Nikolay Elenkov wrote:
> I am trying to patch the PKCS#7 code to (partially) handle CMS ver 3.
> What I need is to parse a CMS structure that has an attribute
> certificate in the certificates field of SignedData.
>
...
>
> typedef struct certificate_choices_st {
> int type;
> union {
>
Hi,
I just want to ask if OpenSSL verifies the
certificate's activation date. If not, how will i do
about this?... Has anyone implemented OCSP instead of
the CRL? Thanks.
Regards,
Andrew
__
Yahoo! Mail - PC Magazine Editors' Ch
Argh, hit the send button before I had finished *blush*
Greg Vickers wrote:
Hi all,
I am in the process of renewing a root CA certificate (which is expiring
soon.) I should be able to use the original certificate signing request
to issue a new certificate for the CA, correct?
And what is th
Hi all,
I am in the process of renewing a root CA certificate (which is expiring
soon.) I should be able to use the original certificate signing request
to issue a new certificate for the CA, correct?
And what is the best way of deploying the new CA certificate?
--
Greg Vickers
Project Manag
i have a signature that fails verification.
openssl dgst -sha1 -verify public.pem -signature sigfile myfile
Verification Failure
this one particular pair (sigfile, myfile) fails verification out of a
group of 500,000 pairs which all succeed.
there are at least 2 possbilities for this that i c
hi steve, thanks for the insight! yes, the first cert was the CA. all
i needed to do was strip out the first cert from the .pem file, extract
the public key and then it verified just fine.
thanks again,
jlg
Dr. Stephen Henson wrote:
On Wed, Nov 23, 2005, john guerrero wrote:
hi folks,
On Wed, Nov 23, 2005, john guerrero wrote:
> hi folks, relative newbie here trying to support a legacy application.
>
> i can successfully verify a signature with the following command:
> openssl dgst -sha1 -prverify private.pem -signature sigfile myfile
> Enter pass phrase for private.pem:
> Ver
hi folks, relative newbie here trying to support a legacy application.
i can successfully verify a signature with the following command:
openssl dgst -sha1 -prverify private.pem -signature sigfile myfile
Enter pass phrase for private.pem:
Verified OK
then i pull the public key from private.pem:
Farid Izem wrote:
Hi all,
New to this mailling lists. Hope you can help me in compelting my task.
I d'like to generate a Sefl Signed SSL Certificates which will be serve for
multi hosted sites on the same server.
Can someone tell me how to that please ?
subjectAltName=DNS:host1.domain1,DNS:ho
Mark wrote:
Hi,
Hello,
# openssl req -newkey rsa:1024 -keyout nuckey.pem
-keyform PEM -out nucreq.pem -nodes -outform PEM
What are these key files for?
I'm still not sure what these files are for. I guess that the
nuckey.pem is a private key (does this need loading with
SSL_CTX_use_certifi
This is a follow up of my problem which it seems to be solved. Right
now the server is up and running for one hour.
I'd like to thank all of you who tried to help me. Marek, Jorey, Victor,
and a special thanks to Reed who tested, and point me out the in right
directions.
Despite the fact that t
On Wed, Nov 23, 2005, roro GRONAN wrote:
> Hi everybody,
> i'm new with the openssl libs (0.9.8a), I try to develop a program wich
> need to produce a file that can be decrypted with the openssl command line
> tool.
> i choosed des_ede3_cbc as the syemtric algorithm.
>
> the "encryption" part o
thanks you this helps
Perry
Dr. Stephen Henson wrote:
On Wed, Nov 23, 2005, Perry L. Jones wrote:
I have some legacy code that uses the ioctl() function on a socket to
see how many bytes are ready to be read. I was wounding if this can be
done with an openssl socket or if I
Hi everybody,
i'm new with the openssl libs (0.9.8a), I try to develop a program wich need
to produce a file that can be decrypted with the openssl command line tool.
i choosed des_ede3_cbc as the syemtric algorithm.
the "encryption" part of my code is given at the end of this post.
I verified
Hi,
Is it possible to use AES en-decryption using asymmetric keys(private and
public keys)
Hi Dorai,
The short answer is no. AES is a block cipher based on symmetric keys. But
note, practically all secure conversations start out using asymmetric keying
first.
Symmetric keying processes are fa
On Wed, Nov 23, 2005 at 10:13:05AM -0800, Jairds wrote:
> www.cliconnect.com
>
Perhaps shawcable rate limits connections to your system...
$ openssl s_client -connect 24.71.57.40:443
CONNECTED(0003)
depth=1 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
On Wed, Nov 23, 2005, Perry L. Jones wrote:
> I have some legacy code that uses the ioctl() function on a socket to
> see how many bytes are ready to be read. I was wounding if this can be
> done with an openssl socket or if I can uses SSL_get_fd( sslSocket ) and
> then uses the standard socket
Thanks guys , here it is
www.cliconnect.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorey Bump
Sent: Wednesday, November 23, 2005 9:33 AM
To: openssl-users@openssl.org
Subject: Re: Resending - Please help
Jairds wrote:
> The problem is : I
Hello,
> > The problem is : I already talked to my provider and they claim not to
> > block any port. I checked my router and the port is open. If I netstat I
> > get
> >
> > tcp0 0 *:https *:*
> > LISTEN
> >
> > And, the worst of all. Sometimes it works.
Jairds wrote:
The problem is : I already talked to my provider and they claim not to
block any port. I checked my router and the port is open. If I netstat I
get
tcp0 0 *:https *:*
LISTEN
And, the worst of all. Sometimes it works.
I have no clue at th
I have some legacy code that uses the ioctl() function on a socket to
see how many bytes are ready to be read. I was wounding if this can be
done with an openssl socket or if I can uses SSL_get_fd( sslSocket ) and
then uses the standard socket ioctl functions.
int numBytesToRead;
funcStatus =
Hi,
I am calling SSL_accept() and getting a zero return value.
I then call SSL_get_error() and get SSL_ERROR_SYSCALL. I do pass
the zero as the second parameter to SSL_get_error().
However errno=0 and ERR_get_error() gives nothing.
It has a normal blocking socket BIO attached.
What else can I c
>>This is not an SSL issue. Does your ISP block port 443? The error from
>the monitoring company refers to their own script, not any files on
your
>machine. It simply can't make a connection to your server.
__
I am glad to h
Jairds wrote:
I am having a weird problem in my site related to SSL.
I can connect from inside the network to the secure pages , so the
certificate is fine. From outside the connections are refused. I have a
monitoring company checking the site and from them I got the following
error message
T
I apologise for resending, but I got no response, and am really lost
here. Please take a minute to read it.
Yesterday I reinstalled SSL and the Apache. After that the server
responded ok and then went back to the same problem.
>>Previous Post
Hi all,
I am having a weird problem in my si
On Wed, Nov 23, 2005 at 10:34:10AM +0530, Dorairaj B - CTD, Chennai. wrote:
> Is it possible to use AES en-decryption using asymmetric keys(private and
> public keys)
>
Yes, in much the same way as you can fly a camel to the moon. You could
on the other hand try RSA. What problem are you trying
Thanks Katie,
> And then we say "make certs" and it makes the certificates up to date.
I tried your makefile but it did not work for me (I did change the paths
and fix the missing TABs) but it failed with the error. The rule for
%.cert
looks ok to me:
gmake: *** No rule to make target `sv.cert'
it didnt work. i called the echo function to ensure, the data can be read,
and i get now
-BEGIN CERTIFICATE-
MIIDkjCCAvugAwIBAgIOUNsCTNjylrtuCVYwDQYJKoZIhvcNAQEFBQAwgbwx
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJn
MTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkg
that isnt the error, i got it in my php document right.
the error still exists:
error:02001002:system library:fopen:No such file or directory
error:2006D080:BIO routines:BIO_new_file:no such file
--
Telefonieren Sie schon oder sparen Sie noch?
NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefo
Hi,
error:2006D080:BIO routines:BIO_new_file:no such file
error:02001002:system library:fopen:No such file or directory
The file "zertifikat.pem" could not find in the place expected. For
testing try the complete path e.g. "C:\\zertifkat.pem".
Steffen Lips
__
Yo Hasan, maybe you should fix the following?
>
> //encrypt the message, now put in the headers.
> openssl_pkcs7_encrypt("msg", "enc.txt",
> $pubkey,$headers,0,1);
>
Try this one instead:
openssl_pkcs7_encrypt("msg.txt", "enc.txt",
$pubkey,$headers,0,1);
Dunno, but that one looks l
Hi,
> New to this mailling lists. Hope you can help me in compelting my task.
> I d'like to generate a Sefl Signed SSL Certificates which will be serve for
> multi hosted sites on the same server.
>
> Can someone tell me how to that please ?
Here is the overview, best currently possible solution,
Hi all,
New to this mailling lists. Hope you can help me in compelting my task.
I d'like to generate a Sefl Signed SSL Certificates which will be serve for
multi hosted sites on the same server.
Can someone tell me how to that please ?
King Regards,
Farid.
On Tue, Nov 22, 2005 at 01:39:29PM -, Mark wrote:
> Hi,
>
> > It is still better to have a CA that signs certificates,
> > there are some
> > technical reasons in openssl,
> > it is simpler to program the trust checking, in fact with self signed
> > certs you need callbacks
> > to accept th
Hi,
> >>> # openssl req -newkey rsa:1024 -keyout nuckey.pem
> >>> -keyform PEM -out nucreq.pem -nodes -outform PEM
> >>>
> >>> What are these key files for?
> >
> > I'm still not sure what these files are for. I guess that the
> > nuckey.pem is a private key (does this need loading with
> > SS
On Tue, Nov 22, 2005 at 01:35:22PM -, Mark wrote:
> Hi,
>
> Thanks for all the help everyone.
>
> > We're signing the certificates for users. They call up the servers and
> > present a certificate which authorises them. The root certificate is
> > stored on the servers, and the fingerprint of
36 matches
Mail list logo
