Kedar Sabnis wrote:
in some specific case SHA1 digest is coming as 152 bits long instead of
160 bits long.
All possible 160 bits values have the same chance of being the output of
a SHA1 digest, *including* those that comprise long strings of all zeros
or all ones.
This mean that, statistic
Jakob Bohm wrote:
1. The current README.WCE and code assumes that you link with one of
two less free libraries (one is LGPL, the other requires reconfiguration
of the target device/phone). I wrote my own more minimal library
under the OpenSSL license to avoid them both. This obviously implied
p
Ger Hobbelt wrote:
a symptom I have learned to associate with the Rand_poll() heap walking
issue.
AFAIR some time ago there was a problem that *just the first call* to
the heap walking function would, under 64 bits Windows, take second in
some circumstances. That's clearly a bug, and only Mic
Krishnappanaidu, Vasu wrote:
We are using your ssldump to decrypt the SSL traffic and we get
“segmentation fault” and also it core dumps.
Use wireshark (or the command line version tshark), ssldump is dead and
buried.
wireshark also has some bugs in this domain (less than ssldump, but
still
Dr. Stephen Henson wrote:
On Wed, Jan 07, 2009, Victor Duchovni wrote:
This is not very clear to me. Which signatures are poorly verified:
1. The server's signature on SSL/TLS protocol messages that must
be signed under the server's private key (corresponding to the
private k
Joe Flowers wrote:
[...]
I can decrypt the HTTPS traffic OK [...] where the HTTPS
traffic is initiated from a web browser (IE) on the client machine.
BUT, when I try my HTTPS client application (on the client machine,
talking to the server machine), the application seems to work correctly
other
Bob Bell (rtbell) wrote:
[...] (for
instance Certicom has a patent on having an ECC public key in an X.509 cert
signed using RSA) [...]
This patent really can not hold water if challenged (if the content's
actually what's described here).
This is what x509 has been designed to allow, also prior
Jeremie Le Hen wrote:
% char *tls_serial_number(X509 *peer)
% {
% ASN1_INTEGER *sn;
% BIGNUM bn;
% char *bnstr, *snstr;
% size_t len;
%
% if ((sn = X509_get_serialNumber(peer)) == 0)
% return (0);
% ASN1_INTEGER_to_BN(sn, &bn);
Hecber Cordova wrote:
I'm trying to decrypt with openssl some encrypted files coming from
.NET 2.0. The problem is .NET uses PKCS#7 Padding and openssl uses
PKCS#5 Padding.
It's the same thing. The other padding is ISO padding, also used within
xml-enc.
__
ScottZ wrote:
Is there an easy way (ed. in AIX) to see what random device this compiled
version
of openssl chose to use?
Found the answer to my question and that the tool to use depends on what
platform your on.
Truss is available on quite a few OS.
That's a nice tip, thanks for the m
Dr. Stephen Henson wrote:
On Fri, Nov 10, 2006, Jean-Marc Desperrier wrote:
[...]
That led me to use a modified index.txt with "openssl ca
-gencrl" where the entries are not in the order of the serial number.
But the crl openssl generates always has the certificate entries
reorde
Hi,
I'm trying to reproduce with "openssl ca -gencrl" an existing crl where
some entries are not ordered in the order of the serial number of the
certificate. That led me to use a modified index.txt with "openssl ca
-gencrl" where the entries are not in the order of the serial number.
But th
Hi,
The pkcs12 man page reads :
-keypbe [...] If a a cipher name (as output by the
list-cipher-algorithms command is specified then it is used with PKCS#5
v2.0 [...]
The 'list-cipher-algorithms' command is only available in the 0.9.9-dev
trunk version of openssl.
Does it mean also that i
Miroslav Zubcic a écrit:
I must convert normal
certificates in cert5.db or ServerCert.db format.
How can I do this with openssl(1)? I have read man pages for pkcs7
pkcs8 pkcs12 etc ... grep google but I cannot find anything usefull.
Convert them to pkcs12.
Run a netscape 4.x (best done with a f
El Vie 18 Oct 2002 09:45, Michiels Olivier escribio:
I've just implemented an OCSP responder and I want to test it with
netscape or mozilla.
Both browsers returns that the certificate cannot be verified for an
unknown reason but when I use the ocsp client of openssl it works.
Michiels Olivi
Thomas Spoelstra a dit :
>At 19:00 gmt+1 - is the OpenSSL site down?
>
>
It does happen for me quite often that the OpenSSL site is down.
It is indeed down for me too now, and I don't know any other site that I
see down as often as the OpenSSL one.
__
Aleksey Sanin wrote:
> IMHO it's bad idea to use gcc 3.0 on Solaris now. I had very bad
> expirience
> with it in the past. If it is possible, try gcc 2.95.3.
I've had recently the occasion to compiles openssl 0.9.6 out of the box
without problem with both 2.95.3 and 3.0.3 under Solaris.
But
Erwann ABALEA wrote:
>But to me it seems that enhancing access restriction using the server cert
>is not a good idea. That means the server cert is a secret known only by
>the trusted users. By definition, a certificate is public, so it cannot be
>a secret.
>
>
Basically, this means that the cl
Williams, Jeff wrote:
>As
>for Netscape, I'm having a problem getting Netscape to import the Root
>Authority.
>
This is a known problem.
The only way to import a new root inside Netscape 4.x is to create an
HTML page with a link that points to the certificates, and install by
clicking on the li
Dr S N Henson wrote:
> OpenSSL by default will assume the characters presented to it are
> IS08859-1 (Latin 1) strings. It stores these in the ASN1 string type
> known as a T61String: this isn't actually correct but Netscape and MSIE
> can do this too.
It would be correct if the real T61String e
"Draelos, Timothy J" wrote:
> I have imported a "Personal" certificate that I
> created with openssl. It appears to work (i.e., says "Import successful"),
> but the certificate never shows up in the Personal certificates list. I can
> import into the "Intermediate CA" and "Trusted Root CA" certif
> Xeno Campanoli wrote:
> >
> > Jean-Marc Desperrier wrote:
> > >
> >> Generate a self signed certificate with -req.
>
> >I've only generated self signed certificates with openssl req -x509.
This is what I meant. -req was a mistyping.
> I als
"Kenneth R. Robinette" wrote:
> But no problem, if you order one, and try it out, you will not have to worry
> about the license. You will have given it to
> your kids to play with way before a year is up.
This said if you are successful in using the iButton with the pkcs#11, you can
be confide
Jan Zoellner wrote:
> At 15.02.01 13:04, you wrote:
> >point of using RSA if not ?, so I will insist once again on the fact that you
> >SHOULDN'T do that.
>
> I reimplemented the whole thing to be padded with random data (which are
> discarded upon decryption). PKCS#1 padding is worse than that,
"A. Konigsdorfer" wrote:
> 'Free' means something different in my eyes:
>
> 1.2 The period of this license is a hundred eighty days (180 days)
> from the moment the userdownloads the Software from Safelayer's
> web (www.safelayer.com). The use beyond this time is not permitted.
>
> The original p
Reiner Buehl wrote:
> Hi,
>
> > a) Can I make my on certificate valid for many host names ?
>
> There is a (not recommended) possibility for this: If all of your hosts
> belong to the same domain you could generate a so called "wildcard certificate".
> This is a certificate with a hostname like '
unshine sun wrote:
> hiI want to converting public key to certificate requests. How do it?
You can't. You need the private key in order to create what is called a
proof of possession.
i.e. the system is conceived so that you can't just take the public key
and create a certificate request with t
Richard Levitte - VMS Whacker wrote:
> From: James Dabbs <[EMAIL PROTECTED]>
>
> JDabbs> Does OpenSSL presently support hardware tokens for client-side
> JDabbs> authentication, such as Aladdin "eToken" or Rainbow "iKey
> JDabbs> 2000"? If not, is there any activity in this direction?
>
> I've b
Alexander 'Alfe' Fetke wrote:
> our customers
> will run our application which will be both client and server.
> the used protocols will be IIOP over SSL or plain IIOP (but then
> of course without encryption, so this case is not of interest).
> we are not planning to issue certificates by ourse
"Wilt, Paul" wrote:
> [04/Dec/2000 12:09:21 5411938] [info] Init: Initializing OpenSSL library
> [04/Dec/2000 12:09:21 5411938] [info] Init: Loading certificate & private
> key of SSL-aware server storefront.xanedu.com:8443
There apache loads your server and private key.
It work ok : No error.
[EMAIL PROTECTED] wrote:
> On 24 Nov, Jean-Marc Desperrier wrote:
>
> > Shridhar, a tool that incorporates OpenSSL code can hardly be released as
> > GPL, because OpenSSL itself is not GPL.
> As I understand the BSD license, BSD licensed code can be rereleased
> under t
Shridhar Bhat wrote:
> > ¾G¹ÅÂ×(kevin) wrote:
> >
> > Hi,
> >
> > Will you post to this mailing list how and where to download the tool?
> >
> > kevin
> Yes, I would post it here.
>
> I've got the permission from management to release it under GPL.
> I have asked to set up a machine from where it
32 matches
Mail list logo
