Have you tried this with a non "self signed certificate". ie. The subject
and issuer of the cert should be different for client/end user certs.
Sincerely,
Patrick Tronnier
Principal Security Architect
www.oaticerts.com
CONFIDENTIAL INFORMATION: This email and any attachment(s) contain
confide
In general, when a client certificate is presented to the server the server
will attempt to "validate" the client certificate. In addition to checking
validity dates (i.e.. make sure the certificate is not expired), Certificate
Revocation Lists (i.e. make sure the certificate is not revoked), and
I am running a redhat 7.2 box with openssl version of openssl-0.9.6b-28. I
found a package openssl-0.9.6c-2.i386 , rawhide 1.0 for i386. Can i download
and and upgrade the present package with the rpm -Uvh packagename command?
Will it break the deps?
thanks
__
I think it's still running on an olden machine at ETH Zürich?
As an alumni of that fine engineering school (*cough*)
I would like to think they could find a few SFR to give
that important site a better uptime
On second sights, they apparently did:
http://www.mail-archive.com/openssl-dev@openss
I sometimes resort to http://openssl.planetmirror.com/ in cases like this.
- Original Message -
From: "Jean-Marc Desperrier" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 18, 2002 2:01 PM
Subject: Re: www.openssl.org
> Thomas Spoelstra a dit :
>
> >At 19:00 gm
Thomas Spoelstra a dit :
>At 19:00 gmt+1 - is the OpenSSL site down?
>
>
It does happen for me quite often that the OpenSSL site is down.
It is indeed down for me too now, and I don't know any other site that I
see down as often as the OpenSSL one.
__
"Jose Correia (J)" wrote:
>
> [...]
> On my Java side I'm using JSSE 1.0.3 together with Innovation's
> HTTPClient like:
That's probably your problem. I tried to get a Java/JSSE client
to do client-side authentication with a C/OpenSSL server recently
and couldn't get it to work. I posted a que
Hi all,
At 19:00 gmt+1 - is the OpenSSL site down?
Thomas
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
At 10:18 AM 9/18/2002 +0200, Rasmus Aaen writeth:
>Hi,
>
>I'm a newbie to C, but as I am using more and more open-source software I
>figured I'd better start compiling it myself. Maybe I could even learn
>somthing as I go. So i installed MinGW, a few libraries and have now
>successfully compiled s
Hacking Exposed: Network Security Secrets & Solutions, Third Edition
ISBN: 0072193816
CISSP All-in-One Exam Guide
ISBN: 0072193530
The CISSP Prep Guide: Mastering the Ten Domains of Computer Security
ISBN: 0471413569
The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking
Actually how does Apache know about the client certificate that the
client has got?? Does it compare who signed the client certificate
with the CA it has in SSLCACertificateFile?
Thanks anyone.
Regards
Jose
-Original Message-
From: Jose Correia (J)
Sent: 18 September 2002 14:52
To: [EM
Maximum Linux Security - ISBN 0-672-31670-6 is also very useful. Despite the
title, it covers UNIX based security fairly well.
John
> -Original Message-
> From: Matthew Hannigan [mailto:[EMAIL PROTECTED]]
> Sent: 18 September 2002 14:10
> To: [EMAIL PROTECTED]
> Subject: Re: Pls. suggest
A little more practical and appropriate to this list:
Network Security with OpenSSL
http://safari.oreilly.com/main.asp?bookname=openssl
Matt
v.p.r.n.saibabu v.p.r.n.saibabu wrote:
> Hi Vaidya,
>
> SSL and TLS by Eric Recorla
> SSL and TLS Essentials by Stephen Thomas
>
> are two good books.
Hi all
I'm actually now getting in ssl_engine.log:
[18/Sep/2002 14:41:57 32739] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]
Any ideas? I don't understand how it can say "No CAs known
Just in case you've got the wrong end of the stick, I'm not suggesting that
you shouldn't compile stuff yourself rather than use pre-packaged software.
I'm simply saying that there may be more broken by forcibly removing
packages that have dependencies than is at first realised. Personally I'd
nev
Sigh
No, I haven't read the FAQ recently (maybe 5y ago). And Yes, RedHat will
complain if you remove the RPM. That's why I have been fumbling the
symlinks,
see? I have compiled SSH & Stunnel from the source tarball. And dontcha
worry, everything works just dandy.
I mean, I didn't power away fro
On my desktop, removing openssl would break these packages:
openssl is needed by libpcap-0.6.2-11.7.2.0
libcrypto.so.2 is needed by bind-utils-9.2.1-1.7x.2
libcrypto.so.2 is needed by curl-7.8-1
libcrypto.so.2 is needed by libesmtp-0.8.4-2
libcrypto.s
Haven't had a single problem. Maybe I know what I'm doing? ;-)
And sendmail is a no-no aaanyway...
--On Wednesday, September 18, 2002 9:10 AM +0100 [EMAIL PROTECTED]
wrote:
> Of course, you are overlooking the fact that many packages depend on the
> existence of openssl on Red Hat 7.0 and above
Umesh,
Applied Cryptography - Bruce Schneier, Wiley Publications, 2001
-Prasanth
- Original Message -
From: "Umesh Vaidya" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 18, 2002 11:48 AM
Subject: Pls. suggest some books on security
> Hello experts,
Yes, a crypto card.
But how can interface it in a windows box ?
the engine method of openssl is not so clear to use and is limited to few
crypto cards.
- Original Message -
From: "Bear Giles" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 18, 2002 1:28 AM
Subject:
Hi Vaidya,
SSL and TLS by Eric Recorla
SSL and TLS Essentials by Stephen Thomas
are two good books.
Thanks & regards,
Sai.
--- Umesh Vaidya <[EMAIL PROTECTED]> wrote:
> Hello experts,
> please suggest me some books on Basics of security,
> cryptography and SSL(Indian editions are
> preferable)
Hi,
I'm a newbie to C, but as I am using more and more open-source software I
figured I'd better start compiling it myself. Maybe I could even learn
somthing as I go. So i installed MinGW, a few libraries and have now
successfully compiled several programs, including OpenSSL 0.9.6g.
The problem
Of course, you are overlooking the fact that many packages depend on the
existence of openssl on Red Hat 7.0 and above such as ssh and sendmail. So
if you want to forcibly remove the package and break your system, go right
ahead.
Otherwise, following the directions in the openssl FAQ:
http://www
You have heared about:
PEM_read_RSAPrivateKey(fp, NULL, cb, &p);
PEM_write_RSAPrivateKey(fp, key, enc, NULL, 0, cb, NULL);
d2i_RSAPrivateKey_fp(fp, NULL);
i2d_RSAPrivateKey_fp(fp, rsa);
?
regards
Christian
On Tue, Sep 17, 2002 at 04:43:05PM -0300, Bruno Bisol wrote:
> Hi, I am starting
On Wed, Sep 18, 2002 at 03:47:52AM +0100, Steve Haslam wrote:
> SSL DEBUG HACK: s->hit=1, c=0x815217c (EDH-DSS-DES-CBC3-SHA),
> s->session->cipher=(nil) ((NONE))
In fact.. (talking to myself again, sorry), I looked in d2i_SSL_SESSION(),
and it sets "cipher" to NULL, although it sets cipher_id. So
> The CA root private key can be kept on a floppy
> or CD which is only inserted for signing to help prevent it being compromised.
If you're really paranoid, get a set of java crypto cards and a reader.
Last time I checked (10 months ago?) cards were around $100/5, and a
reader + Linux developmen
26 matches
Mail list logo
