Re: How to use a hardware RNG with openssl?

If the true random generator is in /dev/random, and I want use only this device for random data using openssl.cnf: RANDFILE= /dev/random Is this correct? El vie, 19-09-2008 a las 23:21 +0200, Gerd Schering escribió: > > Yes, it is sufficient. Please note that a source not havi

Re: How to use a hardware RNG with openssl?

Any way to collect only from HRNG? This can be a choice or not? > e_os.h > > #ifndef DEVRANDOM > /* set this to a comma-separated list of 'random' device files to try out. > * My default, we will try to read at least one of these files */ > #define DEVRANDOM "/dev/random"

Linux kernel engine support an openssl

Hello, Program that want use Engine should enable it. It's posible enable engine for all program without the program request without patch? Any plan to use linux kernel engine support in openssl software? __ OpenSSL Project

How to add new objects?

Hello, When I try to sign a certificate (previous NID skipped): > businessCategory:unknown object type in 'policy' configuration #IDENTIFIER ::= {id-at 14} id-at-businessCategory OBJECT \ I do not see businessCategory in openssl objects.txt file. Any way to add this OID to certificat

Re: pkcs7_sign() / cms_sign() : using SHA256 hash

Thank you Stephen. I'll try to do that and then I'll tell the others OFTP2 editors how to do ! BTW: Rich told me : "open a ticket". I tried to do by writing to r...@openssl.org but I got nothing back. Best regards, -- Francis Le 20/09/2014 01:36, Dr. Stephen Henson a écrit : On Fri, Sep 1

[openssl-users] Minimum openssl configuration for ssl/tls smtp email support?

Hi, What configuration parameters (NO-XXX) should be passed for the openssl library to be built to support standard TLS/SSL required for sending emails through the public smtp servers but at the least amount of code needed.I have it working (only calls a few BIO_ and/or SSL_ functions) but add

FIPS compilation with VC6

Hi All, Can any please tell me how to configure/compile FIPS on VC6? I am failed to do the configuration. C:\openssl-fips-1.1.1\openssl-fips-1.1.1>perl Configure VC-WIN32 fips . C:\openssl-fips-1.1.1\openssl-fips-1.1.1>perl util\mk1mf.pl dll no-asm fips VC-CE 1>ms\cedll.mak ***FIP

howto verify a certificate

Hi all, I have a bit strange Q: i've created a self-signed certificate (first i created a CA (root certificate) then created another certificate from it like that [http://www.tc.umn.edu/~brams006/selfsign.html]). but i can't find how will i verify that if the second certificate made from the root

Re: Cert Extension conversition

Thanks Richard!!! It worked. I was trying to figure it out for the past two days. I really appreciated.    Richard Andrus <[EMAIL PROTECTED]> wrote: use the command :openssl pkcs12 -in xxx.pfx -out xxx.pemBy default, this will encrypt the private key with triple DES inside the PEM file.It will firs

[no subject]

hi i am a new user of openssl,and i am trying to make an application that use openssl to manage a pki. so i begin by trying make a command like genrsa ,i began with RSA_generate_key() function ,it works but the problem is what function must be used to encrypt RSA key with DES or 3DES ,and ho

BIO_read error

hi i have some problems using BIO_read /write/gets/puts in visual c++ i wrote this code to access to the BIO and read some data each time i use this function i obtain this error : The instruction at 0x1003159d referenced memory at 0xccd0 . the memory could not be read could someone tel

[no subject]

hi i have some problems using BIO_read /write/gets/puts in visual c++ i wrote this code to access to the BIO and read some data each time i use this function i obtain this error : The instruction at 0x1003159d referenced memory at 0xccd0 . the memory could not be read could someone tell

Ipaq h3800

I've built the openssl.exe file for windows ce, but when I transfered it to a Compaq Ipaq h3800 it didn't run. The operating system of the handheld device is PocketPc 2002 and the cpu is ARM. Does anyone have an idea of what was wrong or has experienced similar problems? Thanks Fabio _

Re: tru64 multi-threading needed

effrey Burgoyne wrote: >I have written some OpenSSL 0.9.5a apps with multithreading support of >digital unix some time ago. No problems or special configuration was >needed and everything worked fine. > >Jeff > >[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > >On Tue

Re: OpenSSL 1.0.0b released

> > > Carter Browne > CBCS > cbro...@cbcs-usa.com > -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System Administrator LITES - NASA Langley Research Center Science Systems & Applications, Inc., Hampton VA ___

Re: Let's talk about HTTPS Everywhere

I trust the EFF. I suppose it comes down to the fact that trust is never a default decision, nor should it be. On 01/19/2011 06:29 AM, S Mathias wrote: > Ok. It's a Firefox Add-on: > > https://www.eff.org/https-everywhere > > Questions: > > 1) But: Why can't i find it on the offical Firefox A

Re: OpenSSL 1.0.0d released

08 PM, Bodo Moeller wrote: -- Leonard F. Elia Sr. System Administrator LITES - NASA Langley Research Center Science Systems & Applications, Inc., Hampton VA __ OpenSSL Project http://www.openssl

Re: OpenSSL 1.0.0d released

gcc. > > Carter > > Carter Browne > CBCS > cbro...@cbcs-usa.com > 781-721-2890 > > > On 2/10/2011 3:13 PM, Leonard F. Elia wrote: >> When compiling openssl 1.0.0d on Ubuntu 10.04.1 LTS, works fine. >> On RHEL 5.6, fails in make text: >> >> ECDSA t

openssl smime vs. cms

Is openssl cms the now recommended way to handle data which used to be handled using openssl smime? I keep some files encrypted on disk using the smime utility, but if cms is recommended I will start using that. -- Leonard F. Elia III, CISSP Sr. System Administrator LITES - NASA Langley

ike v2 windows 2008 r2 certificate

We are trying to set up of VPN tunnel using IKE v2 between a windows 2008 VPN server and a linux machine running strongswan. We are trying to do this using machine certificates. We are using a Windows 2008 r2 private certificate authority. I am not sure how to generate the CSR in openssl for

TLS extension servername & ssl session caching

Hi, I am using 098h with the non default configure option 'enable-tlsext' and have a problem with the TLS extension servername in conjunction with ssl session caching. It seems that sessions that contain the SNI extension will not be cached by openssl. (I tried with FF 351) During the handshake

Re: TLS extension servername & ssl session caching

Hi Stephen, > > Is that a bug or is OpenSSL using stateless session resumption? FF also > supports that. In that case the session cache is not used. > It is somehow related to FF 3.5.x! I tried different 3.0.x builds on windows and debian, as well as an old seamonkey 1.1.14 and it works all tim

Re: Apache 2 with ECC certificates

If you type about:config into the address bar in Firefox (I am using 2.0.0.13) and type ecdsa into the filter field, Firefox will display the ECC ciphers. Victor Duchovni wrote: Cool! Which releases of Firefox support ECC? -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System

PKCS12_create returns NULL for 0.9.8.h

Hello, since the upgrade from 0.9.8g to 0.9.8h the code below to generate a PKCS12 object failed! I have observed this on linux64 (debian 3.1) and WinXP. The parameter have not been changed and 'key' is an RSA key. The code: ERR_clear_error(); PKCS12 *pkcs12cont = PKCS12_create ((char*) pwd.

Re: PKCS12_create returns NULL for 0.9.8.h

Hi, After applying the patch http://cvs.openssl.org/chngview?cn=17196 the problem is gone! Any ideas, what has been changed and how I can work around it? Thanks __ OpenSSL Project http://w

Re: 2038 date limit

to just saying stay within 2038 ? -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System Administrator ConITS - NASA Langley Research Center NCI Information Systems, Inc., Hampton VA __ OpenSSL Project

Questions about EC

Hi, I have problems to establish a SSL connection where the server certificate is based on an EC key. I first tried via the c-api, but I can't make it working even with the command line tool. This is what I did: xxx:~./openssl ecparam -name secp256r1 -genkey -out ecc1.pem using curve name pr

Re: TLSv1 problem

TLS v1 (OpenSSL 0.9.8d 28 Sep 2006 / SunOS 5.10 Generic_127127-11 sun4v sparc SUNW,Sun-Fire-T1000) and Firefox 3 [Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] both work fine for me. doki_pen wrote: -- Leonard F. Elia III, CISSP 757.864.5009 Sr

FIPS 1.2

Hello list, I am unsure how OpenSSL FIPS 1.2 can be deployed. I read that it can be linked static but also loaded dynamically, but I also read that it can only be linked static (as FIPS 1.1.2) 1) Can it be linked dynamically? 2) If I would like to link it dynamically when/where do I link the

Re: FIPS 1.2

Hello Stephen, thanks for your very quick reply. 1) Can it be linked dynamically? Yes it can. 2) If I would like to link it dynamically when/where do I link the fipscanister.o? You build and install fipscanister.o from the FIPS 1.2 test source. Then obtain the 0.9.8-fips source with

Re: FIPS 1.2

Hi Stephen, I have downloaded ftp://ftp.openssl.org/snapshot/openssl-fips-test-1.2.0.tar.gz, extracted it and: ./config fipscanisterbuild make make install and then make clean ./config fips shared no-idea no-mdc2 --with-fipslibdir=/usr/local/ssl/fips-1.0/lib make depend make The libraries

Re: FIPS 1.2

Hi Stephen, thank you very much! The snapshot build compiles without these warnings. Bye Jan Dr. Stephen Henson wrote: The cause is OpenSSL doing some things which gcc 4.2 doesn't like. These have been corrected in newer versions of OpenSSL but not when the source was submitted for testing.

Re: FIPS 1.2

Hi Stephen, thank you very much! The snapshot build compiles without these warnings. Bye Jan Dr. Stephen Henson wrote: The cause is OpenSSL doing some things which gcc 4.2 doesn't like. These have been corrected in newer versions of OpenSSL but not when the source was submitted for testing.

Re: DES-only OpenSSL version

http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System Administrator ConITS - NASA Langley Resea

Re: Certificate problem on Windows XP client...

_ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Leonard F. Elia III, CISSP 757.864.5009 S

PKCS7 (time.certum.pl)

Hi, I try to verify a signature made by time.certum.pl. This is what I did: I obtain a pkcs7 signature using wget. When I look into the binary data that will be returned I can find the given sha1 checksum, but the verification fails. 1) What did I miss? 2) How can I extract the signed attributes

Re: PKCS7 (time.certum.pl)

Hi, Dr. Stephen Henson wrote: >> $ openssl.exe smime -verify -inform DER -in sig -content >> openssl-0.9.8h.tar.gz >> -noverify -out c.tar.gz >> Verification failure >> 3776:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest >> failure:pk7_doit >> .c:948: >> 3776:error:21075069:PKCS7 r

Re: PKCS7 (time.certum.pl)

Hi Stephen, What exactly does it mean? Does it mean that the wrong digest was signed? If so what is with the correct digest that is also present in the pkcs7 file? Dr. Stephen Henson wrote: > > That particular failure is caused by the digest contained explicitly in the > PKCS #7 structure not ma

Re: PKCS7 (time.certum.pl)

Thanks! > No it means that the service is an RFC3161 time stamp which OpenSSL doesn't > currently support. You can perform limited verification of these using the > smime command line utility for example... > > openssl smime -verify -inform DER -out ts.der -in timstamp -noverify > > will verify

Trouble with Windows DLL

Hello, I am trying to use openssl in a Windows DLL. However, on the first openssl call I make after these: CRYPTO_malloc_init(); OpenSSL_add_all_algorithms(); I get the "no OPENSSL_Applink" error. I read the FAQ, and I have compiled with /MD, I have included applink.c in my code (and it is a

Re: RSA_padding_check_PKCS1_type_1

Hello, it seems that there are some incompatibilities out there. For some hosts establishing a SSL connection fails, when using openssl, but it succeeds when using a browser. This in one example: F:\openssl>openssl.exe s_client -connect bshop.esprit.com:443 Loading 'screen' into

Re: RSA_padding_check_PKCS1_type_1

there are some incompatibilities out there. For some hosts >> establishing a SSL connection fails, when using openssl, but it succeeds when >> using a browser. This in one example: >> >> F:\openssl>openssl.exe s_client -connect bshop.esprit.com:443 >> Loading &#

error:0906D06C:PEM routines

Hello, I just installed version 0.9.8d on a Typo3 CMS server to solve a domain name mismatch error upon request of a https page. The Apache server uses mod_ssl. I created my own certificate authority, but when I try to sign a server CSR, I have the following error message: Failed to update databa

RE: error:0906D06C:PEM routines

Thanks for the tip. But I still can't sign a Certificate Request. opensssl first asked for dir serial. I mkdir'd it, then it complains about not being able to load a serial number. jfd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Visolve Security Consul

RE: error:0906D06C:PEM routines

nicke Sent: lundi, 29. janvier 2007 18:07 To: openssl-users@openssl.org Subject: Re: error:0906D06C:PEM routines Jean-F. DOUET wrote: > > Hello, > > > > I just installed version 0.9.8d on a Typo3 CMS server to solve a > domain name mismatch error upon request of a https page. T

Reading server name extension

Hello, can anybody explain how I can use the server name extension from the first TLS handshake message (Client Hello)? I would like to use it to return an appropriate certificate to avoid a CN mismatch. Which version of open ssl is required for this? Thanks Jan ___

Re: Reading server name extension

Victor Duchovni wrote: > > Download a 0.9.9 dev snapshot and see the CHANGES file: > > New functions (subject to change): > > SSL_get_servername() > SSL_get_servername_type() > SSL_set_SSL_CTX() > Thanks Victor. This seem to be what I was looking for. Do you k

Client Certificate requested! Or not?

Hello, When I use my browser to go to https://creditportal.bankofamerica.com/ I am redirected to a page telling me that there is something wrong with my client certificate (the fact is that I don't have one). But when I am looking at a tcp dump I cannot find that the server asks for a client cert

Re: Client Certificate requested! Or not?

Hi Stephen, Dr. Stephen Henson wrote: > > Servers can renegotate an SSL connection and request a client certificate > later. This might be due to a script or clcking on a "login" link for example. > Oh, I didn't remember this! Thanks for your quick help. Jan signature.asc Description: Open

cross platform issues with openssl-fips

Hello All, I built OpenSSL with the FIPS module, and after a few issues built it successfully on Solaris 10 (using Sun cc) and on Windows using MinGW. Each works fine on its own platform, but if I encrypt on Solaris 10, I get decryption errors on Windows, and vice versa. Any ideas? Leonard El

Re: cross platform issues with openssl-fips

ka wrote: Elia, Leonard F. wrote: Hello All, I built OpenSSL with the FIPS module, and after a few issues built it successfully on Solaris 10 (using Sun cc) and on Windows using MinGW. Each works fine on its own platform, but if I encrypt on Solaris 10, I get decryption errors on Windows, and vice ver

Re: cross platform issues with openssl-fips

The Solaris version fails on test_sha. I thought perhaps this was a problem with the SUN toolchain, so I rebuilt it using gcc 3.4.6 but it still fails: make[1]: *** [test_sha] Error 1 Items were built as: tar xvf openssl-fips-1.1.1.tar cd openssl-fips-1.1.1 ./config fips --prefix=/usr/local

Re: cross platform issues with openssl-fips

routines:FIPS_selftest_aes:selftest failed:fips_aes_selftest.c:92: 2. Automatic power-up self test...FAILED! LE Dr. Stephen Henson wrote: On Tue, Jul 17, 2007, Elia, Leonard F. wrote: The Solaris version fails on test_sha. I thought perhaps this was a problem with the SUN toolchain, so I rebuilt it using gcc 3.4.6 but

Re: cross platform issues with openssl-fips

, Leonard F. wrote: Thank you for your input. I rebuilt with nothing but config fips; the test you requested fails with this: FIPS-mode test application 1. Non-Approved cryptographic operation test... a. Included algorithm (D-H)...successful 6385:error:2A068065:FIPS

OpenSSL fips mode fails to decrypt on windows

normal behavior? I have verified this on Linux and on Windows, and the same holds for cross-platform encryption/decryption. Thank you -- Leonard F. Elia III, CISSP Sr. System Administrator ConITS - NASA Langley Research Center NCI Information Systems, Inc., Hampton VA

Re: OpenSSL fips mode fails to decrypt on windows

SL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System Administrator ConITS - NASA Langley Resea

Configuration file for subjectAltName

Exchange 2007 certificates and the autodiscovery functions: According to this Microsoft article: http://msexchangeteam.com/archive/2007/07/02/445698.aspx a certificate with Subject Alternative Names (SAN) is the recommended method to pur

RE: Configuration file for subjectAltName

Thanks Viktor and Buddy, Below is my cnf file and the commands I tried. The key and the crt were both created, however when I render the test website using blah002.mysite.com I get a security warning message anyway. I must have done something wrong or left off a step ... Cnf File - [ req ]

RE: Configuration file for subjectAltName

Below are my cnf file and the commands I tried. The key and the crt were both created, however when I render the test website using blah002.mysite.com I get a security warning message anyway. I must have done something wrong or left off a step ... Cnf File - [ req ] default_bits=

RE: Configuration file for subjectAltName

I can't allow our "production" users to get "invalid certificate" errors nor do I want to affect my clients with redirection requests. I am also helping our Exchange2007 folks with the autodiscovery function and the MS docs recommend a SAN-certificate for these very reasons. In my test environmen

RE: Configuration file for subjectAltName

I ran the following command, openssl x509 -text -in certname.crt but I do not see any of the subjectAltNames from my config file. Is this the correct command to see the names in the cert? I am not getting an error, per say, but a common IE warning message about, "invalid or does not match" wh

RE: Configuration file for subjectAltName

ded? Thanks, David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Murphy, David F Sent: Wednesday, September 19, 2007 1:07 PM To: openssl-users@openssl.org Subject: RE: Configuration file for subjectAltName I ran the following command, openssl x509 -t

Re: problems building the FIPS OpenSSL

one to build this? Thanks, Paul __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Leonard F. Elia III, CISSP Sr. System Administrator ConITS - NASA

Re: Fingerprinting FIPS Object Module Vulnerabilities

http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System Administrator ConITS - NASA Langley Research Cente

Re: AES_set_encrypt_key() function fails for 256 bit key length on solaris10amd64

. Leonard -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System Administrator ConITS - NASA Langley Research Center NCI Information Systems, Inc., Hampton VA __ OpenSSL Project http

Re: Configuration file for subjectAltName

On Tue, Sep 18, 2007 at 01:46:42PM -0500, Murphy, David F wrote: Exchange 2007 certificates and the autodiscovery functions: According to this Microsoft article: http://msexchangeteam.com/archive/2007/07/02/445698.aspx <http://msexchangeteam.com/archive/2007/07/02/445698.aspx> a certi

Re: Configuration file for subjectAltName

My Apologies. I was forwarding this to another email for archiving and I was sloppy with addressing before I hit send. Back to your program already in progress Lee Elia, Leonard F. wrote: On Tue, Sep 18, 2007 at 01:46:42PM -0500, Murphy, David F wrote: Exchange 2007 certificates and

Re: OpenSSL FIPS 1.1.2 on Windows

Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System Administrator ConITS - NASA Langley Research Center NCI Information Syste

Building OpenSSL on HP-UX using aCC

Is it possible to build the OpenSSL libraries on HP-UX using "aCC" for the compiler? If this is possible, what options do I pick for the "Configure" script? If I take the default settings the script wants to choose "gcc" for the compiler. The HP-UX operating system is B.11.00 A 9000/785 (ta)

How to write a client to let the SSL_get_peer_certificate call on server side return a X509 point

Hi: Do you know how to write a client program with certification? I don't know how to setup my client program to use a pem file and let the server side get the certification. In one words, how to write a client program to let the SSL_get_peer_certificate() function call on server side not

Re: Re:How to write a client to let the SSL_get_peer_certificate call on server side return a X509 point

mething on server side. Philip F. Qi - Original Message - From: "Marcos Rogerio" <[EMAIL PROTECTED]> To: "Philip F. Qi" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, June 02, 2000 7:46 AM Subject: Re:How to write a client to let the SSL_get_pe

Porting OpenSSL to VxWorks

Hello all, I have seen a couple e-mails of people claiming to have ported to VxWorks. First, has anyone really done it and ended up with somethings stable? If so, can you give me an idea of how much effort was involved and how much time it took to do the port? Is anyone willing to share their

How do I check my Linux have install openSSL or not?

Dear Openssl, How do I check my apache web server install OpenSSL or not?? Fai, CHOW GPE International Co., Ltd. (Tel) 852-2410 7751 (Fax) 853-2410 7872 (E@) [EMAIL PROTECTED] __ OpenSSL Project

Instalation

Sirs I´ve installed apache-1.3.27-sol7-sparc-local with openssl-0.9.6g-sol7- sparc-local but I think I have some problem with ssl because when I try to start up apache I obtain this error: ld.so.1: /usr/local/apache/bin/httpd: fatal: libexpat.so.0: open failed: No such file or directory Killed ./

Re: can't compile "pkcs7/verify.c"

verify.c in the 0.9.4 were, as you explain, behind the PKCS7: there was a problem with the number of parameter when callling PEM_read_bio_PKCS7: you can try adding a NULL parameter, but I believe it won't work. The problem has been corrected in the latest snapshot and it seems to work t

Failed installation tests for 0.9.6 or FreeBSD 4.2

Help! I'm new it OpenSSL and I know next to nothing about it. In fact, I'm only trying to build/install it because the README file for a totally separate pacakage that I am just now installing (the Courier IMAP server) indicated that having OpenSSL might be useful. Anyway, I sucked down and bu

Re: Failed installation tests for 0.9.6 or FreeBSD 4.2

In message <[EMAIL PROTECTED]>, you wrote: >From: "Ronald F. Guilmette" <[EMAIL PROTECTED]> > >rfg> running bc >rfg> >rfg> Failed! bc: tmp.bntest 3: print statement >rfg> *** Error code 255 >[...] >rfg> My apologies if this

Simple handshake error with no explanation (C)

This has been driving me nuts for the past few weeks... I've written a simple app that demonstrates the problem I'm running into. Basically, a client connects to a server, they do the handshake, and all is well... or should be. Both machines are running linux. Below is the source, and below that is

Re: segmentation fault

Did you check that you actually support SSLv3_client_method()? On Wed, September 30, 2009 10:18 am, marina russo wrote: > > Hi! > I'm trying to run a client server application using openssl library,but > i've got some problems because, when i use the method: > SSLv3_client_method() i have a segment

Re: Can not enable via padlock

On 2012-05-31 12:01, Salatiel Filho wrote: > On Thu, May 31, 2012 at 12:37 PM, Michael S. Zick wrote: > >> On Thu May 31 2012, Salatiel Filho wrote: >> >>> Any other ideas ? >> Yes, wrong or incomplete Debian package installed. > > I dont think thats the problem. I tried build the package

[openssl-users] Signing an XML file

Hello everyone, I'm trying to sign an XML file, need to do so with pkcs#7. Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ users? In particular, I'm using Qt as framework, but have also got OpenSSL libs and headers installed. The target platform is Microsoft Windows (x32) K

Re: [openssl-users] Signing an XML file

2016-12-13 22:54 GMT-03:00 Salz, Rich : > > Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ > users? > > Look at the apps/pkcs7.c file as a starting point. Get the command line > doing what you want, and then work through the code to pull out only the > bits you need. > >

Re: [openssl-users] Signing an XML file

much simpler. >> > > PHP is open source software written in C. > > A quick lookup in PHP's git repository (it's source code) turns up: > > http://git.php.net/?p=php-src.git;a=blob;f=ext/openssl/opens > sl.c;h=a4b302bd303579d8f3eb62abdd9f312d3fba264d;hb=HEAD

[openssl-users] Error code 554184855 on PKCS7_sign_add_signer?

Hello everyone, I've been reading smime.c and trying to work my way up from a command that does work. However, I've reached this stage, and I get an error code I don-t know how to diagnose. The source is this(BEWARE: very little error handling, this is just a first informed attempt at the problem):

What are p7c p7b pkcs7 pem BER DER?

Hello, When I was trying to export a certificate from IE, it states a file extension of p7b. If this is a PKCS7 format certificate, what 's the difference between p7b and p7c? What is BER? I just know DER is Distinguished Encode Rules. In Openssl, I could (in many case) choose bet

Re: U-N-S-U-B-S-C-R-I-B-E

On Thu, 08 Jun 2000, Rusty Wright wrote: > Being a jackass sometimes works; I seem to finally be off the list. Then you can't see this: :P -- Brian F. G. Bidulock [EMAIL PROTECTED] __ OpenSSL

free SCEP implementation

Hello everyone, thanks to OpenSSL, I was able to hack up something that looks like an implementation of the simple certificate enrollment pro- tocol SCEP. If you are interested in helping to debug the beast, please have a look at http://openscep.othello.ch. So far, I've been able to comp

RE: Duplicate Posts

X-Mailer: PMMail 2.10.1999 for OS/2 Warp 4.05 - rb On Mon, 18 Mar 2002 16:10:35 +0200, Emanuel Dejanu wrote: |See that is quite strange. My assumption is I don't think it has to do |with the Mailing list server itself but rather your Mail Client |applications. Why not post the client's everyon

Dups Gone!

Looks like the duplicates messages are gone for me. Did anything change? Regards, ++ |Roger F. Borrello, Jr.O Brought to you by | |Golden Code Development S the letters O and S,| |mailto:[EMAIL PROTECTED] 2 and by the number 2

Mutual Authentication

We are running into an issue with an application that is written in PERL using SOAP:Lite and OpenSSL on Suse where a SOAP request is sent to a server that requires mutual authentication. On the server side, the server is throwing a message indicating that it is having a problem with base64 decoding

Why do I get the following error `wrong signature length` when I try to validate a signed file using the c++ OpenSSL 3.1 library?

I posted this on https://stackoverflow.com/questions/78604338/why-do-i-get-the-following-error-wrong-signature-length-when-i-try-to-validate I'm writing an c++ program LicenseValidator -> https://github.com/christiangda/LicenseValidator to validat

Re: [External] : Why do I get the following error `wrong signature length` when I try to validate a signed file using the c++ OpenSSL 3.1 library?

from just a char* pointer. > > > Tom.III > > > On 6/10/24 13:15, Christian F. Gonzalez Di Antonio wrote: > > I posted this on > https://stackoverflow.com/questions/78604338/why-do-i-get-the-following-error-wrong-signature-length-when-i-try-to-validate > <https://

How to use pre-shared keys?

ed to make it work? If there is any further information regarding how to implement pre-shared keys or examples, it would be greatly appreciated. Thanks, Stephen F Bush (GE Global Research) Author http://www.amazon.com/author/stephenbush

Preshared keys - tutorial requested

I would like to implement pre-shared keys using OpenSSL (another mechanism is being used to provide for a common secret at all nodes to be used as a symmetric key). My goal is for OpenSSL to simply load the key from a local location and use it. No certificates should be involved. I notice two f