The filenames themselves are insignificant. You can name them anything you
want. The apache configuration file(s) contain key/value pairs where
SSLCertificateFile specifies the path to the file containing your
certificate and SSLCertificateKeyFile specifies the path to the file
containing your priv
Hello,
I think “localhost.crt” and “localhost.key” files using by Apache and they are
mandatory for get a HTTPS certificate. Some tools like "Certbot" need them.
If these files deleted then how can I regenerate them? Is below command OK?
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyo
That's odd. I've been waiting for a post that I sent on Friday to appear.
Nothing so far.
The list seems to be far more active now than on Friday.
On Sun, Apr 29, 2018 at 5:44 PM, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:
>
>- I have posted my question into the forum.
* I have posted my question into the forum. Please kindly approve it as
soon as possible.
Which forum?
The fact that you were able to post to the openssl-users mailing list means you
should just post your question, well, to the openssl-users mailing list. ☺
--
openssl-users mailing list
To
Hello,
I have posted my question into the forum. Please kindly approve it as soon
as possible.
Thanking you,
BR,
Anil Kumar Reddy Morthala
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jakob Bohm
> Sent: Thursday, December 07, 2017 01:44
> >
> Actually in some of my code, I have found that the callback can
> still be useful by examining the SSL session argument to
> heuristically identify likely clien
On 06/12/2017 20:25, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Viktor Dukhovni
Sent: Wednesday, December 06, 2017 13:21
On Dec 6, 2017, at 8:51 AM, Michael Wojcik
wrote:
Note: If you use OpenSSL 1.0.x and you use the DH parameter callb
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Wednesday, December 06, 2017 13:21
>
> > On Dec 6, 2017, at 8:51 AM, Michael Wojcik
> wrote:
> >
> >
> > Note: If you use OpenSSL 1.0.x and you use the DH parameter callback, be
> > aware that
> On Dec 6, 2017, at 8:51 AM, Michael Wojcik
> wrote:
>
>
> Note: If you use OpenSSL 1.0.x and you use the DH parameter callback, be
> aware that the callback isn't invoked in a useful manner by OpenSSL. (It
> always asks for a 1024-bit group, unless an export cipher suite was selected,
>
Hi Rich,
Thanks for the reply. We are planning to use DHE_RSA based ciphers.
Regards
Jaya
On Wed, Dec 6, 2017 at 7:20 PM, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:
> You can re-use the keys, but then you get no forward secrecy, and sessions
> generated with one connectio
Hi Michael,
Thanks for very detailed answers. This will surely help me to investigate
further.
Regards
Jaya
On Wed, Dec 6, 2017 at 7:37 PM, Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Salz, Rich via ope
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Salz, Rich via openssl-users
> Sent: Wednesday, December 06, 2017 08:50
> You can re-use the keys, but then you get no forward secrecy, and sessions
> generated with one connection are
> vulnerable to another.
If yo
For TLSv1.3, servers are no longer allowed to specify arbitrary DH groups (for
finite-field or EC DH). They must use one of the named groups. So for 1.3,
there's no point in generating your own groups; conforming implementations
can't use them.
For finite-field DH, those are the groups specifie
You can re-use the keys, but then you get no forward secrecy, and sessions
generated with one connection are vulnerable to another.
Why are you using DH? Unless you have compelling reasons (interop with
legacy), you really should use ECDHE.
--
openssl-users mailing list
To unsubscribe: https:
Hi Jakob and Paul,
Thank you so much for the reply. We have the RSA certificates. I wanted to
understand how generally DH parameters are generated. Thanks for the
detailed answers.
Regards
Jayalakshmi
On Wed, Dec 6, 2017 at 12:48 AM, Jakob Bohm wrote:
> On 06/12/2017 07:02, Jayalakshmi bhat wr
On 06/12/2017 07:02, Jayalakshmi bhat wrote:
Hi,
We are planning to use DHE_RSA TLS ciphers into our product. I have
few questions on using DH parameter. We would like to use DH-2048.
our product includes both TLS client and server applications. Thus any
time there will be considerable numbe
For DHE_RSA, you first need a pair of RSA certificate/key for signing. And you
if want to use specific DH parameters, you can use the SSL_CTX_set_tmp_dh API,
there is documentation describing how to use this function.
DH parameter could be generated by OpenSSL in many ways, one of the common way
Hi,
We are planning to use DHE_RSA TLS ciphers into our product. I have few
questions on using DH parameter. We would like to use DH-2048.
our product includes both TLS client and server applications. Thus any time
there will be considerable number of active connectioons.
I believe we can use sa
Hi All,
We are using OpenSSL on a multihome device. Device has 4 interfaces. Each
network interface creates one SSL context (SSL_CTX) and supports 16
connections. As per OpenSSL implementation Each SSL context can maintain a
free buffer list of 32. And this retained till SSL context (SSL_CTX) is
Hi,
this is a question to the VMS folks out there.
A few days ago, I took SSL_TASK out of the OpenSSL master branch (that
is, the files crypto/bio/bss_rtcp.c and ssl/ssl_task.c). It never
really belonged in OpenSSL but stayed there for reasons only
historians can tell at this point.
I&#
On Wed, Jun 12, 2013 at 12:02:52PM -0700, anu.engineer wrote:
> Just before signing the certificate the code executes this fragment
>
> pktmp=X509_get_pubkey(ret);
> if (EVP_PKEY_missing_parameters(pktmp) &&
> !EVP_PKEY_missing_parameters(pkey))
> EVP_PKEY_copy_parameters(pktmp,pkey);
> E
Hi Dave,
This is a very detailed and excellent answer, Thank you very much
Anu
On Wed, Jun 12, 2013 at 6:59 PM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of anu.engineer
> >Sent: Wednesday, 12 June, 2013 15:03
>
> > I am reading thru the ca.c in the apps director
>From: owner-openssl-us...@openssl.org On Behalf Of anu.engineer
>Sent: Wednesday, 12 June, 2013 15:03
> I am reading thru the ca.c in the apps directory to understand how
>to issue a certificate using OpenSSL and I came across this fragment
>of code which I am struggling to understand.
>Just b
Hi All,
I am reading thru the ca.c in the apps directory to understand how to
issue a certificate using OpenSSL and I came across this fragment of code
which I am struggling to understand.
Just before signing the certificate the code executes this fragment
pktmp=X509_get_pubkey(ret);
if (EVP_PK
On May 12, 2013, at 6:38 PM, Salz, Rich wrote:
> Many people find the four-letter word at the start of your domain name
> offensive.
>
> I'm assuming you know English well enough to know that, and chose it
> deliberately.
>
> That's reading beyond the cover.
It broadcasts a general lack of r
Many people find the four-letter word at the start of your domain name
offensive.
I'm assuming you know English well enough to know that, and chose it
deliberately.
That's reading beyond the cover.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
_
Hello sir,
You may not know this, but the name you chose for your domain literally
means making babies with lots of random people, violating the trust of
both your wife/husband, other peoples wives and husbands and one of the
10 commandments, while simultaneously risking the spread of related
dis
> I would not answer someone's email from "fuckaround.org" and I find it
> utterly inconsiderate and tasteless
> to send an email with that return address in the first place.
fuckaround.org is my domain to test my server. It's a name like another.
What's the problem?
Do you evalute a book from it
not respond
to such email (in terms of the technical question asked).
StvB
>
> From: "openss...@fuckaround.org"
>To: openssl-users@openssl.org
>Sent: Sunday, May 12, 2013 2:59 AM
>Subject: connection encrypted (a question)
>
&
On 12-05-2013 09:59, openss...@expletitive-deleted.org wrote:
Hi folks! I'm a newbie and I'd like understand know a thing:
I create a certificate and put it to my apache web server
openssl req -x509 -days 365 -newkey rsa:4096 -keyout apache.key -out
apache.crt
everything works perfectly.
The
Hi folks! I'm a newbie and I'd like understand know a thing:
I create a certificate and put it to my apache web server
openssl req -x509 -days 365 -newkey rsa:4096 -keyout apache.key -out
apache.crt
everything works perfectly.
The question: using firefox I see:
Techinical Details
Connection en
ehalf Of Matt Caswell (fr...@baggins.org)
Sent: Friday, May 11, 2012 5:01 AM
To: openssl-users@openssl.org
Subject: Re: A Question on Cipher Format.
TLS = Transport Layer Security
DHE = Diffie Hellman Ephemeral
RSA = Public Key Cryptography algorithm named after inventors, Rivest, Shamir &
gt; Best Regards,
> Siba Shankar Rout
> --
> View this message in context:
> http://old.nabble.com/A-Question-on-Cipher-Format.-tp33772869p33772869.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
>
> __
Dear All,
What is the significance of each phrase in the below cipher suite ?
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
May be this is a dump question. But i am interested to know each phrase.
Best Regards,
Siba Shankar Rout
--
View this message in context:
http://old.nabble.com/A
:14
To: openssl-users@openssl.org
Subject: Re: a question about openssl sessions
On Thu, Apr 19, 2012 at 19:45, Dave Thompson wrote:
> From: owner-openssl-us...@openssl.org On Behalf Of Stéphane Charette
> Sent: Sunday, 15 April, 2012 20:31
> I'm using Openss
On Thu, Apr 19, 2012 at 19:45, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Stéphane
> Charette
> > Sent: Sunday, 15 April, 2012 20:31
>
> > I'm using Openssl to talk to a server that expects to re-use ssl
> > sessions when a client needs to open m
> From: owner-openssl-us...@openssl.org On Behalf Of Stéphane Charette
> Sent: Sunday, 15 April, 2012 20:31
> I'm using Openssl to talk to a server that expects to re-use ssl
> sessions when a client needs to open many SSL connections. I have
> the same code working on Linux a
I've sent 3 e-mails to the list over the past 10 days, but not a single
reply. I'm a bit worried, as I don't know how else to get help on OpenSSL.
I'm using Openssl to talk to a server that expects to re-use ssl sessions
when a client needs to open many SSL connections. I have the same code
work
nssl-us...@openssl.org] *On Behalf Of *William Cai
> *Sent:* Monday, July 06, 2009 3:25 AM
> *To:* openssl-users@openssl.org
> *Subject:* Re: a question about Diffie-Hellman key exchange mode
>
> Thanks Michael! Could you please share me some information about
[mailto:owner-openssl-us...@openssl.org]
On Behalf
Of William Cai
Sent: Monday, July 06, 2009 3:25 AM
To: openssl-users@openssl.org
Subject: Re: a question about Diffie-Hellman key exchange mode
Thanks Michael! Could you please share me some information about when/how to
agree upon p
& g?
Th
Thanks Michael! Could you please share me some information about when/how to
agree upon p & g?
Thanks,
William
From: Michael Sierchio
To: openssl-users@openssl.org
Sent: Sunday, July 5, 2009 11:58:42 PM
Subject: Re: a question about Diffie-Hellman
William Cai wrote:
> According to my understanding, Diffie-Hellman algorithm is based on
> something like this,
> 1. public prime number, p
> 2. public base, g
> 3. Side A's private key, a
> 4. Side A's public key, A = g ^ a mod p
> 5. Side B's private key, b
> 6. Side B's public key, B = g ^ b mo
Hi list,
I get a question regarding Diffie-Hellman key exchange of SSL. Not sure
if this is the right place for such question. But this could be an easy
one for those who are familiar with SSL protocol. :-) Below is cited
from William Stallings' paper.
- cited
> From: owner-openssl-us...@openssl.org On Behalf Of Satish Chandra Kilaru
> Sent: Wednesday, 17 June, 2009 13:50
> In the following sample certificate, there is a tun of
> information before --BEGIN CERTIFICATE--.
> Who is this for? Is it for a human reader to make sense of
> who/what this cert
It's probably because 'openssl req -x509' was used to create it,
without using the -set-serial option.
-Kyle H
On Wed, Jun 17, 2009 at 12:00 PM, Satish Chandra
Kilaru wrote:
> Hi Kyle
>
> Thank you. This was generated using openssl command. Could illegal
> serial number be because of a wrong entr
Hi Kyle
Thank you. This was generated using openssl command. Could illegal
serial number be because of a wrong entry in conf file?
--Satish
On Wed, Jun 17, 2009 at 2:34 PM, Kyle Hamilton wrote:
> It is basically a human-readable expression of the data that's in the
> certificate. Theoretically,
It is basically a human-readable expression of the data that's in the
certificate. Theoretically, the certificate could be regenerated from
the data in this expression, but I've never seen an implementation
that makes it possible.
This certificate is in violation of PKIX because its serial number
Hi
In the following sample certificate, there is a tun of information
before --BEGIN CERTIFICATE--.
Who is this for? Is it for a human reader to make sense of who/what
this certificate is certifying? If it is for a s/w program that uses
certificates, how is this information supposed to be used?
T
> ok. That sounds good. But, what I'm seeing is that the SSL client
> hangs when the message size is more than 16KB.
What do you mean by "the message size"? SSL doesn't have messages that are
visible outside of the SSL implementation itself.
> Do I need to break this large message up in smaller
On Fri, May 15, 2009 at 05:22:16PM -0400, Animesh Chowdhury wrote:
> ok. That sounds good. But, what I'm seeing is that the SSL client hangs when
> the message size is more than 16KB.
> Do I need to break this large message up in smaller chunks or can I use
> SSL_write to send the whole message in
ok. That sounds good. But, what I'm seeing is that the SSL client hangs when
the message size is more than 16KB.
Do I need to break this large message up in smaller chunks or can I use
SSL_write to send the whole message in one shot?
Thanks.
Animesh
On Fri, May 15, 2009 at 3:50 PM, Kyle Hamilton
No matter what you do, the "maximum fragment length" -- the MTU -- is
going to break all of your communications down into smaller packets.
TLS, in its basic form, is designed to be as close as possible to a
replacement for read() and write() -- you read from the connection,
you write to the connec
On Thu May 14 2009, Animesh Chowdhury wrote:
> Hi,
> I've run into an problem where the data that I need to send to the client is
> more than 16KB. How do I set up the session so that I can do the maximum
> fragment length negotiation ?
> Any example code related to this will be extremely helpful.
Hi,
I've run into an problem where the data that I need to send to the client is
more than 16KB. How do I set up the session so that I can do the maximum
fragment length negotiation ?
Any example code related to this will be extremely helpful.
I'm using openssl0.9.8j .
Also if someone can tell me s
ay, April 22, 2009 12:42 PM
To: openssl-users@openssl.org
Subject: Re: A question about mal-formed private keys
On Wed, Apr 22, 2009, Bob Barnes wrote:
> I've been working with OpenSSL to try and convert an existing
> private key generated by an old SSL software package and during the
&
On Wed, Apr 22, 2009, Bob Barnes wrote:
> Steve,
>
> Just so I'm clear, what I hear you saying is that when I re-encrypt the
> RSA private key with the new password, that the error is not propagated to
> the new private key file and that corresponds to what I see when I
> subsequently decrypt
On Wed, Apr 22, 2009, Bob Barnes wrote:
> I've been working with OpenSSL to try and convert an existing private key
> generated by an old SSL software package and during the process of using
> PKCS8 to decrypt from the "Encrypted Private Key" to the "RSA Private Key" I
> get an error "No Octet S
I've been working with OpenSSL to try and convert an existing private key
generated by an old SSL software package and during the process of using
PKCS8 to decrypt from the "Encrypted Private Key" to the "RSA Private Key" I
get an error "No Octet String in PrivateKey". My understanding is that th
> Guys:
> I have a listening socket, waiting for connections from clients. When a
> client connects to my server, I put SSL on socket and spin up a thread
> to handle it. One client is one thread. All of these connections are
> shared by same SSL_CTX ctx. This is the way I handle at the end of thi
> > or i should close all ssl connections based on a ctx before i
> call SSL_CTX_free?
> Yes, you should.
Huh? Why?
What would be the point of having a reference count if you had to get rid of
all other references before you could release your own?
A chunk of code should call SSL_CTX_free as so
PROTECTED] On Behalf Of David Schwartz
Sent: Monday, January 08, 2007 21:38
To: openssl-users@openssl.org
Subject: RE: a question about "SSL_CTX_free"
> guys:
>
> the man page for "SSL_CTX_free" says:
> SSL_CTX_free() decrements the reference count of ctx, and removes
Hello,
> 1. what make the reference count of ctx increase/decrease?
SSL_new()/SSL_free() for example.
> 2. if i call SSL_CTX_free, does that mean all ssl connections based on this
> ctx will be closed automatically?
No.
> or i should close all ssl connections based on a ctx before i call
> SSL_
> guys:
>
> the man page for "SSL_CTX_free" says:
> SSL_CTX_free() decrements the reference count of ctx, and removes
> the SSL_CTX object pointed to by ctx and frees up the allocated
> memory if the the reference count has reached 0.
> i have a couple of questions regarding this:
>
> 1. what make
guys:
the man page for "SSL_CTX_free" says:
SSL_CTX_free() decrements the reference count of ctx, and removes the SSL_CTX
object pointed to by ctx and frees up the allocated memory if the the reference
count has reached 0.
i have a couple of questions regarding this:
1. what make the reference
Recall that even the 'ca' certificate is ultimately self-signed. So
your question is really about why some self-signed certificates are
more trusted than others.
In some fashion you could ask this question about any typical 'brand
name' store. Why is Store-X trusted more than Store-Y? Sim
guys:
we all know that a ca-signed certificate can provide authentication because the
ca is trustable, by using ca-signed certificate, one is saying "i am somebady
because the ca says so". but it seems that a self-signed certificate _cannot_
provide any authentication at all, because by using s
Zhang, Long (Roger) wrote:
> I have created a TLS connection with SSL_connect(ssl) successfully.
...SNIP..
Ah you're asking on the correct list now, you might get a useful answer.
I think you may need to call SSL_clear() after SSL_shutdown() and before
SSL_connect().
But if you are re-using th
Hi,
I have created a TLS connection with SSL_connect(ssl) successfully. Then I call
SSL_shutdown(ssl) to close the TLS connectio sussessfully. Thenn I want to do
the reopen with SSL_connect(ssl) . But I found it failed. The return value from
::SSL_get_error (ssl, status) is SSL_ERROR_SYSCALL, a
Hi,
I have created a TLS connection with SSL_connect(ssl) successfully. Then I call
SSL_shutdown(ssl) to close the TLS connectio sussessfully. Thenn I want to do
the reopen with SSL_connect(ssl) . But I found it failed. The return value from
::SSL_get_error (ssl, status) is SSL_ERROR_SYSCALL, a
is this supposed to be an answer?
View this message in context: Re: a question about loading private key and certificate to the ssl ctx
Sent from the OpenSSL - User forum at Nabble.com.
guys:
usually, we use the
following two apis to load key/certificate:
int SSL_CTX
_use_certificate_file(SSL_CTX *ctx, const char *file, int type);int
SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int
type);
this, if i
understand right, requires a private key and certifica
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of George R Goffe
> Sent: 30 December 2005 22:09
> To: openssl-users@openssl.org
> Subject: a question about building openssl
>
> Howdy,
>
> I have looked a little on t
Howdy,
I have looked a little on the web sites for the answer to this
question but don't see one redily available. I am building openssl
on a redhat 9 system. My question is, "why is /usr/local/bin
hardcoded througout the distribution?" RedHat installs perl it in
/usr/bin and I have to fool around
hello
I read this email http://www.mail-archive.com/openssl-users@openssl.org/msg10920.html
I have the same question, but i don't understand its answers please reply me if you know it now.
very very thank you
Yahoo! for Good
Click here to donate to the Hurricane Katrina relief effort.
> Dear all:
> I have a question about used libraries by openssl toolkits.
> OpenSSL toolkits includes three modules: libssl.a ,libcrypto.a
> ,and openssl.
> Can I only use the command line tool "openssl"
> independently without use any library like "libcr
Dear all:
I have a question about used libraries by openssl toolkits.
OpenSSL toolkits includes three modules: libssl.a ,libcrypto.a ,and openssl.
Can I only use the command line tool "openssl"
independently without use any library like "libcrypto.so.0.9.8" ?
On Wed, Jul 23, 2003, Michiels Olivier wrote:
> Hi,
> I've developped my own ENGINE with OpenSSL. I use that ENGINE to use the
> private keys of my root certificates. Those certificates are used to
> sign X509 certificates, CRLs and OCSP responses.
> On the other part, one of my component that use
Hi,
I've developped my own ENGINE with OpenSSL. I use that ENGINE to use the private keys of my root certificates. Those certificates are used to sign X509 certificates, CRLs and OCSP responses.
On the other part, one of my component that use the ENGINE must open a ssl connection, the private k
On 02-03-26 14:29:47 CET, chenhaiyong wrote:
> Dear webmaster:
who?
> When I use the openssl command:
>
> openssl req -config filename -new -x509 -days
> 365 -key ca.key -out ca.crt
>
> to create a self signed certificate(ca.key is the
> file where the CA's private key is pu
Francesco Dal Bello wrote:
>
> Hi.
>
> I have to build an OCSP client. I've download "openssl-0.9.6c.tar.gz", but I don't
>find right headers referring to this argument.
> Where do I find those headers? How is OpenSSL implementing this protocol?
>
OCSP support was added in 0.9.7, it isn't in
Hi.
I have to build an OCSP client. I've download "openssl-0.9.6c.tar.gz", but I don't
find right headers referring to this argument.
Where do I find those headers? How is OpenSSL implementing this protocol?
Thanks
Francesco Dal Bello
___
Hi.
I would build a client OCSP requestor. I've download "openssl-0.9.6c.tar.gz", but I
don't find right headers referred to this argument.
How do I find those headers? How is OpenSSL implementing this protocol?
Best regards
FDB
> memcpy(iv, "12345678", 8);
> EVP_BytesToKey(EVP_idea_cbc(), EVP_md5(), "salt", pw,
> strlen(pw), 1, key,
> iv);
The salt value should be at least 8 bytes long - you're getting 3
random bytes here.
You don't need to specify an iv value as this function creates it.
- Dale.
hi,
I used EVP interface to encrypt and decrypt,but after I encrypted ,I
couldn't decrypt it . Why?
Any help is appreciated!
void do_cipher(char *pw, int operation,char * InBuf,int InLen,char *
OutBuf,int *OutBuflen)
{
//operation:0:DECRYPT
// 1:
,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
> -Original Message-
> From: Jonas Jakobsson [mailto:[EMAIL PROTECTED]]
> Sent: 06 April 2001 01:03
> To: [EMAIL PROTECTED]
> Subject: Re: a question about install
>
>
&
> before i comple the openssl,i use the vcvars32.bat in the directory
D:\Program Files\Microsoft Visual Studio\VC98\Bin
> but it tell me that out of the environment space,what shoud i do !
I had the same problem.
The soultion was in my case was to cut down the size of my path variable in
confi
Hi,all
before i comple the openssl,i use the vcvars32.bat in the directory D:\Program
Files\Microsoft Visual Studio\VC98\Bin
but it tell me that out of the environment space,what shoud i do !And another question
,i want to know how I.E support ssl.Do i need make any changes about I.E?
thank yo
]
_
- Original Message -
From: NG, Wei Yang
To: '[EMAIL PROTECTED]'
Cc: CHOONG, Woon Leng [Cheryn]
Sent: Monday, April 02, 2001 3:09 AM
Subject: A Question
Hi,
Hope that someone can help on this.
I have modified a sample SSL server code obtained fr
Title: A Question
Hi,
Hope that someone can help on this.
I have modified a sample SSL server code obtained from OpenSSL to implement a simple SSL server. Previously the server was working fine until recently, the problem happens at SSL_accept.
The SSL_accept return -1 value and when I
> I'm still fighting against casual fall-downs with my server and OpenSSL. I
> found an interesting point from OpenSSL man pages that mentioned two
> important call back functions that have to be set. "locking_funktion" and
> "id_function". If I understood correctly the id one is not
> needed with
"Wirta, Ville" wrote:
>
> Hi all!
>
> I'm still fighting against casual fall-downs with my server and OpenSSL. I
> found an interesting point from OpenSSL man pages that mentioned two
> important call back functions that have to be set. "locking_funktion" and
> "id_function". If I understood cor
Hi all!
I'm still fighting against casual fall-downs with my server and OpenSSL. I
found an interesting point from OpenSSL man pages that mentioned two
important call back functions that have to be set. "locking_funktion" and
"id_function". If I understood correctly the id one is not needed with
Well I'm not Richard - but he is a really nice guy and I'm a nice guy
too and have done some work on this before so I'll help you out.
What you are speaking of is commonly known as a "secret sharing
scheme".
Most people start with shamir's secret sharing scheme. check out wei
dai's crypt++ fo
Hi Mr Richard,
For some reason, I was about to programme
for a "distributed storage" for a private key.
But I have no idea about how can do
this.
This is my problem:
There are 6 people
can hold the private key. When four of them meet together, they can
resto
Dear Sir/Madam:
I am using openssl to build a CA. When I use "ca -revoke" to revoke
a cert, it changes my index.txt, but did not enter it to the crl_revoke
list of the crl.pem.
What can I do with this problem?
Qin,Xiangping
Tsinghua, China
I have created a crl using the openssl command:
ca -gencrl -config somepath/mypolicy.cnf -out anotherpath/mycrl.crl
I have also tried to convert mycrl.crl to some other formats (DER, TXT);
Whatever the format I use, Netscape Communicator refuses to load the crl
and says:
"The certificate revoca
96 matches
Mail list logo
