may helps below,
https://www.mail-archive.com/openssl-users@openssl.org/msg31570.html
Depends what you want to achive with openssl, good to start with its
online documents.
-
Saurabh Pandya
On 7/14/14, Kay Shamsa wrote:
> Hi;
>
> Can anybody please specify how I can use Ope
Hi,
Is there any official information (weather its conformed, if yes then
avilable patches..etc) avilable on this vulnarability.
Qustion based on refrences below.
http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15401.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
To handle CA cert chain, you can use SSL_CTX_add_extra_chain_cert..
are you expect certificate form client ?
-
Saurabh
On Thu, Jun 12, 2014 at 7:09 AM, Hafedh TRIMECHE
wrote:
> Hi,
> I would implement an OpenSSL Server which can handle authentication
> initiated by 2 client certificates issue
Thanks you very much for prompt info.
What could be the end-user effect if I start using openssl with no-ec ?
(sorry for a silly question !!)
-
Saurabh
On Wed, Jun 11, 2014 at 5:17 PM, Dr. Stephen Henson
wrote:
> On Wed, Jun 11, 2014, Saurabh Pandya wrote:
>
> > Adding furth
Hi Stephen,
I understand it got fixed with development version. I tried it its working
fine. But I want to build 0.9.8za with FIPS, and release notes says it
could be done by compiling openssl without EC algorithms,can you point me
out how can I do that ?
-
Saurabh
On Tue, Jun 10, 2014 at 8:23
: error: #error EC is disabled.
make[2]: *** [ec_lib.o] Error 1
-
Saurabh
On Wed, Jun 11, 2014 at 2:48 PM, Saurabh Pandya
wrote:
> Hi,
>
> I am trying to build "openssl-0.9.8za" with "openssl-fips-1.2", but with
> no luck. Came to know from release notes,
Hi,
I am trying to build "openssl-0.9.8za" with "openssl-fips-1.2", but with no
luck. Came to know from release notes, that "openssl-0.9.8za" have know
compilation issues with FIPS. I got below statement from release notes
"FIPS capable link failure with missing symbol
BN_constti
cert.der to your fx in trusted root authorities
-
Thanks,
Saurabh Pandya
On Tue, Jun 18, 2013 at 4:39 PM, Carl Young wrote:
>
> Sorry for top-post - webmail :(
>
> In TLS, the server should not send the root certificate - it sends the
> chain up to, but not including, the root certif
your stuff is here..
http://www.openssl.org/docs/crypto/pem.html
happy reading !
On Mon, May 20, 2013 at 12:20 PM, Rahul Godbole wrote:
> Hi OpenSSL Users
>
> Can someone tell me API using which I can convert certificates from one
> format to another? I know that the openssl command can be use
Indra
Make use of openssl api generation...
SSL_*
X509_*
You can write u r holy n simple server..
I am not sure u want for POSIX ?
I hope this will help u.
-
Saurabh Pandya
Sent from my Windows Phone
--
From: Salz, Rich
Sent: 19-05-2013 02:31
To
?
>
> -mithun
>
>
> On Thu, Aug 30, 2012 at 3:58 PM, Saurabh Pandya <
er.saurabhpan...@gmail.com> wrote:
>>
>> is as simple as below
>>
>> const *errString = ERR_error_string(ERR_get_error(), NULL));
>>
>> On 8/30/12, Mithun Kumar wrote:
>&
is as simple as below
const *errString = ERR_error_string(ERR_get_error(), NULL));
On 8/30/12, Mithun Kumar wrote:
> Hello All,
>
> I am using the function ERR_print_errors_fp() to get the last error in
> case of any failure. I want to divert the output to file. When ever there
> is a handshak
use
err = ERR_get_error();
to get error no
and use ERR_string(ec) to stringify
On 8/30/12, Mithun Kumar wrote:
> Also when i use s_client tool it just hangs with following output. Any
> input on how to get full handshake dump?
>
>
> *vm-soniclx13(misingh): openssl s_client -connect NC-WI
Thanks all...
On 8/23/12, Charles Mills wrote:
> Watch out for "-endian" issues.
> --
> Sent from my mobile phone. Please excuse my brevity.
>
> Charles
>
> "Dr. Stephen Henson" wrote:
>
> On Thu, Aug 23, 2012, Saurabh Pandya wrote:
>
>>
As per my knowledge such thing man not happen..
may something go wrong with your code..
share your code if someone can look at up,
Thanks,
Saurabh
On 8/16/12, venkataragavan vijayakumar wrote:
> Hi All,
>
> We are running load through the openssl 1.0 DTLS connection , It is working
> fine for
You need to get familiar yourself with openssl and (SSL).
Best way to start is documentation (SSL API) and use demos provided
with openssl source code.
On 8/16/12, Eric Fowler wrote:
> I am a relative OpenSSL newbie, and I have had a task assigned to me
> which entails some SSL knowledge.
>
> My
On 8/3/12, Dr. Stephen Henson wrote:
> On Fri, Aug 03, 2012, Saurabh Pandya wrote:
>
>> Hi all,
>>
>> I am using server certificate "X" problematically with following API for
>> each
>> SSL * session. X is dynamically generated for
Hi all,
I am using server certificate "X" problematically with following API for each
SSL * session. X is dynamically generated for each client, when its CA(s)
as always same.
SSL_use_certificate(this_ssl, X);
It works fine when there is single CA certificate "A" who sign "X",
but when
Hi friends.
I want to rise one more question here,
What is the difference in generated server certificate (A),
If make using certificate request, or make directly ("X509_REQ *csr"
vs "X509 *cert")
I have my OWN CA, its keys, I am making new certificate (A) from old
certificate (B).
Question
You need to Add Root CA of your client certificate to BOTH, Chrome
anf Firefox
-
Saurabh
On 7/28/12, Tom Browder wrote:
> I have almost succeeded in creating a client SSL factory with a local
> CA starting with a StartSSL free server certificate.
>
> I just created a client cert. and imported it
On 7/28/12, Rita Rex Smith wrote:
> I am just getting started trying to figure out how to set up an SSL
> certificate and key with PayPal to use for encrypted payments on my
> website.
> I am totally confused as to what I need to upload to them and how to figure
> out if it is correct or not.
>
>
Bang !! Thanks Dave,
I am agree with Sandy's comment about openssl API's documentation.
Thanks again,
Saurabh
On 7/28/12, Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Saurabh Pandya
>> Sent: Friday, 27 July, 2012 10:21
>
>> On
On 7/27/12, Saurabh Pandya wrote:
>> Do roughly the same thing apps/ca.c does, except you probably don't
>> need all its options but may want some other options:
>>
>> Create an X509 and set all needed X509_CINF fields in that X509
>> to values that you e
> Do roughly the same thing apps/ca.c does, except you probably don't
> need all its options but may want some other options:
>
> Create an X509 and set all needed X509_CINF fields in that X509
> to values that you either extract from the X509_REQ and approve,
> or choose by your own logic (serial
On 7/26/12, Puneet Khunteta wrote:
> Hello Sukalp,
>
> I have tried to use the code snippet provided by use . I am able to create
> the ASN_object and get the data also.but the data is not in readable form.
>
> I use X509 instead of X509V3.
>
> Here is the code that i have used :
>
> *Ret = X509_g
the certificate.
HOW CAN I DO THIS USING API?
-
Saurabh
On 7/25/12, Saurabh Pandya wrote:
> --> I have created my self signed CA (cert.pem) using following openssl
> commands
>
> 1) openssl req -config /etc/openssl.cnf -new -x509 -keyout private.key
> -out cert.
--> I have created my self signed CA (cert.pem) using following openssl commands
1) openssl req -config /etc/openssl.cnf -new -x509 -keyout private.key
-out cert.pem -days 8000 -passin pass:"abcd" -passout pass:"abcd"
2) openssl ca -updatedb -config /etc/openssl.cnf -keyfile private.key
-key "abc
certificate req and then
certificate creation
by X509_new)
--
Any indication/direction would be appreciate.
-
Thanks
Saurabh Pandya
__
OpenSSL Project http://www
28 matches
Mail list logo
