On 5/24/2013 7:02 AM, Rahul Godbole wrote:
Hi,
Is there a way in which I get have all OpenSSL error messages being
printed in the syslog instead of console? Can I set some option or
something else in OpenSSL for that?
I am using OpenSSL 1.0.1c with fips 2.0.2.
If you are using the OpenSSL L
Does this call not work in FIPS mode?
unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
int key_len, const unsigned char *d, int n,
unsigned char *md, unsigned int *md_len);
On Fri, May 24, 2013 at 10:24 AM, Matt Caswell wrote:
> On 24 May
Hi,
Is there a way in which I get have all OpenSSL error messages being printed
in the syslog instead of console? Can I set some option or something else
in OpenSSL for that?
I am using OpenSSL 1.0.1c with fips 2.0.2.
Thanks
Rahul
On 24 May 2013 05:45, Matt Caswell wrote:
> On 24 May 2013 03:21, wrote:
>> Can one use HMAC through EVP? If so, can someone point me to an example?
>>
>> It seems that when the OpenSSL module is in FIPS mode, it doesn't like
>> programs using HMAC_*() functions directly:
>>
>> "OpenSSL interna
On 24 May 2013 03:21, wrote:
> Can one use HMAC through EVP? If so, can someone point me to an example?
>
> It seems that when the OpenSSL module is in FIPS mode, it doesn't like
> programs using HMAC_*() functions directly:
>
> "OpenSSL internal error, assertion failed: Low level API call to di
Can one use HMAC through EVP? If so, can someone point me to an example?
It seems that when the OpenSSL module is in FIPS mode, it doesn't like programs
using HMAC_*() functions directly:
"OpenSSL internal error, assertion failed: Low level API call to digest SHA1
forbidden in FIPS mode!"
Tha
got it now… the script I was using was directing it to a different openssl.cnf
than the one I was editing. I obviously moved a copy of the entire directory to
play with a copy and not the real CA.
Thanks all
Craig
On May 23, 2013, at 10:28 AM, Jakob Bohm wrote:
> On 5/23/2013 6:21 PM, Craig W
> From: owner-openssl-us...@openssl.org On Behalf Of Craig White
> Sent: Thursday, 23 May, 2013 15:31
> On May 23, 2013, at 10:28 AM, Jakob Bohm wrote:
> I think you have hit the nail on the head. The
> subjectAltName(s) aren't getting included in requests but are
> being included in certificat
On May 23, 2013, at 10:28 AM, Jakob Bohm wrote:
> On 5/23/2013 6:21 PM, Craig White wrote:
>> hmmm… I guess it may not be there but it's there in the cert that I signed
>> with my CA self which is using the same csr
>>
>> Is there something wrong with the way I am generating them?
>>
>> openss
On 5/23/2013 6:34 PM, Dr. Stephen Henson wrote:
On Thu, May 23, 2013, Phillip Hellewell wrote:
Attached is a really old (circa 2000) file called "ieexcep.cat". Windows
recognizes it as a "Security Catalog Information". It is a weird file
because it is like a mix of a cert chain (.p7b) and a s
On 5/23/2013 6:21 PM, Craig White wrote:
hmmm… I guess it may not be there but it's there in the cert that I signed with
my CA self which is using the same csr
Is there something wrong with the way I am generating them?
openssl req -new -nodes \
-out $CERTPATH/http.csr \
-keyout $CER
On Thu, May 23, 2013 at 10:34 AM, Dr. Stephen Henson wrote:
> This is very rarely encountered in practice. The only time I've ever come
> across it is in Windows authenticode signatures.
Thanks Steve. I think I can make a good argument to my managers that
it's not worth bothering to support it.
Hi William,
Thanks a lot. Found the problem , it was loading another libeay32.dll
which does not have fips. I changed the name of my library now it
finds the symbol.
Thanks again,
-Abhijit
On Thu, May 23, 2013 at 3:22 AM, William A. Rowe Jr.
wrote:
> On Tue, 21 May 2013 16:12:45 +0530
> Abhijit
On Thu, May 23, 2013, Phillip Hellewell wrote:
> Attached is a really old (circa 2000) file called "ieexcep.cat". Windows
> recognizes it as a "Security Catalog Information". It is a weird file
> because it is like a mix of a cert chain (.p7b) and a signature (.p7s).
>
> The d2i_PKCS7_bio() suc
hmmm… I guess it may not be there but it's there in the cert that I signed with
my CA self which is using the same csr
Is there something wrong with the way I am generating them?
openssl req -new -nodes \
-out $CERTPATH/http.csr \
-keyout $CERTPATH/http.key \
-days 3650 \
-config
On 23.05.2013, at 17:41, Craig White wrote:
> openssl req -noout -text -in SOME_FILE.csr
>
> gives me the contents of the CSR but not the subjectAltNames embedded in the
> CSR.
The SAN extension should appear in the Requested Extensions: section of the
output.
--
Stefan H. Holek
ste...@epy.c
On Thu, May 23, 2013 at 06:12:39PM +0200, Erwann Abalea wrote:
> Le 23/05/2013 17:41, Craig White a ?crit :
> >I want to be able to view CSR's with subjectAltName's but I
> >can't figure out any way to make it happen. I have poured over the
> >man pages and googled it to death already.
> >
> >open
Are you sure there's a SAN extension in the displayed CSR?
Dump the entire content with asn1parse.
--
Erwann ABALEA
Le 23/05/2013 17:41, Craig White a écrit :
I want to be able to view CSR's with subjectAltName's but I can't figure out
any way to make it happen. I have poured over the man page
Attached is a really old (circa 2000) file called "ieexcep.cat". Windows
recognizes it as a "Security Catalog Information". It is a weird file
because it is like a mix of a cert chain (.p7b) and a signature (.p7s).
The d2i_PKCS7_bio() succeeds on it, but d2i_CMS_bio() does not. This is
the only
I want to be able to view CSR's with subjectAltName's but I can't figure out
any way to make it happen. I have poured over the man pages and googled it to
death already.
Ubuntu OpenSSL 0.9.8k-7ubuntu8.14 if that matters
openssl req -noout -text -in SOME_FILE.csr
gives me the contents of the CS
On Thu, May 23, 2013 at 5:33 AM, Dr. Stephen Henson wrote:
> On Wed, May 22, 2013, Phillip Hellewell wrote:
>
> > Looking at the implementation of CMS_get0_signers(), it looks like it
> > creates a new stack of X509 that I will have to free.
>
> It's midway between 1 and 0 ;-)
>
> The STACK needs
Thanks! Those functions and the CMS_get0_content() are what I was
missing. Here's what I've got now.
PKCS7Type determine_pkcs7_type(CMS_ContentInfo* cms)
{
int nid = OBJ_obj2nid(CMS_get0_type(cms));
switch( nid ) {
case NID_pkcs7_data:
return P
On Wed, May 22, 2013, Phillip Hellewell wrote:
> Looking at the implementation of CMS_get0_signers(), it looks like it
> creates a new stack of X509 that I will have to free.
>
> Isn't the convention to use a "1" if the return values needs to be freed,
> and "0" if not? So shouldn't this functio
On Wed, May 22, 2013, Phillip Hellewell wrote:
> I'm in the process of refactoring my code to use the new CMS API instead of
> PKCS7.
>
> In my code before I was able to determine the type of pkcs7, and even
> distinguish between a signed data (.p7m), signature (.p7s) and cert chain
> (.p7b), usi
Okay, openssl works, but mod_ssl doesn't.
Is this a real problem?
Instead try hacking mod_ssl code ...
Could I ask for a bug/improvement so that mod_ssl could finally work?
Michele MAsè
On Thu, May 23, 2013 at 1:22 AM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of M
25 matches
Mail list logo
