2008, Buicliu, Ion VSA:EX wrote:
> "Are you using OpenSSL CLI tools on UNIX?
> If so do the same on windows; compile OpenSSL and use the
> transferred keys and decrypt the data."
>
> If by CLI you mean Command Line Interface, yes, that's what I am using
> on UNIX
"Are you using OpenSSL CLI tools on UNIX?
If so do the same on windows; compile OpenSSL and use the
transferred keys and decrypt the data."
If by CLI you mean Command Line Interface, yes, that's what I am using
on UNIX (not a graphical interface). If not, please let me know what you
mean
On Wednesday 19 November 2008 21:23:30 Geoff Thorpe wrote:
> Please try for yourself if you're waiting on this. Eg. there are nightly
> snapshots downloadable and you can browse the source online
> too. "patch --dry-run" should also come in handy.
I patched 0.9.8b, compiled and installed; results
On Nov 19, 2008, at 11:35 AM, Buicliu, Ion VSA:EX wrote:
Our UNIX-based organization is preparing to send encrypted data to a
Windows-based organization.
We have openSSL 0.9.8 on UNIX. We create the keys and will send them
to the client in one process, then encrypt the data files and send
Our UNIX-based organization is preparing to send encrypted data to a
Windows-based organization.
We have openSSL 0.9.8 on UNIX. We create the keys and will send them to
the client in one process, then encrypt the data files and send them to
the client in a different process.
I don't know much abou
On Wednesday 19 November 2008 15:14:21 Jan Klod wrote:
> On Wednesday 19 November 2008 21:02:06 Geoff Thorpe wrote:
> > If neither Michael (Ludvig) nor Andy (Polyakov) respond in the next
> > day or so, I'll try to take a look at (and understand) the state of
> > the padlock engine code.
> >
> > Ch
On Wednesday 19 November 2008 21:02:06 Geoff Thorpe wrote:
> On Wednesday 19 November 2008 14:09:06 Jan Klod wrote:
> > On Wednesday 19 November 2008 19:40:06 Michael S. Zick wrote:
> > > On Wed November 19 2008, Jan Klod wrote:
> > > > On Wednesday 19 November 2008 19:28:51 Michael S. Zick wrote:
On Wednesday 19 November 2008 14:09:06 Jan Klod wrote:
> On Wednesday 19 November 2008 19:40:06 Michael S. Zick wrote:
> > On Wed November 19 2008, Jan Klod wrote:
> > > On Wednesday 19 November 2008 19:28:51 Michael S. Zick wrote:
> > > > That simplifies things, try 0.9.8i
> > > > http://gentoo-po
On Thu, Nov 20, 2008 at 01:29:25AM +0800, Talasila, Ravikanth wrote:
> Hi,
>
>
>
> Using OpenSSL API
>
> 1.How to find that a certificate is expired? Which API deals with
> this?
> 2.How to move an expired certificate to revocation list? Is it
> done automatically?
Expired certificat
Hi,
Using OpenSSL API
1. How to find that a certificate is expired? Which API deals with
this?
2. How to move an expired certificate to revocation list? Is it
done automatically?
3. How certificates are verified at server side? If a bunch of
certificates available (inside a pem
> RSA_verify(NID_md5, datatosign, (strlen(datatosign)), signature,
> strlen(signature), key);
The 'strlen' function is only useable on a C-style string. The signature cannot
be a C-style string because it is arbitrary binary data.
> Best regards,
> Am. Sivaramakrishnan
DS
__
On Wed November 19 2008, Jan Klod wrote:
> On Wednesday 19 November 2008 19:40:06 Michael S. Zick wrote:
> > On Wed November 19 2008, Jan Klod wrote:
> > > On Wednesday 19 November 2008 19:28:51 Michael S. Zick wrote:
> > > > That simplifies things, try 0.9.8i
> > > > http://gentoo-portage.com/dev-
On Wednesday 19 November 2008 19:40:06 Michael S. Zick wrote:
> On Wed November 19 2008, Jan Klod wrote:
> > On Wednesday 19 November 2008 19:28:51 Michael S. Zick wrote:
> > > That simplifies things, try 0.9.8i
> > > http://gentoo-portage.com/dev-libs/openssl
> >
> > Why? It worked for you?
>
> Be
Hi,
I recently compiled OpenSSL for windows using MinGW and the resulting
dlls had no version information embedded in them.
Is there a configure option or another way to enable the version
information?
Thanks,
Tony
__
OpenS
On Wed November 19 2008, Jan Klod wrote:
> On Wednesday 19 November 2008 19:28:51 Michael S. Zick wrote:
> > That simplifies things, try 0.9.8i
> > http://gentoo-portage.com/dev-libs/openssl
>
> Why? It worked for you?
>
Because it is the current release version and
takes next to no effort at all
On Wednesday 19 November 2008 19:28:51 Michael S. Zick wrote:
> That simplifies things, try 0.9.8i
> http://gentoo-portage.com/dev-libs/openssl
Why? It worked for you?
__
OpenSSL Project http://www.
On Wed November 19 2008, Jan Klod wrote:
> On Wednesday 19 November 2008 18:58:31 Michael S. Zick wrote:
> > Do you say which version of openSSL you are using?
> > Have you looked at the development head in cvs?
> > (I haven't)
> 0.9.8h-r1
> no
>
> > Did you mention what operating system and versi
On Wednesday 19 November 2008 18:58:31 Michael S. Zick wrote:
> Do you say which version of openSSL you are using?
> Have you looked at the development head in cvs?
> (I haven't)
0.9.8h-r1
no
> Did you mention what operating system and version you are using?
no; gentoo, but is that important? I th
On Wed November 19 2008, Jan Klod wrote:
> On Wednesday 19 November 2008 18:27:07 Michael S. Zick wrote:
> > On Wed November 19 2008, Jan Klod wrote:
> > > Hello,
> > > hashing acceleration with VIA padlock is a nice feature, if it works. I
> > > am sure, it CAN work on my board, but openssl seams
On Wednesday 19 November 2008 18:27:07 Michael S. Zick wrote:
> On Wed November 19 2008, Jan Klod wrote:
> > Hello,
> > hashing acceleration with VIA padlock is a nice feature, if it works. I
> > am sure, it CAN work on my board, but openssl seams not to be able to use
> > it! I can only get $(open
On Wed November 19 2008, Jan Klod wrote:
> Hello,
> hashing acceleration with VIA padlock is a nice feature, if it works. I am
> sure, it CAN work on my board, but openssl seams not to be able to use it!
> I can only get $(openssl speed -evp aes-256-cbc -engine padlock) improvement,
> but not sha
OK, as requested, I'm going to give a detailed breakdown of what the
client and server does with this error
As a note: The certificates are *fine* I have used them successfully
with s_client and s_server tests. They verify perfectly well.
So, the conversation goes as follows. I am abbreviating so
Hello,
hashing acceleration with VIA padlock is a nice feature, if it works. I am
sure, it CAN work on my board, but openssl seams not to be able to use it!
I can only get $(openssl speed -evp aes-256-cbc -engine padlock) improvement,
but not sha1/sha256, witch is also supported by padlock.
In tu
Hello,
hashing acceleration with VIA padlock is a nice feature, if it works. I am
sure, it CAN work on my board, but openssl seams not to be able to use it!
I can only get $(openssl speed -evp aes-256-cbc -engine padlock) improvement,
but not sha1/sha256, witch is also supported by padlock.
In tu
You can turn OFF specific algorithms using macros - which can also be
configured through the Configure script.
macros all come in the form of
OPENSSL_NO_xyz
e.g. OPENSSL_NO_MDC2
and (IIRC) those same items can be configured through 'Configure
-no_mdc2' and so on.
That way, you can turn off all
Hello all.
I didn't find help anywhere, so I have to ask you.
I would like to cypher (and decypher) a password with a determined key.
My program already use openssl, so that why I sent you this message.
Thank you.
Florent
Hi,
As explained in the initial email we were able to resolve the
"RSA_verify:wrong signature length" by generating the signature in two steps as
explained below (which generates 128 byte signature):
openssl dgst -md5 -binary -out signmd.bin input.txt
openssl rsautl -encrypt -inkey rsap
35 matches
Mail list logo
