I can't seem to find this in the openssl or stunnel docs- how do I
generate *client* certificates for stunnel? I already have the server
certificate (stunnel.pem). I assume it's done with openssl, but
documentation is pretty sketchy.
Regards,
Aaron Turner
--
Aaron Turner, CNE [EMAIL PROTEC
Dear OpenSSL Users,
Is there a CRL HOW-TO around somewhere?
While I can generate them, I confess to being
puzzled as to how CRLs are installed, communicated
and used in OpenSSL and Apache. If PKCSnn makes
this obvious, certainly I cannot find it.
Best regards and great appreciations for y
"Michal Trojnara" <[EMAIL PROTECTED]> ,in message , wrote:
> Stunnel 3.3 has been released.
URL please?
And, how does it compare to ssl-auth:
http://web.purplefrog.com/~thoth/netpipes/ssl-auth.html
Speaking of ssl-auth, I'm still hoping somebody who actually knows how to
use the SSL l
HI!
I want to create a CA hierarchy because I would like to simply transport
only one Root CA fingerprint out-of-band to the end entity (e.g. user) but
have still different CA policies and private keys.
But I have a strange problem with a one-level CA hierarchy and
Netscape Communicator:
I crea
Hello all;
New OpenSSL user here who's trying to get up to speed on the X509
component as quickly as possible ... also new to certificates ...
forgive the novice question.
I'm using X509_get_ext() and X509_EXTENSION_get_data(ext) in an attempt
to get the basic constraints extension and determine
Hi,
I have a problem with openssl-0.9.[0123] on WinNT 4.0 SP3.
I compiled it using VC-6 (and also mingw32) and so far
there were no problems. I even managed to compile and
install the Net:SSLeay package for Perl.
However, I cannot connect to a SSL server properly (neither
using 'openssl s_client
Stunnel 3.3 has been released.
News:
Support for openssl 0.9.3 added.
Generic support for protocol negotiation added (protocol.c).
SMTP protocol negotiation support for Netscape client added.
Transparent proxy mode (currently works on Linux only).
SO_REUSEADDR enabled on liste
Steffen Dettmer wrote:
>
> > > > I'm trying to download my certificates (done with openSSL) into
> > > > Netscape 4.x (I've tested on 4.5 4.51 4.6 :-)) through a web server
> > > > using the MIME type "application/x-x509-email-cert", [...]
> > > > The certs are in PEM format [...]
> > >
> >
Holger Reif wrote:
>
> Michael Stroeder schrieb:
> >
> > Song wrote:
> > >
> > > Ben Laurie wrote:
> > > >
> > > > It was my vague impressions that crypto/pkcs7/verify should do the job
> > > > (if it works).
> > > >
> > > Yes, it works. Below is my result:
> > >
> > > %cd crypto/pkcs7
> > > %mak
Hello Bodo,
thanks for your explanation.
> > I'm studing VerifyCallback from file ./apps/s_cb.c. I see, that there
> > is code for handling X509_V_ERR_CERT_CHAIN_TOO_LONG error. In OpenSSL
> > api I find functions f_SSL_CTX_get_verify_depth(),
> > f_SSL_CTX_get_verify_depth()
> You mean SSL_CTX_
Don't panic today when www.openssl.org or www.modssl.org is not accessible.
I'm currently updading the webserver installation. Just be patient...
Ralf S. Engelschall
[EMAIL PROTECTED]
> > > I'm trying to download my certificates (done with openSSL) into
> > > Netscape 4.x (I've tested on 4.5 4.51 4.6 :-)) through a web server
> > > using the MIME type "application/x-x509-email-cert", [...]
> > > The certs are in PEM format [...]
> >
> > Convert them into DER (using the -
12 matches
Mail list logo
