Re: Building OpenSSL without Crypto Support

2008-05-08 Thread vaibhav bindroo
Thanks for the response . I tried out various flags and finally ended up striping it to arnd 500 KB which seems ok for my application requirements . Lets see whether it is feasible enough to be portable across various platforms in immediate future . Thanks ~Vaibhav Bindroo

Re: Manually verifying signature on X.509 certificate

2008-05-08 Thread Dr. Stephen Henson
On Thu, May 08, 2008, Anthony Floyd wrote: > Hi, > > I have a self-signed certificate generated by OpenSSL. I'm using Python > and various libraries (PyCrypto, tlslite) to programmatically access the > certificate. I'm not having any problems pulling the data out of the > certificate. > > Now

RE: Manually verifying signature on X.509 certificate

2008-05-08 Thread Anthony Floyd
> So to check the signature, it should be as easy as to hash > the data, decrypt the signature with the public key and > compare the two. Of course, I meant: hash the data, encrypt the hash with the public key and compare to signature. Thanks, Anthony.

Manually verifying signature on X.509 certificate

2008-05-08 Thread Anthony Floyd
Hi, I have a self-signed certificate generated by OpenSSL. I'm using Python and various libraries (PyCrypto, tlslite) to programmatically access the certificate. I'm not having any problems pulling the data out of the certificate. Now I want to validate the certificate. My current understandin

Re: How to create a certificate for top domains with more than two letters

2008-05-08 Thread Mário Gamito
Hi Patrick, Thanks a lot for your explanation. It was certainly insightfull. Warm Regards, Mário Gamito On Thu, May 8, 2008 at 2:35 PM, Patrick Patterson <[EMAIL PROTECTED]> wrote: > > On May 8, 2008 06:09:01 am Mário Gamito wrote: > > Hi, > > > > I use to create my SSL certificates for Apach

Re: How to create a certificate for top domains with more than two letters

2008-05-08 Thread Patrick Patterson
On May 8, 2008 06:09:01 am Mário Gamito wrote: > Hi, > > I use to create my SSL certificates for Apache with the following commands: > > # openssl genrsa -des3 -out ca.key 1024 > # openssl req -new -x509 -days 365 -key ca.key -out ca.crt > # openssl genrsa -des3 -out server.key 1024 > # openssl req

RE: Building OpenSSL without Crypto Support

2008-05-08 Thread Bill Colvin
I add the flags no-md2 no-ripemd160 no-bf no-camellia no-cast no-idea no-mdc2 no-rc5 Bill From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of vaibhav bindroo Sent: May 8, 2008 1:17 AM To: openssl-users@openssl.org Subject: Re: Building OpenSSL witho

Failing to using OpenSSL v0.9.8g with tomcat 5.5.9 over TLS

2008-05-08 Thread Wahaj Khan
Hi, I am trying to use OpenSSL 0.9.8e/0.9.8g to communicate with my web-server (Apache tomcat v5.5.9) and failing over TLS. If I communicate on non secure channel, I succeed. I can access my web-server using IE 7.0, firefox2.0+ successfully suggesting that the web-server is OK. By default Apach

How to create a certificate for top domains with more than two letters

2008-05-08 Thread Mário Gamito
Hi, I use to create my SSL certificates for Apache with the following commands: # openssl genrsa -des3 -out ca.key 1024 # openssl req -new -x509 -days 365 -key ca.key -out ca.crt # openssl genrsa -des3 -out server.key 1024 # openssl req -new -key server.key -out server.csr After this, I sign ser

BIO_gets hangs with full cpu load

2008-05-08 Thread Roman Aspetsberger
Hello. I'm working on a multi threaded program, which passes on HTTP messages. Therefore, I use socket BIOs with buffer BIOs to get the BIO_gets() support. Everything is working fine for a while, but sometimes, a thread hangs in the BIO_gets() method and returns never again. The worst fact is,

RE: Building OpenSSL without Crypto Support

2008-05-08 Thread David Schwartz
> I'm trying to build OpenSSL with least support for crypto > algorithms expt the cases where they are really needed for it to work . > My sole purpose of all this is to reduce the memory footprint of the > application that uses OpenSSL.. All I want is the procedure to do > so on a WIN32 platform