Do you call OPENSSL_free() to release the returned data?
On Fri, Mar 20, 2009 at 3:22 AM, Macapuna Carlos
wrote:
> Hello, Good Night.
> I am a student of Masters in Unicamp - Brazil.
> I am using the class of BN openssl. My program is consuming all the memory
> (3 GB), up to failure of segmentat
Thanks folks, I had completely missed those.
By the way: a little grep shows -pss_saltlen is not as-is in the 0.9.9
HEAD but all it's features (including special saltlens -1 and -2) are
available through yet another -sigopt:
-sigopt rsa_pss_saltlen:N
where N is the saltlen value
snip from code:
I did find this comment in ssltest.c :
* A BIO pair behaves similar to a non-blocking socketpair
* (but both endpoints must be handled by the same thread).
i.e. You can NOT have Thread1 write to a BIO_pair and expect Thread2
to read it off the BIO_pair.
Is that what you were referring to?
Regard
carock wrote:
Unfortunately, I'm dealing with an HP Proliant server. Specifically the iLO
interface which is a backend management device embeded in the server.
This device has it's own SSL cert from the factory. With the latest rounds
of updates from Firefox, that browser now complains "my cert
Unfortunately, I'm dealing with an HP Proliant server. Specifically the iLO
interface which is a backend management device embeded in the server.
This device has it's own SSL cert from the factory. With the latest rounds
of updates from Firefox, that browser now complains "my certificate contains
carock wrote:
Can the same process be duplicated without going commercial? I need a
certificate that doesn't use a FQDN for the common name and I haven't found
a commercial one that allows that.
Set up your own CA, and issue your own certificates to your own
requirements. The problem then boi
Can the same process be duplicated without going commercial? I need a
certificate that doesn't use a FQDN for the common name and I haven't found
a commercial one that allows that.
That is my other alternative. If there's a commercial one I can buy that can
have a common name without a . in it OR
Hi All,
I'm trying to compile on a Centos 4.4 x86_64 system.
./config -t gives:
Configuring for linux-x86_64
/usr/bin/perl ./Configure linux-x86_64
make test gives:
bntest.c:1: sorry, unimplemented: 64-bit mode not compiled in
make[1]: *** [bntest.o] Error 1
Is there any way to g
> > be aware that SSL BIO's (and (SSL*) sessions!) are 'threadsafe'
> > in the sense that OpenSSL *assumes* a (SSL *) or
> > /any/ BIO remains inside a single thread from the moment it
> > becomes 'active', i.e. is set up / is going to do some work.
This is completely incorrect. It's totaly nonse
Try -nopad option
Erwann ABALEA wrote:
Hi,
Hodie XIII Kal. Apr. MMIX, carlyo...@keycomm.co.uk scripsit:
I would suspect that an 8 byte IV has been appended/prefixed
Carl
On Thu 19/03/09 9:16 PM , Dick Hollenbeck d...@softplc.com sent:
I am using on Ubuntu Hardy:
On 2009.03.18 at 17:04:33 -0700, Thomas Bonham wrote:
>As a new subscribe I hope that I'm using it to the right group.
>
>
>
>I'm working on trying to figure out how to create a CA within my C based
>program. I have found some information on create the certificates within
>the p
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Erwann ABALEA
Sent: 20 March 2009 10:58
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Re: Blowfish output using openssl is too
long
> Hi,
>
> Hodie XIII Kal. Apr. MM
You cannot self-sign a certificate without the private key file. The
private key file is the thing which allows the signature to be
created, the public key (in the certificate) is the thing which allows
the signature to be verified.
Commercial SSL certificates don't require *your* private key fil
Creating a CA is a matter of creating a key and a certificate, which
has an extended attribute of "CA:true". For more information, please
see RFC 5280, and X.509 (available for free download from the ITU --
but be warned, it reads like stereo instructions mated and their
offspring mated too, with
Hi,
Hodie XIII Kal. Apr. MMIX, carlyo...@keycomm.co.uk scripsit:
>I would suspect that an 8 byte IV has been appended/prefixed
>
>Carl
>
>On Thu 19/03/09 9:16 PM , Dick Hollenbeck d...@softplc.com sent:
>
> I am using on Ubuntu Hardy:
>
> $ openssl enc -bf-cbc -K 01222122
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
I would suspect that an 8 byte IV has been appended/prefixed
Carl
On Thu 19/03/09 9:16 PM , Dick Hollenbeck d...@softplc.com sent:
I am using on Ubuntu Hardy:
$ openssl enc -bf-cbc -K 012221222F2D9E459E41
Hello, Good Night.
I am a student of Masters in Unicamp - Brazil.
I am using the class of BN openssl. My program is consuming all the memory
(3 GB), up to failure of segmentation, after much debugging, discovering
that when you use the BN_bn2dec (char * BN_bn2dec (const BIGNUM * a)) is the
memory o
I need to generate a self-signed certificate from a normal CSR file. I don't
have the private key that goes with the CSR though.
All of the examples for generating a self-signed cert have the private key
file listed in the command string. I tried running it without it and it
fails though.
The c
I am using on Ubuntu Hardy:
$ openssl enc -bf-cbc -K 012221222F2D9E459E41001291222 \
-iv 552279BBB1A9 -in file.raw -out file.enc
and the output file is 8 bytes longer than the input file!
The input file is 144 bytes long and the output file is 152 bytes
Doing this in pycrypto,
Hi,
Im writing to you with problem of gerating file in format .pvk form .pem
I have a certyficate in file .pfx and I know how to convert it to file .pem
and .spc by openssl but now i cant do more. I mean I can't generate file
.pvk from file .pem using program pvk.exe
Please help me with that...
As a new subscribe I hope that I'm using it to the right group.
I'm working on trying to figure out how to create a CA within my C based
program. I have found some information on create the certificates within the
program but I'm not able to find the function need to creating the CA
itself. I h
21 matches
Mail list logo
