icates are attached below.
They got stripped. Can you include them in a text format in the body
of your email please?
--
Martin Bonner
Any email and files/attachments transmitted with it are intended solely for the
use of the individual or entity to whom they are addressed. If this message has
Hello,
In addition to the already announced 3.0.7 release, the OpenSSL project
team would like to announce the forthcoming release of OpenSSL version
1.1.1s that is a bug fix release.
This bug fix release will be made available on Tuesday 1st November 2022
between 1300-1700 UTC too.
Yours
Hello,
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 3.0.7.
This release will be made available on Tuesday 1st November 2022 between
1300-1700 UTC.
OpenSSL 3.0.7 is a security-fix release. The highest severity issue
fixed in this release is CRIT
up, curve_name);
}
else
{
// error
}
Martin
From: Kory Hamzeh
Sent: Monday, October 24, 2022 7:22 PM
To: amar...@xtec.com
Cc: openssl-users@openssl.org
Subject: Re: Setting a group to an existing EVP_PKEY in OpenSSL 3
I haven’t done exactly what you are trying, but something sim
that to set it on the existing key.
Thanks,
Martin
{
to
EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, curve_name,
sizeof(curve_name), &out_len);
ecc_curve_type = ossl_ec_curve_name2nid(curve_name);
but ossl_ec_curve_name2nid() is internal and it is not defined in
/include/openssl/ec.h but in /include/crypto/ec.h
Thanks,
Martin
Hello,
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.5 and 1.1.1q.
These releases will be made available on Tuesday 5th July 2022
between 1300-1700 UTC.
These are a security-fix releases. The highest severity issue
fixed in 3.0.5 release is High,
Hello,
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.4, 1.1.1p.
These releases will be made available on Tuesday 21st June 2022
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue
fixed in these releases is MODERAT
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString 1234567890
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String John Doe
Any thoughts,
Thanks in Advance,
Alberto Martin
ivial" patch anyways.
Martin
Am 23.06.2020 um 12:19 schrieb Matt Caswell:
>
> On 22/06/2020 18:28, Martin Elshuber wrote:
>> I might be blind, but I just cannot find the location where this
>> plaintext data is
>> zeroized, neither by OPENSSL_cleanse() nor memset().
>
kind regards
Martin
-psk-server-client-example/src/783092f802383421cfa1088b0e7b804b39d3cf7c/psk_client.c?at=default
Martin
On Mon, Jun 3, 2019 at 4:35 PM Martin Townsend wrote:
>
> Hi,
>
> I'm trying to modify the evm/ima utility so that it can use a HSM to
> perform signing. I've setup SoftHSM and used this to create a
> certificate with an RSA public key pair. The evmctl code creates
my code above? I tried setting the
Engine in EVP_PKEY_CTX_new but get:
sign_hash_v2: failed to create context
140174165591744:error:260C0065:engine
routines:ENGINE_get_pkey_meth:unimplemented public key
method:tb_pkmeth.c:128:
140174165591744:error:0609D09C:digital envelope
routines:INT_CTX_NEW:unsupported algorithm:pmeth_lib.c:166:
errno: Invalid argument (22)
Any help appreciated,
Martin.
G'day openssl-users,
is there a way to unset a 'SendEnv' given by /etc/ssh/ssh_config?
signature.asc
Description: OpenPGP digital signature
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Oh, no, chancel this! Wrong list list... :-(
signature.asc
Description: OpenPGP digital signature
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Well, after a couple more tries it seems to be working now. I don't get the
same error as before, but rather a complaint about stddef.h not being found.
I'm guessing that's more of a Visual Studio problem, so I'll look into that.
Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.o
Hi Richard,
> You simply need to do exactly what you're told, i.e. run 'nmake'
> again.
>
> If that happens again and again, then you have a problem. If I were
> in your shoes, I'd look pretty hard at file time stamps to see if I
> could figure it out from there.
I ran it several times and saw t
Hi all,
I'm trying to build OpenSSL on Windows. I'm using the nmake that came with
Visual Studio 2017, NASM, ActivePerl and have installed the Test::More and
Test::Template modules. nmake, perl and nasm are all visible in my system Path
variable. This is what I'm seeing:
C:\Users\e1\openssl\sourc
Hi,
Uncomment line 54
crl_extensions= crl_ext
BR
Juan Ángel
De: openssl-users [mailto:openssl-users-boun...@openssl.org] En nombre de Ivan
Rubinson
Enviado el: jueves, 1 de junio de 2017 12:15
Para: openssl-users@openssl.org
Asunto: [openssl-users] Making a CRL with an authority
Matt Caswell wrote on 04/20/2017 03:23 PM:
>
>
> On 20/04/17 14:19, Martin Brejcha wrote:
>>
>>
>> Matt Caswell wrote on 04/20/2017 01:29 PM:
>>>
>>>
>>> On 20/04/17 12:26, mahesh gs wrote:
>>>> Hi Matt,
>>>>
>>
te for 1.1.0.
>
> I'm looking at this issue at the moment.
>
> Matt
>
hi,
btw: I've tested similar scenario and handshake works fine.
test env: client and server on different VMs (rhel7.2, openssl 1.1.0e,
non-blocking sockets and segmented certificate)
So, it should work a
Matt Caswell wrote on 04/13/2017 03:45 PM:
>
>
> On 13/04/17 10:11, mahesh gs wrote:
>> Hi,
>>
>> We are running SCTP connections with DTLS enabled in our application. We
>> have adapted openssl version (openssl-1.1.0e) to achieve the same.
>>
>> We have generated the self signed root and node
On 1 February 2016 at 22:45, Viktor Dukhovni wrote:
>
> You're using internal function names that are not exported by the
> libcrypto shared library on Debian systems. Use the EVP interface.
>
> In future versions of OpenSSL constrained visibility of shared
> library symbols will be extended to m
Hello,
I have a C program, which is using AES routines from the OpenSSL
library. I have the necessary library installed (libssl-dev
1.0.1e-2+deb7u19):
$ ls /usr/lib/x86_64-linux-gnu/libcrypto.*
/usr/lib/x86_64-linux-gnu/libcrypto.a
/usr/lib/x86_64-linux-gnu/libcrypto.so
/usr/lib/x86_64-li
Is there a way to obtain the amount of data available to be read?
I'm working with a system that operates in non-blocking mode using
epoll. When an EPOLLIN event is received the aim is to read the data.
For the non-SSL case, the amount of data can be obtained using ioctl
FIONREAD. This is use
Hi Kurt,
I send OpenSSL blocks of 512 bytes...but as fast as it will consume them
(since I want rid of the data as fast as possible). Blocking.
Martin
On 15 May 2015 at 21:21, Kurt Roeckx wrote:
> On Fri, May 15, 2015 at 12:44:03PM +0100, Martin Beynon wrote:
> >
> > Tha
Sorry Rich,
It does - as in; look like a network issue. But I fail to see how.
If I try to push 10MB/s into openssl and everything works as expected until
the available network bandwidth drops below 150 kpbs, this points at
openssl - I think.
That is right from 100Mbps down to 150 kpbs everythin
).
Cheers,
Martin
On 15 May 2015 at 12:00, Salz, Rich wrote:
> >I've tested with s_client between my PC and an AWS EC2 instance. I've
> also tried using s_tunnel and nmap/ncat. The results appear the same. Using
> wireshark I see a lot of TCP retransmissions.
>
>
different behaviour?
Thanks in advance,
Martin
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi,
I'd like to know if it is possible to add eContent to a signedData which has no
signers?
The ANS X9 TR34 technical report defines a rebind token as having the following
structure.
SignedData (inner content):
There are no digestAlgorithms included.
The EncapsulatedContentInfo eContent
On 15/07/14 15:05, Dr. Stephen Henson wrote:
On Mon, Jul 14, 2014, Martin Basti wrote:
Hi list,
I have RSA encrypted private key as byte sequence, and I need to
export it as ASN.1 type EncryptedPrivateKeyInfo (RFC5958 section 3.)
Currently I use the following code (shortened):
unsigned char
value
(version). Output seems to be the OneAsymmetricKey type (RFC5958 section
2).
Is there any way, how to export encrypted key as EncryptedPrivateKeyInfo
DER?
--
Martin Basti
value
(version). Output seems to be the OneAsymmetricKey type (RFC5958 section 2).
Is there any way, how to export encrypted key as EncryptedPrivateKeyInfo
DER?
--
Martin Basti
__
OpenSSL Project
server for instance).
On 09.01.2014 14:52, Yvonne Wambui wrote:
> could you please explain the last reason.
>
>
> On Thu, Jan 9, 2014 at 3:38 PM, Martin Hecht wrote:
>
>> X509_V_OK would be code 0
>> 19 means that the CA certificate could be found, the chain could be
>>
subject
hash of the CA certificate appended by ".0" but I'm not sure if this is
the cause for code 19 here. Might as well be that by accident you have
copied the server or client cert instead of the issuing CA cert or
something like that...
On 09.01.2014 13:04, Yvonne Wambui wrote:
certs directory configured in this
file is /etc/ssl/certs).
On 09.01.2014 06:59, Yvonne Wambui wrote:
> thanks martin, your response shade some light and i can now understand what
> im doing. Im trying to create a two way ssl connection, the problem when
> verifying the connection to the ser
On 08.01.2014 15:32, Yvonne Wambui wrote:
> i get this error when verifing a non-self signed certificate. how do i make
> it not point to the rootCA
>
It makes no sense to verify a non-self signed certificate without the
rootCA certificate. To verify such a certificate you have to provide the
certi
e. You would put the self-signed certificate into
the trusted certificates folder on the client and the server and use two
other certificates in the API on the client and the server respectively.
best regards,
Martin
_
lways the case).
However, when
you talk about intermediate and signing CAs I guess the tutorial refers
to this
solution rather than the first one.
best regards,
Martin
__
OpenSSL Project http:
are stored
openssl verify -CAfile file.pem demoCA/newcerts/00.pem
# look at the file in text form, just to complete the list
# of widely used commands :-)
openssl x509 -in file.pem -noout -text
PS: I have tested this with OpenSSL 0.9.8k in Ubunt
Collected performance numbers using "openssl speed" for two copies of OpenSSL
1.0.1e,
one built as FIPS-capable, the other not, running on an ARMv6. I am having a
hard time
understanding the differences I observed and would appreciate any insight.
Non-FIPS Capable
# openssl speed aes
Type
openssl >= 0.9.8
On 06.11.2013 17:08, Patetta, Nicholas wrote:
> Anyone know which version of OPENSSL is needed to support SHA256? Thanks.
>
>
>
> -Original Message-
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Raullen Chai
> Sent: Tuesd
On Wed, Nov 6, 2013, Dr. Stephen Henson wrote:
> On Tue, Nov 05, 2013, Vuille, Martin (Martin) wrote:
>
> >
> > Another approach I am considering is to have both a FIPS-capable and
> > non-FIPS capable version of OpenSSL installed on the system (with
> > suitable ad
On Tue, Nov 5, 2013, Dr. Stephen Henson wrote:
> On Tue, Nov 05, 2013, Vuille, Martin (Martin) wrote:
>
> > Hi,
> >
> > I have some questions about this change:
> >
> >
> http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dded7f7e8e9f7
> > 37ef9
Hi,
I have some questions about this change:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dded7f7e8e9f737ef9d7e3c3ef165a78fd7fa1d
I am interested in using this functionality and wondering whether it would be
feasible and reasonably safe for me to back-port it on top of 1.0.1e?
What
Thus wrote Lionel Estrade (lionel.estr...@myriadgroup.com):
> I am looking for a SSL/TLS stack for a project based on CVP2 and I
> need to know if the following RFCs (which are required by CVP2) are
> fully/partially implemented in OpenSSL.
> RFC 4680 - TLS Handshake Messages for Supplement
access to the rt.openssl.org page you indicate me. It would be
beneficial to others who have the same problem as me.
Best regards
Martin
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Pierre DELAAGE
Sent: 23 juillet 201
ls\wce500\{SDK-Platform}\Include\Armv4i\ws2tcpip.h"
The OpenSSL developers take the time to consider the Windows CE configuration,
but it does not work at all :(
Is there really someone who has succeed to compile this library for Windows CE ?
We really need OpenSSL, and it very urgent ! For several days we have been
stuck on this compilation problem.
Hope someone have some fresh news ?
Best regards
Martin
sents the identity that is mentioned in the cert.
Otherwise, anybody could copy the certificate from the wire, or from
some directory service (it's really public).
The server shouldn't have the private key at all - the private
key should never leave the
64 chars
On Wed, Oct 10, 2012, Dr. Stephen Henson wrote:
> On Tue, Oct 09, 2012, Juan Angel Martin Gomez [AC Camerfirma] wrote:
>
> > Hello,
> >
> >
> >
> > Im trying to make a CSR with a CN that has more than 64 chars
> >
> >
> >
>
Hello,
Im trying to make a CSR with a CN that has more than 64 chars
I know that the upper bound is 64 chars, but I can see in the RFC 5280 this
note:
-- Note - upper bounds on string types, such as TeletexString, are
-- measured in characters. Excepting PrintableString or IA5String,
.
Does anyone see what I'm doing wrong here? Or does anyone have test
vectors so that I can verify my code? I know there's test vectors from
rsasecurity but they're only for oaep sha1.
Thanks in advance for your help,
Martin
___
are better off using
the WinRT API for secure communication, instead of OpenSSL (except
if you want to do stuff that is not supported in WinRT).
Regards,
Martin
__
OpenSSL Project http://www.openssl
On 16.06.2012 14:02, Dr. Stephen Henson wrote:
> On Sat, Jun 16, 2012, "Martin v. Lwis" wrote:
>
>> I'm trying to connect to https://grooveshark.com using s_client, and get
>>
>> CONNECTED(0003)
>> depth=3 /L=ValiCert Validation Network/O
E:bad
signature:s3_clnt.c:1450:
OpenSSL 1.0.1c connects fine. So I wonder whether this is a bug in
0.9.8, or whether the server is misbehaving (and it's just that 1.0.1
uses a different protocol parameter set).
If it's a bug: when was it fixed, and will the fix be backported to 0.9.8?
Hi,
Please read
http://stackoverflow.com/questions/10960269/git-ssh-askpass-on-windows
"
[...]
How can I force SSH to use SSH_ASKPASS without the DETACHED_PROCESS
flag?
[...]
"
Any tips?
Thanks, Martin
__
OpenS
be a shared library issue and that's something I CAN
sort out myself.
Thanks again for the info.
--
Martin Ward
Manager, Technical Services
Service Operations
DDI:+44 (0) 20 7863 5218 / Fax: +44 (0)20 7863 / www.colt.net
Colt Technology Services, Unit 12, Powergate Business Park, Volt Av
Hi all,
I have what should be an easy question, but I cannot find the answer anywhere.
I have installed a newer version of OpenSSH on my system but it's complaining
with the error "OpenSSL version mismatch. Built against 1000101f, you have
107f". The problem is that I cannot translate 10001
M", I still miss 8 out of the 24 available ciphers.
Martin
-Message d'origine-
De : owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
De la part de Dr. Stephen Henson
Envoyé : lundi 26 mars 2012 18:25
À : openssl-users@openssl.org
Objet : Re: OpenSSL 1.0.
no cipher
match:ssl_lib.c:1312:
Any help would be really appreciated.
Thanks.
Martin
This message and any files transmitted with it are legally privileged and
intended for the sole use of the individual(s) or entity to whom they are
addressed. If you are not the intended recipient, plea
---Message d'origine-
De : owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
De la part de Dr. Stephen Henson
Envoyé : vendredi 16 mars 2012 16:11
À : openssl-users@openssl.org
Objet : Re: RC4-SHA
On Fri, Mar 16, 2012, KUTILEK Martin wrote:
> Hi,
>
> I am
RC4(128) Mac=SHA1
PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
Is it normal that "RC4-SHA" and "RC4:!MD5" do not give the same cipher
listing?
Thanks for your clarification.
Martin
This message and any files transmitted with it are legall
)") 2>/dev/null
I use it for monitoring. It works with all ssl wraped protocols (ie.
smtps ftps, imaps pop3s). It does not work with other encrypted services
such as ssh or sftp.
Regards
Martin
Am 26.11.2011 18:00, schrieb Lou Picciano:
Can a certificate's expiration date be queried directly?
Users list haven't been able to help me find a solution, so I
wondered if anyone on this list could
tell me what I'm doing wrong?
Thanks
Martin.
Below are the contents of the ca.cnf, server.cnf, client.cnf files &
Dave Thompson writes:
>
> > From: owner-openssl-users@... On Behalf Of Johnson, Chris E
> (OGA)
> > Sent: Wednesday, 10 August, 2011 11:45
>
> > I typed in a term window in a linux machine the following command.
>
> > $ openssl s_client -connect rsa6.fema.gov:7004
>
> > W
Hi,
I recently got the latest version of OpenSSL (1.0.0) however I now have a
problem with one of my certificates that I didn't use to have in an older
version. Specifically, whenever I try to do anything with this particular
certificate I run into an:
1472:error:0D0680A8:asn1 encoding routines:
org/download/aid-780/sec1-v2.pdf
No knowledge of the private key is needed.
Regards,
Martin
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
I understand why nobody gave an answer to this question, because the crucial
hint was missing:
I am using the GLib GSocketService for handling incoming connections. The GLib
uses non-blocking
sockets under the hood which I was not aware of. Especially the
g_socket_set_blocking() function
does n
0:ee:fd:32:06:ac:4e:87:f1:39:d6:64:7b:01:6e:
...
prime2:
00:e4:5b:f9:90:f7:28:27:df:e9:47:e0:7c:02:0d:
...
exponent1:
76:f7:b3:9f:7e:c6:d9:05:4c:35:5d:6f:9e:16:b4:
...
exponent2:
5a:d5:0a:cb:d2:c3:b2:38:aa:3d:e0:d8:f2:a8:34:
...
coefficient:
ot;... and all certificates issued after December 31, 2003 MUST use the
UTF8String encoding of DirectoryString ..."
Is there a mismatch between OpenSSL and RFC3280 or am I misunderstanding
something?
Best regards,
Martin
--
kaiser@host:~ > openssl req -new -newkey
ndshake the number
of sent/received data is
SSL handshake has read 349 bytes and written 145 bytes
whereas in the above output the transmitted data is much less.
Does anyone have a suggestion how to fix the code using the SSL-BIO
approach? Any hints would be appreciated.
Hi,
I have a PCKS7 cert created when I signed some binary data with this command:
openssl smime -pk7out -sign -in myInsydeL2CertVar.dat -outform DER -nochain
-nosigs -noverify -binary -signer mySignpfx.pem -out myInsydeL2CertVarSigned.dat
I can decode the cert with Openssl at the command line
ssl pkcs12 -export -in all.pem -out mypkcs12.p12 -name tomcat
Regards,
Martin
2011/2/17 Lutz Jaenicke :
> Forwarded to openssl-users for discussion.
>
> Best regards,
> Lutz
> - Forwarded message from Alexander Mills
> -
>
> From: Alexander Mills
> To: r..
To: openssl-users@openssl.org
Subject: Re: Adding non-root certificates to the list of trusted certificates?
On Mon, Feb 14, 2011 at 04:36:07PM +, Martin Nicholes wrote:
> I am also interested in the ability to allow non-root certs, but my
> company is not planning on distributing O
I am also interested in the ability to allow non-root certs, but my company is
not planning on distributing OpenSSL. Therefore a custom verification callback
would not be an option; we would need a compile option to allow this feature.
We work in an embedded environment (firmware), and need to
me, the double . in link_a..so.1.0.0 and the missing 'c' are suspicious.
I'm not the only one having this error message:
http://www.mail-archive.com/openembedded-devel@lists.openembedded.org/msg05826.html
But I don't understand the note about the 'colon'.. any h
sure you have tried with a current version of OpenSSL).
How did the manufacturer get a shared libcrypto on the device?
Thanks in advance,
Martin
__
OpenSSL Project http://www.openssl.org
User Su
OK, I guess this is the only way to go then. Thanks for the help!
Regards,
Martin
2010/11/9 David Schwartz :
> On 11/6/2010 7:44 AM, Martin Boßlet wrote:
>
>> I just tested, whether the BER-encoding is preserved if I do not alter
>> any of the contents. Unfortunately, it seems
nctions and see how far I get!
2010/11/6 Dr. Stephen Henson :
> On Sat, Nov 06, 2010, Martin Bolet wrote:
>
>> I just tested, whether the BER-encoding is preserved if I do not alter
>> any of the contents. Unfortunately, it seems as if the encoding is not
>> preserved. I
e.g. an Octet String in
constructed form with inifinite length, which was DER-encoded in
primitive form using definite length in the output.
Is there a way how I can circumvent the reencoding?
Best regards,
Martin
(BTW: I'm using 0.9.8o, maybe it's different in 1.0.0?)
2010/11/6 Mart
Thanks for this, I'll have a look at the streaming features then!
Best regards,
Martin
2010/11/6 Dr. Stephen Henson :
> On Fri, Nov 05, 2010, Martin Bolet wrote:
>
>> I'm sorry, I was not precise here. Actually I think (have to verify it
>> again though) the encoding
can I force to use indefinite length
instead of the DER definite length bytes?
Regards,
Martin
2010/11/5 Martin Boßlet :
> OK, great, one thing less to worry about!
>
> But I still face a problem with the explicit [0] tagged content of
> EncapContentInfo. In this particular case it has an
existing encoding here?
Thanks,
Martin
2010/11/5 Dr. Stephen Henson
>
> On Fri, Nov 05, 2010, Martin Bolet wrote:
>
> >
> > A more general problem is that many signatures pretend to be DER-encoded but
> > they actually apply the wrong order in DER sets. Thus, computing
help,
Martin
er each verification step.
Inside the callback function, you can call
X509_STORE_CTX_get_current_cert(ctx)
to get the certificate that's currently being verified, the ok parameter
will give you OpenSSL's verification status.
Maybe this helps,
Martin
___
rt -out tut-ca.pem
and use this file as input to your application.
Best regards,
Martin
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
shows only the numeric representation. In this case, I'd really need to
modify the sources to make openssl display the name.
Is my understanding correct or am I missing something?
Thanks,
Martin
__
OpenSSL
ped.)
My understanding is that this requires changes to the sourcecode. Either
you add your object to objects.txt and recompile openssl. Or you call
OBJ_create() from your application.
Others, please correct me if I'm wrong.
Best regards,
Martin
__
Hi,
Thus wrote Arunkumar Manickam (arun.c...@gmail.com):
> Is openssl library thread safe so that it can be used in an multithreaded
> environment as is.
http://www.openssl.org/support/faq.html#PROG1
Regards,
pshot/
Regards,
Martin
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Hi,
I created a testing CA with openssl. I generated my root private key and my
self-sign root certificate. Then, I created a server authentication
certificate issued by my root certificate. I also created an empty CRL to be
publish that will last for a year. In the CRL distribution point of my
>val=EVP_EncryptUpdate(ctx, out, &num_bytes_out, plaintext, num_bytes_in );
> //Encrypt plaintext
> for (int i=0; i<8; i++) //Print ciphertext
> {
> printf("%02x",out[i]);
> }
> cout< }
EVP_EncryptFinal() is missing.
The attached exampl
_DecryptInit_ex(&ctx, EVP_des_ecb(), NULL, myKey, NULL);
assert(ret == 1);
ret = EVP_CIPHER_CTX_set_padding(&ctx, 0);
assert(ret == 1);
and then EVP_Decrypt_Update(), EVP_DecryptFinal(). Similar for
encryption.
Hope this helps,
Martin
_
ign key.pem input.txt > sig.txt
openssl sha1 -verify pubKey.pem -signature sig.txt input.txt
Best regards,
Martin
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
was actually a quite stupid error but not so easy to track down.
Martin
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
For all interested this is the output of the ssldump. As you can see at the end
the connection abruptly aborts with the error "Length missmatch".
> SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1061:SSL alert number 20
> sudo /usr/sbin/ssldump -dA -i lo port 9111
New TCP connection #1: loc
olve the problem. As
I check the return values of SSL_read and SSL_write conscientiously I can tell,
that I have no SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE errors going on.
Is there something else that could lead to the above error message, which I
didn't take into account yet?
Any help would be greatly appreciated.
Regards,
Martin
I have to protect the SSL object on my own from concurrent access? Is there
something else that could lead to the above error message, which I didn't take
into account yet?
Any help would be appreciated.
Regards,
Martin
. Can this be done and if yes: how? Thank you!
Kind regards!
Martin
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
1 - 100 of 352 matches
Mail list logo
