In message <[EMAIL PROTECTED]>, Ben Laurie writes:
>
> I seem to remember that PKIX decided that <50 was 20xx and >50 was 19xx
> (I know I've left out 50, I can't remember which way it went) and that
> we should use 4 digit in all new stuff.
Not quite.
After the usual Huge Argument, It was dec
Greetings,
FYI the relevant sections of RFC2459 are:
"CAs conforming to this profile MUST always encode certificate
validity dates through the year 2049 as UTCTime; certificate validity
dates in 2050 or later MUST be encoded as GeneralizedTime."
and...
"For the purposes of this pro
>> At least the first time you download it, perhaps you
>> don't have any X.509 software to verify it with?
>
>More specifically, you can't use SSLeay to verify it's own signature, since
>you can't trust the code until after the signature has been verified. If I've
>modified the code to to bad thi
Russell Selph wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Actually, as far as I can tell, it's an ASN.1 problem. (And therefore an
> X.509 problem.) It looks like the ASN.1 UTCTIME type only supports two
> digit years. OPENSSL makes the assumption that any year less than 70
Hello everybody,
To my amazement during an extensive investigation of my internetbanking
software (of a major bank in Belgium), I found out that through
several layers of libraries they use SSLeay 0.8.1.
I reread the licence of SSLeay and then the marketing material
which came with this internet
I have installed openssl and Net::SSLeay, but my
Solaris 2.6 platform does not have /dev/random or /dev/urandom. Is there
any way that I can still seed the RNG without these tools?
Pavan W.B. AumanSoftware
EngineerMarketPlace.Net, Inc.http://www.stockmaster.com
> Actually, as far as I can tell, it's an ASN.1 problem. (And therefore an
> X.509 problem.) It looks like the ASN.1 UTCTIME type only supports two
> digit years. OPENSSL makes the assumption that any year less than 70 is
> in the range 2000-2069, while any year greater than 69 is in the range
UTCTime's are two-digit years.
GENERALIZED time's are four-digit years.
The X509 data structures are generally a Time, which
is a CHOICE of either two; the IETF PKIX profile
specifies that 50-99 are 1900, 00-49 are 2000.
Stephen is adding support for all this to the
code base (and is basically don
The x.509 definition allows either UTCtime or GeneralizedTime.
GeneralizedTime supports a 4-digit year. The usual understanding is that
2-digit years in the range 50-99 should be interpreted as 1950-1999 and the
range 00-49 as 2000-2049. This is documented in RFC2459 "Internet X.509
Public Key I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Actually, as far as I can tell, it's an ASN.1 problem. (And therefore an
X.509 problem.) It looks like the ASN.1 UTCTIME type only supports two
digit years. OPENSSL makes the assumption that any year less than 70 is
in the range 2000-2069, while a
Wow wow wow
This seems to be exactly what I was looking for - free SSL for java.
Do you support (or plan to support) also SSLeay-0.9.0b or OpenSSL ?
Is it problem to establish some cooperation between these two project?
Martin Kuzela
Andrei Popovici wrote:
> Hello everybody,
>
> I just finis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aha! I see the problem: During Config, I get this error:
making links in crypto/pem...
make[2]: Entering directory `/var/local/rselph/openssl/work/openssl/crypto/pem'
cc -I.. -I../../include -g -c ctx_size.c -o ctx_size.o
make[2]: cc: Command no
Erwann ABALEA writes:
>
> On Thu, 4 Mar 1999, Wade L. Scholine wrote:
>
> > I am trying to use s_server -Verify to learn some stuff about client
> > authentication. I'm using Netscape 4.5 as a client, and I
> have a couple of
> > free certs from Entrust and Verisign. When I try to connect
> to
Check out the http://www.globus/org
Get the source and in src gssapi_ssleay/sslutils.c
You can also see this in the sslk5 :
ftp://achilles.ctd.anl.gov/pub/kerberos.v5/sslk5.x.tar
The sslutils.c is in the tar file.
[EMAIL PROTECTED] wrote:
>
> I would like to add crl checking in a program
In message <[EMAIL PROTECTED]>, Magnus Stenman writes:
>
> At least the first time you download it, perhaps you
> don't have any X.509 software to verify it with?
More specifically, you can't use SSLeay to verify it's own signature, since
you can't trust the code until after the signature has be
Hello,
I think it is not problem only for SSLeay or OpenSSL. It is problem for
MSIE and Netscape too.
Yuriy Stul.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Axel Findling
> Sent: Tuesday, March 09, 1999 3:03 PM
> To: [EMAIL PROTECTED]
> Sub
Hello,
the certificat-dates (expiring and revokation) in the file
index.txt have only 2 digits for the year.
example:
V 001231171617Z 00
R 991231171617Z 990308171617Z 01
...
I don't think that's fine - but is it a Y2k-problem in
OpenSSL0.9.1c(patc
On Tue, Mar 09, 1999 at 09:32:45AM +0100, Michael Hallgren wrote:
> On Mon, Mar 08, 1999 at 11:35:27PM +0100, Erwann ABALEA wrote:
> > On Mon, 8 Mar 1999, J. Andres Hall wrote:
> >
> > > >> Not much of one, of course, since whoever modified it could also modify
> > > >> the MD5!
> > > >
> > > >Co
J. Andres Hall wrote:
>
> >>> This is an MD5 hash/checksum taken on the file openssl-0.9.1c.tar.gz and it
> >>> has nothing
> >>> to do with your compilation problems... It's a kind of guarantee that the
> file
> >>> hasn't been
> >>> modified.
> >>
> >> Not much of one, of course, since whoever
Russell Selph wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Just a quick build nit-pick: when you do "make links" to set up the
> includes directory, it misses the files pem.h and pem2.h. It's easy
> enough to fix by hand, but someone might want to patch up the makefile for
>
Hello everybody,
I just finished a complete Java & JNI implementation for SUN's SSL reference
API using the old incarnation of OpenSSL (SSLeay 0.8.1). The comments
are a little bit out of date, since I wrote that code for my diploma
thesis.
Btw, its free, You can get it at
http://sponsor.iti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Sir/Mdm,
I'll a student from UPC, and I'm currently researching on ways of
implementing Smart Card solution to Information System.
As SSL is widely been used in web browser, I believe this is a good
area of
looking into. Since then, I'm writing
On Mon, Mar 08, 1999 at 11:35:27PM +0100, Erwann ABALEA wrote:
> On Mon, 8 Mar 1999, J. Andres Hall wrote:
>
> > >> Not much of one, of course, since whoever modified it could also modify
> > >> the MD5!
> > >
> > >Correct, the MD5 is actually intended to just let people quicky check wheter
> > >
23 matches
Mail list logo
