> From: owner-openssl-us...@openssl.org On Behalf Of Thomas Koeller
> Sent: Thursday, 07 February, 2013 15:54
> On Thursday 07 February 2013 07:31:55 you wrote:
> > On Wed, February 6, 2013 23:47, Thomas Koeller wrote:
> > > bash-4.0$ openssl verify -x509_strict -CAfile cacert/root_ca.pem
> > > -
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Wednesday, 06 February, 2013 16:59
> To: openssl-users@openssl.org
> Subject: Re: fipslink
>
> On Wed, Feb 6, 2013 at 2:40 PM, Memmott, Lester
> wrote:
> > Jon,
> >
> > I'm having trouble with fipslink as well and thought
From what I understand so far, the "KeyBlock" is the place to look for the
key? It's just a matter of getting the sizes and order of the individual
Keys and IV's so that I can extract the bits I need. Any pointers in that
area?
While it is technically possible to extract keys (search for
tls_ope
On Thursday 07 February 2013 07:31:55 you wrote:
> On Wed, February 6, 2013 23:47, Thomas Koeller wrote:
> > bash-4.0$ openssl verify -x509_strict -CAfile cacert/root_ca.pem -purpose
> > sslserver cacert/host_ca.pem
> > cacert/host_ca.pem: C = DE, ST = Hamburg, O = K\C3\B6ller Family, OU =
> > K\C3
> Is it possible to serialize/deserialize the current SSL state so that the
> receiver can continue to handle the connection without the other side
> noticing?
Yes it's possible. Two places to look are the "session ticket" code within
OpenSSL, and the "serialize" function in Apache module mods
On Thu, Feb 7, 2013 at 9:00 AM, Trevor Jordan wrote:
> From what I understand so far, the "KeyBlock" is the place to look for the
> key? It's just a matter of getting the sizes and order of the individual
> Keys and IV's so that I can extract the bits I need. Any pointers in that
> area?
While it
s->s3->tmp.key_block
s->s3->tmp.key_block_length
I think, these are the variables you are looking for.. Memory for the
key_block is allocated in ssl3_setup_key_block() or tls1_setup_key_block()
functions. Key Block contains keys and IVs in the following order as
specified in RFC.
client wr
Hi,
on UNIX one can pass a file descriptor to an unrelated process. Is it
possible to serialize/deserialize the current SSL state so that the
receiver can continue to handle the connection without the other side
noticing?
If yes, how?
Thanks,
Torsten
_
On Thu, Feb 07, 2013 at 08:00:42PM +1300, Trevor Jordan wrote:
> >It is bad practice to clone keys. You should also not depend on
> >OpenSSL negotiating a particular algorithm. OpenSSL's key are
> >for the OpenSSL session only. Keys for your application should
> >be the result of a suitably indepe
Hello,
Is there a porting guide for porting 0.9.x to 1.x version of OpenSSL
especially to be used with the latest FIPS module? For an example, it appears
that SHA1_Init... cannot be used in FIPS mode and EVP_MD_... API should be used
instead.
Thank you,
-Pandit
Dr Henson,
Excellent! Thanks for clarifying that for us!
Jon,
I'm using dynamic openssl libraries so I have no need pursue this further. If
you still do, good luck!
Thanks,
Lester
__
OpenSSL Project
On Thu, Feb 07, 2013, Memmott, Lester wrote:
>
> Thanks so much for your response. Perhaps some clarification is in order.
> When you state "static libraries" are you referring to libeay32 being
> statically linked with the c runtime libraries? ...or do you mean my
> application statically lin
Dr Henson,
Thanks so much for your response. Perhaps some clarification is in order.
When you state "static libraries" are you referring to libeay32 being
statically linked with the c runtime libraries? ...or do you mean my
application statically linking in the openssl libraries?
Thanks,
L
Jon,
I've not made any meaningful progress yet, but found a few interesting things.
> I'm using fipslink.pl as is and didn't have to modify it. Did you have to
> modify yours before you called ntdll.mak? It's used in there.
I didn't have to modify it to build openssl but when I looked carefu
On Wed, Feb 06, 2013, Memmott, Lester wrote:
> Jon,
>
> I???m having trouble with fipslink as well and thought it might help to
> compare notes. These are the linker errors I???m getting using Visual
> Studio 2008:
If you can it is far easier to link against the DLLs created by the FIPS
capable
> Original Message
>From: Bruce Cran
>To: openssl-users@openssl.org
>Cc: "James"
>Sent: Thu, Feb 7, 2013, 9:48 AM
>Subject: Re: Issue with 1.0.1d with Apache 2.2.23
>
>On 07/02/2013 14:36, James wrote:
>>
>> Just an update, using a SSLCipherSuite in the SSL configuration file for
>> A
On 07/02/2013 14:36, James wrote:
Just an update, using a SSLCipherSuite in the SSL configuration file for Apache
of RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 works fine. The ciphers we're
using are
DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:DES-CBC3-SHA:RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES128-SHA:AES256-
> Original Message
>From: "James"
>To: openssl-users@openssl.org
>Cc: openssl-users@openssl.org
>Sent: Wed, Feb 6, 2013, 3:51 PM
>Subject: Re: Issue with 1.0.1d with Apache 2.2.23
>
>> Original Message
>>From: "James"
>>To: openssl-users@openssl.org
>>Sent: Wed, Feb 6, 2013, 2
Jeff,
Thanks for the suggestion but that isn't the case. You'll note below that the
unresolved external symbols are from fips_premain.obj, which was naturally
compiled from fips_premain.c.
> fips_premain.obj : error LNK2001: unresolved external symbol "unsigned
In looking at fips_premain.c,
I want to create expired Certs as to address them in code.
You would think this would be easy.
I use this command below to create a Cert and then a PKCS12 which I commonly
use for things.
openssl genrsa -out myrsa.pem 2048
openssl req -new -key myrsa.pem -inform pem -x509 -days 731 -out my.crt
-
20 matches
Mail list logo
