- Page 1 and 2: HP Open Source Security for OpenVMS
- Page 3 and 4: Contents 1. Installation and Releas
- Page 5 and 6: Contents 4.3.2 Creating and Setting
- Page 7: Tables Table 4-1. APIs for Data Str
- Page 11 and 12: Preface The HP Open Source Security
- Page 13: Convention Meaning [ ] In command f
- Page 16 and 17: Installation and Release Notes Open
- Page 18 and 19: Installation and Release Notes Down
- Page 20 and 21: Installation and Release Notes Down
- Page 22 and 23: Installation and Release Notes HP S
- Page 24 and 25: Installation and Release Notes Rele
- Page 26 and 27: Installation and Release Notes Rele
- Page 28 and 29: Installation and Release Notes Rele
- Page 30 and 31: Installation and Release Notes Rele
- Page 32 and 33: Overview of SSL The SSL Handshake T
- Page 34 and 35: Overview of SSL Cipher Suite The ce
- Page 36 and 37: Overview of SSL Digital Signatures
- Page 38 and 39: Using the Certificate Tool Viewing
- Page 40 and 41: Using the Certificate Tool Create a
- Page 42 and 43: Using the Certificate Tool Create a
- Page 44 and 45: Using the Certificate Tool Create a
- Page 46 and 47: Using the Certificate Tool Sign a C
- Page 48 and 49: Using the Certificate Tool Hash Cer
- Page 50 and 51: Using the Certificate Tool Hash Cer
- Page 52 and 53: SSL Programming Concepts HP SSL Dat
- Page 54 and 55: SSL Programming Concepts Certificat
- Page 56 and 57: SSL Programming Concepts Certificat
- Page 58 and 59:
SSL Programming Concepts Certificat
- Page 60 and 61:
SSL Programming Concepts SSL Progra
- Page 62 and 63:
SSL Programming Concepts SSL Progra
- Page 64 and 65:
SSL Programming Concepts SSL Progra
- Page 66 and 67:
SSL Programming Concepts SSL Progra
- Page 68 and 69:
SSL Programming Concepts SSL Progra
- Page 70 and 71:
SSL Programming Concepts SSL Progra
- Page 72 and 73:
SSL Programming Concepts SSL Progra
- Page 74 and 75:
Example Programs Template for Creat
- Page 76 and 77:
Example Programs Template for Creat
- Page 78 and 79:
Example Programs Simple SSL Client
- Page 80 and 81:
Example Programs Simple SSL Client
- Page 82 and 83:
Example Programs Simple SSL Client
- Page 84 and 85:
Example Programs Simple SSL Server
- Page 86 and 87:
Example Programs Simple SSL Server
- Page 88 and 89:
Example Programs Simple SSL Server
- Page 90 and 91:
OpenSSL Command Line Interface Stan
- Page 92 and 93:
OpenSSL Command Line Interface Mess
- Page 94 and 95:
OpenSSL Command Line Interface Enco
- Page 96 and 97:
OpenSSL Command Line Interface Crea
- Page 98 and 99:
asn1parse NAME Synopsis 98 asn1pars
- Page 100 and 101:
ca NAME Synopsis 100 ca - sample mi
- Page 102 and 103:
102 The DN of a certificate can con
- Page 104 and 105:
104 default_days the same as the -d
- Page 106 and 107:
Certify a Netscape SPKAC: openssl c
- Page 108 and 109:
It is advisable to also include val
- Page 110 and 111:
Lists of cipher suites can be combi
- Page 112 and 113:
112 cipher suites using DES (not tr
- Page 114 and 115:
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
- Page 116 and 117:
1.OU="My first OU" 2.OU="My Second
- Page 118 and 119:
118 verify the signature on a CRL b
- Page 120 and 121:
NOTES The output file is a PKCS#7 s
- Page 122 and 123:
122 file... file or files to digest
- Page 124 and 125:
124 this option specifies that a pa
- Page 126 and 127:
126 -des|-des3|-idea These options
- Page 128 and 129:
dsaparam NAME Synopsis 128 dsaparam
- Page 130 and 131:
enc NAME Synopsis 130 enc - symmetr
- Page 132 and 133:
All the block ciphers normally use
- Page 134 and 135:
gendsa NAME Synopsis 134 gendsa - g
- Page 136 and 137:
Because key generation is a random
- Page 138 and 139:
ocsp NAME Synopsis 138 ocsp - Onlin
- Page 140 and 141:
140 -no_cert_verify don't verify th
- Page 142 and 143:
EXAMPLES Create an OCSP request and
- Page 144 and 145:
144 crl2pkcs7 CRL to PKCS#7 Convers
- Page 146 and 147:
146 sha1 SHA-1 Digest ENCODING AND
- Page 148 and 149:
passwd NAME Synopsis 148 passwd - c
- Page 150 and 151:
pkcs12 NAME Synopsis 150 pkcs12 - P
- Page 152 and 153:
152 -pass arg, -passout arg the PKC
- Page 154 and 155:
old-openssl -in bad.p12 -out keycer
- Page 156 and 157:
NOTES The PEM PKCS#7 format uses th
- Page 158 and 159:
158 -nocrypt PKCS#8 keys generated
- Page 160 and 161:
STANDARDS Test vectors from this PK
- Page 162 and 163:
eq NAME Synopsis 162 req - PKCS#10
- Page 164 and 165:
164 -x509 this option outputs a sel
- Page 166 and 167:
166 It can be set to several values
- Page 168 and 169:
countryName_default= AU countryName
- Page 170 and 171:
SEE ALSO x509(1), ca (1), genrsa (1
- Page 172 and 173:
172 -des|-des3|-idea These options
- Page 174 and 175:
sautl NAME Synopsis 174 rsautl - RS
- Page 176 and 177:
The certificate public key can be e
- Page 178 and 179:
178 -showcerts display the whole se
- Page 180 and 181:
The -prexit option is a bit of a ha
- Page 182 and 183:
182 -dhparam filename the DH parame
- Page 184 and 185:
184 Q end the current SSL connectio
- Page 186 and 187:
186 -new performs the timing test u
- Page 188 and 189:
sess_id NAME Synopsis 188 sess_id -
- Page 190 and 191:
SEE ALSO ciphers (1), s_server (1)
- Page 192 and 193:
192 -out filename the message text
- Page 194 and 195:
NOTES The MIME message must be sent
- Page 196 and 197:
The current code can only handle S/
- Page 198 and 199:
spkac NAME Synopsis 198 spkac - SPK
- Page 200 and 201:
verify NAME Synopsis 200 verify - U
- Page 202 and 203:
The first line contains the name of
- Page 204 and 205:
204 30 X509_V_ERR_AKID_SKID_MISMATC
- Page 206 and 207:
x509 NAME Synopsis 206 x509 - Certi
- Page 208 and 209:
208 -C this outputs the certificate
- Page 210 and 211:
210 The default filename consists o
- Page 212 and 213:
TEXT OPTIONS As well as customising
- Page 214 and 215:
it will also handle files containin
- Page 216 and 217:
There should be options to explicit
- Page 218 and 219:
ASN1_OBJECT_new NAME Synopsis 218 A
- Page 220 and 221:
RETURN VALUES None. SEE ALSO ERR_ge
- Page 222 and 223:
ASN1_STRING_print_ex NAME Synopsis
- Page 224 and 225:
io NAME Synopsis 224 bio - I/O abst
- Page 226 and 227:
BIO_set_close() sets the BIO b clos
- Page 228 and 229:
io = BIO_push(b64, bio); while((inl
- Page 230 and 231:
BIO_set_read_buffer_size(), BIO_set
- Page 232 and 233:
EXAMPLES None. SEE ALSO None. 232
- Page 234 and 235:
BIO *bio, *mdtmp; char message[] =
- Page 236 and 237:
BIO_f_null NAME Synopsis 236 BIO_f_
- Page 238 and 239:
BIO_set_ssl_renegotiate_bytes() set
- Page 240 and 241:
BIO *sbio, *bbio, *acpt, *out; int
- Page 242 and 243:
BIO_find_type NAME Synopsis 242 BIO
- Page 244 and 245:
BIO_new NAME Synopsis 244 BIO_new,
- Page 246 and 247:
BIO_push NAME Synopsis 246 BIO_push
- Page 248 and 249:
BIO_read NAME Synopsis 248 BIO_read
- Page 250 and 251:
BIO_set_accept_bios() can be used t
- Page 252 and 253:
BIO_s_bio NAME Synopsis 252 BIO_s_b
- Page 254 and 255:
EXAMPLE The BIO pair can be used to
- Page 256 and 257:
BIO_set_conn_int_port() sets the po
- Page 258 and 259:
BIO_s_fd NAME Synopsis 258 BIO_s_fd
- Page 260 and 261:
BIO_s_file NAME Synopsis 260 BIO_s_
- Page 262 and 263:
Restrictions BIO_reset() and BIO_se
- Page 264 and 265:
NOTES Writes to memory BIOs will al
- Page 266 and 267:
BIO_s_socket NAME Synopsis 266 BIO_
- Page 268 and 269:
268 callback(b, BIO_CB_READ, out, o
- Page 270 and 271:
NOTES If BIO_should_retry() returns
- Page 272 and 273:
BF_cfb64_encrypt() is the CFB mode
- Page 274 and 275:
int BN_rand(BIGNUM *rnd, int bits,
- Page 276 and 277:
BN_add NAME Synopsis 276 BN_add, BN
- Page 278 and 279:
BN_add_word NAME Synopsis 278 BN_ad
- Page 280 and 281:
BN_bn2hex() and BN_bn2dec() return
- Page 282 and 283:
BN_copy NAME Synopsis 282 BN_copy,
- Page 284 and 285:
BN_CTX_start NAME Synopsis 284 BN_C
- Page 286 and 287:
The error codes can be obtained by
- Page 288 and 289:
The BIGNUM structure typedef struct
- Page 290 and 291:
BN_mod_inverse NAME Synopsis 290 BN
- Page 292 and 293:
BN_to_montgomery() is a macro. RETU
- Page 294 and 295:
SEE ALSO bn (3), ERR_get_error (3),
- Page 296 and 297:
BN_num_bits NAME Synopsis 296 BN_nu
- Page 298 and 299:
BN_set_bit NAME Synopsis 298 BN_set
- Page 300 and 301:
BN_zero NAME Synopsis 300 BN_zero,
- Page 302 and 303:
HISTORY BUF_MEM_new(), BUF_MEM_free
- Page 304 and 305:
CONF_modules_load_file NAME Synopsi
- Page 306 and 307:
SEE ALSO openssl (1), ssl (3) 306
- Page 308 and 309:
d2i_ASN1_OBJECT NAME Synopsis 308 d
- Page 310 and 311:
d2i_DSAPublicKey NAME Synopsis 310
- Page 312 and 313:
d2i_PKCS8PrivateKey_bio NAME Synops
- Page 314 and 315:
d2i_X509 NAME Synopsis 314 d2i_X509
- Page 316 and 317:
* Something to setup buf and len */
- Page 318 and 319:
d2i_X509_ALGOR NAME Synopsis 318 d2
- Page 320 and 321:
d2i_X509_NAME NAME Synopsis 320 d2i
- Page 322 and 323:
d2i_X509_SIG NAME Synopsis 322 d2i_
- Page 324 and 325:
DES_key_schedule *ks1, DES_key_sche
- Page 326 and 327:
DES_cbc_cksum() produces an 8 byte
- Page 328 and 329:
Modes NAME 328 Modes, of, DES - the
- Page 330 and 331:
NOTES This text was been written in
- Page 332 and 333:
SEE ALSO dhparam (1), bn (3), dsa (
- Page 334 and 335:
DH_generate_parameters NAME Synopsi
- Page 336 and 337:
DH_get_ex_new_index NAME Synopsis 3
- Page 338 and 339:
DH_set_default_method NAME Synopsis
- Page 340 and 341:
DH_size NAME Synopsis 340 DH_size -
- Page 342 and 343:
The DSA structure consists of sever
- Page 344 and 345:
DSA_dup_DH NAME Synopsis 344 DSA_du
- Page 346 and 347:
DSA_generate_parameters NAME Synops
- Page 348 and 349:
DSA_get_ex_new_index NAME Synopsis
- Page 350 and 351:
DSA_set_default_method NAME Synopsi
- Page 352 and 353:
DSA_set_default_openssl_method() an
- Page 354 and 355:
DSA_sign NAME Synopsis 354 DSA_sign
- Page 356 and 357:
engine NAME Synopsis 356 engine - E
- Page 358 and 359:
ENGINE_LOAD_KEY_PTR ENGINE_get_load
- Page 360 and 361:
egistered into these tables to make
- Page 362 and 363:
if(!ENGINE_set_default_RSA(e)) /* T
- Page 364 and 365:
#define ENGINE_HAS_CTRL_FUNCTION10
- Page 366 and 367:
err NAME Synopsis 366 err - error c
- Page 368 and 369:
* Macros, structures and function p
- Page 370 and 371:
ERR_error_string NAME Synopsis 370
- Page 372 and 373:
HISTORY ERR_get_error(), ERR_peek_e
- Page 374 and 375:
ERR_load_crypto_strings NAME Synops
- Page 376 and 377:
ERR_print_errors NAME Synopsis 376
- Page 378 and 379:
ERR_remove_state NAME Synopsis 378
- Page 380 and 381:
EVP_BytesToKey NAME Synopsis 380 EV
- Page 382 and 383:
EVP_MD_CTX_init NAME Synopsis 382 E
- Page 384 and 385:
RETURN VALUES EVP_DigestInit_ex(),
- Page 386 and 387:
EVP_CIPHER_CTX_init NAME Synopsis 3
- Page 388 and 389:
EVP_DecryptInit_ex(), EVP_DecryptUp
- Page 390 and 391:
390 Null cipher: does nothing. EVP_
- Page 392 and 393:
* Bogus key and IV: we'd normally s
- Page 394 and 395:
EVP_OpenInit NAME Synopsis 394 EVP_
- Page 396 and 397:
EVP_PKEY_set1_RSA NAME Synopsis 396
- Page 398 and 399:
EVP_SealInit NAME Synopsis 398 EVP_
- Page 400 and 401:
EVP_SignInit NAME Synopsis 400 EVP_
- Page 402 and 403:
EVP_VerifyInit NAME Synopsis 402 EV
- Page 404 and 405:
HMAC NAME Synopsis 404 HMAC, HMAC_I
- Page 406 and 407:
lh_stats NAME Synopsis 406 lh_stats
- Page 408 and 409:
#define DECLARE_LHASH_DOALL_FN(f_na
- Page 410 and 411:
As an example, a hash table may be
- Page 412 and 413:
MD2 NAME Synopsis 412 MD2, MD4, MD5
- Page 414 and 415:
MDC2 NAME Synopsis 414 MDC2, MDC2_I
- Page 416 and 417:
NOTES Objects in OpenSSL can have a
- Page 418 and 419:
OpenSSL_add_all_algorithms NAME Syn
- Page 420 and 421:
RETURN VALUES Neither OPENSSL_confi
- Page 422 and 423:
OPENSSL_VERSION_NUMBER NAME Synopsi
- Page 424 and 425:
PEM NAME Synopsis 424 PEM - PEM rou
- Page 426 and 427:
PEM_write_bio_PKCS8PrivateKey_nid()
- Page 428 and 429:
Write a private key (using traditio
- Page 430 and 431:
PKCS12_create NAME Synopsis 430 PKC
- Page 432 and 433:
PKCS7_decrypt NAME Synopsis 432 PKC
- Page 434 and 435:
HISTORY PKCS7_decrypt() was added t
- Page 436 and 437:
When the signed data is not detache
- Page 438 and 439:
NOTES One application of PKCS7_NOIN
- Page 440 and 441:
440 1 A good hashing algorithm to m
- Page 442 and 443:
RAND_add NAME Synopsis 442 RAND_add
- Page 444 and 445:
RAND_bytes NAME Synopsis 444 RAND_b
- Page 446 and 447:
RAND_egd NAME Synopsis 446 RAND_egd
- Page 448 and 449:
RAND_load_file NAME Synopsis 448 RA
- Page 450 and 451:
NOTES As of version 0.9.7, RAND_MET
- Page 452 and 453:
RIPEMD160 NAME Synopsis 452 RIPEMD1
- Page 454 and 455:
The RSA structure consists of sever
- Page 456 and 457:
RSA_check_key NAME Synopsis 456 RSA
- Page 458 and 459:
RSA_generate_key NAME Synopsis 458
- Page 460 and 461:
value returned by RSA_get_ex_new_in
- Page 462 and 463:
RSA_padding_add_PKCS1_type_1 NAME S
- Page 464 and 465:
RSA_print NAME Synopsis 464 RSA_pri
- Page 466 and 467:
RSA_public_encrypt NAME Synopsis 46
- Page 468 and 469:
RSA_set_default_method NAME Synopsi
- Page 470 and 471:
} RSA_METHOD; 470 unsigned char *si
- Page 472 and 473:
RSA_sign_ASN1_OCTET_STRING NAME Syn
- Page 474 and 475:
SHA1 NAME Synopsis 474 SHA1, SHA1_I
- Page 476 and 477:
HISTORY SMIME_read_PKCS7() was adde
- Page 478 and 479:
CRYPTO_set_locking_callback NAME Sy
- Page 480 and 481:
HISTORY CRYPTO_set_locking_callback
- Page 482 and 483:
const UI_METHOD *UI_get_method(UI *
- Page 484 and 485:
des_read_password NAME Synopsis 484
- Page 486 and 487:
EXAMPLES Create an X509_NAME struct
- Page 488 and 489:
RETURN VALUES None. SEE ALSO ERR_ge
- Page 490 and 491:
for (i = 0; i < X509_NAME_entry_cou
- Page 492 and 493:
The fields XN_FLAG_FN_SN, XN_FLAG_F
- Page 494 and 495:
494
- Page 496 and 497:
d2i_SSL_SESSION NAME Synopsis 496 d
- Page 498 and 499:
498 ssl.h That's the common header
- Page 500 and 501:
500 int SSL_CTX_get_ex_new_index(lo
- Page 502 and 503:
502 int SSL_CTX_use_certificate(SSL
- Page 504 and 505:
504 int SSL_get_state(SSL *ssl); lo
- Page 506 and 507:
SEE ALSO openssl (1), crypto (3), S
- Page 508 and 509:
SSL_alert_type_string NAME Synopsis
- Page 510 and 511:
510 "DE"/"decode error" A message c
- Page 512 and 513:
512 Encryption method with number o
- Page 514 and 515:
SSL_COMP_add_compression_method NAM
- Page 516 and 517:
SSL_connect NAME Synopsis 516 SSL_c
- Page 518 and 519:
SSL_CTX_add_session NAME Synopsis 5
- Page 520 and 521:
SSL_CTX_ctrl NAME Synopsis 520 SSL_
- Page 522 and 523:
SSL_CTX_free NAME Synopsis 522 SSL_
- Page 524 and 525:
SSL_CTX_get_verify_mode NAME Synops
- Page 526 and 527:
WARNINGS If several CA certificates
- Page 528 and 529:
RETURN VALUES The following return
- Page 530 and 531:
SSL_CTX_sess_cache_full() returns t
- Page 532 and 533:
SSL_CTX_sess_set_new_cb NAME Synops
- Page 534 and 535:
SSL_CTX_sessions NAME Synopsis 534
- Page 536 and 537:
SSL_CTX_set_cert_verify_callback NA
- Page 538 and 539:
SSL_CTX_set_cipher_list NAME Synops
- Page 540 and 541:
540 0 A failure while manipulating
- Page 542 and 543:
chain (with the option to leave out
- Page 544 and 545:
int pem_passwd_cb(char *buf, int si
- Page 546 and 547:
is not resolved, the handshake will
- Page 548 and 549:
SSL_CTX_set_info_callback NAME Syno
- Page 550 and 551:
BIO_printf(bio_err,"%s:failed in %s
- Page 552 and 553:
SEE ALSO ssl (3), SSL_new (3), SSL_
- Page 554 and 555:
SEE ALSO ssl (3), SSL_read (3), SSL
- Page 556 and 557:
556 The user-defined argument optio
- Page 558 and 559:
558 Netscape-Enterprise/2.01 (https
- Page 560 and 561:
HISTORY SSL_OP_CIPHER_SERVER_PREFER
- Page 562 and 563:
SSL_CTX_set_session_cache_mode NAME
- Page 564 and 565:
SSL_CTX_set_session_id_context NAME
- Page 566 and 567:
SSL_CTX_set_ssl_version NAME Synops
- Page 568 and 569:
SSL_CTX_set_tmp_dh_callback NAME Sy
- Page 570 and 571:
} 570 switch (keylength) { case 512
- Page 572 and 573:
Using ephemeral RSA key exchange yi
- Page 574 and 575:
SSL_CTX_set_verify NAME Synopsis 57
- Page 576 and 577:
The certificate verification depth
- Page 578 and 579:
} 578 if (SSL_get_verify_result(ssl
- Page 580 and 581:
SSL_CTX_use_certificate_ASN1() load
- Page 582 and 583:
SSL_do_handshake NAME Synopsis 582
- Page 584 and 585:
SSL_free NAME Synopsis 584 SSL_free
- Page 586 and 587:
SSL_get_client_CA_list NAME Synopsi
- Page 588 and 589:
SSL_get_default_timeout NAME Synops
- Page 590 and 591:
590 The operation did not complete;
- Page 592 and 593:
SSL_get_ex_new_index NAME Synopsis
- Page 594 and 595:
SSL_get_peer_cert_chain NAME Synops
- Page 596 and 597:
SSL_get_rbio NAME Synopsis 596 SSL_
- Page 598 and 599:
SSL_get_SSL_CTX NAME Synopsis 598 S
- Page 600 and 601:
SSL_get_version NAME Synopsis 600 S
- Page 602 and 603:
SSL_load_client_CA_file NAME Synops
- Page 604 and 605:
SSL_pending NAME Synopsis 604 SSL_p
- Page 606 and 607:
RETURN VALUES The following return
- Page 608 and 609:
SSL_SESSION_free NAME Synopsis 608
- Page 610 and 611:
SSL_SESSION_get_time NAME Synopsis
- Page 612 and 613:
SSL_set_bio NAME Synopsis 612 SSL_s
- Page 614 and 615:
SSL_set_fd NAME Synopsis 614 SSL_se
- Page 616 and 617:
SSL_set_shutdown NAME Synopsis 616
- Page 618 and 619:
SSL_shutdown NAME Synopsis 618 SSL_
- Page 620 and 621:
SSL_state_string NAME Synopsis 620
- Page 622 and 623:
SEE ALSO ssl (3), err (3), SSL_get_
- Page 624 and 625:
RETURN VALUES The following return
- Page 626 and 627:
Data Structures and Header Files SS
- Page 628 and 629:
Data Structures and Header Files SS
- Page 630 and 631:
Data Structures and Header Files SS
- Page 632 and 633:
Data Structures and Header Files SS
- Page 634 and 635:
Data Structures and Header Files BI
- Page 636 and 637:
Data Structures and Header Files X5
- Page 638 and 639:
New and Changed APIs in OpenSSL 0.9
- Page 640 and 641:
New and Changed APIs in OpenSSL 0.9
- Page 642 and 643:
Open Source Notices Original SSLeay
- Page 644 and 645:
Index DH_new function, 337 DH_set_d
- Page 646:
Index SSL_set_verify_result functio