Hello All,
I had written a simple client earlier which did a blocking read and
was able to retrieve the document from the server. Now, I am trying to
rewrite the code to do non-blocking read. But only part of the data is
showing. Can someone please show what's wrong? I am eliminating
variable decl
I think I have found an answer to my question #2 below. From what I can see,
when I generate a certificate chain, the sub CA certificate does not specify
key usage (assume this is due to my openssl.cnf configuration). When I sign my
endpoint cert with the sub CA cert, the openssl verification
Rij wrote:
> Hi All,
>
> I am absolutely new to this world of SSL, as will be evident from my
> confusions and questions.
>
> I am trying to write a client that will securely connect to N web
> servers every T seconds, and retrieve a document: info.txt.
>
> To test it, I wrote the following code
Hi All,
I am absolutely new to this world of SSL, as will be evident from my
confusions and questions.
I am trying to write a client that will securely connect to N web
servers every T seconds, and retrieve a document: info.txt.
To test it, I wrote the following code (borrowed from:
http://www.i
Solved it. If somebody else needs help, don't hesitate, please.
2009/7/14 Silviu VLASCEANU
> Hello,
>
> I want to add some new functionality to the crypto library in openssl and I
> need some help with the integration of the new code in the build system of
> openssl.
> I intend to add some sourc
It sounds like the question is "how do I lock the client private key,
so the user/attacker can't move it off the office PC?"
For the casual user, "If you do this, you'll lose your job" might work.
For a determined attacker, I can't see how any software-only solution
would work. Consider a hardwa
On Wed July 15 2009, Steffen DETTMER wrote:
> * Michael S. Zick wrote on Wed, Jul 15, 2009 at 07:38 -0500:
> > You can approximate that by grabbing the processor's silicon
> > serial number plus grab the USB stick's silicon serial number
> > plus a user input (partial) passphrase.
>
> I assume a g
* Michael S. Zick wrote on Wed, Jul 15, 2009 at 07:38 -0500:
> You can approximate that by grabbing the processor's silicon
> serial number plus grab the USB stick's silicon serial number
> plus a user input (partial) passphrase.
I assume a good virtualisation (maybe some patched VMWare or
alike)
Yes you are correct.This applies to only non-tech savvy users.They are not
going to export the certificate first of all and they are not computer
geeks,they are just common computer users.And they wont be having first hand
knowledge about exporting the certificate or even wont be knowing what a
ce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.0 Beta 3
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
OpenSSL is currently in a release cycle. The second beta is now released.
The beta release is available for d
On Wed July 15 2009, Dr. Stephen Henson wrote:
> On Wed, Jul 15, 2009, tito wrote:
>
> > thank you for replying..
> >
> > This is what I can conclude from the inputs i got.
> >
> > 1. Mozilla has no way to lock/disable the private key export when we export
> > the certificate.
> >
> > 2. I woul
Thanks a lot for the reply..
In the case of IE during the generation (generatePKCS10) we can set an
option that whether we want to enable/disable the export of private key. And
when I did that and tried to export the certificate from IE,the private key
export option was disabled in the wizard.
B
On Wed, Jul 15, 2009, tito wrote:
> thank you for replying..
>
> This is what I can conclude from the inputs i got.
>
> 1. Mozilla has no way to lock/disable the private key export when we export
> the certificate.
>
> 2. I would have to trust my agents/or write in contract , that he will not
>
On Mon July 13 2009, David Schwartz wrote:
>
> > > I would use the public-key fingerprint, unless the trust chain
> > > is verified
> > > from a fixed set of trusted issuers.
>
> > Did you mean fingerprints instead of caching certs or instead of
> > issuer/serial?
> >
> > xw
>
> Instead of anyth
I am recieving this error when decryption routine is executed to decrypt the
encrypted input.
someone pls tell me the reason for this error and if possible what we need
to do in order to solve this.
Code Snippet for Decryption:
int
decrypt (int infd, int outfd)
{
unsigned char outbuf[IP_SIZE]
thank you for replying..
This is what I can conclude from the inputs i got.
1. Mozilla has no way to lock/disable the private key export when we export
the certificate.
2. I would have to trust my agents/or write in contract , that he will not
use the certificate other than the designated PC whe
You are, oddly, the first person I've actually seen who has a reason
(along the boundaries of X.509) to allow any certificate the user
wants to authenticate with, regardless of whether the CA is known.
It is entirely possible to do what you want, within TLS and X.509.
(X.509, by the way, is an ITU
* tito wrote on Wed, Jul 15, 2009 at 09:19 +0530:
> Now the threat is, If an agent export the certificate he
> acquired in a USB or in someother way and goes to his home pc
> or somewhere else and he imports the certificate to his
> personal PC and started doing transactions.
>
> He shouldnt be abl
@Naveen ,
I am afriad that would not be possible.
1. The agent request using a webpage,There is no way in Javascript you can
get the MAC address.
2. Will the private key export be locked if we give CN as MAC address,i dont
think so.
3.What if the agent takes the network card out and plug into h
Hi,
Can you not generate a certificate with the common name as the MAC
address of the PC.
Thanks and regards
Naveen
tito wrote:
Thanks a lot for the reply David.
First I will explain my threat model. I have got lot of employees who
do some transactions around the world sitting in their branc
20 matches
Mail list logo
