Afternoon,
I have been running some speed tests of openssl 1.0.1, 1.0.2 and 1.1.0
versions against various compiler optimisations. Special interest was given
to the more commonly used primitives, rsa's, aes's etc.
I noticed that SHA1's have some significant performance improvements.
However the m
Hi there,
I don't seem to be able to benchmark chacha, nor does it appear in the list
when I test all.
Is this expected?
I can see it in 'openssl ciphers -V "ALL"' and also negotiate from a client.
Thanks
CraigT
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listi
Hello,
I am able to generate an MD5 fingerprint with the following command.
openssl x509 -in user.pem -fingerprint -md5 -noout
This fingerprint matches the fingerprint displayed by Thunderbird/Firefox.
I am trying to generate an MD5 using a hash function in PHP,
http://nl2.php.net/manual/en/fun
Thank you Erik and Wim, that's exactly the information I needed!
On Tue, Apr 19, 2011 at 2:27 PM, Wim Lewis wrote:
>
> On 19 Apr 2011, at 10:55 AM, Matt C wrote:
> > Should I be hashing the entire contents of the PEM file, only part, or is
> there additional data I
I've extracted a date from a public certificate using the PHP command
openssl_x509_parse.
The date looks like this: 110419141516Z
Can someone tell me how to make sense of this date (in PHP if possible).
Thank you!
Matt
r-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *Matt C
> *Sent:* Tuesday, April 19, 2011 5:19 PM
> *To:* openssl-users@openssl.org
> *Subject:* Date format for X.509 certificate
>
>
>
> I've extracted a date from a public certific
Hi,
We are implementing multi-layer support for our openssl-based PKI solution
and had the following query:
Currently our PKI solution supports only single layer CA support and we use
SSL_CTX_load_verify_locations API with the CAFile option, meaning that the
service loads the CA certificate from
the client?
P.S. My previous query also is unanswered. It would be great if I get some
responses to that also ;)
Regds,
Ashok
-- Forwarded message --
From: Ashok C
Date: Wed, Nov 23, 2011 at 12:55 PM
Subject: Usage of CAPath/CAFile options in int
SSL_CTX_load_verify_locations Reg
orked for me
>>in all versions I've used. What version(s) are you running,
>>is it vanilla build or any mods/patches, and built how?
We are running openssl-0.9.8g and 1.0.0d in normal x86/x86_64 environment
with few CVE patches.
On Tue, Nov 29, 2011 at 9:51 AM, Dave Thompson wrot
locations in client side? Meaning, do we need to
build the chain from client side explicitly by ourselves?
Regds,
Ashok
On Fri, Dec 2, 2011 at 5:33 AM, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> > Sent: Wednesday, 30 November
ng v3 certificates, the
error did not appear again and my client-server app is working well with
the multi-level configuration. Thanks a lot for your patient help in this
regard.
Regds,
Ashok
On Sat, Dec 3, 2011 at 4:17 AM, Dave Thompson wrote:
> > From: Ashok C [mailto:ash@gmail
Hi,
What will be the recommendation from the open source community for
supporting the following scenario in a openSSL based client/server
application:
*The certificates involved:*
old CA certificate of the CA authority(root)
new CA certificate of the CA authority(root)
Server's end entity certifi
, Dec 21, 2011 at 8:46 AM, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> > Sent: Tuesday, 20 December, 2011 04:16
>
> > What will be the recommendation from the open source community for
> > supporting the following
,
Ashok
On Tue, Dec 27, 2011 at 4:50 PM, Ashok C wrote:
> Thanks Dave.
> But regarding this:
>
> >>Important note: make sure the old and new root certs have different
> names. (Same for intermediate CAs, which your example doesn't have.)
> OpenSSL looks-up using Issuer
9 AM, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> > Sent: Thursday, 22 December, 2011 10:55
>
> > Another doubt I have is about the SSL_CTX_set_client_ca_list
> > and the SSL_get_client_ca_list.
>
> >
Hi,
In addition to the online material, are there any good books which we can
refer to understand openSSL better? Both conceptually as well as from the
API/code perspective.
We hear of the "Network Security with OpenSSL by John Viega" as one good
reference. But it was published in 2002. Any good n
Am 09.01.2012 13:10, schrieb Ashok C:
>
> Hi,
>>
>> In addition to the online material, are there any good books which we
>> can refer to understand openSSL better? Both conceptually as well as
>> from the API/code perspective.
>> We hear of the "Network Secu
Hi,
I see that the openSSL certificate verify utility uses the
X509_verify_cert() in x509_vfy.c for certificate validation.
Based on the manual pages for verify, I understand that the order for
verification is as follows:
1. Firstly a certificate chain is built up starting from the supplied
Hi,
I understand that X509 is the preferred ITU-T standard for PKI.
But what would be the other certificate standards which are available and
those which a PKI solution needs to support?
First question would be whether there are any certificates which do not
belong to the X509 standard?
Also, what
Hi,
What would be the most efficient and easiest way to distinguish a CA
certificate from an actual server/client(end entity) certificate?
We were thinking of identifying the CA with the "CA:TRUE" constraint from
the text display, but again this check does not cover x509 v1 certificates
where this
:49 AM, Ashok C wrote:
>
>> Hi,
>>
>> What would be the most efficient and easiest way to distinguish a CA
>> certificate from an actual server/client(end entity) certificate?
>> We were thinking of identifying the CA with the "CA:TRUE" constraint from
>&
Hi,
I am implementing CRL feature for my application and was doing a proof of
concept using openSSL.
Here is what I did:
1. I used openssl commands to generate a v3 root CA certificate and also
the corresponding server certificate.
2. Now i revoked the server certificate using openssl co
solved for now. If you guys have any comments on
this, please let me know. Otherwise you can ignore the previous email.
Regds,
Ashok
On Wed, Mar 28, 2012 at 10:08 PM, Ashok C wrote:
> Hi,
>
> I am implementing CRL feature for my application and was doing a proof of
> concept u
Hi,
I had almost the same requirement and eventually achieved it by patching my
openssl package's x509_verify code to do the check_cert_time() method
optionally depending on some conditions. Ideally I feel openSSL should
provide a validation flag like
*X509_V_FLAG_IGNORE_LIFETIME **which would hel
Hi all
I am using certificates generated by openssl for authenticating the
WiFi useres using EAP-TLS 802.1x authentication.
I would like to add MAC address of the user machines into each user
certificates so that the certificates used by one machine cannot be used in
another machine/P
bind the MAC along with the certificate so
that ones certificate cannot be installed to another CPE.
I want to remove the risk of certificate stealing. Of course I am usin CRL
for revoking. Still want to know any possibility of adding MAC also to
certificate
Regards
Anoop C
Access Network
Hello,
I'd really appreciate if someone can give me an example of how to do this,
I've been spending some time on this without any luck, I'm new to c++ so for
you guys it should be pretty easy.
I'm trying to get the SSL state info and trying to invoke a delegate to pass
the
Hi...
I've been struggling with how to concatenate multiple public domain certs
into one crt file.
Basically, I have 5 SSL virtual host domains running on 1 apache httpd
server and each host has a separate GeoTrust domain certificate. Instead of
having 5 individual public *.crt files, is there an
libraries:
/usr/local/openssl-certgen/lib/libcrypto.so.0.9.7: cannot restore segment
prot after reloc: Permission denied
Kindly advice how can I over come the issue
Regards
Anoop C
Get your world in your inbox!
Mail, widgets, documents
Could anyone tell the procedure to set up the Openssl in fc7..I am using the
certificates for EAP-TLS authentication.
What are the packages I need to install?
Currently I am using three scripts to generate certificates. I am attaching
it.
Thanks in advance.
Regards
Anoop C
TH SSL
< 234 Proceed with negotiation.
* successfully set certificate verify locations:
* CAfile: /usr/share/ssl/certs/ca-bundle.crt
CApath: none
* SSL connection using DES-CBC3-SHA
* Server certificate:
*subject: /C=US/ST=NJ/L=FP/O=test/CN=test.test.com
*start date: 2
Hi,
I was trying to find the correct API for extracting the subject/issuer name
from an x509 certificate using openssl library, but was unable to find the
exact one.
It would be great if someone guides me regarding this.
Thanks in Advance!
Regds,
Ashok
Hi,
Does the openssl X509_verify certificate validation API support an argument
that supports skipping of signature and date validation?
Or is there any other way that I can achieve this optional verification.
Please help me out in this regard.
Regds,
Ashok.
Hi,
I am a newbie user of openssl, and am using openssl C apis to verify
certificates.
Is there any way by which I can ignore the date verificationa and the
signature verification?
Thanks in advance.
Regds,
Ashok
I see these in ssl.h
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
and I've used the SSL_CTX_use_certificate_ASN1(), with 'd'
being a DER encoded cert in a buffer
Bhagvan
David Schwartz <[EMAIL PROTECTED]> wrote:
Hello everybody,
I would like to ask what is the difference, from the cryptographic
point of view, between an opaque signature (-nodetach) and a clear
text signature.
Thanks in advance for your answers,
Jan.
__
OpenSSL Project
d, Feb 11, 2009 at 4:42 PM, Dr. Stephen Henson wrote:
> On Wed, Feb 11, 2009, Jan C. wrote:
>
>> Hello everybody,
>> I would like to ask what is the difference, from the cryptographic
>> point of view, between an opaque signature (-nodetach) and a clear
>> text signatur
On Thu, Feb 12, 2009 at 12:46 PM, Dr. Stephen Henson wrote:
> On Thu, Feb 12, 2009, Jan C. wrote:
>
>> Hi,
>> ok, so the clear text signature general form is something like:
>>
>>
>> --A3DB62BE42E8E4D7716813FA55957190
>>
>> My Signed T
Hello Experts,
i am implementing Digital Signature process in our application using the
CRYPTO - J toolkit (JSAFE). i need to read the DER encoded ASN.1 or PEM
format Public Key. Can you please help me to read this file using the JSAFE
tool kit?
Thanks
Dinesh
Hi,
What would be the unique names with which I can store CA certificates in
file system?
I understand that issuer-id and serial number are the unique identifiers
for a certificate. But using this name for a certificate file name makes it
very long and also introduces some characters like "@,=" et
ing files from openssl source code.
>
> 1. ssl_cert.c (around line number 626)
> 2. x509_vfy.c (around line number 153)
> 3. v3_purp.c (around line number 700).
>
> good luck!
>
> On Mon, Jul 23, 2012 at 8:41 AM, Ashok C wrote:
>
>> Hi,
>>
>> I have a
if
> it is present in the certificate otherwise it only depends on the subject
> name and issuer name match.
>
> Of course, at the end you need to verify the signature. But thats not the
> part of the certificate chain formation.
>
>
> On Mon, Jul 23, 2012 at 10:06 AM, As
, 2012 at 2:09 PM, Ashok C wrote:
> Hi,
>
> I read from the RFC5280 that AKI is mandatory for all certificates
> generated by a conforming CA.
> "The keyIdentifier field of the authorityKeyIdentifier extension MUST
>be included in all certificates generated by conforming
ch cert they issue, i.e. they never need
> to disambiguate using AKI/SKI. And some don't even *have* AKI/SKI.
>
> Good luck.
>
> --
> *From:* Ashok C [mailto:ash@gmail.com]
> *Sent:* Thursday, 26 July, 2012 02:08
> *To:* Dave Thompson
>
hear they are not. Would you have some
opinion/understanding regarding this?
--
Ashok
On Mon, Jul 30, 2012 at 8:17 AM, Dave Thompson wrote:
> >From: Ashok C [mailto:ash@gmail.com]
> >Sent: Saturday, 28 July, 2012 01:21
>
> >Thanks Dave. But main use case for me is the tru
Hi,
Is there a way in which I can determine the correct issuer certificate of
an issued certificate(either intermediate CA or end entity) based on
comparing immediate pair alone.
Eg:
My hierarchy is like this:
Root
Intermediate CA 1
Intermediate CA 2
End entity
Is it possible to determine that I
lient -connect www.google.com:443 -CAfile dump.crt
When using openssl0.9.8k or openssl0.9.8x everything works as expected.
When using openssl1.0.0g or openssl 1.0.1c the certificate validation fails
with:
Verify return code: 10 (certificate has expired)
CONNECTED(016C)
depth=2 C =
tificate validation
> fails with:
> Verify return code: 10 (certificate has expired)
>
> CONNECTED(016C)
> depth=2 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary
> Certification Authority
> verify error:num=10:certificate has expired
> notAfter=Jan
Sending again as the previous email did not appear in list.
Is there some problem with the mailing list?
--
Ashok
On Wed, Sep 12, 2012 at 2:59 PM, Ashok C wrote:
> Hi,
>
> I don't think this question was answered. Could you please reply?
>
> --
> Ashok
>
>
>
certificates in cafile
>
> ** **
>
> Would it make sense to delete the expired certificate from the Windows
> store? Duplicate expired/non expired CA certificates sounds to me like a
> problem waiting to happen.
>
> ** **
>
> *Charles*
>
> *From:
Gentle reminder ..
Just want to know if this is a bug or intended behaviour.
--
Ashok
On Fri, Sep 14, 2012 at 3:12 PM, Ashok C wrote:
> Hi Etkal,
>
> >>s_client app or the OpenSSL cert store functionality that changed this.
> The problem is with the openSSL store itself, as
Hi,
One more observation was made here in another test case.
*Configuration:*
One old root CA certificate oldca.pem with subject name say, C=IN
One new root CA certificate newca.pem with same subject name.
One EE certificate, ee.pem issued by new root CA.
*Test case 1:*
Using CAFile option in
ose abbreviations.
>
> For the benefit of other readers:
>
> I think Ashok was referring to AuthorityKeyIdentifier and
> SubjectKeyIdentifier fieldsbeing absent from the root
> CA certificates in his scenario.
>
> On 9/24/2012 6:26 PM, Ashok C wrote:
>
>> Hi,
>>
&g
going to do that, it is still
> recommended that the CA follows the scenario 2 procedures, except
> when it is a test CA for verifying handling of this scenario in
> X.509 implementations.
>
>
> On 9/24/2012 8:01 PM, Ashok C wrote:
>
>> Only the private and public
Thanks Steve and Kent for the pointers.
Makes things clear for now.
On Thu, Dec 6, 2012 at 4:22 AM, Dr. Stephen Henson wrote:
> On Wed, Dec 05, 2012, Ashok C wrote:
>
> > Hi,
> >
> > Our current SSL server loads plain-text private keys using the
> > SSL_CTX_use_Pr
Thanks Jeff,
My response inline.
On Thu, Feb 14, 2013 at 5:31 PM, Jeffrey Walton wrote:
> On Thu, Feb 14, 2013 at 5:58 AM, Ashok C wrote:
> > Hi,
> >
> > As part of implementing certificate expiry related alarms for my SSL
> > application, I would kindly
Thanks a lot Jeff,
The book is really very useful.
On Sun, Feb 24, 2013 at 12:36 AM, Jeffrey Walton wrote:
> On Fri, Feb 15, 2013 at 9:25 AM, Ashok C wrote:
> > On Thu, Feb 14, 2013 at 5:31 PM, Jeffrey Walton
> wrote:
> >> On Thu, Feb 14, 2013 at 5:58 AM, Ashok C wrote:
Classification: For internal use only
Hi,
I am using openssl - "OpenSSL 0.9.8e 23 Feb 2007" on Solaris. I need to
use this to decrypt and verify AS2 messages coming in from customers. Is
this possible ?
I do not see a "cms" option available.
When I use openssl smime -verify -CAfile -out ,
3 11:02 PM
Subject:
Re: Using openssl for AS2 [I]
On 4/4/2013 9:00 AM, Dwipin C wrote:
> Classification: For internal use only
>
> Hi,
>
> I am using openssl - "OpenSSL 0.9.8e 23 Feb 2007" on Solaris. I need to
> use this to decrypt and verify AS2 messages coming
810
Compiler: MS Visual Studio .NET 2002
Here's the steps I took:
1. Extracted openssl-0.9.8.tar.gz to C:\openssl-0.9.8.
2. cd /d C:\openssl-0.9.8.
3. perl Configure no-deprecated VC-WIN32
4. ms\do_nasm.bat
The output for step 4 is as follows:
{{{
Generating x86 for NASM assember
Bignu
Theoretically it's possible to embed certificates into a Windows and Linux
executables - not sure about other architectures though.
In my spare time I've been researching this topic as well. You can use the
ImageAddCertificate() Win32 API from Imagehlp.dll to programmatically store
a certific
I have a problem that I am working on. I am certain there must be a
simple way to do it but I haven't yet discovered it in the docs yet. I
am hoping someone can point me in the correct direction.
BTW, this is a programming issue so using a command line function isn't
useful. I have an X509 certifi
Hi,
I am running openssl 0.9.8. I have code to verify signature The code works fine on about every major Unix platform. However, they are all 32-bit platforms. When I tried to run it on Suse Linux x86-64 machines it failed.
I have set my target to linux-x86_64 and turned off assembly w
My error, to be exact, came from an xmlsec signature check call on a SAML token. Xmlsec is also freeware. Most feedback I got from other lists appeared to point the problem at openssl.
I am sure 0.9.7d works fine. In fact both Redhat and Suse released RPMs on openssl for 64 bit machines up to
Are there any downstream problems using a cert based
off of a ssh-keygen as opposed to an "openssl genrsa"?
For example:
ssh-keygen -trsa -b1024 -ftestid_rsa -N ""
openssl req -new -key testid_rsa -out
testid_rsa.csr
The above is what I'm currently using based off
OpenSSH's supported
Is RSA ver 2 (SSH) compatiblity with SSL by design or
a given fact? I haven't found any references anywhere
addressing this or any security concern. In addition,
are there any downstream problems using a cert based
off of a ssh-keygen as opposed to an "openssl genrsa"?
For example:
I have to generate quite a few random keys (and iv's) during a days. It
comes out to about 1 million keys (16 bytes each) and 1 million iv's (16
bytes each).
I tried using /dev/random and /dev/urandom but in one case it blocks too
much of the time and in the other seems to run pretty slow. I tried
I can't add anything beyond what is available on a AMD or Intel
motherboard. So is there a built-in HRNG that I can get to (if so, where
is the driver for it)?
Thanks again,
Chuck Wegrzyn
Ken Goldman wrote:
>>Date: Thu, 23 Jun 2005 12:22:30 -0400
>>From: C Wegrzyn <[EMAI
proach and looking for concrete criticism of it or other ways.
C
David Schwartz wrote:
>>I can't add anything beyond what is available on a AMD or Intel
>>motherboard. So is there a built-in HRNG that I can get to (if so, where
>>is the driver for it)?
>>
>>
I see things for adding entropy, loading files, etc. I don't see
anything about generating random numbers. Am I missing something so
obvious if it was a snake it would have bitten me by now?
Chuck Wegrzyn
David Schwartz wrote:
>>Generating one or two random numbers over a period of time isn't a
Linux (gentoo variant).
C.
Ted Mittelstaedt wrote:
>
>
>>-Original Message-
>>From: [EMAIL PROTECTED]
>>[mailto:[EMAIL PROTECTED] Behalf Of C Wegrzyn
>>Sent: Thursday, June 23, 2005 10:14 AM
>>To: Ken Goldman
>>Cc: openssl-users@open
Hi there..
I was trying to figure how to compile apache 1.3.12 with php4 support
and apache-SSL 1.39
I expand apache 1.3.12 src, php4 and open-SSL 0.9.5a
I configure first php.
Then, compile open-SSL with no problems.
the next step I do is expanding the apache 1.3.12+ssl-1.39 patch in the
ap
Hi there.. I (like most humans) have some problems in my life.. I'm not
expecting you to help me solve all of them, but surely will do with this
one:
I'm using
Linux RedHat6.1
apache 1.3.12
open-SSL 0.9.5a
mod_ssl-2.6.2-1.3.12
all compiled, installed and apparen
What is the easiest way to get total bytes of ALL SSL packets
(incoming & outgoing @ the client side) for receiving one single
file via SSL? (i.e. original file size + SSL overhead)
The original file is about 50K. What should be the overhead in size?
Can I do:
s_client -debug -connect XXX.com:4
d),
and written 314 bytes (i.e. 0.7% overhead).
2. After sending a "GET" request, I got
47786 "read from" bytes (i.e. 3.5% overhead),
and 433 "write to" bytes (i.e. 0.9% overhead).
(See below for how I get "read from" & "write to" by
Ah, big difference. It is running much, much faster, and now runs pretty
much even with the apache/mod_ssl server. Thanks Geoff.
Chris
On Monday 09 July 2001 11:17 am, you wrote:
> On Mon, 9 Jul 2001, C. Gould wrote:
> > I've created some server code based on openssl 0.9.6 th
I've been tuning up my code and am now trying to locate sources of what
appears to be some leaking memory. I've searched the archives and saw
a bit of discussion about compiling with -DCRYPTO_MDEBUG set. When I did
so there was no indication that any sort of leaks were even trying to be
detected
hich you think are leaks. I found that I could reformat
> the data with awk and do a diff between a number of sessions to see
where
> the memory was growing.
>
> Steve
>
> On Wed, 11 Jul 2001, C. Gould wrote:
> > I've been tuning up my code and am now trying to locate s
On Friday 27 July 2001 10:04 am, you wrote:
> Hi all.
>
> I followed instructions in
> http://marc.theaimsgroup.com/?l=openssl-users&m=99494629705968&w=2
> to find memory leaks in my application.
>
> The output generated by CRYPTO_mem_leaks_fp (as show below) tells me
> that 899 bytes were leaked
SSL accelerator support is built in the engine code but you need to actually
use the appropriate library calls in your code to utilize the hardware. The
following code should get you started.
ENGINE *e;
ERR_load_ENGINE_strings; // load engine error strings
e = ENGINE_by_id("cswift"); // u
Hi,
I tryied to use CA.sh for several times to figure out how to get a
certificate using an existent cert. requirement(CSR) generated by Weblogic
domestic version(128-bit). But the attampt failed.
At the beginning, I did like this:
- # CA.sh -newca
- # CA.sh -sign
Then,I realized a
I have a scenario where a certificate was generated using a 2048-bit key, and
was signed by a CA using a 1024-bit key.
The certificate is verified "OK" by openSSL, however when attempting a TLS or
TTLS authentication the server fails with the following debug output:
Debug output (FreeRADIUS ve
Hi... a simple question, i hope somebody know the solution:
I need to use the EVP_DecryptUpdate... but for fifth argument, i need the
large of encrypted.. how i do this? i'm sure that strlen not works...
Thanks!!!
ded,pad_char);
}
strcat(*padded,to_pad);
}
void hextoascii(const char *hex, char **ascii){
int i;
char *tmp;
tmp = malloc(2*sizeof(char ));
strcpy(*ascii,"");
for(i=0; i < strlen(hex) ; i=i+2){
sprintf(tmp,
claro.bin
ls -l show 8 bytes in claro.txt, and 16 bytes in claro.bin
When i use the EVP_EncryptUpdate function, the strlen show 8 bytes in the
text message.
Thanks.
--
--
José Hidalgo C.
Ingeniero de Software
Akzio Consulto
> Hence 8 input + 1 byte minimum padding ==> 8 bytes input + 8 bytes padding.
>
> See what happens when you feed it, for instance, 5 bytes of input:
> resulting file should be 8 bytes (des3 blocksize = 8)
>
>
> 2009/4/3 José Hidalgo C. :
> > Hi:
> >
&g
HI,
I am using Openssl3. while Run a TLS call, call connected successfully, but at
the end of the call i got the error message:
SSL3 alert write:fatal:decode error
SSL error (a000126): unexpected eof while reading
ERROR on SSL_read err=1 flag=0
Initiating SSL shutdown
I think some issue whil
Hi,
i am trying to modify a function which earlier used openss1 to compute shared
key the aruguments to the function are:
rc_vchar_t *pub , rc_vchar_t *priv ; '// public and private keys.
if (eay_v2bn(&dh->pub_key, pub) < 0)
goto end;
if (eay_v2bn(&dh->priv_key, priv) < 0)
Hi,
what is the difference between SSL_CTX_set_min_proto_version and
SSL_set_min_proto_version.
How will they effect the SSL handsahke.
I can see two versions numbers in the PCAP files,
1. content type is handshake , version v1.0
2. handshake type client hello, version v1.2
what is the
Hi,
Does openssl 3.0 still support TLSv 1.0 and TLSv1.1. or they are deprecated,
because there were some deprecations like sha1 etc.
Thanks,
Saketh.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its Affiliates that is confidential
HI,
I am getting this error while importing p12 file
PKCS12_parse failed, error : error:0308010C:digital envelope
routines::unsupported
can anyone explain this?
thanks,
Saketh.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its Aff
Does openssl 3.0 supports the openssl 1.0 pkcs12 files. Is it backward
compatible. For me it giving error in PKCS12_parse function.
thanks,
Saketh.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its Affiliates that is confidential an
Hi,
i am trying to get the block size of EVP_des_ede3_cbc cipher using the below
function but it's not returning anything.
EVP_CIPHER_get_block_size(EVP_des_ede3_cbc())
Does anyone have any idea how to.
thanks,
Saketh.
Notice: This e-mail together with any attachments may contain information
i am using openssl 3.0
From: openssl-users on behalf of Matt
Caswell
Sent: Tuesday, February 15, 2022 6:45 PM
To: openssl-users@openssl.org
Subject: [EXTERNAL] Re: need some help with the block size value
On 15/02/2022 12:13, Srinivas, Saketh (c) wrote:
>
Hi
I am trying to encrypt and decrypt using EVP_des_ede3_cbc() type. iam using
openssl3.0
the functions i am using are
encryption side:
EVP_EncryptInit_ex -> EVP_EncryptUpdate -> EVP_EncryptFinal_ex
decryption side:
--
EVP_DecryptInit_ex -> EVP_
HI,
i have EvpKeyPair from GenerateEvpKeyPair(dh_p, dh_g, &pEvpKeyPair)
How can I get the public key and priv key from keypair. The below function
gives them as bignums but not Evp_pkey.
(EVP_PKEY_get_bn_param(pEvpKeyPair, OSSL_PKEY_PARAM_PUB_KEY, &pubKey)
I want pub key and priv keys as evp_p
Hi,
for X509_STORE_CTX object we have a function X509_STORE_CTX_set_cert to set the
cert pointer (x509* cert)
is there any get function for this variable.
X509_STORE_CTX_get_current_cert is not for cert. Because, there is another
variable current_cert.
thanks,
Saketh.
Notice: This e-mail to
HI,
i need to set the current_issuer field in an object of the X509_STORE_CTX
structure. Can any suggest the setter function for this. current_crl_score and
current_reasons also are needed to be 0 for me. Can you suggest setters for
these variables.
Thanks,
Saketh.
Notice: This e-mail togeth
HI,
i need to set the current_issuer field in an object of the X509_STORE_CTX
structure. Can any suggest the setter function for this.
Also, current_crl_score and current_reasons also are needed to be 0 for me. Can
you suggest setters for these variables.
Thanks,
Saketh.
Notice: This e-mail t
I am trying to get information on versions and usage of the Secure Remote
Password Protocol (SRP) APIs in OpenSSLv3.
1. Are SRPv3, v6, and/or v6a supported?
1. I found the following information in the OpenSSL documents on the
following C API for SRP: SRP_create_verifier
1 - 100 of 217 matches
Mail list logo
