So users sharing passwords are at least limited to within an organisation.
Sounds perfectly reasonable.
I don't know the ins and outs of your client base but I did a similar
project a couple of years ago before client side SSL was feasible. Since all
our clients were inter-gov agencies we put in
hi there... i got this email from openssl site
... i just wondering wether you could help me in writing Makefile in order to
use the openssl.
I have a very big modules to compile and i'm not
sure how to write the makefile. The files not just in 1 directory. There are a
few directories invo
Dan Kegel wrote:
> 1. What parts of the openssl library and apps use the directories
>'certs' and 'private', or otherwise have hardcoded paths to
>the installation directories? It's hard to tell from the source.
>
> 2. I'm bundling openssl into another application which is
>distribut
Hi,
With the following code I'm getting an Access Violation in _lock_stream inn
ntdll.dll.
#include "x509.h"
int main(int argc, char* argv[])
{
X509* pX509 = 0;
FILE* fp = 0;
fp = fopen( "d:\\temp\\microsoft user 6.cer", "rb" );
d2i_X509_fp( fp, &pX509 );
fclose(fp);
return 0;
}
The thing i
Xeno Campanoli wrote:
Sorry to sound dumb, but is it okay just to take the SSLeay.pm object
inside LWP and set the SessionID in it at some strategic point so that
the session is effectively preserved? Seems like that would be straightforward.
>From what I saw, there were a lot of Autoloaded C f
Rich Salz wrote:
>
> An interesting question. Should it be PGP-signed? Well, since it's an
> X.509-based system, that wouldn't look great.
Eh? Just coz we're stuck with X.509 for SSL doesn't mean we have to
depart from common sense and use it for anything else, does it?
Cheers,
Ben.
--
http
1. What parts of the openssl library and apps use the directories
'certs' and 'private', or otherwise have hardcoded paths to
the installation directories? It's hard to tell from the source.
2. I'm bundling openssl into another application which is
distributed as a binary tarball which
Also,
(And I know it's dumb to ask) but was ./configure run ???
For Solaris 8, you probably want to use:
./configure -fPIC -no-idea
make
make test
make install
My .02...
Bodo Moeller wrote:
>
> On Fri, Mar 09, 2001 at 10:19:47AM -0800, Marcos Mensalvas wrote:
>
> > When I tried to install
On Fri, Mar 09, 2001 at 10:19:47AM -0800, Marcos Mensalvas wrote:
> When I tried to install openssl on my solaris 5.8 box it responded with a
> error during the
> 'make' command was executed:
>
> Error code 1
> make:Fatal error: Command failed for target 'cryptlib.o'
>
> Error code 1
> make: Fa
On Fri, Mar 09, 2001 at 09:30:10AM -0600, John Pliam wrote:
> I was trying to download the latest openSSL *and* check it's integrity.
> But I could not find a signature or find a website that served the source
> from an https URL. (https://www.openssl.org/ redirects to a secure site
> mainta
Hey! I've been trying to read key pairs from cryptopp. I've managed to read
the public keys with this code:
RSA* readPublicKey(const string& key)
{
int base64_len = key.length() + 2;
char base64[base64_len];
memcpy(&base64[0], key.c_str(), key.length());
ba
Aslam,
Look at the 'Tweaks' section of the Install.W32 file. You'll should end
up getting these lines in do_masm.bat
perl util\mk1mf.pl debug VC-WIN32 >ms\nt.mak
perl util\mk1mf.pl dll debug VC-WIN32 >ms\ntdll.mak
_
Greg Stark
Ethentica, Inc.
[EMAIL PROT
> Hi,
>
> I'm getting an error while working with the release version of
> libeay32.dll.
> I want to have a debug version of it. Can any one help me in this.
>
> Thanks
>
> Aslam
__
OpenSSL Project
Xeno Campanoli wrote:
>
> information since I can't be clear about the entire context of my situation. Code
>sample would definitely be welcomed. Protocol enlightenment
> might also be part of what I need, but according to what I saw on some other posts,
>the problem may be more towards the L
Aslam wrote:
> Hi,
Hello Aslam,
> Following code is giving me a null pointer access ...
> #include "x509.h"
> int main(int argc, char* argv[])
> {
> X509* pX509 = 0;
> FILE* fp = 0;
OpenSSL_add_all_algorithms();
>
> fp = fopen( "d:\\temp\\microsoft user 6.cer", "rb" );
> d2i_X509_fp( fp, &pX50
Philip Stoev wrote:
The NET::SSLeay module uses persistent session IDs
and I have been using it
successfully in such situations. Please let me know if you can not
make it
work and I will give you a code sample.
Yeah, I just tried something that Andrew Leppard kindly suggested worked
for him, and
What I usually do in these situations is pepper the
openssl functions of interest with printf("%s %d\n", __FILE__, __LINE__);
and rebuild openssl.
That usually brackets the error fairly rapidly;
once you see the line where it's happening in the source,
you know a lot more about the problem...
- Da
Hi everyone,
When I tried to install openssl on my solaris 5.8 box it responded with a
error during the
'make' command was executed:
Error code 1
make:Fatal error: Command failed for target 'cryptlib.o'
Error code 1
make: Fatal error: Command failed for target 'all'
Before the install, the 0
Aslam wrote:
> Following code is giving me a null pointer access ...
> #include "x509.h"
> int main(int argc, char* argv[])
> {
> X509* pX509 = 0;
> FILE* fp = 0;
>
> fp = fopen( "d:\\temp\\microsoft user 6.cer", "rb" );
> d2i_X509_fp( fp, &pX509 );
> return 0;
> }
> I'm using openssl-0.9.6 and t
I just ran into a problem when I tried to sign my Java keytool generated CSR
using openssl.
It does not recognize plain text, binary or even base64 encoded certificate
files. I did also try to add a LF at the end of the file, but it did not
help.
Any ideas?
c:\jdk1.3\bin\keytool -genkey -dname
Hi,
Following code is giving me a null pointer access ...
#include "x509.h"
int main(int argc, char* argv[])
{
X509* pX509 = 0;
FILE* fp = 0;
fp = fopen( "d:\\temp\\microsoft user 6.cer", "rb" );
d2i_X509_fp( fp, &pX509 );
return 0;
}
I'm using openssl-0.9.6 and trying to fill the x509 structu
I need to use the client certificates with IE. I will have a look into the
crypte API.
Thanks
rainer
-Original Message-
From: Greg Stark [mailto:[EMAIL PROTECTED]]
Sent: Freitag, 9. März 2001 18:34
To: [EMAIL PROTECTED]
Subject: Re: Client certificates: Key store per workstation, not pe
How about just publishing the sha1 hashes on an SSL-protected page? That
would leave it up to the user to decide whether to trust the server's CA and
to get a correct sha1 implementation. One such implementation could be a
previous version of the openssl utility, using the dgst -sha1 command. It
Rainer,
You write,
"...Second, I think, that without client-certificates
man-in-the-middle attacks are possible, using tools like dsniff."
and this is not correct. As long as the client does proper checking of the
server certificate AND you use SSLv3 or higher, you are not vulnerable
Rich Salz wrote:
>
> > I suppose there is no open-source project working on a general-purpose
> > ASN.1 compiler and library?
>
> There's SNACC and its various derivatives.
>
> I dunno, in the PKI world, it's hard to see anyone creating any new
> ASN.1 datatypes, and cranking up a whole compile
Antonio Ruiz Martínez wrote:
>
>
> I'm interesting in doing it with the version 0.9.6. Have you any example
> like the above example? It says, I want to create an instance of a sequence
> whith two components, for example. An example simple for to know how can I
> create SEQUENCEs. Help me p
Rich Salz wrote:
> An interesting question. Should it be PGP-signed? Well, since it's an
> X.509-based system, that wouldn't look great.
Hmmm, but I don't think it would look bad. PGP and X.509 are very different
trust models; web-of-trust vs X.500-directory/hierarchical. Both
are useful
My project is a inter-government project over the internet, with 2400
independent organizations in the first phase. Authentication is a important
issue. We agreed, that smart cards would be a good solution, but are beyond
the timescale of the projekt, because we cannot implement that for 1+
us
An interesting question. Should it be PGP-signed? Well, since it's an
X.509-based system, that wouldn't look great. And if it's signed with
an X.509 cert, you can only verify with an outside source, and how many
folks have convenient access to software that can do that? Of course,
it can't be
It's hard to say for sure because there is no way to know what your level of
expertise is, but I think you can go a long way by
1. getting a good book like Rescorla's (www.rtfm.com/sslbook)
2. looking at the applications in the apps/ directory, while at the same
time
3. looking at the documentati
Hello,
I was trying to download the latest openSSL *and* check it's integrity.
But I could not find a signature or find a website that served the source
from an https URL. (https://www.openssl.org/ redirects to a secure site
maintained by Ralf Engelschall, but on which I could not find opens
Marcel,
Your problem is that /usr/include/linux/errno.h does not exist on the
machine in question. Make sure you have installed the neccessary RedHat
package, which I think is the "kernel-headers-xxx" RPM, and check that any
symbolic links point to the correct places.
___
> Baltimore have a free toolkit called Key Tools Pro you can use to code
> your own clients. And valicert have a hosted OCSP responder.
Key Tools *Lite* is free. KeyTools Pro costs real dollars. And,
naturally, OCSP is only supported in the Pro version...
--
Harald Koch <[EMAIL PROTECTED]>
Hi,
I'm using openssl as a part of Tinc (a VPN program).
I've tried to compile openssl-0.9.6 on two machines.
Both run RedHat 6.2, the only difference between the machines
is the motherboard and CPU.
When I try to do "make" on the 2nd machine I get this error:
> making all in crypto...
> make[1
34 matches
Mail list logo