Re: Handshake question

You metion that: Server loads its server certificate and private key ( self-signed by a CA that I created). I would liem to clarify: the server cert is a self signed cert? or the CA cert is a self signed cert? If the server cert is a self signed cert, the server is actually the ca, which in this c

Re: X509 verify

By the way sorry for the font size, it does not mean anything, it just mixed up during cut and paste. The function to dump x509 into a certificate is is PEM_write_bio_X509() and the function to dump a x509 der file is bio_write(). Here is the doc on bio_write http://www.manpagez.com/man/3/BIO_wri

Re: X509 verify

I would not use the X509_print_fp(), since it does not give you the PEM or DER file. Use intead PEM_write_bio or write_bio() for PEM and DER respectively. Also check for error for the status of these two bio write function. hopefully it helps From: Andrea Saracino Sent: Wednesday, July 27, 201

Re: Handshake question

On 27 Jul 2011, at 4:37 PM, castre...@gmail.com wrote: > There is no data to send to the client ( I have checked the BIO out and there > is no pending data to send out). > This is my main problem. > > When I check the clients state using SSL_state_string from the last read it > returns "UNKWN

Re: X509 verify

Hi Erwin, thanks for your fast answer. I dumped both the certificates in 2 PEM files, then I used the X509_print_fp() to obtain the readable version of both of them. The two resulting files are identical. Perhaps there is something wrong in the invocation of the i2d/d2i functions. I'm posting an ex

Re: Simple question: Maximum length of PEM file?

On 7/26/2011 10:16 PM, Katif wrote: Can you tell me what are the application dependency factor here so we'll be able to chase a limit? It is used as an RSA key exchange certification/private key pairing. Thanks... Maximum RSA key size supported. Extensions supported. DS __

Re: Handshake question

On 27 Jul 2011, at 1:52 PM, castre...@gmail.com wrote: > Using memory buffers and blocking IO. > > I begin the handshake by the client intiating hello message. > The server reads message, and data is put in its ssl output. This is sent > back to client. > The client read the data ( SSL_read)

Handshake question

I need some help. I am basically stuck and don't know how to fix the handshake and must be missing something. Perhaps it is something with the certificates. I have a server certificate/privatekey and a CA certificate. Server loads its server certificate and private key ( self-signed by a CA

support for 2048-bit keys

Hello, I am working on a product where we are upgrading from openssl-0.9.8.d to version 1.0.0, and we want to transition from using 1024 bit keys to 2048. I am coming up to speed with SSL in general. My question is: was key length of 2048 already supported on openssl-0.9.8.d? I did read about it in

Re: Simple question: Maximum length of PEM file?

On 26 Jul 2011, at 10:16 PM, Katif wrote: > Can you tell me what are the application dependency factor here so we'll be > able to chase a limit? > > It is used as an RSA key exchange certification/private key pairing. > > Thanks... The two things that are variable size are the key material it

Re: Bug in OpenSSL 0.9.8e

On 20 Jul 2011, at 2:25 AM, Vinay Kumar wrote: > Hi All, > > I am using OpenSSL OpenSSL 0.9.8e. The OpenSSL function sometimes > sha1_block_host_order () crashes on Linux. Is there any fix available for > this issue or what are the modifications need to be done? Please guide me. > > The core

Re: X509 verify

The way I would verify this is by writting the original X509 object into PEM file and dumping the X509 object resulted from d2i_x509() into another PEM file and compares both files using the openssl ; either using asnparse or x509 command. On Wed, Jul 27, 2011 at 9:46 AM, Andrea Saracino wrote:

TLS handshake failure

One of our customers is trying to setup a TLS for SIP trunk. Self-signed certificates (2048 bit) & non encrypted configuration on SIP trunk work but a CA signed certificate does not. Going by this SSL/TLS detail example http:// t

Re: disabling encryption

Yeah, it does seems to do that. I tested it with s_client and s_server, (s_server with -cipher eNULL),and if client also were not with -cipher -eNULL, then connection failed.So, there might be need to explicitly configure both ends of connection.   Citējot navin gopalakrishnan : Hi,    I am u

Re: testing null encryption

On Wed, Jul 27, 2011 at 02:53:09AM -0700, navin gopalakrishnan wrote: > a) testing NULL Encryption: > > While building openssl i modified the macro SSL_DEFAULT_CIPHER_LIST to > #define SSL_DEFAULT_CIPHER_LIST "eNULL" That was unwise, don't do that. > My understanding is the above modification?

X509 verify

Hello everyone, I've found some issues using the function X509_verify() on a simple X509 certificate. After the creation, if I call: X509_verify(certificate,ca_key); the function returns 1, but if I call the i2d_X509() function on the certificate and then the d2i_X509() on the obtained byte strin

"missing export tmp rsa key" (1024bit rsa key) with RSA_EXPORT_WITH_DES40_CBC_SHA

Hello, openssl.exe s_client -connect services.gmf.fr:443 exits with the message "missing export tmp rsa key" The server selects RSA_EXPORT_WITH_DES40_CBC_SHA and sends an 1024bit RSA key. If I increase the RSA key size limits like below: - #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ?

disabling encryption

Hi,    I am using openssl-1.0.0d. I would prefer to disable encryption in the ssl protocol and have only authentication & integrity. ie application data is sent without encryption. Is there a way to do this is in openssl? Does usage of eNULL in the default cipherlist provides this? Thanks.

testing null encryption

Hi, I am using openssl-1.0.0d. downloaded the source and built the library. Can anyone suggest how to do the following: a) testing NULL Encryption:    While building openssl i modified the macro SSL_DEFAULT_CIPHER_LIST to    #define SSL_DEFAULT_CIPHER_LIST "eNULL" My understanding is the above

Re: Simple question: Maximum length of PEM file?

Can you tell me what are the application dependency factor here so we'll be able to chase a limit? It is used as an RSA key exchange certification/private key pairing. Thanks... JoelKatz wrote: > > On 7/26/2011 4:38 AM, Katif wrote: > >> I need to know in advance the maximum length of the f