Re: Problem with Asymetric, two-key encryption and Certificate Requests.

On Mon, Sep 19, 2022 at 01:32:40AM +, A Z wrote: > A#) openssl req -x509 -nodes -newkey rsa:4096 -keyout private.key -out > public.key > > B#) openssl smime -encrypt -binary -aes-256-cbc -in message.txt -out > encrypted.dat -outform DER public.key > > C#) openssl smime -decrypt -in encrypt

Re: Problem with Asymetric, two-key encryption and Certificate Requests.

On Thu, Sep 08, 2022 at 02:08:40AM +, A Z wrote: > I have wanted to get into public/private two key encryption, of > computer files of any type and any size and type. I am working on > Windows 10 64 bit.I found the ensuing approach by my own > experimenting, but it has a key disadvantage. Wh

Re: problem with my code

On Thu, Jun 18, 2020 at 12:00:33PM +0200, Attila Csosz wrote: > err = connect(sd, (struct sockaddr*) &sa, sizeof(sa)); > > // Create SSL context > meth = SSLv23_server_method(); Have you tried SSLv23_client_method()? Your application is a TLS client, not a TLS server... > if (!meth) throw

Re: Problem in trying EVP Key Derivation example in openssl

On 14/09/2019 22:28, Bhuvan Sharma wrote: > Hey all, > I'm new to openssl community and I don't know much about it. I tried to use > openssl on my linux machine. I clone openssl git repo and executed these > commands as mentioned in the file "INSTALL": "./config", "make", "make test", > "make in

Re: Problem in trying EVP Key Derivation example in openssl

And done. This also pointed out a mistake in the man page code. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 15 Sep 2019, at 9:16 am, Dr Paul Dale wrote: > > The example is wrong. > > The KDF API changed recently

Re: Problem in trying EVP Key Derivation example in openssl

The example is wrong. The KDF API changed recently to better match the way the rest of the project is moving. I’ll update the example. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 15 Sep 2019, at 7:28 am, Bhuvan Sh

RE: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

Cc: Richard Levitte ; Michael Wojcik ; Matt Caswell ; openssl-users@openssl.org Subject: Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc Thanks for the heads up. For some reason, the information at our CDN remained incorrect for the &quo

Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

---Original Message- > From: Richard Levitte [mailto:levi...@openssl.org] > Sent: Wednesday, September 11, 2019 2:41 PM > To: Michael Wojcik > Cc: Carl Tietjen ; Matt Caswell > ; > openssl-users@openssl.org > Subject: Re: Problem with the SHA256 signatures (download files) for the

RE: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

, 2019 2:41 PM To: Michael Wojcik Cc: Carl Tietjen ; Matt Caswell ; openssl-users@openssl.org Subject: Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc Issue found... Apache detected .gz in the file name and set the encoding to

Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

Issue found... Apache detected .gz in the file name and set the encoding to 'application/x-gzip'... Apparently, we already force .asc and .sha1 files to application/binary, but have apparently not added a similar directive for .sha256 files. Now done. Cheers, Richard On Wed, 11 Sep 2019 22:04:

RE: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

I can confirm Carl's issue when I download using Pale Moon (a Firefox fork): - $ file openssl-1.1.1d.tar.gz.sha256 openssl-1.1.1d.tar.gz.sha256: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT) $ file openssl-1.1.1d.tar.gz.sha1 openssl-1.1.1d.tar.gz.sha1: ASCII text $ file opens

RE: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Matt Caswell Sent: Wednesday, September 11, 2019 11:10 AM To: openssl-users@openssl.org Subject: Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc On 11/09/2019 18:08, Carl

Re: Problem with the SHA256 signatures (download files) for the new releases 1.1.1d, 1.0.2t, 1.1.0l etc

On 11/09/2019 18:08, Carl Tietjen wrote: > Hello, > > From the download site, https://www.openssl.org/source/ click the SHA256 link > for the new releases.  The files do not contain SHA256 hashes. > > FYI -- The SHA1 hashes seem to be ok -- I only checked one. These seem to be ok for me? Mat

Re: Problem with Certificate Chains on Windows

Check the digests used for signing. Windows (after updates) may refuse MD5 signatures on certificates; I would recommend regenerating new certs with at least SHA256. -Kyle H On September 22, 2014 9:34:59 AM PST, "Vellore-Arumugam, Jagdish (Svr Automation)" wrote: >Hi, > >I am getting a 'Cert

Re: Problem building the FIPS Capable Library for iOS

On Fri, Aug 29, 2014, scoleman2272 wrote: > I'm having the same issue. I've followed all of the steps in Appendix E and > in the this post but still get the error message. I've also confirmed that > the fips lib is installed at: /usr/local/ssl/Release-iphoneos > > Here's my command line to confi

Re: Problem building the FIPS Capable Library for iOS

I'm having the same issue. I've followed all of the steps in Appendix E and in the this post but still get the error message. I've also confirmed that the fips lib is installed at: /usr/local/ssl/Release-iphoneos Here's my command line to configure the openssl build ./config no-asm no-krb5 no-gos

Re: Problem in cipher set

This ciphers are not supported by servers. Check by using openssl ciphers command which export ciphers are supported. On Wed, Sep 7, 2011 at 11:31 AM, Kanchan wrote: > I am unable to set EXPORT1024 ciphers > > i got an error > > error setting cipher list > 30157:error:1410D0B9:SSL routines:SSL_CT

Re: problem with "pem" file, no start line. centos.

I'm trying to use this program..what should i do..im stuck at the certificate validation where i uses rsa key in pem https://workspaces.codeproject.com/leon-finker/ssl-tls-client-server-for-net-and-ssl-tunnelling Openssl for windows -- View this message in context: http://openssl.6102.n7.nabb

Re: Problem with DSA signing/verification

On 5 December 2013 19:34, Dave Thompson wrote: >> Well looking at the code where this error is raised: >> >> /* XXX: surely this is wrong - if ret is 0, it just didn't verify; >>there is no error in BN. Test should be ret == -1 (Ben) */ >> if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,E

RE: Problem with DSA signing/verification

> From: owner-openssl-users > Sent: Wednesday, December 04, 2013 18:32 > On 4 December 2013 22:38, Dave Thompson > wrote: > > In addition to the misplaced paren already noted, and also a surplus paren, > > which I'll assume were typos since they wouldn't have compiled, > > I think it could compi

Re: Problem with DSA signing/verification

On 4 December 2013 22:38, Dave Thompson wrote: > In addition to the misplaced paren already noted, and also a surplus paren, > > which I’ll assume were typos since they wouldn’t have compiled, > I think it could compile (unless there is another surplus paren I haven't seen?): EVP_SignInit(ctx, E

RE: Problem with DSA signing/verification

In addition to the misplaced paren already noted, and also a surplus paren, which I'll assume were typos since they wouldn't have compiled, your test program won't ever succeed, because you aren't verifying the same data you signed. You memset ver_data to all zero bytes, and then use strlen(

Re: Problem with DSA signing/verification

On 3 December 2013 10:36, Aastha Mehta wrote: > Hello, > > I wrote a simple code to sign and verify using DSA keys, but I am facing > some problem with verification and I cannot figure it out. This is the error > I get: > error:0A071003:dsa routines:DSA_do_verify:BN lib > > I know the error comes

Re: Problem in configuring SSL in OPENLDAP

Please accept my post and make it available for comments. I am in urgent need of help for configuring SSL on openLDAP -- View this message in context: http://openssl.6102.n7.nabble.com/Problem-in-configuring-SSL-in-OPENLDAP-tp47535p47557.html Sent from the OpenSSL - User mailing list archive at

RE: Problem with specifying the CIPHER list

> Server side at least it would be theoretically possible: i.e. only choose a > ciphersuite if TLS v1.2 is negotiated. OpenSSL doesn't support this though. I didn't think so, thanks. One possibility is to add a construct like proto?cipher to the colon-separated list. Any interest in a p

Re: Problem with specifying the CIPHER list

On Mon, Nov 25, 2013, Salz, Rich wrote: > Is there a way to see something like AES128-SHA is okay with TLSv1.2, but not > with SSLv3? > On the client side there's no way to represent this in the protocol, if you support SSLv3 and TLS v1.2 then it is assumed that any cipher which can be legally

RE: Problem with specifying the CIPHER list

The commandline utility 'ciphers' with the -V option (upper case V) displays details for each selected suite including the minimum protocol version. The specific case AES128-SHA is SSLv3 or higher. So far the only suites limited to TLSv1.2 are the ones with SHA-2 (SHA256 or SHA384) MAC or w

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

You don't need to change OpenSSL; TLSv1_2_server_method() replaces SSLv23_server_method() in your own code. k On Fri, Jun 7, 2013 at 10:17 AM, mehroz wrote: > Hi, > > Could you help where do i need to change the method from > TLSv1_2_server_method() to SSLv23_server_method() . Which files(s) ne

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

Hi, Could you help where do i need to change the method from TLSv1_2_server_method() to SSLv23_server_method() . Which files(s) need to be addresses? -- View this message in context: http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-tp42229p45461.html Sent f

Re: Problem loading der encoded RSA public key inlined with objcopy.

On 4/11/2013 8:31 PM, Dave Thompson wrote: From: Lee Hambley Sent: Thursday, 11 April, 2013 02:33 ... extern unsigned char _binarycertificates_der_start; extern unsigned char _binarycertificates_der_size; I see below this is apparently a very weird object-file trick. int main(int arg

RE: Problem loading der encoded RSA public key inlined with objcopy.

>From: owner-openssl-us...@openssl.org On Behalf Of Lee Hambley >Sent: Thursday, 11 April, 2013 02:33 >I've been battling the following code for a couple of hours >armed with my Network Security With OpenSSL book to little avail. >#include >#include >#include >extern unsigned char _binary

Re: Problem building the FIPS Capable Library for iOS

On Tue, Jan 29, 2013 at 6:37 AM, Joseandro Luiz wrote: > Hello everyone, > I am using the OpenSSL user guide from > http://www.openssl.org/docs/fips/UserGuide-2.0.pdf in order to create a FIPS > 140-2 compliant iOS app. > So far I've successfully built the Incore utility and the FIPS Object Module

Re: Problem building the FIPS Capable Library for iOS

On Tue, Jan 29, 2013, Joseandro Luiz wrote: > Hello everyone, > I am using the OpenSSL user guide from > http://www.openssl.org/docs/fips/UserGuide-2.0.pdf in order to create a > FIPS 140-2 compliant iOS app. > So far I've successfully built the Incore utility and the FIPS Object > Module but I am

Re: Problem building the FIPS Capable Library for iOS

On Tue, Jan 29, 2013, Joseandro Luiz wrote: > Hello everyone, > I am using the OpenSSL user guide from > http://www.openssl.org/docs/fips/UserGuide-2.0.pdf in order to create a > FIPS 140-2 compliant iOS app. > So far I've successfully built the Incore utility and the FIPS Object > Module but I am

Re: BasicConstraints - Re: problem with self-signed crt in Apache

On 01/02/2013 11:45 PM, Dave Thompson wrote: From: Robert Moskowitz [mailto:r...@htt-consult.com] Sent: Wednesday, 02 January, 2013 12:12 As I indicated, part of my problem is the default ssl.conf for apache points to localhost.crt (built at firstboot) and I changed my hostname which does not ch

RE: BasicConstraints - Re: problem with self-signed crt in Apache

> From: Robert Moskowitz [mailto:r...@htt-consult.com] > Sent: Wednesday, 02 January, 2013 12:12 > As I indicated, part of my problem is the default ssl.conf for apache > points to localhost.crt (built at firstboot) and I changed my hostname > which does not change the localhost cert. But the

BasicConstraints - Re: problem with self-signed crt in Apache

As I indicated, part of my problem is the default ssl.conf for apache points to localhost.crt (built at firstboot) and I changed my hostname which does not change the localhost cert. But the BasicConstraints problem is still needed to work out. On 12/31/2012 07:18 PM, Dave Thompson wrote: Fr

RE: problem with self-signed crt in Apache

> From: owner-openssl-us...@openssl.org On Behalf Of Robert Moskowitz > Sent: Monday, 31 December, 2012 17:02 > I am running on Centos 6.3 where it looks like Openssl is 1.0.0-25 > > I am creating my cert with: > > openssl req -new -outform PEM -out certs/test.htt-consult.com.crt > -newkey rsa:

Solved - Re: problem with self-signed crt in Apache

I had changed my hostname for the system, and that does not produce a new localhost.crt, so the message was from this cert content and the ssl.conf reference to the localhost.crt Grumble, Grumble. As for the '/' in the report of cert content, this seems to be a 'bug' in how the DN is displaye

RE: Problem reading public key from PEM

> From: owner-openssl-us...@openssl.org On Behalf Of engineereeyore > Sent: Monday, 17 December, 2012 15:52 > Anyone have any ideas? Still haven't found a solution. > View this message in context: > http://openssl.6102.n7.nabble.com/Problem-reading-public-key-f > rom-PEM-tp42657p42794.html > Se

RE: Problem with S/MIME

>From: owner-openssl-us...@openssl.org On Behalf Of massimiliano.m...@gmail.com >Sent: Monday, 17 December, 2012 12:00 >Sorry, wrong error. The actual error is: > ./openssl smime -verify -in message.txt.signed -text -CAfile cacert.pem >Verification failure >2897402476:error:0D0D50CE:asn1 encodi

Re: Problem reading public key from PEM

Anyone have any ideas? Still haven't found a solution. -- View this message in context: http://openssl.6102.n7.nabble.com/Problem-reading-public-key-from-PEM-tp42657p42794.html Sent from the OpenSSL - User mailing list archive at Nabble.com.

Re: Problem with S/MIME

Hi, Sorry, wrong error. The actual error is: max@spirit6 ~/Downloads/openssl-1.0.1c/apps $ ./openssl smime -verify -in message.txt.signed -text -CAfile cacert.pem Verification failure 2897402476:error:0D0D50CE:asn1 encoding routines:SMIME_text:mime no content type:asn_mime.c:586: 2897402476:erro

RE: Problem with AES 256 algorithm / GCM mode.

Hello. I send my request to this other E-mail address because I had no response to my question with the E-mail address openssl-users@openssl.org. Regards. De : MACH Christian Envoyé : lundi 8 octobre 2012 17:04 À : 'openssl-users@openssl.org' Objet : Problem wit

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

Just discovered the culprit. I had configured the server using TLSv1_server_method(), going from and assuming TLSv1 encompasses v1.{1,2}. Stumbled on this by chance by experimenting with forcing TLSv1.2 (of which the desired cipher suite is a part)

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

On Fri, Nov 09, 2012, Karel Sedl??ek wrote: > I was using secp521r1, but secp384r1 has the same behavior. Here is > the output with -state: > > SSL_connect:error in SSLv2/v3 read server hello A > 140735101956572:error:14077410:SSL > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > failure:

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

I was using secp521r1, but secp384r1 has the same behavior. Here is the output with -state: CONNECTED(0003) SSL_connect:before/connect initialization write to 0x7fe008426dd0 [0x7fe008810800] (165 bytes => 165 (0xA5)) - 16 03 01 00 a0 01 00 00-9c 03 03 50 9d 3f 85 bf ...P.?.. 001

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

On Fri, Nov 09, 2012, Karel Sedl??ek wrote: > I have; following is the relevant snippet: > > int nid = OBJ_sn2nid(ECDHE_CURVE); > if (NID_undef == nid) > goto err_obj_sn2nid; > > EC_KEY *ecdh = EC_KEY_new_by_curve_name(nid); > if (NULL == ecdh) > goto err_ec_key_new; > > SSL_C

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

I have; following is the relevant snippet: int nid = OBJ_sn2nid(ECDHE_CURVE); if (NID_undef == nid) goto err_obj_sn2nid; EC_KEY *ecdh = EC_KEY_new_by_curve_name(nid); if (NULL == ecdh) goto err_ec_key_new; SSL_CTX_set_tmp_ecdh(tls_ctx, ecdh); On Fri, Nov 9, 2012 at 5:32 PM, Dr

Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384

On Fri, Nov 09, 2012, Karel Sedl??ek wrote: > This problem is related to an issue I have been experiencing with a > piece of bespoke software I am writing that uses OpenSSL to terminate > SSL/TLS connections, using non-blocking I/O. > > Observations: > - My server's TLS handshake for cipher ECDHE

RE: RE: problem with cross compile OpenSSL

...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Monday, October 22, 2012 8:17 PM To: openssl-users@openssl.org Subject: RE: RE: problem with cross compile OpenSSL First: please turn off HTML mail if possible. It's hard to read to start with, and when you

RE: RE: problem with cross compile OpenSSL

First: please turn off HTML mail if possible. It's hard to read to start with, and when you start modifying purported quotes it's almost impossible. _ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ??? Sent: Sunday, 21 October, 2012 20:49

RE: problem with cross compile OpenSSL

(Sorry about the HTML, Outlook can't convert for some reason.) _ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ??? Sent: Friday, 19 October, 2012 02:44 To: openssl-users@openssl.org Subject: problem with cross compile OpenSSL Hi， I am gl

Re: Problem with OpenSSL conf file

On Wed, Mar 28, 2012, Sanjay Rai wrote: > Hi > I am having an issue when I try OpenSSL initialization with corrupt > configuration file. It basically kills my application, which should not be > the case. Is there any way I can avoid this? > > Here is how I can repro this issue > > 1- Cr

Re: Problem with chaining certs and CRLS

Never mind, I found an extremely ugly solution: 1) I split the signature extracted (signers.tmp) in single signature files (signer1.tmp e signer2.tmp) by python script 2) I test them both with the following command, using as CAfile the complete one: openssl verify -verbose -CRLfile "chain.tm

Re: Problem with chaining certs and CRLS

Thanks for the answer.. in fact nothing, but I found nothing about that in the documentation, and I made an experiment which seemed to prove that: I verified an end certificate using as CAfile a chain made of root cert, user cert and user CRL... and it worked correctly, before and after the revo

Re: Problem with chaining certs and CRLS

On 3/1/2012 12:41 PM, mario piccinelli wrote: Hi everyone I'm stuck with a situation about openssl and I really don't know how to get out.. What I'm trying to do is build a three level chain to sign files: - a root cert - an user cert - and end cert At the user level a revocation list can be

Re: Problem with OpenSSL getpid() on RHEL 5.5

On 12/6/2011 8:42 AM, Patrick Mischler wrote: We do have a serious problem with OpenSSL on RHEL 5.5. The installed version is 0.9.7 . Our application calls the function getpid() or whatever and this leads the application to crash. We've contacted our software vendor and they told us the root caus

Re: Problem with signature verification on microchip embedded controller

Yes, you can verify 'by hand' by doing the raw public key operation, stripping off the padding and OID (what you call the asn1 formatting), and then comparing the hashes. When you say "this is what I got from the PIC controller, I assume you mean the result of applying the public key to the signa

RE: Problem with signature verification on microchip embedded controller

> From: owner-openssl-us...@openssl.org On Behalf Of TSCOconan > Sent: Tuesday, 18 October, 2011 14:57 >I'm trying to implement certificate signature verification > on a Microchip pic controller. >After reading PKCS#1 V2.1 > I realized that encryption is essentially the same as > si

RE: problem with EVP_DecryptFinal_ex function

> From: owner-openssl-us...@openssl.org On Behalf Of Damir Musulin > Sent: Wednesday, 22 June, 2011 08:46 > I'm brand new to programming against OpenSSL (EVP) > so if i make any stupid mistake I'm sorry in advance. > This is really a C programming issue, not OpenSSL (or EVP). > I use the blowfis

Re: problem with EVP_DecryptFinal_ex function

On 22 Jun 2011, at 5:46 AM, Damir Musulin wrote: > I have created a decrypt function and it fails (how wonderful) > > The problem lies in the EVP_DecryptFinal_ex. > I have made use of the ERR_print_errors_fp(stderr); option to see what > is wrong but it is quite > a cryptic message: > 2621:error:

Re: Problem with HMAC_Init_ex

Thanks everyone for help, It was a sad issue with my library linking. Resolved the problem. Regards, Prashant On Thu, May 5, 2011 at 9:45 AM, Jeffrey Walton wrote: > 2011/5/4 Prashant Batra : > > http://pastebin.com/0BG97RDH > > This does not contain complete source code, but will definitely gi

Re: Problem with HMAC_Init_ex

2011/5/4 Prashant Batra : > http://pastebin.com/0BG97RDH > This does not contain complete source code, but will definitely give you the > idea about what I am trying to do. After a quick look, it does not appear there is enough code to say what is wrong. For example, you perform: (key->v)[0]=0x

Re: Problem with HMAC_Init_ex

http://pastebin.com/0BG97RDH This does not contain complete source code, but will definitely give you the idea about what I am trying to do. Thanks, Prashant On Wed, May 4, 2011 at 4:38 PM, derleader mail wrote: > Hi all, > > I am finding a strange problem with HM

Re: Problem with HMAC_Init_ex

Hi all, I am finding a strange problem with HMAC_Init_ex. After the call to this function the stack is getting corrupted. The sequence of functions used are- HMAC_CTX ctx ;HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, hash_key->v, hash_key->l, EVP_sha1(), NULL); Key->v points t

Re: Problem with unknown CA

Thanks, We're still learning a lot about how this all works. Tracked this down to a different issue in our code base. 2011/4/30 Ziyu Liu : > > At 2011-04-30 04:33:43，"Mike Markley" wrote: > >>I'm trying to establish an SSL connection with a server and my >>handshake is failing with 'alert unknown

Re: Problem to encode a ASN.1 field in SAN of a CSR

Thank you. Note: the content on the help page is wrong. The correct content would be: - [subject_alt_section] URI=ldap://somehost.com/CN=foo,OU=bar - Not: - [subject_alt_section] subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar - Best rega

Re: Problem to encode a ASN.1 field in SAN of a CSR

On Tue, Mar 01, 2011, David CARELLA wrote: > > File test-req.cnf: > [ req ] > default_md = sha256 > req_extensions = ext_server > [ ext_server ] > keyUsage= critical, digitalSignature, keyEncipherment > extendedKeyUsage= serverAuth > #- MS GUID (OID:

Re: Problem with multiple level CA

a Veneta (PD) > TEL. 049.9988200 FAX 049.9471337 > http://www.trivenet.it > > > -Messaggio originale- > Da: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] > Per conto di Tanya Lozovaya > Inviato: giovedì 17 febbraio 2011 10:25 > A: openssl-use

Re: Problem with multiple level CA

@openssl.org] > Per conto di Tanya Lozovaya > Inviato: giovedì 17 febbraio 2011 09:49 > A: d...@deadhat.com; openssl-users@openssl.org > Oggetto: Re: Problem with multiple level CA > > I tried to open crt file on different computers and I got different errors: > > on Window

Re: Problem with multiple level CA

I tried to open crt file on different computers and I got different errors: on Windows 7: The issuer of this certificate could not be found. on Windows 2003: This certificate has an nonvalid digital signature. Do anybody know how I can make the computers to "think" that self-signed "ROOT CA" cert

Re: problem with certificates, kinda urgent

On Fri, Feb 11, 2011 at 05:04:11PM -0500, Jean-Michael Cyr wrote: > I have some difficulties to make openssl work to crypt my email. Email encrypt is generally done via S/MIME. OpenSSL provides an smime(1) command. http://www.openssl.org/docs/apps/smime.html -- Viktor.

RE: problem in ssl connection with server

Praveen, If U have followed the proper procedure i.e 1) ./configure 2) make Then s_client and s_server must work(it worked for me I modified the code and was able to txmit a file from the client to server) try the -msg option to see more details to figure out the handshaking etc #OPEN

Re: problem in ssl connection with server

On 2/2/2011 9:13 PM, praveen kumar wrote: i got this error,they configured port 8000 for ssl but still i cant get problem where it is? Can any one help me where is the exact problem? Their server doesn't correctly support SSL negotiation. You can make it work by disabling TLS1 negot

Re: Problem inspecting PKCS7

On Mon, Jan 24, 2011, Giacomo Boccardo wrote: > I generated the file "42.txt.p7m" in the attachment using the command: > > openssl cms -sign -in 42.txt -outform der -out 42.txt.p7m -keyid -signer > selfSignedCert.pem -inkey private.key > > > When I inspect it using the command > > openssl asn1p

Re: problem with creating and signing certificate via API

Hi, This is a classical C bug : the parameter cert of the function createCertificate is passed by value instead of being passed by reference as it should be since this function modifies its content. So, in order to solve your problem, change the declaration of createCertificate as follows :

Re: problem verifying certificate

Indeed. Downloading the intermediate CA bundle from Thawte and installing it as a chain certificate file into Apache did the trick! Thank you very much, Ron Arts Op 12 jan. 2011 om 05:17 heeft "Dave Thompson" het volgende geschreven: >> From: owner-openssl-us...@openssl.org On Behalf Of Ron

RE: problem verifying certificate

> From: owner-openssl-us...@openssl.org On Behalf Of Ron Arts > Sent: Tuesday, 11 January, 2011 17:52 > I just renewed my Thawte webserver certificate. This > certicifate seems to work fine > with various browsers I tried, but it curl, wget on CentOS > 5.5 are not able to verify it: > I followe

Re: problem verifying certificate

On Tue, Jan 11, 2011 at 11:51:47PM +0100, Ron Arts wrote: > I just renewed my Thawte webserver certificate. This certicifate seems to > work fine with various browsers I tried, but it curl, wget on CentOS 5.5 > are not able to verify it: Browsers often have a fairly large set of trusted roots an

Re: Problem using openssl

2010/11/22 Ing. Fabián Martínez Osorio : > Hi: > > I have a C++ program that uses the openssl library, and on some computers, I > got the message “La aplicación no se ha podido inicializar correctamente, > error 0xc0150002. Haga clic en aceptar para terminar la aplicación” Can > anyone help me with

Re: problem loading rsa public key.

On 22/11/10 23:48, Dr. Stephen Henson wrote: On Mon, Nov 22, 2010, Neil Dugan wrote: I have generated a rsa public and private key with. openssl genrsa -out server.pem 2048 openssl rsa -in server.pem -pubout -out server.pub When I use the PEM_read_RSAPublicKey() command to load that public ke

Re: problem loading rsa public key.

On Mon, Nov 22, 2010, Neil Dugan wrote: > I have generated a rsa public and private key with. > > openssl genrsa -out server.pem 2048 > openssl rsa -in server.pem -pubout -out server.pub > > When I use the PEM_read_RSAPublicKey() command to load that public key I > get the error "error:0906D06C:P

Re: problem with "pem" file, no start line. centos.

On 11/18/2010 12:50 AM, Steve yongjin Shin wrote: -BEGIN RSA PRIVATE KEY- ...omitted.. -END RSA PRIVATE KEY- -BEGIN CERTIFICATE- ...omitted... -END CERTIFICATE- ===

RE: Problem to verify a signed file.

> From: owner-openssl-us...@openssl.org On Behalf Of Josÿe9 Fernÿe1ndez > Sent: Friday, 24 September, 2010 05:04 (It appears your mailer, or perhaps a relay, mangled your name. Sorry.) > We are signing files with openssl. We use this command (UNIX machine): > openssl smi

Re: Problem with rsa_keygen

I think I know what's the problem. If you return 1 in rsa_keygen, OpenSSL expects a correct RSA key. I find out muy PKCKS#11 device don't work ok and the keys was wrong so OpenSSL didn't recive a correct RSA key and when I returned 1 withouh generate an RSA key was the same problem, OpenSSL hadn't

Re: Problem with rsa_keygen

I have the engine in a dynamic library and there's not relevant part of the code. If I overwrite rsa_keygen function and if I do something or nothing but return 1 I get "segmentation fault" but it's not my function, my function ends ok and invokes the return instruction. The example code I wrote is

Re: Problem with rsa_keygen

On Thu, Sep 23, 2010 at 10:08:40AM +0200, Nacho ?lvarez wrote: > That's not the problem, I think, because if the only instruction of the > function is: > > int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) { > return 1; > } > > I get the "segmentation fault" when the rsa_keygen end

Re: Problem with rsa_keygen

That's not the problem, I think, because if the only instruction of the function is: int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) { return 1; } I get the "segmentation fault" when the rsa_keygen ends. But if I return 0 or -1 (errors) OpenSSL reports me "error in genrsa" and ca

Re: Problem with rsa_keygen

On Wed, Sep 22, 2010 at 03:41:30PM +0200, Nacho ?lvarez wrote: > Hello everybody > > Several months ago I developed an OpenSSL PKCS#11 engine for Windows XP and > it worked ok (it was compiled with MinGW). > Now I'm trying to compile it on Linux (Debian 5 with GCC 4.3.1) but I have > the next prob

Re: problem https with class 3 cert CACert

This is not an openssl question, nor even an Apache httpd question. It is more appropriately a Firefox question, and the symptoms match the semantics of the "mixed content error". If any media included on the page (image, audio, video, flash applet, java applet, etc) is served from any insecu

Re: problem https with class 3 cert CACert

i am not running the MS systeme i use CentOS 5.5 and firefox On Fri, 03 Sep 2010 11:06:49 +0200, "Philipp Gühring" wrote: > Hi, > > You might be running into the Mixed Content problem, but I am not sure. > If that is the problem, then you can read here about possible solutions: > > http://www.

Re: Problem verifying a chain...

From: "aerow...@gmail.com" > Use the '-issuer_checks' parameter to show exactly what it's looking for and >where it's looking for it. > At 'depth 1' (i.e., one step above the end-entity certificate), it's looking >for the issuer (which means it's looking for the USERTRUST root certificate).

Re: Problem verifying a chain...

Use the '-issuer_checks' parameter to show exactly what it's looking for and where it's looking for it. At 'depth 1' (i.e., one step above the end-entity certificate), it's looking for the issuer (which means it's looking for the USERTRUST root certificate). -Kyle H On Thu, Sep 2, 2010 at 9:3

RE: Problem verifying a chain...

Hi John, Your CAfile must contain the chain that issued your cert (i.e. the intermediate(s) and the root). The error is indicating that it is unable to locate the issuer of the intermediate. Erik Tkal -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us

Re: problem about "value optimized out"

Dear Dave, I really appreciate your detailed test and explanation. Now, I get your point. The "optimized out" means the code can not be executed in the execution. I guess the optimization reason lies in that those signed data are not be actually sent. I will review my code and the whole logic of m

RE: problem about "value optimized out"

> From: owner-openssl-us...@openssl.org On Behalf Of ?? > Sent: Friday, 02 July, 2010 00:10 > Thank you for your detailed explanation. However, I still confused with > those "optimized" line, which also occurs in the verification process. > Here is the code to get a public key

Re: problem about "value optimized out"

Dear Jakob, Thank your for your analysis. I am sorry for only post the part of my code. Actually, the result from Line 1 to Line 6 is to get the private key and make the pointer pKey_priv point to the private key. In the following lines below Line 8, I will use the pKey_priv to sign the data gener

Re: problem about "value optimized out"

On 02-07-2010 00:12, 翔芦 wrote: Dear all, My code segment is to get a private key from a pem file for the data signing. The code is as the following: 1BIO *priv_pem; 2OpenSSL_add_all_algorithms(); 3priv_pem = BIO_new_file("privkey.pem", "rb"); 4 pKey_priv = RSA_new(); 5 p

Re: problem about "value optimized out"

Dear Dave, Thank you for your detailed explanation. However, I still confused with those "optimized" line, which also occurs in the verification process. Here is the code to get a public key from the corresponding certificate, which follows your suggestions about EVP. OpenSSL_add_all_algorith

  1   2   3   4   5   6   7   8   9   >