hi all
even after implementing various suggestions by openssl users i couldnot link my code .the linker shows error of undefined reference to various openssl functions like bio_write etc.
can anybody provide some light.
ak
Free antispam, antivirus and 1GB to save all your messages
Only in Yaho
Hi all,
I am writing a module for apache that needs to dump client certificate
information from mod_ssl which ultimately uses OpenSSL...
Does anyone have any idea how to apply this hook?
If this is the wrong forum for this can someone suggest a mailing list?
Thanks..
Pj.
--
No virus found i
Darn, so there's a bug in CA.pl, well, I've never explored that utility.
Anyway, if you'd just followed the instructions in the HOWTO to create
CSR's, you wouldn't end up having the private key concatenated with the
request.
And, the private key is needed by "openssl req" to sign the request.
Riaz,
I think you'll find that malloc does do the right
thing. Otherwise code such as the following would fail depending on the
alignment requirements of the underlying platform:
double* p =
(double*)malloc(sizeof(double));
*p = 3.14;
You shouldn't need to
mess with alignment
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Mon, 04 Jul 2005 17:16:31 -0400, Uri <[EMAIL
PROTECTED]> said:
urimobile> /At least two demoCA sripts - CA and CA.pl
CA.sh and CA.pl both do the same wrong thing, bundle the private key
with the CSR (Certificate Signature
> IT is common practice for someone making a certificate request to prove that
> they have the private key.
Normally "proof of possession" is done by signing the request *with* the
private key, not sending it in the request. The CA can then verify the
requester's possession of private key using
In message <[EMAIL PROTECTED]> on Mon, 04 Jul 2005 17:16:31 -0400, Uri <[EMAIL
PROTECTED]> said:
urimobile> /At least two demoCA sripts - CA and CA.pl
CA.sh and CA.pl both do the same wrong thing, bundle the private key
with the CSR (Certificate Signature Request or something like that,
describ
Dr. Stephen Henson wrote:
PEM should be accepted but its very picky about any extra data before the
-BEGIN CERTIFICATE- line.
Hmm... I'll check - but I suspect it's too picky for me. :-)
True. As IPsec peers can exchange their certs automatically.
and I don't think Windows suppor
It's fine for any box to store or cache certificates of any kind.
Certificates are public data, and only contain a public key.
I know that it's fine - am just describing the setup, mostly for the
benefit of those who tend to jump to conclusions and give others as
little credit as possible u
On Mon, Jul 04, 2005, Uri wrote:
> Dr. Stephen Henson wrote:
>
> >PKCS#12 isn't an appropriate format to just import a certificate. You need
> >to use PEM or DER form and an appropriate extension such as .crt.
> >
> >
> I figured this out too late. PEM isn't accepted by Windows, but DER
> (luck
Dr. Stephen Henson wrote:
PKCS#12 isn't an appropriate format to just import a certificate. You need
to use PEM or DER form and an appropriate extension such as .crt.
I figured this out too late. PEM isn't accepted by Windows, but DER
(luckily!) is, so now I'm just using DER.
IPsec FAQ tha
In message <[EMAIL PROTECTED]> on Mon, 04 Jul 2005 13:41:17 -0400, Uri <[EMAIL
PROTECTED]> said:
urimobile> Richard Levitte - VMS Whacker wrote:
urimobile>
urimobile> >>> >What makes you think the private key is included?
urimobile> >urimobile>
urimobile> >urimobile> The fact that Windows XP ma
On Mon, Jul 04, 2005, Uri wrote:
> Dr. Stephen Henson wrote:
>
> >On Sun, Jul 03, 2005, Uri wrote:
> >
> >
> >
> >>How do I create a request that doesn't contain private key, and how do I
> >>sign it? Could you give me an example please?
> >>
> >What makes you think the private key is included?
On Mon, Jul 04, 2005, Klaus Thurnhofer wrote:
> Hi,
>
> I'm trying to save a session to a buffer, like it is proposed in several
> articles, using i2d_SSL_SESSION. However, when trying to restore the session
> from the ASN1 buffer it immediately returns with an error.
>
> from what I learned f
Richard Levitte - VMS Whacker wrote:
>What makes you think the private key is included?
urimobile>
urimobile> The fact that Windows XP machine (into which I load the
urimobile> created cert) claims to now have the private key for it.
Uhmmm, in a X.509 PKI, you need a key pair (private and pub
Hi,
I'm trying to save a session to a buffer, like it is proposed in several
articles, using i2d_SSL_SESSION. However, when trying to restore the session
from the ASN1 buffer it immediately returns with an error.
from what I learned from the various articles and samples I feel that the
followi
On Sat, Jul 02, 2005, Dr. Stephen Henson wrote:
> On Sat, Jul 02, 2005, Arsen Hayrapetyan wrote:
>
> > Hello,
> > I have the following question:
> >
> > Suppose you have CA certificate /cacert.pem/ with the following
> > subjectName:
> > */C=xx/O=aa/O=bb/CN=uu*
> > Also you have the following i
> Malloc doesnt guarantee an alignment of any sort.
Yes it does. It guarantees that what it returns can be used for
worst-case alignment so that anything will work, as in
int* foo = (int*)malloc(sizeof *foo);
*foo = 42;
free(foo);
In this particular case, malloc may retur
> Darn, I thought I explained the problem: openssl "req" seems to require
> private key of the cert requestor, which defeats the whole idea of PKI.
No.
IT is common practice for someone making a certificate request to
prove that they have the private key. This is known as "proof of
possession" a
Uri wrote:
> Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing
> others' public keys) without havign their private keys presented to the
> signer?
>
> [For having to bring private key along with the public key sort fo
> defeats the whole purpse PKI.]
> ___
On Mon, Jul 04, 2005, [EMAIL PROTECTED] wrote:
>
> Hi guys,
> I've got some simple questions. Are *.pfx and *.p12 files
> interchangeable? AFAIK the .pfx is something like a not
> fully implemented subset of .p12. Are there applications
> that accept only one of the two formats? My experiments
>
On Mon, Jul 04, 2005, Jagannadha Bhattu wrote:
> Can you let me know what is an export cipher.
>
If you mean "export ciphersuite"...
Its a legacy thing which complied with the old US export regulations. It would
effectively (*) have a much smaller key length and might have other
restrictions ap
Jagannadha Bhattu wrote:
Hi,
I am new to SSL and want to know more about BIOs. Is there a tutorial
on how to use and on their uses.
Thanks
JB
__
OpenSSL Project http://www.openssl.org
User Suppo
Hi guys,
I've got some simple questions. Are *.pfx and *.p12 files
interchangeable? AFAIK the .pfx is something like a not
fully implemented subset of .p12. Are there applications
that accept only one of the two formats? My experiments
show that changing the postfix .p12 to .pfx or the opposite
do
Can you let me know what is an export cipher.
Thanks
JB
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
If you are using libc for malloc then using pragma requires
recompilation of libc. So even if you use the pragma in openssl it
will not force the alignment in libc. Correct me if my understanding
of what you meant was wrong.
In case if you use glibc, here is something that may be of use to you.
Gl
Malloc doesnt guarantee an alignment of any sort. ASIC chip requres that the buffer address that is passed to it should be a strictly 16 bit ( not byte ) aligned...I was going thru this link
http://sources.redhat.com/ml/crossgcc/2000-08/msg00049.html and here he has suggested a method of defining
Hi,
I posted this question last week and got no
response.
Am I posting to the wrong news group?
Any other news-group I should post to?
Thanks,
Gilad.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Gat, Gilad
Sent: Wednesday, June 29, 200
28 matches
Mail list logo
