Hello everyone,
I am working with a VPN server and using openssl APIs to handle SSL on
Linux machine.
My server work fine with single client but it shows the segmentation
fault when i test it
with multiple clients.
**Which OS? Which thread library? pthread/Solaris thread/Win Thread etc?
If t
PROTECTED] Behalf Of Ger Hobbelt
Sent: Thursday, August 14, 2008 8:33 PM
To: openssl-users@openssl.org
Subject: Re: EVP_CipherInit_ex because cipher->do_cipher is NULL
On Thu, Aug 14, 2008 at 3:30 PM, Ambarish Mitra
<[EMAIL PROTECTED]> wrote:
>
> AM: Either the corrup
Hi Ger,
Thanks for your detailed response. My counter-responses are inlined.
Response below:
On Tue, Aug 12, 2008 at 7:27 AM, Ambarish Mitra
<[EMAIL PROTECTED]> wrote:
> The output was:
> 933945:error:0607C084:lib(6):func(124):reason(132):evp_enc.c:523:
> 933945:error:0607B086:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ger Hobbelt
Sent: Friday, August 08, 2008 3:54 PM
To: openssl-users@openssl.org
Subject: Re: EVP_CipherInit_ex because cipher->do_cipher is NULL
On Thu, Aug 7, 2008 at 8:13 AM, Ambarish Mitra
<
Hello All,
Am trying to compile openssl 0.9.8h version. I am getting following errors
during compilation.
C:\Apache_2.2.9\httpd-2.2.9\srclib\openssl>nmake -f ms\ntdll.mak
Microsoft (R) Program Maintenance Utility Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved
Hi all,
I am using the EVP API for encryption and decryption (Code snippet below).
The encrypion works fine, but the decryption fails in EVP_CipherInit_ex.
Both the codes are identical except that the said function uses 1 as the
last argument for encryption and 0 for decryption.
I am on Redhat Li
Given the coredump stack trace you provide, it looks like
ctx->cipher->do_cipher == NULL, while it should be a valid pointer to
a cypher-specific en/decrypt function (see evp_cipher_st typedef in
evp.h).
Please check with assert() or debugger if this member != NULL before
entering the decrypt fu
Hi all,
Platform: Redhat Linux Advanced Server 4.0
Compiler: g++ 3.3.2 (C++ compiler used)
Linkage: openssl libraries statically linked with the application program.
Version: OpenSSL 0.9.7a Feb 19 2003 (I tried with a recent version of
openssl, but same result).
I am trying out the EVP API fu
vinni rathore a écrit :
>
> hi,
>
> i am stuck with the error "Unable to get local issuer certificate" and
> then "SSL3_GET_CLIENT_CERTIFICATE: peer certificate not return".
>
> I have created my own certificates using Openssl.exe . I have created
> CACert.pem which is self signed CA certificate
Replies inlined. Pls correct me if wrong.
Hey all,
I've been trying to put together a simple secure pop3 client (just login
and check number of available messages) to test out the openSSL library
but I can't seem to find any good tutorials or examples that really
explains what's going on with ce
Hi,
I facing on problem with openssl-0.9.8e. In my case HMAC is not calculated
correctly with MD5 protocol. It is working fine with SH1 protocol
-- Did you want to mean SHA1? Kindly paste a minimal code snippet here, along
with your expected and observed result. You hv not given enough info
I'm trying to read a password from console in a C program and I want
prevent the entered password from actually appearing on the console,
just the way it happens with e.g. system passwords. How to realize that?
-- If on *NIX systems, use "getpass" function call. I think this will work.
Ambarish Mitra wrote:
> Hi Jimmy, Thanks for your response. Kindly find my thoughts inlined..
>
>> Question:
>> So, the question is: How can we generate a key for Triple DES encryption and
>> write out the same in a file?
>>
>
> Simple answer for 'how to
Hi Jimmy, Thanks for your response. Kindly find my thoughts inlined..
> Question:
> So, the question is: How can we generate a key for Triple DES encryption and
> write out the same in a file?
>
Simple answer for 'how to generate a key for a symmetric cipher' is 'use
a pseudo-random generator' to
Hi all,
Background:
My application reads an encrpyted-base64 password from a config file and
decrypts the same inside the application. The password is encryped using
Triple-DES algorithm.
To encrypt and base64 the actual password, a stand-alone utility is
provided. We run this utility, and then c
ng ErrCode = ERR_get_error();
char ErrBuf[120];
ERR_error_string(ErrCode, ErrBuf);
fprintf(stderr, "Error: [%s]\n", ErrBuf); // output -
Error: [error:1A09400E:SSLCERT routines:STORE_NEW:not supported]
return -1;
}
..
Thanks, Ambarish Mitra.
// T
// This mail will go with a forcefully attached disclaimer. Please ignore
the same. I know that this message will be archived.
Hi all,
I am using triple-DES to encrypt and decrypt a string. The openssl function
that I call is: des_ede3_cbc_encrypt. I set an IV, and 3 keys for this
purpose. I have
How to know it is .pem or der format filePEM files are base-64 encoded, and
they have a BEGIN CERTIFICATE and -END CERTIFICATE- kind of
header and footer. On the other hand, DER format are like binary files.
If you are able to open the files in an editor, and if the header and foot
pls do not write "reply me as soon as possible...because i am stuked at that
point." it is impolite to do so in an online mailing list. this is not a
paid support.
yes, the cert and the corresponding private key can both exist in the same
file. Some libraries may explicitly want that to happen. Th
Hi,
I am trying to load certificate file in this function but it gives error.
SSL_CTX_use_PrivateKey_file
-- using this function, you have to load a private key, not a certificate.
In particular, what are the arguments to this function?
DISCLAIMER
==
This e-mail may contain
You can do something like this: (assuming the cert is a variable -- if the
cert is a file in the filesystem, some modificatins is needed)
#include ...
int main(int argc, char **argv)
{
X509* pCert;
char* str;
int ret;
char clientCertificate[] = "-BEGIN CERTIFICATE-
Hi all,
Is there some API functions to base64 encode and decode strings?
I saw that "base64" command is supported in openssl, (openssl base64
[options]), but I could not find any functions that I can call in my C, C++
application programs. Please guide.
Best regards,
Ambarish.
_
Hi all,
I have written an application using libcurl and openssl under RH linux, and
I believe I have done everything to make it correct and followed all
documentation of CURL with examples. However, the application segfaults
inside the openssl library. The stack trace:
#0 0x081ab737 in SSL_set_ss
On Wed, Oct 25, 2006, Goetz Babin-Ebell wrote:
>
> Vincenzo Sciarra schrieb:
> > Hi,
> Hello Vincenzo,
>
> > just check if issuer and holder are the same!
>
> or do it the correct way:
>
> openssl verify -CAfile self_signed_cert.pem self_signed_cert.pem
>
> should return:
>
> self_signed_cert.pe
Of Kaushal Shriyan
Sent: Wednesday, October 25, 2006 12:53 PM
To: openssl-users@openssl.org
Subject: Re: How to check if the certificate is self signed
On 10/25/06, Ambarish Mitra <[EMAIL PROTECTED]> wrote:
> If the subject and issuer are the same, then the cert is self-signed.
>
>
If the subject and issuer are the same, then the cert is self-signed.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bhat, Jayalakshmi
Manjunath
Sent: Wednesday, October 25, 2006 12:45 PM
To: openssl-users@openssl.org
Subject: How to check if the certificate
the
required openssl commands, which bring success on your machine.
That would be very kind of you!
Many thanks in advanced!
Regards,
Felix Joussein
Ambarish Mitra schrieb:
> "Unknown key spec: Invalid RSA modulus size" from JVM is due to outdated
JVM
> version.
"Unknown key spec: Invalid RSA modulus size" from JVM is due to outdated JVM
version. JVM should be 1.4 or upwards.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Felix Joussein
Sent: Wednesday, October 04, 2006 2:56 AM
To: openssl-users@openssl.org
Subject
Hi all,
I have one single file which has both the private key and the certificate
concatenated. It is shown below (edited for clarity). My question is: Can I
break this into 2 different files - one with the private key and the other
with the certificate? If no, is there a way to achieve what I am
Hi,
Explore www.opensslbook.com
Also, buy (or somehow grab) a copy of the book: "Network Security with
OpenSSL" by John Viega, Matt Messier, and Pravir Chandra. This book has a
very good treatment of openssl.
I also believe, from the openssl site, you should 'Read The Fine Manual'
[:-)] and you
Yes, giving an absolute path to SSL_use_certificate_file will work. If you are
on windows, then you should escape the \ which will be present in the path -
thats all.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bu Bacoo
Sent: Monday, August 21, 2006 3
>#include
>#include "openssl/bio.h"
>int main ()
>{
>BIO *bio_out;
>bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
>BIO_printf(bio_out, "Hello World\n");
>
>getchar();
>
>return(0);
>}
>The code was compiled successfully.
>When the code went to "BIO_printf(bio_out, "Hello World
> Please be kind to me.
--
There is no fear. All were newbies at some point in their careers, and all have
made mistakes, met with failures and become experts.
This
should work. It works for me. Perhaps, you shold check the return from
BIO_new_fp like (if bio_out == NULL) return 1; - this wi
1. How is the IV handled in (AES) encryption?
--Actually, in AES in CBC mode, the ciphertext is dependent on the already
computed ciphertext block. That is, CT for block k is dependent on CT of
block k-1 and plain text for block k. (How it is dependent is a complex
maths). But how do you know the
openssl pkcs12 - see the help.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Leandro Gustavo
Biss Becker
Sent: Wednesday, July 12, 2006 5:23 PM
To: openssl-users@openssl.org
Subject: RES: Exporting PEM certificates to import in MS Internet
Explorer
But
> One thing I do not get is: "Each thread has it's own SSL context ".
Yes I setup the SSL_CTX in each thread. I have also taken it out of the
threads into main() creating one global context BUT this gives the same
error.
- Even if it gives the same error, I think you should persue the route of
cr
Some days back, we had a riot on "select" call usage. You may revisit those
posts to see if it is helpful.
One thing I do not get is: "Each thread has it's own SSL context ".
I also had a mult-threaded application, and for the entire process, there
was only one context created with SSL_CTX_new. T
Not a openssl question as such, but ppl will help.
The basic confusion is about "encryption" and "digital signature". These are
2 different aspects: encryption helps to obscure data so that it can not be
understood by an evasdropper (privacy), whereas digital signature helps in
non-repurdiation an
Hi all,
A question on licensing issue: For using openssl libraries for commercial
applications, is there any licensing issues? Do we have to attach any
license for the same?
AM.
__
OpenSSL Project
essage, or rehash and check the msg digest i.e
the sha/md5 signature.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ambarish Mitra
Sent: Thursday, April 27, 2006 5:16 PM
To: openssl-users@openssl.org
Subject: RE: Question on PEM_read_RSA_PUBKEY
David,
Th
David,
Thanks a lot. This worked. Next logical question is: using this public key,
how do I decrypt a signed message? This signed message was signed by the
corresponding private key, and naturally, my application does not have that.
My application has the cert, and this signed message. How to ver
Hi all,
How to extract the public key from the certificate?
I have a question on the function: PEM_read_RSA_PUBKEY and
PEM_read_bio_RSA_PUBKEY.
The argument to these function is FILE *fp and BIO *bp respectively.
Does this argument contain a X509 certificate? This I ask, since the public
key is
Hi all,
My application will receive some piece of data signed with a private key of
a user. I have the certificate of this user.
When that data comes, how do I decrypt the signature with the public key
(contained in the certificate - right?)? What functions to call?
Regards,
Ambarish.
This is a strange question. You need the applications for a variety of
reasons: for generating keypairs, for signing csr's, to display the
certificate from a base64 encoded stream, etc etc.
Instead of such a vague question, if you tell us exactly what your
requirement is, the group can help bette
This worked..Thanks a million. :-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Allan E. Johannesen
Sent: Monday, April 24, 2006 6:32 PM
To: openssl-users@openssl.org
Subject: Random Number Generation in openssl
>>>>> "ambarish_mitr
Hi
all,
I am
trying to generate random numbers using openssl. I am not using the ENGINE API,
but using only the rand functions.
Code
snippet:
int main(int argc, char
*argv[]){ RAND_METHOD
*rmeth; int
r; unsigned char
buf[16];
rmeth =
RAND_SSLeay();
Yes, the JVM has a keystore for all the trusted certificates, the path is
jre/lib/security/cacerts.
This file has all the trusted root CA certs. Please import the CA cert in
here, and it should work.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Severine
There
is no need to create a new makefile at all. If your build was successful, you
will have the openssl executable(s) present already. You can use the command
line for testing:
openssl ca
openssl crl
openssl pkcs12
etc
-Original Message-From:
[EMAIL PROTECTED] [mailto:
x509
ca - all CA management utilities
x509
crl - all CRL management utilities.
etc.
The
documentation is there in the site. If you have any specific questions, do let
us know and we shall try to help you.
"How to create exe for
X509?" - There is no need to 'create'. Once you
succ
See the certificate subject (owner) and issuer: For a CA, these 2 fields
will be same. For server cert, the issuer field will contain the DN of the
signing authority - this CA, or any intermediate CA.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Stuart Ha
, March 01, 2006 6:02 PM
To: Ambarish Mitra
Cc: openssl-users@openssl.org
Subject: Re: Extract Issuer / Subject from X509 certificate
On Wed, Mar 01, 2006 at 05:38:36PM +0530, Ambarish Mitra wrote:
>Given such an input, I have to extract the subject and the issuer (and
>possibly se
Dear
all,
I have
an application, which reads a presented certificate in stream. For example,
the following is the input:
-BEGIN CERTIFICATE-MIIFUjCC. .. .. .Fk71GQ==-END
CERTIFICATE-
Given
such an input, I have to extract the subject and the issuer (and possibly se
Your stack trace points to a release version of MS libraries. Please ensure
that you run the release version of your program.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Matthias
Sent: Wednesday, February 15, 2006 4:24 PM
To: openssl-users@openssl.org
Su
of ssl.
-Original Message-----
From: Ambarish Mitra [mailto:[EMAIL PROTECTED]
Sent: Friday, February 03, 2006 1:27 AM
To: openssl-users@openssl.org
Subject: Question on SSL_connect
On SSL_connect, the openssl documentation mentions that: "initiate the
TLS/SSL handshake with an TLS/SSL server
Urjit,
To answer your 2nd question, just immediately after SSL_accept and
SSL_connect on the server and client side respectively, you can use the
functions:
SSL_get_cipher (ssl), SSL_get_cipher_version (ssl)
These will give you the cipher and SSL version. A sample output can be:
SSL connection c
Use: SSL_get_error(ssl, err);
This will give you more information on SSL_connect failure.
err = SSL_connect (ssl);
if (err <=0)
{
int errcode = SSL_get_error(ssl, err);
switch(errcode)
{
case SSL_ERROR_NONE: break;// Cannot happen if err <=0
case SSL_ER
Hi,
I need a sample (and basic) SSL client server application code, where the
server is implemented as a Java program, and the client is implemented as a
C or C++ program using openssl libraries.
The Java program can use a keystore in JKS format, while the C program can
use the certs generated by
This is the SSL protocol itself.
http://wp.netscape.com/eng/ssl3/traces/trc-clnt-us.html#ClientHello1
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of jimmy
Sent: Monday, February 06, 2006 10:47 PM
To: openssl-users@openssl.org
Subject: reagrding extended
On SSL_connect, the openssl documentation mentions that: "initiate the
TLS/SSL handshake with an TLS/SSL server"
I have created the client cert and loaded into the context with
"SSL_CTX_use_certificate_file" and the corresponding private key with
"SSL_CTX_use_PrivateKey_file". This association wor
ific
OIDs/extensions to be in the client certificate for it to be
recognized as such?
Do your certificates have 'version=3' properly encoded?
-Kyle H
On 1/31/06, Ambarish Mitra <[EMAIL PROTECTED]> wrote:
>
>
> Samy,
>
> Thanks for your reply. On the server si
Samy,
Thanks for your reply. On the server side (Java), I have
explictly set client authentication to true.
ks.load(new
FileInputStream(KEYSTORE_FILE), passphrase);
kmf.init(ks,
passphrase);ctx.init(kmf.getKeyManagers(), null, null);ssf =
ctx.getServerSocketFacto
Dear all,
Using openssl (openssl 0.9.7), I have set up a CA and this CA has issued 2
certs - one for client and the other for the server. I have checked that
these certificates are ok.
I am attempting to write a SSL client-server program.
SSL Server:- Java. It has a keystore, which contains the
This is possibly because of freeing the SSL CTX object. The CTX holds
several information about the environment, ciphers and freeing it and then
creating it may not initialize the CTX correctly.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Nadav Golombic
I am getting the following error while calling SSL_CTX_new (meth); where
SSL_METHOD * meth; The same code is working on Windows. I am on openssl
0.9.8 on both the platforms.
[error:1A09400E:SSLCERT routines:STORE_NEW:not supported]
SSL_METHOD *meth;
#if defined(_WIN32)
WORD wVersionRequested;
WS
64 matches
Mail list logo
