Does a root CA need two certificates?

Had another newbie type question -- (B (BWhen reading about how to set up a self-signed web server, the docs I (Bread indicate there is a need for two certificates -- one being a (Bself-signed certificate for the entity certifying the server, and the (Bother being the certificate the web serve

What is that CA directory in the template directory layout?

The first two of these didn't get through, so I'll try again. If I end (Bup triple-posting, I apologize in advance. (B (BThis is not really an important question, but one I've been scratching (Bmy head over for quite a while, and not knowing the answer gives me less (Bthan full confidence in m

LDAP + RADIUS + SSL

I am using RADIUS to authentication in LDAP with SSL(OpenSSL), but I have problems. I already sent message to openldap mailing list, but I didn´t have a soluction for my problems. Below I show my configs files and screen with error. Does anyone known like help me? Please I don´t know what

RE: Socket layer and OpenSsl

I guess it's better to ask the socket layer or networking list. SSL should be independent from your communication protocol, as long as your protocol provide reliable tcp connection. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Prashant Kumar

Re: Certificate Intended Purpose

On Tue, Jan 18, 2005, Shaun Lipscombe wrote: > * Charles B Cranston wrote: > > > One could read in openssl.txt (in the doc directory of the OpenSSL > > source distribution): > > OK I looked at http://www.openssl.org/ and there is a whole load of > documentation about extended key usage extension

Re: Certificate Intended Purpose

One could read in openssl.txt (in the doc directory of the OpenSSL source distribution): === Extended Key Usage. This extensions consists of a list of usages. These can either be object short names of the dotted numerical form of OIDs. While any OID can be used only certain values make sense. In pa

Re: Client Authentication and Private Key

Intuitively, you have to know that the client needs it's private key for something. Since the public key certificate is public, it alone can't prove that the client is you. Anyone can send your certificate to a server, right? In practice, the server walks the certificate chain, which proves that

Socket layer and OpenSsl

Hello Group,   In the project I am working on, we are trying to use OpenSsl in the non blocking mode. However, we want to avoid using the BSD select call and also may have to modify the read/send, write/receive calls. Basically, we want to modify the socket library to achieve our scaling requiremen

ssl session id callback failed

Hi I have problems to get uw imapd running with openssl. Every time the mail client tries to connect to the server the following message appears in /var/log/syslog: > Jan 17 17:13:24 m2 imapd[4788]: [ID 149382 mail.info] Unable to accept SSL connection, host=isaac.informatik.uni-bremen.de [13

Does any body have the md5/asm/md5-sparcv9.s for 32bits

Hi We are trying to compile the openssl-0.9.7e using CC , does any body have the md5/asm/md5-sparcv9.s for 32bits if so please provide me a copy with thanks and regards Rafeeq __ OpenSSL Project

Re: using OpenSSL and NSS in same project

Hello all, i too came across a similar problem. although i could compile the entire application(which used OpenSSL & NSS), i got SEG faults while running the application. the point where i get SEG faults is those functions which have same names in OpenSSL & NSS; in specific, SHA1_Update & MD5_Upd

Re: Client Authentication and Private Key

As I understand it, the client signs data sent from the server in order to authenticate itself. Therefore yes it does need its private key. On Tue, 18 Jan 2005 11:17:01 +, Shaun Lipscombe <[EMAIL PROTECTED]> wrote: > > If the client sends the server its certificate (public key) and the > ser

Re: Dynamic engine problems

Hello! On Tue, 18 Jan 2005, Dmitry Belyavsky wrote: > > That's because of the call to ENGINE_unregister_ciphers() in > > cce_destroy(). Can I suggest you take a look at, for example, > > demos/engines/rsaref/ for a working example to look at? > > Unfortunately that's not only because of ENGINE_u

Re: Dynamic engine problems

Hello! On Mon, 17 Jan 2005, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Mon, 17 Jan 2005 11:06:49 +0300 (MSK), > Dmitry Belyavsky <[EMAIL PROTECTED]> said: > > beldmit> We are implementing custom engine providing GOST algorithms. > beldmit> We get a SEGFAULT on app_s

errata

Sorry, I made a mistake in my mail, I did not mean "a ssldump that he made locally with a remote peer", but "a ssldump that he made locally with a local test server" I try to reread my mails before sending but I think I should always rereread!!! -- Mit freundlichen Gruessen Nicolas POCHAT-POCH

interpreting some more results of ssldump

Hello all, I still have the same problem: I have my TLS server and we still have our unsucessful connection attempts with a remote peer in Holland. SSL dump logs the following (this time, it slightly change, there's no "Unknown SSL content type 114", even if the client trying to connect is the