openssl

How to handle OpenSSL SSL_ERROR_WANT_READ / WANT_WRITE on non-blocking sockets

The OpenSSL library allows to read from an underlying socket with SSL_read and write to it with SSL_write. These functions maybe return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE depending on their ssl protocol needs (for example when renegotiating a connection). I don't really understand what the API wants me to do with these res...

How to decrypt a string on OpenSSL that was previously encrypted via Crypto++?

EDIT: I found out that the keys aren't the problem like I said in the comments. I can use them without any issues to encrypt and decrypt data on OpenSSL. But I need to decrypt a string on OpenSSL that was previously encrypted via Crypto++ and that's not working. I'll post additional details later. Hi, I have encrypted a string using a...

Is there a standard way of representing an SHA1 hash as a C string, and how do I convert to it?

This question is about how to create an SHA-1 hash from an array of data in C using the OpenSSL library. It returns an array of 20 bytes, containing the hash. Is there some standard way of representing that data in string form, not binary? If so, is there a function in OpenSSL itself to convert to said string format? If not, how shoul...

OpenSSL treats smime message with Content-type 'Application/EDI' as text and changes line breaks.

I receive smime message with content-type 'Application/EDI'. It is non-standard mime type and content should be interpreted as binary. But OpenSSL during verifying signature treats it as text and changes line breaks from '\n' to '\r\n' (as needed by spec for content-type 'text'). So digest becomes wrong and verification fails. Is there ...

changing SSL certificates to a different location

Hi, Currently we read from HTTPS using cURL. Everything works fine. We set up certficates in curl as follows: curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM"); curl_easy_setopt(curl,CURLOPT_SSLCERT,"/etc/ssl/certs/abc.cert.pem"); curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"PEM"); curl_easy_setopt(curl,CURLOPT_SSLKEY,"/etc/ssl/certs/ab...

Stunnel Configuration for SSL Connection

I'm trying to use Stunnel to use a mail client that doesn't support SSL to interface with a mail server that wants to use SSL. I want to be able to use plain POP3/SMTP to some local port that Stunnel sets up and have that forward to the SSL connection on the mail server. I was given the following files by my ISP: username.p12 local_ca....

RijndaelManaged equivalent in openssl

There is some code written using C# which uses RijndaelManaged class to encrypt data and Mode = CipherMode.CBC I need implement the equivalent code in Mac using OpenSSl. What is the equivalent to RijndaelManaged in OpenSSl? ...

Prevent OpenSSL from using system certificates?

How can I prevent OpenSSL (specifically, Python's ssl module) from using system certificate authorities? In other words, I would like it to trust only the certificate authorities which I specify, and nothing else: ssl_socket = ssl.wrap_socket(newsocket, server_side=True, certfile="my_cert.pem", ca_certs=MY_...

Best way to create a cryptographic API key

Hi, I have an open API in my application that I'd like to provide access key's for. The incoming info will be a user id, resource id and a value to update with. I'd like one API key per resource. Preferably I would like to be able to validate the authenticity of an incoming request using only the supplied data and not checking against...

Big number modolo a small integer in Openssl

Hi everyone, I was wondering if it is possible that a big number modolo a samll integer in Openssl? Say I generate 2 big prime numbers: BN_generate_prime(p,512,0,0,0,0,0); BN_generate_prime(q,512,0,0,0,0,0); and calculate the product N: BN_mul(N,p,q,ctx); I would like to test if N is a "Blum iteger" (N mod 4==3), however I can't fi...

How to include Openssl in my project?

I have openssl directory for whole openssl code. It has some folder hierarchy. I want to use for example RSA algorithm in openssl, how can I include open-sll in my project? If I just include that directory, program cannot find all files properly. Always error about cannot find some definition or something like that. Wish I expressed it...

Creating PKCS#12 keystore with multiple certificates using OpenSSL 1.0.0a

Hi, I am trying to create a PKCS#12 keystore with more than one certificate. this option does seem to be documented well - everyone talks about creating a .p12 file from a single certicate in a .pem file, like this: openssl pkcs12 -export -in my_single_signed_cert.pem -out keystore.p12 -name "Alias1" this creates a new .p12 file ea...

Certificate errors when using Devise with Facebook Oauth

Hi all- I'm using devise with oauth and Rails 3 (ruby 1.9.2) to log user's into my site. I followed this excellent blog post. That being said, I am getting a weird OpenSSL error, that seems to be due to some kind of certificate verification error. Heres what it looks like: OpenSSL::SSL::SSLError in Devise/oauth callbacksController#f...

is it possible to create an ssl certificate out of a pgp public/private key ?

i have a pgp public/private (RSA) key pair that my friends trust. i have a webserver running and i'd like to generate an ssl certificate whose public key matches my pgp public key. does that make any sense ? is that possible ? is that safe ? ...

How to make save login in ZendFramework using OpenSSL and https in adress

Hello, Im looking answer for my question. I must include this in my project. Can u tell me how do it. What I should know, what i should have, how should look scenario with this save login. I was looking in google but cant find anything. EDIT: I get https in adress when i go to login page with change .htaccess: RewriteCond %{HTTPS} !=o...

PHP Application - Quick connection to HTTPS server

Hello there, The problem is, what I want to develop an application (probably PHP?), capable of making quick connection to a SSL secured server and send/get data from it. My aim is to make it send the query and read the result as quick as possible. I am trying various solutions and benchmarking them all. I have tried fsockopen() and CURL,...