Re: How to search certificate database by X509 structure

On Thu, Jun 05, 2003, Wu Junwei wrote: > Hi,all, > > I want to search for a certificate from cert-database, > But I should provide the DN for searching. > DN is the subject of the certificate,which should follow the RFC2253,like > this"CN=Jack Lee,O=XYZ Corp.,C=US". > > I don't know how I can se

Re: BIO - timeout

On Thu, Jun 05, 2003, Lukasz Wójcicki wrote: > Hello, > I want to use read/write functions and connect/accept functions with > timeout (only using BIO). Now, I am using BIO non-blocking and loop, where I > am checking a time. > I am searching a method, like select function in sockets. Mayb

Re: a new command in openssl

In message <[EMAIL PROTECTED]> on Thu, 5 Jun 2003 02:11:40 +0200 (CEST), mohamed zhaounia <[EMAIL PROTECTED]> said: mzhaounia> First, I am so thankful for your suggestion. mzhaounia> Well, i have added my cammand in apps/Makefile.ssl,but mzhaounia> the openssl doesn't see it:( mzhaounia> About pr

differentiate incoming data

Hi everyone, when BIO_puts writes data after a handshake, is the data encrypted during the send? I want to write a server to run to accept data from one connection(insecure) and encrypt it and send it to a process waiting on another server and from there decrypt it and send it to another process(

Re: Automating Openssl commands

Hi, I'm developing a CA which automates this stuff that you need, maybe it could help you (http://cultura.eii.us.es/~pablo/elyca/), it's free software and still an early release but if you only need to do generate certs for your servers I suppose it's enough for you. There's also similar free-

Elliptic key size

When I create an elleiptic curve key using the command lline 'openssl ecparam -genkey -name 'curve'' I get a relatively small key file. But if I try to generate a key using the function EC_KEY_generate_key and write it to a file using PEM_write_PKCS8PrivateKey, the file is more than twice as lar

How to search certificate database by X509 structure

(B (B (BHi,all, (B  (BI want to search for a certificate from cert-database, (BBut I should provide the DN for searching. (BDN is the subject of the certificate,which should follow the RFC2253,like (Bthis"CN=Jack (BLee,O=XYZ Corp.,C=US". (B  (BI don't know how I can search the certi

BIO - timeout

Hello, I want to use read/write functions and connect/accept functions with timeout (only using BIO). Now, I am using BIO non-blocking and loop, where I am checking a time. I am searching a method, like select function in sockets. Maybe is other way to resolve this problem ? Lukasz Wójcick

Re: CRL doesn't revoke

On Wed, Jun 04, 2003, David Kramer wrote: > I'm trying to use CRLs but my server is not rejecting certificates that > are (supposed to be) in my CRL. I'd appreciate any advice that people > might have. > > The Questions: > -- > 1) Is there any way to validate what's in a CRL? Someth

Re: a new command in openssl

Hi thank you fo ryour reply:) --- Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> a écrit : > In message > <[EMAIL PROTECTED]> > on Wed, 4 Jun 2003 01:29:32 +0200 (CEST), mohamed > zhaounia <[EMAIL PROTECTED]> said: > > mzhaounia> Hi all! > mzhaounia> i have added a new cammnd in openssl. > mzh

RE: CRL doesn't revoke

To verify the CRL openssl crl -in crl.pem -Cafile cacert.pem to verify the crl To view the contents of the CRL openssl crl -in crl.pem -text > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Kramer > Sent: Wednesday, June 04, 2003 12:17 PM >

CRL doesn't revoke

I'm trying to use CRLs but my server is not rejecting certificates that are (supposed to be) in my CRL. I'd appreciate any advice that people might have. The Questions: -- 1) Is there any way to validate what's in a CRL? Something akin to openssl x509 -text, for CRLs would be awesom

Re: Problems generating a CSR

ACK!   I found the problem.   The O'Reilly code sample omitted the line of code:       X509_REQ_set_version(pRequest, 0L);     This line is NOT optional! If it is omitted, dumping the CSR with openssl.exe shows a version of 0, but still something is not right in the CSR.   With the above line

RAND not seeded properly?

Hi, I ported/compiled openssl into vxworks with goAhead webserver. Using the HTTP works fine without any problems! However, when accessing the same page with HTTPS, vxworks gets an exception. After some debugging it looks like its related to the RAND library with openssl. Typing "RAND_status" at t

Re: Problems generating a CSR

On Wed, Jun 04, 2003, David Goldberg wrote: > I agree that looking up the attribute NID seems unnecessary. My intial > code called X509_NAME_add_entry_by_NID(), but since that wasn't working > I decided to try an approach more similar to the O'Rielly example which > does the NID lookup (which obvi

Re: Problems generating a CSR

I agree that looking up the attribute NID seems unnecessary. My intial code called X509_NAME_add_entry_by_NID(), but since that wasn't working I decided to try an approach more similar to the O'Rielly example which does the NID lookup (which obviously didn't help).   Some additional info:  

Re: X509 Extension Parsing

On Wed, Jun 04, 2003, [EMAIL PROTECTED] wrote: > Tried the following: > > POLICYINFO *cp; > if ((cp = X509_get_ext_d2i(xs, NID_certificate_policies, NULL, NULL)) == > NULL) > return "NoCP"; > > And it does indeed return NULL and thus "NoCP", even when > X509_get_ext_by_NID does return a

Re: Problems generating a CSR

On Wed, Jun 04, 2003, David Goldberg wrote: > I am trying to generate a certificate request. The problem I am having > is that the CSR I generate looks ok when I look at it with the "openssl > req" command (with the -text option), however when I try to get the CSR > signed by anything other than o

RE: X509 Extension Parsing

Tried the following: POLICYINFO *cp; if ((cp = X509_get_ext_d2i(xs, NID_certificate_policies, NULL, NULL)) == NULL) return "NoCP"; And it does indeed return NULL and thus "NoCP", even when X509_get_ext_by_NID does return a valid X509_EXTENSION object. Attached is the client cert I am usi

Problems generating a CSR

I am trying to generate a certificate request. The problem I am having is that the CSR I generate looks ok when I look at it with the "openssl req" command (with the -text option), however when I try to get the CSR signed by anything other than openSSL, I get errors complaining about the form

RE: testing for primality

Thanks. Found the paper after some additional searching. Met Rivest at RSA Conf. Nice guy. No need for long teeth. Rick -Original Message- From: Charles B Cranston [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 7:33 AM To: [EMAIL PROTECTED] Subject: Re: testing for primality

Re: X509 Extension Parsing

On Wed, Jun 04, 2003, [EMAIL PROTECTED] wrote: > Per Dr. Henson's suggestion I've been writing some code for Apache mod_ssl > in order to determine the certificate class for our corporate PKI certs that > have the Certificate Policy attribute. > > I've had some odd results and wanted to see if a

Re: Philosophical question: What means verifying a connexion ?

hi Michel, On Tue, Jun 03, 2003 at 08:20:04PM +0200, Michel Gouget wrote: > Many thanks Vadim for assuring me that keys/certificates can't work if they > are not matched, and your observations on my architecture. > > My vision is that (k0) (2048 bits) will *never* be compromised during > applicat

Random number??

Title: Random number?? Hi,     I'm new to OpenSSL. I try to generate random keys with DES_random_key. Under windows, all goes well. But Under Tandem, this doesn't succeed. The Documentation says that i need to seed the prng. So i tried with RAND_seed, but RAND_status() always return zero.

AW: Invalid signature verifying signed mail with attachment in Outloo k

Thanks Steve, by the way: I got Outlook version 2002. And - producing such a signed mail with "mutt-Ägypten" for linux worked - that means gave a valid signature in Outlook. I forgot to mention that. Maybe it helps a bit ... Helga -Ursprüngliche Nachricht- Von: Dr. Stephen Henson [mailto:

X509 Extension Parsing

Per Dr. Henson's suggestion I've been writing some code for Apache mod_ssl in order to determine the certificate class for our corporate PKI certs that have the Certificate Policy attribute. I've had some odd results and wanted to see if anyone can clarify for me. I was unable to find the Cert