It seems to be 7200 seconds on my system even though
the man page says the default value is 300 seconds.
I don't think it possible to specify the timeout in a
system-wide config file without any effort from your
part. You can however have another config file and set
the timeout using SSL_CTX_set_
To quote rfc 2818:
If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated
On Fri, Feb 10, 2006, Khai Doan wrote:
> Can someone please explain the nsSslServerName directive/extension? I
> found http://wp.netscape.com/eng/security/cert-exts.html, but what is shell
> expression ? Is it a regular expression ? Can someone give me an example?
>
It is a deprecated exten
Can someone please explain the nsSslServerName directive/extension? I found
http://wp.netscape.com/eng/security/cert-exts.html, but what is shell
expression ? Is it a regular expression ? Can someone give me an example?
Thanks,
Khai
How can I generate a CSR with multiple common names ?
How can I sign a CSR with multiple common names? (I already set up a CA, but
don't know what I need to do, whether or how to edit my openssl.cnf file)
Thanks for any hint.
Khai
Does anyone know how well MSIE support HTTP to TLS upgrade (RFC 2817) now ?
Does Microsoft has any plan to support RFC 2817?
Khai
__
OpenSSL Project http://www.openssl.org
User Support Mailing
Dr. Stephen Henson wrote:
On Fri, Feb 10, 2006, Kyle Hamilton wrote:
There's a HOWTO on how to create DH certificates with CA.pl; the
X.509/PKCS functions support them, but the SSL/TLS layer doesn't?
I assume DH = Diffie-Hellman?
--
Wes Kussmaul
CIO
The Village Group
738 Main Street
Wal
On Fri, Feb 10, 2006, Kyle Hamilton wrote:
> There's a HOWTO on how to create DH certificates with CA.pl; the
> X.509/PKCS functions support them, but the SSL/TLS layer doesn't?
>
The openssl utility can be used to create DH *parameters* but there is no
support in the X509 library for DH *certif
There's a HOWTO on how to create DH certificates with CA.pl; the
X.509/PKCS functions support them, but the SSL/TLS layer doesn't?
-Kyle H
On 2/10/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
> On Fri, Feb 10, 2006, jimmy wrote:
>
> > Hi,
> >
> > Why is it that some ciphers like "DH-DSS-AES1
On Fri, Feb 10, 2006, jimmy wrote:
> Hi,
>
> Why is it that some ciphers like "DH-DSS-AES128-SHA", have
> SSL_CIPHER.valid set to 0 in the table ssl3_cpihers?
>
> Is there a specific reason?
>
They require the use of DH certificates which OpenSSL doesn't support.
Very few people use them and
Hi,
Why is it that some ciphers like "DH-DSS-AES128-SHA", have
SSL_CIPHER.valid set to 0 in the table ssl3_cpihers?
Is there a specific reason?
Thanks,
jimmy
__
OpenSSL Project http://www.opens
Two questions: First, what is the default session ID reuse timeout for OpenSSL? Second, is it possibletwo specify that timeout in a system-wide configuration file?
Commenting out apps/ca.c line 898-902 does "solve" this problem. IMHO
this looks like bug in check_time_format. Does anybody know less dirty
solution ?
--
Petr Silhavy
Just because you're paranoid doesn't mean they AREN'T after you. --fortune
___
Have a look at http://karajan.it.uc3m.es/~pervasive/wce_lite_compat/
Dani
http://www.it.uc3m.es/dds
-Mensaje original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
En nombre de Cesc
Enviado el: viernes, 10 de febrero de 2006 11:57
Para: OpenSSL-users
Asunto: openssl 0.9.8 for wince
H
I have a slightly non-standard (and non-security-policy-compliant)
FIPS mode setup, generated with:
cvs -d/home/kyle/openssl/repository co -rOpenSSL_FIPS_1_0 \
-d /home/kyle/openssl/work openssl
./config fips --prefix=/home/kyle
make
make test
make install
(the 'non-security-policy-compliant' part
Hi,
It may sound strange ... but could someone do either:
- send me the compiled static (.dll.a) and shared (.dll) of libeay32
and ssleay32, for a wince machine?
- or tell me how to cross-compile for wince from a linux debian
machine (i have the pocketpc tools).
Tks in advance!
Cesc
You might try installing the GNU binutils and gas instead of the
solaris assembler and linker and see if that helps. People have
had problems before using gcc and feeding the result to the
solaris linker, and in fact there's a patch for gcc mentioned in
the openssl readme or faq or some such. (I
Hi,
Yesterday i managed to compile openssl-0.9.8a, provided a patch
(credit to Mikael Magnusson). I attach the patch.
Cross-compilation from a debian etch (testing), using mingw32.
As for the configure line:
./Configure --prefix=$CROSS_COMPILE_FOLDER threads shared mingwx
I don't know exactly th
18 matches
Mail list logo
