Thanks a lot for your reply. But I'm an absolute newbie with openssl and
couldn't exactly make out how to use your CA patch. Seems I need to replace the
.c file and complie the entire thing..but I'm using 0.9.5a zip supplied by
someone. This has no C files !! Only openssl.exe, libeay32.dll and
I've a client that also acts as a server to some other client. Therefore, I need
to generate both client and server certs for this machine. Now when I specify
the same DN for the second time, openssl, naturally, refuses to sign the
request...What do I do? I can manage by changing some of the en
Hi,
Whenever expanding the BNs using bn_expand() , why always one extra
element is given? (for eg, if we want to expand to n ,we are giving n+1 as
the expanding number).
Thanks
Josephine
__
OpenSSL Project
Pluto Liu wrote:
>
>
> And I found the certificates(my.pem&my2.pem) are different at column 11.
> diff my.pem my2.pem
> 11c11
> < AaATFhEzNDcwMDAwMDBOQFRFU1QwMKNaMFgwCwYDVR0PBAQDAgeAMAkGA1UdEwQC
> ---~
> > AaATFhEzNDcwMDAwMDBOQFRFU1QwM6NaMFgwCwYDVR0PBAQDAgeAMAkGA1Ud
Hi,
I have been experimenting with trying to increase the encryption that my
browser negotiates to my web-server.
So far I've successfully generated, self-signed and deployed a
2048 (256-bit) length certificate. I understand that in order to achieve
the desired results I must also modify the br
> 1.> I'm wondering if it's possible to make a digital cert that
supports/uses SCG (Server Gated Cryptography), and if so, > how?
>
> [Lee] I think you have to be a big company, like MS or Netscape, and
negotate a special deal with the NSA.
I don't think so. Better yet, search for SGC (not SCG)
On Wed, Apr 25, 2001 at 06:05:47PM -, Judy Trent wrote:
> I'm new to openSSL and I have a question. I'm trying to use openSSL with
> visual basic. I want to create a small server/client program. I have been
> successfull in calling some functions from visual basic, however, I ran into
> a p
Platform:
Solaris 2.7 Ultra5
GNU gcc 2.95.3
GNU ld 2.11 <-- I'm using this since make calls ld options that the Sun
ld doesn't recognize
GNU make 3.79.1
on make install, the script processes the links in /usr/lib twice. On
the first go-round (before the man pages install) ever
Gustavo,
OpenSSL initializes things for you without you knowing it, but it has no
way of knowing when you are ultimately finished with them so you must
explicitly clean them up. The SSLeay_add_ssl_algorithms() does some of this
initialization. To clean up just from this call, you need to call
Judy,
I think the manual gives a hint to examine the errno for the socket that
is being used, or maybe WSAGetLastError() if using Windows.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
Well, as long as we're picking nits (Especially since Greg doesn't
seem to make mistakes in his explanations.)
> I can create one using OpenSSL and get it
> signed by Verisign without paying a penny to MS or Netscape. I'll have to
> pay Verisign of course, perhaps more than usual (~US $500),
Riviere Stéphane wrote:
>
> Hi,
>
> I'd like to know how to generate certificates with this extension :
> CRL Distribution Point
>
> I suppose that it's only a variable to set in the openssl.cnf file..
>
Yes it is. Read doc/openssl.txt
Steve.
--
Dr Stephen N. Henson. http://www.drh-cons
On Wed, Apr 25, 2001 at 02:13:06PM -0400, Raoul Schroeder wrote:
> My MTA:
> qmail 1.03 with TLS extension (normally it works fine, I checked it quite a lot of
>times)
>
> The server MTA:
> 220 mail.ijs.com ESMTP CommuniGate Pro 3.2
>
> Is there anyway I can check from the command line whether
Lee,
Thanks, I am aware of the SGC history. The SGC certs are signed by
Verisign, not MS or Netscape. I can create one using OpenSSL and get it
signed by Verisign without paying a penny to MS or Netscape. I'll have to
pay Verisign of course, perhaps more than usual (~US $500), but even tiny
c
Gustavo,
Take a look at the archived articles
(http://www.mail-archive.com/openssl-dev@openssl.org/msg08902.html) and
(http://www.mail-archive.com/openssl-users@openssl.org/msg18264.html).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
___
3.> When I use the .cnf file, putting in
my own data... it doesn't seem to work. Of note is the DATE -- even if I
stick in, say, 3650 days, the cert still defaults to a years expiry. Why
don't my changes to the cnf file work -- is there some sort of trick or
something I'm missing??
[Lee]
Hi all,
I still have some trouble with the memory BIO.
I want to write a PEM struct into a memory BIO
So I do :
BIO * bp;
d=malloc(1024);
bp=BIO_new_mem_buf(d,1024);
ret = PEM_write_bio_X509(bp,x509);
And it fails !
But if i do :
BIO *out;
BIO *out=OpenSSLCore.BIO_new(OpenSSLCore.BIO_s_file()
Monique,
I'm a little confused by your example; it looks like three distinct code
fragments (or maybe 2.5?) . In the first, your function bio_dump_cb is
called at various times. It is up to bio_dump_cb where the information is
actually written. There is also a callback argument you can set. I
Greg,
As your link states, you need to have a CA cert signed by a root SGC CA and as I
recall, both MS and NS have to control access to such entities quite closely (ie. you
need to be a big company or at least you have to be big enough to not be able to run
away from the gov). The history of S
> * This bug has been fixed in later versions of CommuniGate.
Good to know. Not my fault then.. ;-)
> * You can work around this bug by not using TLSv1 in you client but
> only use SSLv2 and SSLv3. I don't know, in how far qmail/TLS allows
> to configure this externally (and as a per-site op
On Wed, 25 Apr 2001 [EMAIL PROTECTED] wrote:
> > And we've stated that binary compatibility doesn't exist
> > either. Given those two
> > things, you'd think that OS distributions wouldn't build
> > everything based on
> > OpenSSL as shared libraries wouldn't you ... funny what
> > people will
I am trying to add tracing to my server application. I'm confused by what
this function does. It seems to hinge on the variable "cmd". Where is that
set and what are the options?
It also seems like the function is working, but I don't see output? Does it
write to the BIO structure or the mo
Hi,
I'd like to know how to generate certificates with this extension :
CRL Distribution Point
I suppose that it's only a variable to set in the openssl.cnf file..
I want to use OpenSSL certificates with IIS 5.0 + SSL but it only works if
there is this extension, so that IIS can automatically
Laurent,
You cannot use a memory BIO that way; BIO_new_mem_buf() creates a
READ-ONLY BIO. See (http://www.openssl.org/docs/crypto/BIO_s_mem.html#).
Instead, just do bp = BIO_new(BIO_s_mem()) and go from there
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
1.> I'm wondering if it's possible to
make a digital cert that supports/uses SCG (Server Gated Cryptography), and if
so, how?
[Lee] I think you have to be a
big company, like MS or Netscape, and negotate a special deal with the
NSA.
4.> Finally, I notice a problem w
Hi,
I'm new to openSSL and I have a question. I'm trying to use openSSL with
visual basic. I want to create a small server/client program. I have been
successfull in calling some functions from visual basic, however, I ran into
a problem with the SSL_accept function. When I call SSL_accept, th
> The server has immediately closed the connection.
> Perhaps you should send details about your MTA and the server MTA
My MTA:
qmail 1.03 with TLS extension (normally it works fine, I checked it quite a lot of
times)
The server MTA:
220 mail.ijs.com ESMTP CommuniGate Pro 3.2
Is there anyway
Hi,
I waana obtain all the X509 (certificates) from a CA certificate chain,
which is a CMS standard PKCS#7 encoded blob.
So for this what is OpenSSL support, I found some pkcs#7 things in
OpenSSL-0.9.6a, so is there some docs on these
functions.
Any help is much more appriciated..
Thanks
Aslam
28 matches
Mail list logo
