Search Results

Search found 890 results on 36 pages for 'openssl'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 5/36 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Question about creating digital signature using OpenSSL?(pkcs7)

    - by dangtuantu2002
    I'm using OpenSSL to create digital signature fo my application but I'm getting one problem. BIO *in = NULL, *out = NULL, *tbio = NULL; X509 *scert = NULL; EVP_PKEY *skey = NULL; PKCS7 *p7 = NULL; .......................... .......................... **p7 = PKCS7_sign(scert, skey, NULL, in, flags);** I don't know how can we get digital signature from PKCS7 object to put it into specific variable. Could you please help me to resolve this problem? Thank you very much.

    Read the article

  • SSL_accept hangs... sometimes ( C, linux, openssl )

    - by zbigh
    I'm currently working on an embedded linux system. There are two crucial client applications on the system that connect to an external server ( on another embedded system, all written in C ). The two apps use different certificates. The ssl connection works... At least usually, but from time to time an error occures: the server hangs on SSL_accept() when accepting connection from one of the applications - the one using older certificates. Restarting the server application does not help, nor does restarting the client - the only way is to reboot the server system, unless I create a symbilic link to the new certificates used by the other app - only then will restarting the server app work. Never does the error occur when both applications use the same, new certificate. Could this happen due to some strange openssl cache or something like that?

    Read the article

  • How to verify a self-signed certificate from another server using openssl?

    - by ntsue
    I am new to openssl and I am having some trouble verifying (from a client machine) an ftp server using ssl with a self-signed certificate. I generated the .cer file by going to my server in IIS and exporting the certificate without the private key. I believe that this is all that I should need on the client side, right? I use the following code to verify the certificate openssl verify ftp.cer and the error that I get back is error 20 at 0 depth lookup:unable to get local issuer certificate I tried this as well: openssl verify -CAfile ftp.cer ftp.cer but received the same error. From what I understand about SSL, this is happening because I have no chain of trust that connects to this server. By default, openssl did not install any trusted CAs and this is fine. I would just like to tell it to trust this server. I tried various tutorials telling me how to add a certificate authority, including this one here, however the instructions are for linux and include adding a symlink and I am trying to do this in windows. If anyone could provide any guidance on how to do this, or enlighten me if I am not understanding something correctly, I would greatly appreciate it. Thanks!

    Read the article

  • OpenSSL: how to setup an OCSP server for checking third-party certificates?

    - by StackedCrooked
    I am testing the Certificate Revocation functionality of a CMTS device. This requires me to setup a OCSP responder. Since it will only be used for testing I assume that the minimal implementation provided by OpenSSL should suffice. I have extracted the a certificate from a cable modem, copied it to my PC and converted it to the PEM format. Now I want to register it in the OpenSSL OCSP database and start a server. I have completed all these steps, but when I do a client request my server invariably responds with "unknown". It seems to be completely unaware of my certificate's existence. I would greatly appreciate if anyone would be willing to have a look at my code. For your convenience, I have created a single script consisting of a sequential list of all used commands, from setting up the CA until starting the server: http://code.google.com/p/stacked-crooked/source/browse/trunk/Misc/OpenSSL/AllCommands.sh You can also find the custom config file and the certificate that I am testing with: http://code.google.com/p/stacked-crooked/source/browse/trunk/Misc/OpenSSL/ Any help would be greatly appreciated.

    Read the article

  • OpenSSL: how to setup an OCSP server for checking third-party certificates?

    - by StackedCrooked
    I am testing the Certificate Revocation functionality of a CMTS device. This requires me to setup a OCSP responder. Since it will only be used for testing I assume that the minimal implementation provided by OpenSSL should suffice. I have extracted the a certificate from a cable modem, copied it to my PC and converted it to the PEM format. Now I want to register it in the OpenSSL OCSP database and start a server. I have completed all these steps, but when I do a client request my server invariably responds with "unknown". It seems to be completely unaware of my certificate's existence. I would greatly appreciate if anyone would be willing to have a look at my code. For your convenience, I have created a single script consisting of a sequential list of all used commands, from setting up the CA until starting the server: http://code.google.com/p/stacked-crooked/source/browse/trunk/Misc/OpenSSL/AllCommands.sh You can also find the custom config file and the certificate that I am testing with: http://code.google.com/p/stacked-crooked/source/browse/trunk/Misc/OpenSSL/ Any help would be greatly appreciated.

    Read the article

  • Cross-compiling with OpenSSL for Windows

    - by singpolyma
    I'm trying to compile the oauth-utils http://mir.dnsalias.com/oss/oauth/start for Windows from Ubuntu. I have compiled it on Windows before (a few months back), but wanted to try cross-compiling. I got openssl build using mingw32 ok, and put libssl.a and libcrypto.a in the right place. The linker is now finding the libraries (yay!) but I get the following error: /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xaac): undefined reference to `_CreateDCA@16' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xab9): undefined reference to `_CreateCompatibleDC@4' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xacc): undefined reference to `_GetDeviceCaps@8' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xadc): undefined reference to `_GetDeviceCaps@8' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xaf4): undefined reference to `_CreateCompatibleBitmap@12' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xb04): undefined reference to `_SelectObject@8' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xb18): undefined reference to `_GetObjectA@12' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xb81): undefined reference to `_BitBlt@36' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xb8c): undefined reference to `_GetBitmapBits@12' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xbe5): undefined reference to `_SelectObject@8' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xbec): undefined reference to `_DeleteObject@4' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xbf6): undefined reference to `_DeleteDC@4' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xc00): undefined reference to `_DeleteDC@4' Any ideas what could be causing this? Thanks.

    Read the article

  • SMTP on C: STARTTLS via OpenSSL

    - by Jackell
    Hi all! I am using openssl to build secure smtp connections to gmail.com:25. So I can successfully connect to the server and sends a command STARTTLS (I receive 220 2.0.0 Ready to start TLS). Then execute the following code without disconnecting: SSL_METHOD* method = NULL; SSL_library_init(); SSL_load_error_strings(); method = SSLv23_client_method(); ctx = SSL_CTX_new(method); if (ctx == NULL) { ERR_print_errors_fp(stderr); } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); ssl = SSL_new(ctx); if (!SSL_set_fd(ssl, socket)) { ERR_print_errors_fp(stderr); return; } if (ssl) { if (SSL_connect((SSL*)ssl) < 1) { ERR_print_errors_fp(stderr); } // then i think i need to send EHLO } But after calling SSL_connect I get an error: 24953:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601: If I use SSLv3_client_method I get an error: 18143:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284. And If TLSv1_client_method: 21293:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284: Why? What I do wrong?

    Read the article

  • Create x509 certificate with openssl/makecert tool

    - by Zé Carlos
    I'm creating a x509 certificate using makecert with the following parameters: makecert -r -pe -n "CN=Client" -ss MyApp I want to use this certificate to encrypt and decrypt data with RSA algoritm. I look to generated certificate in windows certificate store and everything seems ok (It has a private key, public key is a RSA key with 1024 bits and so on..) Now i use this C# code to encrypt data: X509Store store = new X509Store("MyApp", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, "Client", false); X509Certificate2 _x509 = certs[0]; using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)_x509.PrivateKey) { byte[] dataToEncrypt = Encoding.UTF8.GetBytes("hello"); _encryptedData = rsa.Encrypt(dataToEncrypt, true); } When executing the Encrypt method, i receive a CryptographicException with message "Bad key". I think the code is fine. Probably i'm not creating the certificate properly. Any comments? Thanks ---------------- EDIT -------------- If anyone know how to create the certificate using OpenSsl, its also a valid answer for me.

    Read the article

  • openssl crypto library - base64 conversion

    - by Hassan Syed
    I'm using openssl BIO objects to convert a binary string into a base64 string. The code is as follows: void ToBase64(std::string & s_in) { BIO * b_s = BIO_new( BIO_s_mem() ); BIO * b64_f = BIO_new( BIO_f_base64() ); b_s = BIO_push( b64_f , b_s); std::cout << "IN::" << s_in.length(); BIO_write(b_s, s_in.c_str(), s_in.length()); char * pp; int sz = BIO_get_mem_data(b_s, &pp); std::cout << "OUT::" << sz << endl; s_in.assign(pp,sz); //std::cout << sz << " " << std::string(pp,sz) << std::endl; BIO_free (b64_f); // TODO ret error potential BIO_free (b_s); // } The in length is either 64 or 72. However the output is always 65, which is incorrect it should be much larger than that. The documentation isn't the best in the world, AFAIK the bio_s_mem object is supposed to grow dynamically. What am I doing wrong ?

    Read the article

  • BN_hex2bn magicaly segfaults in openSSL

    - by xunil154
    Greetings, this is my first post on stackoverflow, and i'm sorry if its a bit long. I'm trying to build a handshake protocol for my own project and am having issues with the server converting the clients RSA's public key to a Bignum. It works in my clent code, but the server segfaults when attempting to convert the hex value of the clients public RSA to a bignum. I have already checked that there is no garbidge before or after the RSA data, and have looked online, but i'm stuck. header segment: typedef struct KEYS { RSA *serv; char* serv_pub; int pub_size; RSA *clnt; } KEYS; KEYS keys; Initializing function: // Generates and validates the servers key /* code for generating server RSA left out, it's working */ //Set client exponent keys.clnt = 0; keys.clnt = RSA_new(); BN_dec2bn(&keys.clnt->e, RSA_E_S); // RSA_E_S contains the public exponent Problem code (in Network::server_handshake): // *Recieved an encrypted message from the network and decrypt into 'buffer' (1024 byte long)* cout << "Assigning clients RSA" << endl; // I have verified that 'buffer' contains the proper key if (BN_hex2bn(&keys.clnt->n, buffer) < 0) { Error("ERROR reading server RSA"); } cout << "clients RSA has been assigned" << endl; The program segfaults at BN_hex2bn(&keys.clnt->n, buffer) with the error (valgrind output) Invalid read of size 8 at 0x50DBF9F: BN_hex2bn (in /usr/lib/libcrypto.so.0.9.8) by 0x40F23E: Network::server_handshake() (Network.cpp:177) by 0x40EF42: Network::startNet() (Network.cpp:126) by 0x403C38: main (server.cpp:51) Address 0x20 is not stack'd, malloc'd or (recently) free'd Process terminating with default action of signal 11 (SIGSEGV) Access not within mapped region at address 0x20 at 0x50DBF9F: BN_hex2bn (in /usr/lib/libcrypto.so.0.9.8) And I don't know why it is, Im using the exact same code in the client program, and it works just fine. Any input is greatly appriciated!

    Read the article

  • SIMPLE OpenSSL RSA Encryption in C/C++ is causing me headaches

    - by Josh
    Hey guys, I'm having some trouble figuring out how to do this. Basically I just want a client and server to be able to send each other encrypted messages. This is going to be incredibly insecure because I'm trying to figure this all out so I might as well start at the ground floor. So far I've got all the keys working but encryption/decryption is giving me hell. I'll start by saying I am using C++ but most of these functions require C strings so whatever I'm doing may be causing problems. Note that on the client side I receive the following error in regards to decryption. error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed I don't really understand how padding works so I don't know how to fix it. Anywho here are the relevant variables on each side followed by the code. Client: RSA *myKey; // Loaded with private key // The below will hold the decrypted message unsigned char* decrypted = (unsigned char*) malloc(RSA_size(myKey)); /* The below holds the encrypted string received over the network. Originally held in a C-string but C strings never work for me and scare me so I put it in a C++ string */ string encrypted; // The reinterpret_cast line was to get rid of an error message. // Maybe the cause of one of my problems? if(RSA_private_decrypt(sizeof(encrypted.c_str()), reinterpret_cast<const unsigned char*>(encrypted.c_str()), decrypted, myKey, RSA_PKCS1_OAEP_PADDING)==-1) { cout << "Private decryption failed" << endl; ERR_error_string(ERR_peek_last_error(), errBuf); printf("Error: %s\n", errBuf); free(decrypted); exit(1); } Server: RSA *pkey; // Holds the client's public key string key; // Holds a session key I want to encrypt and send //The below will hold the encrypted message unsigned char *encrypted = (unsigned char*)malloc(RSA_size(pkey)); // The reinterpret_cast line was to get rid of an error message. // Maybe the cause of one of my problems? if(RSA_public_encrypt(sizeof(key.c_str()), reinterpret_cast<const unsigned char*>(key.c_str()), encrypted, pkey, RSA_PKCS1_OAEP_PADDING)==-1) { cout << "Public encryption failed" << endl; ERR_error_string(ERR_peek_last_error(), errBuf); printf("Error: %s\n", errBuf); free(encrypted); exit(1); } Let me once again state, in case I didn't before, that I know my code sucks but I'm just trying to establish a framework for understanding this. I'm sorry if this offends you veteran coders. Thanks in advance for any help you guys can provide!

    Read the article

  • BN_hex2bn magically segfaults in openSSL

    - by xunil154
    Greetings, this is my first post on stackoverflow, and i'm sorry if its a bit long. I'm trying to build a handshake protocol for my own project and am having issues with the server converting the clients RSA's public key to a Bignum. It works in my clent code, but the server segfaults when attempting to convert the hex value of the clients public RSA to a bignum. I have already checked that there is no garbidge before or after the RSA data, and have looked online, but i'm stuck. header segment: typedef struct KEYS { RSA *serv; char* serv_pub; int pub_size; RSA *clnt; } KEYS; KEYS keys; Initializing function: // Generates and validates the servers key /* code for generating server RSA left out, it's working */ //Set client exponent keys.clnt = 0; keys.clnt = RSA_new(); BN_dec2bn(&keys.clnt->e, RSA_E_S); // RSA_E_S contains the public exponent Problem code (in Network::server_handshake): // *Recieved an encrypted message from the network and decrypt into 'buffer' (1024 byte long)* cout << "Assigning clients RSA" << endl; // I have verified that 'buffer' contains the proper key if (BN_hex2bn(&keys.clnt->n, buffer) < 0) { Error("ERROR reading server RSA"); } cout << "clients RSA has been assigned" << endl; The program segfaults at BN_hex2bn(&keys.clnt->n, buffer) with the error (valgrind output) Invalid read of size 8 at 0x50DBF9F: BN_hex2bn (in /usr/lib/libcrypto.so.0.9.8) by 0x40F23E: Network::server_handshake() (Network.cpp:177) by 0x40EF42: Network::startNet() (Network.cpp:126) by 0x403C38: main (server.cpp:51) Address 0x20 is not stack'd, malloc'd or (recently) free'd Process terminating with default action of signal 11 (SIGSEGV) Access not within mapped region at address 0x20 at 0x50DBF9F: BN_hex2bn (in /usr/lib/libcrypto.so.0.9.8) And I don't know why it is, Im using the exact same code in the client program, and it works just fine. Any input is greatly appriciated!

    Read the article

  • OpenSSL certificate lacks key identifiers

    - by 0xDEAD BEEF
    How do i add these sections to certificate (i am manualy building it using C++). X509v3 Subject Key Identifier: A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0 X509v3 Authority Key Identifier: keyid:A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0 Curently my code builds sertificate well, except for those keys.. :/ static X509 * GenerateSigningCertificate(EVP_PKEY* pKey) { X509 *x; x = X509_new(); //create x509 certificate X509_set_version(x, NID_X509); ASN1_INTEGER_set(X509_get_serialNumber(x), 0x00000000); //set serial number X509_gmtime_adj(X509_get_notBefore(x), 0); X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*365); //1 year X509_set_pubkey(x, pKey); //set pub key from just generated rsa X509_NAME *name; name = X509_get_subject_name(x); NAME_StringField(name, "C", "LV"); NAME_StringField(name, "CN", "Point"); //common name NAME_StringField(name, "O", "Point"); //organization X509_set_subject_name(x, name); //save name fields to certificate X509_set_issuer_name(x, name); //save name fields to certificate X509_EXTENSION *ex; ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server"); X509_add_ext(x,ex,-1); X509_EXTENSION_free(ex); ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment, "example comment extension"); X509_add_ext(x, ex, -1); X509_EXTENSION_free(ex); ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name, "www.lol.lv"); X509_add_ext(x, ex, -1); X509_EXTENSION_free(ex); ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical,CA:TRUE"); X509_add_ext(x, ex, -1); X509_EXTENSION_free(ex); X509_sign(x, pKey, EVP_sha1()); //sign x509 certificate return x; }

    Read the article

  • How Do I Use Multiple Versions of OpenSSL ... One for Apache and one for PHP

    - by Ken S.
    I have an Apache 2.2 (self-compiled version) server that is getting dinged during a PCI scan because it does not support TLS 1.1 or 1.2 ciphers. After some digging I found that the installed version of OpenSSL (0.9.8e) does not contain the newest TLS ciphers. So I went and downloaded and compiled the latest version of OpenSSL (1.0.1c) and have it installed in an alternate location within /opt so it wouldn't interfere with the installed version. What I would like to do is to compile Apache against the 1.0.1 libraries and keep the system-installed libraries for use with PHP, cURL, openssh, etc. I'm hoping that doing it this way will allow Apache to use the newest TLS but not break anything with any other programs that require the old libraries. I thought I could do this by adding an entry in to /etc/ld.so.conf that pointed to the new libraries, but I think this will conflict with the existing ones. i.e. two references to libcrypto could cause everything to have issues. The main reason for doing this is because of issues with PHP cURLing to external servers and having issues with the latest OpenSSL libs thus requiring edits to our PHP code. Would love some guidance on how best to accomplish this.

    Read the article

  • OpenSSL 1.0: Remove Elliptic Curves Extension

    - by rursw1
    Hi, Is there any way to remove the elliptic curves extension - elliptic_curves and ec_point_formats? (Via function like SSL_CTX_set_options with SSL_OP_NO_TICKET for the SessionTicket extension, or by conditional compilation, or something else that works...) Thank you in advance!

    Read the article

  • C socket and openssl (RSA)

    - by giozh
    there's something strange in my client/server socket using RSA. If i test it on localhost, everithing goes fine, but if i put client on a pc and server on othe pc, something gone wrong. Client after call connect, call a method for public keys exchange with server. This part of code works fine. After this, client send a request to server: strcpy(send_pack->op, "help\n"); RSA_public_encrypt(strlen(send_pack->op), send_pack->op, encrypted_send->op, rsa_server, padding); rw_value = write(server, encrypted_send, sizeof (encrypted_pack)); if (rw_value == -1) { stampa_errore(write_error); close(server); exit(1); } if (rw_value == 0) { stampa_errore(no_response); close(server); exit(1); } printf("---Help send, waiting for response\n"); set_alarm(); rw_value = read(server, encrypted_receive, sizeof (encrypted_pack)); alarm(0); if (rw_value == -1) { stampa_errore(read_error); exit(1); } if (rw_value == 0) { stampa_errore(no_response); close(server); exit(1); } RSA_private_decrypt(RSA_size(rsa), encrypted_receive->message, receive_pack->message, rsa, padding); printf("%s\n", receive_pack->message); return; } but when server try to decrypt the receive message on server side, the "help" string doesn't appear. This happen only on the net, on localhost the same code works fine... EDIT: typedef struct pack1 { unsigned char user[encrypted_size]; unsigned char password[encrypted_size]; unsigned char op[encrypted_size]; unsigned char obj[encrypted_size]; unsigned char message[encrypted_size]; int id; }encrypted_pack; encrypted_size is 512, and padding used is RSA_PKCS1_PADDING

    Read the article

  • Does openssl errno 104 mean that SSLv2 is disabled?

    - by David
    I want to check if my server has SSLv2 disabled. I am doing this by attempting to connect remotely with openssl with the following shell command. openssl s_client -connect HOSTNAME:443 -ssl2 Most literature I could find on the Internet says if I see something similar to the following error then SSLv2 is properly disabled. 29638:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428: I do get the above error when connecting to my Ubuntu server with SSLv2 disabled in Apache Apache but when I connect to my Windows Server 2008 R2 server with SSLv2 disabled in the registry I get the following output and error. CONNECTED(00000003) write:errno=104 I can't find any literature explaining this output and error. If anybody could explain to me if and why this output and error means that SSLv2 is properly disabled, I would appreciate it. Thanks!

    Read the article

  • how to install OpenSSL in windows 7 and also how to check, its enabled or not?

    - by Andy
    how to install OpenSSL in windows 7 and also how to check, its enabled or not? I currently run php through the command line locally not on a server. Thanks I recently installed php 5.2.17 I ran a program which connect with a https server and I got the following error Notice: file_get_contents(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP? in C:\java\newsweaver-api-v2\simple\list- tags.php on line 30 I added extension=php_openssl.dll to php.ini but I'm wondering is openssl native to php 5.2.17 or do I need to download an extntion. Thanks

    Read the article

  • compile ntp without ssl

    - by Zulakis
    I need to deploy ntp to a very space-critical pxe-imaging-system. (Yes, each KB matters.) Footprint needs to be as small as possible, so I want to compile ntp without linking openssl. According to the manual this is should be possible: If available, the OpenSSL library from http://www.openssl.org is used to support public key cryptography. The library must be built and installed prior to building NTP. The procedures for doing that are included in the OpenSSL documentation. The library is found during the normal NTP configure phase and the interface routines compiled automatically. Only the libcrypto.a library file and openssl header files are needed. If the library is not available or disabled, this step is not required. I already tried out ./configure --without-openssl however, this didn't help. This is my ldd output: ldd ntpd/ntpd linux-gate.so.1 => (0xb7706000) libm.so.6 => /lib/i686/cmov/libm.so.6 (0xb76d5000) libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7582000) librt.so.1 => /lib/i686/cmov/librt.so.1 (0xb7578000) libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb741d000) /lib/ld-linux.so.2 (0xb7707000) libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7419000) libz.so.1 => /usr/lib/libz.so.1 (0xb7404000) libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb73eb000) The system I am compiling on is 32-bit debian lenny using openssl 0.9.8g-15+lenny16. What is the correct configure option to compile ntp without openssl?

    Read the article

  • Forward secrecy in Nginx (CentOS6)

    - by Anil
    I am trying to enable Forward secrecy in CentOS with nginx webserver. What I have tried I have read some tutorials and seems like we should have nginx, openssl latest versions to enable it. So I had installed the openssl latest from source. sudo wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz sudo tar -xvzf openssl-1.0.1e.tar.gz cd openssl-1.0.1e sudo ./config --prefix=/usr/local sudo make sudo make install Now OpenSSL supports the Eliptic Curve ciphers(ECDHE). I tested this with openssl s_server also. It worked well. Next, I replaced Nginx with latest. sudo wget http://nginx.org/packages/centos/6/x86_64/RPMS/nginx-1.4.2-1.el6.ngx.x86_64.rpm sudo rpm -e nginx sudo rpm -ivh nginx-1.4.2-1.el6.ngx.x86_64.rpm and configured Nginx as described in this link ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+RC4:EDH+aRSA:EECDH:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; http://baudehlo.wordpress.com/2013/06/24/setting-up-perfect-forward-secrecy-for-nginx-or-stud/ But now Nginx does not support ECDHE ciphers. It supports DHE ciphers. I tried by just enabling ECDHE cipher in nginx still doesn't work. I am using latest web browser(chrome 29 and it support this cipher) Am i missing anything ? Or Having issues with CentOS or Nginx? I read somewhere that ECC patent issues with CentOS, is this causing problem?

    Read the article

  • OpenSSL x509 Purpose flag "Any Purpose" What is this?

    - by Nick
    Looking at the details of a certificate using the following: openssl x509 -noout -text -purpose -in mycert.pem I find a bunch of purpose flags (which I've discovered are set by the various extensions attached to a certificate). One of these purpose flags is "Any Purpose". I can't seem to find ANY documentation on this flag and why or why not it is set. Do any of you know where I can find more information on this purpose and what it means? Thanks,

    Read the article

  • OpenSSL x509 Purpose flag "Any Purpose" What is this?

    - by Nick
    Looking at the details of a certificate using the following: openssl x509 -noout -text -purpose -in mycert.pem I find a bunch of purpose flags (which I've discovered are set by the various extensions attached to a certificate). One of these purpose flags is "Any Purpose". I can't seem to find ANY documentation on this flag and why or why not it is set. Do any of you know where I can find more information on this purpose and what it means? Thanks,

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >