I am trying to find the best way to let IE/Netscape to accept our CA,
But even the certificate can be embed to next version IE/Netscape, all
end-user that use our certificate must upgrade their broswer too! It's
too hard. Maybe the best way is only to use default CA's certificate
like Verisign, T
Does anybody now how to make openSSL read
certificates and keys created =by IAIK?I think they might implement
different OIDs. OpenSSL cannot seem to recognize
my Iaik Private Key.
Please Help?
Derek DeMoroChief Technical
OfficerBallotDirect(650) 799-8490
One
more thing...I also tried adding lock callbacks to make sure its not a threading problem. Made no
difference (was getting lock requests as I should, and only from a single
thread as expected).
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of S
Does anyone have the URL for how Netsape and/or MSIE validate or
test then accept a CA for inclusion in their web browsers?
I tried a lot of combinations on some search engines and hit a blank
I am thinking about trying the phone and calling Redmond Washington and
California to ask, but expect
"Steve Bazyl" <[EMAIL PROTECTED]> writes:
> [1 ]
> We're having a really strange problem with the openssl crypto library -- it
> keeps segfaulting down in SHA1_Update when called from an NSAPI plugin
> (running in NES 3.6).
>
> I've tried building the library with optimizations off and all that
We're having a
really strange problem with the openssl crypto library -- it keeps segfaulting
down in SHA1_Update when called from an NSAPI plugin (running in NES 3.6).
I've tried building
the library with optimizations off and all that fun stuff, and have run the test
suite which it pa
>
> If users accept certificates without some independent way of verifying
> the identity of the signer, then this obviates the entire point of
> certificates, which is to prevent active attack on the connection.
> The vast majority of the complexity of SSL is there to prevent
> active attack. B
"Leland V. Lammert" <[EMAIL PROTECTED]> writes:
> At 03:09 PM 6/12/00, you wrote:
> >Interesting... I don't quite understand what the preloaded root certs
> >have as extra value.
>
> The ONLY reason for e-commerce folks to sign up with a Root Cert CA
> (like Verisign or Thawte) is to prevent th
At 03:09 PM 6/12/00, you wrote:
>Interesting... I don't quite understand what the preloaded root certs
>have as extra value.
The ONLY reason for e-commerce folks to sign up with a Root Cert CA (like Verisign or
Thawte) is to prevent the nasty messages when a user initiates an SSL connection.
O
Does anybody now how to make openSSL read
certificates and keys created by IAIK?
I think they might implement different
OIDs.
Please Help?
Derek DeMoroChief Technical
OfficerBallotDirect(650) 799-8490
SSL_shutdown() sends a message to the peer, indicating that the session is
over. If you do SSL_clear() and try to reuse the same SSL structure for
another session, note that you do need to do a SSL_shutdown() to the peer
before that.
SSL_set_shutdown() turns on something called a "preemtive" shut
If you are talking abt reusing SSL structures, you can do
SSL_clear(sslp) and SSL_set_session(sslp, NULL) to try and reuse the old
session. This way, you need not free(). It worked for me. Same holds for
SSL_accept. The only caveat is that you need to use the same method (SSLv23,
SSLv3 etc.) as be
On Tue, 13 Jun 2000, Dr Stephen Henson wrote:
> [EMAIL PROTECTED] wrote:
> >
> > Hello and thanks for reading this:
> >
> > I use OpenSSL 0.9.5a, Red Hat Linux 6.2, Intel platform.
> >
> > I'm trying to produce PKCS#12 files to be able to keep the all generation
> > process under my control an
Hi,
Can someone tell me what the routines in the above are for ?
I can see that if I call SSL_free without calling SSL_set_shutdown before,
it frees all the sessions list in the general context (SSL_CTX) and I
can't do reuse. If I call SSL_set_shutdown then everything seems to be ok.
I don't un
[EMAIL PROTECTED] wrote:
>
> Hello and thanks for reading this:
>
> I use OpenSSL 0.9.5a, Red Hat Linux 6.2, Intel platform.
>
> I'm trying to produce PKCS#12 files to be able to keep the all generation
> process under my control and to distribute only one file (BTW: why is it
> taken for such
Hi,
My application calls directly the following functions in OpenSSL:
* EVP_CipherInit/Update/Final, etc..
* PEM_read_PrivateKey, PEM_read_X509, etc...
In a multithreaded context, do these calls need to be encapsulated by calls
to CRYPTO_lock? I happen to have transient failures:
* EVP_Decrypt
On Tue, 13 Jun 2000, Douglas [iso-8859-1] Wikström wrote:
> What you are saying is that I am free to buy stuff on the internet,
> sending the seller my creditcard number, and then tell the Bank it was
> not me. Given the following attack scenario I cant believe that is the
> case:
>
Yup. If yo
Hello and thanks for reading this:
I use OpenSSL 0.9.5a, Red Hat Linux 6.2, Intel platform.
I'm trying to produce PKCS#12 files to be able to keep the all generation
process under my control and to distribute only one file (BTW: why is it
taken for such a security bug?). I do it the following
Hi to all,
Do I have to use the SSL_free (SSL *s) routine after every call to SSL_new
(SSL *s) which allocates memory for the
SSL structure upon every connection ?
If I use the SSL_free routine it seems to free the session context and I
can't do reuse in the next connection.
I tried to use the s
Hello!
> > 4. At the practical and everyday level, we can be pretty sure that the
> > certs delivered with Netscape and IE are OK. If we go to some fairly
> > well-traversed public site using one of these certs, some red flags will
> > go up when the you get signature mis-matches... That will t
On Tue, Jun 13, 2000 at 04:01:50PM +0200, Richard Levitte - VMS Whacker wrote:
> I don't currently recall the drafts and RFC's describing this, but I'm
> sure that you can find them all in the Security Area of IETF
> (http://www.ietf.org).
The relevant document is
http://search.ietf.org/interne
Hi,
in short:
using SSL you have two parts of encryption:
first a public/secret key system (asymmetric cryptographie) is used to
establish a connection and to agree for a common secret key.
When both parties have agreed to that common secret key (which is, in
short, encrypted with the public keys
From: Emili Sanroma - RI <[EMAIL PROTECTED]>
Emili.Sanroma> Is it possible to connect to a FTP server using a
Emili.Sanroma> ftps://server.ftp.org URL for netscape or explorer?
Emili.Sanroma> It will be a good chance to connect to our file server
Emili.Sanroma> (ftps:[EMAIL PROTECTED])
As far a
Is it possible to connect to a FTP server using a
ftps://server.ftp.org URL for netscape or explorer?
It will be a good chance to connect to our file server
(ftps:[EMAIL PROTECTED])
We use linux servers with ssl & ssh telnet.
What package my I install?
Please, reply to [EMAIL PROTECTED]
On Mon, 12 Jun 2000, Yuji Shinozaki wrote:
> I think the problem is multi-leveled:
>
>
> 4. At the practical and everyday level, we can be pretty sure that the
> certs delivered with Netscape and IE are OK. If we go to some fairly
> well-traversed public site using one of these certs, some
hi,
You know that OpenSSL supports DES for encryption of
data.So if you want to establish a communication link
between client & server then you must use a secret
key.
Now my question is,What the certificate contains?
I mean what public keys it contains & for what purpose
they can be used?
Could
Hi Philip
Just searched the archives and found your message. I had the same problem,
and submitted a patch, not long ago. I also have another 64 bit related
patch. Both are included below
--
Karsten Spang
Senior Software Developer, Ph.D.
Belle Systems A/S
Tel.: +45 59 44 25 00
Fax.: +45 59 44
Hi!
I was wondering if someone could help me out on a
crypto-related question;
I want to encrypt short strings (passwords, actually)
and be able to decrypt them later.
I only have access to Perl, and its MD5 and crypt (3des?),
and do not want to rely on any non-standard Perl modules.
To just u
Richard Levitte - VMS Whacker wrote:
>
>
> Oh, what a beautiful mixup I did there between server and client
> certs! Even got myself confused :-). However, the fact still
> remains, there's no trust path of value to me, the value of certer
> certs in themselves is more or less none, except to
Hello ALL,
I am working on writing an SSL Client. My client code just supports the
elliptic curve algorithm( no RSA ).I have not used openssl for writing this
client but have used a third party library.Unfortunately, there is no
support for RSA in the client.
I need a pop/smtp/imap SSL server
Hi,
Could someone please explain the following to me:
1) Is bio blocking i/o. If so why and when do you use it.
2) When do you use straight SSL_read/SSL_write and is this non-blocking?
3) If 2 is non-blocking, can I use select to read/write?
4) Say I want to write an SSL client that will commu
31 matches
Mail list logo
