Hi,
Thanks for your reply.
I am aware of CipherFinal() but I wonder why CipherUpdate() writes
anything into the final buffer at all if the buffer size is a multiple
of the padding size. Additionally CipherFinal() fails if I call it
afterwards.
The documentation says "as a result the am
Hi Dave,
Keeping the things you have mentioned in mind, this is how it goes.
In server side, EE key is loaded using
SSL_CTX_use_RSAPrivateKey_file(ctx,eekeyfile,SSL_FILETYPE_PEM);
EE certificate is loaded using SSL_CTX_use_certificate_file(ctx,
eepemfile,SSL_FILETYPE_PEM);
And the intermediate cer
Hi Dave
Thanks for your reply. In the code for s_server and s_client, I manually
set cipher= "aNULL" and I still get the same error.
One thing to note is:
I used the built in s_server and s_client (command line) as follows and the
ssl connection is established.
openssl s_server -nocert -ciphe
> From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro
> Sent: Thursday, 01 December, 2011 16:17
> I would like to turn off certificates and use anonymous DH for
> a DTLS exchange. What flags do I use in the s_server and s_client
programs?
> I set the -no
On Thu, Dec 01, 2011, Hopkins, Nathan wrote:
> I'm using the below commands to create a ca ...
>
>
>
> openssl genrsa -des3 -out ca.key 2048
>
> openssl req -new -x509 -key ca.key -out ca.crt -days 730
>
> ... please can you advise how I can add a "friendly name" to this cert?
>
What do yo
> From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> Sent: Wednesday, 30 November, 2011 00:51
> Some more followup questions here:
> In case of a server application, it is expected to send
> > the intermediate certificates to the client. And in this case,
> From: owner-openssl-us...@openssl.org On Behalf Of Jonas Schnelli
> Sent: Wednesday, 30 November, 2011 09:57
> I try to pre-calculate the size of a EVP_Seal encrypted buffer
> (just the seal, exkl. keys). How do i precalculate that? I assume
> with some blocksize stuff (i'm a
Hi,
after you use the EVP_CipherUpdate(), you have to call the
EVP_CipherFinal() to encrypt the remaining bytes. Refer to the
documentation to see how to correctly pass the parameters:
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html. The same goes for
the decryption.
I hope this help.
Che
On 12/1/2011 6:33 PM, Rohit Bansal wrote:
Hi,
Let me start with a disclaimer that i am not very experienced with
openssl.
I have a requirement. In an enterprise all clients and servers
communicate over ssl. the certs in client and server are self signed.
There is one client application whic
I looked through the OID and couldn't see anything - I'm sure this must
be possible?
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jakob Bohm
Sent: 01 December 2011 21:22
To: openssl-users@openssl.org
Subject: Re: Friendly na
On 12/1/2011 9:25 PM, Hopkins, Nathan wrote:
I’m using the below commands to create a ca …
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt -days 730
**
… please can you advise how I can add a “friendly name” to this cert?
**
The "Friendly name" is the
Hi!
I would like to turn off certificates and use anonymous DH for a DTLS
exchange. What flags do I use in the s_server and s_client programs?
I set the -nocert flag in s_server, but I am getting the error " no cipher
suite exchanged".
Thanks!
I had a look and couldn't see a place for it in openssl.cnf? Or at
least nothing listed under name or friendly name or similar?
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Floodeenjr, Thomas
Sent: 01 December 2011 20:33
To: openssl-users@opens
Wouldn't that be in your openssl.cnf file?
Thomas Floodeen, Jr.
Mentor Graphics BSD
720.494.1133
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Hopkins, Nathan
Sent: Thursday, December 01, 2011 1:25 PM
To: openssl-users@openssl.org
Subject: RE: Frien
I'm using the below commands to create a ca ...
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt -days 730
... please can you advise how I can add a "friendly name" to this cert?
I found the problem with this was it was pkcs7
From: Hopkins, Nathan
Sent: 30 November 2011 18:52
To: openssl-users@openssl.org
Subject: RE: Unable to load certificate
When I try with ...-inform der I get ...
32328:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn
Hi,
Let me start with a disclaimer that i am not very experienced with openssl.
I have a requirement. In an enterprise all clients and servers communicate
over ssl. the certs in client and server are self signed.
There is one client application which talks to 100+ different services.
Currently t
Hi,
Is there any way to specify the certificate extensions (when using "req"
and "ca" tools) directly on the command line rather than using the
-extensions argument? I am looking for a way where I can avoid using the
config file with the "req" and "ca" commands.
Thanks,
Sandeep
Hello,
I am trying to decrypt a buffer whose size is a multiple of the padding
size (n * 16 bytes). But instead of getting the whole buffer as a result
from EVP_CipherUpdate() I only get "InSize - PaddingSize" decrypted
bytes. I get this behaviour with padding enabled and disabled. Is this
the
19 matches
Mail list logo
