agray wrote:
>
> >I intend to ultimately use SNACC as a compiler but using its template
> >output as the input to a converter to OpenSSL template format.
>
> yea - the one i noticed was the bitstr start. I'm having a hell of a
> time doing cvs updates recently - very poor connexns from home.
>
>I intend to ultimately use SNACC as a compiler but using its template
>output as the input to a converter to OpenSSL template format.
yea - the one i noticed was the bitstr start. I'm having a hell of a
time doing cvs updates recently - very poor connexns from home.
have you started this - i.e.
Following the various FAQ's, getting certs into MSIE5 is not a problem.
However, when doing "verify" of a cert signed by my own CA, I am being
told that the CA (which I created myself) has no CRL and the cert does
not verify.
If it makes any difference, I'm importing certs into MSIE5 as .der fil
agray wrote:
>
> >2 or 3
>
> your time of course ;-)
>
> > And in any case, I personally wouldn't trust a shared OpenSL library
> > just yet. There are just too many things that are about to change...
>
> i've seen - i'm playing hell on keeping up on what's going on. You and
> Geoff on the
Perusing through the OpenSSL documentation, I've noticed that there appear
to be several ways to handle the situation where you want to have multiple
values for the same key. For instance, I'm trying to define a section which
contains all the known CA's (instead of just relying on the `default_ca
>2 or 3
your time of course ;-)
> And in any case, I personally wouldn't trust a shared OpenSL library
> just yet. There are just too many things that are about to change...
i've seen - i'm playing hell on keeping up on what's going on. You and
Geoff on the engine work as well as Steve starti
Steven Adams wrote:
>
> Hi all,
>
> I'm new to openSSL, and have what I hope is a simple question. I've
> searched the list archives for an answer but didn't immediately see anything
> appropriate.
>
> Given a Microsoft CryptoAPI private key blob, what is the easiest way to
> convert it to an
Hi all,
Is there a method provided of couse by Openssl to generate certificate
serial number that are unique?
thanks
Kind regards
Sebastiano Di Paola
__
OpenSSL Project http://www.openssl.org
User S
Always watch for -shared and the -expect_unresolved "*" for DigUnix ld
options. I was building api libraries against ssleay for Netscape
server 1-->2.x along time ago (3-5 yrs ago) and as i remember this was
necessary.
> I'm now pressing ahead on building OpenSSL/Apache/Mod_SSL *with* DSO Apache
Many thanks to Richard and Andrew, who explained a DigUnix box's behaviour
magnificently, and also to a bunch of other folks who emailed me direct to
explain the "-fPIC" stuff (which I now know is not relevant to DigUnix - it
generates relocatable code anyway).
I'm now pressing ahead on building
Hi all,
I'm new to openSSL, and have what I hope is a simple question. I've
searched the list archives for an answer but didn't immediately see anything
appropriate.
Given a Microsoft CryptoAPI private key blob, what is the easiest way to
convert it to an OpenSSL EVP_PKEY structure?
If it help
Hi Dave,
I had collect some docu on my server.
I hope you found the right docu.
www.pseudonym.org/ssl/ (klick around)
hirntod
On Thu, 13 Jul 2000, Hubbard, David wrote:
> Hi all,
> does anyone have some instructions or links to
> documentation on how I can sign NT/IIS generated
> csr's
Hi
it sound like
you have to change you policy option in you openssl.cnf.
hope that short info help.
hirntod
On Wed, 12 Jul 2000, Hubbard, David wrote:
> Hi all,
> I host a few different domains on a linux box running
> openssl and using apache/mod_ssl as the web server. I have set
>
From: agray <[EMAIL PROTECTED]>
agray> Richard's spot on here. (he usually is, btw)
*pu*
agray> Always remember anything originating from, named like, "OSF"
agray> (my ex-employer) will have "anomolies". (DigUnix=OSF/1)
Heh...
[...]
agray> some thoughts and an outcome should be put onto d
Fine !
Can you send the part of the sourcecode which you make the client req.
Lot of thanks,
hirntod
On Mon, 10 Jul 2000, Wendy Breu wrote:
> Hi there,
>
> I did something similar via a tk/expect script to generate a certificate
> request.
> A user would enter all necessary info for a Dist
Boyce, Nick wrote:
>
> Richard Levitte wrote :
>
> > nick.boyce> But what I don't understand is why you're talking about a
> > nick.boyce> problem with "-fPIC" when my compilation objected to
> > nick.boyce> "-std1" ...
> >
> > Ah. Well, I'll do some qualified guesses: suppose that the command
Pete Chown <[EMAIL PROTECTED]> writes:
> Eric Rescorla wrote:
>
> > SHA-1 is only 2^80 strong against birthday attack. If you
> > go around using SHA-1 or worse yet MD5 to sign stuff then
> > using a private key of size > 1024 is only of limited value.
>
> If you want to forge a signature, you
From: "Boyce, Nick" <[EMAIL PROTECTED]>
nick.boyce> Words fail me ... and this is a commercial big-bucks Unix ...
nick.boyce> Thanks for the analysis.
Heh.
nick.boyce> Erm ... I need to find a way forward on this.
Didn't you already? Just avoid using -fPIC on True64. Ah, yes, I
forgot to ans
From: Douglas **UNKNOWN CHARSET** <[EMAIL PROTECTED]>
Note: for another example of the use of X509_STORE_CTX and certificate
verifying, look at ssl_verify_cert_chain in ssl/ssl_cert.c.
douglas> 1) In apps/verify.c this function is used, what is the _purpose_ of it?
douglas> X509_STORE_CTX_set_pu
Richard Levitte wrote :
> nick.boyce> But what I don't understand is why you're talking about a
> nick.boyce> problem with "-fPIC" when my compilation objected to
> nick.boyce> "-std1" ...
>
> Ah. Well, I'll do some qualified guesses: suppose that the command
> line parser in ld is the stupid k
From: "Boyce, Nick" <[EMAIL PROTECTED]>
nick.boyce> Richard> If you check the manual for ld, you'll probably
nick.boyce> Richard> find a few lines about '-f fil', where the
nick.boyce> Richard> filling is expected to be a 4-byte hex constant.
nick.boyce>
nick.boyce> Well you're quite right; the
Hello!
Thank you both Richard and Mark. Having stored (a CA-cert, a cert
certified by the CA-cert, some data, and a signature of the data using
the cert), I wanted to verify that I really did store all of this
correctly. (clearly I do not store multiple copies of the certs). A
4-tuple like the on
I got two replies :-
Richard Levitte said :
Richard> Well, it looks like Compaq C will just ignore -fPIC when it
compiles,
Richard> and try to pass it on to ld when linking is going on. However,
Richard> there's no support for -fPIC anywhere in True64.
[ Thanks Richard: I have no idea *what*
On 13 Jul 2000 09:35 George Xu wrote :
> I Compiler the openssl-0.9.5a in Alpha Digital Unix4.x.But It appear some
errors .
> These are errors messages :
>
[snip]
> make[1]: Entering directory `/usr/users/george/soft/openssl-0.9.5a/apps'
> rm -f openssl
> cc -o openssl -DMONOLITH -I../include
From: Douglas **UNKNOWN CHARSET** <[EMAIL PROTECTED]>
douglas>/* this is where I am confused, From reading ariels "manuals" I get the
douglas> impression that I should create a X509_STORE that contains the ca-cert.
douglas> Then I should init the X509_STORE_CTX with this and also an
dougl
hello!
Suppose that I have a CA-cert A and a cert B that is signed by the
public key of A. I am trying to figure out how to verify that B is
certified by A:
This is what I got so far (which I clearly havent compiled yet :-)
/* load the cert (this works just fine) */
fp = fopen(argv[2]
Dr Stephen Henson Thank you a lot for your help again and again.
I just want to say that your solution solve the probelm.
And indeed our attempt to call SSL_read() in the server gives
us an error -1 and we handled all ssl_error the same way.
So we changed it and it works.
So Thank you again,
P
Two suggestions:
1) The IIS expects the certificate to be PEM encoded (DER is not accepted).
2) I'm not sure on this one, but I think that your Windows NT must know the
root certificate of the CA that signed the certificate, before you can store
the certificate in the IIS.
Regards,
Kim hellan
KMD
Hi all,
does anyone have some instructions or links to
documentation on how I can sign NT/IIS generated
csr's with my Linux based OpenSSL? I generated the
request in IIS, did what I thought would sign and
generate the certificate, but then IIS just said that
what I was bringing back to it
..switched to openssl-users as this really isn't a dev question..
..cc of author as well..
> I have downloaded openssl-0.9.5a.tar.gz and I can't open it. I get
> the
> error message :
> "error reading header after processing 0 entries".
this usually occurs when you download as ascii as opposed t
olgap wrote:
>
>
>
> We would like to use the library openSSL 0.9.5 to generate certificates X.509.
> We'd like to do this using our own algorythms of symmetric encryption, hashing
> and digital signature.
> Does this library support usage of third-party algorythms? If not, do you plan
> to add
31 matches
Mail list logo
