Hi,
I have relevant question in this regard
I have set the value of commonName_max = 5 in openssl.cnf
Generate self signed certificate using -subj option# openssl req -x509 -out cacert.pem -new -keyout cakey.pem -subj /C=INN/ST=TamilNadu/L=CBE/O=test/CN=xx -nodes
Successful
Here the c
Warrick FitzGerald wrote:
> Is there somewhere that you can download a package of all currently
> "trusted" CA's. I know this is a very broad question, as who defines who
> the trusted ones are.
Mozilla has a pretty good policy on CA certs IMO, and they obviously
ship ip with Mozilla products. It'
On Wed, Nov 09, 2005, david kine wrote:
> I have a secure client application that loads a pkcs12
> file containing client cert, client key, and trusted
> root CA's. It works perfectly, connecting only to
> servers signed by the trusted CA's.
>
> However, when I load a single CRL file, then all
>
Is there somewhere that you can download a package of all currently
"trusted" CA's. I know this is a very broad question, as who defines who
the trusted ones are.
I was just thinking that since vendors like $MS have a list of standard
trusted CA's, that the OpenSource community would have somethin
On Wed, Nov 09, 2005 at 08:38:02PM -0500, Warrick FitzGerald wrote:
> Hi Guys,
>
> I'm trying to test a connection to a TLS enabled SMTP server. Is it
> possible to use use OpenSSL to setup the TLS sessison and then interact
> with the mail server as if I'd telnet'd to port 25?
>
Yes, with sign
Hi Guys,
I'm trying to test a connection to a TLS enabled SMTP server. Is it
possible to use use OpenSSL to setup the TLS sessison and then interact
with the mail server as if I'd telnet'd to port 25?
Thanks
Warrick
I have a secure client application that loads a pkcs12
file containing client cert, client key, and trusted
root CA's. It works perfectly, connecting only to
servers signed by the trusted CA's.
However, when I load a single CRL file, then all
connections fail:
"unable to get certificate CRL"
"SS
Very clever, thanks for the tips.
-David
--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> On Wed, Nov 09, 2005, david kine wrote:
>
> > I've switched over to a Linux system running
> OpenSSL
> > 0.9.7a Feb 19 2003, and copied the CA.pl from
> Solaris,
> > now everything works fine.
> >
>
On Wed, Nov 09, 2005, david kine wrote:
> I've switched over to a Linux system running OpenSSL
> 0.9.7a Feb 19 2003, and copied the CA.pl from Solaris,
> now everything works fine.
>
> Going back to my original question, I need to create a
> root CA, then create a server CA (signed with the root
On Wed, Nov 09, 2005, Antonio Ruiz Martnez wrote:
>
> The question is that I have received a PKCS#1 that claims to be
> compliant with PKCS#1 v2.1. With the openssl, with rsautl, I'm getting
> an error telling me that the object is too long
> Then I have decrypted the information received a
I've switched over to a Linux system running OpenSSL
0.9.7a Feb 19 2003, and copied the CA.pl from Solaris,
now everything works fine.
Going back to my original question, I need to create a
root CA, then create a server CA (signed with the root
CA), then create a server certificate (signed with th
Sendmail wasn't able to start due to runing subdomain service. I hav te
configure that first.
Thanks
Henk
Op zondag 06 november 2005 22:45, schreef Claus Assmann:
> On Sun, Nov 06, 2005, Henk A.M. Weebers wrote:
>
> Please trim your reply, don't quote everything and don't toppost.
> Usually I woul
Dr. Stephen Henson wrote:
On Wed, Nov 09, 2005, Antonio Ruiz Martnez wrote:
Hello!
I would like to know if openssl is fully compliant with PKCS#1 v2.1
or if it is planned to support it in short.
Could you help me, please?
Depends on what you mean by "fully complia
On Wed, Nov 09, 2005, Antonio Ruiz Martnez wrote:
> Hello!
>
>I would like to know if openssl is fully compliant with PKCS#1 v2.1
> or if it is planned to support it in short.
> Could you help me, please?
>
Depends on what you mean by "fully compliant"...
Steve.
--
Dr Stephen N. Henson. E
On Wed, Nov 09, 2005, david kine wrote:
> I'm attempting to use CA.pl on a Solaris 10 Sparc
> system. OpenSSL is provided on the distribution CD's
> (OpenSSL 0.9.7d 17 Mar 2004). I use the following
> commands:
>
> 1. CA.pl -newca
> 2. CA.pl -newreq
> 3. CA.pl -signreq {problems at this
Hello!
I would like to know if openssl is fully compliant with PKCS#1 v2.1
or if it is planned to support it in short.
Could you help me, please?
Regards,
Antonio.
__
OpenSSL Project http://
I'm attempting to use CA.pl on a Solaris 10 Sparc
system. OpenSSL is provided on the distribution CD's
(OpenSSL 0.9.7d 17 Mar 2004). I use the following
commands:
1. CA.pl -newca
2. CA.pl -newreq
3. CA.pl -signreq {problems at this step}
During the signreq, the program cannot open the C
Title: Message
I
tried configuring with hpux64-ia64-cc and was able to build as a shared
library. Thanks.
,
Josh.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of prakash babuSent: Wednesday, November 09, 2005 8:08
AMTo: openssl-users@ope
On Wed, Nov 09, 2005, Ken Campbell wrote:
> I'm trying to get started with SSL. I've installed Win32OpenSSL-v0.9.8a
> on a Windows 2003 Server box with Apache 2.0.55 running. I've got as
> far as:
>
> openssl req -new -key myserver.key -out myserver.csr (where
> myserver.key exists)
>
> As s
On Wed, Nov 09, 2005, Warrick FitzGerald wrote:
>
> Here's the exact process I'm following (see details below):
>
> 1. Create CA
> 2. Create Cert
> 3. Try to verify
>
> For some odd reason CA.pl writes the Key and Cert to newreq.pem, so no
> the above was not a type ... am I misunderstanding so
Dr. Stephen Henson wrote:
On Wed, Nov 09, 2005, Warrick FitzGerald wrote:
Hi All,
I generated a CA cert and then created a certificate (using CA.pl in
./misc), however the verify does not seem to detect a valid CA.
openssl verify -CAfile ./demoCA/cacert.pem -purpose sslserver ne
I'm reading in a request, I can read various bits and bobs out of it,
including a key which then verifies the request. That's all fine.
When I read the requests subject, I get a non-null pointer. Which
crashes any of the X509 name functions I pass it to..
// normal openssl startup
FILE *f
I’m trying to get
started with SSL. I’ve installed Win32OpenSSL-v0.9.8a on a Windows 2003
Server box with Apache 2.0.55 running.
I’ve got as far as:
openssl req –new –key myserver.key –out myserver.csr (where myserver.key exists)
As soon as I get to the
following prompt things get
Hello Josh,
The problem I suspect is AES_cbc_encrypt function is defined in aes_cbc.c and that is not compiled and added to the libcrypto library.
You can either edit the openssl-0.9.8a/Makefile
Line 92:
Before : AES_ASM_OBJ= aes-ia64.o
After : AES_ASM_OBJ= aes_core.o aes_cbc.o aes-ia64.o
On Wed, Nov 09, 2005, Steffen Fiksdal wrote:
>
>
> I am investigating, and will come back when I find out what happens.
>
OK, I'd suggest placing a couple of calls in the rsa_pk1.c file which dumps
out the public key and the block it is attempting to decrypt.
Then see if the public/key and/or
On Wed, Nov 09, 2005, Steffen Fiksdal wrote:
Hi!
I have a library using openssl 0.9.8 that is accessed by several threads.
One function verifies a certificate, and in that function I call
X509_verify_cert().
In a few occations the function returns 0, and the failure occures in the
file "rsa
On Wed, Nov 09, 2005, Warrick FitzGerald wrote:
> Hi All,
>
> I generated a CA cert and then created a certificate (using CA.pl in
> ./misc), however the verify does not seem to detect a valid CA.
>
> openssl verify -CAfile ./demoCA/cacert.pem -purpose sslserver newreq.pem
>
> produces "error 1
Hi All,
I generated a CA cert and then created a certificate (using CA.pl in
./misc), however the verify does not seem to detect a valid CA.
openssl verify -CAfile ./demoCA/cacert.pem -purpose sslserver newreq.pem
produces "error 18 at 0 depth lookup:self signed certificate"
Which according to
On Wed, Nov 09, 2005, Steffen Fiksdal wrote:
> Hi!
>
> I have a library using openssl 0.9.8 that is accessed by several threads.
>
> One function verifies a certificate, and in that function I call
> X509_verify_cert().
>
> In a few occations the function returns 0, and the failure occures in
Hi!
I have a library using openssl 0.9.8 that is accessed by several threads.
One function verifies a certificate, and in that function I call
X509_verify_cert().
In a few occations the function returns 0, and the failure occures in the
file "rsa_pk1.c" on line number 100.
I tried to do a mu
On Wed, 9 Nov 2005, Pj wrote:
Hi,
Does OpenSSL have AES support specifically Rijndael and if so which is the
minimum release number we need?
The OpenSSL O'Reilly book mentions that AES (also called Rijndael) is
available only in Versions 0.9.7 or later.
Sincerely,
Patrick
On Tue, Nov 08, 2005 at 06:04:05PM +0100, Andy Polyakov wrote:
> extern "C" makes perfect sense, but PASCAL? It doesn't make sense...
> Documentation references indicate that PASCAL capitalizes name [not to
> mention alternative argument passing convention, but it's lesser problem
> in this cas
Hi,
AES is included in openssl 0.9.7x and 0.9.8x versions.
"openssl ciphers -v" for SSL use
"openssl enc -h" for crypto use
-Original Message-
From: Pj [mailto:[EMAIL PROTECTED]
Sent: Wed 11/9/2005 3:03 AM
To: openssl-users@openssl.org
Cc:
Subject:AES
Hi,
Does Ope
33 matches
Mail list logo
