Hi,
seconds after I send the previous mail, I found the bug in my code. It is
working with Benjamin's suggestion.
Thanks
Jens
On 12/11/2022 11:18, Dirk Menstermann wrote:
Hi Benjamin,
thanks for your response. I updated to 111s and replaced the SNI callback with
the ClientHello callba
:12, Benjamin Kaduk wrote:
On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote:
Hello,
I did few experiments with early data but was not successful in solving my
exotic use case: "Using early data dependent on the SNI"
I control the server (linux, supports http2) based
nto the client hello and parse it
without OpenSSL, extracting the SNI and make it then like in 2), but I wonder if
there is a better way.
Any idea?
Thanks
Dirk
Hello,
The work-around is to put the DH parameters first.
That would mean changing external interface of the software which I don't
like much.
Otherwise, you'd need to resort to the more general OSSL_STORE API,
which loads objects of various types, and you can then ignore the ones
you don
Hello,
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_dh.c#L148-L205
Thanks a lot. Works in principle now with one exception. The previous
approach worked for a file, where first comes the PEM certificate and
afterwards the DH params. The new approach only works when th
Hello Tomas Mraz,
it is somewhat unclear to me why do you consider the migration_guide(7)
useless in this regard. Citing it:
[...description...]
The openssl documentation may be logical for someone who knows all the
parts and how they work together, but for everybody else it's a large
glob
Hello,
when upgrading to openssl3 my code states that some functions are
deprecated in openssl 3, but even after reading documentation I was
unable to find a non-deprecated replacement.
Task is to read DH parameters in PEM format from a file and use them for
the current "context" and if not
On 25 May 2022, at 09:16,
wrote:
> I’ve a server application and need to support RSA and ECC clients at the same
> time.
> I don’t know which certificate from my local keystore I have to send to the
> client, btw I have a rsa and a ecc certificate in my keystore already.
> I don’t know with w
On 24 Aug 2021, at 09:47, murugesh pitchaiah
wrote:
>
> Hi,
>
> I am working on generating the x509v3 certificates for ssh user. I see
> with the default_md as 'sha256', in openssl.cnf file, the
> key/certificate is generated with algorithm type as 'x509v3-sign-rsa'.
>
> I see its signature al
> On 5 Aug 2021, at 02:54, Michael Richardson wrote:
>
>
> Dirk-Willem van Gulik wrote:
>> I have very large globs of on the fly generated data that are to be
>> signed and output as a base64 payload followed by a separate PKCS#7
>> package with a detach
I have very large globs of on the fly generated data that are to be signed and
output as a base64 payload followed by a separate PKCS#7 package with a
detached signature at the end of the transmission[1].
I’d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(),
disk-storage or sim
Try sending that block to
pbpaste| xxd -r -p | openssl asn1parse -inform DER
0:d=0 hl=3 l= 190 cons: SEQUENCE
3:d=1 hl=2 l= 52 cons: cont [ 1 ]
5:d=2 hl=2 l= 50 cons: SEQUENCE
7:d=3 hl=2 l= 11 cons: SET
9:d=4 hl=2 l= 9 cons
I am hitting a head end and must be missing something obvious.
Below is the code - it verifies a signature. And it segfaults regularly on the
PKCS7_free(p7);
And I fail to understand why - and suspect it is very obvious !
Any and all help appreciated.
Dw
#define EXITOUT(args...) { EOUT(args);
I am converting an unsigned integer (P,Q of an ECDSA 256 bit curve) from a 32
byte array (as provided by Microsoft its .NET cryptographic framework) to an
ANS1_INTEGER.
The steps taken are:
unsigned char in[32] = ..
r = BN_bin2bn(in, 32, NULL);
BN_to_ASN1_INTEGER(r, as
Answering my own question - I forgot the END of sequence in the marco.
Functional code below.
Dw.
> On 28 Aug 2020, at 15:49, Dirk-Willem van Gulik wrote:
>
> I've got a very simple sequence of to integers that I am trying to convert to
> DER.
>
> Bt I am getting an e
I've got a very simple sequence of to integers that I am trying to convert to
DER.
Bt I am getting an error or segfault in the final i2d step (lengt -1 for
i2d_X9_62).
Any advice on what is going wrong here ?
With kind regards,
Dw.
#include
#include
#include
#include
#include
#includ
The key is generated by a lovely HSM - which is by its nature a bit of a closed
box. Whose vendor is very sure its software is right.
So this helps a lot - and helps confirm what we thought !
Thanks,
Dw
> On 8 Aug 2020, at 04:16, Frank Migge wrote:
>
> Hi Dirk-Willem,
>
&g
Below CSR gives me an odd error with the standard openssl REQ command:
openssl req -inform DER -noout -pubkey
Error getting public key
140673482679616:error:10067066:elliptic curve
routines:ec_GFp_simple_oct2point:invalid encoding:../crypto/ec/ecp_oct.c:312:
1406
On 25 Jun 2020, at 17:14, Tom Browder wrote:
> Can anyone tell me how to generate an acceptable client cert for an iPad?
>
> I have so far been unable to find out the file format needed.
>
> I generated client cert files for my classmates over seven years ago in p12
> format and they still wor
I am trying to implement a bit of Rust / Zenroom (the context is performance
testing on very small devices for DP-3T privacy preserving content tracking[3]):
Rust (i is 0 .. 10)
let mut iv = [0u8; 16];
iv[12..16].copy_from_slice(&i.to_be_bytes());
let mut block = GenericAr
Makes perfectly sense. Thank you.
> Am 25.03.2020 um 18:49 schrieb Viktor Dukhovni :
>
> On Wed, Mar 25, 2020 at 05:47:01PM +0100, Dirk wrote:
>
>>>> My expectation (maybe wrong) is that the serial and the issuer name belong
>>>> to
>>>> the
Thank you Victor. Can you point me to the rfc that defines this?
Best
Am 25.03.2020 um 15:32 schrieb Viktor Dukhovni :
>
>
>>
>> On Mar 24, 2020, at 11:12 AM, Dirk Menstermann wrote:
>>
>> My expectation (maybe wrong) is that the serial and the issuer n
Hi,
I’m using OpenSSL 1.1.1 to issue a certificate and include the AKI by defining
authorityKeyIdentifier = keyid,issuer:always
The issued certificate contains the AKI afterwards with 3 values:
KeyID: issuer's key id
Serial: issuer's serial
Issuer: the issuer’s issuer, not the issuer’s subje
> On 20 Mar 2020, at 22:12, Salz, Rich via openssl-users
> wrote:
>
> The doc/man5/config.pod file says to use
> 1.OU = “My first OU”
> 2.OU = “My second OU”
>
> But doc/man5/x509v3_config.pod says to append the numeric, as in
> email.1 = stev
I'd like to use the
crl_reasons
table in v3_enums.c as the single source of truth (as opposed to building this
list into other tooling - because; as it skips the number 7 - is very easy to
get wrong & some opensource tools do get it wrong).
Now there is a i2s_ASN1_ENUMERATED_TABLE() -
> On 20 Feb 2020, at 08:43, Dirk-Willem van Gulik wrote:
>> On 20 Feb 2020, at 08:38, Estefania wrote:
>> I would like to ask if it is possible to create a p12 just with a .pem with
>> private key but not certificate.
>
> Try
>
> openssl req -x509 -subj
> On 20 Feb 2020, at 08:38, Estefania wrote:
>
> Hi guys.
>
> I would like to ask if it is possible to create a p12 just with a .pem with
> private key but not certificate.
Try
openssl req -x509 -subj /CN=foo -keyout /dev/null -nodes | openssl
pkcs12 -out sample.p12 -export -certs
On 31 Jan 2020, at 01:25, Douglas Morris mailto:dougbmor...@yahoo.com>> wrote:
> Interesting. I think I misunderstood this explanation about the -signkey
> option: "This option causes the input file to be self signed using the
> supplied private key."
>
> Your input has me thinking that a cer
> On 30 Jan 2020, at 21:38, Douglas Morris via openssl-users
> wrote:
>
> I am trying to implement automated domain certificate renewal. A certificate
> signing request is sent to an ACME server and on success a certificate is
> returned. I'd like to be able to call OpenSSL to make a new key
Thanks a lot Dave. That helped.
Bye
Dirk
On 23.11.2017 18:04, Dave Coombs wrote:
> Hi Dirk,
>
> First point: you are populating distpoint->name.relativename (which is a
> union member) but setting the discriminator distpoint->type to 0, which
> indicates to use
e extension will be added, but is empty.
Do you see where it breaks?
Dirk
On 22.11.2017 15:04, Dave Coombs wrote:
> You can use X509V3_EXT_i2d(NID_crl_distribution_points, critical, sk) where
> sk is a STACK_OF(DIST_POINT) that you have previously filled with multiple
> URIs.
icate, ext, -1);
Thanks a lot
Dirk
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> On 27 Sep 2017, at 20:02, Michael Wojcik
> wrote:
>
>> What is the most natural way to generate private keys using openssl but
>> store them on a specific hardware tokens?
>> Reading/writing is implemented via engine mechanism.
>
> The tokens / HSMs I've used don't let you generate a key s
On 27 Sep 2017, at 14:22, Dmitry Belyavsky wrote:
> What is the most natural way to generate private keys using openssl but store
> them on a specific hardware tokens? Reading/writing is implemented via engine
> mechanism.
>
> I suppose that it should be added support of -outform ENGINE to the
the ALPN extension value?
Thank you
Dirk
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Anybody able to help?
Thanks
Dirk
On 10.11.2015 17:09, Dirk Menstermann wrote:
> Hi,
>
> I'm using openssl 1.0.2 (as web server application) and utilize the APLN
> callback to react on protocols offered by the client. In this callback I need
> a
> way to get the list of
lient supports
"ECDHE-RSA-AES128-GCM-SHA256" (like Firefox). Any idea how I can get this
information?
Thanks a lot
Dirk
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi Steve,
as far as I can see this works only if the application embedding openssl is the
ssl client; but how can this be achieved from the server's point of view?
Thanks
Dirk
On 25.03.2015 16:35, Dr. Stephen Henson wrote:
> On Wed, Mar 25, 2015, Dirk Menstermann wrote:
>
Very helpful. Thank you Steve.
Dirk
On 25.03.2015 16:35, Dr. Stephen Henson wrote:
> On Wed, Mar 25, 2015, Dirk Menstermann wrote:
>
>> Hello,
>>
>> which API function can I use to obtain the bit strength of the key exchange
>> (size of the DH or ECDH parameters
Hello,
which API function can I use to obtain the bit strength of the key exchange
(size of the DH or ECDH parameters)?
There is the function SSL_get_cipher_bits, but this is only for the symmetric
cipher, not including the key exchange.
Thanks
Dirk
like for
the size of n. Is this an configuration option?
I'm using openssl101i with openssl-fips207
Thank you
Dirk
__
OpenSSL Project http://www.openssl.org
User Support Mailing
Op 9 jul. 2014, om 02:33 heeft Jeffrey Walton het volgende
geschreven:
> On Tue, Jul 8, 2014 at 7:00 PM, Dave Thompson wrote:
>>> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
>>> Sent: Tuesday, July 08, 2014 16:20
>> ...
>>> Not sure if this is any consolation, but country
Op 4 jun. 2014, om 10:41 heeft Dirk-Willem van Gulik het
volgende geschreven:
> What is the right syntax in IdentityFIle to specify a specific PKCS#11
> provider or, even better, a
> specific slot or key ?
>
> I am failing to trigger below code :) i.e. getting key
Folks,
What is the right syntax in IdentityFIle to specify a specific PKCS#11 provider
or, even better, a
specific slot or key ?
I am failing to trigger below code :) i.e. getting key populated right.
Thanks,
Dw.
/* Prefer PKCS11 keys that are explicitly listed */
TAILQ_FO
Repost; updated for HEAD and tested on ubuntu as well.
Dw.
Folks,
Find below a minor patch to allow the use of smartcards in readers that have
their own
PIN entry keypads (Secure PIN entry) such as the SPR332 and most german/medical
chipcard devices.
Tested on Solaris, FreeBSD, Linux and MacOS
On 28 Oct 2013, at 11:56, redpath wrote:
> I would like to know why the openssl CA command to revoke a cert
> (myfiletorevoke)
> needs the CA cert other than the cert I want to revoke.
>
> openssl ca -revoke myfiletorevoke -keyfile cakey -cert cacert -passin
> pass:CApass -config myconfig
A simple
echo foo | openssl smime -encrypt/sign | openssl smime -decrypt/verify
works dandy. But was surprized to find that the verify breaks when '-binary' is
used.
Canonical example below.
Would like to understand why,
Thanks,
Dw.
#!/bin/sh
# Generate a self signed cert to use f
Hi,
I just recognized that openssl 1.0.1 prevents setting of alloc, re-alloc and
free functions if compiled with FIPS support. Can anybody give the background,
why this was changed (compared to 0.9.8)?
Thanks a lot
Dirk
On 4 mrt. 2013, at 08:47, ashish2881 wrote:
> Hi ,
> I want to create a certificate chain ( self signed root ca
> cert+intermediate cert + server-cert).
> Please let me know openssl commands and the configuration required to create
> root-ca ,intermediate cert signed by root-ca and server c
> Will keep an eye on it,
> as this functionality would long term be useful to put into the 'openssl
> smime'
> apps command.
For the time being - put a version at
https://github.com/dirkx/smime-add-encryption-for-recipient
along with a small test.sh file
https://github.com
On 26 Feb 2013, at 15:26, Dr. Stephen Henson wrote:
..
>> Note that we had to pull in some non-exposed functions from pk7_lib/doit.c -
>> so perhaps longer term it would be nice to see such as part of the API.
>>
>
> When I first looked at this I'd hoped that you could do it cleanly using the
Folks,
I am struggling to find a clean way to add a pub-key to encrypt against to an
existing pkcs7/smime file. Without having to change the existing entries.
The use case is that of a key rollover (on for example a very long term backup)
where one would want to add an extra decryption key (yea
Thank you Matt!
On 08.02.2013 16:33, Matt Caswell wrote:
> It is a feature of GCM that the ciphertext (excluding the authentication tag)
> is
> identical length to the plaintext. Therefore no padding is required.
>
> Matt
>
> On 8 February 2013 14:27, Dirk Mensterm
Hi,
I'm playing around with "EVP_aes_128_gcm". This works, but it seems that EVP_*
does not include padding. Is this expected/needed or did I miss a step?
Thanks
Dirk
__
OpenSSL Project
On 14 nov. 2012, at 19:58, "Dr. Stephen Henson" wrote:
> On Wed, Nov 14, 2012, Dirk-Willem van Gulik wrote:
>
>> Folks,
>>
>> Have a CA (created by certtool, validates in openssl as self signed just
>> fine) and a server cert (created with certtool
On 14 nov. 2012, at 18:42, Dirk-Willem van Gulik wrote:
> Have a CA (created by certtool, validates in openssl as self signed just
> fine) and a server cert (created with certtool, signed with certool) which
> des NOT validate in openssl.
>
> However the signature (when
Folks,
Have a CA (created by certtool, validates in openssl as self signed just fine)
and a server cert (created with certtool, signed with certool) which des NOT
validate in openssl.
However the signature (when extracted with openssl its asn1parse; openssl its
rsautl and openssl its sha256) l
On 7 Nov 2012, at 14:35, Graham Leggett wrote:
> I would like to know how long a CRL has until it expires in seconds (or milli
> or microseconds, don't care, I can convert), and am struggling to find a
> formally supported way to do this.
>
> What I would like to do is return the difference be
Thank you Stephen.
On 04.10.2012 17:34, Dr. Stephen Henson wrote:
> On Tue, Oct 02, 2012, Dirk Menstermann wrote:
>
>> Hello list,
>>
>> is there a way to use ENGINEs in a non-blocking way - meaning for a network
>> operation (remote HSM) the thread can do som
Anybody?
Thanks
On 02.10.2012 15:58, Dirk Menstermann wrote:
> Hello list,
>
> is there a way to use ENGINEs in a non-blocking way - meaning for a network
> operation (remote HSM) the thread can do something else instead of waiting for
> the IO operation to complete?
>
Hello list,
is there a way to use ENGINEs in a non-blocking way - meaning for a network
operation (remote HSM) the thread can do something else instead of waiting for
the IO operation to complete?
Thanks
Jens
__
OpenSSL Project
Hello Steve,
do you see another way to force the error state?
Thanks
Dirk
On 03.07.2012 10:49, Dirk Menstermann wrote:
> Hello Steve,
>
> On 02.07.2012 19:37, Dr. Stephen Henson wrote:
>
>>
>> As I indicated HEAD wont work as it isn't currently FIPS capable.
&g
hieved without these kind of functions?
Thanks
Dirk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Hello Sergio,
I use openssl-1.0.1c (and a daily snaphost) and openssl-fips-2.0.1. Which
combination are you using and which target (debug?) do you build? Will the
function FIPS_corrupt_aes be exported and is the include file fips.h available?
Thanks
Dirk
On 02.07.2012 18:30, Sergio NNX wrote
Anybody able to help me (problem posted below some days ago)?
Thanks a lot
Dirk
On 27.06.2012 14:42, Dirk Menstermann wrote:
> Hello,
>
> I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005
> (command line prompt) using the build target debug-VC-WIN64A and opti
Anybody able to help me?
Thanks a lot
Dirk
On 27.06.2012 14:42, Dirk Menstermann wrote:
> Hello,
>
> I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005
> (command line prompt) using the build target debug-VC-WIN64A and option
> no-asm.
>
&g
'
Stop.
Can anybody help me? With which versions is it supposed to work (win 7 64 bit)
Thanks a lot
Dirk
On 15.05.2012 22:18, Steve Marquess wrote:
> On 05/15/2012 12:03 PM, Dirk Menstermann wrote:
>> Hello,
>>
>> are the sassumptions below correct?
>>
>>
Thank you Steve!
Bye
Jens
On 18.06.2012 19:42, Dr. Stephen Henson wrote:
> On Mon, Jun 18, 2012, Dirk Menstermann wrote:
>
>> Thanks,
>>
>> unfortunately I forget to include the information that I need to know it
>> from a
>> c programm, not from the shell
Thanks,
unfortunately I forget to include the information that I need to know it from a
c programm, not from the shell. Do you also know the solution here?
Thanks
__
OpenSSL Project http://www.o
Hello,
Would anybody be so kind to explain me how I can read the digest algorithm
(sha1, sha256, other) from a X509 struct that was used by a CA when issuing the
certificate (I am using version 0.9.8).
Thanks
Dirk
__
OpenSSL
?
Thanks,
Dw.
#!/bin/sh
#
# Copyright 2012 Dirk-Willem van Gulik WebWeaving.org, All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Create config file
#
cat > ./opens
Gentle people,
I am encoding some extra fields in the request (and the signed cert). And have
two related puzzels:
1) I had naively expected below construct to create a single sequence of
two object/integers under a single object:
# openssl.cnf snippet.
[v
Hello,
are the sassumptions below correct?
For 0.9.8 I have to use fips123
For 1.0.1 I have to use fips2
For 1.0.0 there isn't a fips implementation.
Thanks
Dirk
__
OpenSSL Project
Op 11 May 2012, om 00:48 heeft Dr. Stephen Henson het volgende geschreven:
> On Thu, May 10, 2012, Dirk-Willem van Gulik wrote:
>
>>
>> On 10 mei 2012, at 18:59, "Dr. Stephen Henson" wrote:
>>
>>
>> Nets me
>>
>>365:
On 10 mei 2012, at 18:59, "Dr. Stephen Henson" wrote:
> On Thu, May 10, 2012, Dirk-Willem van Gulik wrote:
>
>>int nid1 = OBJ_create("1.3.6.1.4.1.2692.99.1", "geoLat",
>> "Latitude(WGS84) of device calculating
Folks,
Struggling with x509v3 extensions from a programmatic interface. Found that
simply stuffing ascii strings into an extension works fine:
int nid2 = OBJ_create("1.3.6.1.4.1.2692.99.2", "geoLon",
"Longitude(WGS84) of device calculating CSR");
ASN1_OBJECT* obj2 = OBJ_nid2obj(
Hello Steve,
On 26.04.2012 15:50, Dr. Stephen Henson wrote:
>
> What DH parameters are you using? You can get better performance by tweaking
> the parameters.
>
Can you explain how to tweak the parameters and if this reduces security.
28:d=5 hl=2 l= 1 prim: INTEGER :00
31:d=5 hl=2 l= 122 cons: SEQUENCE
33:d=6 hl=2 l= 109 cons: SEQUENCE
35:d=7 hl=2 l= 11 cons: SET
37:d=8 hl=2 l= 9 cons: SEQUENCE
39:d=9 hl=2 l= 3 prim: OBJECT:countryName
I can see the evenlopedData.
Thanks
Dirk
Hello,
is there somewhere a release schedule for version 1.0.1 published?
Thanks
Dirk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
Thanks,
On 14.10.2011 13:16, Jakob Bohm wrote:
>>
> Unfortunately not, I am a security engineer, not a fully trained
> cryptographer/cryptanalyst.
>
> As an engineer I am aware that attacking an algorithm such as RSA is easier
> the
> more the
> attacker knows or can control about the input, an
enemy (secret encryption
> keys
> are usually such strings, actual messages are usually not).
>
Can you elaborate on which paddings should only be used with pure random data
and which can be used for arbitrary dat
Hello list,
I've questions about how (temporary) RSA keys will be used in a SSL/TLS
handshake. I understand that DH key exchange is the preferred and standard way
to exchange the shared secret. Nevertheless
1) When will RSA key exchange be used? Is this a configuration of the server?
2) Are the
Hi,
on https://developer.mozilla.org/en/Security_in_Firefox_2 I found that FF 2 does
support only curves with 256, 384, and 521. Maybe this is the same for FF 3 and
your 160 bit curve is not supported.
Bye
Dirk
Alex Birkett wrote:
> Hi,
>
> Firefox 3.6.2 sup
Thank you Dave!
Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Dirk Menstermann
>> Sent: Wednesday, 10 March, 2010 10:57
>
>> when I generate DH parameters with:
>>
>> int bits = 1024;
>> DH *params = DH_generate_parameter
Hi,
when I generate DH parameters with:
int bits = 1024;
DH *params = DH_generate_parameters (bits, DH_GENERATOR_5, NULL, NULL);
Can I then later read the value of the bits parameter from the DH struct?
Thanks
Dirk
__
OpenSSL
Can anybody help me?
Thanks
> -Ursprüngliche Nachricht-
> Von: "Dirk Menstermann"
> Gesendet: 09.12.09 18:22:46
> An: openssl-users@openssl.org
> Betreff: Question to SSL_SESSION
> Hello,
>
> I have a problem with the saving SSL_SESSIO
Hello,
I have a problem with the saving SSL_SESSION objects. As there seems to be no
SSL_SESSION_dup function I have created one:
SSL_SESSION* SSL_SESSION_dup (SSL_SESSION *sslSession)
{
SSL_SESSION *newSession = (SSL_SESSION *) ASN1_dup ((int(*)(void
*in,unsigned char **pp)) i2d_SSL_SE
Hello,
I'm quite new to openssl.
My question is, how can I sign a csr and add an extension to the
certificate, that contains only a simple string (an url).
Perhaps you have some samples for such a config file and the openssl calls.
thanks
Kyle Hamilton schrieb:
> On Tue, Mar 31, 2009 at 1:56 PM, Dirk Reske wrote:
>
>> Second,
>> it's just plain bad PKI to put attributes in Identity Certificates.
>>
>>
>>
>> What do you mean with this?
>>
>
> Placing add
Patrick Patterson schrieb:
Hi Dirk:
Dirk Reske wrote:
Patrick Patterson schrieb:
Second,
it's just plain bad PKI to put attributes in Identity Certificates.
What do you mean with this?
Wel
Patrick Patterson schrieb:
Hi Dirk:
Dirk Reske wrote:
li...@kaiser.cx schrieb:
Hi,
On Tue, Mar 31, 2009 at 05:29:15PM +0200, Dirk Reske wrote:
We need to put some extra informations (simple strings) into the
certificates (e.g. year of
li...@kaiser.cx schrieb:
> Hi,
>
> On Tue, Mar 31, 2009 at 05:29:15PM +0200, Dirk Reske wrote:
>
>
>> We need to put some extra informations (simple strings) into the
>> certificates (e.g. year of birth, ...).
>> I have looked around the internet, but do
from germany
Dirk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
_SSL:
m_foRegistry->LOG_ERROR("ERROR: ClientRead ->
SSL_read( " +
readCount +
" ) Header failed (ssl error)
...");
break;
d
everything on client and server explicitly. I know that the session id is
established during that phase as well but maybe there is a way to reduce the
number of loops from 2 to 1.
Every hint is very appreciated!
Thanks
- Dirk
ould be nessary. The mandrake software installer i don't fully trust either to
be honest. Especially not with de-installing, also because if i asked him to
find for installed openssl versions he only finds one, while the crypt-ssl
module on install askes aginst which openssl installation i would to build. But
then on the other other hand i wouldn't have a clue how to fully erase an
openssl installation from my system by hand. So if anybody has an advise
other on wath to try or what to check other then mentioned above, i would
appreciate it a lot obviously :-)Sincerely,Dirk van der
Giesen
Your kidding me/us...
- Original Message -
From:
SSL_Leay
To: [EMAIL PROTECTED]
Sent: Wednesday, August 21, 2002 6:45
AM
Subject: The effective/invalid setting
method of a certificate
Hello.
Please teach me how to perform
effective/invalid setup of a
#x27;t seem to figure out how to rewrite the above critical part with
SSLeay.pm so that eventually i can make the same secure socket connection.
Could you advise me on this one if you have the time.
Thanks in advance,
Dirk van der Giesen
- Original Message -
From: "Michael Chang&qu
I have it
like this:> > -rw-r--r-- 1
root root 1029 Jul
11 10:27 server.crt> This should be sufficient for anyone running httpd
right?> > Thanks for your reply.> > - Original
Message -> From: "Tony Paterra" <[EMAIL PROTECTED
- Original Message -
From: "Steven Bade" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 22, 2002 3:36 PM
Subject: Re: OpenSSL 0.9.7 beta2
> 0.9.7 no longer has separate engine and non-engine releases. The engine
> support is integrated into the single release now...
>
>
1 - 100 of 114 matches
Mail list logo
