Re: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

2002-01-16 Thread Douglas Wikström
> Ok, SSL_VERIFY_PEER enforces all verification errors to be enforced, > thus SSL_connect() will result in hard failure, as shown below. > You will never reach the SSL_get_verify_result() below. No, you are right, Ive been trying stuff... > > openssl req -config ${MIX_HOME}/ssl/openssl.cnf -new

SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

2002-01-16 Thread Douglas Wikström
ssl/ca/cert${MY_ID}.pem) ln -s ${MIX_HOME}/ssl/ca/cert${MY_ID}.pem ${MIX_HOME}/ssl/ca/$HASHNAME.pem Can anybody see where the problem lies. /Douglas -- -- Douglas Wikström <[EMAIL PRO

Plain solution

2002-01-16 Thread Douglas Wikström
Hello! Right now I am using the normal way of identification, using a CA-cert, and certs signed using the key of the CA-cert. I.e. something like: openssl req -config ${MIX_HOME}/ssl/openssl.cnf -new -keyout $MIX_HOME/ssl/key.p em -out $MIX_HOME/ssl/newrequest.pem -nodes openssl ca -batch -conf

PrivateKey.

2001-12-11 Thread Douglas Wikström
Hello! I use this when initializing. SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile, SSL_FILETYPE_PEM) what is the correct way of accessing this keyfile later. I.e. I would like to say: skey = ssl_ctx->private_key; or similar. /Douglas __

Re: Kurt Seifred's article on securityportal

2000-12-19 Thread Douglas Wikström
Goetz Babin-Ebell wrote: > > Greg Stark wrote: > That the biggest problem in security is between keyboard and chair. > The user has to know what he is doing. > Normal user don't. > So all computer security is faulty... As is all cars, airoplanes, etc when a human subroutine is added :-) /D _

Re: MVS ports

2000-09-18 Thread Douglas Wikström
SL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -- Douglas Wikström <[EMAIL PROT

mem leaks?

2000-09-15 Thread Douglas Wikström
hello. This is a little of topic, please excuse me :-) Is there an opensource, or at least linux equivalent of purify somewhere? /Douglas -- -- Douglas Wikström <[EMAIL PROTEC

Re: Emergency!How to read PEM encrypted key?

2000-08-16 Thread Douglas Wikström
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin); > if (pkey==NULL) printf("read error!"); > > > > Best Regards! > > TechInfo Group -- -- Douglas Wikström <[EMAIL PROTECTED]> --

Re: Out of office autoreply

2000-08-16 Thread Douglas Wikström
. Another nice feature of any listserver would be to cache the last msgs and dont remail multiple identical msgs. In fact I will try to figure out how to make my mail-app do the eq for me. /Douglas > > Amanda. > > On Tue, 15 Aug 2000, Douglas Wikström wrote: > > This is c

Multiple use of digests?

2000-08-16 Thread Douglas Wikström
EVP_VerifyFinal(&md_ctx_veri, buf, acklen, pkey) Does anybody know of an issue prohibiting removal of the lines marked ## and using only one digest buffer in the pseudocode above? /Douglas -- ---------- D

Re: Stupid Question

2000-08-03 Thread Douglas Wikström
--- > Black holes are, where god devided by zero. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -

Re: openssl and IE5.0 on MacOS

2000-08-01 Thread Douglas Wikström
server side. Not many certs are involved, a root-cert + a server cert for each server to be administrated. using anonymous https is pointless, since it jeopardizes (how do you spell this? :-) the admin-pwds. sorry, dont know mac-ish issues. -- ------

Re: Certificates

2000-07-24 Thread Douglas Wikström
___ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- ---

Re: openSSL+IE5.0 on macintosh

2000-07-14 Thread Douglas Wikström
ser Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -- Douglas Wikström <[EMAIL PROTECTED]>

Re: Got in late in the conversation. Maybe this is what you want

2000-07-13 Thread Douglas Wikström
NULL,NULL)) == NULL) > { > BIO_printf(bio_err,"Error reading certificate in %s\n", > cert); > goto err; > } > ok = 0; > err: > if (b

verifying CAcert and cert?

2000-07-13 Thread Douglas Wikström
if (!X509_verify_cert(csc)) { fprintf(stderr, "Verification of cert failed!\n"); exit(1); } X509_STORE_CTX_free(csc); Any hints, clarifying comments, or pointers to docs are very welcome. Best regards: Douglas -- ---

Storing and reading X509 to/from file

2000-07-12 Thread Douglas Wikström
Hello! Could anybody hint me on functions to dump a X509 cert to file and then recreate it in memory? /Douglas -- -- Douglas Wikström <[EMAIL PROTECTED]> -- Yes, God created Man

Re: Netscape Signtool 1.1/1.2

2000-07-10 Thread Douglas Wikström
ssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- ---------- Douglas Wikström <[EMAIL PROTECTED]> -- Yes, God cr

Re: Legality - just heated up

2000-06-29 Thread Douglas Wikström
; So lets not waste our time calling up RSA and asking stupid questions, ok? I would say this is a natural question to ask when selling a solution to somebody. Failing to do so would be doing a bad job. /douglas -- -- Douglas Wikström <[EMAI

Re: Cipher question...

2000-06-26 Thread Douglas Wikström
gt; this right. This implies finding someone who -really- knows what > they're doing and having them find proven, peer-reviewed approaches > and implementations. Good crypto is no place for amateurs, and even > the pros require peer review to catch mistakes---no one is

Re: Cipher question...

2000-06-21 Thread Douglas Wikström
___ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -

Re: Free CA

2000-06-13 Thread Douglas Wikström
transactions?" Implementing or mandating the use I > believe just as big a marketing problem as a technical problem. I agree, this is not a tech problem. -- -- Douglas Wikström &l

Re: Digest openssl mailing lists

2000-05-31 Thread Douglas Wikström
tomated List Manager [EMAIL PROTECTED] -- -- Douglas Wikström <[EMAIL PROTECTED]> -- Yes, God created M

Re: Certificate Authority

2000-05-24 Thread Douglas Wikström
//www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -- Douglas Wikström <[EMAIL PROTECTED]> --

Re: setting random seed generator under Windows NT

2000-05-11 Thread Douglas Wikström
mouse randomly? or rather how do you know when you have enough entropy? (if you restrict the way the user tip you reduce the uncertainty again :-) /Douglas -- -- Douglas Wikström <[EMAIL PROTECTED]> ---

Re: Douglas!Please help me

2000-05-08 Thread Douglas Wikström
Hello! > It is first time for me to work on your > "openssl" security software.So iam requesting you to > send me the testing program(for client&server)in "C" > which uses your"openssl API"functions of C > language.when i run that (the program that you are > going to send )programs(client program

Re: FAQ? (or recommended books) (fwd)

2000-05-02 Thread Douglas Wikström
Hello! > > I found "Applied Cryptography - Protocols, Algorithms, and Source Code > > in C", by Bruce Schneier, second edition, to be very useful. The ISBN > > is 0-471-11709-9. > > I also found "SSL and TLS Essentials", Stephen Thomas, Wiley Computer > Publishing, ISBN 0-471-38354-6 to be q

signtool signing and openssl

2000-04-13 Thread Douglas Wikström
Hello everybody! Ive written a tiny webserver that handles http and https requests. Ive manufactured a CA cert in DER format which I deliver to a webserver by a simple link: Load CA cert into your browser After clicking a couple of dialogs Navigator treats the cert as a root ca. This ofcourse a