ISO 15782-2

Hi, There is reference to ISO 15782-2 standard in the X.509 and X9.68 documentation. This standard describes certificate verification process. I try to find this document, but meet only payd links. The price of 122 CHF is so expencive. Can anybody help me with this document? -- Andrew

3DES-CBC questoins

A coworked has brought up a question that I cant answer and I am hoping somewhere here could. With 3des you encrypt the data with the first key, decrypt with the second and encrypt with the 3rd to get the encryprted message. He xor'ed the plain text with the encrypted message and obtained a

Re: 3DES-CBC questoins

x27;m not sure what other information you are looking for. I'm just asking how the semantics of 3DES work and why it's strong than DES. I know that is it, but why. Thanks! - Andrew ActiveSol.net [EMAIL PROTECTED] - Original Message - From: "David Tonhofer, m-plify S.A.&qu

Re: Auto Reply: Compiling for 32-bit on 64-bit Linux

who do this from the list please (or at least block those emails somehow)? If people really want to have auto reply things they can at least filter out mails with X-List-Name or List-Id headers. -- Andrew Oakley __ Ope

How to re-use a socket with a new SSL session?

d the worker receives them ok. However, when the worker sends something to the client, nothing comes through - SSL_read fails. In summary, is there any way of closing an SSL session on a socket, then opening a brand new one? regards, Andrew

RE: How to re-use a socket with a new SSL session?

Hi David, Thanks, you've saved me from tons of frustration and wasted time chasing an unworkable solution. The proxy idea sounds very promising, I'll check it out. cheers Andrew

RE: How to re-use a socket with a new SSL session?

, socket connection left open, then a "client HELLO" after which both sides initiate SSL again. I just can't seem to find a method of doing it that actually works. cheers Andrew

RE: How to re-use a socket with a new SSL session?

t and SSL_accept both succeed, the server receives the string sent to it by the client, but when it sends it back the client just doesn't receive it - its SSL_read blocks indefinitely until the server closes the connection. I can send additional SSL_writes from the server - they all report success, but the client will hang on that first SSL_read after restarting SSL. It really feels like I'm missing something incredibly simple, but for the life of me I can't see what it is. Unless, of course, what I'm trying to do isn't supported by openssl. cheers Andrew

RE: How to re-use a socket with a new SSL session?

works perfectly. Thanks also to Viktor and David. cheers, Andrew

Detecting renegotiation failure

I've upgraded to OpenSSL 0.9.8l and realised that client side SSL fails due to renegotiation being disabled. Is there any way to detect that this has happened so that the user can be given a useful error message about this? -- Andrew O

Issue with newline

Apr 1 08:52 a I've attached the code that I used for encryption (no error checkings), can someone tell me why it is behaving the way it is? Thanks, Andrew #include #include #include int do_crypt(char *outfile, char *intext) { unsigned char outbuf[1024]; int

Question about compatibility

To all: I am fairly new at participating in a mailing list so I apologize if I'm doing anything out of place. I don't have that much knowledge in openSSL, either. But what I was hoping to have answered is: OpenSSL produces S-MIME version 2 and BouncyCastle results in S-MIME version 3, which will

RE: Compiling openssl-0.9.8j on AIX 5.3 64 bit

not exist. make: 1254-004 The error code from the last command is 1. Stop. make: 1254-004 The error code from the last command is 1. Stop. From: Andrew Masterson Sent: Tuesday, January 20, 2009 4:07 PM To: 'openssl-users@openssl.org

Compiling openssl-0.9.8j on AIX 5.3 64 bit

Noticed the following during make (after ./Configure aix64-cc): cc -DMONOLITH -I.. -I../include -DOPENSSL_THREADS -qthreaded -DDSO_DLFCN -DHAVE_DLFCN_H -q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -c ca.c "ca.c", line 1297.59: 1506-1298 (W) The subscript 256 is out of range. The valid

Compiling openssl-fips-1.2 on AIX 5.3 64 bit

make fails on openssl-fips-1.2 at -- cc -I.. -I../include -I../fips -DOPENSSL_THREADS -qthreaded -DDSO_DLFCN -DHAVE_DLFCN_H -q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -c ssltest.c "ssltest.c", line 131.9: 1506-236 (W) Macro name _

Problem signing requests from Microsoft certificate wizard

s-generated request that fails and an OpenSSL-generated request that works. If I look at the binary in DER format, I see (openssl) Subject: C=CA, ST=BC, L=Vancouver, O=TRIUMF, CN=andrew od -a includes : eot ack dc3 stx C A 1 vt 0 dc3 stx B C 1 dc2 0 dc3 ack T R I U

Problem signing requests from Microsoft certificate wizard

DER format, I see (openssl) Subject: C=CA, ST=BC, L=Vancouver, O=TRIUMF, CN=andrew od -a includes : eot ack dc3 stx C A 1 vt 0 dc3 stx B C 1 dc2 0 dc3 ack T R I U M F 1 si 0 (windows) Subject: C=CA, O=TRIUMF, CN=andrew, ST=BC od -a : dc3 stx C A 1 si 0 ff

Sanity check regarding conversion of pem to cer & distribution of cer

the cakey.cer file to all of the users that need to ad our CA to their Acrobat trust chain ?? Thanks, Andrew Greig Systems Analyst/Developer Kalamazoo Valley Community College __ OpenSSL Project

RE: Sanity check regarding conversion of pem to cer & distributionof cer

ed to ad our CA to their Acrobat trust chain ?? > > Thanks, > > Andrew Greig > Systems Analyst/Developer > Kalamazoo Valley Community College What do you mean by "OK"? What are you trying to prevent? As I read your question, it seems self-evident that the answer is yes,

Re: nonblocking implementation question

, size); /* encrypted */ write(fd, buf, size); Sorry I am not experienced on SSL programming, and I need to be explicit on the example. Thanks --Andrew 2009/5/28 Victor Duchovni : > On Thu, May 28, 2009 at 02:48:34PM -0400, Aaron Wiebe wrote: > >> On Tue, May 26, 2009 at 5:27 PM, Vic

Re: release announcement issues

ks like this file wasn't updated before the release... (now fixed but obviously not in the release itself). -- Andrew Oakley __ OpenSSL Project http://www.openssl.org User Support Mailing List

Strange loading issue(?) with libcrypto

(not static) libraries. I hope the above is clear. Any suggestions as to what might be causing the program to fail without LD_PRELOAD would be much appreciated. Thanks, Andrew __ OpenSSL Project

Troubles building FIPS-enabled OpenSSL on s390x

ipscanister.o: In function `fips_bn_div': (.text+0x3064): undefined reference to `fips_bn_sub_words' /usr/local/ssl/fips-2.0/lib//fipscanister.o: In function `fips_bn_div': And ending with a bunch more of different "undefined reference" errors. Question: any idea as to how to res

Re: Strange loading issue(?) with libcrypto

Well, for the record, the hardware (PKCS11) library we were using wraps and exposes some ancient version of OpenSSL. And was being linked first, blocking libcrypto. Andrew On Tue, Mar 26, 2013 at 12:17:39PM -0300, Andrew Cooke wrote: > > I admit that this is probably not an OpenSSL-sp

RE: Troubles building FIPS-enabled OpenSSL on s390x

s390 since that is one of their supported platforms so it looks like upgrading OS is the easiest thing for me to do and saying we're "FIPS 140-2 compliant" is sufficient for our purposes. Thanks! - Andrew -Original Message- From: Steve Marquess [mailto:marqu...@openss

RE: How to specify the encryption key without it being visible by ps command?

It seems like it would be easy to add an option to the enc command to get the key and IV from a file by providing the file location to the command line. For instance we could add -KF path and -ivF path to the command line options and have the enc get the real values from within these files. Th

RE: bn_mul_mont_fpu multiply-defined error

>From the User Guide for the OpenSSL FIPS Object Module v2.0, section 3.2: "note the ./config 'shared' option is forbidden by the terms of the validation when building a FIPS validated module, but the fipscanister.o object module can be used in a shared library." -Original Message- From

Building on Windows in 64 bit mode

e-type-x86-conflicts-with-target-machine-typ It looks to me like the 64 bit build is using some components that came out of the 32 bit build, but I am not sure. Regards, Andrew Marlow ___ This e-mail may contain confidential and/or privil

OSX Open SSL Usage question

success:-CApath /System/Library/OpenSSL/certs/ That's the system path from 'openssl version -d'I messed around with similar values in the verify argument. There's obviously a fundamental misunderstanding on my part regarding the proper usage of these arguments. Tips appreciated. Andrew

Using EVP_PKEY with EVP_EncryptInit_ex

#x27;t seem to find any examples or documentation anywhere. Am I doing something wrong or making some really off-base assumptions? Thanks for any help, pointers, or guidance, Andrew F

Re: Using EVP_PKEY with EVP_EncryptInit_ex

ssuming that I can't somehow use the RSA private key's bits as my symmetric key, how should I generate a key without requiring user interaction? Simply calling RAND_bytes? -Andrew On Wed, Apr 1, 2020 at 12:53 PM Matt Caswell wrote: > > > On 01/04/2020 17:34, Andrew Felsher wrote

Curves from http://safecurves.cr.yp.to/

e2213, Curve1174, Curve25519, Curve383187 and Curve3617. But I don't see any of those in OpenSSL 1.0.1e: > openssl ecparam -list_curves | egrep '(2213|1174|25519|38317|3617)' > Am I overlooking something? Will more curves be added soon? Is there some way to specify a &q

Re: Differences on output between OpenSSL and CryptoTool

feel very stupid, but i do not undersand why. that ciphertext should be the padding xored with the previous block, encrypted. what am i missing? andrew On Tue, Oct 29, 2013 at 03:54:50PM +0100, Luis Rocha wrote: > Ok so I read more about it and for DES a block consists of 64 bit = 16 hex &g

Re: private key in hardware ssl

if you start with an existing engine as a template. Andrew On Tue, Nov 05, 2013 at 06:33:55PM +0200, 133mmx runner wrote: > Hi All, > > I am using openssl library. I have succeded establishing ssl connection > with pfx files. But we will keep private key in hardware. Our hardware ha

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

triangular number, but the length of the entire cipher suite is 24, which isn't triangule (the closest is 21). so they're only going to inter-operate on tuesdays. andrew On Fri, Dec 13, 2013 at 07:30:02PM +0100, Walter H. wrote: > On 12.12.2013 14:16, Erwann Abalea wrote: >

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

sorry, that was a bad joke i now regret sending. andrew On Fri, Dec 13, 2013 at 04:01:23PM -0300, Andrew Cooke wrote: > > it dpends how many characters differ when sorted. > > in this case: > > ECDHE-ECDSA-DES-CBC3-SHA -> ---

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

t use (EDE is saying something about DES - how to build 3DES from DES - rather than giving a mode, isn't it?)? andrew On Fri, Dec 13, 2013 at 08:51:44PM +0100, Erwann Abalea wrote: > Don't regret it, it wasn't that bad ;) > > -- > Erwann ABALEA > > Le

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

well, not really, because in practice the name has to match, so you are stuck (as the earlier answer says). i guess the answer is somewhere in the nss code... andrew On Fri, Dec 13, 2013 at 10:04:52PM +0100, Walter H. wrote: > On 13.12.2013 21:16, andrew cooke wrote: > >well, i r

OpenSSL 1.0.1e - OpenJDK/NSS interoperability issue?

work around the problem by modifying OpenJDK's java.security file and disabling the NSS provider but would prefer not to do this since a customer would have to do that every time OpenJDK was updated. -Andrew __

Re: ASN1_item_sign from 1.0.0k to 1.0.1

Argh, OK, the attribute is called sign. So it's correct, I just had the wrong name in my notes. Andrew On Tue, Dec 17, 2013 at 03:51:04PM -0300, Andrew Cooke wrote: > > I should have also said that this is called by X509_REQ_sign. > > So, in short, the EVP_MD.digest atrtibu

RE: OpenSSL 1.0.1e - OpenJDK/NSS interoperability issue?

internal error:s23_clnt.c:741: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 321 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- -Andrew -Orig

RE: OpenSSL 1.0.1e - OpenJDK/NSS interoperability issue?

e 1.0.1e s_client I don't see any point in hacking about with our own code, surely disabling TLS can't be the right thing to do... -Andrew -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Porter, Andrew Sent: Tues

Re: ASN1_item_sign from 1.0.0k to 1.0.1

Yes, that's how my more recent engine-based code works. Maybe the best thing is to merge those two code bases and get rid of this old stuff. Thanks, Andrew On Tue, Dec 17, 2013 at 07:56:46PM +0100, Dr. Stephen Henson wrote: > On Tue, Dec 17, 2013, andrew cooke wrote: > > >

Re: ASN1_item_sign from 1.0.0k to 1.0.1

ning? Or is it meant o just calculate a digest (hash)? So that confusion may not be helping things. Sorry. Andrew On Tue, Dec 17, 2013 at 03:45:46PM -0300, Andrew Cooke wrote: > > Hi, > > I realise the 1.0.0 to 1.0.1 transition happened some time ago, but it only > hit Centos

ASN1_item_sign from 1.0.0k to 1.0.1

s is very old code that I didn't write - if I were working on it now, I would probably use an engine, but what I describe is what I have to work with). Thanks, Andrew PS Is there any way to see the patches that were applied? Perhaps reading the releva

RE: OpenSSL 1.0.1e - OpenJDK/NSS interoperability issue?

nk? Should I try reporting this to the OpenJDK or Mozilla NSS folks? Thanks! Andrew -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, December 17, 2013 1:37 PM To: openssl-users@ope

RE: OpenSSL 1.0.1e - OpenJDK/NSS interoperability issue?

ct the location of the NSS installation. security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg If that last line is commented out the problem goes away. If you want the debug output as an attachment off-list, just let me know and I'll email you directly. Tha

RE: OpenSSL 1.0.1e - OpenJDK/NSS interoperability issue?

A224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, MD5withRSA Unsupported extension type_15, data: 01 -Andrew -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Thursday, December 19, 2013 12:36 AM To: o

RE: OpenSSL 1.0.1e - OpenJDK/NSS interoperability issue?

penssl s_client just gets me usage output which has some obviously new options but nothing that I recognize as appropriate. Thanks, Andrew __ OpenSSL Project http://www.openssl.org

RE: OpenSSL 1.0.1e - OpenJDK/NSS interoperability issue?

onnect tomcat-host:443 But use the same curves in a different order, with sect571r1 first the way it is in the list that OpenSSL 1.0.1e sends: ./openssl s_client -debug -cipher 'ECDHE-RSA-AES256-SHA' -curves 'sect571r1:secp521r1:secp384r1:prime256v1&#x

RE: OpenSSL 1.0.1e - OpenJDK/NSS interoperability issue?

_client testing has been with non-fips 1.0.1e and 1.0.2 I've built myself. -Andrew __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.o

RE: OpenSSL 1.0.1e - OpenJDK/NSS interoperability issue?

ient plus an RPM that is our customized Tomcat as the server, this is sufficient to reproduce the issue. Together they're about 8 Mb, I that's small enough to get through our email system as attachments in separate emails if necessary. Let me know off-list if you want me to send the

Re: Verisign Problem with smtp tls

i am not following this in any detail, but if you look at the certificate you included in your original email it expired in 2008. just look at it with openssl -text -in sorry if i'm jumping into something i've misunderstood, andrew On Fri, Dec 27, 2013 at 01:47:47PM -0600, Bo

Re: Verisign Problem with smtp tls

On Fri, Dec 27, 2013 at 04:53:41PM -0300, Andrew Cooke wrote: > > i am not following this in any detail, but if you look at the certificate you > included in your original email it expired in 2008. just look at it with > >openssl -text -in openssl x509 -text -in

Re: Open SSL errors increase in Linux compared with Solaris

I'm no expert, but doesn't "connection reset by peer" mean that the other side of the connection is hanging up? So maybe the error is with whatever you are talking to? Andrew On Wed, Jan 22, 2014 at 11:24:07AM +, Thirumal, Karthikeyan wrote: > Dave, > Thanks for

When P is larger than Q

LREgOlLjSr/q2YFO8MYKw+HmkEo00+8z7bMnslSVo50= Q:dTHt32eGkYjiVT81BnM6D9pmX508VulYsBalYtbmlj8= InverseQ: 42HK1Pqscf2fecTgrtfHPcONih1fPMzoGbYLWOIasQw= -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

Re: When P is larger than Q

to get this working > in my .NET app? > > > > I tried generating dozens of 512 bit keys in a row on iOS. Every time, > the P was longer than the Q. It seems that iOS may be doing this > intentionally. > > > > Sent from Surface Pro > > > > *From:* Andrew Arno

RE: Open SSL version with FIPS Certified code and TLS 1.2 Support

(a) please don't spam all of the lists. The openssl-users is sufficient (b) you got a reply to your question yesterday. Check your email and the Gmail spam folder. - Andrew From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Arun Kumar Sent: Tu

RE: openssl memory leak

The openssl source package includes a generic server (s_server) and client (s_client). My first suspect when something has a memory leak with SSL connections only is to check whether SSL contexts returned by SSL_new() always get cleaned up later by calling SSL_free()... Andrew -Original

RE: Compiling OpenSSL for embeded systems

Take a look at the file INSTALL in the top level of the source package to learn what development tools are required and what the basic procedure is and it might be useful to do a build on a standard platform like a Linux virtual machine to see how it works. From: owner-openssl-us...@openssl.org

Build problem with FIPS-enabled 1.0.1i, Linux 32 and 64-bit

the latest 2.0.7, didn't help. Andrew Porter __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automat

RE: How to Cross Compile OpenSSL for arm-none-eabi arch?

--prefix= options pointing to where I want "make install" to put things Here's one guys way of doing something close to what you want to do: http://embeddedfreak.wordpress.com/2010/11/23/cross-compiling-openssl-1-0-0b-for-arm926ej-s/ Andrew From: owner-openssl-us...@openssl.or

RE: Signing .JAR files using OpenSSL for Windows

ot; for the KeyStore parameter instead of the name of a keystore file. Andrew

RE: OpenSSL 1.0.0-fips 29 Mar 2010

the source from the operating system vendor, for example the source RPM if you are on some version of Red Hat Enterprise Linux. Andrew From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of A sunil kumar Sent: Tuesday, November 11, 2014 11:23 AM To: ope

RE: version question

point it at that version. If the resulting OpenSSH executables need to run somewhere else (not on this build machine) you would also need to build them with the OpenSSL libraries linked statically instead of dynamically. Andrew From: owner-openssl-us

[openssl-users] Verifying a signature - format problems

working with no errors, so I have narrowed it down to this function. Thanks, -- Andrew Carpenter, ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Verifying a signature - format problems

Well That's interesting. when I download and use your .sig file, I get the same errors. How do you go about picking up your signature form the file system? On Fri, Jul 24, 2015 at 11:55 AM, Richard Moore wrote: > > > On 24 July 2015 at 13:32, Andrew Carpenter wrote: > >

Re: [openssl-users] Verifying a signature - format problems

Thanks so much for your response Richard. I appreciate your time. That's pretty much the same thing I'm doing On Fri, Jul 24, 2015 at 2:59 PM, Richard Moore wrote: > > > On 24 July 2015 at 19:30, Andrew Carpenter wrote: > >> Well That's interesting.

Re: [openssl-users] Verifying a signature - format problems

, Andrew Carpenter wrote: > Thanks so much for your response Richard. I appreciate your time. That's > pretty much the same thing I'm doing > > On Fri, Jul 24, 2015 at 2:59 PM, Richard Moore > wrote: > >> >> >> On 24 July 2015 at 19:30, Andrew Ca

[openssl-users] OpenSSL 1.0.1s-fips tests failing

Building today's 1.0.1s release with FIPS 2.0.8 failed tests for me at the test_ssl step with a not-surprising "test ssl2 is forbidden in FIPS mode". Tests ran fine for 1.0.1r a couple of weeks ago. Is there a simple way for me to fix this? Andrew -- openssl-users mailing list

[openssl-users] OpenSSL 1.0.1s-fips build failing in tests step

d tests just fine, is there an easy way for me to fix this? Thanks, Andrew -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Increased memory consumption noticed when upgrading from openssl 1.0.1 to openssl 1.0.2

Hello, My company is in the process of upgrading from openssl 1.0.1 to openssl 1.0.2. We noticed that when we use any version of openssl 1.0.2 we have an extremely high increase in memory usage. Around 15 or more gigs of memory extra are consumed. My questions are as follows: Are there any sett

Re: [openssl-users] Increased memory consumption noticed when upgrading from openssl 1.0.1 to openssl 1.0.2

, Mar 21, 2016 at 3:04 AM, Matt Caswell wrote: > > > On 20/03/16 03:15, Andrew Payne wrote: > > Hello, > > > > My company is in the process of upgrading from openssl 1.0.1 to openssl > > 1.0.2. We noticed that when we use any version of openssl 1.0.2 we have > &g

[openssl-users] openssl-1.1.0 - static linkage

lly. Many thanks Andrew __ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, v

Re: [openssl-users] openssl-1.1.0 - static linkage

I have now worked out what to do. I did a clean with: ? nmake clean and then successfully build the library with the no-shared config option. Andrew From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Andrew Hartley Sent: 25 May 2016 11:21 To: openssl-users

[openssl-users] openssl-1.1.0 - Linker error on Windows

019: unresolved external symbol __imp__CertDuplicateCertificateContext@4 referenced in function _capi_load_ssl_client_cert Any advice on how this is to be fixed? Andrew __ This e-mail has been scanned for all viruses by Star. The se

Re: [openssl-users] openssl-1.1.0 - Linker error on Windows

penssl-users [mailto:openssl-users-boun...@openssl.org] On > >> Behalf Of Andrew Hartley Sent: Wednesday, May 25, 2016 05:20 > > > >> I've built the openssl-1.1.0 library with no-shared config option > >> on Windows. I've linked the library to my applicat

Re: [openssl-users] OpenSSL - FIPS 140 Compliant

Multiple versions of OpenSSL can, with an additional source package (the OpenSSL FIPS module) be built by you to be 140-2 compliant. See http://openssl.com/fips/ for more info. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Vikram Kamaraj - ERS, HCL Tech Sent: Wedn

Re: [openssl-users] libssl.so.1.0.0 -> Java1.6 net.ssl gives: dh key too small:s3_clnt.c:3617:

ystem update tools to install/update Oracle Java. Don't know about other operating systems. Andrew -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Matthias Apitz Sent: Thursday, August 25, 2016 07:22 To: openssl-users@openssl.org Subject

Re: [openssl-users] Failed to install OpenSSL 1.1.0 using 'nmake install'

Your step (4) to me appears to be wrong. If you are to install openssl to the following directory: C:\Program Files (x86)\OpenSSL\ then you need to do: ? perl Configure VC-WIN32 -prefix=C:\Program Files (x86)\OpenSSL When I build openSSL I use nasm, so after the above I do:

Re: [openssl-users] Failed to install OpenSSL 1.1.0 using 'nmake install'

e format, delete it and recompile Andrew Hartley Senior Software Engineer Tel: +44 (0)1784 410 369 | Direct: +44 (0)1784 410 103 Email: andrew.hart...@taxcomputersystems.com Web: www.taxcomputersystems.com Tax Computer Systems Limited, Centurion House, London Road, Staines, TW18 4AX -

Re: [openssl-users] Build OpenSSL on SUSE Linux Enterprise Server for z Systems

./config works just fine for me on a SLES 11.3 z/Linux, and yes it sets PLATFORM to "linux64-s390x" in MAKEFILE Andrew -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Thomas Francis, Jr. Sent: Friday, May 12, 2017 12:55 To: ope

Re: [openssl-users] Source code to build "OpenSSL 1.0.1e-fips 11 Feb 2013"?

bled OpenSSL: https://www.openssl.org/docs/fips/UserGuide-2.0.pdf Andrew From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Joe Flowers Sent: Friday, June 02, 2017 14:37 To: openssl-users@openssl.org Subject: [openssl-users] Source code to build "OpenSSL 1.0.1e-fips 11 Feb 2013

Re: [openssl-users] Problem in connecting to Java (Tomcat) server with ECDHE ciphers

nnect line below always failed for me. Andrew From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Pravesh Rai Sent: Saturday, June 03, 2017 22:02 To: openssl-...@openssl.org Cc: openssl-users@openssl.org Subject: [openssl-users] Problem in connecting to Java (Tomcat) server w

Re: [openssl-users] Problem in connecting to Java (Tomcat) server with ECDHE ciphers

-SHA256. Andrew From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Steven Collison Sent: Tuesday, June 06, 2017 07:30 To: openssl-users@openssl.org Cc: openssl-...@openssl.org Subject: Re: [openssl-users] Problem in connecting to Java (Tomcat) server with ECDHE ciphers

Re: [openssl-users] Query on usage of openssl 1.1.0f with openssl-FIPS

Support for DTLS 1.2 was one of the major changes from 1.0.1 to 1.0.2, see https://www.openssl.org/news/openssl-1.0.2-notes.html From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich via openssl-users Sent: Wednesday, September 06, 2017 06:49 To: openssl-users@op

[openssl-users] OpenSSL outputs entire CA bundle with libcurl

Hello all, First, some config info: OpenSSL v1.0.1t PLATFORM=arm-linux- OPTIONS=enable-tls enable-threads enable-shared --cross-compile-prefix=arm-linux- -pthread --prefix=/usr/local no-ec_nistp_64_gcc_128 no-gmp no-idea no-jpake no-krb5 no-md2 no-mdc2 no-rc5 no-rfc3779 no-ripemd no-sctp no-ss

Re: [openssl-users] OpenSSL outputs entire CA bundle with libcurl

Jakob, My responses inline : - Is it being output to the network or to the terminal window where curl is used? The output occurs in the terminal window when the program is run. - Is it being output as shown (Base64 text with ending "=" signs and a newline after each cert) or is it being

Re: [openssl-users] Latest stable FIPS and SSL Library combo?

Yes, 2.0.16 and 1.0.2l as per https://www.openssl.org/source/ But there will be a 1.0.2m out on Thursday. Andrew From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Karyn Ulriksen Sent: Tuesday, October 31, 2017 14:51 To: openssl-users@openssl.org Subject: [openssl

[openssl-users] X509_ATTRIBUTE_create_by_NID reversing sequence

seem to be reversed in the output: : 30 26 06 03 55 04 10 31 1F 1B 02 55 4B 1B 06 4C 0&..U..1...UK..L 0010: 6F 6E 64 6F 6E 1B 11 32 32 31 42 20 42 61 6B 65 ondon..221B Bake 0020: 72 20 53 74 72 65 65 74 -- -- -- -- -- -- -- -- r Street Any idea what could be causing that? Thanks,

[openssl-users] X509_ATTRIBUTE_create_by_NID reversing sequence

seem to be reversed in the output: : 30 26 06 03 55 04 10 31 1F 1B 02 55 4B 1B 06 4C 0&..U..1...UK..L 0010: 6F 6E 64 6F 6E 1B 11 32 32 31 42 20 42 61 6B 65 ondon..221B Bake 0020: 72 20 53 74 72 65 65 74 -- -- -- -- -- -- -- -- r Street Any idea what could be causing that? Thanks,

[openssl-users] X509_ATTRIBUTE_create_by_NID reversing ASN1 sequence

0 53 74 72 65 65 74 -- -- -- -- -- -- -- -- r Street Any idea what could be causing that? Thanks, Andrew Felsher -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] "make test" error for release 1.0.2n

-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM Probably I don't care, since my application isn't using DTLS, but I'd just like a confirmation that this is OK. - Thanks, Andrew Porter -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] osf-contact Latest Openssl Issue with Bind 9.12.2-P2 on RHEL 7.5

See the error message about looking at the FAQ? Here it is: https://www.openssl.org/docs/faq.html#USER1 From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of aakash.ku...@orange.com Sent: Sunday, October 07, 2018 22:51 To: openssl-users@openssl.org Cc: osf-cont...@openssl.o

[openssl-users] issue with EVP_EncryptUpdate in XTS mode?

I was doing some comparisons of XTS and GCM mode using the EVP APIs and found a discrepancy that seems to be an issue with XTS. In GCM mode if the buffer is encrypted in one call to EVP_EncryptUpdate or with several calls with smaller buffers the resulting ciphertext is the same, as I would expect

Re: [openssl-users] issue with EVP_EncryptUpdate in XTS mode?

re changes dont screw something up. On Fri, Jan 25, 2019 at 4:18 PM Matt Caswell wrote: > > > On 25/01/2019 20:16, Andrew Tucker wrote: > > I was doing some comparisons of XTS and GCM mode using the EVP APIs and > found a > > discrepancy that seems to be an issue with XTS. &g

How to not use a configured engine?

re method whereas OpenSSL 1.1.1a tries to use whatever engine happens to have been registered first (appears first in [engine_section]). Assuming our engines' init function is always called, where is the right place to do any stuff that should only happen if that particular engine is actually set via the -engine option? Regards, Andrew.

RE: The smallest minimal example of an HTTPS GET request with openssl

You would have to ignore some initial certificate info output but some variation on echo "GET /version" | openssl s_client -connect test.example.com -crlf -ign_eof -quiet would be as pure OpenSSL as you can get… Andrew From: openssl-users [mailto:openssl-users-boun...@openssl.org]

Building 1.1.1a on Windows - how to "make update"?

; (or "errors" for that matter). So what is the equivalent of make update or make errors on Windows? I am wondering if I can simply copy the updated files from Linux (new _err.h, modified obj_dat.h and probably a few more) but I would prefer an official way to (re)generate them on Windows. Regards, Andrew.

RE: Building 1.1.1a on Windows - how to "make update"?

p the copyright year from 2018 to 2019. Regards, Andrew. -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Richard Levitte Sent: Friday, May 24, 2019 4:18 PM To: openssl-users@openssl.org Subject: Re: Building 1.1.1a on Windows - how to "m

  1   2   3   4   >