Tags down


Different output by openssl

By : Chris
Date : July 31 2020, 07:00 PM
should help you out From the limited output that you provide, it does seem that your cert1.pem is of type X509v1. As such, its -text output does not contain the X509v3 extension that show up in your grep result for cert2.pem.
Some support for this hypothesis starts at the output for cert1.pem, which includes
code :
SSL client CA : Yes (WARNING code=3)
static int check_ca(const X509 *x)
    /* keyUsage if present should allow cert signing */
    if (ku_reject(x, KU_KEY_CERT_SIGN))
        return 0;
    if (x->ex_flags & EXFLAG_BCONS) {
        if (x->ex_flags & EXFLAG_CA)
            return 1;
        /* If basicConstraints says not a CA then say so */
            return 0;
    } else {
        /* we support V1 roots for...  uh, I don't really know why. */
        if ((x->ex_flags & V1_ROOT) == V1_ROOT)
            return 3;
         * If key usage present it must have certSign so tolerate it
        else if (x->ex_flags & EXFLAG_KUSAGE)
            return 4;
        /* Older certificates could have Netscape-specific CA types */
        else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA)
            return 5;
        /* can this still be regarded a CA certificate?  I doubt it */
        return 0;
        Version: 1 (0x0)

Share : facebook icon twitter icon

Linux/OpenSSL:Send find output to openssl

By : Manjunath
Date : March 29 2020, 07:55 AM
seems to work fine I am trying to send the output from the find command to OpenSSL in order to find out when certificates expire.
code :
find . -name \*.pem -type f -execdir openssl x509 -in {} -noout -enddate \;

C output differs from openssl output

By : Brian J Wikene Jr.
Date : March 29 2020, 07:55 AM
it fixes the issue The encryption key and IV are not actually text but binary data.
When you do the encryption on the command line, the -K and -iv arguments expect their input in hex.
code :
openssl aes-128-cbc -in text-in.txt  -K 30313233343536373839616263646546 -iv 31323334353637383837363534333231

Evaluate output of OpenSSL before parsing output

By : Zachariah Moreno
Date : March 29 2020, 07:55 AM
it helps some times If you capture the output of your command in a variable you can then validate it. Assuming this doesn't have to be a one liner:
code :
while read domain; do
  expiry=$(openssl s_client -connect ${domain}:443 -servername ${domain} 2>/dev/null </dev/null | \
    openssl x509 -noout -enddate 2>&1 | cut -d = -f 2)

  # validate output with date
  if date -d "${expiry}" > /dev/null 2>/dev/null ; then
    echo ${expiry} ${domain}
    echo "N/A" ${domain}
$ cat localdomains 
$ cat localdomains | ./check_cert_expiry.sh 
Aug 14 12:00:00 2019 GMT stackoverflow.com
N/A example.example
Feb 21 09:37:00 2018 GMT google.com

How can I create OpenSSL output that compares to OpenSSL C++ output to generate unit tests?

By : klickreflex
Date : March 29 2020, 07:55 AM
To fix this issue I figured it out. The problem was that I'm using the wrong command line parameter. It should be -K for the key, not -k. This is the correct format:
code :
printf '%s' '48656c6c6f20776f726c6421' | xxd -r -ps | openssl aes-256-cbc -iv 00000000000000000000000000000000 -K 0000000000000000000000000000000000000000000000000000000000000000 -nosalt | xxd -ps

Executing the openssl command with the c system function is different from executing the openssl command output on the t

By : Jitesh Mehta
Date : March 29 2020, 07:55 AM
hope this fix your issue The echo command has the problem that its behavior is not portable between different shells or environments. It is better to use printf instead, which is portable. In your case, replace the echo -n statement with printf, resulting in the following code:
code :
#include <stdlib.h>
int main() {
    system("printf this | openssl enc -aes-128-cbc -K 0 -iv 0 -base64");
$ gcc test.c -o test
$ ./test
Related Posts Related Posts :
Privacy Policy - Terms - Contact Us © voile276.org