No, 'blocking' refers to the behavior of the underlying socket. If
you have it set to nonblocking mode, you have to handle the case where
it won't write due to a temporary condition.
If errno is EAGAIN, that means that the write or read *would* block.
This can be handled in your initial case by c
Hi,
Thanx for the quick response. Unfortunately the same problem persists:
void conn_init_ssl(void)
{
SSL_library_init();
SSL_load_error_strings();
global_ssl_context = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_mode(global_ssl_context,.
SSL_MODE_ENABLE_PARTIAL_WRITE | S
SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
2009/3/30 Nikos Balkanas :
> Hi,
>
> I would like to ideally use non-blocking SSL_read and blocking SSL_write. Is
> this possible with BIO_set_nbio? What should the underlying socket be in
> that case?
>
> If this is not possible, as I suspect, i have th
Hi,
I would like to ideally use non-blocking SSL_read and blocking SSL_write. Is
this possible with BIO_set_nbio? What should the underlying socket be in that
case?
If this is not possible, as I suspect, i have the problem that the non-blocking
SSL_write with select, will stall after first SSL
On Mon March 30 2009, Michael S. Zick wrote:
>
Here is the reference I had in mind (third paragraph):
http://en.wikipedia.org/wiki/Battle_of_Leyte_Gulf#The_Crisis_.E2.80.93_US_Seventh_Fleet.27s_calls_for_help
So much for historical trivia on "don't invent your own protocol".
Mike
> On Mon March
On Mon March 30 2009, Victor Duchovni wrote:
>
- - - snip - - -
>
> Of course to prevent HMAC replay attacks, messages should contain nonces,
> but with protocols using shared secret HMAC signatures, the nonce is
> considered to be part of the message rather than the signature algorithm.
>
That
On Mon, Mar 30, 2009 at 01:57:21PM -0700, David Schwartz wrote:
> > When I sign the same hash with the same certificate I should get the same
> > signature. That sounds pretty logical to me.
>
> Really? So if you sign the same contract twice, the two signatures will be
> precisely identical?
Wel
SSL will return SSL_ERROR_WANT_READ if it needs to read more. It will
return SSL_ERROR_WANT_WRITE if it needs to write things out on that
socket before it can do anything else (for example, during a
renegotiation). (There is no fixed upper bound of times this can
happen, so beware of going into a
> David,
> When I sign the same hash with the same certificate I should get the same
> signature. That sounds pretty logical to me.
Really? So if you sign the same contract twice, the two signatures will be
precisely identical?
> The company I'm doing this
> project for also told me that I shoul
On Mon, Mar 30, 2009, Goblin_Queen wrote:
>
> If this is wrong again, could you please tell me what IS the correct way of
> getting the size of sha1_data2? I don't think I know other options than
> sizeof or strlen...
>
>
Well it should be available when you base64 decode the data. For SHA1 it
Hello David,
Thank you for this explanation.
I've a good book from Eric Rescorla, but may be I jumped too quickly to
the API and didn't learn enough the concepts!
So If I correctly understand, I must try to read a MAX_RECORD_SIZE
buffer (16383 bytes) when select says "There is something ready
Hi Prathima:
Ok - a few things that I've noticed:
1: Most of the Certificates are V1 X.509 certificates - these are horribly
old, deprecated certificate types, that a lot of modern validation routines
will not validate correctly.
2: you are using MD5 for your hash algorithm - this is EXTREMELY
On Mon, Mar 30, 2009 at 10:39:56AM -0400, Carter Browne wrote:
> Since it is a fixed size (20 bytes) a define would be appropriate, e.g.
>
> #define SHA1_KEY_SIZE 20
>
The EVP message digest interface includes functions to get the digest
size for a given digest algorithm.
int si
Since it is a fixed size (20 bytes) a define would be appropriate, e.g.
#define SHA1_KEY_SIZE 20
Carter
Carter Browne
CBCS
cbro...@cbcs-usa.com
781-721-2890
Goblin_Queen wrote:
> If this is wrong again, could you please tell me what IS the correct way of
> getting the size of sha1_data
If this is wrong again, could you please tell me what IS the correct way of
getting the size of sha1_data2? I don't think I know other options than
sizeof or strlen...
Victor Duchovni wrote:
>
> On Mon, Mar 30, 2009 at 06:57:02AM -0700, Goblin_Queen wrote:
>
>>
>> Thanks for pointing that ou
On Mon, Mar 30, 2009 at 06:57:02AM -0700, Goblin_Queen wrote:
>
> Thanks for pointing that out Stephen, as I said before, I'm still learning
> C++, so that's why I made such a stupid mistake. I suppose the correct size
> of sha1_data2 is strlen((const char*)sha1_data2), and that gives me 20
> ins
Thanks for pointing that out Stephen, as I said before, I'm still learning
C++, so that's why I made such a stupid mistake. I suppose the correct size
of sha1_data2 is strlen((const char*)sha1_data2), and that gives me 20
instead of 4, which sounds more reasonable.
The result is still different,
On Mon, Mar 30, 2009, Goblin_Queen wrote:
>
> This is the code I used to test the signing mechanism:
>
>
>
> void sign_test (const pkcs11h_certificate_t cert) {
>
> string hash = "67Vz7or3fAge1eo0ahO/S1YiCmo="; //test base64 encoded hash
> value
>
> unsigned char* sha1_data2;
>
This is the code I used to test the signing mechanism:
void sign_test (const pkcs11h_certificate_t cert) {
string hash = "67Vz7or3fAge1eo0ahO/S1YiCmo="; //test base64 encoded hash
value
unsigned char* sha1_data2;
sha1_data2 = (unsigned char*)malloc(sizeof(char)*4096);
> After lots and lots of testing, trying and debugging I still
> haven't managed
> to get the same results from RSA_sign and CryptSignHash. I've discovered a
> problem with the base64 decoding function i use to decode the
> hash i want to
> sign, so now i get a different signature from RSA_sign bu
> After lots and lots of testing, trying and debugging I still
> haven't managed
> to get the same results from RSA_sign and CryptSignHash. I've discovered a
> problem with the base64 decoding function i use to decode the
> hash i want to
> sign, so now i get a different signature from RSA_sign bu
Hi All!
We have the following issue where the tracebacks points to
CRYPTO_free -> free -> free. When we decode from the bottom of stack we
could build a stack from our application till main -> ssl_connect ->
SSL_connect. From the laststack pointer position it decode from free <-
free <- CRYPT
Hi Srinivas,
Why is this an issue? Is it for an application?
From a library point of view, the version installed on the system
should make no difference unless you are using deprecated (old) or brand
new routines in the library. This should not be an issue, especially as
you are talking about
Hello,
After lots and lots of testing, trying and debugging I still haven't managed
to get the same results from RSA_sign and CryptSignHash. I've discovered a
problem with the base64 decoding function i use to decode the hash i want to
sign, so now i get a different signature from RSA_sign but it
Hi
I checked in /usr/include location the files "stdio.h", "string.h" are not
present there.
If I add the header files manually in the location will it work or should I
install the compiler package again?
Regards
Neerav Singh
-Original Message-
From: owner-openssl-us...@openssl.o
Hi All,
When i was building openssl 9.8h , i got this error ..
(cd ..; gmake DIRS=test TESTS=alltests all)
gmake[1]: Entering directory `/joshi/openssl-0.9.8h_final'
making all in test...
gmake[2]: Entering directory `/joshi/openssl-0.9.8h_final/test'
xlc_r -I.. -I../include -DOPENSSL_THREADS -
Kyle, I am not sure what you are referring to when you say, 'application
binary', my application binary or the OpenSSL-fips binary. Anyways, here is the
info with what I have understood.
1. My application binary (i.e. my client server application XYZ) is the same on
both the systems.
2. On both
Client certificate chain along with the Intermediate CA certificates is
attached. This chain certificate is converted to x509 standard ,PEM format
and then sent to server.
Patrick Patterson-3 wrote:
>
> Hello Prathima:
>
> On March 24, 2009 10:40:47 am prathima wrote:
>> Hi Kyle,
>>
>> CA cert
Client certificate chain along with the Intermediate CA certificates is
attached. This chain certificate is converted to x509 standard ,PEM format
and then sent to server.
Patrick Patterson-3 wrote:
>
> Hello Prathima:
>
> On March 24, 2009 10:40:47 am prathima wrote:
>> Hi Kyle,
>>
>> CA cert
Hi Patrick:
1.Only the root CA has the extension "Basic Constraints: CA:True"
Intermediate CA dont have fieldsBasic Constraints.
Could yo please help me in generating Intermediate CA certificate having
fields"Basic Constraints: CA:True"?
2.Issuer/Subject fields of CA certificate chain are correc
Have you made sure that the version of the application binary that
you're using on the second system is the same as the one that you just
built to not require SSE2?
-Kyle H
On Mon, Mar 30, 2009 at 12:09 AM, Uma G. Nayak wrote:
> Thanks a lot, to you guys out there. This solved the problem on one
Oh man, newbie question, which means that someone doesn't understand
how X.509 is supposed to work.
The simplest answer is this: 'openssl req' and 'openssl x509', along
with 'openssl ca', will create X.509v3 certificates (we don't bother
with the 'digital', because there's only one case where we'v
Thanks a lot, to you guys out there. This solved the problem on one of the
machines, which used to say, UNSUPPORTED PLATFORM. Now even my AMD processor is
able to run my application in FIPS mode.
Now I am off to have a look at the problem in the second system, which fails to
start my applicatio
33 matches
Mail list logo
