Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

All, I toyed over the weekend with resurrecting CHIL: intermediate result here https://github.com/sctemme/openssl/tree/rescue-chil and I AM NOT PROUD OF THIS but have no cycles to clean it up for at least a couple of days to come. It builds now but doesn't work: my privkey loading routine doesn

Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

> On Feb 19, 2016, at 3:31 AM, Matt Caswell wrote: OK that made our support lines blow up so yes there is interest. Disclaimer: I work for Thales but do not speak for Thales. > So it seems that for chil there may possibly be some rare use (but even > the most recent evidence is 4 years old). H

Re: Tutorials on OpenSSL integration with nCipher HSM (nShield) ?

On Mar 7, 2012, at 2:12 PM, Sunjeet Singh wrote: > Thank you for your response. > >> I don't know if "outdated" is the word: perhaps there hasn't ever been much. > > Some old blogs are referencing helpful blogs/tutorials that are now expired. > Searching online didn't help either. > >> The

Re: Tutorials on OpenSSL integration with nCipher HSM (nShield) ?

On Mar 6, 2012, at 10:45 AM, Sunjeet Singh wrote: > Hi, > > Most of the references on this forum on how to use nCipher HSM with OpenSSL > using the CHIL API (or CAPI) are outdated. I was wondering if anyone had any > pointers to helpful resources in this regard. I don't know if "outdated" is

Re: TLS 1.0 "cracked"...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sep 22, 2011, at 6:56 AM, Johan van Selst wrote: > Mounir IDRASSI wrote: >> So, an OpenSSL based web server is immune from this attack, unless it >> uses the flag SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS. > > Which is exactly what Apache and some other

Re: elicptic Curve Key Generation

t). I work for Thales. Let's take this conversation off-list. S. > Dean > > > -Original Message- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Sander Temme > Sent: Saturday, March 19, 2011 9:32 AM > To: ope

Re: elicptic Curve Key Generation

On Mar 18, 2011, at 3:57 PM, Strecker, Dean A. wrote: > I'm using the OpenSSL Crypto library to perform Elliptic Curve key > generation and signature generation/verification. Actually, I don't > have any problem creating a key (EC_KEY) and generating signatures and > verifying signatures using p

Re: Open SSL installtion on Solaris - 10

On Feb 27, 2011, at 2:02 AM, John R Pierce wrote: > but, my Sol10 systems appear to already have an openssl in /usr/sfw/bin (and > libraries in /usr/sfw/lib, etc) which is maintained by Oracle Last time I was on a Solaris box, that one seemed to be stuck at 0.9.7. S. -- san...@temme.net

Re: CA cert installed/imported but they are not trusted

On Apr 9, 2010, at 3:02 AM, Götz Reinicke - IT Koordinator wrote: > [r...@ldap1 ~]# openssl s_client -connect ldap1.filmakademie.de:389 > -showcerts -CAfile /etc/openldap/CA_falu/CA.pem > CONNECTED(0003) > 5066:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:188: >

Re: CA cert installed/imported but they are not trusted

On Apr 8, 2010, at 6:55 AM, Götz Reinicke - IT Koordinator wrote: > So dose my local ldap client (Apache Directory Studio (ADS) on mac OS X > 10.6.x ). > > Nearly, because the servers and the ADS client both alert me, that I use > invalide certificates and the cerificate can't be validated. > >

Re: Urgent Help Needed

On Mar 21, 2010, at 12:12 AM, Anjan Koundinya.K wrote: > What should I do? I need as a part of final year project . Please help If your curriculum has anything to do with computing, I suggest going back and taking the other years before you hit the final. Otherwise, you might try to put the l

Re: how do you create signatures in OpenSSL?

On Mar 17, 2010, at 2:05 PM, Thomas Anderson wrote: > According to , you can > sign data with OpenSSL. My question is how? I tried to sign my > private key and got the following error: > > ubu...@ubuntu:~$ openssl rsautl -sign -in rsa.txt -inkey rsa.

Re: Compiling Errors Crypt::SSLeay

On Feb 5, 2010, at 1:28 PM, Merker, Nick wrote: > I am receiving errors when compiling Crypt::SSLeay on RHEL4ASu7 x86_64. ^^ 64bits system... > $ make test > # Error: Can't load > '/home/nmerker/.cpan/build/Crypt-SSLeay-

Re: OpenSSL with SafeNet ProtectServer engine

Hi Frederik, On Dec 2, 2009, at 7:27 AM, Frederik Mennes wrote: > Hi everyone, > > I am trying to use OpenSSL’s EVP interface with as engine a SafeNet (formerly > Eracom) ProtectServer HSM. > > I have received from SafeNet a patched version of OpenSSL 0.9.8d. This patch > is called “ERAC-3

Re: Problem with openssl versioning

22, 2009 at 5:15 PM, Sander Temme wrote: >> On Nov 22, 2009, at 1:53 PM, Sagar Dixit wrote: >> >>> Hi, >>> >>> I'm trying to trace the calls in libssl while I run firefox. I >>> downloaded openssl-0.9.8l.tar.gz source and added my loggin

Re: Problem with openssl versioning

On Nov 22, 2009, at 1:53 PM, Sagar Dixit wrote: > Hi, > > I'm trying to trace the calls in libssl while I run firefox. I > downloaded openssl-0.9.8l.tar.gz source and added my logging > information into source files (just for study purpose) and executed > following steps > > ./config -fPIC shar

Re: how to uninstall openSSL Urgent help needed

On Mar 29, 2009, at 7:10 PM, Srinivas Jonnalagadda wrote: I am using Sun Solaris version 10. any help i shighly appreciated. If you mess with the OpenSSL 0.9.7 installed under /usr/sfw, you will lose ssh access to your server, since the installed copy of OpenSSH links against that OpenSS

Re: How to install 2 instances of openssl on the same machine

On Mar 26, 2009, at 6:04 AM, Srinivas Jonnalagadda wrote: I need to have 2 separate installations of apache2 http server refereing to 2 different versions of openssl. One is using 0.9.8b and the other uses 0.9.8i. How do i install open ssl in such a scenario. Help is urgently needed. As

Re: CRYPTO_set_dynlock_* mystery ... (was: Engine Issue: nShield 500)

ads, 256 threads to a child process and it was rock solid. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature

Re: FIXED - CRYPTO_set_dynlock_* mystery ... (was: Engine Issue: nShield 500)

On Nov 21, 2008, at 11:12 AM, Massimiliano Pala wrote: Hi Sander, I debugged the init process and it seems that you were right. The disable_mutex_callbacks is set to 1 at e_chil.c:578. Definitely it is due to initialization, at this point... ... looked into that, and... et voilas! Found the p

Re: Engine Issue: nShield 500

S_table7 () from /usr/lib/i686/cmov/ libcrypto.so.0.9.8 #25 0x0080 in ?? () #26 0x0808bee8 in ?? () #27 0x0808bf10 in ?? () #28 0x0808befc in ?? () #29 0x0807eed8 in ?? () #30 0x08085558 in ?? () #31 0x0010 in ?? () #32 0x in ?? () Any Idea ??? Later, Max Sander Temme wrote: On

Re: CRYPTO_set_dynlock_* mystery ... (was: Engine Issue: nShield 500)

On Nov 21, 2008, at 9:45 AM, Przemek Michalski wrote: /opt/nfast/toolkits/openssl/openssl098e-patch.txt Could you send/post the nCipher patch 0.9.8e - I am using one supplied originally by nCipher for 0.9.8a The source code bits in the patch are the same. The 'a' patch is better, the

Re: CRYPTO_set_dynlock_* mystery ... (was: Engine Issue: nShield 500)

On Nov 21, 2008, at 8:07 AM, Max Pala wrote: I definitely did - now I do initialize all the static locks in OpenSSL *and* the dynamic functions. But they are never called by the chil - the assert fails and the SIGABRT is sent to my daemon forcing it to exit. The library needs both the sta

Re: CRYPTO_set_dynlock_* mystery ... (was: Engine Issue: nShield 500)

On Nov 21, 2008, at 8:50 AM, Max Pala wrote: The problem is that they are not called by the nCipher driver - no sign at all in the logs... :( How come they are not called ??? Can you set a breakpoint in engines/e_chil.c:581 and inspect the value of disable_mutex_callbacks? It should be

Re: CRYPTO_set_dynlock_* mystery ... (was: Engine Issue: nShield 500)

On Nov 21, 2008, at 1:46 AM, Przemek Michalski wrote: I also remember, that nCipher provides a patch for OpenSSL 0.9.8x that makes some small changes to the original OpenSSL implementation of CHIL. You don't need that if you set the dynamic upcalls. Did you apply that patch? S. -- [

Re: Engine Issue: nShield 500

On Nov 19, 2008, at 11:24 PM, Max Pala wrote: The software that I am writing is a multi-threaded OCSP responder. Please make sure you initialize the engine correctly, and set up your locking callbacks before you actually initialize the engine. If you look at Apache: http://svn.apache.

Re: Engine Issue: nShield 500

On Nov 19, 2008, at 10:36 PM, Max Pala wrote: Anybody has experienced problems with this HSM on Linux + pThread ? What software are you running that makes he calls into OpenSSL? Thanks, S. -- [EMAIL PROTECTED] http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B

Re: OpenSSL 0.9.8i but (Library: OpenSSL 0.9.8c)

On Oct 21, 2008, at 9:12 AM, patrick wrote: i am running debian etch stable. the version of openssl is too old. what i did is to download Are you sure? A lot of linux distro folks keep the upstream version the same but backport fixes into their packages. An apt-get update / apt-get up

Re: Configuring ssl on apache and Leopard Mac OS 10.5.1

ed on [EMAIL PROTECTED] S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature

Re: openssl with accelerator

On Aug 7, 2007, at 11:24 PM, Piotr Skwarna wrote: bash-2.03# uname -a SunOS sun250 5.8 Generic_117350-35 sun4u sparc SUNW,Ultra-250 bash-2.03# ./openssl speed rsa -engine ubsec can't use that engine 28137:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dl