RE: blowfish failing after around 1k input data...

2010-06-11 Thread David Schwartz
Charlie wrote: > His algorithm has one part that doesn't seem right to me, but changing > it made things even worse. It seems weird that the "Final" function is > inside the main for loop. It seems like "final" should mean... final. > (ie: after the looping is done). It's quite common that fix

RE: SSL Cert renewal on Tomcat box running CAS (on Windows)

2010-06-11 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of Jeremy Bennett > Sent: Thursday, 10 June, 2010 23:03 > t I'm having a heck of a time trying to get a renewed cert > loaded up into Tomcast for our CAS system. It keeps saying > 'unable to load private key'. It's worked before but this > tim

Re: blowfish failing after around 1k input data...

2010-06-11 Thread charlie
It's sigaborting inside EVP_DecryptFinal_ex(). The SIGABRT is triggered by an assert: "/SourceCache/OpenSSL098/OpenSSL098-32/src/crypto/evp/evp_enc.c(326): OpenSSL internal error, assertion failed: b <= sizeof ctx->final" Chuck On June 11, 2010 03:18:49 P.M. EDT, charlie wrote: I

blowfish failing after around 1k input data...

2010-06-11 Thread charlie
I've got blowfish encryption and decryption working, except that after the input data gets to around 1kB, it crashes when trying to decrypt the last encrypted output. here's the code (pardon/ignore the objective-c stuff)... #define INBUFFERSIZE 1024 #define OUTBUFFERSIZE 1032 static const

RE: certs with the same Subject Name

2010-06-11 Thread Kevin Li
Recently I got the same problems here. Normally if you have multiple certificates with the same subject, OpenSSL will pick up the first one. As Stephen said, OpenSSL will also check AKID/SKID, but only if both of them have that extension available. Otherwise, it won't. Even the target certificat

Re: certs with the same Subject Name

2010-06-11 Thread Chris Bare
> On Thu, Jun 10, 2010, Chris Bare wrote: > > > I have 2 different certs with the same subject name in a CA dir: > > > > lrwxrwxrwx 1 chris chris 23 2010-06-10 14:35 0721e1e6.0 -> other.pem > > lrwxrwxrwx 1 chris chris 18 2010-06-10 14:35 0721e1e6.1 -> ssl.pem > > > > when I try to establish

Re: [FWD] make: don't know how to make /usr/local/ssl/fips-1.0/lib/fipscanister.o. Stop

2010-06-11 Thread Dr. Stephen Henson
On Thu, Jun 10, 2010, Lutz Jaenicke wrote: > > i'm installing openssl-0.9.8l on freebsd 8.0. It complains about the > following: > > making all in crypto/ui... > making all in crypto/krb5... > making all in crypto/store... > making all in crypto/pqueue... > making all in fips... > make: don't kn

Re: [FWD] VeriSign Intermediate Certificate missing

2010-06-11 Thread Dr. Stephen Henson
On Fri, Jun 11, 2010, Lutz Jaenicke wrote: > > the intermediate certificates used by VeriSign to sign certificates are > not included in the default ssl packages. > > The missing keys can be found at this site: > http://www.verisign.com/support/verisign-intermediate-ca/extended-validation/index.

Re: certs with the same Subject Name

2010-06-11 Thread Dr. Stephen Henson
On Thu, Jun 10, 2010, Chris Bare wrote: > I have 2 different certs with the same subject name in a CA dir: > > lrwxrwxrwx 1 chris chris 23 2010-06-10 14:35 0721e1e6.0 -> other.pem > lrwxrwxrwx 1 chris chris 18 2010-06-10 14:35 0721e1e6.1 -> ssl.pem > > when I try to establish an ssl connecti

[FWD] VeriSign Intermediate Certificate missing

2010-06-11 Thread Lutz Jaenicke
Forwarded to openssl-users for discussion. Best regards, Lutz - Forwarded message from Marcus Franke - Date: Fri, 11 Jun 2010 10:21:26 +0200 From: Marcus Franke User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4 To: r...@ope

Re: Segfault when encrypting

2010-06-11 Thread Hannes Schüller
On Thu, Jun 10, 2010 at 03:55:40PM -0700, David Schwartz wrote: > > Hannes Schuller wrote: > > > > I'm very puzzled here. Why do you sign the reply and then sign a hash > > > of the signature? You say "Message encryption successful", but that's > > > a signature you're doing, not an encryption. >

RE: on the security of wildcard certs (was: self-signed SSL certificates and trusted root certificate)

2010-06-11 Thread Eisenacher, Patrick
Hi Jeff, > -Original Message- > From: Jeffrey Walton > > Hi Patrick, > > > I'm afraid I don't get your point. > (1) Wild carding violates the Principle of Least Privilege. I can't see that any endpoint in the communication gets more privilege than necessary when I equip my host with a w

SSL Cert renewal on Tomcat box running CAS (on Windows)

2010-06-11 Thread Jeremy Bennett
t I'm having a heck of a time trying to get a renewed cert loaded up into Tomcast for our CAS system. It keeps saying 'unable to load private key'. It's worked before but this time we have a renewed cert. Anyone have any ideas? jbenn...@jbennett-laptop:~/temp$

[FWD] make: don't know how to make /usr/local/ssl/fips-1.0/lib/fipscanister.o. Stop

2010-06-11 Thread Lutz Jaenicke
Forwarding to openssl-users for discussion. Best regards, Lutz - Forwarded message from Pamela Pomary - Date: Thu, 10 Jun 2010 18:09:07 - (GMT) Subject: make: don't know how to make /usr/local/ssl/fips-1.0/lib/fipscanister.o. Stop From: Pamela Pomary To: opens