Hi team,
Do you know how to programmatically specify the path of fipsmodule.cnf and load
it in application without using openssl.cnf in OpenSSL 3.0?
Historically, my product uses customized OpenSSL and doesn't have an
openssl.cnf.
I need to use FIPS module, and I try to load it, it fails un
On Fri, Sep 25, 2020 at 10:01:18AM -0700, PGNet Dev wrote:
> > Where's the recording of the successful transmission to port 465 (and
> > not say 587).
>
> you asked for a capture of the _failed_ transaction.
I had intended to ask for both, hard to compare otherwise. Good luck.
--
Viktor.
On 9/25/20 8:55 AM, Viktor Dukhovni wrote:
> Well, I expected you to post a working and non-workin trace for the
> *same* server endpoint, with the good and bad configuration.
>
> Secondly,
(snip)
> Where's the recording of the successful transmission to port 465 (and
> not say 587).
you asked f
eartext "QUIT" sent by the client strongly suggests that's not the
case. Miracles may happen, but otherwise the only explanation is that
the working connections also differed in additional ways beyond the
ChaCha preference.
> again, the ONLY thing that changed between the 'w
On 9/25/20 12:18 AM, Viktor Dukhovni wrote:
> On Thu, Sep 24, 2020 at 09:26:26PM -0700, PGNet Dev wrote:
> I must lodge a complaint on wasting my time here
seems your're done, then.
thx anyway.
> you intimated that just changing openssl.cnf makes the difference.
i didn't &#
cit TLS).
You have to either configure Dovecot to submit to port 587 (or similar)
that does not do TLS wrapper-mode (implicit TLS). Or configure it
to use implicit TLS.
I must lodge a complaint on wasting my time here, you intimated that
just changing openssl.cnf makes the difference. But th
On 9/24/20 9:13 PM, Viktor Dukhovni wrote:
> On Thu, Sep 24, 2020 at 08:30:35PM -0700, PGNet Dev wrote:
> Is that really the session you intended to capture.
Interestingly phrased!
The intention was to capture the tcp data 'thru' the failed event.
That^^ is the data streamed to console, with th
On Thu, Sep 24, 2020 at 08:30:35PM -0700, PGNet Dev wrote:
> for this instance with
>
> dovecot --version
> 2.3.10.1 (a3d0e1171)
> postconf mail_version
> mail_version = 3.5.7
> openssl version
> OpenSSL 1.1.1g FIPS 21 Apr 2020
>
>
tls_preempt_cipherlist = yes
enabling postfix's cipher-suite prefs
and with
tls_preempt_cipherlist = no
which iiuc uses the openssl.cnf 'global' setting
> Secondly, the effect of "prefer chacha" is to just synthesize a
> transient ordered list of s
On Thu, Sep 24, 2020 at 06:43:05PM -0700, PGNet Dev wrote:
> Been awhile since I 'de-noised' a comms dump; I'll dust off my notes, & work
> on getting a useful/relevant PCAP file ...
# tcpdump -s0 -w /some/file tcp port 12345
^C
# tcpdump -r /some/file 'tcp[13] & 0x12 == 2'
On 9/24/20 5:51 PM, Viktor Dukhovni wrote:
>> again, the _only_ change between the two submissions is the addition of the
>> "ServerPreference" option to the openssl.cnf config.
>
> This looks like the protocol version is no longer TLS 1.3 as a result,
> and one s
t;
> > Is there something in your Postfix configuration that resembles that
> > particular blob? If so, it should not be there...
>
> yep. now removed ...
That's very likely to have been the cause of the problem. That setting
was not valid as a TLS <= 1.2 cipher
. now removed ...
with postfix's tls log level dialed back down
-o smtpd_tls_loglevel=1
and its
tls_high_cipherlist
back to default
simplifying
/etc/pki/tls/openssl.cnf
openssl_conf = default_conf
[default_conf]
ssl_conf =
On Wed, Sep 23, 2020 at 02:11:50PM -0700, PGNet Dev wrote:
> /etc/pki/tls/openssl.cnf
> openssl_conf = default_conf
>
> [default_conf]
> ssl_conf = ssl_sect
>
> [ssl_sect]
> system_defau
i've got two servers communicating over ssl.
comms between them work if
/etc/pki/tls/openssl.cnf
includes
Options = PrioritizeChaCha
but fail if 'ServerPreference'
(cref:
Undocumented openssl.cnf options and PrioritizeChaCha
It is weird. MacOS 10.14.6, Xcode-10.3, OpenSSL-1.1.1c (Macports-installed),
current master of libp11.
Symptoms: when PKCS#11 engine is defined, git hangs upon HTTPS retrieval. If I
comment the engine out in openssl.cnf, or tell git to not load openssl.cnf - it
works fine:
$ openssl version
I provide Windows binaries for wget, which I link statically, to make
wget.exe completely self-contained, and I use OpenSSL as the crypto
backend. This worked fine for years, but when I updated OpenSSL to
1.1.1b for the latest wget release, wget is now failing on some
systems with "Disabling SSL du
Hi Dave,
Thank you for your answer.
Cordialement,
*Benjamin Dupalut*
Ingénieur système et réseau
Service Informatique, Télécommunications, Audiovisuel et Reprographie
(SITAR)
ESIEE Paris
2 bd Blaise Pascal - 93162 Noisy-le-Grand Cedex
T : +33 1 45 92 66 17
benjamin.dupa...@esiee.fr
www.esiee.fr
Hello,
That syntax looks correct, yes. It belongs in the [section] name you are
passing to the "-extensions" argument on the "openssl ca" command when issuing
the certificate.
I hope this helps.
-Dave
> On Oct 2, 2018, at 05:47, DUPALUT, Benjamin wrote:
>
> Hello,
>
> Does anyone, pleas
Hello,
Does anyone, please, have informations about my question ?
Thanks in advance.
Cordialement,
*Benjamin Dupalut*
Ingénieur système et réseau
Service Informatique, Télécommunications, Audiovisuel et Reprographie
(SITAR)
ESIEE Paris
2 bd Blaise Pascal - 93162 Noisy-le-Grand Cedex
T : +33 1 4
Hello,
i Have to set a SubjectAltName for a server certificate but documentations
on the web does not provide the same syntax.
Is this syntax correct ?
subjectAltName=DNS:test.example.com
Also, does it belong in the [ usr_cert ] section ?
Thank you for your help.
Regards,
*Benjamin Dupalut*
Hi All,
I am looking for an option in "openssl.cnf" file to control the signature
algorithms supported by an OpenSSL based TLS client application which it
lists in the "Client Hello" message and also the signature algorithm used
for signing the Client "CertificateVe
Hi,
On 13 October 2017 at 12:03, lists wrote:
> On 10/10/2017 05:40 PM, Jorge Novo wrote:
>
> As most of us know, the Google Chrome Navigator ask about Subject
> Alternative Name instead the Common Name.
>
> I want to distribute a little *openssl.cnf* file for creation the C
On 10/10/2017 05:40 PM, Jorge Novo wrote:
Hi everyone,
As most of us know, the Google Chrome Navigator ask about Subject
Alternative Name instead the Common Name.
I want to distribute a little /openssl.cnf/ file for creation the CSR
files with my specific values and establish the Subject
Hi everyone,
As most of us know, the Google Chrome Navigator ask about Subject
Alternative Name instead the Common Name.
I want to distribute a little *openssl.cnf* file for creation the CSR files
with my specific values and establish the Subject Alternative Name = Common
Name. I want yo ask
> On Sep 24, 2016, at 7:16 PM, Salz, Rich wrote:
>
>>
>> Mr. Neugroschl's quest for a simple solution does bring up -- in my
>> user-oriented opinion -- a very good follow-on question: "Why cannot a
>> config file be utilized by openssl to simply give access based on an
>> allow/deny mechani
> Mr. Neugroschl's quest for a simple solution does bring up -- in my
> user-oriented opinion -- a very good follow-on question: "Why cannot a config
> file be utilized by openssl to simply give access based on an allow/deny
> mechanism that would give users system-wide control in a single plac
Mr. Neugroschl's quest for a simple solution does bring up -- in my
user-oriented opinion -- a very good follow-on question: "/Why cannot a config
file be utilized by openssl to simply give access based on an allow/deny
mechanism that would give users system-wide control in a single place?"./
On 23 September 2016 at 17:13, Scott Neugroschl wrote:
> Hi,
>
>
>
> I’m afraid the man page on the conf file is not particularly clear. I’m
> looking at mitigating CVE-2016-2183 (SWEET32), and am not sure how to
> disable the DES and 3DES suites in the conf file.
>
> Can someone give me a hand
Hi,
I'm afraid the man page on the conf file is not particularly clear. I'm
looking at mitigating CVE-2016-2183 (SWEET32), and am not sure how to disable
the DES and 3DES suites in the conf file.
Can someone give me a hand?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian St
hello,
i am running el5 with unmodified openssl.cnf file and have a program that uses
the openssl libraries but is stupid enough to not offer some parameters to
configure cert and cacert ("check_nrpe").
This programs source code initializes the openssl lib
hello,
i am running el5 with unmodified openssl.cnf file and have a program that uses
the openssl libraries but is stupid enough to not offer some parameters to
configure cert and cacert ("check_nrpe").
This programs source code initializes the openssl lib
Hi all,
I just starting to play around with OpenSSL and want to create a private CA.
If I put all of the required information into the openssl.cnf and request a
certificate with the following command
openssl req \
-config ./openssl.cnf \
-newkey rsa \
-subj /CN
-Win64\bin directory:
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Unable to load config info from /usr/local/ssl/openssl.cnf
This is not a valid path on my Windows box.openssl.cnf resides in
C:\OpenSSL-Win64\bin. I verified the system PATH is correct also. Any
ideas?
T
-boun...@openssl.org] On Behalf Of
Salz, Rich
Sent: Thursday, June 4, 2015 6:18 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] OpenSSL.cnf File path
> > WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Set OPENSSL_CONF in
> > WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Set OPENSSL_CONF in your environment.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
running
> into the following error when the command to generate the .csr file is
> issued from the C:\OpenSSL-Win64\bin directory:
>
>
>
> WARNING: can't open config file: /usr/local/ssl/openssl.cnf
>
> Unable to load config info from /usr/local/ssl/openssl.cnf
>
x27;t open config file: /usr/local/ssl/openssl.cnf
Unable to load config info from /usr/local/ssl/openssl.cnf
This is not a valid path on my Windows box.openssl.cnf resides in
C:\OpenSSL-Win64\bin. I verified the system PATH is correct also. Any
ideas?
Thanks.
> No, if it's file permissions you get EPERM. EACCESS is weirder things like
> opening a directory fopen(), see
> https://msdn.microsoft.com/en-us/library/5814770t.aspx
Ah, thanks. Okay, we can fix that :)
___
openssl-users mailing list
To unsubscrib
On 23 January 2015 at 17:22, Salz, Rich wrote:
> Thanks for the links. I understand it's a real issue. The concern is
> will windows return EACCESS for cases when there really is access denied?
>
>
No, if it's file permissions you get EPERM. EACCESS is weirder things like
opening a directory f
> Or are we talking about something other than OPENSSL_config() exiting
> when the config file cannot be read?
It's a variant of this. File not existing is silently ignored. Windows will
return EACCESS if the drive isn't ready, and that is not silently ignored. The
concern is if windows will
On Fri, Jan 23, 2015 at 05:22:22PM +, Salz, Rich wrote:
> Thanks for the links. I understand it's a real issue. The
> concern is will windows return EACCESS for cases when there really
> is access denied?
I think we're asking the wrong questions here. Whatever the error,
the decision to co
Thanks for the links. I understand it's a real issue. The concern is will
windows return EACCESS for cases when there really is access denied?
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
The ones I can find are:
http://rt.openssl.org/Ticket/Display.html?id=3263
http://rt.openssl.org/Ticket/Display.html?id=2644
http://rt.openssl.org/Ticket/Display.html?id=3488
Two which seem to be suggesting the same fix. I'm also aware of bugs in
the Qt bug tracker, my work's internal bug tracker
On Fri, Jan 23, 2015 at 04:06:47PM +, Richard Moore wrote:
> > This is an interesting one because the problem is clear - the openssl
> > utility exits if it gets any error other than "file doesn't exist" trying
> > to open its configuration file - but the solution is not.
>
> The real problem
> There's been a patch that's been ignored in the bug tracker for ages to at
> least minimise this problem on Windows by treating EACCESS the same as EPERM
> to handle the case of removable disks.
Do you know the ticket number? I vaguely recall it but can't find immediately
find it. I know wh
On 23 January 2015 at 15:04, Michael Wojcik
wrote:
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> > Of Koehne Kai
> > Sent: Friday, January 23, 2015 04:03
> > To: openssl-users@openssl.org
> > Subject: Re: [openssl-users] missing defa
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Koehne Kai
> Sent: Friday, January 23, 2015 04:03
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes
> failure on AIX, warning on al
/usr/local/ssl/openssl.cnf causes
failure on AIX, warning on all others
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Salz, Rich
> Sent: Thursday, January 22, 2015 16:37
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] missing defaul
> -Original Message-
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Michael Wojcik
> Sent: Thursday, January 22, 2015 11:34 PM
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf c
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich
> Sent: Thursday, January 22, 2015 16:37
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes
> failure on AIX, warning on a
) {fopen("/usr/local/ssl/openssl.cnf", "rb"); perror("fopen");
And what happens if some of the directories on the path don't exist?
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich
> Sent: Thursday, January 22, 2015 13:22
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes
> failure on AIX, war
+-+-+-+-+-+-+-+-+-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Michael Wojcik
Sent: Thursday, January 22, 2015 4:16 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes
failure on AIX, warning on all others
(Apologies
(Apologies for the top-post; Outlook does not deal properly with HTML email.)
If open, called by fopen, actually is setting EPERM, then one of the following
should be true:
- /usr/local/ssl/openssl.cnf exists but the user does not have read permission
on it
- Either /usr/local or /usr/local
Salz, Rich
Sent: Thursday, January 22, 2015 1:22 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes
failure on AIX, warning on all others
> None of the hosts we've visited have /usr/local/ssl, not to mention the
> actual default fil
> None of the hosts we've visited have /usr/local/ssl, not to mention the
> actual default file. In fact, on some, even non-AIX hosts, permissions would
> suggest that the permission should be returned.
Not sure what that last sentence means.
> Should this be happening? Is AIX simply less for
Hi. I'm running openssl CLI 1.0.1j (for example) on a bunch of different unix
platforms. On all of them, the default missing /usr/local/ssl/openssl.cnf
causes a warning, but the CLI continues to initialize and opens the command
line. We've known about this behavior s
> Does the openssl library not read the config file thereby enforcing what is
> available to all applications that use the openssl library?
No it does not.
> What behaviour exists within the openssl library when it is built and
> configured with options to disable certain protocols or ciphers tha
On Thu, 16 Oct 2014, Erwann Abalea wrote:
Would you like all your OpenSSL-enabled applications to be configured all the
same, with the same protocols and same ciphersuites?
No. I was just wondering whether it was possible to exclude support for
SSLv3 at runtime in one place for all openssl-en
Does the openssl library not read the config file thereby enforcing
what is available to all applications that use the openssl library?
Or am I being too optimistic?
What behaviour exists within the openssl library when it is built and
configured with options to disable certain protocols or ciphe
Would you like all your OpenSSL-enabled applications to be configured
all the same, with the same protocols and same ciphersuites?
--
Erwann ABALEA
Le 15/10/2014 23:56, Todd Pfaff a écrit :
I'd like to be able to disable SSLv3 for all openssl-enabled applications
in a single configuration file
Hello Rich,
Unfortunately not all applications read the openssl config file...
On Thu, Oct 16, 2014 at 2:53 AM, Salz, Rich wrote:
> > > I'd like to be able to disable SSLv3 for all openssl-enabled
> > > applications in a single configuration file if possible, so that this
> > > doesn't have to
> > I'd like to be able to disable SSLv3 for all openssl-enabled
> > applications in a single configuration file if possible, so that this
> > doesn't have to be done for each application.
>
> No it's not possible.
>
> Not enhancement idea, tho.
AARGH. "Nice" enhancement idea.
--
Principal S
> I'd like to be able to disable SSLv3 for all openssl-enabled applications in a
> single configuration file if possible, so that this doesn't have to be done
> for
> each application.
No it's not possible.
Not enhancement idea, tho.
--
Principal Security Engineer, Akamai Technologies
IM: rs..
configure this via openssl.cnf.
I've done plenty of reading and searching today and haven't found any
documentation describing if and how this can be done.
There is an old thread here from 2011-09-02 with a similar question
in regard to SSLv2:
http://marc.info/?l=openssl-users&m=
Thanks,
Walter
On 28.02.2013 12:03, Erwann Abalea wrote:
man asn1parse
man ASN1_generate_nconf
That should give you some bootstrap information.
--
Erwann ABALEA
-
tridécatabulophobie: peur d'être treize à table
Le 28/02/2013 11:16, Walter H. a écrit :
Hello,
I have the following:
---
na
man asn1parse
man ASN1_generate_nconf
That should give you some bootstrap information.
--
Erwann ABALEA
-
tridécatabulophobie: peur d'être treize à table
Le 28/02/2013 11:16, Walter H. a écrit :
Hello,
I have the following:
---
name = ASN1:SEQUENCE:section
[ section ]
value.1 = XXX:text
Hello,
I have the following:
---
name = ASN1:SEQUENCE:section
[ section ]
value.1 = XXX:text
---
what is possible to have instead of XXX?
Thanks,
Walter
smime.p7s
Description: S/MIME Cryptographic Signature
I am afraid I have not found adequate documentation that I can use to
guide me in editing the contents of openssl.cnf. The comments within
the file do not tell me enough about good values to use for the
different options that are available.
Here are my objectives:
1) A single certificate
orkspace/myproject/current/appfs/openssl/build/base"
OpenSSL>
If I set --openssldir="/usr/bin", I see openssl.cnf gets put into:
$(SSLDIR)/base/usr/bin
whereas if I dont put in the --openssldir switch at all (as above) it gets put
into:
$(SSLDIR)/base/usr/ssl
Either way it looks
ENSSLDIR:
> >>"/home/tjordan/workspace/myproject/current/appfs/openssl/build/base"
> >>OpenSSL>
> >>
> >>If I set --openssldir="/usr/bin", I see openssl.cnf gets put into:
> >>$(SSLDIR)/base/usr/bin
> >>whereas if I don
openssldir="/usr/bin", I see openssl.cnf gets put into:
$(SSLDIR)/base/usr/bin
whereas if I dont put in the --openssldir switch at all (as above) it gets put
into:
$(SSLDIR)/base/usr/ssl
Either way it looks for it in "$(SSLDIR)/base" which of course doesn't exist on
the ta
On Fri, Jan 25, 2013, T J wrote:
>
> openssl version -d shows the INSTALL_PREFIX directory == $(SSLDIR)/base.
>
> OpenSSL> version -d
> OPENSSLDIR:
> "/home/tjordan/workspace/myproject/current/appfs/openssl/build/base"
> OpenSSL>
>
> If I set --op
h-fipsdir="$(SSLDIR)/fips"
$(CROSS) && \
$(MAKE) && \
$(MAKE) install_sw INSTALLTOP="$(SSLDIR)/base"
but when I run openssl on the target I get this:
# openssl
WARNING: can't open config file: /openssl.cnf
OpenSSL>
The --prefix="/usr"
e target machine
> >>>>>>(/usr/bin). In my makefile I have:
> >>>>>>
> >>>>>> ./Configure fips no-asm no-hw shared --prefix="/usr"
> >>>>>>--openssldir="$(SSLDIR)/base" --with-fipsdir="$(SSLD
amp; \
$(MAKE) install_sw INSTALLTOP="$(SSLDIR)/base"
but when I run openssl on the target I get this:
# openssl
WARNING: can't open config file: /openssl.cnf
OpenSSL>
The --prefix="/usr" switch tells openssl where to find the libs etc.
Is there a similar switch to t
h-fipsdir="$(SSLDIR)/fips"
$(CROSS) && \
$(MAKE) && \
$(MAKE) install_sw INSTALLTOP="$(SSLDIR)/base"
but when I run openssl on the target I get this:
# openssl
WARNING: can't open config file: /openssl.cnf
OpenSSL>
The --prefix="/usr"
:
> >>>
> >>> ./Configure fips no-asm no-hw shared --prefix="/usr"
> >>> --openssldir="$(SSLDIR)/base" --with-fipsdir="$(SSLDIR)/fips"
> >>> $(CROSS) && \
> >>> $(MAKE) && \
> >>>
/fips"
> $(CROSS) && \
> $(MAKE) && \
> $(MAKE) install_sw INSTALLTOP="$(SSLDIR)/base"
>
> but when I run openssl on the target I get this:
>
> # openssl
> WARNING: can't open config file: /openssl.cnf
> OpenSSL>
>
> The
(SSLDIR)/base" --with-fipsdir="$(SSLDIR)/fips"
> $(CROSS) && \
> $(MAKE) && \
> $(MAKE) install_sw INSTALLTOP="$(SSLDIR)/base"
>
> but when I run openssl on the target I get this:
>
> # openssl
> WARNING: can't open config file: /openss
& \
$(MAKE) install_sw INSTALLTOP="$(SSLDIR)/base"
but when I run openssl on the target I get this:
# openssl
WARNING: can't open config file: /openssl.cnf
OpenSSL>
The --prefix="/usr" switch tells openssl where to find the libs etc. Is
there a similar swit
In reference to my first posting:
http://old.nabble.com/sufficient-engine-configuration-i-openssl.cnf-for-signing-with-smartcard-xmlsec1-td32606851.html
I will try to shorten this posting above, posting it with teaspoon:
How can a slot and its key be administered to the openssl.cnf so that
http://old.nabble.com/sufficient-engine-configuration-i-openssl.cnf-for-signing-with-smartcard-xmlsec1-td32606851.html
I will try to shorten this posting above, posting it with teaspoon:
How can a slot and its key be administered to the openssl.cnf so that
openssl can read it directly from the
way that the xmlsec1 will use
the smartcard key and perform a sign. There is not going to be openssl
switches behind the "--crypto openssl" part, as far as Aleksey Sanin
personally has stated. I have tried with the following of a preliminary
openssl.cnf and it wor
rc2-cbc
>> rc2-cfb rc2-ecb rc2-ofb rc4
>> rc4-40seed seed-cbc seed-cfb
>> seed-ecb seed-ofb
>>
>>
>> On Fri, Aug 12, 2011 at 12:25 PM, Coda Highland wrote:
>>
>>> strace will show al
seed seed-cbc seed-cfb
> seed-ecb seed-ofb
>
>
> On Fri, Aug 12, 2011 at 12:25 PM, Coda Highland wrote:
>
>> strace will show all of the syscalls executed by the application,
>> including opening files.
>>
>> /s/ Adam
>>
&g
; including opening files.
> >
> > /s/ Adam
> >
> > On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig wrote:
> > > Background:
> > > I have the problem in which there are multiple versions of openssl.cnf on
> > my
> > > Linux (Ubuntu 11.04) ins
dam
>
> On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig wrote:
> > Background:
> > I have the problem in which there are multiple versions of openssl.cnf on
> my
> > Linux (Ubuntu 11.04) installation.
> >
> > I had some problems with the default openssl-0.9.8
strace will show all of the syscalls executed by the application,
including opening files.
/s/ Adam
On Fri, Aug 12, 2011 at 10:46 AM, Eric Raunig wrote:
> Background:
> I have the problem in which there are multiple versions of openssl.cnf on my
> Linux (Ubuntu 11.04) installation.
On Fri, Apr 16, 2010, Dimitrios Siganos wrote:
> Dr. Stephen Henson wrote:
>> On Fri, Apr 16, 2010, Dimitrios Siganos wrote:
>>
>>> Now, I would like this engine to install automatically i.e. without
>>> having to run the engine command. I tried adding
Dr. Stephen Henson wrote:
On Fri, Apr 16, 2010, Dimitrios Siganos wrote:
Now, I would like this engine to install automatically i.e. without having
to run the engine command. I tried adding the following to openssl.cnf
##
openssl_conf = openssl_def
[ openssl_def
6de677f53533e28254d5890e2d7a15a8135883ca \
>
> engine "pkcs11" set.
> PKCS#11 token PIN:
>
>
> So far so good.
>
> Now, I would like this engine to install automatically i.e. without having
> to run the engine command. I tried adding the following to openssl.cnf
>
On Fri, Apr 16, 2010 at 10:11:20AM +, Kaila, Ashish wrote:
> Hi,
>
> I just built Openssl 1.0.0 on a Win32 platform, after building when
> I try and run the binary openssl.exe I get a warning message "Cant
> open Config file: /usr/local/ssl/openssl.cnf"
ally i.e. without
having to run the engine command. I tried adding the following to
openssl.cnf
##
openssl_conf = openssl_def
[ openssl_def ]
engines = engine_section
[ engine_section ]
pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path
Hi,
I just built Openssl 1.0.0 on a Win32 platform, after building when I try and
run the binary openssl.exe I get a warning message "Cant open Config file:
/usr/local/ssl/openssl.cnf" , I don't have a sample configuration file. What is
the impact if I use any sample configurati
On Wed, Feb 10, 2010 at 12:49 PM, Samuel123smith
wrote:
>
> Hi ALL,
>
> I am trying to use openssl pkcs11 engine . I have more than pkcs11 provider
> and I want my customer to specify which pkcs11 provider they want to use .
> For this I am thinking to modify the openssl.cnf f
Hi ALL,
I am trying to use openssl pkcs11 engine . I have more than pkcs11 provider
and I want my customer to specify which pkcs11 provider they want to use .
For this I am thinking to modify the openssl.cnf file and
have one option
pkcs11_lib32=/usr/lib/pkcs11/opencryptoki.so
pkcs11_lib64
Hi ALL,
I am trying to use openssl pkcs11 engine . I have more than pkcs11 provider
and I want my customer to specify which pkcs11 provider they want to use .
For this I am thinking to modify the openssl.cnf file and
have one option
pkcs11_lib32=/usr/lib/pkcs11/opencryptoki.so
pkcs11_lib64
Hi,
I was wondering, is it possible to specify all settings that are in
openssl.cnf on the commandline as well?
This would make generating certificates a lot easier.
Thanks in advance
Regards,
Serge Fonville
__
OpenSSL Project
1 - 100 of 238 matches
Mail list logo
