Hi,
I have some doubt about the Engine OpenSSL. If i load it, does it have a
timeout to unload the engine?
For example, I want to make a webservice that may use the openssl any time,
so i need to load the engine and let it loaded all the time.
Thanks for your atention,
--
Rick Lopes de Souza
,
> I got a problem with
> EC_KEY_new_by_curve_name: it always return NULL. Here is how I used it:
> EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_ecdsa_with_SHA256);
> If(eckey == NULL)
> {
> printf("ERROR: NULL ECKEY!\r\n");
> }
> Do you happen to know the reas
h), point,
> > POINT_CONVERSION_COMPRESSED, pubkey, ECDH_SIZE, NULL); with a NULL value.
> > The program exists and gives no segFAULT or any erros messages.
> >
> > Any suggestions?
> >
> > Thanks,
> >
> > --
> > Fabio Resner.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
--
Rick Lopes de Souza
Hi,
I have some doubts about the formats that openssl use with ECDSA and RSA.
I know that openssl implemments PKCS#1 and PKCS#8 to RSA, but ECDSA only
uses PKCS#8 ? And PKCS#13 ?
Thanks,
--
Rick Lopes de Souza
es it has the same features? I know it doesn't
needs the hash algorithm, but the message needs to be smaller than the size
of the key? ECDSA signs a message with any size?
Example: an ecdsa key with 192 bits signing a hash sha 512. It could be
signed or it is wrong?
Thanks,
--
Rick Lopes de Souza
AM, Rick Lopes de Souza wrote:
> Maybe it's a simple question, but i want to know if there is any problem
> that i have a request using a ECDSA key with SHA-256 and i want to issue a
> certificate where the CA uses RSA with SHA 1.
>
> In some tests, a ECDSA with sha1 and a CA w
ertificate Authority has?
Thanks,
--
Rick Lopes de Souza
es without errors. Can anyone help me?
--
Rick Lopes de Souza
I understand that activeperl config script builds the nmake file used to
build the crypto libraries.
On Tue, Jul 12, 2011 at 9:27 AM, Jeremy Farrell wrote:
> **
>
> *From:* rick freitag
>
> Questions include:
>
> Why do I need ActivePerl not plain Perl?
>
> No idea, d
Questions include:
Why do I need ActivePerl not plain Perl?
I am only using the Cryptolibrary functions from Visual C++.
Thanks,
Fred
UsernameToken usernameToken = new UsernameToken("user@org","
");
proxy.RequestSoapContext.Security.Tokens.Add(usernameToken);
// Add the certificate for mutual SSL.
X509Certificate2 mutualCert = new
X509Certificate2("I:\\MyDocs\\ADP\\CFF_auth.pfx",
I
use 1.0.0a (it is causing me some import problems of the private key
with other software)?
Thanks,
Rick Robinson CISSP, ISSAP |
Senior Security Architect |
Distinguished Member of Technical Staff |
Technology, Strategy, and Development |
Avaya Inc. |
1300 West 120th Ave | B2-D31 | Westminster, CO 8
Ajeet,
Thanks for your reply, however I'm not sure I understand. I'm not a
programmer, I'm just trying to use my certificates and keys. Can you
give me a more newbie example of how to check the time function?
Thanks,
Rick
Ajeet kumar.S wrote:
Please check time function gt
rror above causing the problem?
Thanks,
Rick
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
e expiring. Is the error above causing the problem?
Thanks,
Rick
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
A correction to my previous post. Only the key.pem files are proding the
error in certwatch and being reported as expiring soon. Not the certs.
Thanks,
Rick
__
OpenSSL Project http
ll the unbundled compiler. The
bundled compiler is simply there to regen kernels and is "unsupported"
for much of anything else.
rick jones
...
any ideas, please ?
__
OpenSSL Project
ion.
Has anyone ever seen this and know how to fix/correct?
Just a wild guess, but perhaps if the buffer you are using is larger
than the quantity of data returned, valgrind doesn't know you won't be
trying to u
Hello List!
I have a client that is using openssl version, 0.9.7a
Feb 19 2003. Recently, he ran a security audit on his
machine, and the report came back stated the
following:
Vulnerability -- imaps (993/tcp) - 21643Synopsis
: The remote service supports the use of weak SSL
ciphers
Vulnerab
David Lobron wrote:
2007-07-26 20:18:04.375 [3317] GS: Got response from sendDataPending
2007-07-26 20:18:04.376 [3317] GS: Calling poll with timeout 6
2007-07-26 20:18:04.376 [3317] GS: Checking poll results
2007-07-26 20:18:04.376 [3317] GS: calling SSL_write on buffer of
length 1281
2
o the transport in one
send call.
rick jones
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Ma
ghouse mohiddin wrote:
Hi Rick,
Thanks for your reply.
I want to reduce the reading the response time, so that the
performance will get improve.
I want to read all the bytes at a time.
SSL_read API is taking much time to read all the bytes of the response
from the server.
First time it is
s and look for drops, errors, retransmissions and the like.
rick jones
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Ma
"help"
will probably be a decent start.
Often, Internet mailing lists will follow a convention of owner-listname or
listname-owner for an alias by which the list maintainer can be reached.
rick jones
__
OpenS
some
lists have archives maintained by other than the list maintainer.
And of course, there is no way to remove the post from the inboxes of all the
regular recipients.
Basically, the bell cannot be unrung.
rick jones
Sergey S. Levin wrote:
Hello Rick,
SW crypto aint cheap. It can consume lots of CPU cycles. If the
system was nearly CPU saturated with a "plain" transfer, then the
overhead of the crypto can very definitely take the throughput down
considerably.
1. If i use FileZilla and SSL
SW crypto aint cheap. It can consume lots of CPU cycles. If the system
was nearly CPU saturated with a "plain" transfer, then the overhead of
the crypto can very definitely take the throughput down considerably.
rick jones
one of these days I need to make an SSL version
the SSL device then you want
as many back-end servers as you can muster. Perhaps as many as you have
front-end clients driving the load.
rick jones
There is a crufty old "SSLperf" benchmark that took the average
request/response size from SPECweb9[69] and the SPECweb96 behaviour of
con
1024bit keys/s with 68% CPU load :-)
Unless it saturates the PCI bus and prevents the system from getting
sufficient throughput out its NIC's and HBA's :)
rick jones
__
OpenSSL Project
Marc Girod wrote:
Marc Girod <[EMAIL PROTECTED]> writes:
I got from HP a copy of the makefile used to build OpenSSL into a depot
(which I cannot use as such), but this is where I'll be working now.
The depot is for an older version of openssl, and I get different errors
which have no reason
MIPS 4Kc architecture which would cause key generation to be an
inefficient process?
Perhaps by using 'C' versions of routines rather than hand-crafted
assembly - or there being no hand-crafted assembly for it ot use?
, nor, at least in some modes, SCTP. "It depends" :) The question
isn't whether something is a socket, but what is the protocol beneath
the socket.
rick jones
as for the rest of the question, if the encryption layer didn't in and
of itself provide message boundaries, one cou
router or routers you will not be able to get the remote
system's MAC address - the MAC address is not "end-to-end" in an
internet or intranet, only in a LAN.
So, if you are relying on finding the remote's MAC address, you are
basically by definition limiting your application to
On which version of HP-UX are you running? If sufficiently contemporary, there
may already be /dev/random or /dev/urandom from which one can pull bytes.
rick j ones
__
OpenSSL Project
r poll(), and even then there
is still a small window of a race condition, and of course the slight matter of
the select/poll overhead...
rick jones
__
OpenSSL Project http://www.open
essentially a TCP
issue.
Not to say that OpenSSL is or is not partially culpable, but things like
SIGPIPE/EPIPE are not _solely_ the responsibility of TCP. Connection close
handshaking is the joint responsibility of TCP and its user.
rick jones
d, is a mystery.
I did learn one lesson from this. Be sure to test out a clean openssl
on your platform before you put any openssl updates into your project.
Do this for each platform you plan to use. Configure values that worked
before don't necessarily work with the later upgrades.
Rick
h the configuration. Any ideas?
Rick
Configuration
=
The following entry was added to Configure for Solaris 5.8.
"solaris64-sparcv8-gcc","gcc:-m64 -mv8 -O3 -fomit-frame-pointer -Wall -
DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG
RC4_CHAR RC4_CHUNK D
s are appreciated.
Rick
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
upports 11.11 or 11.23 where I
suspect life would be much happier - in particular since there is an actual HP
provided OpenSSL on those releases :)
rick jones
Thanks,
Martin Riewski
(719)548-6831
[EMAIL PROTECTED]
__
OpenSSL P
Jeff Fulmer wrote:
On Thu, Jan 26, 2006 at 12:58:21PM -0800, Rick Jones wrote:
Second, _which_ gcc version?
Reading specs from
/opt/gcc/lib/gcc-lib/hppa2.0n-hp-hpux11.00/2.95.2/specs
gcc version 2.95.2 19991024 (release)
Are you still running 11.0?
Yeah, B.11.00
Tick tock
Second, _which_ gcc version?
Reading specs from
/opt/gcc/lib/gcc-lib/hppa2.0n-hp-hpux11.00/2.95.2/specs
gcc version 2.95.2 19991024 (release)
Are you still running 11.0?
rick jones
__
OpenSSL Project
using the gnu (?) assembler or the HP
assembler? I've no idea which it should use, but do recall there being issues
in that area in the past in other places.
Fourth - any particular reason you are tossing-out any of the previous good work
done for fast assembly versions of some things?
Erik Leunissen wrote:
Rick Jones wrote:
To my untrained eye it looks like a foul-up with the system include
files, or perhaps a change in what is #defined between the inclusion
of ioctl.h and of termio.h.
OK. Is there any direction for me to take in order to cure this (I don't
8a/crypto'
make: *** [build_crypto] Error 1
Any idea what's wrong?
To my untrained eye it looks like a foul-up with the system include files, or
perhaps a change in what is #defined between the inclusion of ioctl.h and of
termio.h.
rick jones
_
c:234:module=engines,
value=engine_section, retcode=-1
---
Any further recommendations? Is there a tool that will verbosely parse
the config file and provide some more detail on the meaning of the
return code (-1)? Or any other tools you recommend?
If it makes any difference, I am using 0
r:260B6084:engine routines:DYNAMIC_LOAD:dso not
found:eng_dyn.c:365:
It seems as if the engine 'smartcard' is not recognized.
Any suggestions would be greatly appreciated.
Regards,
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erwann
e pkcs11 engine "static?"
Any suggestions or advice would be appreciated. It seems as thought I
am very close.
Thanks,
Rick
[EMAIL PROTECTED]
__
OpenSSL Project http://w
Sorry, make that openssl 9.7f... my bad... Does anyone out there know
anything about communicating via proxies with openssl?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, May 19, 2005 3:48 PM
To: openssl-users@openssl.o
need to set in BIO or SSL?
Thanks,
Rick
I've already done that. Not that helpful.
Thanks.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael D'Errico
Sent: Thursday, April 21, 2005 9:21 AM
To: openssl-users@openssl.org
Subject: Re: transformation from WinInet
> I'm preparing to transfo
Hi.
I’m preparing to transform an app from using WinInet
to OpenSSL… does anyone have any recommendations, sources, resources,
caveats, etc., that I can use to accomplish this endeavor?
Your candid constructive replies are welcome.
Rick
once, install it, then
make it again in order to clear up my ldd errors. Whatever.
Rick
PS Thanks for the suggestions!
"Cha
ally the
only reason I'm using openSSL) without LD_LIBRARY_PATH set,
I get a fatal error "can't find libgcc_s.so". If I set LD_LIBRARY_PATH to
be /usr/local/lib, then OpenSSH will start and function fine. I'm just not
sure that all is as it should be, given the &qu
Thanks.
Found the paper after some additional searching.
Met Rivest at RSA Conf. Nice guy.
No need for long teeth.
Rick
-Original Message-
From: Charles B Cranston [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 7:33 AM
To: [EMAIL PROTECTED]
Subject: Re: testing for
I checked the RSA web site and could not find the paper you are referencing. Could
you please forward me a link?
Thanks,
Rick
-Original Message-
From: Charles B Cranston [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 10:04 AM
To: [EMAIL PROTECTED]
Subject: Re: testing for
'm out of my element. Thank you.
Rick Assmus
Microsoft(R) Windows NT(TM)
(C) Copyright 1985-1996 Microsoft Corp.
C:\>E:
E:\>cd apache group\apache\openssl\bin
E:\Apache Group\Apache\openssl\bin>openssl req -new -nodes -keyout
private.key -out public.csr
Using configuration from /Apa
When the private
keys are created, are there checks performed to determine the quality/primality
of the keys? If so, is there documentation on how the keys are
checked?
Thanks,
Rick
Robinson
[EMAIL PROTECTED]
I am trying to set up my connection. I am using WS-FTP Pro and want to FTP
to our IBM mailbox. I have my certficates and IBM told me to go to your
sight and get SSL and that is where my confusion starts. I am not sure
what to download or how to install it.
Rick Gabriel
Programmer/Analyst
Copy and paste error: Amend that diagram:
Issuer : Issuer B
Subject: This Responder
Extended Key Usage: OCSP-Signing
On Thu, 2002-03-28 at 13:16, Rick Ziegler wrote:
> One example where multiple certification is needed is an OCSP responder
> that responds for multiple CAs, and whose r
The server name in the certificate needs to be the same as the name you
use when connecting to the server to collect your mail.
You need to specify the name of your mail server when creating the
certificate.
At 11:37 03/03/2002, you wrote:
Hi!
Who can advise on how to create right certificate for
>
>According to the SSLBUILD file from the imapd docs, the pop3 server
>expects the certificate to be named "ipop3d.pem".
Yep, it works.
It does leave me with an additional question though - is it possible to
combine two certificates into one ipop3d.pem file, so that I can allow vpop
as well
>
>According to the SSLBUILD file from the imapd docs, the pop3 server
>expects the certificate to be named "ipop3d.pem".
>
>Nalin
Thanks Nalin - looks like it works :-)
__
OpenSSL Project http:/
rking?
Thanks
- Rick
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
uot; during the
installation.
Rick Dennis
Alaska Internetworks
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automat
I have the need for a secure server, so I compiled in openssl and have done
everything (i think) according to the manual.
I can't get my server to respond on https - (It responds to ALL http
requests)
Here is the outline:
I can start apache with ssl; it asks for the passphrase and starts up.
I
I have implemented a simple SSL server using the latest win32 version of the openssl
library which behaves as I expect, EXCEPT that SSL_read() returns 0 (meaning, I must
POLL it, which is retarded) as long as my browser (the client I am using) is waiting
for me to accept the certificate (bogus
I thought this Active X control was bundled with all but the older versions of
IE... Anyhow, I've used it with IE 5+ without problems. Here's a link that
gives some usage examples, etc:
http://msdn.microsoft.com/library/default.asp?URL=/library/psdk/certsrv/xen_abus_0gtv.htm
Ri
enter the directory DN attr values (specified in the .cnf file)
Rick
"Vimalan.G" wrote:
>
>
> Subject: Re: CA.pl Problem.
> Date: Thu, 24 Aug 2000 22:57:21 +0530
> From: "Vimalan.G" <[EMAIL P
are in the Netscape browser,
Crypto.signText() should work. Make sure that Netscape can verify the certs in
question via the Security->Certificates->Yours->verify window (for user) and
Security->Certificates->Signers->verify (for CA).
Rick
Kervin Pierre wrote:
> hi,
>
> I
://msdn.microsoft.com/library/psdk/certsrv/xen_abus_723p.htm
Good luck!
Rick
Morgan Henning wrote:
> Hello. I am having a problem getting a client certificate for MSIE 5.0
> created. I was wondering if there is a FAQ someplace on web client
> certificates ?? Thanks.
>
> --Morgan Henning
>
Here's a URL that has some relevant info:
http://www.microsoft.com/security/tech/certificates/enroll.asp
Rick
Rodrigo Coronado Vigueras wrote:
> Hi. Does anyone know info. or URLs about the way MSIE generate private
> keys, ActiveX controls and st
ght
about setting the s->cert to NULL, but the ssl_get_server_send_cert does
apparently not even check to see if that is NULL, much less invoke a
callback.
Has anyone crossed a similar bridge?
Thanks,
Rick
I'm trying to install the Perl Net::SSLeay 1.05 module to use
encryption. I successfully installed OpenSSl version 0.9.4, but when I
run Makefile.PL -t, I keep getting the same error. I'm on a system with
Linux 2.0.38, gcc version 2.7.2.3. I'd appreciate any help on this one.
can someonbe suggest a way to detect if the server has closed
the connection before you atempt to write to an ssl_bio?
the context is non-blocking io
thanks,
-rick
__
OpenSSL Project http
75 matches
Mail list logo
