On Thu, 2006-04-20 at 14:53 -0700, Joseph Bruni wrote:
> Is BIO_do_connect() smart enough to try to connect to all IP addresses
> if a name resolves to more than one?
Isn't that a round robin DNS setup? Maybe not
__
OpenSSL
Hello,
Is BIO_do_connect() smart enough to try to connect to all IP addresses if a
name resolves to more than one?
For example, the name "www.microsoft.com" resolves to eight different IP
addresses. Will they all be tried by BIO_do_connect? is there a way to do this?
Do I need to keep calling
> Hi, all. I'm hoping somebody can clarify the confusion for me.
>
> Do certs need to be guarded or not?
Almost never.
> Because what happens if
> you're doing client-side
> authentication and a server asks you for your cert, caches it and
> that server is later
> compromised?
What would be some possible causes of the following error message that I
am getting on our IMAP clients (Thunderbird 1.5 and Outlook 2003) when
they retrieve the SSL certificate from the IMAP server:
"You have attempted to establish a connection to imap.cis.uab.edu.
However, the security ce
> > What will prevent somebody from stealing my cert and
> > going around pretending to be me?
>
> "Okay, if you're Susan, this this blob: xx"
Sign. The challenge is "sign this blob"
> Without your *private* key, they cannot do that. Therefore, they cannot
> pretend to be you. If
> What will prevent somebody from stealing my cert and
> going around pretending to be me?
"Okay, if you're Susan, this this blob: xx"
Without your *private* key, they cannot do that. Therefore, they cannot
pretend to be you. If they did, it be like accepting a passport or
driver's licen
Hi, all. I'm hoping somebody can clarify the confusion for me.
Do certs need to be guarded or not? Because what happens if you're doing
client-side
authentication and a server asks you for your cert, caches it and that server
is later
compromised? What will prevent somebody from stealing my c
What key are you singing in?
I'm not sure what you mean...
Some of us got it.
--
Wes Kussmaul
CIO
The Village Group
738 Main Street
Waltham, MA 02451
781-647-7178
My uncle likes to say that the world’s biggest troubles started when the serpent said, “Try this fruit, and by the way if a b
On Thu, Apr 20, 2006 at 04:42:53PM +0100, John Francis wrote:
> A word of warning, this was done to satisfy some test data.
>
>
>
> In fact you shouldn't be doing this at all.you should create a new private
> key..
>
>
>
> The only reason to preserve the old private key is if there is some
>The only reason to preserve the old private key is
>if there is something out there signed with it and
>if this is the root CA and its public cert has expired
>you really shouldn't allow anything out there to remain
>valid anyway. By issuing a new cert with the old key you
>are actually allowing
Marko Asplund wrote:
On 2006-04-14, at 12.26, Nils Larsch wrote:
try a recent snapshot from the stable branch and let openssl
build shared libraries (see first problem mentioned in the
PROBLEM file).
i tried the workaround described in the PROBLEMS file with
openssl-0.9.8-stable-SNAP-200604
Quoting Stewart Dean <[EMAIL PROTECTED]>:
> C'mon guys, lighten up. It's a joke, a pun.see in music, there are
> keysthe key of F has one flat, the key of D has two sharps, etc.
> Don't have your head so far down in the nuts and bolts...time for a
> vacationand leave your email an
C'mon guys, lighten up. It's a joke, a pun.see in music, there are
keysthe key of F has one flat, the key of D has two sharps, etc.
Don't have your head so far down in the nuts and bolts...time for a
vacationand leave your email and cellphone behind.
Rory Vieira wrote:
Steph
Rory Vieira wrote:
Hi,
For our customers we make backups (like everyone else).
However, legal restrictions apply to the specific branche we work in.
We are required to encrypt the data.
In the past I was using simple DES3 encryption, but now I would like
to use the customers secure certifica
A word of warning, this was done to satisfy
some test data.
In fact you shouldn’t be doing this
at all…you should create a new private key..
The only reason to preserve the old
private key is if there is something out there signed with it and if this is
the root CA and its public ce
Stephen,
What key are you singing in?
I'm not sure what you mean...
The customer get's a .p12 certificate from the branche organisation
which they install in Windows.
I still need to extract the public key from that though. I'll probably
need windows to export it to DER format (eg cert.cer
What key are you singing in?
Rory Vieira <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
04/20/2006 09:34 AM
Please respond to
openssl-users@openssl.org
To
openssl-users@openssl.org
cc
Subject
Singing with certificate
Hi,
For our customers we make backups (like everyone
openssl req -new -x509 -key
F:\MyCAs\MyRootCA\private\cakey.pem -keyform PEM -out cacert2.pem -outform PEM
seems to work…
Hi,
For our customers we make backups (like everyone else).
However, legal restrictions apply to the specific branche we work in. We
are required to encrypt the data.
In the past I was using simple DES3 encryption, but now I would like to
use the customers secure certificate to encrypt the da
I have an openssl CA.
I have previously created a self signed Root
certificate.
However this certificate has now expired.
How can I “refresh” the certificate (
i.e. create a new one with a later expiry date ), but still use the old private
key so that all the other certificates issue
Sorry for the lack of information. I really didn't know how to
describe it.
But I could solve the problem. I found out (quite after I wrote my
first message) that the openssl version on my server was different
from my development environment. So I corrected it and it worked
fine.
Thanks for the r
I think the issue is wrt to clearing the error queue.
Whenever
you attempt to get the error number, we need to
call ERR_clear_error()
to clear it. Certain openssl API's call it internally,
and some do not,
now am not clear as to why or on what basis. So, before
calling SSL_read,
ensure you
22 matches
Mail list logo
