In message <[EMAIL PROTECTED]> on Wed, 21 Apr 2004 12:57:40 -0700 (PDT), Mike Ryerse
<[EMAIL PROTECTED]> said:
mikeryerse> I have a question about your reponse:
mikeryerse> If php is finding /usr/local/ssl/include/evp.h but using
mikeryerse> /lib/libssl.so instead of /usr/local/ssl/lib/libssl.so,
In message <[EMAIL PROTECTED]> on Wed, 21 Apr 2004 13:23:44 -0700 (PDT), Mike Ryerse
<[EMAIL PROTECTED]> said:
mikeryerse> I was looking at the install instructions for
mikeryerse> openssl-0.9.7d and it said that after running ./configure,
mikeryerse> and then make, that some *.a files are instal
oh, you need to run that command on the ACTUAL library file, not a link
so nm /lib/libssl.so.x.y.z ...
- Eric Morris
Eric Morris wrote:
Try the following command:
nm /lib/libssl.so | grep OPENSSL_add_all_algorithms_noconf
'nm' shows the symbolic names in an archive or library file, and
Try the following command:
nm /lib/libssl.so | grep OPENSSL_add_all_algorithms_noconf
'nm' shows the symbolic names in an archive or library file, and 'grep'
finds the symbol
you want (assuming it's there...)
- Eric Morris
Mike Ryerse wrote:
I was looking at the install instructions for open
I was looking at the install instructions for openssl-0.9.7d and it
said that after running ./configure, and then make, that some *.a
files are installed in /usr/local/ssl/lib, not *.so files.
Also, It seems that when I build openssl-0.9.7d, it seems to show
that /lib/libssl.so* was modified. Is t
However, I must ask the question: "Have you actually DONE this before?"
Yup. But not with SSL and browsers. You're focused on that, but I was
talking in general. In reality, of course, everyone just buys a
commercial SSL cert rather than try to fight with the browsers's (sic!)
trust issues.
I have a question about your reponse:
If php is finding /usr/local/ssl/include/evp.h but using
/lib/libssl.so instead of /usr/local/ssl/lib/libssl.so, how do I link
php to the correct lib?
I thought about moving/renaming /lib/libssl.so, but since it seems to
be linked to /lib/libssl.so.x.y.z, I
I have an application where an application may switch from reading to
writing and back again at random. I've determined that either I need a
ctx context each for decryption / encryption, or I use the same ctx in
sequence on the file.
I presume that I need to detect this change and call EVP_Ciph
Rich Salz wrote:
I was envisioning something much simpler.
Existing applications that know about the "root" CA work without
configuration changes. New applications that need to know about the new
"larger" PKI just add the new root to their list of trust anchors. I
suppose that's really a bri
On Wed, Apr 21, 2004 at 09:38:49PM +0400, Alexander Krizhanovskiy wrote:
> Hello!
>
> I'am using RSA_public_encrypt() and RSA_private_decrypt(). I can't encrypt
> data with zero byte (for example hash data). My code like this:
>
>
> unsigned char *buf = "null\x0null";
> .
> RSA_public_encry
I was envisioning something much simpler.
Existing applications that know about the "root" CA work without
configuration changes. New applications that need to know about the new
"larger" PKI just add the new root to their list of trust anchors. I
suppose that's really a bridge-CA.
I don't t
Hello!
I'am using RSA_public_encrypt() and RSA_private_decrypt(). I can't encrypt
data with zero byte (for example hash data). My code like this:
unsigned char *buf = "null\x0null";
.
RSA_public_encrypt ( 9, buf, outbuf, rsa, RSA_PKCS1_PADDING);
..
RSA_private_decrypt ( RSA_size(rsa), o
Actually, it might be as easy as changing the "name" of the root
and issuing a new L1 certificate. The branch happens when an
unmodified client (which still has the local root installed)
needs to decide who has signed the L1 certificate. Its two
choices are
1. the local root
2. the "missing link
Follow up to previous posting: I did try to do some experimentation
in the context of trying to design a clean transition from the root
we made in 1998 to the root I made in 2003. I did not have a great
deal of success because the browsers I was working with at the time
(Netscape 4.7x and IE 4 or
Rich Salz wrote:
At the risk of being immodest, you might find this column useful:
http://webservices.xml.com/pub/a/ws/2003/12/09/salz.html
This is a verbatim quote from the text at that URL:
> The root will sign the Level 1 CA and then be taken offline.
> Anyone who wants to validate any iden
OK, a few points:
The way you configured OpenSSL, the library files ended up in
/usr/local/ssl/lib. Also, they are named libcrypto.so.x.y.zt and
libssl.so.x.y.zt with the symbolic links libcrypto.so.0 and
libssl.so.0 (note, ending with 0, not 2) as well as libcrypto.so and
libssl.so. This I know
I had tried building openssl with ./config shared before you
suggested it, and after that I tried ./configure for php and it
failed on db3 and imap (I have more to the ./configure command for
php than I mentioned, just wanted to save email space for everyone).
I ended up re-installing db3 and imap
Are there any downstream problems using a cert based
off of a ssh-keygen as opposed to an "openssl genrsa"?
For example:
ssh-keygen -trsa -b1024 -ftestid_rsa -N ""
openssl req -new -key testid_rsa -out
testid_rsa.csr
The above is what I'm currently using based off
OpenSSH's supported
18 matches
Mail list logo
