Sorry the long e-mail,
I'm trying to provise as much inormation as possible.
Someone else from my company generated a CA root certificate, a private key
and a certificate that was signed by the mentioned CA. We're using it in our
test environment with weblogic server and it works fine.
However
Hi, I'm having trouble with some code that tries to set a verify
callback. I've written a short program which demonstrates the problem.
The symptom is this: if I call SSL_set_verify(...) then the SSL_connect
call fails (but SSL_set_verify is not called!). If I call
SSL_CTX_set_verify(...) with th
all http requests from client to server ( in an ssl session) are encrypted.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Knight
Sent: Thursday, August 16, 2001 1:10 PM
To: '[EMAIL PROTECTED]'
Subject: Client encrypt on SSL Web site
I have an
My ENGINE is working now. While developing, I simply linked
our support library in statically. I'm making changes to get
it ready to release now. I converted it to programmatically
link to a .so library at run-time, using the DSO routines, as
the other hw_ modules do.
It blew up with a NU
On Thu, 16 Aug 2001, Wang, Kate wrote:
| What is the exact command used to change PKCS12 password using Openssl?
|
| Thanks.
|
Actually, if you don't want to type PEM password, then you can try this
one instead:
openssl pkcs12 -nodes -in old.p12 | openssl pkcs12 -export -out new.p12
Regards,
On Thu, 16 Aug 2001, Wang, Kate wrote:
|
| What is the exact command used to change PKCS12 password using Openssl?
|
| Thanks.
|
| Kate
Well, I believe this should work:
openssl pkcs12 -in old.p12 | openssl pkcs12 -export -out new.p12
Then, you should type in:
1. Old import password
2. PEM pas
I have an Apache web server on Linux which is SSL-enabled. So far I have
successfully created https pages which -- am I right? -- encrypts the page
as it is downloaded to the client. Is there a simple example of having the
client send something back to the server encrypted?
Thanks,
Patrick
_
>>If I am not wrong, it takes (1000*48)k
>>memory ?? So Can I avoid preallocating 16k for each
>>buffer, since it is believed that it is very rare for
>>a client to send the maximum aloowable 16k data to
>>server.
Dynamic allocation would be expensive as you would have to realloc buffers
each an
Found it. ((p7->d).sign)->contents->d.data->data. Is there a convenience
function to do this anywhere, as this is ugly.
Frank Geck wrote:
> Does anyone know how to extract the data contents from a PKCS7 * where
> it's just a signed message? I tried accessing the contents member
> (p7->d.sign-
Hi, all,
I am a new user to Openssl, sorry for the naive question.
What is the exact command used to change PKCS12 password using Openssl?
Thanks.
Kate
__
OpenSSL Project http://www.openssl.org
Does anyone know how to extract the data contents from a PKCS7 * where
it's just a signed message? I tried accessing the contents member
(p7->d.sign->contents) but that did not seem to be it (or is it not in
plain text?). I'm able to verify the signature just don't know how to
get the plain tex
Hi All,
I am very new to SSL.My knowledge says ,for each
session the openssl by default sets the sizes of
init_buf(for holding handshake data),rbuf(for reading
data ),wbuf(for writing data) to 16k each.
Is there any way I can dynamically adjust the sizes
of the buffers, as and when my server
Ok, I wrote the functions to manage X509_PURPOSE_OBJ_SIGN, checking if the
purpose is
NS_OBJSIGN or NS_OBJSIGN_CA for CA certificates.
It seems that the problem is solved. Thank you.
Gisela
--
Gisela Acosta
Gerencia de Desarrollo de Sistemas
Red Link S.A.
Tel:
stef wrote:
>
> hi'
>
> could s.o. say to me why in the documentation of openssl in
> http://www.openssl.org/docs/crypto/pem.html there are _AUX method for
> certificate
>
> int PEM_write_X509_AUX(FILE *fp, X509 *x);
> X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
On Thu, Aug 16, 2001 at 11:24:48AM -0400, Robert Pungello wrote:
> >The error message you are seeing says:
> >* You are on the server side (because it happens in the
> SSL3_GET_CLIENT_HELLO
> > stage; only the server _gets_ the client hello, the client sends it).
> >* Your server has decided that
Gisela Acosta wrote:
>
> Hi,
> Thanks for your answer.
> Your are right. The certificate that I've used isn't certified for email. It's
> Verisign Netscape Object Signing* Digital ID.
> I need to verify a signed file, not an email.
> Should I use X509_PURPOSE_SMIME_SIGN or another one?
> What i
Hello,
Yes that is the problem, you have to install Microsoft High Encryption
Update, available at www.microsoft.com.
Without it, msExplorer can only use weak cyphers and passwords
Japa
Jun Wang wrote:
> Dear User support staff:
>
> When I access my server https://ofx.automatedfinancial.co
hi'
could s.o. say to me why in the documentation of openssl in
http://www.openssl.org/docs/crypto/pem.html there are _AUX method for
certificate
int PEM_write_X509_AUX(FILE *fp, X509 *x);
X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
but not for certificate re
>The error message you are seeing says:
>* You are on the server side (because it happens in the
SSL3_GET_CLIENT_HELLO
> stage; only the server _gets_ the client hello, the client sends it).
>* Your server has decided that there is no shared cipher in the client
hello.
> See "man SSL_CTX_set_cip
Dear User support staff:
When I access my server https://ofx.automatedfinancial.com I got login
screen. after I enter userID and password. and click Login button. An error
message pop up and I do not know what cause it .
Internet Exploreer canneot open the Internet site
https://ofx.automatedfina
Hi,
Thanks for your answer.
Your are right. The certificate that I've used isn't certified for email. It's
Verisign Netscape Object Signing* Digital ID.
I need to verify a signed file, not an email.
Should I use X509_PURPOSE_SMIME_SIGN or another one?
What is the puropose to check the purpose? W
On Thu, Aug 16, 2001 at 09:22:34AM -0400, Robert Pungello wrote:
> I am trying to get the SSL/TLS alert code for various errors but am having
> trouble doing so. Suppose I get the following error string:
>
> error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
>
> I know this is a
Will the functions:
RSA_set_ex_data
RSA_get_ex_data
contained within OpenSSL version 0.9.6 remain valid in future
versions of OpenSSL?
Ken
__
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542
Title: Creating certificates
OpenSSL Ver: 0.9.6b
OS: Solaris 8
CC: CC 5.2
I would like to be able to create certificates without using the openssl tool if possible. I don't like the idea of my program having to call an outside application to create certificates, and I was wondering
Gisela Acosta wrote:
>
> Hi,
> I've signed my message with a netscape certificate. When I try to verify it, the
> following error occurs:
> 26: unsupported certificate purpose
> I set the ctx structure with X509_PURPOSE_SMIME_SIGN, like it's in verify.c.
> I tried setting the structure whith X509
I am trying to get the SSL/TLS alert code for various errors but am having
trouble doing so. Suppose I get the following error string:
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
I know this is a handshake_failure alert number 40, but I'm having
determining this informati
Hi,
I've signed my message with a netscape certificate. When I try to verify it, the
following error occurs:
26: unsupported certificate purpose
I set the ctx structure with X509_PURPOSE_SMIME_SIGN, like it's in verify.c.
I tried setting the structure whith X509_PURPOSE_ANY, and it seems to work
Florian Delacroix wrote:
>
> Hi all,
>
> I have generated an empty CRL, added a cert ands signed the CRL using
> following commands.
> X509_CRL_new
> sk_X509_REVOKED_push
> X509_CRL_sign
>
That's not enough. You have to set up a few other things as well.
Specifi
Kok-Yong Leong wrote:
>
> hi
>
> I see that the openssl command line tool does support OCSP and CRL
> processing.
>
> Does the openssl library supports API that allows validation of
> certificate revocation status via OCSP or CRL ?
>
OpenSSL 0.9.7 will support CRL processing by setting a flag
On 08/12/01 07:32 AM, Avery Fay sat at the `puter and typed:
> Hello,
>
> I've been given a task that a previous employee at our company was
> unable to accomplish. Before I start I would like to ask if it is even
> possible.
>
> What I need to do:
>
> 1.) start a ssl session
> 2.) send / recei
Eric Rescorla wrote,
> The man page says:
^^^
Huh? Which platform?
I'd be more impressed by POSIX chapter and verse, but even that's
irrelevant because all it might or might not tell us is that many
platforms aren't fully POSIX compliant.
> select() examines the I/O descriptor sets whose a
Hi all,
I have generated an empty CRL, added a cert ands signed the CRL using
following commands.
X509_CRL_new
sk_X509_REVOKED_push
X509_CRL_sign
Yet trying to output a text form with openssl command line tool gives me
following error :
*
OpenSSL> crl
32 matches
Mail list logo
