I have an application that has to calculate the MD5 of file, I have used the openssl library, valgrind complains about some blocks still reachable. Compile the following code: #include <openssl/bio.h> int main(int, char**) { BIO * mem = BIO_new(BIO_s_mem()); BIO_vfree(mem); return 0; } the run it using valgrind this is what...
I have a .NET program and a Borland Win32 program that need to pass some cryptographically secure information. The plan right now is to have the .NET app create a public/private key pair, store the public key on disk and keep the private key in memory for as long as the .NET program is running. The Borland app will then read the public...
Hey all, I have this code: $fp = fopen($unenc_path, "w"); fwrite($fp, $msg); fclose($fp); $easy_access_emails = 'person@##.com'; $headers = "From: support@##.com <support@##.com>\n" . "Reply-to: support@##.com\n" . "Subject: " . $subject . "\n"; $key = implode("", file("../newcert.pem")); $Ar...
I am working with the openSSL library's X509 certificate class, and I need to query the "key usage" extension. After abandoning openSSL's vapourware "documentation", some shot-in-the-dark web searching eventually revealed that I needed to call X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) and searching through the objects...
The service I need to connect to has provided me three files and I'm trying to figure out what I need to create the Cert=xxx.PEM file that STUNNEL needs I have a "keystore.jks" file. Dumping that with keytool says it's a "Private key entry" I have a "truststore.jks" file. Dumping that says it's a "trusted certificate entry". The alias ...
I have one self signed rootcacert.pem which is going to expire next month. Due to specific reason I have extended the validity of this rootcacert using the command : openssl x509 -in rootcacert.pem -days 365 -out extendedrootcacert.pem - signkey rootcakey.pem -text So I get the new root ca as extendedrootcacert.pem. Using new root ca,...
Hello, I need the openssl lib for some C code in my iPhone App. So I've put the lib into my project. But when I compile it, Xcode throws me some errors: error: openssl/ssl.h: No such file or directory That's my code for including: #include <openssl/ssl.h> Target settings in Xcode: Which step am I missing to link it correct...
I want to learn about the nuts-and-bolts of using SSL to secure client/server communication. Is there any documentation, anywhere, regarding how to do this with OpenSSL? The best I've been able to find so far is the source code for stunnel (http://www.stunnel.org/)... To be more precise, I want the client to be able to connect with th...
I am trying to convert into Java keystore file into a PEM file using keytool and openssl applicactions. But I could not find a good way to do the conversion. Any idea? Instead of converting the kaystore into PEM I tried to create a PKCS12 file first and then convert into relevant PEM file and Keystore. But I could not establish connect...
Hello there! I need to mimic what MySQL does when encrypting and decrypting strings using built-in functions AES_ENCRYPT() and AES_DECRYPT(). I have read a couple of blog posts and apparently MySQL uses AES 128-bit encryption for those functions. On top of that, since this encryption requires a 16-bit key, MySQL pads the string with x0...
I have shoes raisins (0.r1134) [i686-darwin8.9.1] +video I'm trying to set up a Shoes.setup block like this: Shoes.setup do gem 'mini_exiftool' gem 'xml-simple > 1.0' require "mini_exiftool" require 'xmlrpc/client' require 'xmlsimple.rb' require "my_webservice_api_wrapper" mwa = MyWebserviceApiWrapper.new mwa.login ...
Hello everyone, I've spent a few hours trying to configure my Apache server to use SSL with no public IP, just localhost. I've created the certificate OK, I think (it has been like a crash course on black magic for me), and when I try tro access https://localhost, the browser says "Connected to localhost..." on the status line but just ...
Hello all and thanks for your time reading this. I need to verify certificates issued by my own CA, for which I have a certificate. How can I do the equivalent to openssl's openssl verify -CAfile in Ruby code? The RDoc for OpenSSL is not very helpful in this regard. I've tried: require 'openssl' ca = OpenSSL::X509::Certificate.ne...
I have long been confused if using the BIO_* way would have obvious advantage over the raw SSL_* calls. I always use the non-bio as I thought I have more control. ...
There seems to be a bug in the SSL implementation of an https server I'm connecting to; the problem initially arose in my application, but I've since been debugging / reproducing it with the openssl commandline utility, so I'm fairly certain it has nothing to do with my application at this point. If I connect to the remote server with n...
The man page did not clearly specify this. But looking at openssl's apps implementations, SSL_CTX_use_PrivateKey* calls are usually made after SSL_CTX_use_certificate_file succeeded. I assume this is mostly used at the server side. I recently confused the above function with SSL_CTX_load_verify_locations wherein you could specify a CA c...
We use a private certificate authority powered by OpenSSL to authenticate our customers. We provide a simple web-based utility which allows them to upload a CSR file for the certificate authority to sign. At the moment, we can only issue certificates for a fixed period, currently 365 days. However, our customers have asked if they can s...
I generally build my openssl libs by doing this: perl Configure VC-WIN32 ms\do_masm nmake -f ms\ntdll.mak nmake -f ms\ntdll.mak test For debugging minidumps, I'd like to get a pdb file for the 2 dlls (while still building them in "release" mode). I've added /Zi to the CFLAGS part of ms\ntdll.mak, but I still get "Binary was not bui...
I have an app with an embedded webserver. This webserver can now do SSL via the OpenSSL package :) Now to the cert issue. This app is sold, which I say because it's not just sitting on a server I own -- it gets installed on thousands of computers. I want my customers to be safe so I want them to use SSL as painlessly as possible. Ri...
I need a small CA software which meet following criteria: CLI Interface (we all really hate gui things for server software, don't we?) Issuing certificates for websites. So I just can install one root certificate on client machines to get rid of that warnings) Issuing user certificates (as p12 and other stuff, so I can authenticate usi...