I just want to know how to implement the bidirectional handshake process.
Thank you
Lampa
--
View this message in context:
http://www.nabble.com/SSL-authentication-sample-tp21346740p21346755.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
___
Hello all:
I want to build a client process to connect the Tomcat (Web server) with
the SSL connection.
Now, I can find the sample () ,which describe the single direction
authentication in OpenSSL demo. But, I want to implement the bidirectional
authentication ,that is not only the client acce
I have an application that calls "SSL_CTX_load_verify_locations" on a single
file that contains multiple CA certificates. It then calls
"SSL_load_client_CA_file" on this file to extract the CA subject names.
Finally, it calls "SSL_CTX_set_client_CA_list" to set the list of CA subject
names th
> Does the release of 0.9.8j also include the FIPS module support?
> (i.e., is this a bug-fix only release, or does this include what you
> have been working on for the past few months as well?)
The actual 0.9.8j release announcement stated:
"This is the first full release of OpenSSL that can lin
I'm building fips 1.2 on OSX,
uname -a
Darwin pb.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24
17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh
Config,
cd /usr/local/src/openssl-fips-1.2
./config fipscanisterbuild
completes without an apparent hitch.
I am trying to enable fips mode through OPENSSL_config and it is
failing. Could you any one throw more light on this? I am running on
windows 32 bit and using VC++ SP6.
Openssl.conf file
FIPS_conf = FIPS_options
[ FIPS_options ]
fips_mode = yes
Program
int main(){
Does any one have an idea of how to reduce the size of openSSL package.
As the package contain lot of things which r not used in my project.
please reply
--
View this message in context:
http://www.nabble.com/reducing-the-size-of-openssl-package-tp21330938p21330938.html
Sent from the OpenSSL -
On Wed, Jan 07, 2009 at 07:46:59PM -0700, Thomas J. Hruska wrote:
> I forgot to ask earlier today, but does the security vulnerability
> affect 0.9.7m?
Yes, but only in the unlikely case that you operate clients that establish
authenticated sessions with servers that use DSA certificates. This s
Kyle Hamilton wrote:
I got the notice of the release several hours after the security
advisory. Not sure what happened, but I've since received it.
Thank you, Dr Henson and everyone who works on OpenSSL!
-Kyle H
On Wed, Jan 7, 2009 at 5:23 PM, Giang Nguyen wrote:
Does the release of 0.9.8j
Specifically, what versions of the MS operating system are you running
on the servers?
-Kyle H
On Wed, Jan 7, 2009 at 4:44 AM, Andrey Koltsov wrote:
> I have the same problem with my client Openssl application. The server side
> is MS IIS. And all other parties use Microsoft based clients and ha
I got the notice of the release several hours after the security
advisory. Not sure what happened, but I've since received it.
Thank you, Dr Henson and everyone who works on OpenSSL!
-Kyle H
On Wed, Jan 7, 2009 at 5:23 PM, Giang Nguyen wrote:
>
>> Does the release of 0.9.8j also include the FI
> This actually addresses both the questions. In the distant past some
> applications encoded certificate requests incorrectly and/or required an
> incorrect encoding. That is there to tolerate and/or generate such stuff.
thanks.
_
> Does the release of 0.9.8j also include the FIPS module support?
do you mean anything other than this?
http://www.mail-archive.com/openssl-users@openssl.org/msg55535.html
This is the first full release of OpenSSL that can link against the
validated FIPS module version 1.2
Does the release of 0.9.8j also include the FIPS module support?
(i.e., is this a bug-fix only release, or does this include what you
have been working on for the past few months as well?)
-Kyle H
On Wed, Jan 7, 2009 at 4:10 AM, Dr. Stephen Henson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Ha
On Wed, Jan 07, 2009, a_l t wrote:
> Hi,
>
> I'm using the fips approved OpenSSL to do AES encryption in ISDN, therefore,
> I need to use the fips_128_AES_OFB function.
> If I understand correctly this function works on a 128bit (16 byte) block,
> so if I want to use it on larger blocks I need to
a 'grep MODULE_PATH' produces zero results (0.9.9 CVS head), which
leads to the thought this one will be unused throughout OPENSSL. To
load a particular engine, its path is specified using -pre
SO_PATH:path-to-engine.so.
So first test would be to see if you still have a working system
without that
Don't know about FIPS, but this one should do it:
/* The input and output encrypted as though 128bit ofb mode is being
* used. The extra state information to record how much of the
* 128bit block we have used is contained in *num;
*/
void AES_ofb128_encrypt(const unsigned char *in, unsigne
Hello,
I've recently come across a problem with openssl versions over 0.9.7a. I
have a network of approximately 100 servers using curl to access
different websites. Some of the servers are using openssl 0.9.7a and
some are using 0.9.8b. We recently encountered a problem accessing some
sites uti
On Wed, Jan 07, 2009, Victor Duchovni wrote:
>
> This is not very clear to me. Which signatures are poorly verified:
>
>1. The server's signature on SSL/TLS protocol messages that must
> be signed under the server's private key (corresponding to the
> private key in its certifica
On Wed, Jan 07, 2009 at 02:17:09PM +0100, Dr. Stephen Henson wrote:
> Several functions inside OpenSSL incorrectly checked the result after
> calling the EVP_VerifyFinal function, allowing a malformed signature
> to be treated as a good signature rather than as an error. This issue
> affected the
Hi,
RSA_sign only supports PKCS# 1 v1.5 padding which always gives the same
output for the same input data.
If you want to perfom a digital signature with PSS padding, you have to
pad the data yourself by calling RSA_padding_add_PKCS1_PSS and then call
RSA_private_encrypt on the padded output
On January 6, 2009 12:20:47 pm Richard Lichvar wrote:
> A newbieto OpenSSL here. (Mainly used to using 3rd party authorities.)
> Not very good at command line stuff either.
>
>
>
> 1. Cert request generated from IIS 6 but it is against the default
> website with .txt extension. Can a cert be
Dear all:
I have just implemented an RSA signature using openssl. What I observe
is that signing the same data (a SHA-256 hash) multiple times with the
same RSA key always yields the same signature. I thought the data to
be signed would be padded with random bits to avoid this. My search on
the top
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8j released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8j of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [07-Jan-2009]
Incorrect checks for malformed signatures
- ---
Several functions inside OpenSSL incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a mal
I have the same problem with my client Openssl application. The server
side is MS IIS. And all other parties use Microsoft based clients and
have no such problems.
It seems that a client side is a source of trouble not a server side.
Suggestions from anyone are welcome.
Hi,
I have an SSL se
Hi All,
I am using Microst Live Communication server 2005 as server for Mutual TLS
authentication with a SIP phone.(Polycom SoundPoint IP 650 as client)
I installed client certificates(generated using Microsot LCS CA) on my
client .
During Mutual TLS authentication, immediately after the comp
OpenSSL 0.9.8i does not have the fips code in it. Currently, one must
download one of the snapshots from ftp://ftp.openssl.org/snapshot/
(one of the openssl-0.9.8-stable-SNAP-*.tar.gz files) to build a
library that can use the FIPS canister.
The last word from Dr. Henson is that 0.9.8j is delayed
Hi,
I've been able to build and install the FIPS object Module from the
source. However, when trying to build the OpenSSl distribution
(openssl-0.9.8i) with the FIPS object mobile with the following command
(according to the user guide):
perl Configure VC-WIN32 fips --with-fipslibdir=c:\fips\
Could you some one explain me the steps for dynamic linking of openssl
fips libraries into my application?
I have generated following openssl and fips modules
ssleay32.dll
libeay32.dll
ssleay32.lib
libeay32.lib
fipscanister.lib
I am trying to execute my application with openssl f
Hi,
I'm using the fips approved OpenSSL to do AES encryption in ISDN, therefore,
I need to use the fips_128_AES_OFB function.
If I understand correctly this function works on a 128bit (16 byte) block,
so if I want to use it on larger blocks I need to call it in a loop.
This is different from the A
31 matches
Mail list logo
