fd(Ssl));
}
But it seems like an ugly hack. It _should_ close the socket by itself. I'm
worried that this leakes some BIO object(s), because clearly if the BIO
objects were free'd they'd close their SOCKET. And since that ISN'T
happening maybe the BIO object is not b
Looks like it needs a BIO_free_all(bio) or something similair.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org]on Behalf Of Matthew Allen
Sent: Wednesday, April 21, 2010 5:18 AM
To: openssl-users@openssl.org
Subject: Socket left in CLOSE_WAIT
On linux and solaris SO_RCVTIMEO and SO_SNDTIMEO needs the timeout to be set
in a timeval struct and not a DWORD.
Saju
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Adam Grossman
Sent: Sunday, April 04, 2010 4:40 PM
To
OptRenegotiate - enables avoidance of unnecessary handshakes by mod_ssl
which also performs safe parameter checks. It is recommended to enable
OptRenegotiate on a per directory basis.
"also performs safe parameter checks" maybe the key.
disable it and check if MSIE likes it.
-Original Messag
ze(1G)
or a time(2minute) boundary would it not result in two renegotiations at the
boundary between the server and client. So even if either side can
renegotiate; is there a preferred renegotiator? not sure if that is even a
word but I hope you know where I'm going with this...
Saju
---
1. Who as in Sender-encrypter or Receiver-decrypter should renegotiate
an SSL session? Can it be both or is it only the Sender? Is there a
document that describes the protocol?
2. Does renegotiation always require SSL handshake? (SSL_do_handshake)
Are they any circumstances where the ha
SSL on Port 21 usually is Explicit and on 990 Implicit. The difference
between the two being that in Explicit the client gets to decide by sending
the AUTH command when the SSL handshake happens. On Implicit the SSL
handshake happens right after connect. You could use the command line
openssl s_
FTP SSL operates in two modes. Explicit SSL - where the FTP Client issues
the AUTH command on the clear command channel which results in the server
and client performing the SSL handshake to secure the channel. The other
mode Implicit SSL - the SSL handshake is done soon as the Client to Server
c
George what you have is openssh; what you need is openssl.
HTH
_
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of George Ping
Sent: Thursday, February 05, 2009 11:09 PM
To: openssl-users@openssl.org
Subject: libcrypto.so.2 problem
Hi, All
The EVP functions should be in OpenSSL's crypto library.
some examples written in C
http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node22.html
http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node23.html
Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[
when building php; include the --with-openssl= option
- on unix/linux platforms it would look something like...
./configure --with-openssl=[DIR]; does a dynamic bind of libssl & libcrypto
libraries.
check the built php binary with the ldd command.
Saju
-Original Message-
From: [E
gdb is a debugger. it is not clear from reading your note why you are
trying to debug the openssl command line module. if what you are trying to
do is understand why the client is unable to make the connection to
ipaddress:4433; try using the -debug option.
ex:
openssl s_client -connect ipaddres
il is set to prevent
subsequent invocation of any cryptographic function calls. If all components
of the power-up self-test are successful then FIPS_mode_set() sets the
FIPS_mode flag to TRUE and the Module is in FIPS mode.
>>
My interpretation of this was to call FIPS_mode_set() before
S
IMO the public-key of the signer of the server certificate
CN=www.ws-onramp1.wholesale.bt.com should be in the CAfile
(c:\curl\ca\ca.pem)
-HTH
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Karia Ravi
Sent: Wednesday, June 11, 2008 5:23 AM
To: openssl-users@openssl.o
Has OID at your site been configured for ldaps ? The SSL connection on 443
if I'm not mistaken is called StartTLS which is different from ldaps.
The URL below seems to suggest that ldaps in OID does not come configured
out of the box.
http://www.politi.no/help/adoidset.htm
Saju
-Ori
Have you checked shared libs with ldd ?
# ldd /app/Apache/e2e01/modules/mod_ssl.so
Also check if ssl and crypto are where they are supposed to be...
# ldconfig -p | grep ssl
# ldconfig -p | grep crypt
Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
typo in step 2.
2. Build & Install openssl-fips- 1.1.2
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Saju Paul
Sent: Thursday, March 13, 2008 10:37 AM
To: openssl-users@openssl.org
Subject: RE: OpenSSL FIPS 1.1.2 on Windows
On a clean system the b
On a clean system the build order would be.
1. Build & Install openssl-0.9.7m
2. Build & Install openssl-1.1.2
3. Build & Install openssl-0.9.8g
4. Build your application.
Sorry, wish I had the time in the day to get into specifics.
Saju
-Original Message-
From: [EMAIL PROTEC
Here is a clue...you need to have openssl 0.9.7m built & installed on the
system you are attempting the FIPS build on.
HTH
- Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sisyphus
Sent: Thursday, March 13, 2008 12:40 AM
To: openssl-users@openssl
What makes sure that the last 'read' for the first session doesn't get some
of the data for the second session? Either something makes absolutely sure
this can't happen, or it can happen, and your design is broken.
>
SSL's bidirectional shutdown protocol probably makes sure there is no
ove
TCP Connection: (4 bytes)
SYN
SYN/ACK
ACK
TCP TearDown: (3 bytes)
FIN/ACK
ACK
7 bytes were considered overhead and optimized on a channel that needs an
SSL session.
seems hardly worth it...IMO
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Schwartz
Connection shutdown is just:
Library->BIO_ssl_shutdown(Bio);
Library->BIO_set_close(Bio,BIO_CLOSE);
Library->BIO_free_all(Bio);
//if (Library->SSL_shutdown(Ssl) == 0)
// Library->SSL_shutdown(Ssl);
// Library->SSL_free(Ssl); // Do I need this or
Jed,
To build static openssl libraries; (libeay32.lib & ssleay32.lib)
> perl Configure VC-WIN32 no-rc5 no-idea no-mdc2
> ms\do_nasm
Edit: ms\nt.mak file (use any standard text editor)
change '/MD' to '/MT' in CFLAG
> nmake -f ms\nt.mak
libeay32.lib & ssleay32.lib wi
ill run into a conflict with library LIBCMT.lib; you can
choose not to do the debug build of your application or you can change /MTd
switch to /MT and define /define _DEBUG to /define NDEBUG
Cheers,
Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Scott Rue
who is the signer of certificate newcert.pem ? is it a self-signed
certificate ? it should not be. newcert.pem should be signed by a trusted
CA (thawte,verisign,godaddy etc.) or by a CA that is in google/gmail's CA
repository.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTE
Why don't you the check completion code from openssl and delete the 'bad'
RPM ?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mathew
Sent: Monday, November 05, 2007 4:12 PM
To: openssl-users@openssl.org
Subject: Output file is created on incorrect passph
The MSYS directory /usr/local/ssl/lib is the Windows directory
C:\msys\1.0\local\ssl (refered to in points 9 & 10);
1. there is no directory called /usr/local/ssl/lib
2. in step 10 I can find most of the files, but fips_premain.c.sha1 is no
where to be found
Hmm...these 2 points you have made see
The other thing that you may have missed is that the tarball
'openssl-fips-1.1.1.tar.gz' should be used ONLY to build the FIPS modules
(which is the fipscansiter.o, an executable, a C source file and 2
signatures). You then need to use the tarball 'openssl-0.9.7m.tar.gz'
(nothing before,nothing af
t/devkit/arm/xscale_le/target2/usr/include/openssl/asn1.h:985
: warning: `
void*__ASN1_pack_string' defined but not used
When I remove the include to openssl/hmac.h I can compile successfully.
I am wondering if there is a patch that I need to install to remove
these lines from the head
eed to install to remove
these lines from the header file?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Saju Paul
Sent: Tuesday, September 11, 2007 3:23 PM
To: openssl-users@openssl.org
Subject: RE: C++ compatability
is the compile error on the he
, 2007 3:38 PM
To: openssl-users@openssl.org
Subject: Re: C++ compatability
Saju Paul wrote:
> is the compile error on the header file (asn1.h) or at the call ?
> copy and paste the error include any necessary code.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[
for 32-bit objects set SHLIB_PATH and unset LD_LIBRARY_PATH
for 64-bit objects set LD_LIBRARY_PATH and unset SHLIB_PATH
might help..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Aaron Smith
Sent: Tuesday, September 11, 2007 3:34 PM
To: openssl-users@openss
lto:[EMAIL PROTECTED] On Behalf Of Saju Paul
Sent: Tuesday, September 11, 2007 2:37 PM
To: openssl-users@openssl.org
Subject: RE: C++ compatability
extern "C" {
// defn...
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin
extern "C" {
// defn...
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phillips, Justin -
ACD
Sent: Tuesday, September 11, 2007 2:20 PM
To: openssl-users@openssl.org
Subject: C++ compatability
I am trying to call the HMAC function (openssl 0.9.8e) w
tes details are included below. Public Key
Algorthim on my certificate is rsaEncryption not sure if it can be used with
FIPS.
Thanks,
Saju
openssl version:0.9.7m
openssl fips version: 1.1.1
platform: windows XP (fipscansiter.o built with MinGW, openssl libs built
with VC++)
application: in-house FTP se
Check 'Network Security with OpenSSL' by John Veiga, Matt Messier and Pravir
Chandra
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Madhuri Rambhatla
Sent: Friday, June 18, 2004 10:14 AM
To: [EMAIL PROTECTED]
Subject: SSL Handshake
Hi,
I am trying to esta
Openssl has a command line utility (openssl). Use it to build your
certificate.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ryan Schefke
Sent: Thursday, May 20, 2004 7:14 AM
To: [EMAIL PROTECTED]; 'Ryan Schefke'
Subject: Please Don't Shoot
Me for as
here is a guess (and it is ONLY that); since the linker is complaining about
the ssl and crypto libraries. will it help if you rebuilt the ssl and crypto
libraries with the sparc7 or sparc8 compiler ?
- Original Message -
From: "Jim Mack" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: F
- a '.so' is a shared object I think what you need to find is ".a" file
Saju
- Original Message -
From: "Anand Raghavan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 28, 2003 11:41 AM
Subject: RE: Installation problem with
C'mon give the guy a break. It's an innocent mistake and could happen to
anybody. He said he will take care of the problem so just leave him alone
for a while.
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 12, 2002 11:24 AM
Subject: RE:
Try adding the full path to the ssl.h file and replace the
<> with "" like so
#include "/openssl/full/path/openssl/ssl.h"
#include "C:\openssl\full\path\openssl\ssl.h"
Most compilers can also be instructed to look
for header files with compile time switches; the most common one being
Folks,
Trying to resolve a problem with the BIGNUM divide routine BN_div; could
someone check the code below and let me know if there is anything wrong with
code...
The code below is from openssl version 9.6B
int BN_div(..)
{
BIGNUM *snum;
BN_ULONG *wnump; /* a word number pointer ??
urned on. The apps: enc, passwd and rand have been tested with examples
shown in the documentation.
Regards,
Saju Paul
>
> Hmm. What platform are we talking about? What is the configuration
> setting for "Configure"?
> Of course you are aware, that an RSA key with a modulus
I'm having a problem generating a RSA private when numbits is > 64. The RSA
key generation patterns for few bits size I've tried is shown below. It's
seems to have no trouble when numbit is >= 32 and <= 64.
$WORK0 OLAPPOBJ 392> openssl genrsa 16 (does not generate key file to
stdout)
Generatin
ember 18, 2001 2:32 PM
Subject: Re: problems with private keys... please help! urgent!
> It never asked me for a password
>
>
> - Original Message -
> From: "Saju Paul" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, December 18,
> For domain1, I tried to check the md5's of each of the key and crt...
>
> The md5 for the crt shows up fine. When I try to get the md5 for the
.key,
> I get this error:
>
> # openssl rsa -noout -modulus -in server.key | openssl md5
> read RSA key
> unable to load key
> d41d8cd98f00b204e9800998e
\MIS.$:2:202:45032252 - *** Run-time Error 004 ***
\MIS.$:2:202:45032252 - Arithmetic fault
\MIS.$:2:202:45032252 - From d2i_ASN1_SET + %334, UC.02
\MIS.$:2:202:45032252 - d2i_X509_NAME + %222, UC.02
\MIS.$:2:202:45032252 - ASN1_dup
Trying to generate a RSA private key and get the
errors shown below
It is able to generate private keys when numbits
<= 64.
Any Ideas AnyOne; Thanks In
Advance
$WORK0 OLAPPOBJ 315> run openssl genrsa -out
$work0.cadir.privkey -rand $work0.cadir.rnd -des3 -out $work0.cadir.privk
- Original Message -
From: "support" <[EMAIL PROTECTED]>
Sent: Wednesday, December 05, 2001 9:48 PM
Subject: ¹úÄÚÍâóÒ׶¯Á¦Ö®Ô´
[ ÈôÄú²»¸ºÔðÕâ·½ÃæµÄÒµÎñ, ÇëתÏà¹ØÒµÎñ»ò²¿ÃŵĸºÔðÈË£¬Íò·Ö¸Ðл ]
[ Èô±¾Óʼþ´òÈÅÁËÄú£¬ÎÒÃÇÍò·Ö±§Ç¸ ]
££££££££££££££££££££££££
Need to be build the OpenSSL libraries libssl.a & libcrypto.a on a Tandem
Guardian platform. Trouble is it's an environment without the MAKE
utility. Using simple Compile & Bind Macros (shell-scripts in unix-speak) I
have managed to compile (source list from Makefile.ssl) and build libssl.a .
M
50 matches
Mail list logo
