Hi all, I'd like to gather certain details of an SSL certificate on a particular web-site. I know this is straightforward using the openssl tool on Linux/MacOSX. However is the same or similar possible in JavaScript? I understand that the browser handles socket connections and that the SSL handshake occurs prior to any party sending da...
Hello, I am trying to take an AES HMAC of a file using the openssl command line program on Linux. I have been looking at the man pages but can't quite figure out how successfully make a HMAC. I can encrypt a file using the enc command with openssl however I can't seem to create a HMAC. The encryption looks like the following: opens...
Hello, I need to extract the RSA public key from a RSA private key using OpenSSL. I'm currently using RSAPublicKey_dup() passing the RSA* private key to get the public key. However, while the call seems to work, I cannot load (or use) this public key using the openssl command-line tool. If I generate the public key using the command-l...
Hi I am using Mac OS X 10.6 SDK and my deployment target is set to Mac OS 10.5. I'm linking to libcrypto (AquaticPrime requires this) and found out that my app doesn't launch on Leopard. The error is dyld: Library not loaded: /usr/lib/libcrypto.0.9.8.dylib I've tried the following workarounds but none of them work: Linking direct...
SSL Documentation Analaysis This question is pertaining the usage of the HMAC routines in OpenSSL. Since Openssl documentation is a tad on the weak side in certain areas, profiling has revealed that using the: unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, int n, ...
make -f objs/Makefile make[1]: Entering directory `/root/fuse-ssh/nginx-0.7.65' cd /usr/bin/openssl \ && make clean \ && ./config --prefix=/usr/bin/openssl/.openssl no-shared no-threads \ && make \ && make install /bin/sh: line 0: cd: /usr/bin/openssl: Not a directory make[1]: *** [/usr/bin/openssl/.open...
Hi I need to use openid in a c++ website and can't find a working library to work with. I am trying to use this one http://kin.klever.net/libopkele/requirements but it stops the configure with this message: checking for OPENSSL... configure: error: no openssl library found. get one from http://www.openssl.org/ but my debian has open...
Does anyone know of a more recent OpenSSL book than "Network Security with OpenSSL: Cryptography for Secure Communications" (http://www.opensslbook.com/)? It is from 2002 and does not cover OpenSSL version 0.97+. Best would be a book for OpenSSL 1.0.0 but I guess that one is too recent. ...
Hi all, I have an OpenSSL client-side implementation that establishes a TLS (v1) connection successfully. It works fine, untill I'm trying to use a subordinate CA certificate and not a root CA one. What do I need to add to the code? I use OpenSSL 00.9.8k. Thanks. ...
Hi i'm creating a program that has to make a request and then obtain some info. For doing that the website had done some API that i will use. There is an how-to about these API but every example is made using PHP. But my app is done using Python so i need to convert the code. here is the how-to: The request string is sealed with Ope...
Hi all, I have seen some of the other questions here about the CRC 32 calculation. But none were satisfactory for me, hence this. Does openssl libraries have any api support for calculating the CRC32? I am already using openssl for SHA1, so would prefer to use it than link in one more library for CRC32(my implementation is in C). Than...
Hello, I'm using an application which uses OpenSSL for client TLS side. We upgrade the OpenSSL version from 0.9.8e to 0.9.8k. And then TLS doesn't work... Wireshark shows that the new version (with OpenSSL 0.9.8k) sends the client hello packet with a SessionTicket extension - and the server side responds with a fatal internal error. T...
The documentation for Openssl memory BIO sinks is here. I am creating a BIO chain to turn binary strings into base64 strings. The source/sink is always a memory location, and this enables me to just keep the same chain arround. However the data (should) go into a memory buffer managed by OpenSSL when I write to it, and it should come fr...
I generate a certification key with openssl. Here is my command: openssl genrsa -des3 -out enc_key.pem 1024 I export into cer file, then with java keytool I import into java keystore (jks). The keystore sounds good. I can load the keystore from my java app. The problem is when client connect to the server (In this case is FTP se...
I'm writing an OS X client for a software that is written in PHP. This software uses a simple RPC interface to receive and execute commands. The RPC client has to sign the commands he sends to ensure that no MITM can modify any of them. However, as the server was not accepting the signatures I sent from my OS X client, I started investi...
What algorithm use RAND_bytes function in openssl? ...
Hi All, While verifying the certificate I am getting EVP_F_EVP_PKEY_GET1_DH My Aim - Verify the certificate signature. I am having 2 certificates : 1. a CA certificate 2. certificate issued by CA. I extracted the 'RSA Public Key (key)' Modulus From CA Certificate using, pPublicKey = X509_get_pubkey(x5...
Hello, Can anyone tell me what is the difference between SSL_CTX_set_cert_verify_callback and SSL_CTX_set_verify? From OpenSSL docs: SSL_CTX_set_cert_verify_callback() sets the verification callback function for ctx. SSL objects that are created from ctx inherit the setting valid at the time when SSL_new(3) is called. and: SS...
Certificate: Data: Version: 3 (0x2) Serial Number: 95 (0x5f) Signature Algorithm: sha1WithRSAEncryption Issuer: C=, O=, CN= Validity Not Before: Apr 22 16:42:11 2008 GMT Not After : Apr 22 16:42:11 2009 GMT Subject: C=, O=, CN=, L=, ST= Subject Public Key Info: Public Key Algorithm: rsa...
Hi there! We are currently developing a apache2-based web application and want to invite some beta testers to give it a try. To be on the safe side, access should be provided by individual browser certificates (.p12) which are issued using a (fake) CA. Our users should be passing a complete register/login process and some of them will ...