Just reply yes or no. If no, please clear my confusion...
DES-CBC3-SHA is using triple DES, yes?
DES-CBC-SHA is using DES?
Crispin
__
OpenSSL Project http://www.openssl.org
User Support Mailing
Hi !!!
How can I verify certificates in embedded environment ( files doesn't exist
there ) ?
I cannot load certs from the files but from the internal memory. I would
need the
simplest form for an example:
verify -CAcert CertBufCA CertToVerifyBuf
where -CAcert has the same role as -CAfile.
A
Hello,
I have an SSL client-server application in which the server
authenticates to the client sending its certificate in the SSL handsake,
but the client doesn't authenticates to the server.
Fo my SSL client-server aplication, I need that both authenticates each
other.
_
Hi. If you still want to hear...
Matti Niskanen wrote:
>
> The Linux server has only one IP address and servers for example
>
> www.domain1.com \
> www.domain2.com - virtual hosts on 1.1.1.1
> www.domain3.com /
>
> but is it possible to server as well SSL hosts
>
> admin.domain4.com \
> adm
Hi,
Im'm beginner in France but I know read the readme ... ;)
Check the file README.SSL, line 50: you must patch two include file
from openssl (crypt/rand/rand.h and crypto/rand/rand_egd.c) with the file
openssl-0.9.5a-egd.diff
I file-attach this two patched files if you want.
annyonghi kaseyo,
On Wednesday, August 2, 2000, at 05:08 PM, Michael Tuexen wrote:
> Dear opensslers,
> has someone compiled openssl compiled on MacOS X DR 4?
> Best regards
> Michael
Yep. I believe it's included in the Darwin CVS repository (Darwin is the
name for the base OS that Mac OS X sits on). There wa
Version is 0.9.5a; RedHat 6.0; using the command line provided on
Thawte.com's site:
./openssl genrsa -rand /dev/urandom -out cart.kloek.com.key 1024
This command has run for over two hours. System stays pegged the whole
time, but operable. Any idea why? Thanks!!!
___
Hi,
just hard to guess it..any example floating around?
thank you,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Ma
Is there a way to import a private key (plus certificate) generated with the
genrsa's OpenSSL application to a Windows 2000 Advanced Server machine (with
IIS 5.0).
The problem is we've generated some keys and certs for an Apache + OpenSSL
platform and now we need to move some of the services to a
You are not finding your crypto or ssl libs. Use a -L/usr/local/ssl/lib
or whatever that points directly to the location of the crytpo/ssl libs.
You may have to add a -lgcc depending on your platform.
> ±èº´°ü wrote:
>
> In my way
> tar -xvzf openssl-0.9.5a.tar.gz
> tar -xvzf patch-2.5.tar
On Mon, Aug 21, 2000 at 03:15:06PM +0300, Marko Asplund wrote:
> On Mon, 21 Aug 2000, Lutz Jaenicke wrote:
> > ...
> > The browsers don't have the slightest idea on the "server name". The only
> > reliable information is the URL. A hostname being obtained by DNS lookup
> > may already be faked by
In my
way
tar -xvzf
openssl-0.9.5a.tar.gz
tar -xvzf patch-2.5.tar.gz
tar -xvzf apache_1.3.12.tar.Z
tar -xvzf apache_1.3.12+ssl_1.41.tar.gz
and
In openssl-0.9.5a directory
./config
make
make test
make install
and
In patch-2.5 directory
./configure
make
make install
and
The answer to your question is 'yes'. The proxy service if designed
this way would require access to the client's private key.Why not
do what every other proxy service does, just proxy the raw bytes and
let the SSL/TLS connection be end to end through the proxy service.
> hello everyone.
>
I'm having a problem signing a server certificate request from an Oracle web
server. The problem is the organisationname field of the request is coming
in as T61STRING and therefore failing the mandatory o match I've set in my
openssl.cnf file even though it is correct when displayed as plain tex
hello everyone.
Sorry.
I noticed that this question was FAQ.
I should have used s_client.c and s_server.c sample codes.
then, I have one more question.
I am developping SSL proxy program.
This proxy has following functions.
1) proxy receives client certificate from client (browser).
2) with thi
On Mon, Aug 21, 2000 at 03:15:06PM +0300, Marko Asplund wrote:
> > The browsers don't have the slightest idea on the "server name". The only
> > reliable information is the URL. A hostname being obtained by DNS lookup
> > may already be faked by someone tampering with your DNS servers (or packets)
>From my experience with a Thawte certificate: I could use a
www.something.co.za certificate for
https, simap, spop and some other things as long as the name used by the
program requesting it, was www.something.co.za. The protocol and ports
did not matter at all.
Hope this helps.
Robert Sandilan
On Mon, 21 Aug 2000, Lutz Jaenicke wrote:
> ...
> The browsers don't have the slightest idea on the "server name". The only
> reliable information is the URL. A hostname being obtained by DNS lookup
> may already be faked by someone tampering with your DNS servers (or packets).
> A server name se
Certificate is an attribute that already exists in objects
inetOrgPersonas attribute userCertificate
strongAuthenticationUser as attribute userCertificate
For internet world, suggest you use
objectclass: Top
objectclass: person
objectclass: inetOrgPerson
Signed using a SecureNet MU
Hi,
> Marko Asplund [SMTP:[EMAIL PROTECTED]] asked:
[...]
> i'm a bit confused by this message. the common name field in the
> certificate signing request is CN=puppa.huuhaa.org. how can it be that
> browsers would give name mismatch warnings if the URL used is not
> https://puppa.huuhaa.org/? do
On Mon, Aug 21, 2000 at 12:55:42PM +0300, Marko Asplund wrote:
> i'm a bit confused by this message. the common name field in the
> certificate signing request is CN=puppa.huuhaa.org. how can it be that
> browsers would give name mismatch warnings if the URL used is not
> https://puppa.huuhaa.org/
Hello everyone,
I am now testing OpenSSL with sample program in openssl-0.9.5a.tar.gz .
These sample doesn't use client certificate.
So, I'd like to change client to send certificate to server.
I added following lines to cli.cpp.
-
#define HOME "./"
#define CERTF H
i just started the Thawte Server Cert Enrollment process on Thawte's web
pages (https://www.thawte.com/cgi/server/step1.exe). on the first page of
the enrollment process i cut and pasted the Certificate Signing Request.
on the second page of the enrollment i got puzzled by a piece of text
which s
[There is no reason to crosspost this to openssl-cvs.]
On Sun, Aug 20, 2000 at 06:45:10AM +0530, Vimalan.G wrote:
> OpenSSL self-test report:
>
> OpenSSL version: 0.9.5a
> Last change: Make sure _lrotl and _lrotr are only used with
> MSVC
> Options: no-asm -D_REENTRANT
> OS (u
Hello!
I am really new with programming with OpenSSL, and I have the following
problem. I hope somebody can help me.
I am working with OpenSSL version 0.9.5a, under windows 98. I am using
the borland c++ compiler version 5.5. I have taken the example sign.c
from the demo directory, and I have chan
Milan Durovic wrote:
> It crashes when it tries to do 'BIO_printf'.
>
> I suspect BIO module requires some
> setup, but I don't know what setup, and there's no documentation.
There is plenty of documentation available, both in the distribution and
on the OpenSSL homepage.
Your specific problem i
Hi all!
What's wrong with this program:
- start --
#ifdef __cplusplus
extern "C" {
#endif
#include
#ifdef __cplusplus
}
#endif
int main ( int argc, char* argv[] )
{
BIO *bio_err;
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_
here is complete email including the report for install error:
make atttempt then "make report" following.
[root@dialup-209 openssl-0.9.5a]# make
making all in crypto...
make[1]: Entering directory `/usr/local/openssl-0.9.5a/crypto'
( echo "#ifndef MK1MF_BUILD"; \
echo " /* auto-gene
tried to install openssl for licq and ./config worked fine but make
failed as below ( thanks for any help on this ):
[root@dialup-209 openssl-0.9.5a]# make
making all in crypto...
make[1]: Entering directory `/usr/local/openssl-0.9.5a/crypto'
( echo "#ifndef MK1MF_BUILD"; \
echo " /* aut
30 matches
Mail list logo
