For OpenSSL 1.0.2:
Are you asking how to get a DNS Subject Alternative Name extension into the
certificate?
You would need to edit an openssl.cnf file and add the proper stuff to get this
extension. Check the man page for x509v3_config.
The item you want to put in the config file is
subjectAltN
You may have not run the openssl fipsinstall command.
You should be able to perform ‘make install_fips’ after you do a make install.
Then check your openssl.conf file and make sure it has the proper
fipsmodule.cnf filename and loads the providers you want.
> On Feb 17, 2021, at 10:26 AM, Naga
How I did this:
1) You can make up your own EVP_PKEY that uses your own engine implementation
and attach a data ptr to it
EVP_PKEY* returnPKey;
returnPKey = EVP_PKEY_new();
if( returnPKey )
{
Microsoft Windows 10
Professional and Microsoft Windows Server 2016 are included.
(I had looked at the "FIPS module 3.0" wiki page,
https://wiki.openssl.org/index.php/FIPS_module_3.0 , but it has not been
updated since Mar 14.)
Nelson D. Caro
Embedded Software Engineer | Compunetix,
; then that does sound like it does match the policy
It does not: Security Policy 2.0.16 does not have any Microsoft Windows
platforms in the "Tested Configurations" section. 2.0.10 was the last one that
had, and it was Windows 7, not 10.
Nelson D. Caro
Embedded Software Enginee
On Wed, 6/18/14, Viktor Dukhovni wrote:
Subject: Re: mod_ssl - client certificates broken after yum update of openssl
To: openssl-users@openssl.org
Date: Wednesday, June 18, 2014, 11:08 AM
On Wed, Jun 18, 2014 at
07:07:25AM -0700, Nelson wrote
On Tue, 6/17/14, Viktor Dukhovni wrote:
Subject: Re: mod_ssl - client certificates broken after yum update of openssl
To: openssl-users@openssl.org
Date: Tuesday, June 17, 2014, 10:53 PM
On Tue, Jun 17, 2014 at
06:48:28PM -0700, Nelson wrote
Perfectly working VM running Amazon Linux with Apache and mod_ssl configured
for client certificates.
Ran yum update to get the latest openssl (OpenSSL 1.0.1h-fips 5 Jun
2014)/mod_ssl(2.2.27 )/httpd(2.2.27) security updates from Amazon's yum
repository.
Now the client certificate checks are fa
Hi:
I'm running OpenSSL 0.9.8d on an HP-UX 11 box. In the past I've been
able to generate CSRs and keys via the command line with no trouble.
However, today I generated a key just fine, but when I tried to generate
the CSR it failed. I'm not aware of anything having been changed since
the last CSR
I am trying to fetch a page with perl by HTTPS (for a new project),
but perl is crashing.
When the following code is run, perl crashes:
require LWP::UserAgent;
$ua = LWP::UserAgent->new;
$response = $ua->get('https://www.example.com/');
www.example.com does not listen on the HTTPS port, but that
configure:19299: result: no
configure:19176: checking ssl.h usability
configure:19188: cc -c -g -O2 -I/usr/include/openssl conftest.c >&5
In file included from /usr/include/openssl/ssl.h:179,
from conftest.c:126:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
etc
Gregg Nelson
Ramsey County, MN
beros on the openssl >configure< call, why are these errors occuring? If krb5.h is needed, why isn't it included in the openssl header library?
Must one specify --no-krb5 to avoid these errors? Why?
If a reference to krb5 is automatically included without it, why aren't all krb5 components included?
Gregg Nelson
Ramsey County, MN
Maybe could you contact the author of symbssl (symbssl.sf.net)
On Wed, Nov 24, 2004 at 06:04:39PM +0100, Antonio Ruiz Martínez wrote:
> Hello!
>
>I'm writing you because I would like to know if anyone has compiled
> OpenSSL for Symbian and, in that case, how I could do it.
Behalf Of Dr. Stephen Henson
Sent: Thursday, June 24, 2004 9:43 AM
To: [EMAIL PROTECTED]
Subject: Re: Extensions to char
On Wed, Jun 23, 2004, Nelson Gamazo Sánchez wrote:
> I am writing a wrapper class in c++ to manipulate X509 extensions as standard map
> (key, value). Then, If I want ge
client code will treat extension as standard map.
Thanks
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Monday, June 21, 2004 7:47 PM
To: [EMAIL PROTECTED]
Subject: Re: Extensions to char
On Mon, Jun 21, 2004, Nelson Gamazo
Hi
I am working with OpenSSL extensions; I need convert the extension (X509_EXTENSION) to
char (both key, and value).
No problem converting the key part :-).
But:
Why OpenSSL do something like this to covert to BIO, FILE, etc?
if(method->it)
ext_str = ASN1_item_d2i(NULL, &data, extensi
Nelson
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Andrew Marlow,
I executed zlib external to SSL which is fairly simple and
allows greater control over, e.g., the zlib compression level
parameter.
This post is about my attempts to discover why
the ssltest program does not use compression when -zlib
is given on the command line. My openSSL is ve
-SHA
EXP1024-DES-CBC-SHA
EXP-DES-CBC-SHA
Also the automated box on the support page for subscribing to the
mailing list does not seem to be working.
But I would like to say that I am very impressed with the capabilities
of SSL/TLS and am working hard to get it
Thanks, I figured everything out. Have a good one!
Dan!
- Original Message -
From:
Dan Nelson
To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] ; [EMAIL PROTECTED] ; William F.
Slater, III ; Jimmie Jones ; [EMAIL PROTECTED] ; [EMAIL PROTECTED]
Sent: Friday, June 21, 2002 12
ore than simply checking to see if the client cert can
> be validated by a CA Root cert.
Yes, this is true.
But many applications only needed it.
./nelson -murilo
__
OpenSSL Project http://ww
Have many options, SSLTelnet for example.
But maybe more easy is use stunnel, this too works fine for this case
(verify client certs).
regards,
./nelson -murilo
> Hi all ssl-ers.
> =20
> Questions.
> =20
> Anybody knows how to configure telnetd-ssl for authent
using TCP/IP)?? If Yes, what do I
>need?? The database engine has to implement something?? --> How does SSL works??
>
SSL is Secure Socket LAYER, so if you application work over TCP/IP
SSL must works.
Try www.stunnel.org, e
a lot (it downloads the required packages automatically!), and helped in some configuration steps.
After that, you'll need to make a production certificate, and aply it...
I hope this helps you (it's working for me :) ), now you're on your own !
Nelson
Portugal
-Original
conf dir has 5 ssl.* directories, with other .key .pem .txt files. Are they necessary ?
Thanks in advance
Nelson
Content of the type listed below was automatically deleted from mail
received from you. Usually this type of content is extraneous, non-
textual material, oftentimes appended unbeknown to the sender. If this
is the case, you may ignore this reply. However, if you believe the
deleted portion was
Content of the type listed below was automatically deleted from mail
received from you. Usually this type of content is extraneous, non-
textual material, oftentimes appended unbeknown to the sender. If this
is the case, you may ignore this reply. However, if you believe the
deleted portion was
() might be active.
>
> Unfortunately that does not explain your error, yet...
As a user, what action would you recommend I take? Right now I'm holding
off on building any applications that require linking to the ssl and crypto
libraries.
henry nelson
> > -- begin erro
files were dumped:
% find ./ -name "*.core" -print
.//certs/openssl.core
.//test/randtest.core
Thanks for any advice. (Please cc if possible since not a regular member
of the list.)
henry nelson
__
OpenSSL Project
On Mon, May 01, 2000 at 10:16:28PM +0200, Richard Levitte - VMS Whacker wrote:
> From: Tony Nelson <[EMAIL PROTECTED]>
>
> I understand that some corporations choose to do that, although I do
> not agree with that kind of practice.
Basically, companies do it to protect th
--- --
Hope this helps,
Tony Nelson
TIS Worldwide, Firewall Admin
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of James Dabbs
> Sent: Saturday, April 29, 2000 6:41 AM
> To: [EMAIL PROTECTED]
> Subj
Another example is Netscape Form Signing
(http://developer.netscape.com/tech/security/formsign/formsign.html).
-Original Message-
From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, 23 November, 1999 12:39
To: [EMAIL PROTECTED]
Subject:Re: SSL and non-repudiat
[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
I now have a 107 character passphrase. word.
--
Brian Nelson Network Minion
mailto:[EMAIL PROTECTED] PocketScience, Inc.
*
I totally appreciate all the help. I got it working, and it runs GREAT!
Thanks!
Michael Robinson wrote:
>
> Brian Nelson <[EMAIL PROTECTED]> writes:
> >> % cat /dev/random | od -X
> >
> >I should then be using a 30-character octal random string, yes?
0 local_spi=1000 remote_spi=1000
-- HOST 2 --
I also tried swapping strings on one of the config files, and using the
same string in all 4 fields.
I am now trying with ipesp.
Thanks a lot for all your help.
--
Brian Nelson Network Minion
mai
p spi=1001 enc=blowfish_cbc ekey=f1f2f3f4f5f6f7f8f9fafbfcfdfeff
dest=5.6.7.8
sa ipesp spi=1001 enc=blowfish_cbc ekey=d00db00fd00d00d00db00fd00dc00e
if /dev/tun0 local_spi=1000 remote_spi=1000
if /dev/tun1 local_spi=1001 remote_spi=1001
--CONFIG--
--
Brian Nelson
> 2) I need to encrypt a message like PGP
Please, see ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz. PGPlib is a library that lets
you generate and manipulate PGP packets. It uses an old version of SSLeay for
cryptographic functionality. Probably, however, it can easily use OpenSSL instead.
��
appl
Hi,
I'm have one AIX box withless Internet conection and not
C compile too.
Anyone have SSLtelnet work like a charm in AIX 3.4
or know any url for binary package?
Thanks for your time and attention,
--
./nelson -m
38 matches
Mail list logo
