I just migrated some JWK code from openssl 1.x to 3.x.
First I have to say, a lot of things got a lot easier and a lot clearer
than before.
I did see some strange behaviors with EVP_PKEY_get_params. I see the
following statements from `man OSSL_PARAM`:
[A] When requesting parameters, it's a
n would not apply to operating systems which
which don't distribute OpenSSL, or to Fedora)
Thanks,
Ryan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
" for
CIPHERS.
So that makes me nervous about whether or not I am using
SSL_CTX_set_cipher_list() wrong. Should I be calling it at all? And if
so, where would I find the "right" setting for other operating systems,
since "PROFILE=SYSTEM" appears to be Fedora-spe
that on Arch Linux the
same binary running on Arch Linux loads two libraries that don't get
loaded when running on Debian Stretch: "libnss_mymachines.so.2" and
"libnss_resolve.so.2".
Am I doing something wrong or is this a memory leak in openssl?
Thanks,
Ryan
---
REMOTE LOGIN PROTOCOLS
A client/server model can create a mechanism that allows a user to establish a
session on the remote machine and then run its applications. This application
is known as remote login. This can be done by a client/server application
program for the desired service.
Maybe this should have been run in a virtual enviroment
Sent from Mail for Windows 10
From: Blumenthal, Uri - 0553 - MITLL
Sent: Friday, April 28, 2017 4:33 PM
To: openssl-users@openssl.org
Subject: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How tofree?
I’m playing with RSA-PSS si
Great article. Who is the author?
Sent from Mail for Windows 10
From: Viktor Dukhovni
Sent: Thursday, April 27, 2017 11:54 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write
On Thu, Apr 27, 2017 at 12:32:42PM +, Salz, Rich via openssl-us
yes
Sent from Mail for Windows 10
From: Murray, Ronald-1 (ANF)
Sent: Wednesday, April 26, 2017 1:25 PM
To: 'openssl-users@openssl.org'
Subject: [openssl-users] RFC2818 and subjectAltName
We had an issue a few days ago when people with the newest version of Chrome
were seeing security errors on
If you are asking me, by all means yes. Thanks for asking, I respect the value
of honesty in world that has so very few people left.
Sent from Mail for Windows 10
From: Viktor Dukhovni
Sent: Wednesday, April 26, 2017 1:55 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] RFC2818 and
of the stone age.
Thanks KS for passing message along
Best regards
Sincerely,
Ryan Murray
On Feb 4, 2017 1:36 AM, "Tim Kirby" wrote:
>
> I'm writing a server to support a legacy client that uses OpenSSL to
> secure its communication. The client is using OpenSSL 1.0.1j,
Situation maybe a security issue
Ryan Murray
On Jan 11, 2017 4:14 PM, "Ryan Murray" wrote:
> Could you give me a hand on a issue I've seem to of picked up with my
> device . You and the colleagues if possible. My SamsungGalaxy s2 tablet not
> responding. Power butto
ooted format has been making the device malfunction. Is there a remote
interface we could link up and establish what the heck is happening. Lol
Your truly
Ryan
Ryan Murray
On Jan 11, 2017 4:08 PM, "Nadia Lapkovskaya" wrote:
> Hi,
>
> We are using openssl-1.0.2j. Noticed
Do you have a moment to edit or review my error
Ryan Murray
On Jan 6, 2017 10:55 AM, "Matt Caswell" wrote:
>
>
> On 06/01/17 14:36, Dan Heinz wrote:
> >>> On 04/01/17 23:11, Dan Heinz wrote: Using openssl 1.1.0c.
> >>>
> >>> I have a
You can use X509_STORE_CTX_get_app_data() and type-cast the returned pointer to
SSL*.
Ryan Pfeifle
Software Engineer
[cid:2cada4cd821843daa7153d792a28ea74]<http://www.NICE.com>
VPI is now part of NICE<http://www.NICE.com>
Tel: 1.805.389.5200 x5297
E-mail: ryan.pfei...@nic
/boringssl.html
Ryan Pfeifle
Software Engineer, VPI
Tel: 1.805.389.5200 x5297 |
ryan.pfei...@nice.com | www.VPI-corp.com
VPI is now part of NICE Systems.
The information transmitted in this message is intended only for the addressee
and may contain confidential and/or privileged material. Any
Steve,
Does the Foundation have a Bitcoin address?
Ryan
On Fri, Apr 11, 2014 at 8:09 AM, Steve Marquess <
marqu...@opensslfoundation.com> wrote:
> In a typical year the OpenSSL project receives about US$2000 in donations.
>
> This week we have received roughly 200 donations
You could use a different config file and reference it on the command line.
Reqexts is used to reference a section in a config file.
Ryan Hurst
Sent from my phone, please forgive the brevity.
> On Dec 3, 2013, at 5:19 PM, Anders Larsson wrote:
>
> Hmm somehow the e-mail got cut a
Well I provided a windows example of the same approach but it's not purely from
the command line.
Ryan Hurst
Sent from my phone, please forgive the brevity.
> On Dec 3, 2013, at 5:20 PM, Viktor Dukhovni
> wrote:
>
>> On Tue, Dec 03, 2013 at 12:29:09PM -0800, Ryan Hurst w
Cant be done, though most CAs dont use this information from the request.
Can do something like this:
rem 8. CN, O, OU1, OU2, E, city and all SAN types /w SHA1 & 2048
echo [ req ]>test8.cnf
echo default_bits = 2048>>test8.cnf
echo prompt = no>>test8.cnf
echo encrypt_key = no>>test8.cnf
echo defau
This might be useful http://unmitigatedrisk.com/?p=194
Ryan Hurst
Sent from my phone, please forgive the brevity.
> On Oct 12, 2013, at 12:53 AM, Ted Byers wrote:
>
> I found a Linux FAQ dealing with this subject, but it is very dated
> (11.5 years old) and I do not know how much
Btw let me know if I can ever be of help.
Ryan Hurst
Chief Technology Officer
GMO Globalsign
twitter: @rmhrisk
email: ryan.hu...@globalsign.com
phone: 206-650-7926
Sent from my phone, please forgive the brevity.
On Jun 14, 2013, at 3:09 PM, Jakob Bohm wrote:
> On 6/13/2013 1:50 AM, R
I forgot to respond the the 1 minute reference, we revoke right away and most
CAs do that is just different than pre producing all revoked responses when one
cert is revoked.
Ryan Hurst
Chief Technology Officer
GMO Globalsign
twitter: @rmhrisk
Sent from my phone, please forgive the brevity
PM
To: openssl-users@openssl.org
Subject: Re: Why CA-signed OCSP responders are a bad idea [WAS:Is it me or
is ocsp.comodoca.com doing something wrong?]
On 6/15/2013 1:15 AM, Ryan Hurst wrote:
Thanks for your reply, just one tidbit that surprised me:
>
> CAs are required to produce respo
e returned (geotrust does this); they simply store the
larger response many times even if they already had a signed response that
was valid covering that certid.
Ryan
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jakob B
CA delegated.
Ryan Hurst
Chief Technology Officer
GMO Globalsign
twitter: @rmhrisk
email: ryan.hu...@globalsign.com
phone: 206-650-7926
Sent from my phone, please forgive the brevity.
On Jun 13, 2013, at 3:42 AM, Igor Sverkos wrote:
> Hi,
>
> Ryan Hurst wrote:
>> They are do
t key
material to do the validation.
Ryan
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Igor Sverkos
Sent: Wednesday, June 12, 2013 4:41 PM
To: openssl-users@openssl.org
Subject: Is it me or is ocsp.comodoca.com doing something wrong
I too face this same scenario as Raajeesh. Can anyone provide details
on the exact patch for CVE-2013-0169 that was applied to OpenSSL version
0.9.8y?
Thank you,
~Ryan
On 03/06/2013 12:15 AM, Raajesh Sivaramakrishnan wrote:
Hi,
The product that I am working on is running on OpenSSL
Also this might be useful for implementers:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb931395(v=vs.85).as
px
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jakob Bohm
Sent: Tuesday, March 19, 2013 12:07 PM
To:
shared object
but rather we have /usr/lib/libz.a which contains a libz.so object
(similar to many AIX archive files). Any suggestions for using dso to
include zlib compression with the use of /usr/lib/libz.a rather than
/usr/lib/libz.so?
--
Ryan Watkins
On 02/11/2013 02:48 PM, Dr. Stephen H
o-dso? Running "make tests" for our
0.9.8m build runs successfully through all of the tests.
Do you know if there were significant changes that would impact how
specifying both zlib-dynamic and no-dso is implemented between 0.9.8m
and 1.0.0c?
--
Ryan Watkins
On 02/11/2013 02:48 PM, Dr.
#x27;ve followed the last few times we've built
previous versions of OpenSSL (0.9.8m most recently).
Thanks in advance for any assistance you can provide!
--
Ryan Watkins
__
OpenSSL Project htt
FYI ECC was added to Windows VISTA,
Ryan Hurst
Sent from my phone, please forgive the brevity.
On Jan 30, 2013, at 5:51 AM, "Dr. Stephen Henson" wrote:
> On Wed, Jan 30, 2013, cellecial wrote:
>
>> Hi,
>>
>> I write some code to generate an ECC ce
Improving SSL performance, any support for including TLS Fast Start?
http://blog.chromium.org/2011/05/ssl-falsestart-performance-results.html
https://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00
__
OpenSSL Project
eat detail
myself.
Here is a link I remembered running across recently talking about this
model:
http://crypto.stackexchange.com/questions/1662/how-can-one-securely-generate
-an-asymmetric-key-pair-from-a-short-passphrase
Ryan
From: owner-openssl-us...@openssl.org
[mailto:owner-
Wanting to use AES-NI extension, but I'm not seeing it there.. Using
Intel E3-1230 on a KVM VPS, Using OpenSSL 1.0.1-beta2, straight from a
./config ; make.
[root@fanboy:~]# /usr/local/openssl/bin/openssl engine
(dynamic) Dynamic engine loading support
(4758cca) IBM 4758 CCA hardware engine suppor
With Git, Mercurial and other revision control systems available. Why
is OpenSSL still suck on CVS?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-user
more recent releases correctly?
Any advice would be appreciated.
Regards,
Ryan
to know that answer as well.
BTW, I know that RFC wise there is no requirement that EKUs be consistent
throughput the chain but Windows has had a behavior to treat EKUs in a way
similar to certificate policy and I am curious if openssl decided to do
something similar.
Thanks in advance,
Ryan
I'm using snapshot, is it still required? if so, is there an updated
patch available?
On Thu, Jun 23, 2011 at 10:49 AM, Jeffrey Walton wrote:
> Hi mp3geek,
>
> On Wed, Jun 22, 2011 at 6:05 PM, Ryan B wrote:
>> Is this supported in OpenSSL trunk? Do I need any additional p
Is this supported in OpenSSL trunk? Do I need any additional patches
or updated patches?
http://rt.openssl.org/Ticket/Display.html?id=2065
__
OpenSSL Project http://www.openssl.org
User Support Mail
Using OpenSSL in a 64bit environment (Linux) makes any difference in
performance or speed?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ikuzar
> Sent: Friday, March 18, 2011 5:41 AM
> To: openssl-users@openssl.org
> Subject: Re: data size issue with SSL_read( ) / SSL_write
>
> Ryan, what is the suitable cipher
code
correctly? If it is a bug, the code I looked at goes back several versions, at
least.
Ryan Pfeifle
Sr. Programmer
Voice Print International, Inc.
Immediate Results. Unmatched Value.
Tel: 1.805.389.5200 x5297
Fax: N/A
Email: r...@vpi-corp.com
Web: www.VPI-corp.com
Experience the VPI
bytes in size instead of 3 bytes.
Is this a bug, or is the SSLv2 logic supposed to be pre-massaging the data into
something the SSLv3/TLSv1 logic can consume and I am just not reading the code
correctly? If it is a bug, the code I looked at goes back several versions, at
least.
Ryan Pfeifle
Sr
I forgot to add, I am using client certificate authentication.
httpd.conf
SSLVerifyClient require
SSLVerifyDepth 1
SSLRequireSSL
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
Options FollowSymLinks ExecCGI
Order allow,deny
Allow from all
Configuration changed with no set servername in the SSL conf
Agreed. BCB cannot use VC++ import .lib files. Sorry for not mentioning that
earlier.
Ryan Pfeifle
Sr. Programmer
Voice Print International, Inc.
Immediate Results. Unmatched Value.
Tel: 1.805.389.5200 x5297
Fax: N/A
Email: r...@vpi-corp.com
Web: www.VPI-corp.com
Experience the VPI Value
You do not need to build the library unless you want to customize it. If you
do compile it, it can be used with other compilers. I use the downloaded
version with Borland C++Builder 5 and 6, though it was originally built with
VC++, and it works fine.
Ryan Pfeifle
Sr. Programmer
Voice
int/ca-cert.crt >
cafile.pem'). Then use the following command 'openssl verify -CAfile
cafile user.crt'.
Hope this helps.
-Ryan Smith
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Hugo Garza
Sent: Thursday, July 15, 2010
g large CRLs in my application?
How can I go about troubleshooting this further. Thanks for any help.
-Ryan Smith
in my
application? How can I go about troubleshooting this further? Thanks
for any help.
-Ryan Smith
Ryan Pfeifle
Sr. Programmer
Voice Print International, Inc.
Immediate Results. Unmatched Value.
Tel: 1.805.389.5200 x5297
Fax: N/A
Email: r...@vpi-corp.com
Web: www.VPI-corp.com
Experience the VPI Value Advantage at http://www.VPI-corp.com/Value
The information transmitted in this message
ns of SSL_load_client_CA_file(),
SSL_CTX_use_certificate_file (), SSL_CTX_use_PrivateKey_file(), and
SSL_CTX_load_verify_locations() from scratch using a custom X509_LOOKUP_METHOD
structure and support routines.
Ryan Pfeifle
Sr. Programmer
Voice Print International, Inc.
[cid:vpi_log
gt;X509_STORE_set_flags(Store, VerifyFlags);
>X509_STORE_CTX_init(StoreCtx, Store, X509ToCheck, UntrustedChain);
>X509_STORE_CTX_set_ex_data(StoreCtx, 0, Self)
>X509_STORE_CTX_set_verify_cb(StoreCtx, StoreVerifyCallback);
>X509_STORE_CTX_trusted_stack(StoreCtx, TrustedChain);
>X509_STORE_CTX_set_purp
vance for any advice (or pointers on where to read more),
Ryan
ess to the box.
Thanks,
Ryan
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
this is possible) I get the following errors when calling
FIPS_mode_set()
21086:error:2A07806E:FIPS routines:FIPS_check_dso:fingerprint does not
match:fips.c:212:
Thanks
-Ryan
__
OpenSSL Project
subj, etc...).
Hope this helps.
Ryan G Smith
General Dynamics C4 Systems West (GDC4S West)
8220 E. Roosevelt
Scottsdale, AZ 85257
Office: (480) 441-0708
[EMAIL PROTECTED]
This email message is for the sole use of the intended recipient(s) and
may contain GDC4S confidential or privileged inform
subj, etc...).
Hope this helps.
Ryan G Smith
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated Li
this is not a good idea?
Ryan G Smith
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
f the Linux machine.
Does OpenSSL know how to use the localtime to verify certificates, or
does it always use GMT?
Thanks for the help,
Ryan Phillips
__
OpenSSL Project http://www.openssl.org
Thank you for the clarification. What you have said
makes sense, but I am still a little unclear on what
is meant by "redistribution" and "products derived from [OpenSSL]".
Presumably, a program, e.g. a web browser, could be written
which uses OpenSSL (whether through linking to the libraries or
Richard Koenning wrote:
Ryan Shon wrote:
In particular, we are unclear as to what redistribution rights
the OpenSSL license would grant to customers who purchase
our OpenSSL variant. Would they be allowed to redistribute
our optimized library?
The license enumerates the conditions which
Originally I sent this letter to [EMAIL PROTECTED],
as indicated by the license file, but I never got a
response.
Hopefully you in openssl-users can help.
I work for nFocal, a company in
Rochester, New York. We want to develop a variant of OpenSSL
in which we optimize the cryptography library t
I am trying to decide whether building OpenSSL with
"threads" option is appropriate or not for my particular
situation. The Configure script says that the option
"tr[ies] to create a library that is suitable for
multithreaded applications." How exactly are the libraries
created to be suitable fo
> Are you sure you want to squeeze in the entire OpenSSL
> library into your Blackfin processor?
> What is it that you want?
> Do you want SSL or crypto?
The plan is to build the SSL and crypto libraries so
that applications could be written using some of the
library functions, and these applica
I am attempting to build OpenSSL for the Analog Devices
Blackfin 537 digital signal processing chip using the
VisualDSP++ compiler, also from Analog Devices.
I have been studying the Configure script, and I would
be appreciative of any advice you could give.
I especially would like help determin
file or directory
make[1]: *** [install] Error 1
make: *** [install_sw] Error 1
In the build directory I end up with the following libs:
libcrypto.0.9.8.dylib
libcrypto.dylib
libcrypto.a
libcrypto.pc
libssl.0.9.8.dylib
libssl.dylib
libssl.a
libssl.pc
cheers
On 10/01/06, Ryan Booker <[EM
Hi,
I'm trying to build and install the latest openssl and openssh on
Tiger. I've trawled the archive and couldn't find anything that quite
matched my issue...
I installed openssl with "./config --prefix=/usr/local
--openssldir=/usr/local/openssl" as was recommended somewhere else.
This appeare
;-march=" should be
used instead. Is there a reason why OpenSSL uses "-mcpu="?
Thanks for the time and help, here--OpenSSL and OpenSSH are wonderful
tools, and I appreciate all of the effort that goes into them.
Thanks,
Ryan
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Does OpenSSL support the generation and validation of X9.31
signatures?
Regards,
Ryan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED
I have created my own root certificate and key so i can become my own
CA. Have created singed certs for my imap smtp and webmail server
using the common name computerking.ca. This works fine for mozilla but
with microsoft' s outlook and explorer i get errors about the CN name
not matching the s
I have created my own root certificate and key so i can become my own
CA. Have created singed certs for my imap smtp and webmail server
using the common name computerking.ca. This works fine for mozilla but
with microsoft' s outlook and explorer i get errors about the CN name
not matching
I am having very much trouble making the correct certs for postfix as i
what to become my own CA and sign my own certs. Also i would like to
have my clients click a link on my webpage to import the cert. Does
anyone know of an easy way to do this i have tried many online howto's
and searched the
oices). One problem though, the
dedicated server, unlike a shared server, does not have a SSL certificate.
So, I need one. Can anyone recommend a low cost (preferably free), and easy
to install (since I have to do it myself) SSL
Hi There,
I’ve been searching like mad to find some answers…hoping
you could help me out!
I have Apache 2.0.47 (win32) installed on windows XP with
PHP 4.3.2 (win32) and MySQL 4.0.13 (win32)…all of them are working
perfectly together. Well I’m
trying to install oscommerce shopp
initial thread, it looks like I can’t install ssl on my existing apache/php/mysql
installations and I’ll have to gut everything out.
Ryan
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Brown
Sent: Friday, August 08, 2003 1:17
PM
To
the intermediate cert, the other the server's cert.
You can figure out which one is that of the server by the subject above
the certificate.
Not sure this is always the case.
The resulting format is called pem.
Ryan
> On Fri, Jan 10, 2003 at 04:52:07PM -, Dicks, Gareth M wrote:
>> Hi,
wn version of it for their hp3000 series web
servers.
Any information you may have would be greatly
appreciated.
Ryan
greatly appreciated, thank you in advance.
Ryan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
his is the suggested fix:
make DIRS=crypto SDIRS=sha "`grep '^CFLAG='
Makefile.ssl | sed -e 's/ -O[0-9] / -O0 /'`"
rm `ls crypto/*.o crypto/sha/*.o | grep -v
'sha_dgst\.o'`
make
TIA
- Original Message -
From:
Ryan
Frantz
To: [EMAIL
** Exit
1
Stop.
Am I missing some necessary libraries or
something? Any help wpuld be greatly appreciated.
TIA
Ryan
At 03:18 PM 7/3/2002 +0200, you wrote:
>Ryan Hagan <[EMAIL PROTECTED]> writes:
>
> > Greetings,
> >
> > I've installed OpenSSL (0.9.6c-2) along with sslwrap (2.0.6-5) and
> > apache (1.3.24-3) and PHP (4.1.2-4) on a debian system. I created my
> >
on this server."
With /test/test.php being whatever php file I've tried to open.
But as soon as I change the URL from HTTPS to HTTP it works fine. Any
suggestions? Thanks a million!
Ryan Hagan
Pacificom Multimedia
[EMAI
IS it possible to use RSA_NO_PADDING when calling RSA_public_encrypt?
I get a -1 returned from the RSA_public_encrypt() function?
Thanks
Ryan
__
OpenSSL Project http://www.openssl.org
User
Is there a version of OpenSSL available for Microsoft platforms?
Thanks,
Ryan Browne
Wisetec Networks
-
Wisetec Networks
http://www.wisetec.com/
Super Fast DSL - DSL Internet Access
http://www.superfastdsl.com/
Phone: 909
. Additionally it provisions for creating a validation
profile for a CA so even if a certificate does not contain a pointer to
revocation information you as an administrator/user can set one. The product
is called the ValiCert Desktop Validator.
Ryan
-Original Message-
From: wooce [mailto:[EMAIL
Additionally since it is a self signed certificate place it in both the "My"
store and the "Root" store.
Ryan
-Original Message-
From: Ryan Hurst [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 14, 2001 4:33 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Im
using the MMC Certificate Management tool to import
the certificate instead.
Ryan
-Original Message-
From: Tony Lill [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 14, 2001 2:27 PM
To: [EMAIL PROTECTED]
Subject: Importing self-signed certs into Outlook
I've managed to get
.
Ryan
-Original Message-
From: Zachary Denison [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 13, 2001 10:58 AM
To: [EMAIL PROTECTED]
Subject: RE: installing root CA certificates under windows NT and 2000
I do have rundll32.exe on NT, and netscape keeps
calling this program when I
I briefly tried using the Eracom patch that was submitted with a LunaCA but
was un-successful. I did not spend any time diagnosing but the framework was
good enough to make it work it would just take some time which I did not
have.
Ryan
-Original Message-
From: Steven A. Bade [mailto
Manoj -
The
current 9.7 branch has the OCSP code in it. It has both a client and server
however its server is just a proof of concept; it can not handle multiple concurrent
requests, etc.
Ryan
-Original Message-
From: Manoj Kumar
[mailto:[EMAIL PROTECTED
question, yes it is possible to decrypt the key and
store it with no pass phrase; if I remember correctly you would use the
openssl enc command.
Ryan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, October 13, 2001 10:49 AM
To: [EMAIL PROTECTED]
Subject
Try converting it to DER,
openssl crl -in .\main.crl -out .\main.crl -inform pem -outform der
The url is not reachable so I could not look to see what other problems
there might be..
Ryan
-Original Message-
From: Valery [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 01, 2001 1:05
better bet, Intel chipsets
(810 and greater) have a built in hardware random number generator. Many
unix distributions have /dev/urandom or /dev/random as well.
Ryan
-Original Message-
From: Ashada Karunaratna [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 2:19 AM
To: [EMAIL
Valery --
I am not sure if this is your problem also but I can not get
http://cert.vrn.ru/crl/main.crl however I can get
http://proxy.vrn.ru/crl/main.crl I would make your DP point to that.
Ryan
-Original Message-
From: Valery [mailto:[EMAIL PROTECTED]]
Sent: Thursday
.
Ryan
-Original Message-
From: Valery [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 1:12 AM
To: [EMAIL PROTECTED]
Subject: Please help me!
Hello!
I used the certificate extensions "crlDistributionPoints" in my openssl.cnf
file.
And I faced the following problem.
W
in detail and of the afore mentioned items.
Ryan
-Original Message-----
From: Ryan Hurst [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 08, 2001 7:42 PM
To: 'Rich Salz'
Cc: Openssl-Dev ([EMAIL PROTECTED]); Openssl-Users
([EMAIL PROTECTED])
Subject: RE: OpemSSL Hardware Random N
still say its best to maintain the current
implementations use of this device to allow for code conformity.
I would like to see the FAQ updated to refer to this drivers/hardware
existence.
Ryan
-Original Message-
From: Rich Salz [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 08
linux/*bsd interface to the Intel rng
device.
Rya
-Original Message-
From: Rich Salz [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 08, 2001 1:38 PM
To: Ryan Hurst
Cc: Openssl-Dev ([EMAIL PROTECTED]); Openssl-Users
([EMAIL PROTECTED])
Subject: Re: OpemSSL Hardware Random Number G
it it asks for a passphrase. You can
recreate a key without -des3 option so it stays unencrypted. But make sure
the
file is not world redable.
-Mehmet
On Sep 8, 12:34pm, Ryan Hurst wrote:
> Subject: RE: non passworded server cert?
> Use the OpenSSL command line tool to decrypt the key...
&g
1 - 100 of 112 matches
Mail list logo
