Re: passphrase

tis 2003-08-05 klockan 15.12 skrev [EMAIL PROTECTED]: > openssl rsautl -decrypt -inkey private/cakey.pem -in crypt.bin -out > out.txt > > after this console prompt me for passphrase. I need write it as > parameter. Does not seem to be any command line parameters for specifying key passphrase to

Re: Need of FBI surveilence and PC monitoring invasion protection...ie Carnovore, etc....

Shawn, I asked for a technical answer, not a judgemental opinion. Corey and Phil are right. - Original Message - From: "Shawn P. Stanley" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 05, 2003 7:48 AM Subject: Re: Need of FBI surveilence and PC monitoring invasion prot

different files to sign

Hello list, I have a problem using openssl smime sign. If I sign one file with my key it works. If i use another file, the signature is wrong. Do you have any idea for the reason? And is it possible to use the base64-encoding directly inside the smime command? Any hints are welcome. I use the op

Re: OpenSSL algorithm and Java

On Thu, Aug 07, 2003, Davide De Benedictis wrote: > > Using the command tool "genrsa" how can I specify to store the > private key in PKCS#8 or PKCS#12 standard format? > Unfortunately there isn't an option to write in PKCS#8 or PKCS#12 format directly using genrsa you have to output in PEM an

Re: OpenSSL OCSP interaction

On Tue, Aug 05, 2003, Werner Johansson wrote: > > > Is the OCSP components of the OpenSSL library considered "stable" in the > sense that the API has settled, or are there major changes planned?? > Yes pretty stable. If changes are made the older functions will be retained for compatibility.

Visa CISP

Hello, I have been reviewing the Visa CISP questionnaire. It is about 90 questions relating to the security and storage of credit card account information. Visa intends to have compliance from all active merchants by the first quarter of 2004. (My guess is that one shall not be an active mercha

RE: Signing a binary file

Thank you for the information but my signed content need to already be in pkcs#7 format before beeing signed, not in binary. That is why I am trying to "encapsulate" it in pkcs#7. Danny Electroline Equipment Inc, Montreal * Tel: (514) 374-6204 #447 * Fax:(514) 374-8901 *E-mail: [

RE: Virus spam

Laurent Blume wrote: > Lyngmo Ted wrote: > > > > If the list is open for non member posting, I suggest we > > change that. > > I've received the same, and I agree with you that it may be a good > solution to stop that. > > I wouldn't like my company's IT team to believe that the > OpenSSL lis

Re: Compiling Errors linking OpenSSL

On Tue, Aug 12, 2003 at 11:09:01PM -0400, Victor wrote: > Ok, I removed my compiler, installed one from sunfreeware, 3.3. Problems > just got weirder. I compiled OpenSSL, it's installed into /usr, > libraries are in /usr/lib, includes in /usr/include. > > When I compile openssh, it says it can't

Re: Compiling Errors linking OpenSSL

Lutz Jaenicke wrote: On Tue, Aug 12, 2003 at 11:09:01PM -0400, Victor wrote: Ok, I removed my compiler, installed one from sunfreeware, 3.3. Problems just got weirder. I compiled OpenSSL, it's installed into /usr, libraries are in /usr/lib, includes in /usr/include. When I compile openssh, it s

Compiling Errors linking OpenSSL

OS: Solaris 2.8 Platform: sparc (sun4u) OpenSSL: 0.9.7b gcc: 3.0.4 --- gcc -v --- Reading specs from /usr/bin/../lib/gcc-lib/sparc-sun-solaris2.8/3.0.4/specs Configured with: ../gcc-3.0.4/configure --prefix=/tmp/gcc304/usr --with-as=/usr/ccs/bin/as

Re: How-to Create Self Signed Certificate in client application

On Tue, Aug 12, 2003, Greg Gohlke wrote: > I am writing a client application in VC# and would like to add a module for > users to manage certificates and to create self signed certificates (this > can be done in vc++ if need be). Has anyone done this before? I keep running > into problems finding

Re: Compiling Errors linking OpenSSL

Russ Fink wrote: configure:8992: result: yes configure:9433: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I/usr/include -I/usr/local/include -L/usr/lib -R/usr/lib -L/usr/local/lib -R/usr/local/lib -I/usr/include -I/usr/local/include -L /usr/lib -R/usr/lib -L/usr/local/lib -

Tolerating no client Certificate message in TLS

RFC 2246 says: 7.4.6. Client certificate When this message will be sent: This is the first message the client can send after receiving a server hello done message. This message is only sent if the server requests a certificate. If no suitable certificate is available

Re: memory leak with OpenSSL 0.9.7b

In message <[EMAIL PROTECTED]> on Wed, 13 Aug 2003 18:30:12 +0530, "Chandrasekhar R S" <[EMAIL PROTECTED]> said: rsr> Hello rsr>I have tried to use OpenSSL 0.9.7b with Apache 1.3.28 (with rsr> associated mod_ssl) and have detected significant memory leak. Do you have the possibility to analy

RSA signing methods

Hello all, I would like to sign a small piece of data (about 40 bytes) and verify it on the other end of the connection. I started out using the RSA_sign and RSA_verify functions and found that this worked quite well. However, after I switched one end of the connection to use RSA_sign_ASN1_OC

Re: Cipher Suites explanation

It would all depend on the message content. If the content is digitally signed by the parties, you have a way of verifying (and doing audits later) them. That is AFAIK! Neil Humphreys wrote: Ashu Sorry another typo - I meant to say 2, I am hoping the certificates take of 2. Which

Re: Why SSL_write() fails....HELP REQUIRED!!!!!!!!!!!!

Henrik...sorry for addressing the reply to you though the questioner was Sunil:-). - Krithiga Henrik Nordstrom wrote: On Sun, 10 Aug 2003, Sunil Ashok Rashinkar wrote: Hi Henrik Nordstrom, There is more people than only me in this list.. I am probably not at all the mo

Re: Why SSL_write() fails....HELP REQUIRED!!!!!!!!!!!!

Hi Henrik, I'm not sure whether you've already solved your problem . If not check out my response. SSL_write(sslConnection, data + bytesTransmitted, bytesToSend); This SSL_write fucntion fails and returns 5 as error code. Error code is retrieved by --> nError = SSL_get_error(sslConnection, bytes

Re: Compiling Errors linking OpenSSL

Victor wrote: Suggestion - add /usr/ccs/bin to your path instead of putting it on the configure line. Also, I'd go with the default "as" and "ld" - not ccs/bin. But this likely isn't your problem, just a suggestion. I used it because that's what sunfreeware did too, doesn't seem to have any af

receive error 20010

We are using a mail server web client that is based on OpenSSL SSLV3 that is all of the information I currently have on the version. We have 5 Windows 98 dial up users, when they connect to the https process "receive error 20010" is displayed in the log file on the server and they get a page not d

Problems with openssl installation

Windows 2000 ActivePerl v5.6.1 CYGWin Trying to install openssl. > ./config > make Make failes with the following error: making all in crypto... make[1]: Entering directory `/openssl/crypto' gcc -I. -I.. -I../include -DOPENSSL_SYSNAME_CYGWIN32 -DOPENSSL_THREADS -DDS O_WIN32 -DOPENSSL_NO_KRB5 -D

installed on Apache 2.0.47

Hi There,   I’ve been searching like mad to find some answers…hoping you could help me out!     I have Apache 2.0.47 (win32) installed on windows XP with PHP 4.3.2 (win32) and  MySQL 4.0.13 (win32)…all of them are working perfectly together.  Well I’m trying to install oscommerce shopp

Re: Automating Openssl commands

Thank you for the hint it is worth thinking about another approach but I think I am through (and tested) with all but the last line that is: openssl ca -in server.csr -out server.crt -config openssl.conf -passin pass:password and the only problem sees to be that "The commonName field needed to be s

pkcs11

Does OpenSSL support pkcs11 standard? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL

RE: memory leak with OpenSSL 0.9.7b

> Is there a reason you are running mod_ssl and openssl. > One is a complete replacement for the other You are very confused. mod_ssl is the "glue" that adds in OpenSSL to Apache 1.3.x. In Apache 2.0 mod_ssl is integrated into the apache core. /r$ -- Rich Salz Chief Secu

Re: Compiling Errors linking OpenSSL

On Tue, Aug 12, 2003 at 11:09:01PM -0400, Victor wrote: Ok, I removed my compiler, installed one from sunfreeware, 3.3. Problems just got weirder. I compiled OpenSSL, it's installed into /usr, libraries are in /usr/lib, includes in /usr/include. When I compile openssh, it says it can't find hea

EVP_add_cipher_alias

hallo, why is EVP_add_cipher_alias not exported from the shared library? thank you, -alexm 17:39 12/08/2003 __ OpenSSL Project http://www.openssl.org User Support Mailing List

Spurious Handshake

Title: Spurious Handshake While looking unto the error 'Spurious SSL handshake interrupt [Hint: Usually just one of those OpenSSL confusions!' I discovered that OpenSSL 0.9.6.b & Apache seen to make requests to itself, thus causing the error. Output of netstat -n 10.101.7.31.62468    10.101.7

Re: Why SSL_write() fails....HELP REQUIRED!!!!!!!!!!!!

On Sun, 10 Aug 2003, Sunil Ashok Rashinkar wrote: > Hi Henrik Nordstrom, There is more people than only me in this list.. I am probably not at all the most qualified for this question. > SSL_write(sslConnection, data + bytesTransmitted, bytesToSend); > This SSL_write fucntion fails and returns 5

WOT: RE: Newbie - installing SSL w/ Apache 2.0.47 on Win XP

Hello, This is pretty WOT for the OpenSSL list, as OpenSSL is an encryption package; really has nothing to do with Apache mod_ssl, save for the fact that it is the encryption package that Apache mod_ssl uses. Intrinsically, they are likely very much the same. They are both still pre-built version

which function

  Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!--- Begin Message --- Hi all, i want to have my own authentication system. in this system i have one CA to issue certificate for my authentication servers. then my clients must read this certificate to extract public key of server and sen

Re: Need of FBI surveilence and PC monitoring invasionprotection...ie Carnovore, etc....

Yes. On 8/5/03 10:58 AM, "Bruce Embrey" <[EMAIL PROTECTED]> wrote: > I have a question about encrypting whenever possible. > Doesn't this require you to share your public key with > those individuals you are communicating with? > > Bruce > > > > On Tue, 05 Aug 2003 10:51:55 -0500 > "Shawn P.

Segmentation Fault in BN_bn2bin...

Hi, I'm trying to use the function BN_bn2bin to convert a big number and I had a segmentation fault inside of it. I have already tried to debug my source and I'm almost shure that it's ok because it is very simple. Would anybody have any tips for me to find this bug?

Setting up an internal, intranet website

Guys, Any simple advice on setting up an internal intranet website on my server, which I can have employees track things such as machine time use, board test yields, etc... ? Thanks, Bud __ OpenSSL Project

Re: Configuring SSL Handshake

On Tue, Aug 12, 2003 at 05:29:10AM +, Girish Hegde wrote: > Yes i do agree with you...I may be sending wrong protocol messages.but > how to make it right? By not sending wrong protocol messages deliberately? I don't mean to be facetious, but if you execute the protocol correctly, you wil

Re: Windows build problems

On Fri, Aug 08, 2003, Dave Hoffer wrote: > I have been trying to build the version 0.9.6 on Windows. I have followed > the build instructions but I have problems linking. I can configure perl > ok. Issuing ms\do_ms does not seem to cause any errors. However when I run > the nmake -f ntdll.mak

RE: pkcs11

Hi Luca Only as an engine patch I attach the one I use (writen by Afchine) I am currently working on making this one more standard regarding the pkcs#11 standard so it can be used against Smart Cards etc.. Gilad -Original Message- From: Luca [mailto:[EMAIL PROTECTED] Sent: Tuesday, Au

Re: Windows build problems

At 02:06 PM 8/8/2003 -0400, Dave Hoffer writeth: >I was wondering if someone could either help with this or better yet if there are any binary builds of this available so that I do not have to compile from source? http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL It is a default

Verify key des3 password

Is there a command line option for openssl to just verify a password for a key? I thought I could use a line in a script like: echo Please enter password for key read $passwd if openssl verifypassword -in MyKeyFile.pem -password "$passwd"; then echo Password OK else echo wrong password exit f

Re: Segmentation Fault in BN_bn2bin...

On Monday 11 August 2003 21:31, Mateus wrote: > Hi, > > I'm trying to use the function BN_bn2bin to convert a big number > and I had a segmentation fault inside of it. > I have already tried to debug my source and I'm almost shure that > it's ok because it is very simple. > Would

Re: EVP_add_cipher_alias

On Tue, Aug 12, 2003 at 05:47:26PM -0500, alex medvedev wrote: > hallo, > > why is EVP_add_cipher_alias not exported from the shared library? Because it is just a macro. When #including it is mapped to the actually used function OBJ_NAME_add(...) with the appropriate parameters. Best regards,

OCSP responder ID in OCSP response ( name or key hash )

(B (B (BHi,all (B  (BI would like to test my OCSP client. (BI noticed that when getting a response, the responder ID in the OCSP (Bresponse can be presented by name or key hash. (BIf I use OpenSSL as the responder , can the OpenSSL provides the response (Bwith the responder ID in Key ha

RE: Signing a binary file

What I want to do is to take my binary file, encapsulate it in a PKCS #7 data message (without signing) and then, take this last one and, along with the cert and private key, create a PKCS #7 signed data message. The requirement for the input file that I have to sign is : it has to be a DER-encoded

Re: Newbie - installing SSL w/ Apache 2.0.47 on Win XP

The file links on the openSA site does not work (old site que?).   An other issue I find very strange is why the Apache2 specifically exludes mod_ssl in the prebuilt windows version!?   /Björn - Original Message - From: Scott Brown To: [EMAIL PROTECTED] Sent: Friday, Au

Re: Newbie - installing SSL w/ Apache 2.0.47 on Win XP

1. QUESTION: Can I add-onSSL with what I already have installed without reinstalling/rearranging/messing things up? No. 2. QUESTION: If yes, where can I download the windows version 3. QUESTION: Where can I find step by step instructions. You should probably go here: http://www.opensa.org/ --S

Re: OpenLDAP w/ my certificate won't start

: Yes indeedie, sir. You were right about requiring the passphrase. I'm 1 for 1... let's see whether I can score 2. ;) : "starting ldap:", I type in the passphrase, and off we go. With the command : "slapd -u ldap -d 255", I'm prompted for the passphrase. Many thanks! Some tools let you put

SSL and Firewall Timeout

Hi I have (for a while now) been writing a Windows/UNIX application incorporating OpenSSL. So far it is all working very nicely indeed.   One concern I have is within firewalled environments. I am no firewall expert, but I understand that some firewalls will block tcp traffic on connections

RE: Virus spam

Hi, It's the third spam I've received throught the mailing list. Two words to say : annoying and useless. Amen. --- Pascal Rodrigue Analyste de l'informatique Division de l'exploitation Service de l'informatique et des télécommunications Université Laval

Re: sha1 source

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Never mind, I just found md32_common.h... Scott G. Kelly wrote: | I'm using openssl in a group of embedded applications. For one of these, | I need sha1 (and nothing else), but can't afford the space I'd need to | link the app to libcrypto.a. I've been

Re: Need of FBI surveilence and PC monitoring invasionprotection... ie Carnovore, etc....

While I agree with most of what is said in this thread, it's not exactly appropriate for this list... In message <[EMAIL PROTECTED]> on Tue, 05 Aug 2003 03:57:25 -0400, Corey Rogers <[EMAIL PROTECTED]> said: corey> I have to disagree here. Use encryption as often as you can. Encrypt any corey> a

Re: Visa CISP

What they're trying to get at is that you should be using strong cryptography, but pay attention to any export restrictions and patents/licensing. They don't want someone to be able to say, "Sure it's illegal, but Visa made me do it." Also, they'd rather keep your business instead of seeing you s

Re: Signing a binary file

On Tue, Aug 05, 2003, Danny Joseph wrote: > Thank you for the information but my signed content need to already be in > pkcs#7 format before beeing signed, not in binary. > That is why I am trying to "encapsulate" it in pkcs#7. > What do you mean? Do you mean that the PKCS#7 signedData must incl

Re: Need of FBI surveilence and PC monitoring invasionprotection...ie Carnovore, etc....

I have a question about encrypting whenever possible. Doesn't this require you to share your public key with those individuals you are communicating with? Bruce On Tue, 05 Aug 2003 10:51:55 -0500 "Shawn P. Stanley" <[EMAIL PROTECTED]> wrote: > I apologize for being so off-topic with regard to

Re: OpenSSL algorithm and Java

On Thu, Aug 07, 2003, Davide De Benedictis wrote: > Hi, here again > > I'm a Java user and I'm using the Java Cryptography Extension shipped > with the JDK 1.4 and enhanced with the BouncyCastle.org open source > libraries. I need to interact with a PHP server which uses OpenSSL > for digital Sig

Re: OpenSSL algorithm and Java

On Thu, Aug 07, 2003 at 10:21:09AM +0200, Davide De Benedictis wrote: > Hi, here again > > I'm a Java user and I'm using the Java Cryptography Extension shipped > with the JDK 1.4 and enhanced with the BouncyCastle.org open source > libraries. I need to interact with a PHP server which uses OpenSS

Re: Re: .p12 to .pem file conversion problem

[EMAIL PROTECTED] schrieb am 07.08.03 12:41:44: > > On Thu, Aug 07, 2003, =?iso-8859-1?Q? Felix=20Kl=F6cking ?= wrote: > > > Hello, > > > > I am using OpenSSL 0.9.6b 9 Jul 2001, and would like to convert a .p12 certificate > > file into a .pem file that can be used to encrypt/decrypt data with

OpenLDAP w/ my certificate won't start

Hello to all. I'm having a problem getting openldap to work with SSL on RH 7.3. When I use the dummy certificate that comes with 7.3 slapd starts fine; when I create my own CA and certificate, it hangs. Can anybody help out, please. This is making me nuts! Dimitri ___

Re: Visual C++ example

[EMAIL PROTECTED] wrote: Hi, I am begginer in Visual C++. but I need to write simple application with OpenSSL. When I include for example compiler return error: c:\program files\openssl\include\openssl\rsa.h(1) : error C2501: 'Link' : missing storage-class or type specifiers c:\program files\ope

sha1 source

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm using openssl in a group of embedded applications. For one of these, I need sha1 (and nothing else), but can't afford the space I'd need to link the app to libcrypto.a. I've been poking around trying to find the source for SHA1_{Init,Update,Final},

Re: Cipher man page & DH certificate support

On Tue, Aug 05, 2003, Austin Krauss wrote: > Reading the cipher man page off the web details an interesting note about DH > certificates: " The non-ephemeral DH modes are currently unimplemented in > OpenSSL because there is no support for DH certificates. " > > My question is this, why are some

RSA encrypt/decrypt

I'm working on some project, and i have to encrypt and decrypt data (i know i should use SSL not only for encryption/decryption tasks but also for transport, but i do not want that), and all is good, when i use one pair of keys(public/prv) for both sender and recipient(recipient sends answer ba

Re: .p12 to .pem file conversion problem

On Thu, Aug 07, 2003, =?iso-8859-1?Q? Felix=20Kl=F6cking ?= wrote: > Hello, > > I am using OpenSSL 0.9.6b 9 Jul 2001, and would like to convert a .p12 certificate > file into a .pem file that can be used to encrypt/decrypt data with OpenSSL. > > I entered (on the command line): > openssl pkcs12

Re: Segmentation Fault in BN_bn2bin...

On Mon, 11 Aug 2003, Mateus wrote: > I'm trying to use the function BN_bn2bin to convert a big number and I > had a segmentation fault inside of it. Is the to area allocated and big enough to fit the number? Is the BIGNUM ok? Try printing it with BN_print_fp. Have you perhaps stomped on some ot

RE: Newbie - installing SSL w/ Apache 2.0.47 on Win XP

Can anyone highlight the pros/cons between the following two enterprise servers..I’m trying to decide which one to use:   BigApache: http://www.bigapache.org/Home.48.0.html?PHPSESSID=3b7f226374b19336df694d24db8d0f29   OpenSA http://www.opensa.org/development/news/105.html   Per my i

Installing trusted root into MacOSX system

We are developing an installer to load trusted root certificates into the MacOSX trusted root store. Our goal is to make accepting our campus root into Safari (the MacOSX web browser, which uses the MacOSX root store) as easy as importing into Opera or Internet Explorer (which can download a DER r

Re: Visa CISP

Yes, it's mainly geared toward processors and not individual merchants. On 8/8/03 10:33 AM, "Waitman C. Gobble, II" <[EMAIL PROTECTED]> wrote: >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Rich Salz >> Sent: Friday, August 08, 2003 8:17 AM >> T

LibCurl on top of OpenSSL

Hi! Anyone with experience in using LibCurl with OpenSSL? Any comments about usage, performance, tips/tricks, etc. are very welcome! Regards Harald Ommang Delfi Data AS Bergen, Norway __ OpenSSL Project

Re: Verify key des3 password

Gee, I was typing in the exact same solution! NOTE THERE SHOULD NOT BE A DOLLAR SIGN ON THE SHELL READ STATEMENT! (this had me going for awhile!) Christian Hohnstaedt wrote: if openssl rsa -passin pass:"$passwd" /dev/null 2>&1; then echo Password OK else echo wrong password exit fi Regards

AW: different files to sign

Where do i have to put the option -nodetach? if i use it with sendmail it doesn't unterstand it. I'm using the version 0.9.6g. Did the bug already exist in this version? I don't want to change the openssl-version because other application work fine with this one. -Ursprungliche Nachricht--

Re: Visa CISP

Section 3.7 of Visa's CISP Security Audit Procedures and Reporting document (commonly referred to as Visa's "dirty dozen" because there are 12 main sections) states that stored cardholder data should be rendered unreadable. They list a number of approaches, such as one-way ciphers (specifically ex

Re: Re: .p12 to .pem file conversion problem

On Thu, Aug 07, 2003, =?iso-8859-1?Q? Felix=20Kl=F6cking ?= wrote: > [EMAIL PROTECTED] schrieb am 07.08.03 12:41:44: > > > > On Thu, Aug 07, 2003, =?iso-8859-1?Q? Felix=20Kl=F6cking ?= wrote: > > > > > Hello, > > > > > > I am using OpenSSL 0.9.6b 9 Jul 2001, and would like to convert a .p12 >

RE: OpenLDAP w/ my certificate won't start

Yes indeedie, sir. You were right about requiring the passphrase. If I summon slapd via the command "service ldap start", when the system responds "starting ldap:", I type in the passphrase, and off we go. With the command "slapd -u ldap -d 255", I'm prompted for the passphrase. Many thanks! O

Re: Cipher Suites explanation

I changed the subject line so that it makes more sense! Neil Humphreys wrote: Hi all, I have an app that requires 2 types of secure communications: -one fully secured channel with encrypted data -one fully secured channel, *except* that the data itself is not secret, and d

RSA key

Hello. I have both modulus and exponent of the RSA key. Is there any possibility to generate RSA public key from those data? I want to do it using openssl shell command. Thank you. Grettings -- .==[ Mariusz Jedrzejewski ]==---. +==[ mj(at)polcard.com.pl ]==[

.p12 to .pem file conversion problem

Hello, I am using OpenSSL 0.9.6b 9 Jul 2001, and would like to convert a .p12 certificate file into a .pem file that can be used to encrypt/decrypt data with OpenSSL. I entered (on the command line): openssl pkcs12 -in infile.p12 -out outfile.pem I was then prompted to enter the Import Password

Re: Creating certificates with a WEB Browser

In message <[EMAIL PROTECTED]> on Mon, 11 Aug 2003 14:36:52 +0900, "Shalkebaev,AntonMSCAG" <[EMAIL PROTECTED]> said: ShalkebaevA> Take a look at www.pyca.de anototrher one is ShalkebaevA> http://cultura.eii.us.es/~pablo/elyca/ Added to the collection of links in http://www.openssl.org/related/ap

Re: pkcs11

The opensc project (http://www.opensc.org) also has an openssl dynamic engine for using the opensc pkcs11 library to use (pkcs15) smartcards in it's 0.8.0rc3 snapshot. It's really only been tested for generating certificate requests for smartcard keys. Kevin On Thursday 14 August 2003 06:46 am

Re: Compiling Errors linking OpenSSL

Victor wrote: Yes, it does exist. And yes, setting LD_LIBRARY_PATH does fix things. It wasn't set. It does seem that openssl was clear of any wrong doing, I am sorry to have posted offtopic. But you guys have been really helpful. Technically, the -L arguments should have done what LD_LIBRARY_PA

RE: memory leak with OpenSSL 0.9.7b

> Hello > I have tried to use OpenSSL 0.9.7b with Apache 1.3.28 > (with associated > mod_ssl) and have detected significant memory leak. > > With the same Apache Server (1.3.28) and with OpenSSL > 0.9.6j there is no > memory leak. > > Did anyone else also found this observat

Re: Cipher Suites explanation

Ashu Sorry another typo - I meant to say 2, I am hoping the certificates take of 2. Which just leaves 1 untackled by NULL-SHA. The question is, is there anything else weak about NULL-SHA other than the lack of privacy.   thanks again, Neil - Original Message - From: A

Re: Virus spam

Louis LeBlanc wrote: Typically, these trojans are dialers or spyware of some sort that install themselves when some unsuspecting person opens them. If you ever have one installed on you, you'll very likely start getting random popups to some Russian porn site. These trojans are usually base64 enc

Re: MD5 Decryption question

On Tue, 12 Aug 2003, Jason Berger wrote: > I was able to encrypt a string using MD5. How do I decrypt it back into > Meaningful data? MD5 is a hash, not a crypto. You can't turn a hash back into the original, but by exchaning a hash like MD5 it can be verified that two parties have access to t

Re: Compiling Errors linking OpenSSL

On Wed, Aug 13, 2003 at 03:25:28AM -0400, Victor wrote: > This is from the config log... Still seems to be my environment > settings, but no matter what I set, something breaks. As youc an see, I > st the -L and -I and -R but now it says > > ld.so.1: ./conftest: fatal: libgcc_s.so.1: open failed

[no subject]

Hi all, I have an app that requires 2 types of secure communications: -one fully secured channel with encrypted data -one fully secured channel, *except* that the data itself is not secret, and does not need any encryption.   Hence, I would be grateful if someone could spell out what the f

unable to write random state

When I try to create a certificate as root there are no problems. But when I try the same as user I get the error unable to write random state. Has someona a tip which permissions I have to change? #!/bin/sh SSL=/usr/lib export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH} export LD_LIBRARY_PATH=${SSL}

RE: cannot get trust between my certificates

Hi, Just a guess... One possible reason is probrably a wrong SSL_set_verify-option. With the highest security level only local stored certs are accepted, despite a given CA-relationship. Best Regards, Marcel __ OpenSSL Project