Thanks to those who answered. It was a simple goof using std::string's
substr() method; I was treating the second parameter as the end position
rather than the character count, thus lopping off some essential characters
and causing the failure. It works now.
16 May 2011 Monday 7:28 P.M. Singapore Time
For Immediate Release
SINGAPORE, SINGAPORE - Singapore Citizen Mr. Teo En Ming (Zhang Enming)
would like to report first hand account of mind intrusion and mind
reading. I have been hearing voices for quite some time now but I have
not been able to i
On Mon, May 16, 2011, G S wrote:
> A follow-up: After seeing an example, I tried printing the result of
> ERR_reason_error_string(ERR_get_error()). It's null.
ERR_print_errors_fp(stderr) might be more useful: see FAQ.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial te
> From: owner-openssl-us...@openssl.org On Behalf Of Mohan Radhakrishnan
> Sent: Monday, 16 May, 2011 00:13
> Not sure why I mixed up the order earlier but this procedure works.
>
> If the old leaf is first in the .pem file followed by the
> new intermediate and the old root the intermediate is r
Am not sure what the poster of this msg is actually doing, but I faced a
similar problem when I was trying to achieve SSL from kernel, I had to work
on sk_buff chains and fragmented SSL Records, and during my development, I
got a lot of error alerts of 21 as some boundary conditions were not met. I
> From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Sundar
> Sent: Monday, 16 May, 2011 10:18
> You could hack ur client and server to use cipher null and see the
> alert in clear..most,y should be digest failure.
>
If you mean MAC failure (actually MAC-or-decryption-failure,
since the
> From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Sundar
> Sent: Monday, 16 May, 2011 16:06
> Alert 21 seems to be decryption failure.
>
Alert description aka alert code 21, yes.
But OP says he is getting an encrypted alert, apparently in
wireshark, which then can't and doesn't deco
On Mon, May 16, 2011 at 9:53 AM, John Hascall wrote:
>
>> Duh, thanks to the people who pointed out that the pointer returned by
>> PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use
>> Xcode, which refuses to show any local variables and GDB claims they don't
>> exist).
A follow-up: After seeing an example, I tried printing the result of
ERR_reason_error_string(ERR_get_error()). It's null.
OK, this is perplexing. I have a PEM-format RSA key in a character string
called _publicKey, with newlines between the header, key data, and trailer.
Like this:
-BEGIN PUBLIC KEY
MCwwHRTJKoZIhvcNAQEBBQADGwAwGAIRALPMoZzXMLIKhidteVfdR28CAwEAAQ==
-END PUBLIC KEY-
But PEM_read_bio_RS
On Mon, May 16, 2011 at 8:51 AM, Sergey wrote:
> Hello,
>
> I have a program, written on C++ and QT.
> I need to implement checking of file signature in my program, so that it
> would do the same check, as this openssl command:
>
> openssl dgst -sha1 -signature signature.bin -verify pubkey.pem fi
On Mon, May 16, 2011, openssl-fips-1.2.2 wrote:
>
> Hi,
>
> I am trying to cross-compile openssl-fip-1.2.2 for arm-linux on a Linux
> x86-host system. The compilation goes through, but the tests fail to run on
> the target with errors as shown below.
>
> 1. This is how I compiled the library.
Hi,
I am trying to cross-compile openssl-fip-1.2.2 for arm-linux on a Linux
x86-host system. The compilation goes through, but the tests fail to run on
the target with errors as shown below.
1. This is how I compiled the library.
# setting environment variables;
export CROSS_COMPILE=/
Alert 21 seems to be decryption failure.
Sent from my iPad
On May 16, 2011, at 6:12 AM, pradeepreddy wrote:
>
> Hi,
>
>
> After lot of struggles, finally get rid of this error, but I cant tell the
> reason, how was it rectified.
> We installed our libs on a new machine.
>
> Now a different
On Mon, May 16, 2011 at 11:56:41AM +0100, Mike Bell wrote:
> Thanks Viktor,
>
> I hadn't properly understood the relationship between the certificate
> and the cipher, so I'll look at that now. I think I'm also confusing
> the OpenVPN?& OpenSSL relationship.
>
> OpenVPN does appear to be using TL
Use the same tool from the JDK, keytool.exe. Your response should be nothing more than a certificate, the private key that is associated to that certificate had an alias , which you to specify during the import process. Sent from my Windows Phone
From: ZicoSent: Monday, May 16, 2011 11:40 AMTo:
On Mon, May 16, 2011 at 9:08 PM, Eduardo Navarro
wrote:
> 4. import response into the keystore
>
Thanks Eduardo for your nice and very very effective email. But, I am having
problem with this number 4. What I need to do here actually? Do i need to
install this? Or.. do I need to "replace ( jus
Java has tools to create the key pairs and the CSR; you are not required to do
this with OpenSSL. I provided some links below that have some commands.
https://www.digicert.com/easy-csr/keytool.htm
http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/
In
Ah, I see the g3 option generates extra debugging info. I'll give it a
shot. I have a bug open with Apple about this anyway. It has proven to be
very hard to pin down. Restarting Xcode will usually eliminate the problem
and let you step through code... ONCE. If you want to do it again, you hav
On Mon, May 16, 2011 at 6:53 AM, John Hascall wrote:
>
> > (sadly I have to use
> > Xcode, which refuses to show any local variables and GDB claims they
> don't
> > exist).
>
>This is probably the optimizer, try compiling with -O0 -g3
>
Thanks, John, I am building Debug. I verified that -O0
Hi Bob,
Your question is of interest to me because I had posted a question about
renegotiation too and got no response yet:
>>I have a client and server that communicate with PSK-AES128-CBC-SHA.
In making openssl I selected no-tlsext. What I see is that client
initiates legacy renegotiati
You could hack ur client and server to use cipher null and see the
alert in clear..most,y should be digest failure.
On Monday, May 16, 2011, pradeepreddy wrote:
>
> Hi,
>
>
> After lot of struggles, finally get rid of this error, but I cant tell the
> reason, how was it rectified.
> We installed
I am learning various sites and blogs to make it clear, but, it's yet
unclear to me! I think, you may help me if you want and that will be a big
favor for me.
What I am trying to do is: I am trying to "renew cert" of one server which
was certified by CAcert.org. What I am trying to follow is:
1.
> Duh, thanks to the people who pointed out that the pointer returned by
> PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use
> Xcode, which refuses to show any local variables and GDB claims they don't
> exist).
This is probably the optimizer, try compiling with -O0
Duh, thanks to the people who pointed out that the pointer returned by
PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use
Xcode, which refuses to show any local variables and GDB claims they don't
exist).
The question now is why it's null, since I know the string itself i
Alexandre, you've got it!!!
Monday, May 16, 2011, 3:07:54 PM, you wrote:
AA> I'd try that way:
AA> authorityInfoAccess = @aias
AA> [aias]
AA> caIssuers;URI.1=http://pervaya.ssilka/..
AA> caIssuers;URI.2=http://vtoraya.ssilka/..
(3) So maybe you know how to deal with unknown (to ssl)
extenti
Hello,
I have a program, written on C++ and QT.
I need to implement checking of file signature in my program, so that
it would do the same check, as this openssl command:
openssl dgst -sha1 -signature signature.bin -verify pubkey.pem file.txt
Can i do it, calling some QT methods?
If no, are
Is pubKey a valid pointer after PEM_read_bio_RSA_PUBKEY?
If it is NULL there is an error in PEM data.
Da: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
Per conto di G S
Inviato: lunedì 16 maggio 2011 12:13
A: openssl-users@openssl.org
Oggetto: Why would RSA_size() c
> I'm trying to use the OpenSSL crypto lib. I've generated a public/private
> RSA key pair. Then I wrote some code to try to encrypt an eight-byte random
> string. But it crashes in RSA_size(). Here's the code:
>
> BIO* bp = BIO_new_mem_buf(_publicKey, -1);//
> Cr
Hello,
I have a program, written on C++ and QT.
I need to implement checking of signature in my program, so that it
would do the same check, as this openssl command:
openssl dgst -sha1 -signature signature.bin -verify pubkey.pem file.txt
what is the most optimal method, I can use?
What funct
I'd try that way:
authorityInfoAccess = @aias
[aias]
caIssuers;URI.1=http://pervaya.ssilka/..
caIssuers;URI.2=http://vtoraya.ssilka/..
but this is just my guess... might be wrong.
Alexandre
Le 16/05/2011 11:52, A.B.COKO/\OB a écrit :
> Viktor, thank you a lot for the syntax: really that manual
Hi,
After lot of struggles, finally get rid of this error, but I cant tell the
reason, how was it rectified.
We installed our libs on a new machine.
Now a different error is seen.
After client and server conection is established, TLSv1 Encrypted Alert+21
is sent by the client.
Google search d
Thanks Viktor,
I hadn't properly understood the relationship between the certificate and the
cipher, so I'll look at that now. I think I'm also confusing the OpenVPN &
OpenSSL relationship.
OpenVPN does appear to be using TLS according to the logs, so I had tried to
specify
tls-cipher E
Hi all.
I'm trying to use the OpenSSL crypto lib. I've generated a public/private
RSA key pair. Then I wrote some code to try to encrypt an eight-byte random
string. But it crashes in RSA_size(). Here's the code:
BIO* bp = BIO_new_mem_buf(_publicKey, -1);//
Create
Viktor, thank you a lot for the syntax: really that manual IS misleading!
Well, now I can configure good (for Microsoft) CRL distribution points:
crlDistributionPoints = ca_cdp
[ ca_cdp ]
fullname = @ca_cdp_uries
reasons = keyCompromise
[ ca_cdp_uries ]
URI.1 =
ldap:///CN=CA,CN=Is
Good Morning,
My situation is very strange, i guess.
At work we use a CFT server, which is very popular in Europe for File
transfert between corporation, like bank.
In my case one of our customer is a bank, and they want that our file
transfert to be securised over SSL.
CFT include SSL support
> From: dthomp...@prinpay.com
> To: openssl-users@openssl.org
> Subject: RE: Using self-signed certificates with openssl
> Date: Fri, 13 May 2011 22:06:55 -0400
>
> > From: owner-openssl-us...@openssl.org On Behalf Of Roger No-Spam
> > Sent: Friday, 13 May, 2011 04:15
>
> > We have
hi all
i'm a newbie to the openssl and plan to integrate SSL to my server. my
server is developed based on IO completion port. so i want
to separate the SSL engine from the socket object totally. after googled in
mail list, i found it is possible by using BIO pair mechanism .
after almost two we
38 matches
Mail list logo
