Wow can't believe I already got an answer! Thanks so much guys I should be good
to go.
On Aug 14, 2012, at 6:59 PM, Jason Goldberg wrote:
> Before you call generate_key, you need to initialize your EC_KEY with a curve:
>
> EC_GROUP *group = EC_GROUP_new_by_curve_name(curve);
> EC_KEY_set_grou
Last time I learnt how to generate ECC key, I use apps/ecparam.c as a
reference.
To get a feel on what the code is doing, I played with the openssl ecparam
utility.
Using the utility, I also created CSR (PKCS10), created self-signed
certificate, etc.
I hope this is helpful.
Erwin
On Tue, Aug 1
Before you call generate_key, you need to initialize your EC_KEY with a curve:
EC_GROUP *group = EC_GROUP_new_by_curve_name(curve);
EC_KEY_set_group(testKey, group);
For 'curve' you could use, for example, NIST P256 which is defined with the
macro: NID_X9_62_prime256v1
You can then use these pr
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Tuesday, 14 August, 2012 08:09
> > if your self-signed cert has a KeyUsage extension that does
> > not include certSign,
> > OpenSSL skips it for chain-building, resulting in verify 20.
>
> Looks like the latter to me. P
I have been trying to figure out how to generate an elliptic curve public
private key pair and can't find much information on how you properly do
that. So far I have done the following and I'm pretty sure I am missing a
step someplace.
void makeECCKeyPair() {
EC_KEY *testKey = EC_KEY_new();
Eventually I solved this problem. Here is the set of commands I need to use to
generate the shared fips-capable openssl libraries:
su
cd fips // wherever that may be
./config
make
make install
// this installs fipscanister.o and adjacent files into /usr/local/ssl/fips-2.0/
cd openssl // still as
On Tue, Aug 14, 2012, adrien pisarz wrote:
>
>
> For information, the index file is written by parsing a CRL file but I
> don't want to write into this file all the valid certificates as an
> enrolment be done and my index file may not be synchronized. I have an
> other question, why the en
On Tue, Aug 14, 2012, no_spam...@yahoo.com wrote:
> Is there a correlation between the strength (size) of the asymmetric keys
> used to do the authentication and the strength (size) of the ephemeral DH
> keys generated/used to protect the session key (during the key exchange)?
>
> On first glance
Thanks Dave for your time and patience.
I am porting an existing Windows-based TCP/IP server (receive-only, not a
Web server) to OpenSSL.
The way it works with TCP/IP is it sets up a socket, binds it to the desired
port, sets up a timeval, and issues a select. When the select is satisfied
if the
On Tue, Aug 14, 2012 at 3:00 PM, wrote:
> Thank you for the information and links.
>
>> [stuff deleted]
>
>>
>>> I'm probably missing something in the OpenSSL implementation. The
>> documentation for SSL_CTX_set_tmp_dh_callback() says that the
>> "tmp_dh_callback is called with the keylength ne
Thank you for the information and links.
> [stuff deleted]
>
>> I'm probably missing something in the OpenSSL implementation. The
> documentation for SSL_CTX_set_tmp_dh_callback() says that the
> "tmp_dh_callback is called with the keylength needed..." But surely
> this can't be only 512 o
Hi, Thanks for your reply and all the information provided. regarding the 3.
question, you are right, I want to have an OCSP responder based on CRL. For
information, the index file is written by parsing a CRL file but I don't want
to write into this file all the valid certificates as an enro
Bonjour,
Answers inline.
--
Erwann ABALEA
Le 14/08/2012 19:03, adrien pisarz a écrit :
Hi,
I have several questions about the ocsp functionnality. I read many
articles before asking those questions and unfortunetaly I still don't
have the answers. Maybe you can help me.
Fist of all, here
On Tue, Aug 14, 2012 at 12:23 PM, wrote:
> Is there a correlation between the strength (size) of the asymmetric keys
> used to do the authentication and the strength (size) of the ephemeral DH
> keys generated/used to protect the session key (during the key exchange)?
Yes, there is.
> On first
Is there a correlation between the strength (size) of the asymmetric keys used
to do the authentication and the strength (size) of the ephemeral DH keys
generated/used to protect the session key (during the key exchange)?
On first glance, in s3_srvr.c, it seems like the tmp_dh_callback() functio
OpenSSL s_server works without error if my client sends to localhost but not
if it sends to the hostname of the machine. (Other than a name error because
I have not re-done the server certificate.) I am calling that a totally
satisfactory outcome as it works for me for testing.
I consider this iss
Dave -
Thanks much!
> If the filename can't be opened SSL_CTX_load_verify_locations returns
false. Your code does check for that, I hope.
Good to know. Thanks. (Sometime APIs just "stash" a name somewhere for use
later.) Yes, I check every return code and put out a good error message if
the call
Dave, thanks.
> calling code was supposed to replace &d with a real value
You are right, of course. Stupid programmer tricks. Turns out &d is not the
same thing as %d.
Got that one solved. My client and my server code now make it through a
certificate negotiation. Have not coded any farther as
18 matches
Mail list logo
