Anil Tambe wrote:
> Getting the Below error :
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> As of now i am not able to reproduce the issue in stand alone openssl,
> this is coming from the parent application which is consuming openssl.
What is the problem? Are clients
hi,
Operating System : HP-UX PA32
openssl - 0.9.8k
Getting the Below error :
error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
As of now i am not able to reproduce the issue in stand alone openssl
, this is coming from the parent application which is consuming
openssl.
We t
Sorry for the FW subject here. I am finally on my main machine and not
trying to send this email from my cellphone.
I am looking at the source for OpenSSL 0.9.8b.
Line 1207 of ./ssl/s3_srvr.c shows a call to the SSL_C_EXPORT_PKEYLENGTH
macro, which is defined on line 359 of ./ssl/ssl_locl.h. Th
2.5 hours. And the file size ended up (just the private key, in PEM
format) 12603 bytes.
-Kyle H
On Wed, Jun 17, 2009 at 3:00 PM, Satish Chandra
Kilaru wrote:
> Thank you. I was thinking the same. I thought a 5K buffer should be
> enough to store a 4K bit key in PEM format.
>
> I am curious to k
patfla wrote:
>
> m...@machine /cygdrive/c/openssl-0.9.8k
> $ grep -ri "hwinsta" . --include=*.c
> ./crypto/cryptlib.c:{ HWINSTA h;
> m...@machine /cygdrive/c/openssl-0.9.8k
> $ grep -ri "hwinsta" . --include=*.h
>
> m...@machine /cygdrive/c/openssl-0.9.8k
> $
>
Search my VisualStudio .h fil
Paul Allen-4 wrote:
>
> On Mon, 2009-06-15 at 21:32 -0700, patfla wrote:
>> Hi Paul,
>>
>> I'm using (and have used from some time) a windows build of OpenSSL from
>> here:
>>
>> http://www.slproweb.com/products/Win32OpenSSL.html
>
> Yup. I don't know why anybody would take that risk when bu
The following flags can be passed in the *flags* parameter.
If *CMS_DETACHED* is set then cleartext signing will be used, this option
only makes sense for SignedData where *CMS_DETACHED* is also set when
CMS_sign() is called.
If the *CMS_TEXT* flag is set MIME headers for type *text/plain* are ad
On Wed, Jun 17, 2009, Chris Bare wrote:
> I'm trying to use openssl to generate a signed CMS that matches the output of
> a windows program written with the BouncyCastle library. One of the
> differences I've noticed is that my openssl output has the length set for each
> structure whereas the c#
On Wed, Jun 17, 2009 at 02:51:10PM -0700, Kyle Hamilton wrote:
> This isn't really an OpenSSL issue, and I'd suggest asking for help
> from people who are more familiar with postfix. However...
That's what I told him on the Postfix-users list, but he chose
to come here anyway, despite my best ef
Thank you. I was thinking the same. I thought a 5K buffer should be
enough to store a 4K bit key in PEM format.
I am curious to know how long it took for you to generate 16Kbit key.
--Satish
On Wed, Jun 17, 2009 at 5:37 PM, Kyle Hamilton wrote:
> There is no upper limit on the size of an x.509 c
This isn't really an OpenSSL issue, and I'd suggest asking for help
from people who are more familiar with postfix. However...
The log says that none of the names matched:
Jun 15 13:57:46 emily postfix/smtpd[23401]: SSL_accept error from
sepaip2.webish.nl[77.243.228.161]: -1
Jun 15 13:57:46 emil
There is no upper limit on the size of an x.509 certificate file in
DER. PEM takes DER and increases its size by 4/3. So no, there is no
upper limit on the size of a PEM format certificate.
Your private key is 4096 bits, or 512 bytes. OpenSSL stores private
keys with their public counterparts (
I'm trying to use openssl to generate a signed CMS that matches the output of
a windows program written with the BouncyCastle library. One of the
differences I've noticed is that my openssl output has the length set for each
structure whereas the c# program has the length as inf and closes with an
It's probably because 'openssl req -x509' was used to create it,
without using the -set-serial option.
-Kyle H
On Wed, Jun 17, 2009 at 12:00 PM, Satish Chandra
Kilaru wrote:
> Hi Kyle
>
> Thank you. This was generated using openssl command. Could illegal
> serial number be because of a wrong entr
HI All
Is there be an upper limit on the size of a x509 certificate file in
PEM format? Suppose that I am using 4096 bit key.
Is there a way to calculate such length.
Similarly is there an upper limit on the size of PEM format private
key file? I am using 4096bit key.
Thank you
--Satish
I have an application which uses a "push" data model - that is my code
sits and gets called to either decrypt data from the network, or encrypt
data to the network. It can buffer data, and return an indication that
nothing was done (yet), but must not block.
So, I wrapped the encrypted side of an
Hi Kyle
Thank you. This was generated using openssl command. Could illegal
serial number be because of a wrong entry in conf file?
--Satish
On Wed, Jun 17, 2009 at 2:34 PM, Kyle Hamilton wrote:
> It is basically a human-readable expression of the data that's in the
> certificate. Theoretically,
Jelle de Jong wrote:
> Hello everybody,
>
> I am searching for answers and solutions for the connection issue
> described in the attached text log.
>
> I got this response from Wietse from postfix:
>
>> Code fragment:
>> sts = tls_bio_accept(vstream_fileno(props->stream), props->timeout,
>>
I had an off by one error when I tried to read the top of the stack back
and that no longer seg faults but I still have the problem when I go to
sort and sign the CRL.
Bram Cymet wrote:
> Sorry I should have been more clear. I am compiling from the 0.9.8k
> source off the openssl.org website on li
Sorry I should have been more clear. I am compiling from the 0.9.8k
source off the openssl.org website on linux. SLES 11 to be exact.
Kyle Hamilton wrote:
> Er. Which 'build' of openssl, and which website? (There's the
> slproweb.com build of OpenSSL for Windows, currently at 0.9.8k;
> pre-built
It is basically a human-readable expression of the data that's in the
certificate. Theoretically, the certificate could be regenerated from
the data in this expression, but I've never seen an implementation
that makes it possible.
This certificate is in violation of PKIX because its serial number
Er. Which 'build' of openssl, and which website? (There's the
slproweb.com build of OpenSSL for Windows, currently at 0.9.8k;
pre-built binaries aren't really available for other platforms.)
-Kyle H
On Wed, Jun 17, 2009 at 10:44 AM, Bram Cymet wrote:
> Hi,
>
> I am having problems when I call X
If you're using a Java program, you should also be using the Java
keystore, which has an integrated PKCS12 parser.
However, it's possible you may need to use an OpenSSL 0.9.8k instance
to work with it. (The error message states that it's expecting a
PKCS12 header, but the file that you passed on
The server must also be willing to support the same ciphersuite. In
this case, the server probably doesn't have the AES ciphers enabled.
(I hope that you only have TLS_RSA_WITH_NULL_SHA as a debugging aid,
or have evaluated the risk of information disclosure against the
security policy of your app
Which source version are you looking at? 1.0.0-beta2 does not use
this as any argument to any function (in fact, the only place it
appears in the source tree is ./ssl/ssl_locl.h).
-Kyle H
On Mon, Jun 15, 2009 at 4:00 PM, Domingo Kiser wrote:
> Hello,
>
> Does the "SSL_EXPORT_PKEYLENGTH" macro de
Hi,
I am having problems when I call X509_CRL_sort and X509_CRL_sign. I am
getting a seg fault in the X509_CRL_cmp function. After doing a fair bit
of testing I think I have found that when an X509_REVOKED object is
added to the revoked stack it is getting corrupted some how. I have
tried to read
Hi
In the following sample certificate, there is a tun of information
before --BEGIN CERTIFICATE--.
Who is this for? Is it for a human reader to make sense of who/what
this certificate is certifying? If it is for a s/w program that uses
certificates, how is this information supposed to be used?
T
Forwarded to openssl-users for discussion.
Best regards,
Lutz
- Forwarded message from Carlo Coretti -
From: Carlo Coretti
Reply-To: Carlo Coretti
To: r...@openssl.org
Cc: openssl-b...@openssl.org
Subject: Request support
Date: Wed, 17 Jun 2009 15:16:41 +0200
We have problem
Hi,
I use
1. Windows CE 5.0 SDK.
2. Microsoft eMbedded Visual C++ 4.0.
3. wcecompat 1.1.
4. openssl-1.0.0-beta2
Then do next steps:
1. "C:\Program Files\Microsoft eMbedded C++
4.0\EVC\wce500\bin\WCEARMV4I.BAT"
2. set WCECOMPAT=C:\wcecompat
I am using openssl-0.9.8k. i am not finding defination of function
X509_CRL_free into openssl-0.9.8k source so in which file its defined.
Thanks in advance for your feedback.
Regards,
Vinod
--
_
Disclaimer: This e-mail message
Hi friends,
This is my fisrt message here!
I'm making a parallel version of BN_mod_exp_mont.
However I am encountering many problems when using
pthreads.
#include
#include
#include
#include
#include
#include
/* To use as callback in 'pthread_create()' */
void BN_mod_exp_mont_call( void * a
Hi,
I was wondering if i could convert the data outputted by this command:
openssl x509 -noout -fingerprint -text < test.cert > info.txt
Back into a certificate after I modify it, as it would make it easier to
generate certificates.
Thanks.
I will be out of the office starting 06/17/2009 and will not return until
06/22/2009.
I will respond to your message when I return. If you require immediate
assistance, please contact our support line at net-h...@csulb.edu.
hello,
when i traced ecdsa_do_sign, i can not find the definition of
ECDSA_SIG_new(), anyone know where it is ? thank you
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
- Original Message -
From: "Dr. Stephen Henson"
On Tue, Jun 16, 2009, Carl Young wrote:
How would the engine be expected to pick up the IV, aside from the cipher
context?
If you look at EVP_cipher_asn1_to_param() you'll see it calls
get_asn1_parameters in the EVP_CIPHER structure.
Hi all,
I've applied open ssl version 0.9.8d (64bit) to my application. In this
program, user can choose remote PC that he wants to connect. When setting
information of remote PC, user must specify the ciphersuite used by this PC.
There are 3 options for ciphersuite, including TLS_RSA_WITH_NULL_S
Hi,
Im using openssl 0.9.7a in Redhat RHEL4 and using this command in my java
program.. which throws the following ERROR>3460.
I have tried with other previous versions of openssl like 0.9.6c/0.9.6b ,
but resulted in same ERROR>3460.
We are trying to install CA & RA applications in Redhat usi
Hey,
I am trying to build openssl under XP command prompt for MS-DOS. I have
Configure working with no errors:
#!/dev/env/DJDIR/bin/bash
WATT_ROOT=/dev/env/DJDIR/watt32 && \
perl ./Configure no-threads no-idea 386 --prefix=/dev/env/DJDIR DJGPP
Then I make the project:
#!/dev/env/DJDIR/bin/ba
-- Forwarded message --
From: Domingo Kiser
Date: Mon, 15 Jun 2009 16:00:20 -0700
Subject: DH prime over 1024 bits capped by OpenSSL?
To: openssl-users@openssl.org
Hello,
Does the "SSL_EXPORT_PKEYLENGTH" macro defined in "ssl_locl.h" force
non-export ciphers to always use a diffi
Steve,
Of course you're right.
Sorry for the error...
Sebastien
Dr. Stephen Henson a écrit :
On Wed, Jun 17, 2009, Sbastien PIAU wrote:
Steve,
Fortunately, this certificat is only a test one...
I'll ask for password from issuer.
Err it is not a certificate it is a private key.
S
40 matches
Mail list logo
