Re: Problems with ECDSA signature and verification

On 17/10/2022 09:34, Fernando Elena Benavente wrote: Hi guys, we are having problems with the implementation of the signature and verification of messages with ECDSA, because the demo of ECDSA in github  us does not allow us to determine the type of ECDSA curve, I assume you are looking at

RE: problems with too many ssl_read and ssl_write errors

Please reply to the list rather than to me directly. > From: Kamala Ayyar > Sent: Thursday, 26 August, 2021 08:57 > We call the WSAGetLastError immediately after SSL_ERROR_SYSCALL and we get > the > WSAETIMEDOUT OK. This wasn't entirely clear to me from your previous message. So you are get

RE: problems with too many ssl_read and ssl_write errors

> From: Kamala Ayyar > Sent: Monday, 23 August, 2021 09:22 > We get the SSL_ERROR_SYSCALL from SSL_Read and SSL_Write quite often. You'll get SSL_ERROR_SYSCALL any time OpenSSL makes a system call (including, on Windows, a Winsock call) and gets an error. > It seems the handshake is done corr

Re: problems with too many ssl_read and ssl_write errors

For the below symptoms, I would recommend a watching the application port with WireShark. This should show any the TLS protocol deviations and any problems in handling and establishing the TCP connections. On 2021-08-19 00:38, David Bowers via openssl-users wrote: * We have a server that has

Re: problems with too many ssl_read and ssl_write errors

Hello Michael, Thank you very much for your detailed response. We previously had checked the Registry settings for TCPIP Parameters and have been using the Default values. I also ran the PowershellScript for the Ephemeral ports and you are correct - the ports are not being exhausted as it used t

RE: problems with too many ssl_read and ssl_write errors

> From: openssl-users On Behalf Of David > Bowers via openssl-users > Sent: Wednesday, 18 August, 2021 16:38 I don't think this is OpenSSL-related, but at this point it's not clear what the issue is. > . After maybe a few hours/days we see the clients dropping connections.  The > logs > indic

Re: Problems porting Openssl 1.1.1d to zos.

Yes, I encountered the same problem in my OS/400 port of OpenSSL 1.1.1.

Re: Problems porting Openssl 1.1.1d to zos.

Am 14.04.20 um 14:57 schrieb K Lengauer: Hi Stephan, Thank you for your quick response and also the link to your github issue. I must have brushed over it when searching for similar issues, apologies. Anyway, this seems to further confirm the issue(s) at hand... Did you have any success or have

Re: Problems porting Openssl 1.1.1d to zos.

Hi Stephan, Thank you for your quick response and also the link to your github issue. I must have brushed over it when searching for similar issues, apologies. Anyway, this seems to further confirm the issue(s) at hand... Did you have any success or have you made any attempts at fixing this so far

Re: Problems porting Openssl 1.1.1d to zos.

Hello Kevin, Am 14.04.20 um 10:00 schrieb K Lengauer: Dear all, I want to add another issue that occurred to me and would appreciate some input from others using zOS OpenSSL. Calls like "ossl_isascii(c)" such as is done in "a_print.c" in method "int ASN1_PRINTABLE_type(const unsigned char *s,

Re: Problems porting Openssl 1.1.1d to zos.

Dear all, I want to add another issue that occurred to me and would appreciate some input from others using zOS OpenSSL. Calls like "ossl_isascii(c)" such as is done in "a_print.c" in method "int ASN1_PRINTABLE_type(const unsigned char *s, int len)" lead to wrong behavior for me on zOS if the in

Re: Problems porting Openssl 1.1.1d to zos.

First of all, thanks Michael Wojcik for your answer regarding the datasets. I was able to get it working. In the meantime I got the whole build done and am working on my tests. One thing that I noticed recently is a wrong certificate X509 name output that happens because of the following code sect

Re: Problems porting Openssl 1.1.1d to zos.

behalf of K Lengauer Sent: Monday, March 9, 2020 10:29 To: openssl-users@openssl.org Subject: Re: Problems porting Openssl 1.1.1d to zos. Dear Patrick and co I am currently stuck during my build with the following error: IKJ56228I DATA SET CEE.SCEEBND2 NOT IN CATALOG OR CATALOG CAN NOT BE ACCESS

Re: Problems porting Openssl 1.1.1d to zos.

Dear Patrick and co I am currently stuck during my build with the following error: IKJ56228I DATA SET CEE.SCEEBND2 NOT IN CATALOG OR CATALOG CAN NOT BE ACCESSED FSUM3052 The data definition name SYSLIB cannot be resolved. The data set was not found. Ensure that data set name CEE.SCEEBND2 is s

Re: Problems porting Openssl 1.1.1d to zos.

On 3/4/20 5:31 PM, Salz, Rich via openssl-users wrote: Perhaps someone should writeup and submit a "NOTES.zos" file to add? I could put the contents of my previous mail in a NOTES.zos file, if that would be considered helpful, knowing it works for us at the moment and might not to the trick for

Re: Problems porting Openssl 1.1.1d to zos.

Perhaps someone should writeup and submit a "NOTES.zos" file to add?

Re: Problems porting Openssl 1.1.1d to zos.

Regarding perl, this is the version which works for us : > perl -v This is perl 5, version 24, subversion 0 (v5.24.0) built for os390 Copyright 1987-2016, Larry Wall MVS (OS390) port by Mortice Kern Systems, 1997-1999 Perl may be copied only under the terms of either the Artistic License or t

Re: Problems porting Openssl 1.1.1d to zos.

Thank you very much Patrick Steuer. This certainly helps! I am now also in the progress of building OpenSSL and come across missing "cflags" and the likes so with your config I can hopefully save some time as well as verify what I already use. I will also share my config in the near future once I

Re: Problems porting Openssl 1.1.1d to zos.

This is a very helpful post. Thank you. We lacked Perl and had no clear path to getting it. Can't say this deficiency caused our project to miss generous targets, but it certainly contributed. On Wed, Mar 4, 2020, 6:07 AM Patrick Steuer wrote: > > I stumbled across this mails when looking for

Re: Problems porting Openssl 1.1.1d to zos.

I stumbled across this mails when looking for information regarding OpenSSL on zOS. Currently, I am working on getting OpenSSL 1.1.1c running on zOS. So far I created my own config "target" inside 10-main.conf based on the old configuration that was used pre OpenSSL 1.1.0. Still, I was not able

Re: Problems porting Openssl 1.1.1d to zos.

We recently abandoned our effort to port 1.1.1d to zos. Attempting to use GSK now. Lack of a zos dev community is a hurdle. M On Mon, Mar 2, 2020, 6:04 AM K Lengauer wrote: > Dear all, > > I stumbled across this mails when looking for information regarding OpenSSL > on zOS. Currently, I am work

Re: Problems porting Openssl 1.1.1d to zos.

Dear all, I stumbled across this mails when looking for information regarding OpenSSL on zOS. Currently, I am working on getting OpenSSL 1.1.1c running on zOS. So far I created my own config "target" inside 10-main.conf based on the old configuration that was used pre OpenSSL 1.1.0. Still, I was

Re: Problems revoking a cert

On Mon, Feb 24, 2020 at 12:09 PM Michael Wojcik < michael.woj...@microfocus.com> wrote: > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Michael Leone > > Sent: Monday, February 24, 2020 09:37 > > > SO I was an idiot, and signed a certificate, but specified an inva

RE: Problems revoking a cert

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Michael Leone > Sent: Monday, February 24, 2020 09:37 > SO I was an idiot, and signed a certificate, but specified an invalid > location. i.e., > I used a "/" instead of a "/" in the location. I assume that was supp

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 4:02 PM Michael Wojcik wrote: > > > From: Michael Leone [mailto:tur...@mike-leone.com] > > Sent: Friday, February 07, 2020 13:13 > > > > I've got it almost all figured out, except how to get a subjectAltName > > automatically populated by the CN of the requestor. My requests

RE: Problems adding specific extensions to signed certificates

> From: Michael Leone [mailto:tur...@mike-leone.com] > Sent: Friday, February 07, 2020 13:13 > > I've got it almost all figured out, except how to get a subjectAltName > automatically populated by the CN of the requestor. My requests aren't > asking for a SAN, but Chrome isn't happy without one, so

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 3:08 PM Michael Wojcik wrote: > > > From: Michael Leone [mailto:tur...@mike-leone.com] > > Sent: Friday, February 07, 2020 11:55 > > > > How is that this works for everyone else, and not me? :-) > > It doesn't. > > I just reviewed this whole note stream, and realized you're

RE: Problems adding specific extensions to signed certificates

> From: Michael Leone [mailto:tur...@mike-leone.com] > Sent: Friday, February 07, 2020 11:55 > > How is that this works for everyone else, and not me? :-) It doesn't. I just reviewed this whole note stream, and realized you're using "openssl req" to create the certificate, rather than "openssl c

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 1:46 PM Michael Leone wrote: > > On Fri, Feb 7, 2020 at 12:35 PM Michael Wojcik > wrote: > > Or copied using the copy_extensions option, as noted in the discussion of > > that issue. > > > > In the OpenSSL configuration file used by "openssl ca", in the CA section > > (th

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 12:35 PM Michael Wojcik wrote: > Or copied using the copy_extensions option, as noted in the discussion of > that issue. > > In the OpenSSL configuration file used by "openssl ca", in the CA section > (that is, the section named by the default_ca option, or in the section

RE: Problems adding specific extensions to signed certificates

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Salz, Rich via openssl-users > Sent: Friday, February 07, 2020 09:17 > > I think the mismatch is that CSR extensions are not carried over; they have > to be added at signing time. > See https://github.com/openssl/openss

Re: Problems adding specific extensions to signed certificates

I think the mismatch is that CSR extensions are not carried over; they have to be added at signing time. See https://github.com/openssl/openssl/issues/10458

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 11:02 AM Sergio NNX wrote: > > This is the basics of OpenSSL! > > You would like to add extensions to a CSR or the problem arises when signing > it? Yes, when I sign, I get no extensions that are requested in the CSR. Nor are any added, when I sign (requested or not). > >

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 10:30 AM Michael Richardson wrote: > > > Michael Leone wrote: > > On Fri, Feb 7, 2020 at 8:54 AM Michael Leone > wrote: > >> Thanks, tho, I did learn a thing or two. I see from this example > >> > >> openssl req -config $cfgdir/openssl-root.cnf $passin \ >

Re: Problems adding specific extensions to signed certificates

From: openssl-users on behalf of Michael Leone Sent: Saturday, 8 February 2020 2:01 AM To: openssl-users@openssl.org Subject: Re: Problems adding specific extensions to signed certificates On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni wrote: > > On Thu, F

Re: Problems adding specific extensions to signed certificates

On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni wrote: > > On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote: > > > Oh, I can add extensions by signing and using the -extfile option, and > > specifying a file with the specific options I want to give the > > certificate. But I don't want

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 8:54 AM Michael Leone wrote: > Thanks, tho, I did learn a thing or two. I see from this example > > openssl req -config $cfgdir/openssl-root.cnf $passin \ > -set_serial 0x$(openssl rand -hex $sn)\ > -keyform $format -outform $format\ > -key $rootca/private/ca.

Re: Problems adding specific extensions to signed certificates

On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni wrote: > On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote: > > > Oh, I can add extensions by signing and using the -extfile option, and > > specifying a file with the specific options I want to give the > > certificate. But I don't want

Re: Problems adding specific extensions to signed certificates

On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote: > Oh, I can add extensions by signing and using the -extfile option, and > specifying a file with the specific options I want to give the > certificate. But I don't want to have to use an addon file, I want to > add parameters to all s

Re: Problems porting Openssl 1.1.1d to zos.

> An error occurred during a connection to cafe.na.tibco.com:1802. SSL > received a record with an incorrect Message Authentication Code. Error > code: SSL_ERROR_BAD_MAC_READ In case this error occurs with a chacha-poly cipher suite, the following PR probably has a fix: https://github.com/openssl

Re: Problems porting Openssl 1.1.1d to zos.

Please see also GitHub issue #4154, in particular https://github.com/openssl/openssl/issues/4154#issuecomment-552838141

Re: Problems porting Openssl 1.1.1d to zos.

On 11.11.19 16:42, Wendell Nichols via openssl-users wrote: Is there anyone on this group with experience with ebcdic platforms, specifically zOS?  I have built 1.1.1d on zOS and connections to my server work for firefox 60 but not newer versions.  I don't know exactly where the cut off is o

Re: Problems building for IOS and linking to libssh2

https://stackoverflow.com/questions/6429494/undefined-symbols-for-architecture-armv7 Look at common cause 3 in the first answer. These are the undefined symbols: "_ENGINE_load_builtin_engines", referenced from: _libssh2_init in global.c.o __libssh2_init_if_needed in global.c.o

RE: Problems converting to .p12 from Apache format

Assuming this is tomcat with JSSE since tomcat with APR would use the PEM files: - you don't actually need the (own) root cert for JSSE server including tomcat. A server "MAY" omit the root, if it sends any other chain certs, and tomcat can. - if you specify -chain to pkcs12 -export, that

RE: Problems creating valid signing certificats

> From: owner-openssl-us...@openssl.org On Behalf Of Thomas Koeller > Sent: Thursday, 07 February, 2013 15:54 > On Thursday 07 February 2013 07:31:55 you wrote: > > On Wed, February 6, 2013 23:47, Thomas Koeller wrote: > > > bash-4.0$ openssl verify -x509_strict -CAfile cacert/root_ca.pem > > > -

Re: Problems creating valid signing certificats

On Thursday 07 February 2013 07:31:55 you wrote: > On Wed, February 6, 2013 23:47, Thomas Koeller wrote: > > bash-4.0$ openssl verify -x509_strict -CAfile cacert/root_ca.pem -purpose > > sslserver cacert/host_ca.pem > > cacert/host_ca.pem: C = DE, ST = Hamburg, O = K\C3\B6ller Family, OU = > > K\C3

Re: Problems creating valid signing certificats

On Wed, February 6, 2013 23:47, Thomas Koeller wrote: > bash-4.0$ openssl verify -x509_strict -CAfile cacert/root_ca.pem -purpose > sslserver cacert/host_ca.pem > cacert/host_ca.pem: C = DE, ST = Hamburg, O = K\C3\B6ller Family, OU = > K\C3\B6ller Family Certification Authority, CN = K\C3\B6ller F

RE: Problems reading PKCS8 private key

> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni > Sent: Friday, 25 January, 2013 12:21 > On Fri, Jan 25, 2013 at 05:10:03PM +, Viktor Dukhovni wrote: > > > On Fri, Jan 25, 2013 at 04:13:02PM +, Ken Allen wrote: > > > > > Hi All, I'm having a bit of a problem. I need

RE: Problems reading PKCS8 private key

-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Dr. Stephen Henson [st...@openssl.org] Sent: Friday, January 25, 2013 1:00 PM To: openssl-users@openssl.org Subject: Re: Problems reading PKCS8 private key On Fri, Jan 25, 2013, Ken Allen wrote: > Awesome, that worked. Is ther

Re: Problems reading PKCS8 private key

On Fri, Jan 25, 2013, Ken Allen wrote: > Awesome, that worked. Is there a "official" name for the asn.1 structure > that's being produced here? > It's a PKCS#8 PrivateKeyInfo structure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see:

RE: Problems reading PKCS8 private key

1151 www.ultra-prologic.com From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Viktor Dukhovni [openssl-us...@dukhovni.org] Sent: Friday, January 25, 2013 12:21 PM To: openssl-users@openssl.org Subject: Re: Problems reading PK

Re: Problems reading PKCS8 private key

On Fri, Jan 25, 2013 at 05:10:03PM +, Viktor Dukhovni wrote: > On Fri, Jan 25, 2013 at 04:13:02PM +, Ken Allen wrote: > > > Hi All, I'm having a bit of a problem. I need to load a private > > key (EC, but I'm having the same problem with RSA) from an unecrypted, > > der encoded, PKCS8 mem

Re: Problems reading PKCS8 private key

On Fri, Jan 25, 2013 at 04:13:02PM +, Ken Allen wrote: > Hi All, I'm having a bit of a problem. I need to load a private > key (EC, but I'm having the same problem with RSA) from an unecrypted, > der encoded, PKCS8 memory buffer. I'm just trying to get it to work > loading from a file for now

RE: Problems installing

7 PM To: openssl-users@openssl.org Subject: RE: Problems installing Just a guess, but "Can't open /dev/null: No such file or directory" could be causing utter confusion. That sounds like a pretty screwed-up system. v5.8.8 is fine for the perl, assuming it's on your

RE: Problems installing

not seen this behavior before and I'm grasping at straws. Thanks in advance From: owner-openssl-us...@openssl.org on behalf of Jeremy Farrell Sent: Sat 6/2/2012 9:57 PM To: openssl-users@openssl.org Subject: RE: Problems installing Just a guess, but &q

RE: Problems installing

/dev/null does exist and the reply from "perl-v" tells me it is in my path. Where do I go from here? From: owner-openssl-us...@openssl.org on behalf of Jeremy Farrell Sent: Sat 6/2/2012 9:57 PM To: openssl-users@openssl.org Subject: RE: Problems

RE: Problems installing

Just a guess, but "Can't open /dev/null: No such file or directory" could be causing utter confusion. That sounds like a pretty screwed-up system. v5.8.8 is fine for the perl, assuming it's on your path. Regards, jjf > -Original Message- > From: Curtis, John G [mailto:jc

Re: Problems with OpenSSl BN

On 29/05/12 22:52, Matt Caswell (fr...@baggins.org) wrote: On 29/05/12 16:55, chip...@gmx.de wrote: Now I set for every variable the BN_FLG_CONSTIME Flag, so that I can be sure, that they will need the same time. I measured the time the BN_nnmod operation in the BN_mod_add function needs for

Re: Problems with OpenSSl BN

to do a carry or creating a new word for the value which is bigger than the modulos. Original-Nachricht > Datum: Tue, 29 May 2012 22:52:11 +0100 > Von: "Matt Caswell (fr...@baggins.org)" > An: openssl-users@openssl.org > Betreff: Re: Problems with OpenSS

Re: Problems with OpenSSl BN

On 29/05/12 16:55, chip...@gmx.de wrote: Hi, thank you again for your answer. Now I set for every variable the BN_FLG_CONSTIME Flag, so that I can be sure, that they will need the same time. I measured the time the BN_nnmod operation in the BN_mod_add function needs for the modulo operation a

Re: Problems with OpenSSl BN

t). When I want to use the summands value later, then it just has the value zero. Thank you for your help. Original-Nachricht > Datum: Mon, 28 May 2012 23:23:43 +0100 > Von: "Matt Caswell (fr...@baggins.org)" > An: openssl-users@openssl.org > Betreff: Re

Re: Problems with root CA - Is it possible to reissue the root certificate without affecting existing clients?

On 5/28/2012 5:19 PM, Brian Powell wrote: Hello, Last year we deployed a root and intermediary CA's to support a web service - We have now found some issues with the root CA and need to fix them. We have many clients in many organisations which have installed the old root cert - There is curr

Re: Problems with OpenSSl BN

t from the caching of temporary variables. Thank you for your answer. Original-Nachricht Datum: Tue, 15 May 2012 00:04:16 +0100 Von: "Matt Caswell (fr...@baggins.org)" An: openssl-users@openssl.org Betreff: Re: Problems with OpenSSl BN On 14/05/12 15:48, chip.

Re: Problems with OpenSSl BN

time with different context variables, but it has no consequences. The caculating results also stay the same. Thank you for your answer. Original-Nachricht > Datum: Tue, 15 May 2012 00:04:16 +0100 > Von: "Matt Caswell (fr...@baggins.org)" > An: openssl-users@o

Re: Problems with OpenSSl BN

On 14/05/12 15:48, chip...@gmx.de wrote: Hello, I am using the OpenSSL BN functions. Wenn I measure the time which a BN function needs, then I see that for example BN_mod_add, needs for every calling different times. Shouldn't it be the same timeconsumption, every time I call for example BN_m

Re: Problems with including zlib

On Sun January 1 2012, grarpamp wrote: > > Translation: I have to agree with O.P. - It looks broke to me too. ;-) > > Heh, that's precisely what I said in my report :) The front end > options to do it seem to exist, and they even have some brief > descriptions as such. They just don't work :) >

Re: Problems with including zlib

> Translation: I have to agree with O.P. - It looks broke to me too. ;-) Heh, that's precisely what I said in my report :) The front end options to do it seem to exist, and they even have some brief descriptions as such. They just don't work :) 'zlib' should get us static inclusion. 'zlib-dynam

Re: Problems with including zlib

On Tue December 27 2011, Michael S. Zick wrote: > On Tue December 27 2011, Michael S. Zick wrote: > > On Tue December 27 2011, Jakob Bohm wrote: > > > On 12/26/2011 1:31 AM, Michael S. Zick wrote: > > > > On Sun December 25 2011, jb-open...@wisemo.com wrote: > > > >> Merry Christmas, and thanks to

Re: Problems with including zlib

On Tue December 27 2011, Michael S. Zick wrote: > On Tue December 27 2011, Jakob Bohm wrote: > > On 12/26/2011 1:31 AM, Michael S. Zick wrote: > > > On Sun December 25 2011, jb-open...@wisemo.com wrote: > > >> Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld > > >> specific > >

Re: Problems with including zlib

On Tue December 27 2011, Jakob Bohm wrote: > On 12/26/2011 1:31 AM, Michael S. Zick wrote: > > On Sun December 25 2011, jb-open...@wisemo.com wrote: > >> Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld > >> specific > >> option to do this in manually written Makefiles. > >> > >

Re: Problems with including zlib

On 12/26/2011 1:31 AM, Michael S. Zick wrote: On Sun December 25 2011, jb-open...@wisemo.com wrote: Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld specific option to do this in manually written Makefiles. My replies below are about how to achieve this without GNU specific

Re: Problems with including zlib

On Sun December 25 2011, jb-open...@wisemo.com wrote: > Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld > specific > option to do this in manually written Makefiles. > > My replies below are about how to achieve this without GNU specific options > and without having to edit t

Re: Problems with including zlib

Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld specific option to do this in manually written Makefiles. My replies below are about how to achieve this without GNU specific options and without having to edit the Configure and Makefiles. These answers do not apply to Window

Re: Problems with including zlib

On Mon December 19 2011, grarpamp wrote: > I have a case that needs zlib statically in openssl. > But I can't seem to make that. Only dynamic is made. > > For testing I put zlib125 in its own . > Then for openssl... > > ./config > --prefix= > --with-zlib-include=/include > --with-zlib-lib=/lib >

Re: Problems with including zlib

> 1. Make sure there is a libz.a in /lib or /usr/lib, otherwise you have no > static zlib to link in. Of course there's an old libz.a there. And it should not matter as we're given the --with-zlib arguments to point the build elsewhere for those libraries. And as seen in the report, it is followin

Re: Problems with including zlib

On 12/19/2011 10:38 AM, grarpamp wrote: I have a case that needs zlib statically in openssl. But I can't seem to make that. Only dynamic is made. For testing I put zlib125 in its own. Then for openssl... ./config --prefix= --with-zlib-include=/include --with-zlib-lib=/lib shared zlib make make

Re: Problems with a setting certificates via OpenSSL in C++ (Windows)

On Mon, Dec 5, 2011 at 7:35 AM, wrote: > Hi, > > > > I am trying to make a simple C++ (64-bit) client program that can establish > a SSL connection with a remote server using OpenSSL on windows-7. I can > successfully execute the followings to create a new context block; > > > > SSL_library_init(

Re: Problems with a setting certificates via OpenSSL in C++ (Windows)

On 12/3/2011 8:22 PM, Jeffrey Walton wrote: On Fri, Dec 2, 2011 at 1:55 PM, wrote: Hi, I am trying to make a simple C++ (64-bit) client program that can establish a SSL connection with a remote server using OpenSSL on windows-7. I can successfully execute the followings to create a new context

Re: Problems with a setting certificates via OpenSSL in C++ (Windows)

On Fri, Dec 2, 2011 at 1:55 PM, wrote: > Hi, > > I am trying to make a simple C++ (64-bit) client program that can establish > a SSL connection with a remote server using OpenSSL on windows-7. I can > successfully execute the followings to create a new context block; > > SSL_library_init(); > SSL

RE: Problems with AES-CFB1

> From: owner-openssl-us...@openssl.org On Behalf Of Michael S. Zick > Sent: Tuesday, 01 November, 2011 09:15 > On Mon October 31 2011, Dave Thompson wrote: > > compiled without error, and gave the symptom reported -- > > because CRYPTO_cfb128_1_encrypt treats the length as bits > > > > My cop

Re: Problems with AES-CFB1

Yep, that solved it! That makes sense. Thankyou so much! On Wed, Nov 2, 2011 at 12:08 AM, re.est wrote: > Hello, > > I added *8 in length for both encrypt/decrypt call to make it bit length. > AES_cfb1_encrypt(data, ciphertext, length*8, &key, iv, &num, > AES_ENCRYPT); > > As you can see,

Re: Problems with AES-CFB1

Hello, I added *8 in length for both encrypt/decrypt call to make it bit length. AES_cfb1_encrypt(data, ciphertext, length*8, &key, iv, &num, AES_ENCRYPT); As you can see, cfb128_1 has uses bit as length in API void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,

Re: Problems with AES-CFB1

Hello, I added *8 in length for both encrypt/decrypt call to make it bit length. AES_cfb1_encrypt(data, ciphertext, length*8, &key, iv, &num, AES_ENCRYPT); CRYPTO_cfb128_1_encrypt accepts bit length unlike other CRYPTO_cfb128XX apis. On 11/01/2011 09:48 PM, Ananthasayanan Kandiah wrote

Re: Problems with AES-CFB1

Hi, I would be grateful if you could expand on this. I've tried simply placing the bit length for the AES_set_encrypt_key call and it still produces the same result. Thanks, Anantha On Tue, Nov 1, 2011 at 8:10 PM, re est wrote: > Hi, > > I have tried your code and replaced the length param wi

Re: Problems with AES-CFB1

On Mon October 31 2011, Dave Thompson wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of Michael S. Zick > > Sent: Sunday, 30 October, 2011 06:36 > > > On Sun October 30 2011, Ananthasayanan Kandiah wrote: > > > #include > > > #include > > > #include > > > #include > > > > > > #def

Re: Problems with AES-CFB1

Hi, I have tried your code and replaced the length param with bit length (*8) instead. It worked. It seems that there are inconsistent with the usage of API. - re.est On Sun, Oct 30, 2011 at 4:55 PM, Ananthasayanan Kandiah wrote: > Hi, > > I'm trying to use AES-CFB1 through the "low-level" cal

RE: Problems with AES-CFB1

> From: owner-openssl-us...@openssl.org On Behalf Of Michael S. Zick > Sent: Sunday, 30 October, 2011 06:36 > On Sun October 30 2011, Ananthasayanan Kandiah wrote: > > #include > > #include > > #include > > #include > > > > #define  KEY_SIZE 16 > Ask the compiler to help you: > > mszick@wol

Re: Problems with AES-CFB1

On Sun October 30 2011, Ananthasayanan Kandiah wrote: > #include > #include > #include > #include > > #define  KEY_SIZE 16 > > int main(void) > { >     int            i; >     AES_KEY        key; >     BIO*        bio_out; > >     unsigned char key_data[KEY_SIZE] = { >         0xfe, 0xec, 0x

Re: Problems with stack_st_X509_EXTENSION

On Mon, Aug 22, 2011, Rick Lopes de Souza wrote: > Hi all, > I'm using OpenSSL 1.0.0d and i'm trying to compile the following code: > > TS_TST_INFO *tstInfoOpenssl; > > tstInfoOpenssl->extensions->num = 3; > > (X509_EXTENSION*) requisicaoOpenssl->extensions->data[_i] > > Actually, it's

RE: Problems with certificates validity dates

> From: owner-openssl-us...@openssl.org On Behalf Of Eric Viseur > Sent: Tuesday, 28 June, 2011 11:11 > I'm currently setting up a small PKI using Bash scripts calling > OpenSSL and Apache. However, whatever days of validity I put on the > command line, it remains to it's defa

Re: Problems with openssl req using an on-board 2048 bit RSA key from a USB token

I managed to get this to work with a 2048 bit key by using the Aladdin PKCS#11 library instead of the OpenSC one: engine dynamic -pre SO_PATH:C:\WINDOWS\SYSTEM32\engine_pkcs11.dll -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:C:\WINDOWS\SYSTEM32\eTPKCS11.dll req -engine pkcs11 -new -ke

Re: Problems building openssl-1.0.0d on Mac OS X 10.6.7 with Xcode 4 installed: ranlib: file has no symbols

Update: Tried tips left in PROBLEMS file with no luck -- Roman Busyghin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated Li

Re: Problems with installing openssl in ubuntu

Hi Yessica, This sounds like you haven't installed the libraries for fips Google suggested me: http://old.nabble.com/Building-fipscanister.o-1.2-with-0.9.8i-td20669842.html Also you should be able to find the appropia

Re: Problems building FIPS Openssl under Server 2008 R2

On Mon, Dec 13, 2010, Christopher A Hotchkiss wrote: > > Just a quick note. There was a bug in the 1.2 module which meant Win64 ASM > > builds didn't function properly. A change letter has addressed this and the > > newly uploaded 1.2.2 module should now work fine with Win64 ASM. > > > > Stev

RE: Problems building FIPS Openssl under Server 2008 R2

> Just a quick note. There was a bug in the 1.2 module which meant Win64 ASM > builds didn't function properly. A change letter has addressed this and the > newly uploaded 1.2.2 module should now work fine with Win64 ASM. > > Steve. Does the updated 1.2.2 module need to be revalidated before we c

Re: Problems building FIPS Openssl under Server 2008 R2

On Mon, Dec 06, 2010, Christopher A Hotchkiss wrote: > Start at command prompt using the Microsoft Platform SDK Server 2003 > x64 Retail Build Shortcut > cd c:\build\openssl-fips\openssl-fips-1.2 > ms\do_fips no-asm > > Once that complete

Re: RE: Problems building FIPS Openssl under Server 2008 R2

On Thu, Dec 09, 2010, Christopher A Hotchkiss wrote: > I???m sorry I wasn???t clear. > > The tweak was done during the second phase of the build, where you link the > fipscanister to a more recent OpenSSL. The fips-1.2 build phase was > untweaked. So I think we are compliant. > Yes that's fine

RE: RE: Problems building FIPS Openssl under Server 2008 R2

mail christopher.a.hotchk...@jpmchase.com<mailto:prashant.a.agra...@chase.com> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of carlyo...@keycomm.co.uk Sent: Thursday, December 09, 2010 11:50 AM To: openssl-users@openssl.org Subject: Re: RE: Problem

Re: RE: Problems building FIPS Openssl under Server 2008 R2

BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; } My 2-cents worth... If you had to tweak ANYTHING then this is not a "FIPS-approved" build. Carl On Thu 09/12/10 4:39 PM , Christopher A Hotchkiss christopher.a.hotchk...@jpmchase.com sent: To All,

RE: Problems building FIPS Openssl under Server 2008 R2

To All, I was able to get OpenSSL FIPS to build and run on Server 2008 R2 by building on Server 2003 32bit. I also had to tweak the ms\ntdll.mk file and add "/FIXED" on lines 33 and 76. Christopher A Hotchkiss JPMorgan Chase & Co. - Navy Cash Application Developer Email christopher.a.hotchk...@j

  1   2   3   4   5   >