The filenames themselves are insignificant. You can name them anything you
want. The apache configuration file(s) contain key/value pairs where
SSLCertificateFile specifies the path to the file containing your
certificate and SSLCertificateKeyFile specifies the path to the file
containing your priv
On Wed, Jun 12, 2013 at 12:02:52PM -0700, anu.engineer wrote:
> Just before signing the certificate the code executes this fragment
>
> pktmp=X509_get_pubkey(ret);
> if (EVP_PKEY_missing_parameters(pktmp) &&
> !EVP_PKEY_missing_parameters(pkey))
> EVP_PKEY_copy_parameters(pktmp,pkey);
> E
Hi Dave,
This is a very detailed and excellent answer, Thank you very much
Anu
On Wed, Jun 12, 2013 at 6:59 PM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of anu.engineer
> >Sent: Wednesday, 12 June, 2013 15:03
>
> > I am reading thru the ca.c in the apps director
>From: owner-openssl-us...@openssl.org On Behalf Of anu.engineer
>Sent: Wednesday, 12 June, 2013 15:03
> I am reading thru the ca.c in the apps directory to understand how
>to issue a certificate using OpenSSL and I came across this fragment
>of code which I am struggling to understand.
>Just b
ehalf Of Matt Caswell (fr...@baggins.org)
Sent: Friday, May 11, 2012 5:01 AM
To: openssl-users@openssl.org
Subject: Re: A Question on Cipher Format.
TLS = Transport Layer Security
DHE = Diffie Hellman Ephemeral
RSA = Public Key Cryptography algorithm named after inventors, Rivest, Shamir &
TLS = Transport Layer Security
DHE = Diffie Hellman Ephemeral
RSA = Public Key Cryptography algorithm named after inventors, Rivest,
Shamir & Adleman
AES_128 = Advanced Encryption Standard using 128bit key
CBC = Cipher Block Chaining (a block cipher mode of operation)
SHA = Secure Hash Algorithm
M
:14
To: openssl-users@openssl.org
Subject: Re: a question about openssl sessions
On Thu, Apr 19, 2012 at 19:45, Dave Thompson wrote:
> From: owner-openssl-us...@openssl.org On Behalf Of Stéphane Charette
> Sent: Sunday, 15 April, 2012 20:31
> I'm using Openss
On Thu, Apr 19, 2012 at 19:45, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Stéphane
> Charette
> > Sent: Sunday, 15 April, 2012 20:31
>
> > I'm using Openssl to talk to a server that expects to re-use ssl
> > sessions when a client needs to open m
> From: owner-openssl-us...@openssl.org On Behalf Of Stéphane Charette
> Sent: Sunday, 15 April, 2012 20:31
> I'm using Openssl to talk to a server that expects to re-use ssl
> sessions when a client needs to open many SSL connections. I have
> the same code working on Linux a
nssl-us...@openssl.org] *On Behalf Of *William Cai
> *Sent:* Monday, July 06, 2009 3:25 AM
> *To:* openssl-users@openssl.org
> *Subject:* Re: a question about Diffie-Hellman key exchange mode
>
> Thanks Michael! Could you please share me some information about
[mailto:owner-openssl-us...@openssl.org]
On Behalf
Of William Cai
Sent: Monday, July 06, 2009 3:25 AM
To: openssl-users@openssl.org
Subject: Re: a question about Diffie-Hellman key exchange mode
Thanks Michael! Could you please share me some information about when/how to
agree upon p
& g?
Th
Thanks Michael! Could you please share me some information about when/how to
agree upon p & g?
Thanks,
William
From: Michael Sierchio
To: openssl-users@openssl.org
Sent: Sunday, July 5, 2009 11:58:42 PM
Subject: Re: a question about Diffie-Hellman
William Cai wrote:
> According to my understanding, Diffie-Hellman algorithm is based on
> something like this,
> 1. public prime number, p
> 2. public base, g
> 3. Side A's private key, a
> 4. Side A's public key, A = g ^ a mod p
> 5. Side B's private key, b
> 6. Side B's public key, B = g ^ b mo
> From: owner-openssl-us...@openssl.org On Behalf Of Satish Chandra Kilaru
> Sent: Wednesday, 17 June, 2009 13:50
> In the following sample certificate, there is a tun of
> information before --BEGIN CERTIFICATE--.
> Who is this for? Is it for a human reader to make sense of
> who/what this cert
It's probably because 'openssl req -x509' was used to create it,
without using the -set-serial option.
-Kyle H
On Wed, Jun 17, 2009 at 12:00 PM, Satish Chandra
Kilaru wrote:
> Hi Kyle
>
> Thank you. This was generated using openssl command. Could illegal
> serial number be because of a wrong entr
Hi Kyle
Thank you. This was generated using openssl command. Could illegal
serial number be because of a wrong entry in conf file?
--Satish
On Wed, Jun 17, 2009 at 2:34 PM, Kyle Hamilton wrote:
> It is basically a human-readable expression of the data that's in the
> certificate. Theoretically,
It is basically a human-readable expression of the data that's in the
certificate. Theoretically, the certificate could be regenerated from
the data in this expression, but I've never seen an implementation
that makes it possible.
This certificate is in violation of PKIX because its serial number
> ok. That sounds good. But, what I'm seeing is that the SSL client
> hangs when the message size is more than 16KB.
What do you mean by "the message size"? SSL doesn't have messages that are
visible outside of the SSL implementation itself.
> Do I need to break this large message up in smaller
On Fri, May 15, 2009 at 05:22:16PM -0400, Animesh Chowdhury wrote:
> ok. That sounds good. But, what I'm seeing is that the SSL client hangs when
> the message size is more than 16KB.
> Do I need to break this large message up in smaller chunks or can I use
> SSL_write to send the whole message in
ok. That sounds good. But, what I'm seeing is that the SSL client hangs when
the message size is more than 16KB.
Do I need to break this large message up in smaller chunks or can I use
SSL_write to send the whole message in one shot?
Thanks.
Animesh
On Fri, May 15, 2009 at 3:50 PM, Kyle Hamilton
No matter what you do, the "maximum fragment length" -- the MTU -- is
going to break all of your communications down into smaller packets.
TLS, in its basic form, is designed to be as close as possible to a
replacement for read() and write() -- you read from the connection,
you write to the connec
On Thu May 14 2009, Animesh Chowdhury wrote:
> Hi,
> I've run into an problem where the data that I need to send to the client is
> more than 16KB. How do I set up the session so that I can do the maximum
> fragment length negotiation ?
> Any example code related to this will be extremely helpful.
ay, April 22, 2009 12:42 PM
To: openssl-users@openssl.org
Subject: Re: A question about mal-formed private keys
On Wed, Apr 22, 2009, Bob Barnes wrote:
> I've been working with OpenSSL to try and convert an existing
> private key generated by an old SSL software package and during the
&
On Wed, Apr 22, 2009, Bob Barnes wrote:
> Steve,
>
> Just so I'm clear, what I hear you saying is that when I re-encrypt the
> RSA private key with the new password, that the error is not propagated to
> the new private key file and that corresponds to what I see when I
> subsequently decrypt
On Wed, Apr 22, 2009, Bob Barnes wrote:
> I've been working with OpenSSL to try and convert an existing private key
> generated by an old SSL software package and during the process of using
> PKCS8 to decrypt from the "Encrypted Private Key" to the "RSA Private Key" I
> get an error "No Octet S
> Guys:
> I have a listening socket, waiting for connections from clients. When a
> client connects to my server, I put SSL on socket and spin up a thread
> to handle it. One client is one thread. All of these connections are
> shared by same SSL_CTX ctx. This is the way I handle at the end of thi
> > or i should close all ssl connections based on a ctx before i
> call SSL_CTX_free?
> Yes, you should.
Huh? Why?
What would be the point of having a reference count if you had to get rid of
all other references before you could release your own?
A chunk of code should call SSL_CTX_free as so
PROTECTED] On Behalf Of David Schwartz
Sent: Monday, January 08, 2007 21:38
To: openssl-users@openssl.org
Subject: RE: a question about "SSL_CTX_free"
> guys:
>
> the man page for "SSL_CTX_free" says:
> SSL_CTX_free() decrements the reference count of ctx, and removes
Hello,
> 1. what make the reference count of ctx increase/decrease?
SSL_new()/SSL_free() for example.
> 2. if i call SSL_CTX_free, does that mean all ssl connections based on this
> ctx will be closed automatically?
No.
> or i should close all ssl connections based on a ctx before i call
> SSL_
> guys:
>
> the man page for "SSL_CTX_free" says:
> SSL_CTX_free() decrements the reference count of ctx, and removes
> the SSL_CTX object pointed to by ctx and frees up the allocated
> memory if the the reference count has reached 0.
> i have a couple of questions regarding this:
>
> 1. what make
Zhang, Long (Roger) wrote:
> I have created a TLS connection with SSL_connect(ssl) successfully.
...SNIP..
Ah you're asking on the correct list now, you might get a useful answer.
I think you may need to call SSL_clear() after SSL_shutdown() and before
SSL_connect().
But if you are re-using th
is this supposed to be an answer?
View this message in context: Re: a question about loading private key and certificate to the ssl ctx
Sent from the OpenSSL - User forum at Nabble.com.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of George R Goffe
> Sent: 30 December 2005 22:09
> To: openssl-users@openssl.org
> Subject: a question about building openssl
>
> Howdy,
>
> I have looked a little on the web sites for the answer to this
> Dear all:
> I have a question about used libraries by openssl toolkits.
> OpenSSL toolkits includes three modules: libssl.a ,libcrypto.a
> ,and openssl.
> Can I only use the command line tool "openssl"
> independently without use any library like "libcrypto.so.0.9.8" ??
It all depe
On Wed, Jul 23, 2003, Michiels Olivier wrote:
> Hi,
> I've developped my own ENGINE with OpenSSL. I use that ENGINE to use the
> private keys of my root certificates. Those certificates are used to
> sign X509 certificates, CRLs and OCSP responses.
> On the other part, one of my component that use
On 02-03-26 14:29:47 CET, chenhaiyong wrote:
> Dear webmaster:
who?
> When I use the openssl command:
>
> openssl req -config filename -new -x509 -days
> 365 -key ca.key -out ca.crt
>
> to create a self signed certificate(ca.key is the
> file where the CA's private key is pu
> memcpy(iv, "12345678", 8);
> EVP_BytesToKey(EVP_idea_cbc(), EVP_md5(), "salt", pw,
> strlen(pw), 1, key,
> iv);
The salt value should be at least 8 bytes long - you're getting 3
random bytes here.
You don't need to specify an iv value as this function creates it.
- Dale.
,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
> -Original Message-
> From: Jonas Jakobsson [mailto:[EMAIL PROTECTED]]
> Sent: 06 April 2001 01:03
> To: [EMAIL PROTECTED]
> Subject: Re: a question about install
>
>
&
> before i comple the openssl,i use the vcvars32.bat in the directory
D:\Program Files\Microsoft Visual Studio\VC98\Bin
> but it tell me that out of the environment space,what shoud i do !
I had the same problem.
The soultion was in my case was to cut down the size of my path variable in
confi
A QuestionPlease check out
(http://www.openssl.org/docs/ssl/SSL_get_error.html#) and collect all
possible error information before posting, including the underlying socket
error code if applicable.
Thank,
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
> I'm still fighting against casual fall-downs with my server and OpenSSL. I
> found an interesting point from OpenSSL man pages that mentioned two
> important call back functions that have to be set. "locking_funktion" and
> "id_function". If I understood correctly the id one is not
> needed with
"Wirta, Ville" wrote:
>
> Hi all!
>
> I'm still fighting against casual fall-downs with my server and OpenSSL. I
> found an interesting point from OpenSSL man pages that mentioned two
> important call back functions that have to be set. "locking_funktion" and
> "id_function". If I understood cor
Well I'm not Richard - but he is a really nice guy and I'm a nice guy
too and have done some work on this before so I'll help you out.
What you are speaking of is commonly known as a "secret sharing
scheme".
Most people start with shamir's secret sharing scheme. check out wei
dai's crypt++ fo
43 matches
Mail list logo
