> > and you've just multiplied your public key computation
> > load by a factor of three of four.
> No, you "merely" double it. One - check that the identity cert is
> valid, two
> - that the attribute cert that *you* are interested in (out of a
> dozen that
> may be attached to this identity cer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Huffman
Sent: Friday, May 25, 2007 6:29 PM
To: openssl-users@openssl.org
Subject: Unable to compile on AIX 5.1
I have been unsuccessful in compiling openssl-0.9.8 on AIX 5.1 (32-bit
ppc) using gcc (GCC)
I have been unsuccessful in compiling openssl-0.9.8 on AIX 5.1 (32-bit
ppc) using gcc (GCC) 4.0.0
My configure setting is:
./config no-shared
The configure completes successfully. I start the make command and the
app appears to compile but stops at this point in the process.
/usr/bin/p
> For both the responses I got, it looks like the server need
> to access the information (whether identity or attribute or
> whatever) present in the certificate and use that to decide
> the permissions for the peer that represented this certificate.
> Is my understanding correct?
Partially so
> Well, the Subject Distinguished Name should have the
> Organization...
Can you envision long-lived certs issued by gov't - like passports? In that
case, Organization would not have the same semantics. But this is less
relevant for our discussion.
> ...but I strongly disagree with you if you th
Hello,
I loaded the key file into the SSL_CTX and that
appeared to work i.e client.key. Is this correct?
I used the book and thought that CERTFILE,client.pem
was being used in the
function:SSL_CTX_use_PrivateKey_file.
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
Hello,
I managed to get past the problem of loading the
certificate:
I am now calling the below:
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
{
ERR_print_errors_fp(stderr);
printf("Error loading private key file!");
}
I see the follo
My Bad. I missed the SSL_library_init() call.
Sorry.
Thanks,
Garyc
--- david kine <[EMAIL PROTECTED]> wrote:
> Did you call
> "SSL_library_init()","SSL_load_error_strings()",
> etc.?
>
> gary clark <[EMAIL PROTECTED]> wrote: Hello,
>
> After performing the following:
>
> SSL_CTX * ctx = SSL_
Did you call "SSL_library_init()","SSL_load_error_strings()", etc.?
gary clark <[EMAIL PROTECTED]> wrote: Hello,
After performing the following:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
Huh! Dumped the result of theh failure and errorcode.
The ctx value is:
ctx=0x0
OPENSSL_Uplin
Hello,
After performing the following:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
Huh! Dumped the result of theh failure and errorcode.
The ctx value is:
ctx=0x0
OPENSSL_Uplink(100EA000,07): no OPENSSL_Applink
The above failure of ERR_print_errors_fp(stderr);
Could somebody be so
Hello,
Running Windows and built using VC++.
I have discovered that my SSL_CTX * is null
when attempting to call:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
why would this happen? Its a little confusing it
builds fine.
Thanks,
Garyc
SSL_CTX * ctx =
--- gary clark <[EMAIL PROTECTED]
Greetings,
I have a method that creates a certificate signing request. I need to add
extended key usage extensions to my request that specify the OIDs for both
server and client, i.e. 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2.
The documentation is not helping me understand how to do this and I ca
Hello,
Took the client and server code from the Network
Security with OpenSSL chapter 5. Built the server and
client code non-secure. This part worked like a charm.
Having a problem building the secure version. I'm
using Windows VC++ and windows and attempting to use
the 5.5 client. I would like
On 2007.05.25 at 08:16:19 -0400, Mouse wrote:
> I'm driving at Attribute Certificates. They are supposed to have shorter
> life than identity certs, but still long enough to be usable.
I've seen project to add attribute certificates to OpenSSL.
http://openpmi.sourceforge.net/
You can try to down
Thank you very much for the response.
For both the responses I got, it looks like the server need to access the
information (whether identity or attribute or whatever) present in the
certificate
and use that to decide the permissions for the peer that represented this
certificate.
Is my understandi
Much appreciated Endhy.
Garyc
--- Endhy Aziz <[EMAIL PROTECTED]> wrote:
> I wrote :
> "One of the chapter, "Designing With SSL" may help
> ".
>
> Should be :
> One of the chapter, "Coding With SSL" may help
>
> Regards,
>
> --Endhy
>
>
>
>
>
> >
>
__
Mouse wrote:
> I.e. for the sake of the argument identity
> "Michael" may have an attribute "employee of Tenebras", and another
> attribute "permitted access to dev repository A12".
Well, the Subject Distinguished Name should have the Organization,
but I strongly disagree with you if you think a
> > ... is it necessary to
> > issue ONE certificate to EACH individual.
>
> Yes. The problem of granting access based on membership in a
> group is an authorization problem.
Correct.
> This doesn't have
> anything to do with certificates -- permissions and roles
> change independently of
domi schrieb:
Hello Bruno and Thomas,
Number 1 and 4-6 are definitively right as long as I know. I think that
number 2 and 3 are correct too. But I‘m not quiet sure.
Thomas would you be so kind and tell me in what format the time is written?
Or just give me link where I can find the information;
Hello Bruno and Thomas,
Number 1 and 4-6 are definitively right as long as I know. I think that
number 2 and 3 are correct too. But I‘m not quiet sure.
Thomas would you be so kind and tell me in what format the time is written?
Or just give me link where I can find the information; my search wasn
Urjit Gokhale wrote:
It seems that you are making the common mistake of conflating authentication
with authorization. Certs are useful in binding pubkeys to identities and
subsequently in verifying possession of the private key by being able to
perform decryption.
The SSL protocol has provision
Hello,
> I would like to have your opinion on one scenario, and my approach to
> provide needed functionality:
> 1) I have a server that listens to connection requests from the clients over
> the internet (meaning anyone and everyone who knows my ip/port can send me
> connection request. I am not b
Still no response :-(
Could someone please help me clarify my doubts?
thanks,
~ Urjit
- Original Message -
From: "Urjit Gokhale" <[EMAIL PROTECTED]>
To:
Sent: Thursday, May 24, 2007 4:28 PM
Subject: Re: Certificates, users and machines
> Thanks for your reply.
> I would like to have yo
On Fri, May 25, 2007, Peter Kuykendall wrote:
> Kyle Hamilton wrote:
>
> This is OK if your key happens to be text, but I'm stuck on how to pass
> a binary key. After figuring out the basic syntax, my new problem is
> that the real key is random binary stuff, and I don't know if there is a
>
Kyle Hamilton wrote:
What is it that you're trying to do with the CLI? We might be able to
assist with that.
Thanks Kyle. I'm actually doing 2 separate things. I'll list the 2nd
one in a separate thread.
I'm using openssl version 0.9.8e
This task is simply to generate a sha1 HMAC across
What is it that you're trying to do with the CLI? We might be able to
assist with that.
As for documentation, write it up and email it as an attachment to
[EMAIL PROTECTED] rt is the request tracker, and it'll make it possible
to keep track of its status.
-Kyle H
On 5/24/07, Peter Kuykendall
Hello,
> When I generate a key pair with an openssl genrsa command I get a private
> key. But where is the corresponding public key stored?
After genrsa private and public key are stored in the same file.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
Bruno,
A database line is structured as followed:
1. state of the cert (V=valid, R=revoked, E=expired where the state is not
changes automatically if a cert expires)
2. end of validity
3. revocation time (empty when the cert ist not revoked)
4. serial number in hex
5. Where the cert can be found
Bernhard Froehlich wrote:
>
> If you want to generate a key pair you may be better off using openssl
> req with the -newkey option, which also generates a certificate request
> for the newly generated key.
>
> Hope it helps.
> Ted
> ;)
>
>
Thank you for your reply but the question was no
I'm trying to use a couple of simple functions of the openssl CLI and
can't figure it out from the docs nor the mailing list archives. Since
it seems that I'm going to have to review the source code to understand
the proper syntax, I'd like to expand the documentation to share this
knowledge a
leseul schrieb:
When I generate a key pair with an openssl genrsa command I get a private
key. But where is the corresponding public key stored?
There seems to be an openssl command pkey
(http://www.openssl.org/docs/apps/pkey.html) for this, but my version
does not know it.
A workaround seem
31 matches
Mail list logo
