Must be SPARC-specific, all tests pass on my x86/x64 Solaris 11.4 using latest
GCC (11.2)
>-- Original Message --
>
>What Ben suggests is a great start.
>
>Note that none of the core developers have Solaris access, so that
>debugging could be problematic.
>
>
>Pauli
>
>
>On 12/9/21 1:39 pm, Benj
Thanks for the clarification.
If resolution found, would you want me to report that here?
I'm off to the Node Team.
Thanks,
Erik
Original Message
From: Viktor Dukhovni
Sent: Mon Jun 03 15:25:35 PDT 2019
To: openssl-users@openssl.org
Subject: Re: osf-contact Strikin
and it is calling openssl function:
SSL_CTX_set_client_cert_engine (SSL_CTX *ctx, ENGINE *e)
am I wrong that there should be a second argument passed from Node to
Openssl?
Really appreciate all your support
On 6/3/19 12:58 PM, Viktor Dukhovni wrote:
On Mon, Jun 03, 2019 at 12:54:46PM -0700, E
any thoughts here?
On 6/3/19 10:03 AM, Erik Madsen wrote:
Is there any possibility of setting second argument here from config?
SSL_CTX_set_client_cert_engine (SSL_CTX * ctx, ENGINE * )
I think at this point it's a Node issue not allowing for an engine to
be used for the key...I know
is no PEM formatted key.
One would think if cURL and s_client can work, NodeJs should also...
It will probably end up being something silly :O
Thanks,
Erik
Original Message
From: Viktor Dukhovni
Sent: Mon Jun 03 09:40:15 PDT 2019
To: openssl-users@openssl.org
Subj
02 19:14:29 PDT 2019
To: "openssl-users@openssl.org"
Subject: Re: -keyform ENG and NodeJS
> On Jun 2, 2019, at 9:47 PM, Erik Madsen wrote:
>
> It is TLS and we want Root Of Trust from a non exportable, non readable
> Private key on the Hardware Security Module.
>
enssl-users@openssl.org
Subject: Re: -keyform ENG and NodeJS
On Sun, Jun 02, 2019 at 05:49:10PM -0700, Erik Madsen wrote:
> I am using a Hardware Security Module. Both s_client and cURL work fine
> due to we can use the CLI "-keyform ENG" for s_client and "--key-type
&g
I am using a Hardware Security Module. Both s_client and cURL work fine
due to we can use the CLI "-keyform ENG" for s_client and "--key-type
ENG" for curl
Is it possible to specify this in the openssl.cnf file instead of the CLI?
For testing this, the following works:
openssl s_client -conn
>-- Original Message --
>
>
>>-- Original Message --
>>
>>On Tue, Apr 30, 2019 at 03:23:23PM -0700, Erik Forsberg wrote:
>>
>>> >Is the handshake explicit, or does the application just call
>>> >SSL_read(), with OpenSSL performing the hand
>-- Original Message --
>
>On Tue, Apr 30, 2019 at 03:23:23PM -0700, Erik Forsberg wrote:
>
>> >Is the handshake explicit, or does the application just call
>> >SSL_read(), with OpenSSL performing the handshake as needed?
>>
>> I occasionally (somewhat
I can add some of my own observations to this below ...
>> I haven't looked at the code, but my impression is that WANT_READ and
>> WANT_WRITE are returned in two cases: when OpenSSL has received or sent a
>> partial record and needs to complete it; or when the TLS state is such that
>> OpenSSL
I see this is Solaris 10, dont use that anywhere anymore.
But in Solaris 11, its fine. From ld(1)
-M mapfile
Reads mapfile as a text file of directives to the link-editor. This
option can be specified multiple times. If mapfile is a directory,
then all regular
hmm, been reading this whole thread.
I dont have any current issues building with Sun Studio 12.6 in 2011 mode (but
I only do Intel x86 and x86_64)
However, I do have a preference for using gcc for openssl builds though.
Do note however, that in my opinion, for Solaris, one MUST do the -R linker
There are missing comma's in ssl/t1_trce.c that causes compilation to fail.
You have to configure with enable-ssl-trace to see it though.
gcc -I. -Iinclude -I../src -I../src/include -fPIC -std=gnu90 -march=core2
-Wall -O3 -fomit-frame-pointer -pthread -DFILIO_H -DDSO_DLFCN -DHAVE_DLFCN_H
-DOP
>-- Original Message --
>
> As for -lm, which symbol was undefined?
>
Undefined first referenced
symbol in file
fabs test/ct_test.o
>>>
>>> ??? One can only wonder where does it come from
>-- Original Message --
>
>>> As for -lm, which symbol was undefined?
>>>
>>
>> Undefined first referenced
>> symbol in file
>> fabs test/ct_test.o
>
>??? One can only wonder where does it come from. I see no fabs a
as that is the ONLY -lm reference and the fact its in test code, why not
simply avoid using fabs(), that is so trivial here ?
if (value < 0)
value = -value;
>-- Original Message --
>
>On 24/02/18 04:47 AM, Andy Polyakov wrote:
>>> So testsuite is running but this is a non-optimal debug build
>-- Original Message --
>
>On 20/02/18 12:47 PM, Norm Green wrote:
>> On 2/20/2018 5:43 AM, Michael Wojcik wrote:
>>> Not by default. The comments in /usr/include/sys/feature_tests.h (on a
>>> Solaris system) explain this in excruciating detail, but in short you
>>> need either -DPOSIX_C_SOURCE=
Havent seen any.
>-- Original Message --
>
>Over the last many months, I have received a constant flow of
>"newsletters" from databreachtoday.com to my OpenSSL posting
>address.
>
>I am wondering if this is specific to me, or if they are
>sending to most other subscribers too.
>
>Enjoy
>
>Jakob
>-
On 10/05/15 17:37, Erik Leunissen wrote:
Hi all,
The openssl gendsa command supports passphrase protected generation of
dsa keys.
I'm doing the dsa parameter and key generation, using the C API, using
DSA_generate_parameters(), DSA_generate_key() and DSA_print_fp()
Now, I'd lik
rface.
Thanks in advance,
Erik Leunissen.
--
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Not sure what platform the other person is using, but, for the record
the soname 1.0.0 causes big problems on Solaris 11 and up. Solaris 11
ships an OpenSSL 1.0.0 version in standard library locations, if anyone just
builds
anything higher than that, and do NOT modify build to add -R runtime
load
On 12/01/15 22:57, Erik Leunissen wrote:
Hi,
Does the OpenSSL C library have a function that returns the OpenSSL
version?
Never mind. I found it just after sending this post.
#include
const char *SSLeay_version(int type);
Erik.
Thanks in advance for your help,
Erik Leunissen
Hi,
Does the OpenSSL C library have a function that returns the OpenSSL version?
Thanks in advance for your help,
Erik Leunissen.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Starting a few days ago, www.openssl.org when clicking on the
Source tab, then selecting the GitWeb tab, redirects you to
git.openssl.org (probably ok ? ) but that page returns the
OpenSSL home page (same as www.openssl.org) so no web git access.
DNS issues perhaps ?
__
That triggers my memory. I saw this too a long time ago, if I recall correctly,
if you get a TLSv1.2 connection, its still logged as SSLv3 (there is lack of
printable enums in the OpenSSL code. I looked at my negotiation with wireshark
and saw that I got TLSv1.2 despite what the debug trace said.
ferent logical level?
Thanks in advance for any clarification,
Erik Leunissen
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Au
compliance.
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of mclellan, dave
Sent: Tuesday, November 13, 2012 4:26 PM
To: openssl-users@openssl.org
Subject: OpenSSL/FIPS Obj
Eh, I had it right all along, but when I dumped it via x509 later it showed a
strange OID; seems the directory I was in had an old 0.0.8e OpenSSL.exe...
*face palm*
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner
ds to be set into the X509 somehow?
In the sig_alg member? How is this done (the ASN1 macro stuff makes it hard
to decode)? I see a X509_get_signature_type(), but no corresponding _set_
method.
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Ori
What if the server has an ECDH certificate? Would that then be the appropriate
set of suites?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf
I think Steve posted a while back that those ciphers require special handling
and do not work with the enc command yet.
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of
#x27;t the assumption be that you are
now on the leading edge of the compatibility issue and are using a 1.0.1
binary?
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openss
broke the previous behaviour that
allowed this as well, though we can't tell if it's the s_client app or the
OpenSSL cert store functionality that changed this.
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mai
already be using OpenSSL.
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of John A. Wallace
Sent: Tuesday, September 11, 2012 12:36 PM
To: openssl-users@openssl.org
Subject: ope
make sure you are setting those options on
the SSL_CTX before you create an SSL session from that context.
Erik
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of
7;m trying to figure out is how to tell OpenSSL that the client agrees to
use this version, whereas now it generates a fatal alert. I cannot use an
SSLv2 handshake, as this is inside EAP-TLS.
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Origin
.
Erik Tkal
Juniper OAC/UAC/Pulse Development
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
I don't believe OpenSSL has any mechanism to directly calculate P and Q; this
requires an iterative process. Once you have those, however, calculating the
rest are simple calculations using the BN library.
Erik Tkal
Juniper OAC/UAC/Pulse Develo
Hi Steve,
Thanks, that certainly corrected it. I guess I'm perplexed as to why using
ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
would not automatically set that flag since I'm explicitly giving the curve
name already?
Than
DVQQG
EwJVU4IDANMnMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATA7BgNV
HR8ENDAyMDCgLqAshipodHRwOi8vbG9jYWxob3N0L3BraXRvb2wvZXJvb3QxL2Vy
b290MS5jcmwwCgYIKoZIzj0EAwIDSAAwRQIhANIwDV9cYUXvI6WuBDrKUNCgVMrO
kxy3igQZs5/ttBvwAiAze1W9uN/K5ULbSeMjivldawnSsRPIYEYLmVeATe8ZQg==
-END CERTIFICATE-
Erik Tkal
Juniper OAC/UAC/
;
EC_GROUP_free(ecgroup);
Is there something I am doing incorrectly to generate the EC key?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Erik Tkal
cipher:.\ssl\s3_srvr.c:1353:
shutting down SSL
CONNECTION CLOSED
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
__
OpenSSL Project http://ww
In your client app are you setting the options on the SSL_CTX *before* you call
SSL_new()?
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Sebastian Raymond
Sent
If you build the OpenSSL crypto as a static library you should be able to
utilize it without including everything else in your app, depending on your
compiler/linker options.
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From
that TLSv1 in the cipher string disables
TLSv1.2 ciphers ? I didnt expect that.
>-- Original Message --
>Date: Fri, 15 Jun 2012 14:34:27 -0700
>From: "Erik Forsberg"
>Subject: How does cipher selection and TLS protocol negotiation interact
>To: openssl-users@openssl.org
I have a weird case that I cannot properly explain.
Using OpenSSL 1.0.1c for both client and server, I was testing various
combinations of ciphers and protocol version requests.
Basically, the server uses SSLv23_server_method().
The client code uses SSLv23_client_method() and SSL_OP_NO_SSLv2
Then
In fact a quick compare of x509.h shows that the X509_sign_ctx entry point is
new in OpenSSL 1.0.1.
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On
think 1.0.1 and 1.0.0 are binary compatible (only the
sub-releases that are lettered).
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of exvance
Sen
What's the output of 'which openssl' and 'openssl version'?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of exvanc
s are generated using Ephemeral
Diffie-Hellman, signed using RSA (since DH is subject to MitM attacks).
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On B
Hi Bin,
The OpenSSL names for P-256 and P-384 are prime256v1 and secp384r1.
Erik
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Bin Lu
Sent: Monday, March 05, 2012
So the web server is sending the list incorrectly. I once used a product that
just sent the certs in the order contained in the configured .PFX file, so the
easiest workaround was to repackage the .PFX.
Erik
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
F
Hmmm, but he said he was writing both the client and server components and
assuming both are using OpenSSL (I know, when you *assume*...) the mechanism
would be the same...
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org
g the handshake to generate
the master key to be used elsewhere (e.g. for proprietary encryption), then you
can get it from the SSL_SESSION object (not sure if there's a get method).
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@o
g the handshake to generate
the master key to be used elsewhere (e.g. for proprietary encryption), then you
can get it from the SSL_SESSION object (not sure if there's a get method).
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@o
.
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of y...@inbox.lv
Sent: Monday, July 18, 2011 2:10 PM
To: openssl-users@openssl.org
Subject: Re: revoking crt
is that really a
stuff...
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of andre505
Sent: Monday, May 16, 2011 9:29 PM
To: openssl-users@openssl.org
Subject: OpenSSL - Great Project
Hello
I
I think that means you have not enabled the cipher or hash that is required at
that point. Did you forget to call something like OpenSSL_add_all_algorithms()
in your app?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner
.
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of John R Pierce
Sent: Wednesday, May 11, 2011 12:47 PM
To: openssl-users@openssl.org
Subject: Re
OpensSSL supports TLS; you need to parse the EAP packets in your own
application and feed the TLS bits into OpenSSL.
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Neo
110419141516Z = 2011 04(April) 19th 14:15:16Z(UTC)
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Matt C
Sent: Tuesday, April 19, 2011 5:19 PM
To: openssl-users
second of the following would
work:
openssl md5 < user.pem (wrong format input)
openssl md5 < user.cer
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Matt
WinZip handles it just fine...
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Paul Suhler
Sent: Tuesday, April 12, 2011 11:53 AM
To: openssl-users@openssl.org
Subject
instead of RAND_bytes to avoid the conversion...
Regards,
Erik
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Viktor Krikun
Sent
You can use the -config option to specify a desired config file.
...
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of felix farcas
Sent: Friday
DER encoding of numeric data should always be network byte order MSB...LSB.
Note that if the high order bit is set then an additional 0 byte is prepended.
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us
Go to http://www.openssl.org/support/community.html
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Richard Buskirk
Sent: Friday, December
f its consumers.
Erik
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Victor Duchovni
Sent: Thursday, December 02, 2010 6:09 PM
[...]
1.0.0c contains important non-security bug fixes for 1.0.0b, so you
should deplo
Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864
was the reason 1.0.0b was released, but I cannot find any references to the
other two.
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner
Some zip programs do not restore the links properly. Regardless, when you
first build, those header files should be recreated from their actual locations
(e.g. openssl-1.0.0b/ssl/ssl.h).
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message
Are you linking with ws2_32.lib?
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of g A b R i E L
Sent: Friday, November 12, 2010 10:56 AM
To: openssl-users@openssl.org
Maybe that's a bug in OpenSSL 0.9.8o? The docs for verify say "It is an error
if the whole chain cannot be built up."
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:o
Hi Michael,
Your "rootcacert" is not a root cert, as it was issued by "C=US, ST=UT, L=Salt
Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com,
CN=UTN-USERFirst-Client Authentication and Email". You need to append that
cert as well to
How about using the d2i_ functions?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Leandro Santiago
Sent: Friday, October 29, 2010 7:26 AM
To
Hi Vivek,
There is no "x509 format" in that context; an x509 certificate encoding can be
represented in DER (binary) or PEM (text) mode.
Try:
openssl x509 -in TestCryptPublic.cert -inform DER -text
....
Erik Tkal
Juniper OAC/UAC/Pulse Development
F
Hi John,
Your CAfile must contain the chain that issued your cert (i.e. the
intermediate(s) and the root). The error is indicating that it is unable to
locate the issuer of the intermediate.
Erik Tkal
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl
n the hardware vendor (or yourself) would have to implement engine
code to perform the operations.
Erik
From: sagar gupta
Subject: Re: RE: AES in counter mode no support in openssl
can that aes_ctr.c be used to connect to hardware driver. I have a hardware
driver which can implement the encry
OpenSSL 1.0.0a has aes_ctr.c in the crypto/aes directory.
Erik Tkal
Subject: AES in counter mode no support in openssl
hi all,
I was working on the Openssl1.0.0 version for AES cryptographic support in
counter mode i.e; AES-CTR mode. I did not find any support added to the
openssl1.0.0
-AES days).
Erik Tkal
Hi,
Is it possible to have AES 512 bit encryption in latest release of openssl.
Regards,
Uday,
ffers the cipher suite list, and the server picks one
of these.
Also note that you cannot modify the cipher suite list in the Client Hello in
flight, as that would be detected in the handshake processing.
Erik Tkal
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:
integrity?
Thanks, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
ogram
against your target program.
> I need to create a program which check md5 of another program, if checksum
> match with one memorized the program will be exec.
There is still a possibility of a BadGuy replacing the program after
the md5sum is calcuated but before
t,
such a script could provide for "remote" builds, regardless whether the
configure script originates from auto* machinery (please let me know if
you think I am overlooking things).
>
> Patches are welcome!
>
I am going to see how much work would be involved, and how/if that
es a Makefile in $BUILD_DIR. The
Makefile, in turn, has SRC_DIR defined for its own usage and takes care
of proper referencing of SRC and BUILD directories.
Does the openssl roadmap foresee a further development in this area, or
is the current state deemed "
Erik Leunissen wrote:
So, indeed, it appears that the DTLS function interface hasn't been made
public (yet). That might well be because no API *functions* are needed
for the use of DTLS...
Of course I meant this to be:
So, indeed, it appears that no specific DTLS function interfac
Vladislav Marinov wrote:
Hi Erik,
I am currently trying to use the DTLS support from OpenSSL (not
completely successfully so far but I am learning..)... so my impression
is that when you create the context object you just have to use the dtls
method. Then there is also a datagram BIO if you
My previous post (30/03/07 01:54) regarding DTLS support didn't receive
any replies. Maybe I wasn't clear. So here's the question rephrased:
Can somebody please point out the commands to do DTLS?
Thanks in advance,
DTLS introduce new API's?
- If so, (where) have they been documented?
- If not, is there a difference in usage of the existing TLS API's
between securing TCP and securing UDP?
Thanks for any pointers/explanation,
in your configfile unless you have a better idea...
Right. I replaced the name_opt entry and now it works.
Hope it helps,
It did absolutely.
Greetings,
Erik Leunissen.
Ted
;)
__
OpenSSL Project
on file ca.conf. I've
extracted parts from that file that use "My_CA" (see below).
Can anybody say what's wrong? Please say so if you need further/other
information.
Thanks in advance,
Erik Leunissen
==
From the custom configguration file ca.conf:
##
Erik Leunissen wrote:
... The signatures (if expressed in hexadecimal format) all
start with an 8 byte sequence that matches the regular expression:
302[cde]021[45]
...
Of course that should be: "the first 4 bytes", which corresponds to "the
first 8 hex digits"
exts are appended to this message)
Is the observed pattern normal?
Thanks in advance for any advice,
Erik Leunissen.
=== test script ===
#! /bin/sh
openssl dsaparam -out dsaparam.pem 1024
openssl gendsa -out dsaprivatekey.pem dsaparam.pem
rm ./result
for file in ./text_1 ./text_2 ; do
cat
referenced aspects, I always found the
information I needed to be there, albeit terse at times.
I guess one needs to be (made) aware of this style of documentation.
Erik.
__
OpenSSL Project http://www.o
de is stored in an error queue
associated with the current thread. The err library provides functions
to obtain these error codes and textual error messages."
Does this help?
Erik Leunissen.
__
OpenS
Richard Koenning wrote:
Call RAND_status() (see http://www.openssl.org/docs/crypto/RAND_add.html#).
Right. I overlooked that one.
Thanks,
Erik.
__
OpenSSL Project http://www.openssl.org
User
form basis whether an
entropy source is lacking.
Erik Leunissen.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated Li
Thanks all for your valuable comments,
Erik Leunissen.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
to detect whether the PRNG has been seeded
before OpenSSL complains. How would I do that?
TIA,
Erik Leunissen
==
__
OpenSSL Project http://www.openssl.org
User Support Ma
ameters() or DSA_new() ), or
- the warning mechanism doesn't work properly
Can anybody shed some light on what's happening here?
In case it's relevant: the DSA_* functions that I mentioned above, are
used in a program that has been running on Linux and on Windows 2000.
1 - 100 of 142 matches
Mail list logo
