I am trying to write an application that uses OpenSSL to decrypt a RSA
encrypted secretkey using the privatekey in a smartcard. I am tring to use
commandline to do this but I can't load the PKCS11 engine and do decryption
on the same commandline. The PKCS11 engine unloads everytime OpenSSL exits.
JCA wrote:
>One of my requirements is to use a FIPS-compliant cryptographic
> module, and OpenSSL is an obvious choice. Now I understand that, when
> operating in FIPS-compliant mode, all the cryptographic operations in
> OpenSSL are completed atomically. In some cases, this could be a
> prob
One of my requirements is to use a FIPS-compliant cryptographic
module, and OpenSSL is an obvious choice. Now I understand that, when
operating in FIPS-compliant mode, all the cryptographic operations in
OpenSSL are completed atomically. In some cases, this could be a
problem. For example, if on
On Mon, Sep 14, 2009, Frank Mcgeough wrote:
I'm using openssl on a Symbian device. I load in my own certificate
file
and am able to verify my server connection. However, on a newer
device (
brand new ) there has been a change in what is provided in the
openssl dll
(I can see a byte level di
Nigel Sollars wrote:
>> I use SNI with VHosts myself on a shared server. But support on the
>> client side is still limited -- most importantly IE on Windows XP does
> Not even 8?
According to the net no (did not try it myself).
It seems to depends on the TLS library in WinXP, not the IE version.
Martin Schütte wrote:
Nigel Sollars wrote:
Since the need for me has arisen to require it, is there a status page /
better upto date information available?
The Wikipedia page seems to be well maintained:
http://en.wikipedia.org/wiki/Server_Name_Indication
Great thanks,
I use SN
Nigel Sollars wrote:
> Since the need for me has arisen to require it, is there a status page /
> better upto date information available?
The Wikipedia page seems to be well maintained:
http://en.wikipedia.org/wiki/Server_Name_Indication
I use SNI with VHosts myself on a shared server. But suppor
Hi,
I thought i would throw this one out there to see where sni is as far as
usable ( or not ) ...
At the company we have an online store and we need to replicate it for
different locales/languages. After reading some information on the net
it seems that the RFC spec is good but the impleme
On Mon, Sep 14, 2009, Bram Cymet wrote:
> I have an interesting problem.
>
> I use python with M2Crypto to make openssl calls. I am using M2Crypto
> 0.18.0, openssl 0.9.8k, and python 2.6. I am able to generate a private
> key and encode it in pem format. The only problem is that IPSEC
> (openswa
On Mon, Sep 14, 2009, Frank Mcgeough wrote:
> I'm using openssl on a Symbian device. I load in my own certificate file
> and am able to verify my server connection. However, on a newer device (
> brand new ) there has been a change in what is provided in the openssl dll
> (I can see a byte leve
I have an interesting problem.
I use python with M2Crypto to make openssl calls. I am using M2Crypto
0.18.0, openssl 0.9.8k, and python 2.6. I am able to generate a private
key and encode it in pem format. The only problem is that IPSEC
(openswan) is unable to use the file. If I run the following
I'm using openssl on a Symbian device. I load in my own certificate
file and am able to verify my server connection. However, on a newer
device ( brand new ) there has been a change in what is provided in
the openssl dll (I can see a byte level difference) and now I am
getting an error when
On Mon, Sep 14, 2009 at 01:49:23PM +1000, Andrew Sumner wrote:
> Darryl,
>
> Thanks for your detailed suggestions, especially:
>
> > It may also be helpful to call SSL_set_read_ahead(ssl, 0) to disable
> > readahead optimization just before you issue the SSL_shutdown(ssl).
>
> For some reason
Indeed CSP is a version 0.34 since 2007, no updates since then ... but
perhaps the project is mature and bug free, no evolution needed ? is
there still someone behind it (leifj at it.su.se is in copie ...)
regards .
Kyle Hamilton a écrit :
CSP-0.34 dates from 2007. ftp://ftp.su.se/pub/users
I think the desired function is X509_STORE_add_cert
SSL_CTX_use_certificate is to select you own certificate.
Francois Dupressoir wrote:
Hello Ram,
You may be interested in the d2i_X509_fp() function
[http://openssl.org/docs/crypto/d2i_X509.html#] in conjunction with
SSL_CTX_use_certific
Hello Ram,
You may be interested in the d2i_X509_fp() function
[http://openssl.org/docs/crypto/d2i_X509.html#] in conjunction with
SSL_CTX_use_certificate()
[http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html#].
Cheers,
Francois
ramaswamy.bm wrote:
Hi,
I am to use TLS for sec
Darryl,
Thanks for your detailed suggestions, especially:
> It may also be helpful to call SSL_set_read_ahead(ssl, 0) to disable
> readahead optimization just before you issue the SSL_shutdown(ssl).
For some reason, adding that line before the shutdowns made all the
difference - it now works
Hi,
I am to use TLS for securing an application's data transfer. For
development purposes I have been using a
dummy set of certificates in PEM format.
The currently used "SSL_CTX_load_verify_locations" API requires
that the certificate be in PEM format.
However, in real time sc
18 matches
Mail list logo
