Re: [openssl-users] NULL EVP_PKEY

2015-04-20 Thread Salz, Rich
> I am having a problem reading a password protected private key file (.pem) > using the OpenSSL library (programmatically). Can you read it using the openssl command-line tool? -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz __

[openssl-users] NULL EVP_PKEY

2015-04-20 Thread Vollaro, John
I am having a problem reading a password protected private key file (.pem) using the OpenSSL library (programmatically). I just get a NULL key returned. I am using the OpenSSL 1.0.2a 19 Mar 2015 library in a Windows environment. The code snippet as follows: char *pemFileName = "C:\\Work\\mypemfi

Re: [openssl-users] BIO_new_dgram() called in apps/s_server.c

2015-04-20 Thread Scott Neugroschl
Correction to subject, it's s_server.c My typo. -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Scott Neugroschl Sent: Monday, April 20, 2015 11:32 AM To: openssl-us...@mta.opensslfoundation.net Subject: [openssl-users] BIO_new_dgram() calle

[openssl-users] BIO_new_dgram() called in apps/s_server.h

2015-04-20 Thread Scott Neugroschl
I am building OpenSSL 1.0.2a with no-dgram and no-dtls1. When I do so, I get a linker error that BIO_new_dgram() is undefined. The following appears to fix the issue: cut here --- s_server.c.orig 2015-03-19 17:17:53 -0700 +++ s_server.c 2015-04-20 11:27:30 -0700 @@ -2183,6 +2183,7

Re: [openssl-users] Peer closing connection with a FIN without first sending a close_notify

2015-04-20 Thread Viktor Dukhovni
On Mon, Apr 20, 2015 at 03:03:37PM +, Jason Schultz wrote: > We am seeing the following situation and are not quite sure the proper > way to handle it, so I thought I'd solicit the mailing list. Our application > is an FTP server using OpenSSL. The peer is a non-OpenSSL FTP client in > active

Re: [openssl-users] CMS_encrypt with ECDH key

2015-04-20 Thread Dr. Stephen Henson
On Sat, Apr 18, 2015, Q Rius wrote: > I'm trying to implement CMS encrypt using ECDH keys. Ref openssl CMS with > ECDH EnvelopedData > > The command line works flawlessly but my program is giving an error - > > Erro

Re: [openssl-users] How to add CT Precertificate SCTs to a server certificate?

2015-04-20 Thread Salz, Rich
> https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY- > EXTENSIONS Oops. I on ly looked at asn1_generate. Should there be a cross-link? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to add CT Precertificate SCTs to a server certificate?

2015-04-20 Thread Dr. Stephen Henson
On Mon, Apr 20, 2015, Salz, Rich wrote: > > > A patch to let you specify the DER directly would be useful. > > > > No patch required: > > Looks like a doc bug then. Err... https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY-EXTENSIONS Steve. -- Dr Stephen N. Henson. OpenSSL project

Re: [openssl-users] How to add CT Precertificate SCTs to a server certificate?

2015-04-20 Thread Salz, Rich
> > A patch to let you specify the DER directly would be useful. > > No patch required: Looks like a doc bug then. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to add CT Precertificate SCTs to a server certificate?

2015-04-20 Thread Dr. Stephen Henson
On Mon, Apr 20, 2015, Salz, Rich wrote: > > How do we use `openssl req` and a CONF file to add the information > > (assuming we already have the certified timestamps)? > > Ouch, that's gonna be nasty. Look at ASN1_generate_nconf.pod Most likely > have to use the SEQUENCE type, recursively. Ou

Re: [openssl-users] How to add CT Precertificate SCTs to a server certificate?

2015-04-20 Thread Viktor Dukhovni
On Mon, Apr 20, 2015 at 01:57:47PM +, Salz, Rich wrote: > > How do we use `openssl req` and a CONF file to add the information > > (assuming we already have the certified timestamps)? > > Ouch, that's gonna be nasty. Look at ASN1_generate_nconf.pod Most likely > have to use the SEQUENCE ty

Re: [openssl-users] CTX_free crash

2015-04-20 Thread dE
On 04/20/15 00:10, Salz, Rich wrote: Sometimes, the program crashes when doing an SSL_CTX_free; before the crash, ctx is an invalid pointer, that's why I can get a valid value from SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem. You mean it's a VALID pointer? We'll need a mo

[openssl-users] Peer closing connection with a FIN without first sending a close_notify

2015-04-20 Thread Jason Schultz
Greetings. We am seeing the following situation and are not quite sure the proper way to handle it, so I thought I'd solicit the mailing list. Our application is an FTP server using OpenSSL. The peer is a non-OpenSSL FTP client in active mode. The problem comes in with how the FTP client handles

Re: [openssl-users] How to add CT Precertificate SCTs to a server certificate?

2015-04-20 Thread Salz, Rich
> How do we use `openssl req` and a CONF file to add the information > (assuming we already have the certified timestamps)? Ouch, that's gonna be nasty. Look at ASN1_generate_nconf.pod Most likely have to use the SEQUENCE type, recursively. Ouch indeed. A patch to let you specify the DER dire

[openssl-users] access to ecdh_method and ecdsa_method structure definitions

2015-04-20 Thread Thulasi Goriparthi
Hi all, What is the reason behind keeping ecdh_method and ecdsa_method structure definitions in local header files ech_locl.h and ecs_locl.h respectively unlike their peers.. dh_method, dsa_method, rsa_meth_st and rand_meth_st which are defined in exported header files? Thanks, Thulasi. _