PEM_write_X509
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
> >excellent source of random data available to you
>
> I thought consensus was that since it was a closed system,
> whiten it or use it as input to entropy.
This is what OpenSSL does when you use RAND_screen(). It munges it up
numerous items, including the PRNG, through a cryptographic hash
> > I am planning to use SSL with the IO completion port model under
> > win2K. Does anyone know of an existing BIO suitable for this ? I
> > haven't been able to find one, so thought I would write my own.
> > However, there seem to be hard-coded BIO_TYPE values for
> the different
> > bios in
> So, does EVP_CIPHER_CTX_cleanup free the context's memory as well as
> clearing it, or is that left to me? I can't seem to find that
> in the man pages...
A quick inspection of the code, suggests that NO memory is actually
allocated (the EVP_CIPHER_CTX contains pre-sized buffers for all
the ne
> I guess I'm unclear about whether a context is something that's applicable
to an
> entire session or simply to one message. I tried it the former way, but
> when I went to encrypt the second message, it included a part of the first
> message that it had encrypted, which leads me to believe that
I'm still trying to see how X509_NAME_ENTRY objects are used to represent
RDN's that contain multiple attribute-value assertions (AVA's).
I assume this has something to do with the 'set' variable in the
X509_NAME_ENTRY structure.
Lutz? Steve? Any help would be seriously appreciated.
Thanks,
> memcpy(iv, "12345678", 8);
> EVP_BytesToKey(EVP_idea_cbc(), EVP_md5(), "salt", pw,
> strlen(pw), 1, key,
> iv);
The salt value should be at least 8 bytes long - you're getting 3
random bytes here.
You don't need to specify an iv value as this function creates it.
- Dale.
Have a look in the archive:
http://marc.theaimsgroup.com/?l=openssl-users
under the author 'Dale Peakall' and
look for the subject 'Client Auth in IE'.
- Dale.
__
OpenSSL Project
> Is OpenSSL available on WinCE? I am using the libeay32
> library of OpenSSL
> for some hashing functions, and need to have it on WinCE. Any
> help/comment
> on this would be greatly appreciated.
Compiling OpenSSL on WinCE would be a significant challenge as there
is a distict lack of a C-runt
> I have problems with Libeay32.dll which crashes when
> I use SSL in multiple threads. The code that the thread executes
> is always the same. Everything works well if there is only one thread,
> but when there is several threads it crashes.
> I get following message:
> Unhandeled exception in
> I need a new OID in the certificate. This OID is DC
>
> The DC I want is the top level element in the Distinguished Name.
> Ie. dc = cn, ou, o, dc
>
> [ new_oids ]
> # We can add new OIDs in here for use by 'ca' and 'req'.
> # Add a simple OID like this:
> # testoid1=1.2.3.4
> # Or use config
> > This is a non-authenticated attribute. i.e. it's not
> > signed and can be changed by the user without changing
> > the certificate signature.
>
> Wrong. *Everything* in a certificate is signed.
Don't you hate it when you're wrong. Was confusing myself
with S/MIME and M$'s certificate p
> What do You think? May I use the netscape_comment extension to hold my
> application specific information in text form (maybe in base64)?
This is a non-authenticated attribute. i.e. it's not signed and can be
changed by the user without changing the certificate signature.
So don't use it for
> > Not quite sure what you mean by bogus certificate.
> Test certificates (Snake Oil and such).
OK.
> > The protection of this private-key is what's important here.
> > You may rely on the hardware being physically secure to prevent the
> > key being stolen, or on the operating system, or requi
> I need to set up secure access to Web accessible database.
> I'm going to be using Apache on a Linux machine, which I have
> already started trying out with bogus certificates. However,
> I need some help on the client side.
Not quite sure what you mean by bogus certificate.
> I know that bot
> The apache/mod_ssl "HowTo" states that a directory can be > defined to require
>clients to be authenticated for a particular
> URL based upon client certificates signed by a certificate
> specified by the keyword SSLCACertificateFile. I assume
> that this implies that I can use my own self-si
> I've read that 3 types of certificates exist. From "class 1"
> to "class 3" (the higher the safer). How could I find, in a
> certificate created thanks to openssl, the number of the class
> it belongs to ?
You've been misinformed. Certificates have no intrinsic class.
Verisign, a commercial
> I'm a newbie in SSL and I need your advice.
> I've just setup an Apache with OpenSSL configured using Mod_SSL.
> I've created my own certificate using the command
> o make certificate TYPE=custom
>
> I am able to start the SSL-enabled Apache.
>
> However, when I try to access the secure site
OpenSSL is a library used for developing applications that can
communicate using the SSL/TLS link-layer encryption facilities.
Link-layer encryption can be used to carry any other protocol. This
is demonstrated by the 'stunnel' application that can be used to
transparently add SSL encryption to
A couple of questions:
1. As far as I can see the DN's stored in the index.txt file does not
differentiate
between a list of RDN's, and RDN's with multiple AVA's. i.e. they are all
seperated
by a slash '/' character. Is this correct?
2. What's the escape character used (for example to quote an
> I know this seems to have been answered before but I'm
> not really having any joy with the previous solutions.
> I've created a self-certified CA certificate using openssl
> which has been installed into IE. I've then created a user
> cert which has been signed by the CA, converted it to the
ficate: IE
pops up a dialog and asks which
certificate I'd like to use - the problem is no certificates are listed.
What's going on?
Cheers,
- Dale.
--
Dale Peakall
mailto:[EMAIL PROTECTED]
_
> I have a private key created by the ssleay cert. cookbook. The
> problem is that this key is encrypted , but , to make
> the OpenLDAP server TLS enabled , I need to have the
> private key in clear text.
>
> Please guide me to any tool which can do the same.
Please read the FAQ. http://www.open
> I'm still fighting against casual fall-downs with my server and OpenSSL. I
> found an interesting point from OpenSSL man pages that mentioned two
> important call back functions that have to be set. "locking_funktion" and
> "id_function". If I understood correctly the id one is not
> needed with
You need to determine what the SSL error is that you're receiving (use
SSL_get_error).
It may well be SSL_ERROR_WANT_READ saying that you need to call SSL_read
again for it to
get all the data you've requested (particularly if you're using non-blocking
sockets).
- Dale.
> I need to create an RSA (or DSA) key structure in C++ program given the
> fact that the key is stored in external file. This key will be the
> public key used for the verification of the digital signature. I have
> browsed the crypto(3) online documentation but I have found no easy way
> of doi
> SSL/TLS can only work on top of TCP.
Rubbish, a collegue of mine integrated SSLeay into our OSI stack, and was
able to run SSL on top of TP0/X.25, TP4/(CLNP), as well as TP0/RFC 1006 ->
TCP.
__
OpenSSL Project
> I am doing that. I am using the same function which s_server uses to load
> the DH parameters. But I still get this error message. Can anything else
be
> wrong?
The "no shared ciphers" message can occur for at least one reason that has
nothing
to do with cipher suite negotiation per se. One I
28 matches
Mail list logo
