> From: owner-openssl-us...@openssl.org On Behalf Of Pascal Delaunay
> Sent: Thursday, 23 September, 2010 12:00
> The "database" file (an option in your openssl.conf) handles that
perfectly.
If you use 'ca'; or as Patrick Patterson said, the scripts which do so.
Not 'x509 -req
On 9/23/2010 11:42 AM, zhu qun-ying wrote:
Hi,
I have an SSL apllication, that it suppose to run for a long time. After some
time of running, I found the usage of the memory is growing. I stop all SSL
connections and checked all SSL * has been freed but it could not release the
memory back
On 9/23/2010 7:16 AM, Gumbie wrote:
Can someone explain what is needed to create and EV (Extended
Validation) Certificate? I have been trying to research this and have
found limited information on this. Only one document that was of any
help -àhttp://www.cabforum.org/EV_Certificate_Guidelines.
> From: owner-openssl-us...@openssl.org On Behalf Of Panikulam Vivek
> Sent: Thursday, 23 September, 2010 10:53
> I have generated a private key using the below command and
> want to extract the public key in a format that is compatible
> with sites using Java.
>
Hi,
I have an SSL apllication, that it suppose to run for a long time. After some
time of running, I found the usage of the memory is growing. I stop all SSL
connections and checked all SSL * has been freed but it could not release the
memory back to the system.
After some investigation, I f
Hi List,
Is there way to set openssl default ciphers ("“DEFAULT”), that all
openssl enabled programs use by default?
Without recompiling the openssl?
br,
--
Eero
__
OpenSSL Project http://www.open
Hi,
The "database" file (an option in your openssl.conf) handles that
perfectly.
Cheers
Pascal
2010/9/22 Andy GOKTAS
> So using the "-CAserial serial.srl" might be a good idea to avoid this.
>
> Now this leads me to the next question:
> - Besides manually documenting a cross-reference for
Hey there:
Well, the first thing to do to be able to issue EV certs and have them
recognised by the various browsers is to build a CA and issuance regime that
will pass an audit according to the rules from the CABrowser folks, do a proper
key ceremony, and then have that audit.
And then, wait
Hi Andy:
If you use the OpenSSL CA scripts as shipped and documented both in the OpenSSL
document, the book, or numerous places on the web, they already use "index.txt"
as a list of all issued certificates. So no extra work is needed.
Have fun.
Patrick.
On 2010-09-22, at 4:52 PM, Andy GOKTAS
Hodie IX Kal. Oct. MMX, Gumbie scripsit:
> Can someone explain what is needed to create and EV (Extended
>Validation) Certificate? I have been trying to research this and have
>found limited information on this. Only one document that was of any help
>-àhttp://www.cabforum.org/EV_C
Hi All,
We are using OpenSSL (binaries built as static version) in our application.
We are using the version 0.9.8i and the size of libeay32.lib (built in 32 bit
windows) is 3.392 MB.
We are thinking of updating to latest version of OpenSSL 1.0.0a.
When we built the binaries for 1.0.0a (static v
Would be great if I can get answers to the below questions
thanks
aparajita
From: Aparajita Sood (apsood)
Sent: Tuesday, September 21, 2010 11:54 AM
To: 'openssl-users@openssl.org'
Subject: REGD : openssl vulnerability CVE-2010-2939 : double in
ssl3_get_key_exchange
Hi OpenSSL Folks,
I'm e
How does one handle a suspend/resume power cycle when using OpenSSL?
Specifically, suppose one is in the middle of a SHA-1 Init/Update/Final
sequence when the suspend signal occurs? What happens to SHA_CTX?
I know I can save and restore SHA_CTX by peering into the structure. I
also know that
So using the "-CAserial serial.srl" might be a good idea to avoid this.
Now this leads me to the next question:
- Besides manually documenting a cross-reference for each certificate that I
sign to a serial number, is there any way to have this scripted and for an
appending log to the serial
Great! Thanks for that information Patrick. :)
Thanks,
Andy Goktas
>>> Patrick Patterson 9/17/2010 6:11 AM >>>
Hi Andy:
Well, aside from violating most of the standards around PKI, the main problem
you will have is revocation - the way you revoke a certificate is to put it's
serial number
Hi
I have generated a private key using the below command and want to extract the
public key in a format that is compatible with sites using Java.
openssl genrsa -out priv_key.txt 1024
Is there a command in openssl that will extract the public key for this private
key in a cert file or xml for
Thanks for the suggestion, but I've already tried that, more or less
My web server config already has that mime type configured, and the
client is capable of recognizing the properly served filetype. I've
tried installing certificates through IE's wizard automatically in such
a way... as we
Can someone explain what is needed to create and EV (Extended Validation)
Certificate? I have been trying to research this and have found limited
information on this. Only one document that was of any help
-àhttp://www.cabforum.org/EV_Certificate_Guidelines.pdf.
My issue is with OpenSSL and
I disagree; according to
http://blogs.msdn.com/b/vcblog/archive/2006/10/20/crt-initialization.aspx
.CRT$XCU is for setting up static initializers. Also, the text of the
source file from which the assembler file is generated gives a hint that
it is a call:
.extern OPENSSL_cpuid_setup
.se
Actually, that section (specifically, the DQ line) places a single
pointer constant in a data section with the "magic" name ".CRT$XCU".
Background:
The Microsoft linker, upon seeing a $ sign in a section name will
merge this section with all other sections name ".CRT" or
".CRT$whatever", but on
Sorry, I think I should make clear that I'm using two different
setups... one for the CA and another for the end user certificate.
For example, my CA is in /etc/pki_MessageNet/CA while my end-user is in
/etc/pki_MessageNet/tls --- so when I generate my CA keys, it has its
own config file / sco
According to my understanding, that section is just a declaration of an
external function. The section is needed to be there only if the function is
called in the x86_64cpuid.asm. So, I don't think it will affect anything. In
fact, my x64 version build runs perfectly. (I am using openssl 1.0.0 and
I think we're on to something here... thank you for your time and
attention, btw!
I still can't see anything about the AIA thing, but I took another go at
the basicConstraints and keyUsage, and seem to have slightly better
results. I changed basicConstraints to True (it was FALSE by default),
Sure.. but please excuse me as this is the first time posting on this
forum ~ post in plain text or does this system support attached files?
Patrick Patterson wrote:
Hi Chris:
Can you post the certificates in question? My guess is that you don't have the
various extensions set according to t
Hi,
Thanks for your suggestion! But as far as I see, the assembler code in
x86_64cpuid.asm _is_ the reference to OPENSSL_cpuid_setup! The runtime
will call the functions given in the .CRT$XCU section before calling the
main() entry. And it seems to me that the OPENSSL_cpuid_setup function
in
On Thu, Sep 23, 2010 at 10:08:40AM +0200, Nacho ?lvarez wrote:
> That's not the problem, I think, because if the only instruction of the
> function is:
>
> int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) {
> return 1;
> }
>
> I get the "segmentation fault" when the rsa_keygen end
That's not the problem, I think, because if the only instruction of the
function is:
int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) {
return 1;
}
I get the "segmentation fault" when the rsa_keygen ends. But if I return 0
or -1 (errors) OpenSSL reports me "error in genrsa" and ca
Thank you Christian, it helped to decode the kerberos principal name .
The code worked.
Regards
Naveen
Christian Hohnstaedt wrote:
On Wed, Sep 22, 2010 at 05:48:07PM +0530, Naveen B.N wrote:
Thank you Christian,
your suggestions helped us to get the position but as you mentioned the
problem
28 matches
Mail list logo
