On 7/18/2013 12:14 PM, Steve Marquess wrote:
On 07/18/2013 12:53 PM, Nou Dadoun wrote:
Just as a short comment, our fips/non-fips usage could probably
satisfy this requirement; we wrap openssl in an external api that
routes through a function pointer table. Then at run-time we can
fill in the f
*Thanks for the quick answer*, actually command line is good as it would be
done in a
child process using a secure vault for password creation that no admin knows
anyway or makes up.
No human is involved is always the best solution. Can't trust those humans.
thanks.
I enclosed the correct code
> From: owner-openssl-us...@openssl.org On Behalf Of Michel, Audrey
> Sent: Thursday, 18 July, 2013 15:24
> Subject: SSL_connect:error in SSLv3 flush data - Certificate
> Verification: Error (20) when setting up replacement server
Aside: the error isn't really in flush-data; it is the server
rej
> From: owner-openssl-us...@openssl.org On Behalf Of redpath
> Sent: Thursday, 18 July, 2013 11:03
> *I found the issue and fixed it but that leads to a question
> of security*
> The error is here. The x509 that I want to check I also provide as the
> issuer
> since it was issued by the same issu
> From: owner-openssl-us...@openssl.org On Behalf Of Anil
> Sent: Thursday, 18 July, 2013 10:51
> Thank you for your reply.
> I used HxD but could not find any occurrence of 0x30 followed by 0x82.
> Anything else to try?
>
openssl asn1parse -inform DER -in mycert.spc
If that gives an error, you
We currently have a Solaris server running apache that serves as a proxy in
front of our glassfish server which we use for web services. We are replacing
both the proxy and glassfish servers so are setting the new servers up in
parallel. The new proxy server already had apache and openssl instal
On 07/18/2013 12:53 PM, Nou Dadoun wrote:
> Just as a short comment, our fips/non-fips usage could probably
> satisfy this requirement; we wrap openssl in an external api that
> routes through a function pointer table. Then at run-time we can
> fill in the function pointers with the fips functions
Hello all, I started using this library a couple of days ago and I'm really
having a hard time trying to get this BN_mod_exp function to work.
So, basically, no matter what base, exponet and modulus I use, the
calculation always returns 1 as result.
Here's a snippet of the code:
/extern EReturnCo
Hey Leonardo,
Thanks, the hints provided by you helped me. I am
finally able to run my code in side network namespace.
On Thu, Jul 18, 2013 at 10:35 AM, Leonardo Laface de Almeida <
leona...@sweda.com.br> wrote:
> Hi, Herat.
>
> ** **
>
> Take a look at fcntl() and se
> Is there a standard to revoke a cert with a request to an OCSP.
Nothing part of OCSP. There are various other standards around (e.g., XKMS
from W3C, KMIP from OASIS) but they're nowhere near as widely used.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
___
Is there a standard to revoke a cert with a request to an OCSP. I know to
check status for an OCSP request works nicely using the OpenSSL API and is
standard RFC6960. I would think not for security issues.
Or is it simply a particular to what OSCP server product you decided to use
and allow admin
Far enough thats good to know. Will use for testing only the OCSP request
construction
and return information parsing.
--
View this message in context:
http://openssl.6102.n7.nabble.com/OSCP-server-does-not-update-status-tp45877p45880.html
Sent from the OpenSSL - User mailing list archive at
Just as a short comment, our fips/non-fips usage could probably satisfy this
requirement; we wrap openssl in an external api that routes through a function
pointer table. Then at run-time we can fill in the function pointers with the
fips functions or the non-fips functions depending on which m
Hi there,
One thing that, I think, the OCSP man page makes very clear is that the OCSP
server implementation is to be used for testing only, and not to be used for
any sort of "real-life" scenario. To get real-time updating based on changes in
the index.txt file from the CA, you'd have to write
I am testing some simple scenarios for the OSCP server.
I have to stop and start the Server to know I revoked a cert.
Here is my scenario.
*I start the OSCP server*
ocsp -index ./demoCA/index.txt -port 8082 -rsigner authocspsign.crt -rkey
ocspsign.key -CA ./demoCA/cacert.pem -text
*I check a
I am trying to build a DLL that includes the OpenSSL FIPS Object Module, and
then load that DLL from my application. This is on Windows 7 64-bit using
Microsoft Visual Studio v10. The DLL is built successfully and my application
can load it, but when I call the FIPS_mode_set(1) function, the sel
* Leo Leo [2013-07-17 13:57]:
> I haven't understood exactly the reason of this callback and I'd like to
> know if it's for what I need.
The purpose of this callback is to provide OpenSSL with the PSK identity
and the pre-shared key to use.
> could you explain how to use the parameters?
The man
*I found the issue and fixed it but that leads to a question of security*
The error is here. The x509 that I want to check I also provide as the
issuer
since it was issued by the same issuer.
x <== is the X509 loaded
req->url = url;
req->cert = x;
req->issuer = x;
but instead
Thank you for your reply.
I used HxD but could not find any occurrence of 0x30 followed by 0x82.
Anything else to try?
- Original Message -
From: Dr. Stephen Henson
To: openssl-users@openssl.org
Cc:
Sent: Wednesday, July 17, 2013 3:14 PM
Subject: Re: error "unable to load PKCS7 object.
Hi, Herat.
Take a look at fcntl() and setsockopt() functions. You may set the socket to
nonblocking using them.
I've also got blocking state using select() function, even setting it for
unblocking before. I solved incrementing timeout.
Leonardo
De: owner-openssl-us...@openssl.org [m
Yes this does work good
openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1000 -text -url
http://127.0.0.1:8082
and returns the good though there is a verify failure.
Response Verify Failure
140735283018172:error:27069065:OCSP routines:OCSP_basic_verify:certificate
verify error:ocsp_vfy.c:126:
Hello all,
I am developing an application using OpenSSL library. I am new
to OpenSSL library. My application was working correctly until I tested it
within network namespace. My application hangs at SSL_Connect. I am using
sockets in the blocking mode. I read somewhere that I should use
On Thu, Jul 18, 2013, redpath wrote:
>
> I then run this command
>
> *openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1000 -text *
> OCSP Request Data:
> Version: 1 (0x0)
> Requestor List:
> Certificate ID:
> Hash Algorithm: sha1
> Issuer Name Hash: *D56D194
On Thu, Jul 18, 2013, redpath wrote:
> *To recap I cleaned all the directories to assure nothing is wrong in them.*
> *I still get a unknown response.*
> These commands were run from a directory and produced the following output
> to setup the OpenSSL OCSP Server
>
> *The output of the server is*
*To recap I cleaned all the directories to assure nothing is wrong in them.*
*I still get a unknown response.*
These commands were run from a directory and produced the following output
to setup the OpenSSL OCSP Server
*rm -R demoCA
mkdir demoCA
mkdir demoCA/newcerts
mkdir demoCA/private
cd demoCA
25 matches
Mail list logo
