Michael Wojcik wrote:
> Hmm. Seeding PRNGs on Windows and Unix are pretty well-understood problems;
> there's Yarrow for Windows (www.counterpane.com) and egd for Unix,
Yeah but both of these are external processes. We can't (for various reasons)
rely on, or require the installation of, any su
Hi,
when I use
openssl genrsa -out my.key -rand $randfile 2048
where is the PUBLIC KEY stored?
Gruss, Arne Borkowski
Hamburg
winmail.dat
Thank you for your quick answer.
I was indeed using an older version.
I'll get a hand on 0.9.5a...
Nicolas Roumiantzeff
-Message d'origine-
De : Dr S N Henson <[EMAIL PROTECTED]>
À : [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date : vendredi 8 septembre 2000 13:37
Objet : Re: X509_verify_cert
I have a problem of figuring out how to successfully "SLL_connect" to a
server with an expired certificate.
I'd be very grateful if you can give me an advise for this problem.
Thank you in advance,
Dragomir Velchev
Riflexo Research Ltd.
___
Nicolas Roumiantzeff wrote:
>
> Hi all,
>
> I have a problem with an SSL server that uses a self-signed certificate.
> Using the standard callback function to check the certificate chain I get
> the X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT error and if I simply ignore this
> specific error then an
On Fri, Sep 08, 2000 at 05:44:35PM +0800, Fung wrote:
> I have found that there is a serious bug located in the static
> function ssl3_get_record in s3_pkt.c. The fault is that the function
> NEVER gets the version number of SSL and MUST returns "wrong version
> number" error. That means if I cre
Hi all,
I have a problem with an SSL server that uses a self-signed certificate.
Using the standard callback function to check the certificate chain I get
the X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT error and if I simply ignore this
specific error then any self-signed certificate is accepted not j
On Fri, Sep 08, 2000 at 11:10:23AM +0800, Fung wrote:
> Do anyone know what is the diff. between SSLv2_method and
> SSLv23_method?? Once I used SSLv23_method to create SSL_CTX for my
> client program, handshake failure returned when connected to some
> web server. When I changed to use SSLv2_meth
[EMAIL PROTECTED] wrote:
>
> All,
>
> I would like to get OpenSSL to trust a CA which doesn't have a root cert,
> basically an intermediate CA..
> With a browser you can define a list of intermediate trusted CA so that you
> don't need the root cert which signed the intermediate cert.. I would l
On Thu, Sep 07, 2000 at 08:53:47PM -0700, David Schwartz wrote:
> It seems to be working now. It just seems that I need to keep churning the
> SSL engine more than once, even if both BIO_read functions return -1. Go
> figure.
During the SSL handshake (which always occurs when the connectio
Hi,
I'd like to communicate from a client system which is also a server having
a server certificate. Is it possible to use that server certificate as a
client certificate (since the remote system requires a client certificate).
Thanks for help.
Philip
Hi all,
I have found that there is a serious bug located in the static
function ssl3_get_record in s3_pkt.c. The fault is that the function NEVER gets
the version number of SSL and MUST returns "wrong version number" error. That
means if I create SSL_CTX with SSLv3_method, then I get "wrong
> Not so. BIO_read and BIO_write on ssl_bio allow me to get in and out
> plaintext.
>
> > The sides that you talk about are actually the the 2 BIOs in the BIO
> > pair.
> > These act as buffers for ssl_read/write.
>
> Yes, the two BIO interfaces are 'ssl_bio' and 'bio_io'. This l
> You haven't read the FAQ:
> http://www.openssl.org/support/faq.html#13
I did it, but i forgot :-)
Now it works, thanks a lot.
--
Marco Donati
Context Security - Software
P.zza Liberazione, 25 - 20013 Magenta (MI)
Phone: +
All,
I would like to get OpenSSL to trust a CA which doesn't have a root cert,
basically an intermediate CA..
With a browser you can define a list of intermediate trusted CA so that you
don't need the root cert which signed the intermediate cert.. I would like
to do the same with OpenSSL.
I use
Oleg Amiton wrote:
>
> Salam!
>
> Some time ago I've testing application, signing and verifying
> signature on files. It works OK when I used for signing the test
> certificate, including in the OpenSSL
> distribution (apps/server.pem). Private key was readed by
> PEM_read_bio_PrivateKey(in,NULL
Marco Donati wrote:
>
> I wrote the following simple code to read a private key that's inside a
> PKCS12 object:
>
[stuff deleted]
>
> the PKCS12_parse always fail reporting
> PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE.
>
> Stepping inside it I've seen that PKCS12_verify_mac fails repor
GET YOUR OWN 20 MEG WEBSITE FOR ONLY $11.95 PER MONTH TODAY!
STOP PAYING $19.95 or more TODAY for your web site, WHEN YOU CAN
GET ONE FOR ONLY $11.95 PER MONTH!
DO YOU ALREADY HAVE A WEBSITE? ALL YOU HAVE TO DO IS TRANSFER THE
DOMAIN TO OUR SERVERS AND UPLOAD YOUR DATA AND YOU ARE READY TO
GO
Title: Fatal Relocation Error
Hi,
Can anyone point me in the right direction. I am trying to build Apache OpenSSL and getting;
root$ ../apache_ssl/bin/httpsdctl start
Syntax error on line 8 of /usr/local/apache_ssl/conf/httpd.conf:
Cannot load /usr/local/apache_ssl/libexec/libssl.so into s
Salam!
Some time ago I've testing application, signing and verifying
signature on files. It works OK when I used for signing the test
certificate, including in the OpenSSL
distribution (apps/server.pem). Private key was readed by
PEM_read_bio_PrivateKey(in,NULL,NULL,NULL), that is without passphr
I wrote the following simple code to read a private key that's inside a
PKCS12 object:
FILE * fp ;
PKCS12* p12=NULL;
EVP_PKEY *prkey=NULL;
if ( (fp = fopen ( p12file, "rb" )) == NULL ) {
return 0
}
d2i_PKCS12_fp(fp, &p12);
if (!PKCS12_parse(p12, pass, &prkey, NULL,NULL)
On Wed, 6 Sep 2000 [EMAIL PROTECTED] wrote:
> when using the following combinations I got memory leaks
> by sending SSL-requests via LWP objects. I do not
> got such problems when using e.g. Net::SSLeay::get_https
> directly.
you mentioned having both Crypt-SSLeay and IO-Socket-SSL in your
envi
Richard Browne wrote:
>
> Is it possible to use openssl to add authorityInfoAccess extensions when
> signing a certificate? If so... how?
>
Yes, syntax is:
authorityInfoAccess= OID1;type, OID2;type
where 'type' has the same syntax as subjectAltName for example
authorityInfoAccess = OCSP;URI:
Do anyone know what does SSL_CTX_set_options affect the
behaviour of SSL_CTX???
Thanks
Very easy!
If you want to use digital signatue. you have better use the standard data format.
such as pkcs7 SignedData. instead of just cryto a plain message use your private key.
In this way, that your signatue can be shared by those software(IE,NE...). You can
learn how to do it in cryto/pkc
25 matches
Mail list logo
