Dear Sergio,
please use a to-the-point email subject, not "openssl-users Digest, Vol 94,
Issue 24".
You just made a small mistake with the below command:
after the "-subj" option its "/" (which denotes the empty Distinguished Name)
is missing, or any other DN string,
and thus the subsequent "-a
> From: edr
> Sent: Friday, 11 March, 2022 03:59
>
> On 10.03.2022 20:27, Michael Wojcik wrote:
> > Personally, I'd be leery of using openssl ca for anything other than
> dev/test purposes, in which case frequent CRL generation seems unlikely to
> be a requirement. AIUI, openssl ca isn't really i
janj...@nikhef.nl said:
> As you found out, it is nearly impossible to swap out the existing openssl
> 1.1.1g with a "stock" openssl version, as RedHat/CentOS have applied patches
> to it. My advice would be: don't even try. If you *have to* use openssl
> 1.1.1k, then switch to Fedora or to Ub
What you could also consider doing is to look at list of cipher suites
that you advertise during handshake and try to restrict it a bit.
I had same problem with F5 BIG-IP after migration OpenSSL 1.0.0 ->
1.0.1k (it seems there was many ciphers added between those to versions
which makes). Then I
On 29/08/2014 1:31 AM, vineet59 [via OpenSSL] wrote:
> Hi
> Please help me to resolve this issue of segmentation fault.Below is
> the stack trace from valgrind,may this helps:
> valgrind ./ssl fecdba9876543210 40fedf386da13d57 test.txt test.des
> ==30856== Memcheck, a memory error detector
> ==308
Hi
Please help me to resolve this issue of segmentation fault.Below is the
stack trace from valgrind,may this helps:
valgrind ./ssl fecdba9876543210 40fedf386da13d57 test.txt test.des
==30856== Memcheck, a memory error detector
==30856== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et a
Hi,
Yes I have replaced them all with strlen.
I got the error in key generation at the checking whether key has generated
or not
--> if ((k = DES_set_key_checked((C_Block*)&cbc_key,&key)) != 0)
printf("\nkey error\n%d\n",k);
Every time it prints " key error : -1 " as output.
Hi,
did you replace them all?
where does it fail?
Which function, which line?
This would be helpful.
Regards
Nico
- Mail d'origine -
De: vineet59
À: openssl-users@openssl.org
Envoyé: Sun, 24 Aug 2014 11:33:02 +0200 (CEST)
Objet: Re: Re : Generation of DES key for use in DES_enc
Hi
I have replaced the sizeof with strlen(),but still got the same error
message.
Please respond ASAP!!
Thanks!!
Vineet
--
View this message in context:
http://openssl.6102.n7.nabble.com/Generation-of-DES-key-for-use-in-DES-encrypt1-tp52999p53033.html
Sent from the OpenSSL - User mailing list
/rand/md_rand.c
if (!MD_Init(&m))
goto err;
if (!MD_Update(&m,local_md,MD_DIGEST_LENGTH))
goto err;
- Mail d'origine -
De: Jeffrey Walton
À: OpenSSL Users List
Envoyé: Fri, 18 Jul 2014 09:32:09 +0200 (CEST)
Objet: Re: Re : Default digest implementation?
On
t
Envoyé: Fri, 18 Jul 2014 09:32:09 +0200 (CEST)
Objet: Re: Re : Default digest implementation?
On Fri, Jul 18, 2014 at 3:02 AM, wrote:
>
> Actually, there's no default digest.
> When created, the EVP_MD_CTX struct is initialized to 0, then all pointers
> are NULL by default
On Fri, Jul 18, 2014 at 3:02 AM, wrote:
>
> Actually, there's no default digest.
> When created, the EVP_MD_CTX struct is initialized to 0, then all pointers
> are NULL by default, in particular ctx->type.
> If a a digest was previously used, it can be reused if no EVP_MD is given,
> otherwise
On 6/13/2014 3:15 AM, nicolas@free.fr wrote:
> the fact is a server can only send a single certificate, however this one can
> be signed by multiple CAs
I wish. Unfortunately, it's a single certificate, signed by a single
CA. Which itself can be signed by another single CA, and so on until
--END CERTIFICATE-
Regards.
- Original Message -
From: nicolas@free.fr
To: openssl-users@openssl.org
Date: Fri, 13 Jun 2014 02:02:51 +0200 (CEST)
Subject: Re : Re: Re : Re: 2 Server certificates
> Hi,
>
> sorry for the first answer, I didn't read in details :-/
> looki
Hi Nicolas,
pit-ca issued another certificate to a client wanting to connect to the same
server identified by secure.payerspot.com.
I'm looking for a solution allowing two clients to connect to the same
server using certificates issued by different CAs.
In this case the client forces the server
Jun 2014 16:39:23 +0200 (CEST)
Objet: Re: Re : Re: 2 Server certificates
Hi Nico,
As described in OpenSSL documentation the 2 functions are equivalent:
SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the set
tions can't help because the certificates are stored in
blob not in files.
Regards
- Original Message -
From: nicolas@free.fr
To: openssl-users@openssl.org
Date: Thu, 12 Jun 2014 16:22:36 +0200 (CEST)
Subject: Re : Re: 2 Server certificates
> Hi
>
> it seems tha
Hi Nico,
As described in OpenSSL documentation the 2 functions are equivalent:
SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the setting
valid for ssl's SSL_CTX object.
SSL_CTX_add_client_CA() adds the CA name
Hi
it seems that you could use the following functions :
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
-> sets the list of trusted CA sent to client (here Rapid SSL CA and pit-ca)
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char
*CApath)
On 5/30/2014 12:03 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Wednesday, May 28, 2014 13:04
On 5/25/2014 2:22 PM, Hanno Böck wrote:
Some clients (e.g. all common browsers) do fallbacks that in fact
can invalidate all improvements of later tl
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Wednesday, May 28, 2014 13:04
> On 5/25/2014 2:22 PM, Hanno Böck wrote:
> > Some clients (e.g. all common browsers) do fallbacks that in fact
> > can invalidate all improvements of later tls versions.
> >
> > These fallbacks
On 5/25/2014 2:22 PM, Hanno Böck wrote:
On Fri, 23 May 2014 16:32:15 +
Viktor Dukhovni wrote:
On Fri, May 23, 2014 at 06:11:05PM +0200, nicolas@free.fr wrote:
use at the very least TLSv1 (and preferably TLSv1_2) protocol if
you want to use SSLv23_server_method(), don't forget to disa
Thank you very much, it worked
Dikarev Evgeniy
28.5.2014 2:47:12 пользователь Dave Thompson (dthomp...@prinpay.com) написал:
The third arg of PKCS7_verify (indata) should only be used for an ‘external’
or ‘detached’ signature
where
On Sun, May 25, 2014 at 02:22:34PM +0200, Hanno B?ck wrote:
> > Typically, leaving SSLv3 enabled is just fine if both ends support
> > something stronger they'll negotiate that.
>
> That's not always true.
In a browser fallback (only relevant here if the OP is implementing
an HTTP server) nothin
On Fri, 23 May 2014 16:32:15 +
Viktor Dukhovni wrote:
> On Fri, May 23, 2014 at 06:11:05PM +0200, nicolas@free.fr wrote:
>
> > use at the very least TLSv1 (and preferably TLSv1_2) protocol if
> > you want to use SSLv23_server_method(), don't forget to disable
> > SSLv2 and 3 protocols (a
fline prior any communication
Nico
- Mail d'origine -
De: Viktor Dukhovni
À: openssl-users@openssl.org
Envoyé: Fri, 23 May 2014 18:32:15 +0200 (CEST)
Objet: Re: Re?: How to make a secure tcp connection without using certificate
On Fri, May 23, 2014 at 06:11:05PM +0200, nicolas@f
On Fri, May 23, 2014 at 06:11:05PM +0200, nicolas@free.fr wrote:
> use at the very least TLSv1 (and preferably TLSv1_2) protocol if you want
> to use SSLv23_server_method(), don't forget to disable SSLv2 and 3 protocols
> (and maybe TLSv1) with the command
>
> SSL_CTX_set_options(ctx, SSL_OP_
I have tryed, it works well. So ,what wrong with my appliction?
zyf01...@gmail.com
From: Jeffrey WaltonDate: 2014-04-30 15:27To: OpenSSL Users ListSubject: Re:
TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)
On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com wr
On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com wrote:
> This time the client hello and server hello is done,but when client key
> exchange the server reply Alert (Level: Fatal, Description: Protocol
> Version).Shows bellow, what wrong with this? And I kown this alert means
> the client is not
um 22:28 Uhr
Von: "Kyle Hamilton"
An: openssl-users
Betreff: Re: Re: Converting a root certificate from md5 to sha1
Stephan,
It depends on how pedantic your clients are. If you aren't rekeying,
it shouldn't matter, though.
X.509 has a "Subject" and an "Iss
Stephan,
It depends on how pedantic your clients are. If you aren't rekeying,
it shouldn't matter, though.
X.509 has a "Subject" and an "Issuer". The Issuer of a certificate is
the Subject of the certificate which private key was used to sign it.
If the Issuer doesn't change, then the matching
Hi Dave,
Thanks for the reply.
I do have access to the server code but cannot change it's implementation to
suite my requirement as the server is serving other clients in other
platforms as well.
Below is the java code to encrypt an AES symmetric key with the public key
it recieves from the clie
> From: owner-openssl-us...@openssl.org On Behalf Of Ken Goldman
> Sent: Tuesday, 20 August, 2013 08:08
> On 8/19/2013 3:15 PM, mycompuser wrote:
> > But the only
> > problem that I currently face is that the key pair
> generated by OpenSSL has
> > headers and footers of the form -BEGIN RSA P
*Thanks for the quick answer*, actually command line is good as it would be
done in a
child process using a secure vault for password creation that no admin knows
anyway or makes up.
No human is involved is always the best solution. Can't trust those humans.
thanks.
I enclosed the correct code
> From: owner-openssl-us...@openssl.org On Behalf Of redpath
> Sent: Tuesday, 16 July, 2013 11:13
> I was able to piece together a test application (enclosed
> below) which loads an x509 file and performs
> an OSCP request programmatically. I created a server to dump
> what is written at the po
> Original Message
>From: Bruce Cran
>To: openssl-users@openssl.org
>Cc: "James"
>Sent: Thu, Feb 7, 2013, 9:48 AM
>Subject: Re: Issue with 1.0.1d with Apache 2.2.23
>
>On 07/02/2013 14:36, James wrote:
>>
>> Just an update, using a SSLCipherSuite in the SSL configuration file for
>> A
> Original Message
>From: "James"
>To: openssl-users@openssl.org
>Cc: openssl-users@openssl.org
>Sent: Wed, Feb 6, 2013, 3:51 PM
>Subject: Re: Issue with 1.0.1d with Apache 2.2.23
>
>> Original Message
>>From: "James"
>>To: openssl-users@openssl.org
>>Sent: Wed, Feb 6, 2013, 2
Solved!
Thanks, Steve.
Leonardo
-Mensagem original-
De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
Em nome de Dr. Stephen Henson
Enviada em: terça-feira, 30 de outubro de 2012 20:04
Para: openssl-users@openssl.org
Assunto: Re: RES: PEM_read_PrivateKey
On T
...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Monday, October 22, 2012 8:17 PM
To: openssl-users@openssl.org
Subject: RE: RE: problem with cross compile OpenSSL
First: please turn off HTML mail if possible. It's hard to read to start
with,
and when you
First: please turn off HTML mail if possible. It's hard to read to start
with,
and when you start modifying purported quotes it's almost impossible.
_
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ???
Sent: Sunday, 21 October, 2012 20:49
Apologies for repeated top-posting. Only have crappy web-access.
See:
http://stackoverflow.com/questions/3242386/error-compiling-openssl-for-win32
[1]
You can locally fix up Op4enSSL's e_os.h to remove conflicts or find
another way to to do. I think the /G5 is being ignored.
Hi,
thanks for your responses. It seems this may actually be a heap
corruption after all, as the following function causes the crash:
`heap_first(&hentry,hlist.th32ProcessID,hlist.th32HeapID)` on line 521
with version 1.0.1
I will investigate this further tomorrow and hopefully come up with
>On Wed 25/07/12 2:16 PM , Jakob Bohm jb-open...@wisemo.com sent:
>On 7/25/2012 3:01 PM, Florian Rüchel wrote:
>> Hi,
>>
>> I have a tool which calls RAND_bytes() for a length of 16 bytes while
>> using the CAPI engine and having set it to be used for all purposes.
>> If I run it in my Visual Stu
wrote:
> On Sat, Jul 7, 2012 at 4:02 PM, wrote:
> > wrote:
> >> You pin a certificate by whitelisting expected server certificates
>
> >> (possibly thumbprints).
> >
> > [SNIP]
> > So my original question was how do I get wget to verify the torproject.org
>
> > fingerprint [4] without depending
On Sat, Jul 7, 2012 at 4:02 PM, wrote:
> wrote:
>> You pin a certificate by whitelisting expected server certificates
>> (possibly thumbprints).
>
> [SNIP]
> So my original question was how do I get wget to verify the torproject.org
> fingerprint [4] without depending on root CA's? The only poss
On Sat, Jul 7, 2012 at 4:02 PM, wrote:
> wrote:
>> You pin a certificate by whitelisting expected server certificates
>> (possibly thumbprints).
>
> How to do that?
My bad. You usually do it pragmatically in an "On Connect" callback or
delegate. I don't have any OpenSSL code handy, but but below
wrote:
> You pin a certificate by whitelisting expected server certificates
> (possibly thumbprints).
How to do that?
> There's usually no need to sign another's key
> or certificate (I've never done it that way, and never seen it done
> that way).
A little more background... Stories like the d
such an
fatal error, seems it will damage the image of the project.
--
qun-ying
- Original Message -
> From: Peter Heimann
> To: openssl-users@openssl.org
> Cc: "Spence, Thomas CIV USAF AFDW 844 CS/SCOX"
> Sent: Wednesday, April 25, 2012 12:08:45 AM
> Subjec
On Wed, Apr 25, 2012, Spence, Thomas CIV USAF AFDW 844 CS/SCOX wrote:
> Million THANKS! I never knew about SNAP!
>
> Okay I did try 3 files:
>
> openssl-1.0.1-stable-SNAP-20120425.tar.gz (OpenSSL 1.0.1b-dev)
> openssl-1.0.2-stable-SNAP-20120425.tar.gz (OpenSSL 1.0.2-dev)
> openssl-SNAP-20120425
@openssl.org
Cc: Spence, Thomas CIV USAF AFDW 844 CS/SCOX
Subject: EXTERNAL: Re: RE: OpenSSL 1.0.1a
On 01/-10/-28163 08:59 PM, Spence, Thomas CIV USAF AFDW 844 CS/SCOX wrote:
> I am using AIX 5.3 with gcc 4.3.5.
> ld: 0711-317 ERROR: Undefined symbol: OPENSSL_ia32cap_P
I had the same proble
On 01/-10/-28163 08:59 PM, Spence, Thomas CIV USAF AFDW 844 CS/SCOX wrote:
> I am using AIX 5.3 with gcc 4.3.5.
> ld: 0711-317 ERROR: Undefined symbol: OPENSSL_ia32cap_P
I had the same problem with the file crypto/evp/e_rc4_hmac_md5.c.
Linking on non-x86 hardware failed.
Try to replace this file
>On Thu 12/04/12 3:08 PM , kthiru...@inautix.co.in sent:
>Carl,
>Thanks for your reply,
>
>We have a Load Balancer in between the User ( desktop ) and the Server.
>
>So, i used the getpeername and am getting only the Load Balancer IP in the
>output and not the desktop IP. Is >there any other wa
I just want to wrap up my problem so that others can learn from my
ignorance:
Squid's logs aren't very verbose, so I only got "SSL unknown certificate
error 12" , when it suddenly wouldn't accept my client certificates
anymore.
That's the same error you get when a certificate has expired.
But
On Mon, Jan 16, 2012, Eisenacher, Patrick wrote:
> > -Original Message-
> > From: Steffen DETTMER
> >
> > * Johannes Bauer wrote on Fri, Jan 13, 2012 at 14:22 +0100:
> > [...]
> > > >>> Or, in other words: Let's assume I have a ultimate root
> > > >>> (self-signed) "Root" and a branched C
> -Original Message-
> From: Steffen DETTMER
>
> * Johannes Bauer wrote on Fri, Jan 13, 2012 at 14:22 +0100:
> [...]
> > >>> Or, in other words: Let's assume I have a ultimate root
> > >>> (self-signed) "Root" and a branched CA "X". I would like to
> > >>> trust "X" and all it's children,
* Johannes Bauer wrote on Fri, Jan 13, 2012 at 14:22 +0100:
[...]
> >>> Or, in other words: Let's assume I have a ultimate root
> >>> (self-signed) "Root" and a branched CA "X". I would like to
> >>> trust "X" and all it's children, but not "Root". Is this
> >>> not possible?
[yes, it is not poss
users@openssl.org; carlyo...@keycomm.co.uk
Subject: RE: RE: Open SSL API's Support For IPv6.
Hi,
I am sorry if I misunderstood things. I went through the text quoted by him.
Also, I did google search for that and what I understood was:
ERR_load_crypto_strings() registers the error strings for all
owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeremy Farrell
Sent: Tuesday, November 01, 2011 1:39 AM
To: openssl-users@openssl.org; carlyo...@keycomm.co.uk
Subject: RE: RE: Open SSL API's Support For IPv6.
> From: Akanksha Shukla [mailto:akshu
> From: Akanksha Shukla [mailto:akshu...@cisco.com]
>
> Hi Carl,
>
> I added the API's call as mentioned by you in the else part to get the
> dump
> of the error. But this time also, I am not successful.
> else
> {
> SSL_load_error_strings();
> SSL_li
To: openssl-users@openssl.org; Akanksha Shukla
Subject: Re: RE: Open SSL API's Support For IPv6.
> On Mon 31/10/11 4:25 PM , "Akanksha Shukla" akshu...@cisco.com sent:
> Hi Michael,
>
> Thanks for the reply. But I think the issue is not from the C perspective.
> As
> On Mon 31/10/11 4:25 PM , "Akanksha Shukla" akshu...@cisco.com sent:
> Hi Michael,
>
> Thanks for the reply. But I think the issue is not from the C perspective.
> As I already mentioned, that if I use fputs to directly write a string to
> file, then I am able to do that successfully. But when I
It's likely you're hitting RT #1593:
http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest
Options include
A) Use a different curve.
B) Use a 64-bit build.
C) upgrade to at least 0.9.8h.
D) Figure out the series of patches to resolve the bug.
E) Hack the code up to resolve it y
That didn't work. I immediately got an error from the server :
SSL3_GET_CLIENT_HELLO: no shared cipher.
Do you know what my original error meant:
SSL_BYTES_TO_CIPHER_LIST:scsv received when renegotiating
Maybe if I know what it is referring to I can track down the issue. There
isn't much po
>> Hi,
>>
>>
>>
>> I am developing and application using OpenSSL. I have a proprietary system
>> to handle connection/read data from sockets. All I need to do is to pass
>> callback functions to the system to
>>
>> 1. Handle new connection
>>
>> 2. Read
* derleader mail on Monday, May 02, 2011 8:14 PM
> > But what exactly do you want to know? If you can use SSL and
> > Blowfish?
> > It does not appear in http://www.openssl.org/docs/apps/ciphers.html.
> >
> Yes the web site and the book about the OpenSSL is outdated.
Does TLS spec nowadays define
>> If I decide to go with openssl and blowfish what are the
>> potential threats?
>
>Yes, heaps of.
>You might consider asking more detailed.
>
>> Is there another security mechanism that I can use with blowfish?
>
>Of course...
>But what exactly do you want to know? If you can use SSL
> If I decide to go with openssl and blowfish what are the
> potential threats?
Yes, heaps of.
You might consider asking more detailed.
> Is there another security mechanism that I can use with blowfish?
Of course...
But what exactly do you want to know? If you can use SSL and Blowfish?
It does
>> > I'm going to use stream protocol - TCP/IP. Here is the
>> template source
>> > code of the server without the encryption part
>>
>> We mean application protocol.
>>
>> > while (1) {
>> > sock = accept(listensock, NULL, NULL);
>> > printf("client connected to child thread %i with
* owner-openssl-us...@openssl.org
> What is the purpose of the project?
>
> This is a open source project - I need a way to monitor a
> huge number of servers - monitor CPU load, RAM load, HDD
> load, installed packets and etc.
Why not using http://www.nagios.org/?
> The data which will gathe
Hi Peter,
The extra string in o/p is due to error in coding. u r passing incorrect length
in EVP_DecryptUpdate.
if (!(EVP_DecryptUpdate(&dctx, dec_outbuf, &decoutlen, enc_outbuf,
output_buf_size)))
change above line to
if (!(EVP_DecryptUpdate(&dctx, dec_outbuf, &decoutlen, enc_outbuf,
enco
>
>> On 5/1/2011 1:34 AM, derleader mail wrote:
>>
>> > I'm going to use stream protocol - TCP/IP. Here is the
>> template source
>> > code of the server without the encryption part
>>
>> We mean application protocol.
>>
>> > while (1) {
>> > sock = accept(listensock, NULL, NULL)
Hi Peter,
The extra string in o/p is due to error in coding. u r passing incorrect
length in EVP_DecryptUpdate.
if (!(EVP_DecryptUpdate(&dctx, dec_outbuf, &decoutlen, enc_outbuf,
output_buf_size)))
change above line to
if (!(EVP_DecryptUpdate(&dctx, dec_outbuf, &decoutlen, enc_outbuf,
encoutlen
>> So I need a high performance solution that can handle many connections
>> with little server load.
>>
>> 1. SSL is a good solution but is not high performance - it's more
>> suitable for encryption of a web page. When establishing connection more
>> that 100 connections are used to perf
Hi Peter,
Add padding for CBC mode encryption.
Or u can use CFB mode. EVB_bf_cfb()
-Shafeek
Hi,
Thank you for the reply. I have edit the code.
Source Code:
//gcc blowfish2.c -L/usr/local/ssl/lib/ -lssl -lcrypto -Wall
#include
#include
#include
#include
#include
#define input_
>Don't you know how much data you've read that you're about to decrypt?
>
>in your code template, you showed the sendign routine doing...
>
> nread = recv(sock, buffer, 25, 0);
>
>isn't the recieving routine doing somethign similar? well, nread would
>be the length you need, no?
Y
>> I'm going to use stream protocol - TCP/IP. Here is the template source
>> code of the server without the encryption part
>
>We mean application protocol.
>
>> while (1) {
>> sock = accept(listensock, NULL, NULL);
>> printf("client connected to child thread %i with pid %i.\n",
>> pthrea
On Sun, May 1, 2011 at 5:28 PM, derleader mail wrote:
> >What protocol are you using?
> What I mean is application layer protocol. But since in your example,
> you're using your own protocol,
> why not send both length and data.
> Example.
> <4 byte len field><0..2^32-1 data field>
>
> Then in yo
>What protocol are you using? What I mean is application layer protocol. But
>since in your example, you're using your own protocol, why not send both
>length and data.
Example.
Then in you receiving end, do
recv 4 bytes, get length, and recv until received data equals to length.
Hi,
>What protocol are you using?
What I mean is application layer protocol. But since in your example, you're
using your own protocol,
why not send both length and data.
Example.
<4 byte len field><0..2^32-1 data field>
Then in you receiving end, do recv 4 bytes, get length, and recv until
recei
The encrypted output is not a NULL terminated string so strlen will not work.
>> EVP_DecryptUpdate(&ctx, (unsigned char *)plaintextz, &out_len,
(unsigned char *)ciphertext, strlen(ciphertext));
Use the length output from the encryption part.
Thank you very much for
On Sun, May 1, 2011 at 1:48 AM, derleader mail wrote:
>
> Hi,
>
> The encrypted output is not a NULL terminated string so strlen will not
> work.
>
> >> EVP_DecryptUpdate(&ctx, (unsigned char *)plaintextz, &out_len, (unsigned
> char *)ciphertext, strlen(ciphertext));
>
> Use the length output fro
Hi,
The encrypted output is not a NULL terminated string so strlen will not work.
>> EVP_DecryptUpdate(&ctx, (unsigned char *)plaintextz, &out_len,
(unsigned char *)ciphertext, strlen(ciphertext));
Use the length output from the encryption part.
Thank you very much for the
From: derleader mail
Sent: Thursday, April 28, 2011 10:11 PM
>I am looking for specific information on using the library in a
>multi-threaded / asynchronous IO server (Windows - using IOCP).
>I'd appreciate any information on the subject. An example would be great.
>
>Best regards,
>Andre
Hi,
I
>Hi.
>
>I'm in the process of learning the API myself. I had concerns about the
>book "Network Programming with OpenSSL".
>Having consulted someone with experience in this matter it appears that
>the API itself has changed very little and the
>book is still relevant. The cryptographic f
>> Hi,
>>I need to compile OpenSSL only with support for Symmetric
>> encryption - only 3DES support. How I can remove all unneeded stuff?
>> Can you give an advice what to remove and how to remove it?
>
>
>I suppose one approach would be to run a test suite that does just what
>yo
Thanks, I missed "!" ...
2011/2/25 lzyzizi
> I think you missed the logic about the function return value.
>
> If SSL_set_fd( ) is ok , it will return "1".
>
> Your code may write this way:
>
> if(* !*SSL_set_fd(si->ssl, sock)){
> int err_tmp = ERR_get_error();
> char buf_tmp[256];
Hello,
I would like to know at what time have I to call shutdown ? is there a case
I have no choice ( and so I have to shutdown ).
In fact, I develop a secure stack between TCP and an application. . So in
appli_connect( ), appli_read( ), ... appli_accept( ) are defined like these
:
appli_connect(a
On Thu, Dec 09, 2010, Christopher A Hotchkiss wrote:
> I???m sorry I wasn???t clear.
>
> The tweak was done during the second phase of the build, where you link the
> fipscanister to a more recent OpenSSL. The fips-1.2 build phase was
> untweaked. So I think we are compliant.
>
Yes that's fine
mail christopher.a.hotchk...@jpmchase.com<mailto:prashant.a.agra...@chase.com>
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of carlyo...@keycomm.co.uk
Sent: Thursday, December 09, 2010 11:50 AM
To: openssl-users@openssl.org
Subject: Re: RE: Problem
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
My 2-cents worth...
If you had to tweak ANYTHING then this is not a "FIPS-approved"
build.
Carl
On Thu 09/12/10 4:39 PM , Christopher A Hotchkiss
christopher.a.hotchk...@jpmchase.com sent:
To All,
n the hardware vendor (or yourself) would have to implement engine
code to perform the operations.
Erik
From: sagar gupta
Subject: Re: RE: AES in counter mode no support in openssl
can that aes_ctr.c be used to connect to hardware driver. I have a hardware
driver which can implement the encry
can that aes_ctr.c be used to connect to hardware driver. I have a hardware
driver which can implement the encryption method for more performance.
Thanks
On Thu, 02 Sep 2010 03:30:20 +0530 wrote
>
OpenSSL
1.0.0a has aes_ctr.c in the crypto/aes directory.
Erik Tkal
Subject: AES i
I completely understand and appreciate your quick response :) For the time
being, we'll stick with using the latest version of the 0.9.X series of OpenSSL.
Thanks again,
James
> Original Message
>From: Steve Marquess
>To: openssl-users@openssl.org
>Sent: Thu, Jul 29, 2010, 11:29 AM
>Su
On Tue, Jan 26, 2010, Shotton, Fred wrote:
> Hi Steve,
>
> I have verified the new change solves the problem.
>
>
Excellent, thanks for running the tests.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
Hi Steve,
I have verified the new change solves the problem.
Thank you,
fred
-Original Message-
From: Dr. Stephen Henson [mailto:st...@openssl.org]
Sent: Tuesday, January 26, 2010 11:56 AM
To: openssl-users@openssl.org
Subject: Re: Re-negotiation handshake failed: Not accepted
On Tue, Jan 26, 2010, Shotton, Fred wrote:
>
> I double checked that swapping BIO_CTRL_PENDING and BIO_CTRL_WPENDING in
> modules/ssl/ssl_engine_io.c does NOT fix this. It results in a fatal alert,
> without it the s_client hangs. My test is a little unusual in that I
> copy/paste an HTTP GET req
nssl-users@openssl.org
Subject: Re: Re-negotiation handshake failed: Not accepted by clientwithOpenSSL
0.98m-beta1
On Mon, Jan 25, 2010, Shotton, Fred wrote:
> Hi Steve,
>
> Adding a third case in s3_srvr.c did work, yeah! Applying the Apache fix did
> not work.
>
> Let me know if y
On Mon, Jan 25, 2010, Shotton, Fred wrote:
> Hi Steve,
>
> Adding a third case in s3_srvr.c did work, yeah! Applying the Apache fix did
> not work.
>
> Let me know if you need anything else.
>
I can't reproduce your issue but it does depend critically on the amount of
data transferred to repr
Subject: Re: Re-negotiation handshake failed: Not accepted by client
withOpenSSL 0.98m-beta1
On Mon, Jan 25, 2010, Frederick Shotton wrote:
> Hi Steve,
>
> I tried the new fix and it did not work for me. The Apache only fix did
> make renegotiation work however. The new fix ha
On Mon, Jan 25, 2010, Frederick Shotton wrote:
> Hi Steve,
>
> I tried the new fix and it did not work for me. The Apache only fix did
> make renegotiation work however. The new fix hangs with the following
> output on s_client:
>
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public
1 - 100 of 413 matches
Mail list logo
