On Thu, Jun 06, 2002 at 02:57:28PM -0500, Steve Romero wrote:
> Didn't see a bug list, but wanted to let everyone know that I had problems
> with this beta release under the following conditions:
>
> + gcc
> + Solaris 8 (patched)
> + rsaref-2.0
> + openssl-0.9.7-beta1
>
> When compiling openssl
I just installed mod_ssl on my Mac OS X server and when I try to access
it for testing I get the following error message:
SSL_connect:error in SSLv2/v3 read server hello A
404:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:460:
Any suggestions?
Thanks,
Aaron Sm
This might be a nonsensical question, and if so it
wouldn't be my first foolish question here:
Is it possible or appropriate to add a timestamp object
(RFC 3161) to a PKCS#7 signature during the signature's
creation?
It is *not* possible for me to make the timestamp the signed data
portion, s
Hi all,
Didn't see a bug list, but wanted to let everyone know that I had problems
with this beta release under the following conditions:
+ gcc
+ Solaris 8 (patched)
+ rsaref-2.0
+ openssl-0.9.7-beta1
When compiling openssl I get:
evp_test.c: In function `main':
evp_test.c:361: warning: impli
On Thu, Jun 06, 2002 at 02:57:28PM -0500, Steve Romero wrote:
> Hi all,
>
> Didn't see a bug list, but wanted to let everyone know that I had problems
> with this beta release under the following conditions:
>
> + gcc
> + Solaris 8 (patched)
> + rsaref-2.0
> + openssl-0.9.7-beta1
>
> When comp
On Thu, Jun 06, 2002 at 02:51:57PM -0400, Jeffrey Altman wrote:
> Verifying the client certificate is only half the issue. The other
> half is deciding whether or not the holder of the cert is authorized
> to access the service and with what user name(s).
>
> This requires more than simply ch
Verifying the client certificate is only half the issue. The other
half is deciding whether or not the holder of the cert is authorized
to access the service and with what user name(s).
This requires more than simply checking to see if the client cert can
be validated by a CA Root cert.
>
>
Have many options, SSLTelnet for example.
But maybe more easy is use stunnel, this too works fine for this case
(verify client certs).
regards,
./nelson -murilo
> Hi all ssl-ers.
> =20
> Questions.
> =20
> Anybody knows how to configure telnetd-ssl for authenticate by client =
> cer
on 6/6/02 9:45 AM, [EMAIL PROTECTED] purportedly said:
> Hi.
>
> When using the net_ssl_test script I get this error:
> WEB SITE: www.nwoasis.org:443
> CIPHER: RC4-MD5
> THIS IS: /C=US/O=BONNEVILLE POWER ADMINISTRATION/OU=BONNEVILLE POWER
> ADMINISTRATION/CN=www.nwoasis.org
> CERTIFIED BY: /C=US
That depends on whose Telnetd you are using and how you want the
client's to be authorized.
Peter Runestig and I provide some possible methods in his Telnetd
distribution. ftp://ftp.runestig.com/
>
> Hi all ssl-ers.
> =20
> Questions.
> =20
> Anybody knows how to configure telnetd-ssl for au
Hi all
ssl-ers.
Questions.
Anybody knows how to
configure telnetd-ssl for authenticate by
client certificate ?
Anybody knows the
handshake process flow on this case ?
When telnetd-ssl has
to verify certs of telnet-ssl (client) where does it searchs CA cert and
key ?
Anybody hav
Hi all,
It's possible to put something like this in the openssl config file?
[ req ]
distinguished_name = // file //
Because I'm trying to make a CSR on-line (with prompt = no) and I don't
want to write the config file every time that I make a new CSR.
Thanks a lot.
Juan Angel
Hi,
I have to verify a token, it's signed with a non self signed certificate .
I wrote a program using openssl-0.9.6.
It works OK for a while but then (after run my program more o less 500 times)
the following error occurs:
num=20: unable to get local issuer certificate
It seems that it can read
Hi.
When using the net_ssl_test script I get this error:
== FAILED TO CONNECT ==
Error: SSL negotiation failed: error:1407E086:SSL
routines:SSL2_SET_CERTIFICATE:certificate verify failed at
In one test case it seems to work; in the other it fails. I'm not sure
where I went wrong. The details
Hi,
In 0.9.6d, the qcStatement oid is already recognized.
If I put the qcStatement in req section, then it goes in the subject of the
cetificate, and I don't want that. I want it to be a regular x509 v3
extension.
I can do this with
qcStatements = DER:XX:XX:XX:XX...
in [user_cert] section, wh
Vadim,
how to specify something else then a key to be packed into the pkcs7 file?
Besides does pkcs7 really sign the content? I can not specify a signing key
with it?!? Isn't pkcs12 what you meant? But how to specify a non key kontent
here?
Do you have an idea?
Stefan Thom wrote:
How can I verify the signature contained in a x509 CRL certificate with C code? I have all the required CA certificate locally in a DER encoded file.Thank you for helping.
Regards,Andrea NagarDo You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup
Hi Averroes,
Thanks for your hint, but this mime document would not be recognized by
the browser or is there a special mimetype that does the trick?
Regards
Stefan
Averroes wrote:
>Hi Stefan
>
>Use openssl smime -sign ...
>
>Regards
>
>Stefan Thom wrote:
>
>
>
>>Hi there,
>>
>>has anybody a
Hi Jasmin,
Yes,
put in the oid section:
qcStatements= 1.3.6.1.5.5.7.1.3
then in req section as commonName, countryName, etc.
Regards
Jasmin Djipanov wrote:
> Does anyone know how to configure openssl.cnf to include the 'qcStatements'
> extension in a user certificate?
>
> Thanks...
>
>
Hi Paolo
At the begining you are right!
A concatenation of certificates is good, but you need to
convert the result to PKCS7 structure with:
Try this:
openssl crl2pkcs7 -nocrl -outform DER -certfile ./PATH/TO/CONCATENATE_FILE \
-out /PATH/TO/CONCATENATE_FILE.p7b
Regards
Paolo Rossi wrote:
>
> Please excuse a windows user out of his depth in a Unix world but .
>
> I am trying to install Perl XML components supplied by a credit card
> authentication company( datacash.com). For various reasons our Apache site
> runs on a Linux server which has dutifully proccessed SSL requests for a
Hi Stefan
Use openssl smime -sign ...
Regards
Stefan Thom wrote:
> Hi there,
>
> has anybody an idea how to sign a binary Document, like a word Document,
> that if it is downloaded from a Web Server the signature is validated.
> Like with signed jar archives they are validated before they are
Can't you read the headers of your email? There should be a line something
like
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g56Bp6r03903
for <[EMAIL PROTECTED]>; Thu, 6 Jun 2002 12:51:11 +0100
My
Please excuse a windows user out of his depth in a Unix world but .
I am trying to install Perl XML components supplied by a credit card
authentication company( datacash.com). For various reasons our Apache site
runs on a Linux server which has dutifully proccessed SSL requests for a
while
hi,
i created a CA and a ClientKey witch i imported in my Client.
in httpd.conf i configured
Alias /test/ "/opt/www/test/"
Options Indexes
Order allow,deny
Allow from 192.168.0.142
SSLVerifyClient require
SSLVerifyDepth 1
./logs/ssl_engine_log <
doesn't work becouse to get the old address of the list I need to be able
to figure out EXACTLY what the address is (capitalizations included) or
the robot won't match (I've attempted this already)
if the list manager notices this thread the addres I am on as should be a
varient of
[EMAIL PROTEC
When I run ./config on my NCR system I get the error:
This system (UNIX_SV) is not supported.
Yet, I see that ncr was listed as a supported platform on a search through
the archives.
My machine has the following uname values -m:3404/3414,-r:4.0,0s:UNIX_SV,-v:3.0.
I've tried to do ./Configure us
27 matches
Mail list logo
