Hi all,
Does the function SSL_CTX_load_verify_locations() only work with
certificates in the PEM format? I converted a previously working
certificate into the DER format but my client program (based on cli.cpp)
failed to work.
Is there any workaround? Thanks.
Regards,
Michael Lee
__
Mike Zeoli wrote:
>
> Hello Everyone,
>
>
>
> As stated before, this same certificate chain gets verified just fine when
> doing server authentication only.
>
> I have debugged into the library and know the following additional
> information:
> - In x509_vrfy.c:check_chain_purpose(), in the s
Hello:
I'm new to OpenSSL, I've started playing with the functions in the
Crypto library and the DSA signature functions. My question is how do
you extract the private and public keys from a DSA structure?.
Thanks,
Darío
Hello Everyone,
I have a chain of version 1 certificates. "Root CA" signs "Intermediate
CA", which signs "client1" and "server1" certificates.
I also have two example client/server pairs. The first example only does
server authentication. The other example does both client and server
authen
On Mon, Aug 28, 2000 at 04:04:00PM -0500, Glenn Carr wrote:
> I'm curious if anyone knows how commercial browser clients (IE, Netscape,
> Opera, etc.) seed their PRNGs? Anyone know or have any guesses?
The code that Netscape developed to seed their PRNG after
their Great Random Number Debacle in
Your are right, anyway export restrictions have been almost removed or
heavy modified and maybe we are going off topic :-)
Pietro
> "[EMAIL PROTECTED]"<[EMAIL PROTECTED]> writes:
>
> > there has been a generation of browsers supporting SSLv3 AND USA
export
> > restrictions as well: they where
"[EMAIL PROTECTED]"<[EMAIL PROTECTED]> writes:
> there has been a generation of browsers supporting SSLv3 AND USA export
> restrictions as well: they where able to generate RSA keys limited to
> 512 bit length and simmetric key up to 40 bits (upgraded to 56
> recently). Using such a netscape f
there has been a generation of browsers supporting SSLv3 AND USA export
restrictions as well: they where able to generate RSA keys limited to
512 bit length and simmetric key up to 40 bits (upgraded to 56
recently). Using such a netscape for example you were able to import a
PKCS12 file contai
Thanks
It's working fine
"[EMAIL PROTECTED]" wrote:
> I don't know what CA.pl -pkcs12 does nor what it does expect. Anyway, if
> you simply need to create a PKCS12 file to import in netscape you need
> at least the file containing the private key (say for example
> newkey.pem) and the one with yo
I don't know what CA.pl -pkcs12 does nor what it does expect. Anyway, if
you simply need to create a PKCS12 file to import in netscape you need
at least the file containing the private key (say for example
newkey.pem) and the one with your certificate (say newcert.pem). If you
also have your C
I'm curious if anyone knows how commercial browser clients (IE, Netscape,
Opera, etc.) seed their PRNGs? Anyone know or have any guesses?
Thanks,
Glenn
__
OpenSSL Project http://www.openssl.org
Us
Rich Salz <[EMAIL PROTECTED]> writes:
> > The certificate has no effect on the type of symmetric encryption that SSL
> > negotiates.
>
> Except that if you have to support older "export-strength crypto"
> browsers, then you can only have a 512bit key.
Only REALLY REALLY old browsers that only su
Two common cert request formats are PKCS#10 and Netscape's SPKAC, which
is the "Signed public key and challenge." The challenge is primarily
to support completion of an enrollment/certification process when the
cert is retrieved OOB (cf. Verisign's enrollment process in which the
binding of the
On Wed, Aug 23, 2000 at 10:03:42AM +0530, Amit Chopra wrote:
> Steve mentioned that the size of the memory BIO can grow indefinitely
> until memory allocations fail. I assume what he is referring to is that
> when BIO_write is called a reallocation is done if the data to be
> written is more th
I was under the impression that the signature is the public key
signed by my private key. So, am I wrong about the signature or
does the CA actually do both?
--Moses
-Original Message-
From: Rodrigo Coronado [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 22, 2000 1:54 PM
To: [EMAI
>> Another one problem exists: the very first run of PRNG use only half
>> of that hash that cuts the search space half. That is, even properly
>> seed PRNG(several hundreds of bytes) will output first
>> MD_DIGEST_LENGTH/2 bytes subject to search-it-all attack with search
>> space MD_DIGEST_LENGT
> The certificate has no effect on the type of symmetric encryption that SSL
> negotiates.
Except that if you have to support older "export-strength crypto"
browsers, then you can only have a 512bit key.
__
OpenSSL Project
Ah, great! I was hoping that it would that simple and cost effective! :)
- Will
"Leland V. Lammert" wrote:
> At 10:37 AM 8/28/00 -0500, you wrote:
> >Quick question.
> >
> >We are getting ready to do some major upgrades on our network, thus
> >moving everything off the old. How would I go abo
At 10:37 AM 8/28/00 -0500, you wrote:
>Quick question.
>
>We are getting ready to do some major upgrades on our network, thus
>moving everything off the old. How would I go about transfering our
>digital certificates, ect. from one server to another?
>
>The reason I ask is that we use Verisign an
I think you could try this:
Extract *.o files in the static library with
ar -x libssl.a
Then link them again with:
ld -rpath "/usr/local/ssl" -shared -o libssl.so *.o
The command "file libssl.so" reports then:
libssl.so: ELF 32-bit LSB shared object, Intel 80386, version 1, not
stripped
so
Quick question.
We are getting ready to do some major upgrades on our network, thus
moving everything off the old. How would I go about transfering our
digital certificates, ect. from one server to another?
The reason I ask is that we use Verisign and I've heard from
"unreliable" sources that w
On Mon, Aug 28, 2000 at 09:15:25AM +0300, Wirta, Ville wrote:
>
>
> -Original Message-
> From: Eric Murray [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 25, 2000 10:04 PM
> To: [EMAIL PROTECTED]
> Subject: Re: I'm still so very confused about certificates
>
> >The certificate has no
> -Original Message-
> From: Miha Wang [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 24, 2000 12:55 PM
> Actuall, my server is apache 1.3. The KeepAlive is on. By default,
> It should be persistent connection without asking for Keep-Alive.
> However, it does not work with either SS
You need to do a little more reading...
Sure you can 'rename' it, but that won't do you any good...
Anything with a '.so' extension is a shared library, and must be
compiled as such.
My .02...
Howard wrote:
>
> ÄãºÃ£¡
>
> I find "libssl.a" and "libcrypto.a" in the path "/usr/local/ssl/lib/"
Hi,
I'd prefer mod_ssl over Apache-SSL patch.
For an inside view how to use SSL with Apache and mod_ssl
see the mod_ssl manual or some helpful links at Apache.org.
Cheers, Arne
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Im Auftrag von Jatin Kochhar
Gesen
Hi,
We (Intelesoft Technologies Ltd.) are a software development company in
india.
We are providing software solutions to both indian as well as
intenational clients.
We are implementing e-commerce for few of our clients.
The project is being developed using Apache webserver version 1.3.12.
Now
Hi tk,
I simply echo "password" as follows
8<--(snip)-
#!/bin/sh
echo "mysecretpassword"
8<--(snap)
Cheers, Arne
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Im Auftrag von tk dev
Gesendet: Montag, 28. August 2000 11:01
An: [EMAIL P
hi arne,
yes, u've been a great help.
how do u write the script that gives password? i've
tried to look for pp-filter(stated in modssl
guide)-unfortunately i can't find it. can u give me a
sample pls?
thanks.
tk
> It will the ask for the private key protection
> password
> if
Hi,
You need some random numbers! Solaris does not come with /dev/urandom,
get it here.
http://www.cosy.sbg.ac.at/~andi/
works for me
siva kumaran wrote:
>
> hi,
>
>I faced a problem when i was loading OpenSSL in
> SunOS 2.6.I have installed the OpenSSL in the system ,but the comma
Actuall, my server is apache 1.3. The KeepAlive is on. By default,
It should be persistent connection without asking for Keep-Alive.
However, it does not work with either SSL(port 443) or without
SSL (port 80). I tested this with telnet:
- telnet host 80
GET / HTTP1.1
This always clo
31 matches
Mail list logo
