Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool

2015-10-26 Thread Jakob Bohm
On 27/10/2015 03:42, Viktor Dukhovni wrote: On Tue, Oct 27, 2015 at 02:21:13AM +0100, Jakob Bohm wrote: More specifically, the issue is that the currently recommended command "openssl pkey", allegedly silently omits the encryption when told not to Base64 encode the encrypted key. I agree this

Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool

2015-10-26 Thread Viktor Dukhovni
On Tue, Oct 27, 2015 at 02:21:13AM +0100, Jakob Bohm wrote: > More specifically, the issue is that the currently > recommended command "openssl pkey", allegedly silently > omits the encryption when told not to Base64 encode the > encrypted key. I agree this is a bug, and needs to be fixed. A fat

Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool

2015-10-26 Thread Jakob Bohm
On 26/10/2015 14:02, Viktor Dukhovni wrote: On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote: I believe it might be usefull to remind in the documentation that the -cipher argment for openssl pkey command line tool is silently ignore when combined with -outform DER. May be it is worth to

[openssl-users] OCSP_sendreq_bio()

2015-10-26 Thread rosect190
Hi, I need some help on this call. I am building an OCSP client following guide in openssl and compile the code in Cygwin environment. My openssl version is 1.0.1h. With HTTP based OCSP, the code works fine. But, with HTTPs, the code gets stuck at the call to OCSP_sendreq_bio(). Further debugging

[openssl-users] 'FIPS_CIPHERINIT:disabled' in fips mode error in 1.0.1e

2015-10-26 Thread jonetsu
In 1.0.1e the following is observed when using OpenSSL in FIPS mode:  % OPENSSL_FIPS=1 openssl pkcs12 -export -in  /tmp/ipsec.d/certs/192.168.11.1 -inkey  /tmp/ipsec.d/private/192.168.11.1 -name 192.168.11.1 -out  /tmp/ipsec.d/192.168.11.1.p12 -password pass:""  3067167952:error:060A60A3:digit

[openssl-users] Blocking SSL_write possibly buffering?

2015-10-26 Thread Emil Dotchevski
Greetings, I am using OpenSSL in *blocking* mode, with SSL_MODE_AUTO_RETRY set. I have this situation: Peer 1 (server): SSL_write 16K bytes --> success SSL_write N bytes, N<16K --> success SSL_read (correctly hangs waiting for data) Peer 2 (client): SSL_read 16K+N bytes --> hangs That is, Peer

Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool

2015-10-26 Thread Viktor Dukhovni
On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote: > I believe it might be usefull to remind in the documentation that the > -cipher argment for openssl pkey command line tool is silently ignore when > combined with -outform DER. > > May be it is worth to add a warning too ? I think a fata

[openssl-users] suggested enhancement documentation or warning for pkey command line tool

2015-10-26 Thread Michel
Hi, I believe it might be usefull to remind in the documentation that the -cipher argment for openssl pkey command line tool is silently ignore when combined with -outform DER. May be it is worth to add a warning too ? ___ openssl-users mailing list