Hello, I am developing a web application that is authenticated using CAS (A single-sign-on solution: http://www.ja-sig.org/wiki/display/CAS/Home). For security reasons, I need two things to work: The communication between CAS and my application needs to be secure My application needs to accept the certification coming from CAS, so tha...
I am trying to send the output from the find command to OpenSSL in order to find out when certificates expire. This finds the files find . -name \*.pem -type f This generates the cert info I want openssl x509 -in certname.pem -noout -enddate Can I merge these two? Thanks for your help. ...
In the PKey class documentation of the M2Crypto python package (an OpenSSL wrapper for Python) it is said that PKey is a reference to a Public key. My opinion is instead that it's a reference to a Private Key because the init method of the PKey class calls the evp_pkey_new openssl function that, from this link: http://linux.die.net/man/...
Hi, I'm getting the following error when trying to compile OpenSSL 1.0, 64 bit: ias -o tmp32\ia64cpuid.obj tmp32\ia64cpuid.asm 'ias' is not recognized as an internal or external command, operable program or batch file. NMAKE : fatal error U1077: 'ias' : return code '0x1' Stop. Does someone know what can I do? (I do it on Windows ...
Hi All, I do have certificates in DER and PEM format, My goal is to retrieve the fields of Issuer and Subject And verify the Certificate with the CA public key and simultaneously verify CA certificate with the Root public key. I am able to retrieve all the details of issuer and subject But unable to verify the certificate. Please help...
I am having trouble trying to connect to a secure OpenLDAP server which I have set up. On running my LDAP client code java -Djavax.net.debug=ssl LDAPConnector I get the following exception trace (java version 1.6.0_17) trigger seeding of SecureRandom done seeding SecureRandom %% No cached client session *** ClientHello, TLSv1 RandomC...
Hi, to connect a server i've found that using PHP i've to use openssl_seal. That's ok, but i want to use Python. But i'm not able to convert "Openssl_seal" in an equivalent function. can you help me? this is what Openssl_seal do: Description int openssl_seal ( string $data , string &$sealed_data , array &$env_keys , ...
Hi, Is there any way to remove the elliptic curves extension - elliptic_curves and ec_point_formats? (Via function like SSL_CTX_set_options with SSL_OP_NO_TICKET for the SessionTicket extension, or by conditional compilation, or something else that works...) Thank you in advance! ...
hi! I'm new to openssl and all this crypto-stuff and would need a little help. I need to sign a message (digest sha1) AND put it in a mime-part. a) digest and signing it I get with: openssl sha1 -sign mycert.pem -passin pass:1234 data > signed_sha1 b) mime and signing (but the whole message instead of only digest) I get with: ope...
SOLVED: I was dumb. First argument of encrypt should have been key.size() and first argument of decrypt should have been RSA_size(myKey). Hey guys, I'm having some trouble figuring out how to do this. Basically I just want a client and server to be able to send each other encrypted messages. This is going to be incredibly insecure bec...
I use Tomcat with native extensions, so it is necessary to use OpenSSL for making certificates. Does anyone know how to make a certificate with OpenSSL and install it into Tomcat? ...
Hi all, I'm trying to use standard system header files in my C++ XCode project: #include <openssl/bio.h> #include <openssl/ssl.h> #include <openssl/err.h> The build fails and it complains: "Openssl/bio.h: No such file or directory" I added /usr/include to the "Header Search Paths" in Project settings, but that doesn't fix it. I CO...
Hello, I have a need to access the encryption (cipher, write) keys that are generated from the master key that is generated from the OpenSSL C API. I know I can access the master key using the SSL struct as follows: ssl->session->master_key Unfortunately looking at the OpenSSL code has not gotten me very far as the API is not very ...
I'm trying to get up to speed on how to get some code that uses OpenSSL for cryptography, to play nice with another program that I'm writing in C#, using the Microsoft cryptography providers available in .NET. More to the point, I'm trying to have the C# program verify an RSA message signature generated by the OpenSSL code. The code tha...
Is there a way to sign values with a PEM formatted private key in Google App Engine (Python)? For example in PHP it could be achieved like this: $key = openssl_pkey_get_private($privateKey); openssl_sign($strToBeSigned, $signature, $key); echo "signature: ".base64_encode($signature); Is there a way to do the same thing with Python in...
Hi, I wanted to extract the Signer Informations from PKCS#7 Signed Code Image using C/CPP. I wanted to know the openssl API's. I am Able to extract Using bouncy castle (CMSSignedData). Please let me know the openssl API's which I can use in C/CPP to extract the each signers and signer informations and verify the Signers. is there any ...
This example code fails: require("socket") require("ssl") -- TLS/SSL server parameters local params = { mode = "server", protocol = "sslv23", key = "./keys/server.key", certificate = "./keys/server.crt", cafile = "./keys/server.key", password = "123456", verify = {"peer", "fail_if_no_peer_cert"}, options = {"all", "no_sslv2"...
Is there any way to use Open SSL without any SHA1 hash functions and using one of SHA2 functions instead of it? I think firstly, I should find all the functions that call SHA1 algorithm, and I should understand why SHA1 is still used. While changing the hash function, the bits are different in SHA1 and SHA2 so it may cause some problems....
I've been offered some commands to create a .pfx file using OpenSSL. For the most part, my partner gathered this information from: http://stackoverflow.com/questions/553149/is-it-possible-to-convert-an-ssl-certificate-from-a-key-file-to-a-pfx I have the following files: 2010certificate.cer 2010cert_and_key.pem private_verisign10to1...
How do i add these sections to certificate (i am manualy building it using C++). X509v3 Subject Key Identifier: A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0 X509v3 Authority Key Identifier: keyid:A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0 Curently my code builds sertificate wel...