Re: Mismatch between renegotiation reported vs functional

2021-03-26 Thread Shaun Robbins
Matt, Thanks a ton for this intel and taking time to provide this answer! This is great backstory and information on what the message actually is telling me. Cheers and happy Friday! On Fri, Mar 26, 2021 at 5:19 AM Matt Caswell wrote: > > > On 25/03/2021 21:59, Shaun Robbins wrote:

Mismatch between renegotiation reported vs functional

2021-03-25 Thread Shaun Robbins
ssl/record/rec_layer_s3.c:1560: This article refers to this same problem with some screen shots under section "Eliminating a false positive": https://www.mcafee.com/blogs/enterprise/tips-securing-ssl-renegotiation/ Thanks! -- Shaun Robbins

[openssl-users] Possible bug - SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER error in FireFox 44.0

2016-02-17 Thread Shaun Amyotte
ou could offer that would help me trace the change that was implemented in 17098 ? -- -- Forwarded message - From: Martin Thomson Date: Tue, Feb 16, 2016 at 5:40 PM Subject: Re: SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER error in Firefox 44.0 To: mozilla's crypto code discussion list

RE: Sign an SSL certificate with mutile trusted roots?

2010-02-24 Thread Shaun Crampton
ierce Sent: 24 February 2010 00:17 To: openssl-users@openssl.org Subject: Re: Sign an SSL certificate with mutile trusted roots? Shaun Crampton wrote: > Hi, > > I have a server that needs to serve content to two groups of clients > over HTTPS. One group of clients are standard

Sign an SSL certificate with mutile trusted roots?

2010-02-23 Thread Shaun Crampton
rt it? Cheers, -Shaun Shaun Crampton Software Development Manager, Carrier Systems Division Metaswitch shaun.cramp...@metaswitch.com<mailto:shaun.cramp...@metaswitch.com> +44 20 8366 1177 www.metaswitch.com<http://www.metaswitch.com/>

RE: sign/verify kicking my ass

2008-12-03 Thread Shaun
Ok, so then, do I still need to sign the data from seal and verify before I open? ~Shaun -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goetz Babin-Ebell Sent: Wednesday, December 03, 2008 2:02 PM To: openssl-users@openssl.org Subject: Re: sign/verify

Re: sign/verify kicking my ass

2008-12-03 Thread Shaun R.
isnt considered a cipher, what should i be using to decrypt RSA messages? ~Shaun "Goetz Babin-Ebell" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Shaun wrote: | Is there another way in C to use openssl's s

long base64, no wrap

2008-12-02 Thread Shaun R.
ase64 strings. ~Shaun __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]

valgrind and BIO_new_mem_buf

2008-12-01 Thread Shaun R.
valgrind --leak-check=yes shows the below message, trying to figure out what i need to do to correct this. i do have BIO_free(verify_bio); before the function returns ==29460== 280 bytes in 10 blocks are still reachable in loss record 1 of 1 ==29460==at 0x40053C0: malloc (vg_replace_mallo

RE: sign/verify kicking my ass

2008-11-25 Thread Shaun
some examples written in C http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node22.html http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node23.html Saju -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Sent: Tuesday, November 25, 2008 7:38

RE: sign/verify kicking my ass

2008-11-25 Thread Shaun
same output. ~Shaun -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goetz Babin-Ebell Sent: Tuesday, November 25, 2008 1:52 PM To: openssl-users@openssl.org Subject: Re: sign/verify kicking my ass -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shaun

RE: sign/verify kicking my ass

2008-11-25 Thread Shaun
command. Saju -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goetz Babin-Ebell Sent: Tuesday, November 25, 2008 4:52 PM To: openssl-users@openssl.org Subject: Re: sign/verify kicking my ass -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shaun wrote: | I'm reall

RE: sign/verify kicking my ass

2008-11-25 Thread Shaun
I'm really going to be using php to encrypt/sign ( openssl_private_encrypt(), openssl_sign() ) I don't see any EVP functions from php, I'm assuming I can use EVP_* to decrypt/verify these? Is RSA just a lower level api where as the EVP's are more for the beginner guys

RE: sign/verify kicking my ass

2008-11-25 Thread Shaun
Is there another way in C to use openssl's sign/verify/encrypt/decrypt without using the low-level api? I got my test prog working, I guess I need to figure out how to do a SHA1 hash of my data next. ~Shaun -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On B

RE: sign/verify kicking my ass

2008-11-25 Thread Shaun
sl-users@openssl.org Subject: Re: sign/verify kicking my ass On Mon, Nov 24, 2008 at 05:59:39PM -0800, Shaun wrote: > I used fwrite(signature,1,strlen(signature),fp) and got the same results. Which part of length of signature != strlen(signature) because signature is not a NUL terminated C-string is

RE: sign/verify kicking my ass

2008-11-24 Thread Shaun
[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Saturday, November 22, 2008 1:45 PM To: openssl-users@openssl.org Subject: Re: sign/verify kicking my ass On Sat, Nov 22, 2008, Shaun R. wrote: > Can anybody help me out, not sure whats going wrong. My test case right > now is the f

RE: sign/verify kicking my ass

2008-11-24 Thread Shaun
Sat, Nov 22, 2008 at 10:38:18AM -0800, Shaun R. wrote: > Can anybody help me out, not sure whats going wrong. My test case right > now is the following > >signature = (unsigned char*) malloc(RSA_size(private_key)); >if(RSA_sign(NID_sha1, (unsigned char*) message,

sign/verify kicking my ass

2008-11-22 Thread Shaun R.
Can anybody help me out, not sure whats going wrong. My test case right now is the following gcc sign.c -o sign -lcrypto gcc verify.c -o verify -lcrypto ./sign > blah.sig ./verify [EMAIL PROTECTED] openssl]# cat sign.c #include #include #include #include #include #include #include #i

Re: RSA_sign RSA_verify

2008-11-18 Thread Shaun
Thanks, thats what i get for being lazy, for testing i was just using a small key, i just changed it to my 4096 key and it's working.. Where am i going wrong here? char* message = "Hello World"; if(RSA_sign(NID_md5, (unsigned char*) message, strlen(message), signature, &

RSA_sign RSA_verify

2008-11-18 Thread Shaun R.
Where am i going wrong here? [EMAIL PROTECTED] openssl]# cat sign_verify.c #include #include #include #include #include #include #include #include int main(void) { char* message = "Hello World"; unsigned char* signature; unsigned int slen; unsigned int veri

how to verify if the public_key is valid to decrypt data using RSA_public_decrypt()

2008-11-17 Thread Shaun R.
. Is there anyway to check if the public_key is the correct key to decrypt that data before actually decrypting it? That way i can bail out early and say invalid data file rather than parsing through a bunch of giberish? ~

Re: Does a root CA need two certificates?

2005-01-19 Thread Shaun Lipscombe
* R. Markham wrote: > I don't understand why is a root CA which everybody can download from the > internet is more secure than if I use my own CA. I want to make it clear I > am not against using Certificates from an official CA. But in some cases you > can save your money as a expenses for the ce

Re: SSL (or alike) over UDP

2005-01-17 Thread Shaun Lipscombe
* Ben Laurie wrote: > Peter 'Luna' Runestig wrote: > >On Fri, 14 Jan 2005 21:10 pm, Eduardo PĂ©rez wrote: > > > >>Do you know if it's possible to use SSL (or some other protocol) over > >>UDP running totally in user space. > > > > > >The OpenVPN project runs OpenSSL over UDP,

Re: Using OpenSSL on unix to manage certs for Windows boxes (CSR's and PKCS12)

2005-01-14 Thread Shaun Lipscombe
* Bernhard Froehlich wrote: > Shaun Lipscombe wrote: > > ><>[...] > >One last question... it's to do with client certificates. If I have two > >websites, say, and they both require client certificates signed by the > >CA "ABC. Ltd" there is noth

Re: Using OpenSSL on unix to manage certs for Windows boxes (CSR's and PKCS12)

2005-01-13 Thread Shaun Lipscombe
* Dr. Stephen Henson wrote: > On Thu, Jan 13, 2005, Shaun Lipscombe wrote: > > > Why is it that a Microsoft box requires SSL certificates be imported > > from a PCKS12 file when all other operating systems and software are OK > > with a PEM certificate? > > It does

Using OpenSSL on unix to manage certs for Windows boxes (CSR's and PKCS12)

2005-01-13 Thread Shaun Lipscombe
I have used openssl to setup a CA to sign site certificates and client certificates. All is working just great , however I have a couple of questions to ask so that I dont go insane. Why is it that a Microsoft box requires SSL certificates be imported from a PCKS12 file when all other operating s

Re: Verifying PKCS#12 files and excluding Private Keys (openssl 0.9.6)

2000-12-20 Thread Shaun McCullagh
inal key pair and import the public key. Cheers Shaun # > > Shaun McCullagh wrote: > > > > Hi, > > > > Can openssl list what keys are available in a PKCS#12 file? > > > > If so, please could somebody explain how? > > > > I used thi

Advice sought importing PKCS#12 keys into PGPnet

2000-12-17 Thread Shaun McCullagh
works fine with Freeswan. However when PGPnet is used the following day, freeswan reports 'Bad Passphrase' and refuses to establish an SA. If I delete the keys on the PGPnet client and reimport them the system works fine, until the next day when it fails again. What am I doing wrong?

Re: Challenge password (CA.sh)

2000-12-17 Thread Shaun McCullagh
Cheers Shaun Dr S N Henson wrote: > > Shaun McCullagh wrote: > > > > Hi, > > > > Please could somebody explain what the purpose of the 'Challenge > > Password' is for a PEM file. I note CA.sh prompts for this when a > > certificate request is

Challenge password (CA.sh)

2000-12-17 Thread Shaun McCullagh
Hi, Please could somebody explain what the purpose of the 'Challenge Password' is for a PEM file. I note CA.sh prompts for this when a certificate request is made. TIA -- Shaun __ OpenS