Hi Aya,
I have not tried this with a self-signed certificate, but putting the
"-sha256" option in the signature command has worked for me before, i.e.,
x509 -req -in server.csr -signkey server.key -out server.crt -sha256
The can check the attribute with:
x509 -text -in server.crt
...
Signatur
Ok, I've got a very weird issue involving OpenSSL 1.0.1e with FIPS. When I
run my test application which uses a dynamic dll, every other attempt will
fail with this error:
error:2D09F086:FIPS routines:FIPS_digestupdate:selftest failed
This happens with both checked and free builds.
I'm using VS
Does the same apply to DLLs? I'm planning on using OpenSSL+Fips in a DLL
that gets loaded either by other DLLs or directly from an application as a
support DLL (the App won't be known, as we're doing DLL to be used by other
vendors).
--
View this message in context:
http://openssl.6102.n7.na
I wondered about that. I saw several mentions about that.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Need-help-with-Windows-and-FIPS-enabled-OpenSSL-libs-tp43956p43975.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
I'm trying to validate my build of the OpenSSL + Fips static libraries. I
did verify that the OpenSSL.exe is fips enabled per some of the
documentation I've seen.
When I try to enable FIPs mode in my app, I get a failure in
FIPS_check_incore_fingerprint. From what I can determine, sig has some s
I gave up on WinCrypt. I never could get a IV or KEY that was usuable by the
OpenSSL tool.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Windows-WinCrypt-to-OpenSSL-help-tp43840p43955.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
___
Ok, I admit I'm a newbie and has probably been answered 1000s of times -
although I haven't found the answer.
I'm trying to do something simple. I'm trying to convert a simple string
using AES-256 and the Windows WinCRYPT api and have the output be something
I can then decrypt with OpenSSL on a L
Hi,
Does the PEM file have any "Bag Attributes" at the head of the file before
"-BEGIN CERTIFICATE-"? Not sure, but I have heard these can cause
issues with conversions.
Regards,
Bill
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@opens
Hi,
Does the PEM file have any "Bag Attributes" at the head of the file before
"-BEGIN CERTIFICATE-"? Not sure, but I have heard these can cause
issues with conversions.
Regards,
Bill
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@
As I recall the CER extension stands for "Canonical Encoding Rules" and not
"certificate" as I first thought and is somehow related to DER "Distinguished
Encoding Rules" or BER "Basic Encoding Rules". I'm not sure how they all
relate but I think a digital certificate is binary unless it's Base
t seems to imply that this may not be
possible.
Thanks,
Bill Glenn
Glenn
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Glenn MacGregor
Sent: Thursday, October 09, 2008 11:13 AM
To: openssl-users@openssl.org
Subject: cipher or hash unavailable
Hi All,
I am using openssl-0.9.8i with curl. When I try to access a secure site
(https) my
locking/unlocking.
Any help would be great.
Thanks
Glenn
The entropy pool size is configurable on some systems. For Linux see
/proc/sys/kernel/random/poolsize
Glenn
On Wed, Jun 11, 2008 at 7:52 AM, Bruce Keats <[EMAIL PROTECTED]> wrote:
> I forgot to mention that the systems in question are severs that do not
> have the keyboard or mous
From the man page: "/dev/random device will only return random bytes within
the estimated number of bits of noise in the entropy pool... When the
entropy pool is empty, reads from /dev/random will block until additional
environmental noise is gathered"
Glenn
, ref
string message)
Any thoughts?
Glenn R. Martin
Developer - DS Media Labs, Inc.
dsMediaLabs.com
Email Disclaimer
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee, you
should not disseminate, distribute or
, ref
string message)
Any thoughts?
Glenn R. Martin
Developer - DS Media Labs, Inc.
dsMediaLabs.com
Email Disclaimer
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee, you
should not disseminate, distribute or copy
y, April 13, 2005 5:55 PM
> To: openssl-users@openssl.org
> Subject: Re: PKCS7 verification using a public key.
>
>
> On Wed, Apr 13, 2005, Glenn Bullock wrote:
>
> > Gentlemen (et al ;),
> >
> > I am trying to verify a pkcs7 based signature generated by
> the
): ("Signature is NOT enveloped."));
if (!m_certificate)
{
if (!(m_certificate = X509_new()))
{
// throw error here
}
// !!! GLENN !!! This may not be correct (Sets its complimen
ation!
> -Original Message-
> From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 06, 2002 2:58 AM
> To: [EMAIL PROTECTED]
> Subject: Re: How does a client tell if a server is requesting a client
> cert?
>
>
> On Tue, Feb 05, 2002 at 09:4
I'm trying to make sure that my use of OpenSSL is
completely legal. In the United States, if that matters. My understanding
is that if I don't want to deal with obtaining liscenses from
patent holders, I need to make sure that my OpenSSL builds don't
use any patented algorithms.
I just stumbled across the doc for the ERR_remove_state function.
The code that I've written to exploit OpenSSL is a component of a
much larger system. The system loads my code and uses it "envelope" data
that the system sends over the network. The system may use any number of
My guess is that you have a big-endian/little-endian
problem. When I wanted to get CAPI to interoperate with the
encryption functions provided by RSA's Crypto-C toolkit I had
to byteswap the key values before the could be imported into
the other API.
> -Original Message-
> From
> -Original Message-
> From: Ali Seifi [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, April 15, 2001 11:11 AM
> To: [EMAIL PROTECTED]
> Subject: help Me
>
>
> Dear Sir/Madam,
> Hello
> I find your OpenSSL Source and enjoy from it. it's
> great.
> I has a Question :
> I need to write a WIN200
I am also
interested in porting OpenSSL to an EBCDIC platform, namely OS/390.
I'm
doing my development on HP-UX but I'll need to port the code to OS/390 if
possible.
When I get
to the point of working on OS/390, I can help with porting the
OpenSSL
code
if it hasn't been
check out cli.cpp in the demos directory
> -Original Message-
> From: Daming Wang [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 12, 2000 1:58 PM
> To: [EMAIL PROTECTED]
> Subject: Can anyone send me a sample about SSL client?
>
>
> Hi,
> I am a newcomer. I am interested in writt
Gary Feldman wrote:
> While it may not be exactly what you want, Stephen Thomas's
> book _SSL and
> TLS Essentials_ is nevertheless valuable. Its focus is the
> protocol, not
> the use or configuration of OpenSSL or other such package.
I agree totally. A very good and easy to read explanation
I'm curious if anyone knows how commercial browser clients (IE, Netscape,
Opera, etc.) seed their PRNGs? Anyone know or have any guesses?
Thanks,
Glenn
__
OpenSSL Project http://www.openss
> -Original Message-
> From: Komarnitski Igori [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 23, 2000 6:22 AM
> To: [EMAIL PROTECTED]
> Subject: Using SSL it posible to write...
>
>
> Hi.
> I have a question.
> Using OpenSSL it posible to write a client/server app who will work by
Greg,
Thanks for the fast response.
What are the restrictions outside the U.S.? (I thought this was relaxed
recently.)
Is the Elliptic Curve cryptography is implemented in the OpenSSL code? (I
can't any mention of algorithms based on this process in the code.)
Thanks,
->Settings...).
Select each configuration (Settings For:) and on the C/C++ tab, select 'Code
Generation' in the Category dropdown. Make sure that the runtime library
for each config is of the multithreaded variety.
Glenn
> -Original Message-
> From: Sergio Gallego
31 matches
Mail list logo
