On 18/12/2018 18:04, Sam Roberts wrote:
> Maybe you should look at gpg directly, `gpg --symmetric` uses a passphrase,
> which doesn't sound fiddly.
Unfortunately that doesn't do what I want: I'm after something using public key
encryption (asymmetric, or a hybrid). This is so I don't need to deplo
needing fiddly work deploying the
keys (as GnuPG seems to require for its keyring, judging from my experience
deploying Backup-Ninja / Duplicity using Ansible.) So other solutions, if tried
and tested, might work for me.
Cheers,
Nick
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
password with the payload and using symmetric encryption.
As I'm not really a crypto/security expert, I thought I'd post it here and ask
for some feedback on it.
https://github.com/wu-lee/hencrypt
Thanks!
Nick
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Thu, 2013-02-21 at 05:15 -0500, Jeffrey Walton wrote:
> You enabled it with -Wextra, then you turned it off with
> -Wno-missing-field-initializers. Its not latched - the last option
> wins.
Good catch! I forgot to remove that while doing some rapid prototyping.
> In addition, GCC's analysis m
ers :)
Firstly, -Wno-missing-field-initializers turns
-Wmissing-field-initializers *off*, which does not help.
Secondly, -Wmissing-field-initializers is enabled as part of -Wextra,
which I have enabled.
Nick
_
On Tue, 2013-02-19 at 16:48 +, Viktor Dukhovni wrote:
> On Tue, Feb 19, 2013 at 03:57:00AM -0500, Nick wrote:
>
> > I see EVP_EncodeUpdate adds a newline char after every 64 chars of
> > output (presumably to wrap the output). Can this be disabled?
>
> No, but the EV
mand-line openssl tool, I'm reminded that it expects
the key & IV in hex values.
Nick
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
I see EVP_EncodeUpdate adds a newline char after every 64 chars of
output (presumably to wrap the output). Can this be disabled?
Nick
__
OpenSSL Project http://www.openssl.org
User Support
prompt & helpful responses.
Nick
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
C) which silenced the warning and that part of the
code worked anyway. So it still boils down to the developer knowing
what he/she is doing and not relying on tooling to point out problems.
Nick
__
OpenSSL Proj
ike this:
>
> RSA *prsa1, *prsa2;
>
> prsa1 = RSA_new();
>
> prsa2 = d2i_RSAPrivateKey_fp(pFile, &prsa1);
>
> But there isn't really any point as you can just do:
>
> rsa = d2i_RSAPrivateKey_fp(pFile, NULL);
>
> Which will call RSA_new() internally.
not valid?
RSA rsa;
RSA *pTmpRsa(&rsa);
RSA *pRSA = d2i_RSAPrivateKey_fp(pFile, &pTmpRsa);
Nick
__
OpenSSL Project http://www.openssl.org
User Support Mailing Li
nce+between+ssl+and
+tls&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Does that help?
Nick
__
OpenSSL Project http://www.op
NULL ptr that's passed as the 2nd param always be allocated
with OPENSSL_malloc? Can it not come from the stack or some other heap
allocator?
Nick
__
OpenSSL Project http://www.openssl.org
User Suppor
icense GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show
copying"
and "show warranty" for details.
This GDB was configured as
/* failure */
}
}
Hope that is of use, and makes some sense.
--
Nick Gorham
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
(leaving everything after the BIT string
header) worked in the target application.
Is there a trick to getting openssl not to output the OID and BIT string
wrapper?
Thanks,
Nick
__
OpenSSL Project
enssl-devel-0.9.7a-43.17.el4_6.1
I am confused as to what is missing here. From my standpoint, there should be
no error when trying to load SSLeay.so file, especially a "No such file or
directory" error because 'ldd' responds properly.
What am I missing here?
-Nick
An excellent idea Ger, I will try it now, thanks for replying.
Nick
On 11 Feb 2009, at 14:04, Ger Hobbelt wrote:
Since from the looks of it your feeding enc an entire disc image, the
first question of course is: have you tried your process with a
smaller file, say a snippet of about 1K of
issue it would be
much appreciated!
Regards,
Nick
Dr. Nick van der Merwe
Director: Technology & Business Development
Ideco Technologies (Pty) Ltd
Tel: 011 463 1902
Fax: 086 529 0641 / 011 745 5615
Mobile: 083 709 8230
E-mail: <mailto:[EMAIL PROTECTED]&
}
ret = BIO_reset(bio_cert);
ret = BIO_free(bio_cert);
bio_cert = NULL;
return 0;
}
I think the problem is that you haven't freed the X509 structure
which was created when you read the certificate.
So your program needs something like
if (cert) {
in your chain - in PEM format - into a file (chain.pem or similar) and
supply this file as the parameter
to your -Cafile options.
Hope this helps.
Nick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Simon McMahon
Sent: Thursday, August 31, 2006 4
chain back to the root in it - by
which I mean the certificates
for all links in the chain in PEM format concatenated. Supplying this
extra parameter worked for me.
Good luck.
Nick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent
That part I can't help you with. Sorry.
However I did just merge them as you describe.
Good luck.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marten Lehmann
Sent: Thursday, August 10, 2006 3:31 PM
To: openssl-users@openssl.org
Subject: Re: merging c
I merged some certs which were in PEM format just by putting them
together in the editor.
The openssl ocsp command has a param -CAfile where fname needs
the entire cert chain
back to the root. I did it in Notepad and it worked fine.
I haven't tried it with .DER format.
-Original Message
eventually!) looks like
it gives more flexibility for negative testing than trying to persuade
a real server to
reply with the responses which my test cases require.
I am using version 0.9.8b, as you are.
Thanks for your input here.
Nick
-Original Message-
From: [EMAIL PROTECTE
ith a status I choose, for any
certificate which I choose.
I notice however that if I set the Status column to be R(evoked) I get
a staus of unknown rather than
revoked.
Does anyone have any observations on this ?
Thanks to Ted fo his input on this query.
Nick
-Original Message-
5Z 041009233205Z 02 unknown /CN=Rick/O=Rick
/L=Hamburg/C=DE
in the hope that ocsp would see the V for othe cert identified and
return a status of valid.
Thanks in advance if you can find the tiem to help.
Nick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Hello
All,
Does anyone know where there is a definition of the format of the contents of
the index.txt file used with the ocsp and ca
commands
? (This file contains info on the revocation status of
certificates).
Thanks,
Nick
this posting they would have have
my sincere gratitude - however useless
that might
be.
Cheers,
Nick
Fitzsimons
Dr. Stephen Henson wrote:
On Tue, Jun 21, 2005, Nick G. wrote:
Hello,
I have a need to read an encrypted RSA Private Key generated using
openssl with a java program. I have included some background at the end
of this message, but my question is basically: how is the pass phrase
converted
uld be the "simplest" solution.
Regards,
Nick Grynkewich
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@open
I have a security requirement that all files in a users directory have
permissions no greater than 0750. When ~/.ssh/known_hosts is created it
is given 0644. Is there a reason for this? I can see why other would
"need" access to this file at all.
Nix
__
509(). Sometime later, I need
to convert the DER buffer back into an X509 structure using d2i_X509()
and that's when the wheels come off the wagon.
I've attached a code snippet that shows the problem. Can anyone help me
out?
Thanks,
Nick
all:example.c
gcc -o example -
for a CRL file.
Is there some sort of magic hash based naming that needs to be done for
the CRL files so they can be identified and checked against?
Thanks
Nick
__
OpenSSL Project http://www.openss
On Sat, 2003-08-23 at 15:25, Dr. Stephen Henson wrote:
> On Sat, Aug 23, 2003, Nick Gray wrote:
>
> > Dr Henson,
> >
> >
> > > Try deleting the demoCA tree and doing CA.pl -newca again.
> > >
> >
> > That isn't it. I tried that firs
Dr Henson,
> Try deleting the demoCA tree and doing CA.pl -newca again.
>
That isn't it. I tried that first. I am assuming the demoCA that it
looks for is in the current working directory.
> Also check openssl.cnf is somewhere usable or OPENSSL_CONF points to it or the
> req command will give
Prior to version 0.96 I didn't have a problem with OpenSSL at all. Today
I built a new system and tried to use it with the following results.
root:/usr/local/openssl# cd misc
root:/usr/local/openssl/misc# ls
CA.pl CA.sh c_hash c_info c_issuer c_name der_chop
root:/usr/local/openssl/misc# ./C
On Tue, 2003-02-25 at 12:32, Dr. Stephen Henson wrote:
> On Tue, Feb 25, 2003, Nick Gray wrote:
>
> > On Tue, 2003-02-25 at 11:00, Dr. Stephen Henson wrote:
> >
> > You cant call ./Ca.pl -sign a second time. I "knows" about the
> > certificate that was pre
!\n");
Regards,
Nick Marcantonio
[EMAIL PROTECTED]
Venturcom, Inc
-Original Message-
From: marcus.carey [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 25, 2002 6:06 PM
To: [EMAIL PROTECTED]
Subject: Re: question about SSL libs
SSL_library_init() registers the available
slight
modifications.
There are one more swith NO_OBJECT, but I am not of it's impact on SSL/TLS
functionality. Can anyone clear this?
And of course I am disable unused cyphers and hashes. For now I am define
NO_RC5, NO_BF, NO_CAST, NO_RIPEMD
REMOVE
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
ways of
making them the same ?
Many thanks
Nick Farrow
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
ber of the BBB On-Line Reliability Program
- Member of the Web Host Guild & VeriHost
-Original Message-
From: Nick Gaugler [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 09, 2002 5:53 PM
To: [EMAIL PROTECTED]
Subject: Basic OpenSSL Client w/Pthreads
I've come up with the followin
here any
known issues or can anyone shed some light onto the subject for me?
Thanks in advance,
Nick
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
The point is that th
At 10:28 AM 2002-04-25 +0200, Richard Levitte - VMS Whacker wrote:
>In message <[EMAIL PROTECTED]> on Wed, 24 Apr
>2002 18:45:33 -0400, Nick Simicich <[EMAIL PROTECTED]> said:
>
>njs> It looks like the Received headers are filtered at the opens
of moral and patriotic feeling which thinks that nothing is
worth war is much worse. A man who has nothing for which he is willing to
fight, nothing he cares about more than his own personal safety, is a
miserable creature who has no chance of being free, unless made so by the
exertions of bet
ans the problem
lies with the key ? I take a hardcoded 8 byte key and use des_string_to_key
and then create a des_key_sched prior to doing the encryption.
Does anyone have any suggestions or any experience of using perl / openssl
together just for DES as opposed to complete SSL communication ?
than
when Verisign purchased
them :-<). Does anyone have specific URL's about this?
Nick
*** REPLY SEPARATOR ***
On 10/29/2001 at 3:02 PM Juan Carlos Albores Aguilar wrote:
>is the following possible?? if so, could you explain me how or point me
>documentation about
Good Day,
My name is Nick Jenkins. I am setting up an Apache + mod_ssl + OpenSSL
(AMO, heretofore) configuration for internal testing purposes here at GE.
In general, I think this solution is great, and that although it is a shame
that SSL was necessarily 'chucked' from Apache due
but if not
what do I have to do to make sure that the handshaking occurs?
I'd appreciate any information you can send my way: answers, code, FAQ's,
etc. that you can refer me to.
Thanks,
Nick Woods
> _client_method, presumably?
Whatever, get the same error when I experiment with an SSL server and
connect to it with IE f.i. (both SSL client connect to a secure server and
SSL server contacted by IE broswser fail on this mac thing).
anyway tnx. for the help,
kind regards,
n
on 9/20/00 17:08, Bodo Moeller at [EMAIL PROTECTED]
wrote:
> On Wed, Sep 20, 2000 at 04:48:39PM +0800, Michael Lee wrote:
>
> [...]
>> I have encountered exactly the same "bad mac decode" error before, although
>> I am using VC++6 on Windows 98. My HTTPS client application attempts to
>> connec
Thanks for the quick response: However, I've tried adding this and still get
the same problem.
Nick
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Sylvester
> Sent: 15 September 2000 12:02
> To: [EMAIL PROTECTED]
> Su
the Message Hash attribute.
Is there something that should be done to set up the object identifiers?
Can anyone help?
Thanks
Nick
__
OpenSSL Project http://www.openssl.org
User Support Mailing
One thing that hits smime in a way that it doesn't hit openssl's other
uses (SSL net services) is that you may want to verify an smime message
long after the SSL cert has expired. IMHO it is not, strictly speaking,
the same thing to say that a cert is expired and can't be used to generate
_new_ me
>After living w/ this problem
>for months, I"m to the point where I'll try anything.
Me too.
nick.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Can
this person please contact me, I'm dying for some feedback here,
maybe something compiled but isn't quite acting as it should. Or
maybe there's a programmatic fix to allow the strange MacOS IE5.0
behaviour (=more or less tolerate the buggy behaviour).
anyway, man
Hi all,
can anyone pass me some url's to servers running openssl-0.9.5a, as I
suspect that IE5.0 on Mac may be incompatible with this openssl
version and NOT with f.i. 0.9.3a.
Also does anybody know why https://www.modssl.org is running openssl-0.9.3a ??
kind regards,
[following up my own posting]
Nick Boyce wrote :
> Shum asked :
>
>> Can anybody tell does OPPENSA web site has been closed ?
>> I cannot find it!
>
> Assuming you mean the website hosting the project to
> make Win32 versions of Apache, OpenSSL and other usef
from the following location (FTP is currently beeing set up):
o http://www.opensa.de/source/
Yours,
The OpenSA Project Team
Martin Horwath * Christian Meis * David Norris * Daniel Reichenbach
< cut >=====
Hope this helps.
dmail and any other such Unix-originated open
software as may be wonderfully useful.
> Nick
> Systems Team, EDS Healthcare, Bristol, UK
__
OpenSSL Project http://www.openssl.org
User Support Mai
be very welcome,
kind regards,
nick.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
ion.
Anyone a bright idea ? What am I doing wrong ?
many greetings,
nick.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automate
ng ahead on building OpenSSL/Apache/Mod_SSL *with* DSO Apache
modules, but without any special build params for OpenSSL. I'll report back
if anything noteworthy happens.
(Oh, and I'll report that -fPIC isn't needed to the Mod_SSL list - later -
I'm not subscribed at the moment)
?
(Is this the wrong list to ask that question on ?)
I suppose maybe it's just MOD_SSL that can't be shared.
Cheers,
Nick Boyce
Systems Team, EDS Healthcare, Bristol, UK
__
OpenSSL Project
modules as the distro
does, but omitting most of the commandline switches including "-fPIC" *and*
"-stdl". I guess that will avoid any complaining about either of those
options, but what is the effect on the compilation of omitting the other
s
got the same error as you :
Badly formed hex number: -std1
ld: Usage: ld [options] file [...]
while compiling the "openssl" commandline module.
See my next post to this list for further comment.
Nick
Systems Team, EDS Healthcare, Bristol, UK
_
vious issues with D/Unix 4.0x in the archive which resulted
in advice to avoid the assembler routines on this platform; is that still
the right advice ? If so, do I achieve this using "./config no-asm" ? ]
Thanks
> Nick
> Systems Team, EDS Healthcare, Bristol, UK
>
_
I am fixing my pine+ssl hack to seed the PRNG. My development
platform is FreeBSD, so I never noticed a problem, since it
has a /dev/random.
I plan on doing something like a 'ls /' and sending that into the
PRNG along with the time, pid, ppid, uid and any other metrics
I can get my hands on, but
quire directive doesn't actually do anything
at all. But I must be missing something ... :-(
I''ve never done any of this, so I can't advise you on the use of
mod_rewrite.
And I too would be really grateful if Someone Who Understands could explain
the use of SSLRequire.
Cheer
I have some code that does a sort of read buffering scheme. I need to be
able to tell if
n characters are available to read, and if so to read them. I tried to
use SSL_pending()
to do this, but found that upon entering for the first time,
SSL_pending() _always_
returned 0. I am also not convinced
I used a cert with *.commercestore.com. This worked for me. You then need
to make a virtualhost for both ports 443 and 80 for each domain. The setup
varies between ben_ssl and mod_ssl, and there may be a few other
variations. Check the docs that came with your "ssl" add-on.
Nick
A
be more specific in the future, right now I am wondering if similar
problems have been encountered anf if there is a known fix. If not, then
we'll turn on the debugging juice and see if we can't get it resolved.
Tha
at I'm using) or
> Rainbow accelerators
and now I'm lost again. Surely the certificate only needs to be loaded (and
therefore the passphrase needs to be entered) *once* after Apache startup ?
Are you saying it has to be loaded every time the server gets a hit from a
browser !!???!?!
> Nic
On 23rd.April at 17:10, Ulf Möller wrote :
> Nick Boyce reported :
>
> >> I am trying to build OpenSSL (to be followed by mod_ssl and Apache) on
> an
> >> Ultrix 4.4 system, for the first time. I have followed the installation
> >> instructions as far as I c
==< cut >===
If anyone can explain this (and tell me how to fix it) I'd greatly
appreciate it.
Also, is there no Samba-style "[EMAIL PROTECTED]" email address for
reporting these things ?
Thanks,
> Nick Boyce
> [ Information Security Manager ]
&
77 matches
Mail list logo
