Martin Szotkowski wrote:
>
>
>
> >
> > SET OF should be sorted but the request is not sorted, or not sorted
> > correctly.
>
> where is defined order?
>
Each SET OF component should be in lexical order, it is in the DER
encoding rules. If you check the SET OF stuff using dumpasn1 you get:
Check that the parameters to this memcpy call are satisfactory (ie. pointers
to valid memory, and that the length doesn't extend into invalid memory).
If they aren't satisfactory then there is obviously a problem with the wr
structure. If the parameters are satisfactory, then perhaps memory has b
I was wondering has anyone tried having openSSL and Frontpage Extentions on
the same version of Apache? If so what changes do I have to make and do you
have a URL of a how-to or anything???
Brock Noland
__
OpenSSL Project
I'm getting a memcpy failure on line 594 of ssl\s3_pkt.c (openssl
0.9.5.a).It seems to only happen when I have several threads (5 +) in the
same application. It always occurs on the write, I have never had any
problems on a read. Further it always happens in the server side. I've
included a snippe
Kishore Gummadidala wrote:
>
> Dear all,
>
> I have a question which I hope someone can help me
> with. So here goes..
>
> I am trying to sign code, and package it in a PKCS7
> file. The sample program in crypto/pkcs7 namely
> sign.c and verify.c have served my purpose quite
> well. Many thanks
On Tue, Sep 05, 2000 at 04:28:26PM -0400, [EMAIL PROTECTED] wrote:
>
> thanks a lot.
>
> but how to sends the certificate of the CA that issued the client
> certificate together with the client certificate.
> and I allready used the SSL_CTX_use_certificate_chain_file(ctx,CERTF);
> I used the s_
Dear all,
I have a question which I hope someone can help me
with. So here goes..
I am trying to sign code, and package it in a PKCS7
file. The sample program in crypto/pkcs7 namely
sign.c and verify.c have served my purpose quite
well. Many thanks.
Now I need to modify them so that they do
thanks a lot.
but how to sends the certificate of the CA that issued the client
certificate together with the client certificate.
and I allready used the SSL_CTX_use_certificate_chain_file(ctx,CERTF);
I used the s_client to connect to my serevr like:
OpenSSL> s_client -connect myserver:port -k
I'm curious if
OpenSSL can be exported to Australia? If it can, who do I have to contact
to get the requirements for exportation?
Erik
Philips
Software
Engineer
Pinpoint
Technologies
www.pinpointtech.com
On Tue, Sep 05, 2000 at 02:35:05PM -0400, [EMAIL PROTECTED] wrote:
> but I got these message:
>
> verify error:num=20:unable to get local issuer certificate
>
> verify error:num=27:certificate not trusted
>
> verify error:num=21:unable to verify the first certificate
>
> How can I verify the c
When I use verifycallback lik this:
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
X509 *err_cert;
int err,depth;
err_cert=X509_STORE_CTX_get_current_cert(ctx);
err=X509_STORE_CTX_get_error(ctx);
depth=
I am trying to secure my web site. I am using stunnel with apache. My
site runs on a zope server. My first page is a login page where I ask
for a login and password, and then it tries to identify the user. My
problem is when I switch to https mode, I have a "cookie problem" on
netscape (and not on
I have sorted this out. In case anyone's interested...
I was trying to connect to a web server which was protected by both TLS1.0
(reported by IE4 as "TLS3.1") and Apache style .htaccess password
protection. I thought I had to connect using HTTP on port 80 first, do
password authorisation, then
http://www.ultranet.com/~fhirsch/Papers/cook/ssl_cook.html
"Alex Lau(IMS)" wrote:
I've just implemented
Apache 1.3.12, mod_ssl s.6.6, openssl 0.9.5a. Searching through the docs
and webs, no details configuration examples are found about how to use
openssl as CA. Can anyone show me where to
--
Hi
Command 'hi' not recognized.
I have the source of openssl(version openssl-0.9.3a),I compile it in
>Redhat6.2,I
Command 'i' not recognized.
have installed the openssl,but can not compile enc.c and req.c,which both in the
>"apps"
Command 'have' not recogni
well, that's fine and pretty clear, I'm afraid.
The proble ist not WHICH certificate is used, the
problem is WHAT actually happens during verification ...
I was already told to have a glace at RFC2459 section 6,
and I did so. It's now a little clearer a I am convinced
that my initial question wa
To verify the validity of the key used to sign your certificate, your
browsers uses the Verisign self-signed certificate it finds pre-installed in
its certificate store.
Claudio Campetto.
> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Inviato: lunedì 4 sett
Sorry to bother the list:
>
> > Why don't you try to add some validity rules
> > at the generation of the request?
>
> I am afraid I don't really understand this idea.
There is some software used by the user to generate the
request, so somehow the user adds a DN or whatever else
attribute, and
At 02:14 PM 9/5/00 +0200, you wrote:
>Hello,
>
>Suppose that a user generates a certificate request, but enrolls partially
>incorrect information in it (let's say (s)he filled the OU in other format
>than how I'd like it to be; for example "Dept. 870" instead of just "870").
Ivan,
I do not think
Hi
I have the source of openssl(version openssl-0.9.3a),I compile it in Redhat6.2,I
have installed the openssl,but can not compile enc.c and req.c,which both in the
"apps"
directory.The openssl is in default location,which is /usr/local/ssl.
_
Thanks for e-mail, Peter,
> Why don't you try to add some validity rules
> at the generation of the request?
I am afraid I don't really understand this idea.
> Who is generating the request? A client, or do you
> generate keys and requests in a server?
As is the point of X.509, a person from
Hi,
Is there any cookbook available with informations about how to use OpenSSL
+Apache to validate
Certisign client certificates? I can successfully install a server certificate but,
I'm no having many success
when trying to validade the client certificates.
---
Per
Hello,
my question is very stupid, but I wasn't able to find the answer in
mail-archive.com:
Suppose that a user generates a certificate request, but enrolls partially
incorrect information in it (let's say (s)he filled the OU in other format
than how I'd like it to be; for example "Dept. 87
hi!
could anyone explain this error message?
(especially those numbers)
generating index
error creating name index:(2,28,87)
thanks
-ks-
__
OpenSSL Project http://www.openssl.org
User Support Ma
thanks Steve,
> Excellent, someone has actually included the data for a change.
>
> The problem is that the request is improperly encoded.
I looked in the request. Version is 2, but in PKCS10 is version 1. Maybe
there is the problem.
(where is defined pkcs10 version 2?)
>
> It uses a non standa
25 matches
Mail list logo
