RE: Losing extension Alternative Names on signing

> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills > Sent: Monday, 20 August, 2012 16:05 > I create a certificate request that includes -reqexts usr_cert. The [ > usr_cert ] section specifies two additional names. > > I display the request and see them: > I then sign the request

Re: Looking for advice on session renegotiation

On 2012-08-20 08:39 -0400 (Mon), Charles Mills wrote: > What I am mostly looking for is some clue as to what would be a good default > for how often to force renegotiation: every megabyte? Every ten megabytes? > Every 100 megabytes? While we're at it, I've got a long-running application as well,

RE: CA-signed certificate reported as self-signed

> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills > Sent: Monday, 20 August, 2012 15:32 > Sorry to have so many questions ... > > I create a certificate request. I sign it with > > openssl.exe ca -in MYNOTEBOOK_server.req.pem -config CMC_root_config.cnf > -out MYNOTEBOOK_server

Re: OpenSSL ECCN #

On 08/20/2012 02:38 PM, Alona Rossen wrote: > Hello, > > We need OpenSSL ECCN # for our records. Please advise if this > information can be obtained. > > Thank you, > > Alona Rossen I get asked that a lot. The short answer is that OpenSSL is not a U.S. product. I have a standard blurb I send

Losing extension Alternative Names on signing

I create a certificate request that includes -reqexts usr_cert. The [ usr_cert ] section specifies two additional names. I display the request and see them: Requested Extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: DNS:MYNOTEBOOK, DNS:localh

CA-signed certificate reported as self-signed

Sorry to have so many questions ... I create a certificate request. I sign it with openssl.exe ca -in MYNOTEBOOK_server.req.pem -config CMC_root_config.cnf -out MYNOTEBOOK_server.pem -verbose -cert CMC_root.pem -keyfile CMC_root.key.pem OpenSSL reports Everything appears to be ok, creating a

Re: Compiling for debug

On Mon, Aug 20, 2012, Ken Goldman wrote: > I'm trying to compile openssl for: > > Linux, 32-bit on a 64-bit machine, shared libraries, and debug. > > The closest I found was: > > > ./Configure linux-elf -m32 -shared -g > > but this still does -O3, and the optimizer doesn't work well with > the

RE: OpenSSL ECCN #

Take a look at http://www.mail-archive.com/openssl-dev@openssl.org/msg20931.html and the replies thereto. (Maybe I can answer one for a change LOL.) Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Alona Rossen Sent: Monday, August 20, 201

Re: OpenSSL ECCN #

Hi, There was a similar question years ago. Here is a link to its answer : http://marc.info/?l=openssl-users&m=123357572413547 I don't know if it is still relevant. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/20/2012 8:38 PM, Alona Rossen wrote: Hello, We need OpenSSL ECCN # f

Re: Compiling for debug

On Mon, Aug 20, 2012 at 4:54 PM, Ken Goldman wrote: > I'm trying to compile openssl for: > > Linux, 32-bit on a 64-bit machine, shared libraries, and debug. > > The closest I found was: > > > ./Configure linux-elf -m32 -shared -g > > but this still does -O3, and the optimizer doesn't work well wi

OpenSSL ECCN #

Hello, We need OpenSSL ECCN # for our records. Please advise if this information can be obtained. Thank you, Alona Rossen

Compiling for debug

I'm trying to compile openssl for: Linux, 32-bit on a 64-bit machine, shared libraries, and debug. The closest I found was: > ./Configure linux-elf -m32 -shared -g but this still does -O3, and the optimizer doesn't work well with the source level debugger. Any clues for changing -O3 to -O0?

RE: How tell OpenSSL to prompt?

Much better. Thanks. Sorry for the dumb question. I have limited Windows development experience. Charles -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Monday, August 20, 2012 9:11 AM To: openssl-user

Re: How tell OpenSSL to prompt?

On Mon, Aug 20, 2012, Charles Mills wrote: > > http://www.openssl.org/docs/apps/config.html > > Okay, thanks, I had seen that. I thought there must be more. > > > Did you run openssl.exe from the same command prompt where you > > typed the SET commands? > > Absolutely. It is in fact a .BAT file

Re: How to extend key usage

Hi Eric, Perhaps you should have a look at the 'X509V3 Extension code: programmers guide' section in \doc\OpenssLtxt file. I found also this link helpful : http://kahdev.wordpress.com/2008/11/29/stack_of-subject-alternate-name-and-extended-key-usage-extensions/ Hope this helps. Michel Le 16

Looking for advice on session renegotiation

I understand the basics of session renegotiation. (And yes, I am familiar with http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATIO N.) Not clear to me: should I be setting SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION? What I am mostly looking for is some clue as to what w

RE: How tell OpenSSL to prompt?

> http://www.openssl.org/docs/apps/config.html Okay, thanks, I had seen that. I thought there must be more. > Did you run openssl.exe from the same command prompt where you > typed the SET commands? Absolutely. It is in fact a .BAT file. The following is an exact cut-and-paste from the file, wit