Answering my own question - I forgot the END of sequence in the marco.
Functional code below.
Dw.
> On 28 Aug 2020, at 15:49, Dirk-Willem van Gulik wrote:
>
> I've got a very simple sequence of to integers that I am trying to convert to
> DER.
>
> Bt I am getting an e
I've got a very simple sequence of to integers that I am trying to convert to
DER.
Bt I am getting an error or segfault in the final i2d step (lengt -1 for
i2d_X9_62).
Any advice on what is going wrong here ?
With kind regards,
Dw.
#include
#include
#include
#include
#in
On 26/09/2019 10:26, ratheesh kannoth wrote:
>> I assume you are using OpenSSL 1.0.2?
>>
>> s->s2 has nothing to do with TLSv1.2. That's for SSLv2 and has been removed
>> from
>> later versions. In 1.0.2 you need to be looking at s->s3->write_sequence and
>> s->s3->write_sequence. It's changed
> I assume you are using OpenSSL 1.0.2?
>
> s->s2 has nothing to do with TLSv1.2. That's for SSLv2 and has been removed
> from
> later versions. In 1.0.2 you need to be looking at s->s3->write_sequence and
> s->s3->write_sequence. It's changed location in later releases.
>
> Matt
>
Sorry for conf
On 26/09/2019 06:42, ratheesh kannoth wrote:
> Hi list,
>
> i am trying to understand write sequence number and read sequence
> number. Setup is simple client server with tls v1.2.
>
> when i made write sequence number to 0 (ssl/t1_enc.c -->
> s->s2->write_se
Hi list,
i am trying to understand write sequence number and read sequence
number. Setup is simple client server with tls v1.2.
when i made write sequence number to 0 (ssl/t1_enc.c -->
s->s2->write_sequence to 0). i commented out all increment operate on
write_sequence number. B
On 7/3/2019 4:30 PM, Viktor Dukhovni wrote:
On Jul 3, 2019, at 2:41 PM, Ken Goldman wrote:
That link points to the X509_dup page. It doesn't explain how to
build a DER sequence, does it?
The documentation is incomplete, and much RTFS is required, but it
and code pointers should ge
On Jul 3, 2019, at 2:41 PM, Ken Goldman wrote:
> That link points to the X509_dup page. It doesn't explain how to
> build a DER sequence, does it?
The documentation is incomplete, and much RTFS is required, but it
and code pointers should get you started.
--
Viktor.
.html
That link points to the X509_dup page. It doesn't explain how to
build a DER sequence, does it?
On 7/1/2019 5:19 PM, Viktor Dukhovni wrote:
On Jun 25, 2019, at 10:59 AM, Ken Goldman wrote:
I have to build a DER byte stream for a sequence containing:
algorithm ID
issuer
validity
subject name
extensions
What is the general approach?
See for
On Mon, Jul 01, 2019 at 09:40:25PM +, Salz, Rich via openssl-users wrote:
> >I see those macros, but ... is there any documentation?
>
> No.
There's a high-level overview at:
https://www.openssl.org/docs/manmaster/man3/X509_dup.html
--
Viktor.
>I see those macros, but ... is there any documentation?
No.
> On Jun 25, 2019, at 10:59 AM, Ken Goldman wrote:
>
> I have to build a DER byte stream for a sequence containing:
>
> algorithm ID
> issuer
> validity
> subject name
> extensions
>
> What is the general approach?
See for exa
On 6/26/2019 11:34 AM, Salz, Rich via openssl-users wrote:
Do I construct a sequence and add items to it - top down?
No, because then you have to go back and patch the sequence length and perhaps
slide everything up or down a copule of bytes.
I would look at an existing simple sequence
On 6/26/2019 11:34 AM, Salz, Rich via openssl-users wrote:
Do I construct a sequence and add items to it - top down?
No, because then you have to go back and patch the sequence length and perhaps
slide everything up or down a copule of bytes.
I would look at an existing simple sequence
Do I construct a sequence and add items to it - top down?
No, because then you have to go back and patch the sequence length and perhaps
slide everything up or down a copule of bytes.
I would look at an existing simple sequence and start writing your own based on
that; look for
I have to build a DER byte stream for a sequence containing:
algorithm ID
issuer
validity
subject name
extensions
What is the general approach?
Is there openssl support for this?
Do I construct a sequence and add items to it - top down?
Or do I
I know how to add simple extension (oid + str), for example
```
nid = OBJ_create("1.2.3.4", "shortname", "long name");
ASN1_OCTET_STRING_set(os, "ext value", 9);
ex = X509_EXTENSION_create_by_NID( NULL, nid, 0, os );
sk_X509_EXTENSION_push(exts, ex);
```
I want to learn how I can add extension wi
I can successfully deconstruct an an ECDSA Signature Sequence, but now I
need
to construct it, and I am getting lost.
The format I need to build is:
sECDSA-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER }
I have r and s as buffers in the same format as returned from:
d2i_ASN1_INTEGER() if one
Hi,
(Apologies if this was sent multiple times; I'm experiencing some technical
difficulties.)
I'm working on a CSR-generating API using OpenSSL 1.0.2m.
My question is: does OpenSSL do any sort of reordering of the entries in an
ASN1 sequence? Specifically, when encoding a post
Hi,
I'm working on a CSR-generating API using OpenSSL 1.0.2m. My question is:
does OpenSSL do any sort of reordering of the entries in an ASN1 sequence?
Specifically, when encoding a postal address X509_ATTRIBUTE.
Background:
To create a postal address X509_ATTRIBUTE, I'
Hi,
I'm working on a CSR-generating API using OpenSSL 1.0.2m. My question is:
does OpenSSL do any sort of reordering of the entries in an ASN1 sequence?
Specifically, when encoding a postal address X509_ATTRIBUTE.
Background:
To create a postal address X509_ATTRIBUTE, I'
Damn the semicolon at the end :(
Sorry for the noise.
Thanks and Regards,
Ajay
On Mon, Oct 10, 2016 at 11:23 AM, Ajay Garg wrote:
> [Thanks Viktor, I made the change as suggested by you in the other
> incomplete email that I sent accidentally].
>
>
> Hi All.
>
> We are just dealing with the cl
[Thanks Viktor, I made the change as suggested by you in the other
incomplete email that I sent accidentally].
Hi All.
We are just dealing with the client-side, and following are the steps ::
#
S
> On Oct 10, 2016, at 1:25 AM, Ajay Garg wrote:
>
>solitary_ssl_ctx = SSL_CTX_new(TLSv1_2_client_method());
Don't use TLSv1_2_client_method(), instead use either:
SSLv23_client_method() -- OpenSSL <= 1.0.2
TLS_client_method() -- OpenSSL >= 1.1.0
If you want to disable
Hi All.
We are just dealing with the client-side, and following are the steps ::
SSL_library_init();
OpenSSL_add_ssl_algorithms();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ERR_load_crypto_strings();
solitary_ssl_ctx = SSL_CTX_new(TLSv1_2_client_method());
Sorry, the "send" button was clicked accidentally :(
On Mon, Oct 10, 2016 at 10:55 AM, Ajay Garg wrote:
> Hi All.
>
> We are just dealing with the client-side, and following are the steps ::
>
> SSL_library_init();
> OpenSSL_add_ssl_algorithms();
> OpenSSL_add_all_algorithms();
>
I required to do
the seeding after calling FIPS_mode_set() or is it OK for me to call it
before as well?
Also, what about the calls to initialization functions like
SSL_library_init() ?
I'd really appreciate if someone could help me understand the proper
sequence of these function calls fro
contains a
> > > DER encoded Sequence and extract the contents of the Sequence as an
> > > ASN1_STRING. Essentially, I want to construct an ASN1 object of the
> > > Sequence. I guess I could manually parse the Sequence (and deal with
> > > the different types o
On Thursday, September 22 at 08:41AM, Dominik Oepen wrote:
>
> Am 21.09.2011 23:27, schrieb Chang Lee:
> > Does anyone know of a way to take an ASN1_OCTET_STRING that contains a
> > DER encoded Sequence and extract the contents of the Sequence as an
> > ASN1_STRING.
using the templates and macros
> not
> > a viable option?
> >
>
> Well it would work but you'd have to parse the whole structure which isn't
> necessary if you just want to skip the SEQUENCE header. Even then when you
> outputted the structure you'd get
structure which isn't
necessary if you just want to skip the SEQUENCE header. Even then when you
outputted the structure you'd get the SEQUENCE header again.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now avail
#x27;m trying to parse the content of an ASN1_OCTET_STRING, which I
> know/expect
> > to be a DER encoded SEQUENCE, into an object. I need to do this because
> I'm
> > trying to verify an Authenticode signature. I need to generate a digest
> of
> > the conten
On Thu, Sep 22, 2011, Chang Lee wrote:
> I'm trying to parse the content of an ASN1_OCTET_STRING, which I know/expect
> to be a DER encoded SEQUENCE, into an object. I need to do this because I'm
> trying to verify an Authenticode signature. I need to generate a digest of
&g
I'm trying to parse the content of an ASN1_OCTET_STRING, which I know/expect
to be a DER encoded SEQUENCE, into an object. I need to do this because I'm
trying to verify an Authenticode signature. I need to generate a digest of
the contents of the signedData sans the type & len
On Thu September 22 2011, Chang Lee wrote:
> Thanks Dominik for the tip. Actually, I have been poring over the OpenSSL
> code, though we're using the 0.9.8 branch, hoping to find a built-in
> primitive SEQUENCE to use but to no avail. As you say, there are templates
> for primit
On Thu, Sep 22, 2011, Chang Lee wrote:
> Thanks Dominik for the tip. Actually, I have been poring over the OpenSSL
> code, though we're using the 0.9.8 branch, hoping to find a built-in
> primitive SEQUENCE to use but to no avail. As you say, there are templates
> for primitive
On Thu, Sep 22, 2011, Dominik Oepen wrote:
>
> However, I'm not exactly sure whether or not the ASN1 subsystem is meant
> to be used outside of OpenSSL. I couldn't find a lot of documentation
> about it and learned how to use it by reading the source. Maybe one of
> the OpenSSL developers could c
Thanks Dominik for the tip. Actually, I have been poring over the OpenSSL
code, though we're using the 0.9.8 branch, hoping to find a built-in
primitive SEQUENCE to use but to no avail. As you say, there are templates
for primitives and I looked at how the PKCS7 was composed from
Am 21.09.2011 23:27, schrieb Chang Lee:
> Does anyone know of a way to take an ASN1_OCTET_STRING that contains a
> DER encoded Sequence and extract the contents of the Sequence as an
> ASN1_STRING. Essentially, I want to construct an ASN1 object of the
> Sequence. I guess I could ma
Does anyone know of a way to take an ASN1_OCTET_STRING that contains a DER
encoded Sequence and extract the contents of the Sequence as an ASN1_STRING.
Essentially, I want to construct an ASN1 object of the Sequence. I guess I
could manually parse the Sequence (and deal with the different types
On Fri, Feb 18, 2011, massimo.ra...@libero.it wrote:
> Hello
> I have a problem with the order of the SEQUENCE in the signed attributes:
>
> I read with the function
> cms = d2i_CMS_bio(in, NULL);
> a signed file that has the signed attributes in this order:
>
Hello
I have a problem with the order of the SEQUENCE in the signed attributes:
I read with the function
cms = d2i_CMS_bio(in, NULL);
a signed file that has the signed attributes in this order:
- content type
- message digest
- signing certificate v2
- signing Time
when I
> This actually addresses both the questions. In the distant past some
> applications encoded certificate requests incorrectly and/or required an
> incorrect encoding. That is there to tolerate and/or generate such stuff.
thanks.
_
On Mon, Jan 5, 2009 at 4:22 AM, Dr. Stephen Henson wrote:
>
> This actually addresses both the questions. In the distant past some
> applications encoded certificate requests incorrectly and/or required an
> incorrect encoding. That is there to tolerate and/or generate such stuff.
>
> Steve.
Is t
On Mon, Jan 05, 2009, Giang Nguyen wrote:
>
> A side question: what exactly does this "which is wrong" comment
> mean? :)
>
> typedef struct x509_attributes_st
> ...
> int single; /* 0 for a set, 1 for a single item (which is wrong) */
> union {
> ...
> } X509_ATTRIBUTE;
>
This
1987-1999 Bruce Perens
0:d=0 hl=4 l= 460 cons: SEQUENCE
4:d=1 hl=4 l= 309 cons: SEQUENCE
8:d=2 hl=2 l= 1 prim: INTEGER :00
11:d=2 hl=2 l= 69 cons: SEQUENCE
13:d=3 hl=2 l= 11 cons: SET
15:d=4 hl=2 l= 9 cons: SEQUENCE
17:d=5 hl=2 l= 3 prim: OBJECT
I'm trying to add an ASN1 set to an ASN1 sequence with following code:
unsigned char *p, *p_;
ASN1_STRING *seq, *set;
ASN1_OBJECT *oid_1, *oid_2;
unsigned char *data, *data_;
int i, j, k, total;
// SET
oid_1 = OBJ_nid2obj(NID_pkcs7
4_CHAR::aix_ppc32.o::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR
).\$(SHLIB_MINOR)::-X 32",
However, the problem is that the colon in the flag itself is treated as
the delimiter. I want to know if there is any escape character
(sequence) that I can use to retain the meaning of colon i
> In fact I'm using a custom BIO to interface between OpenSSL and some
> custom buffer structures. If I hadn't misread the protocol, for
> application data, SSL_write() should be able to proceed even when a
> SSL_read() returned WANT_READ. But what about rehandshake? If the
> SSL_read() returned W
> When using nonblocking BIO, can SSL_write(ssl, ...) be called right
> after a SSL_read(ssl, ...) "returned" SSL_ERROR_WANT_READ/WRITE? Or vice
> versa, please?
Of course. You can attempt to send or receive any time you want to.
DS
_
On Mon, 15 May 2006 22:07:17 -0400 (EDT), "Mikhail Kruk"
<[EMAIL PROTECTED]> said:
> Assuming that we are talking about a regular tcp non-blocking socket, the
> answer is yes. SSL_read() is just telling you that your request can't be
> satisfied at the moment and should be retried after more da
On Tue, 16 May 2006, Wei Li wrote:
On Mon, 15 May 2006 21:40:22 -0400 (EDT), "Mikhail Kruk"
<[EMAIL PROTECTED]> said:
When using nonblocking BIO, can SSL_write(ssl, ...) be called right
after a SSL_read(ssl, ...) "returned" SSL_ERROR_WANT_READ/WRITE? Or vice
versa, please?
Always assume that
On Mon, 15 May 2006 21:40:22 -0400 (EDT), "Mikhail Kruk"
<[EMAIL PROTECTED]> said:
> > When using nonblocking BIO, can SSL_write(ssl, ...) be called right
> > after a SSL_read(ssl, ...) "returned" SSL_ERROR_WANT_READ/WRITE? Or vice
> > versa, please?
>
> Always assume that a non-blocking SSL_read a
Always assume that a non-blocking SSL_read and SSL_write can return both
WANT_READ and WANT_WRITE. It's not as difficult as they want you to
think.
When using nonblocking BIO, can SSL_write(ssl, ...) be called right
after a SSL_read(ssl, ...) "returned" SSL_ERROR_WANT_READ/WRITE? Or vice
vers
When using nonblocking BIO, can SSL_write(ssl, ...) be called right
after a SSL_read(ssl, ...) "returned" SSL_ERROR_WANT_READ/WRITE? Or vice
versa, please?
Thanks.
--
Regards,
Wei
--
http://www.fastmail.fm - Send your email first class
__
; (1) what was just going on during the negotiation and security
> connection setup? The sequence of the handshaking.
> (2) Is the public key part of the certificate being passed to the
> client?
> (3) Did the server authenticate the client in this process? or there is
> no authentication in t
Xie Grace Jingru-LJX001 wrote:
(1) what was just going on during the negotiation and security
connection setup? The sequence of the handshaking.
(2) Is the public key part of the certificate being passed to the
client?
(3) Did the server authenticate the client in this process? or there is
no
, the certificate then is loaded
and accepted by the browser. The HTTPS server and the client (browser)
can now talk via HTTPS connection.
Could you explain --
(1) what was just going on during the negotiation and security
connection setup? The sequence of the handshaking.
(2) Is the public key part
tc). So, I want my sequence class to
handle only the decoding of the sequence, and return a
stack with the members, and each member will be
decoded by its own class.
I also thought of re-encoding the data returned by
ASN1_seq_unpack_ASN1_TYPE, but I want to know if this
is the only way to d
On Thu, Feb 02, 2006, Enis Arif wrote:
> Please, if someone can give me an answer to my
> problem, because I have to take a decision to use
> openssl for the project or not. Is it feasible to
> modify the d2i_ASN1_SET/ASN1_item_d2i/ASN1_item_ex_d2i
> behavior or is it an easier way to do it?
>
I
Please, if someone can give me an answer to my
problem, because I have to take a decision to use
openssl for the project or not. Is it feasible to
modify the d2i_ASN1_SET/ASN1_item_d2i/ASN1_item_ex_d2i
behavior or is it an easier way to do it?
__
Do
Hello,
I have a problem with sequence unpacking. Given the
following code
ASN1_TYPE *at = NULL;
STACK_OF(ASN1_TYPE) *st = NULL;
st = ASN1_seq_unpack_ASN1_TYPE(asn1->get_data(),
asn1->get_len(), d2i_ASN1_TYPE, ASN1_TYPE_free);
if I call
at = sk_ASN1_TYPE_value (st, 0)
I get the se
>
>If you just want to encode that one structure (as opposed to embedding it
in
>another) then check out and adapt the definition of GENERAL_NAMES in
>crypto/x509v3/v3_genn.c
>
Thank you for point!
http://www.e-mail.ru
ÔÅÄÅÐÀËÜÍÀß ÏÎ×ÒÎÂÀß ÑËÓÆÁÀ E-MAIL.RU
http://www.e-mail.ru
Òîëüêî äî 31 äåêàáðÿ
On Tue, Dec 27, 2005, Vadim Godunko wrote:
> Hello,
>
> How I may encode/decode of
>
> SEQUENCE SIZE (1 .. MAX) OF Ceritificate
>
> from/to STACK_OF(X509)?
If you just want to encode that one structure (as opposed to embedding it in
another) then check out and ad
Hello,
How I may encode/decode of
SEQUENCE SIZE (1 .. MAX) OF Ceritificate
from/to STACK_OF(X509)?
http://www.e-mail.ru
ÔÅÄÅÐÀËÜÍÀß ÏÎ×ÒÎÂÀß ÑËÓÆÁÀ E-MAIL.RU
http://www.e-mail.ru
Òîëüêî äî 31 äåêàáðÿ êîìïàíèÿ "Êëþ÷ ÏëàñòÊîíñòðóêòîð" ïðåäëàãàåò ñêèäêè äî 32%
íà ïëàñòèêîâûå îê
Hi,
I need some advice.
Am making use of the atalla engine code, but the engine
functions are not being called. By making use of printf, I tried to
find out the initialization sequence. I found:
1. RAND_get_rand_method is being called even before the engine has
been registered. It tries
Hi,
I need some advice.
Am making use of the atalla engine code, but the engine
functions are not being called. By making use of printf, I tried to
find out the initialization sequence. I found:
1. RAND_get_rand_method is being called even before the engine has
been registered. It
Hello all,
Netscape browsers fail on our site if the DHE-RSA-AES128-SHA cipher is
enabled on the browser. I have tried for many hours to use the "openssl
ciphers" command on the web server to push this cipher to the end of the
list, without any luck.
Am I attacking the problem correctly, or am I
On Fri, Jun 25, 2004, Olkovikas, James wrote:
>
> Hello all,
>
> Netscape browsers fail on our site if the DHE-RSA-AES128-SHA cipher is
> enabled on the browser. I have tried for many hours to use the "openssl
> ciphers" command on the web server to push this cipher to the end of the
> list, wit
Hello all,
Netscape browsers fail on our site if the DHE-RSA-AES128-SHA cipher is
enabled on the browser. I have tried for many hours to use the "openssl
ciphers" command on the web server to push this cipher to the end of the
list, without any luck. What really confuses me is our test server has
:asn1 encoding routines:d2i_X509:expecting an asn1
sequence.
FWIW, everything works, if I don't use mod_perl.
Thanks.
Jeff Slonaker
__
OpenSSL Project http://www.openssl.org
User Support Ma
[EMAIL PROTECTED] wrote:
>
> Hi all,
> I want to wrap data into the SEQUENCE (PKCS#1)
>
> DigestInfo ::= SEQUENCE {
> digestAlgorithm DigestAlgorithmIdentifier,
> digest Digest
> }
>
> and then DER encode it.
>
> Using OpenSSL 0.9.6b (EVP and A
Hi all,
I want to wrap data into the SEQUENCE (PKCS#1)
DigestInfo ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest
}
and then DER encode it.
Using OpenSSL 0.9.6b (EVP and ASN1 routines) I'm able to obtain the
digested data as OCTET STRING, but how can I
ror
>keytool error: java.security.cert.CertificateException: IOException:
>Sequence tag error
>when i try to import s sign certificate into the keystore (JDK 1.3 on
>Solaris 8) keytool.
> I have seen a lot of posting on this on the web but no resolution Can
>any
Rich Salz wrote:
>
> > I suppose there is no open-source project working on a general-purpose
> > ASN.1 compiler and library?
>
> There's SNACC and its various derivatives.
>
> I dunno, in the PKI world, it's hard to see anyone creating any new
> ASN.1 datatypes, and cranking up a whole compile
Antonio Ruiz Martínez wrote:
>
>
> I'm interesting in doing it with the version 0.9.6. Have you any example
> like the above example? It says, I want to create an instance of a sequence
> whith two components, for example. An example simple for to know how can I
> cr
Antonio Ruiz Martínez wrote:
>
> Hello!
>
> I want to do this code, but I want to do it with the openSSL 0.9.6
> because with the
> latest snapshot I can't do it. I can't get the static version of the
> library for windows.
>
> typedef struct some_struct_st
> {
> ASN1_PRINTABLES
Hello!
I want to do this code, but I want to do it with the openSSL 0.9.6
because with the
latest snapshot I can't do it. I can't get the static version of the
library for windows.
typedef struct some_struct_st
{
ASN1_PRINTABLESTRING * a;
ASN1_PRINTABLESTRING * b;
error follows)
[29/Jan/2001 10:30:46 05379] [error] OpenSSL: error:0D09F007:asn1 encoding
routines:d2i_X509:expecting an asn1 sequence
Used packages are:
Apache 1.3.12
OpenSSL 0.9.5a
mod_ssl 2.6.6.-1.3.12
Operating System is Linux RH6.1
Thank you for your help in advance
best regards,
Markus
Thanks to Dr Stephen, the solution was convert the certificate file to
PEM format (it was in PCKS#7):
First change the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines to
"BEGIN PKCS7"/"END PKCS7" and then run "openssl pkcs7 -in server.gid
-out certs.pem -print_certs".
[]s,
Sergio Salvi.
eply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: "expecting an asn1 sequence" error - HELP!
>
> Hi guys!
>
> I'm having the following problem when trying to start apache 1.3.11 with
> mod_ssl 2.5.0 and op
oding routines:d2i_X509:expecting an
asn1 sequence
In my apache conf file:
---
SSLEnable
SSLCertificateFile /usr/local/ssl/certs/server.gid
SSLCertificateKeyFile /usr/local/ssl/private/server.key
SSLCertificateChainFile /usr/local/ssl/certs/verisign.chain
SSLLogLevel trace
---
Where server.gid is a base6
Hi!
Wasn't it decided that NOPROTO would be a thing of the past
because much of the new stuff is ANSI C?
Ulrich
--- "Ralf S. Engelschall" <[EMAIL PROTECTED]> wrote:
>
> In article <[EMAIL PROTECTED]> you wrote:
> >
> > I compiled 0.9.2b and at first forgot to run Configure, which
> > brought
In article <[EMAIL PROTECTED]> you wrote:
>
> I compiled 0.9.2b and at first forgot to run Configure, which
> brought to my attention that -DNOPROTO in crypto/asn1/asn1.h
> excludes the definitions of IS_SET and IS_SEQUENCE which breaks
> compilation.
Thanks of the patch. It's now comitted for
85 matches
Mail list logo
