Hello all,
I am trying to use pkcs#11 engine as dynamic engine for Apache configured
with OpenSSL. I ran into segmentation faults when I hit Apache server with
multiple sslswamp clients. I tracked down the problem to
pk11_library_init() in hw_pk11.c where a child process tries to free the
memory a
DER and PEM
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of prabhu kalyan rout
Sent: Monday, November 28, 2011 1:04 PM
To: openssl-users@openssl.org
Subject: certificate storage format
Hi,
my question is how many certificate s
I'd welcome some advice on using an existing channel as authentication for
a new connection.
The client has a narrow authenticated channel to the server; I need to set
up a normal TLS connection to the same server authenticated by proof of
having the other connection. There is a client identifier
On 2011-11-29 04:15 +0100 (Tue), Peter wrote:
> It generally works, but after the command above is sent, i have to type in
> pass phrase manually. I need it to be done automatically.
I believe you can just remove the passphrase from the key file. This of
course has the obvious security implicatio
> From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> Sent: Monday, 28 November, 2011 00:35
> One more question here:
> In case of a server application, it is expected to send
> the intermediate certificates to the client. And in this case,
> is this API -- SSL_C
Hi,
I'm trying to find a way to make my PHP scipt capable of automatic
certificate revocation.
The script is run from console and the line looks like this:
exec("openssl ca -keyfile ca.key -cert ca.pem -revoke ".$userId.".pem");
which works like this:
openssl ca -keyfile ca.key -cert ca.pem -rev
It seems i forget to use ASN1_item_template :
ASN1_ITEM_TEMPLATE(N) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION,
1, N, ASN1_INTEGER)
ASN1_ITEM_TEMPLATE_END(N)
Now CHOICE encoding works.
BS
Franck
Le 28/11/2011 11:00, Franck Rupin a écrit :
Hello,
I try to encode
Does anyone know why the CertificateVerify message is still limited to a
max size of 514 bytes?
http://www.mail-archive.com/openssl-dev@openssl.org/msg13520.html
Is there any risk with increasing this to 4096 bytes?
Thank you.
Hello,
I try to encode in der format an ASN1 CHOICE, so I wrote test program.
In my header file the choice is defined as follow :
/* GMP ::= CHOICE */
/* none INTEGER */
/* supported OCTET_STRING */
typedef struct {
inttype;
union {
ASN1_INTEGER *non
I think I'm loadaing the correct DLL versions.
>From the Visual Studio IDE I can see that the libaye32.dll is loaded
from the debug folder where I copied it.
libeay32.dllD:\work\openssl\ssl_test\debug\libeay32.dll N/A N/A
Symbols
loaded. D:\work\openssl\ssl_test\debug\libeay32.pd
On 11/28/2011 3:56 PM, Michael S. Zick wrote:
On Mon November 28 2011, Jussi Peltonen wrote:
Mike,
Did you read the original post? Why does not the blowfish sample work
on Windows XP?
Yup,
My guess is a similar problem -
not loading the *.dll version that you expected/intended to load
or not l
On Mon November 28 2011, Jussi Peltonen wrote:
> Mike,
> Did you read the original post? Why does not the blowfish sample work
> on Windows XP?
>
Yup,
My guess is a similar problem -
not loading the *.dll version that you expected/intended to load
or not linking against the *.dll version that you
Mike,
Did you read the original post? Why does not the blowfish sample work
on Windows XP?
Jussi
2011/11/28 Michael S. Zick :
> On Mon November 28 2011, Jussi Peltonen wrote:
>> No, it doesn't work on Linux either, if I link my test program using
>> OpenSSL 1.0.0e.
>>
>> The test program works on
On Mon November 28 2011, Jussi Peltonen wrote:
> No, it doesn't work on Linux either, if I link my test program using
> OpenSSL 1.0.0e.
>
> The test program works on Linux if I link it differently.
>
> $ ldd blowfish
> libcrypto.so.1 => /usr/lib/libcrypto.so.1 (0x40022000)
> libc.
No, it doesn't work on Linux either, if I link my test program using
OpenSSL 1.0.0e.
The test program works on Linux if I link it differently.
$ ldd blowfish
libcrypto.so.1 => /usr/lib/libcrypto.so.1 (0x40022000)
libc.so.6 => /lib/i686/libc.so.6 (0x400de000)
libdl.so.2 =>
Hi all,
while going through a document i found there is a utility called ldif
which will take input a certificate and form a ldif file.
But in my openldap installation i didnt find this utility. Can anybody
tell me where to look for the utility.
Thanks
On 11/28/2011 8:33 AM, prabhu kalyan rout wrote:
Hi,
my question is how many certificate storage formats are available and
what are they?
just like del pks12
Fortunately, because X.509 certificates are all based on the same standard
(ITU-T standard X.509), there are actually very few formats i
On 11/28/2011 08:33 AM, prabhu kalyan rout wrote:
> Hi,
> my question is how many certificate storage formats are available and
> what are they?
>
> just like del pks12
To my knowledge, there is PEM, DER, PKCS#7 and PKCS#12.
cheers
Mathias
On 11/26/2011 6:00 PM, Lou Picciano wrote:
Can a certificate's expiration date be queried directly?
IE, apart from an expired cert being rejected out of hand, or from a
CRL being read to determine a cert's validitiy...?
I'm interested in reading the expiration from a loaded,
currently-valid
19 matches
Mail list logo
