"Kevin Murphy" writes:
[...]
> I came accross a couple "howto" articles for setting up one certificate that
> will cover all virtual hosts on a web server... one static IP, one
> certificate,
> multiple sites, lots of saved money!
Hi Kevin,
Those sites describe a way to put multiple certifica
If you create a softlink to the real target directory, that seems to
work...
cd /usr/local/ssl
ln -s fips-1.0 /usr/local/ssl-fips
Please respond to openssl-users@openssl.org
Sent by:owner-openssl-us...@openssl.org
To: openssl-users@openssl.org
cc: (bcc: Dan Mitton/YD/RWDOE)
Su
I've managed to build/install openssl 098j+fips12 on
(1) a PPC mac, running OSX 10.5.6
uname -a
Darwin mac 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:39:01 PST
2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh
(2) a shared, Debian host,
uname -a
Linux cobra 2.6.24.5-ser
Hi OpenSSL Users,
I am setting up an Ubuntu 8.10 LAMP server on a Linode VPS. I have an older
Ubuntu 6.10 vps set up as well that I configured with self signed
certificates and CACert. I would like to set this new server up with a
certificate from Thawte, or Verisign, et el (I'm open to suggesti
Hi,
As far as I know, it's only supported in the 0.9.9 development tree
through the introduction of the new type EVP_PKEY_CTX and the new
functions EVP_PKEY_sign_init and EVP_PKEY_sign. Personally, I find it
simpler to implement this scheme using the low level primitives I showed
you in my sa
On Thu, Jan 08, 2009, Carter Browne wrote:
> I compiled openssl-0.9.8j without problems under Linux. When running
> under Windows XP SP3, Visual Studio 9, using option do_ms, nt.mak
> compiled without error.
> ntdll.mak had the following fatal compiler error:
>
> Building OpenSSL
> cl /Fotmp
A client cert is only sent when requested by the server, so that makes
this a Tomcat/apache issue, not an OpenSSL issue.
apps/s_client demo app supports transmission of client cert upon
request (try this in conjunction with the apps/s_server OpenSSL demo
app, for instance).
Check out this:
https
On Thu, Jan 8, 2009 at 7:58 AM, Dr. Stephen Henson wrote:
> If you want to move the validated module elsewhere afterwards you can do
> provided you keep to the permission requirements of the security policy.
>
> Once you've installed the validated module you can then use OpenSSL 0.9.8j to
> build
I compiled openssl-0.9.8j without problems under Linux. When running
under Windows XP SP3, Visual Studio 9, using option do_ms, nt.mak
compiled without error.
ntdll.mak had the following fatal compiler error:
Building OpenSSL
cl /Fotmp32dll\ec_asn1.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3
Hi,
You can achieve the same by following these steps :
- Call the function "PEM_read_X509" to obtain an "X509" pointer from
the certificate file.
- Call the function "X509_get_pubkey" on this pointer to obtain an
"EVP_PKEY" pointer.
- Call the function "PEM_write_PUBKEY" on this point
* Md Lazreg wrote on Thu, Jan 08, 2009 at 15:11 +0100:
> The problem in my case was a server one. I use a non-blocking socket for the
> server to receive information from the clients, so the server performs a
> select with a timeout of 1 second to read information. It turns out that
> when they are
> then you can try X509_set_pubkey() (in x509.h) to obtain the "EVP_PKEY *"
> object
of course i meant X509_get_pubkey().
_
Windows Live™: Keep your life in sync.
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_allup_howitw
if you have the "X509 *" object (in your code), then you can try
X509_set_pubkey() (in x509.h) to obtain the "EVP_PKEY *" object, then you can
use the various PEM_write_..._RSAPublicKey() (in pem.h).
_
Windows Live™ Hotmail®: Chat.
On Thu, Jan 08, 2009, PGNet wrote:
>
> > This is an unfortunate side effect of gcc being stricter about function
> > pointers
> ...
> > The actual errors you see are not part of the validated module but part of
> > the rest of OpenSSL. If you complete the make process once (despite the
> > crashe
As a test, ignoring the UserGuide's admonition about user-config
options to FIPS build, with a TARGET = "darwin-ppc-cc", this,
./config --prefix=/usr/local/ssl-fips fipscanisterbuild
make
make install
installs FIPS as directed in "/usr/local/ssl-fips".
Then, building openssl 098j,
mv /usr/i
Perhaps, but is there anything I can do to fix this issue? These sites load
fine via browsers so I am in a tough position trying to say it's a problem with
the server configuration even if it is. Any help you can provide would be
appreciated. Thanks.
-- Matt
-Original Message-
From: o
Dear users,
I want to extract public key from certificate (*.cer file) in C++ (with
visual C++).
In command, I can do that with this command : c:\OpenSSL\bin\openssl
x509 -inform pem -in certificate.cer -pubkey -noout > publickey.pem
Could you telle how to do that in C++?
Thanks in adv
I am using OpenSSL 0.9.8g/h, followed the following path,
C:\SSL\openssl-0.9.8g_win32\openssl-0.9.8g_win32\bin>openssl pkcs12 -in
c:\ssl\s
arojesh05012009.pfx -out c:\ssl\choice.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
C:\S
Hi,
On Thu, Jan 8, 2009 at 12:42 AM, Kyle Hamilton wrote:
> Which version of Xcode do you have installed?
XCode v3.1.2, build 1149
> Which version of gcc are you using (3.x or 4.x)?
gcc version 4.2.1 (Apple Inc. build 5566)
> On Wed, Jan 7, 2009 at 12:41 PM, PGNet wrote:
On Thu, Jan 8, 200
I have solved my problem.
The problem in my case was a server one. I use a non-blocking socket for the
server to receive information from the clients, so the server performs a
select with a timeout of 1 second to read information. It turns out that
when they are network issues, 1 second is not eno
On Wed, Jan 07, 2009, PGNet wrote:
> I'm building fips 1.2 on OSX,
>
> uname -a
> Darwin pb.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24
> 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh
>
> Config,
>
> cd /usr/local/src/openssl-fips-1.2
> ./config fipsc
I would expect it has something to do with the following change (from
0.9.7b CHANGELOG):
+ *) Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get
This vulnerability only comes into play during active TLS sessions.
Certificate chain validation is not affected.
S/MIME is not affected.
Quoting Dr Henson (a later message, Message-ID
<20090107184137.ga99...@openssl.org>):
> Certificate chain validation is not affected nor other forms of DSA/ECD
--- On Wed, 1/7/09, Dr. Stephen Henson wrote:
> Incorrect checks for malformed signatures
> - ---
It is not perfectly clear to me if regular certificate validiations and smime
signature validiation is also affected by this. Could you please elaborate if
Hi Mounir:
Thanks a lot for the sample code, it answers all my questions!
Do you know if PSS is going to be part of the next release for RSA signatures?
Cheers
-- Chev
__
OpenSSL Project http://www.o
Hello,
I've recently come across a problem with openssl versions over 0.9.7a. I
have a network of approximately 100 servers using curl to access
different websites. Some of the servers are using openssl 0.9.7a and
some are using 0.9.8b. We recently encountered a problem accessing some
sites uti
The 'ranlib' warnings are normal on OSX, for whatever reason. I get
them on the i386 version.
The "non-compatible type" warnings, though, are not.
Which version of Xcode do you have installed? Which version of gcc
are you using (3.x or 4.x)?
-Kyle H
On Wed, Jan 7, 2009 at 12:41 PM, PGNet wro
27 matches
Mail list logo
