*will*
> happen.
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager
On 7/26/2011 10:16 PM, Katif wrote:
Can you tell me what are the application dependency factor here so we'll be
able to chase a limit?
It is used as an RSA key exchange certification/private key pairing.
Thanks...
Maximum RSA key size supported.
Extensions supported.
DS
__
On 26 Jul 2011, at 10:16 PM, Katif wrote:
> Can you tell me what are the application dependency factor here so we'll be
> able to chase a limit?
>
> It is used as an RSA key exchange certification/private key pairing.
>
> Thanks...
The two things that are variable size are the key material it
http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
>
--
View this message in context:
http://old.nabble.com/Simple-question%3A-Ma
On 7/26/2011 4:38 AM, Katif wrote:
I need to know in advance the maximum length of the following three PEM
formatted files (excluding the -BEGIN/END lines):
It's application-dependent. There is no answer in general.
DS
_
Is that possible in general? There's no maximum key size
or signature size, and certificates can have extensions.
I typically read the file size first, then allocate memory, then
read the file.
In general, hard coding a maximum length is used to enable a
buffer overflow attack. :-)
owner-open
-
MIIDCDCCAfACCQDhtkeHC+WN+DANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJQ
TD
-END CERTIFICATE-
Thanks..
--
View this message in context:
http://old.nabble.com/Simple-question%3A-Maximum-length-of-PEM-file--tp32139325p32139325.html
Sent from the OpenSSL - User mailing list archive at Nabble.com
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Bryan Boone
Sent: Mon 7/26/2010 3:10 PM
To: openssl-users@openssl.org
Subject: Re: Simple question about SSL certs
Oh sorry, I think I was using the wrong terminology.
Let me see if I have this straight.
If my cli
users@openssl.org; openssl-users@openssl.org
Sent: Mon, July 26, 2010 2:31:20 PM
Subject: RE: Simple question about SSL certs
Again, the purpose of the client cert is to authenticate you to the remote (in
this case LDAP) server. It can be used to restrict WHO can access the server
REGARDLESS of
to the user, but this
is less secure from the user's perspective.
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Wim Lewis
Sent: Mon 7/26/2010 1:51 PM
To: openssl-users@openssl.org
Subject: Re: Simple question about SSL certs
On Jul 26, 2010, at 12:55 PM, Bryan B
se them
unless the LDAP server is configured to require them.
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Bryan Boone
Sent: Mon 7/26/2010 2:09 PM
To: openssl-users@openssl.org
Subject: Re: Simple question about SSL certs
Hi Rene, thanks for the reply.
Well
On Jul 26, 2010, at 12:55 PM, Bryan Boone wrote:
> I would like to write an LDAP client that when a user connects to an LDAP
> server with SSL, that the client cert is automatically downloaded to the
> client. Then a prompt asks the client to accept or reject the cert. Is this
> possible when
he Jxplorer.
thanks
From: Rene Hollan
To: openssl-users@openssl.org; openssl-users@openssl.org
Sent: Mon, July 26, 2010 1:43:19 PM
Subject: RE: Simple question about SSL certs
What you are asking for does not make sense. The point of the client cert is to
establish
on a secure web server), and have it push the client cert
to you.
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Bryan Boone
Sent: Mon 7/26/2010 12:55 PM
To: openssl-users@openssl.org
Subject: Simple question about SSL certs
Hi everyone, I am a noob when it comes
Hi everyone, I am a noob when it comes to SSL and I have an easy question but I
don't have the time to look up the answer myself.
I am trying to write an LDAP client. I need this client to use SSL as well. I
am using the openldap server and C libraries. Here is what the openldap web
page say
Joshua Juran wrote:
On May 19, 2005, at 4:03 PM, Miles Bradford wrote:
So when you send the CSR including the Public Key - you would send
them the
(your) Private Key, also? Then they sign it with a Private Key they've
created? and send it back?
You don't give away your private key to anybo
Mathias Sundman wrote:
On Wed, 18 May 2005, Ken Goldman wrote:
All correct for authentication. There are times that public keys or
certificates are encrypted using a DH protocol for privacy. You might
not want a man in the middle to track where you go, and a certificate
is your identity.
Correct
On May 19, 2005, at 4:03 PM, Miles Bradford wrote:
So when you send the CSR including the Public Key - you would send
them the
(your) Private Key, also? Then they sign it with a Private Key they've
created? and send it back?
You don't give away your private key to anybody, not even the
certifica
wartz
Cc: openssl-users@openssl.org
Subject: RE: simple question again
> The particular pages or components retrieved over the SSL link (the one
> retrieved through URLs beginning with 'https'), will be sent over
encrypted
> links. In addition, the endpoint will be validated.
Joshua Juran wrote:
On May 18, 2005, at 2:45 PM, Miles Bradford wrote:
My question on top of that was - "How could someone intercept an
encrypted
message and get to the information inside the certificate without
corrupting
the encryption that the data is wrapped in - since once the perpetrator
le
On Wed, 18 May 2005, Ken Goldman wrote:
All correct for authentication. There are times that public keys or
certificates are encrypted using a DH protocol for privacy. You might
not want a man in the middle to track where you go, and a certificate
is your identity.
Correct me if I'm wrong, but my
> The particular pages or components retrieved over the SSL link (the one
> retrieved through URLs beginning with 'https'), will be sent over encrypted
> links. In addition, the endpoint will be validated. So that if you retrieve
> 'https://www.amazon.com/anything/goes/here', you will receive a
Hello :(
As usual trolling..
The particular pages or components retrieved over the SSL link (the one
retrieved through URLs beginning with 'https'), will be sent over encrypted
links. In addition, the endpoint will be validated. So that if you retrieve
'https://www.amazon.com/anything/goes/
might be visible but could not be used to "get into"
because of private keys.
Sorry if I got a bit brash.
Thanks
Miles
Regards,
Vadym
-----Original Message-
From: Vadym Fedyukovych [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 17, 2005 6:40 PM
To: openssl-users@openssl.org
Subject: Re
> Ken Goldman wrote:
> > All correct for authentication. There are times that public keys or
> > certificates are encrypted using a DH protocol for privacy. You might
> > not want a man in the middle to track where you go, and a certificate
> > is your identity.
> >
>
> That's somewhat of an ov
Ken Goldman wrote:
> All correct for authentication. There are times that public keys or
> certificates are encrypted using a DH protocol for privacy. You might
> not want a man in the middle to track where you go, and a certificate
> is your identity.
>
That's somewhat of an oversimplification
> Thanks to the both of you...Josh and Ken.
>
> My questions got answered and I have a better understanding.
>
> and now --
>
> So - I put SSL inside an i-frame and when the user comes into my website -
> accepts my certificate - from that point on all documentation sent either
> back and forth is
just validated only?
Miles
-Original Message-
From: Ken Goldman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 18, 2005 12:52 PM
To: openssl-users@openssl.org
Subject: Re: simple question again
All correct for authentication. There are times that public keys or
certificates are
All correct for authentication. There are times that public keys or
certificates are encrypted using a DH protocol for privacy. You might
not want a man in the middle to track where you go, and a certificate
is your identity.
> From: Joshua Juran <[EMAIL PROTECTED]>
> Date: Wed, 18 May 2005 15:3
On May 18, 2005, at 2:45 PM, Miles Bradford wrote:
My question on top of that was - "How could someone intercept an
encrypted
message and get to the information inside the certificate without
corrupting
the encryption that the data is wrapped in - since once the perpetrator
learned who you are -
to the perspective system?
If someone has figured out that it is "Okay" - I'd like to find out "Why"
and "How".
Sorry if I got a bit brash.
Thanks
Miles
-Original Message-
From: Vadym Fedyukovych [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 17, 2005
>
> Ok, so if it is not a problem if the cetifiacte is intercepted, how to "prove
> that you are the party the certificate was issued to by demonstrating
> possession of the private key " ?
> Is it a special configuration the VPN ?
>
> thx
> david
>
You now have a public key, anything you enc
> Ok, so if it is not a problem if the cetifiacte is intercepted, how
> to "prove that you are the party the certificate was issued to by
> demonstrating possession of the private key " ? Is it a special
> configuration the VPN ?
Typically, the receiver of the certificate sends a challenge to the
> A certificate essentially says something like "I am Verisign, and I certify
> that Joe Schmoe is the rightful owner of the private key whose corresponding
> public key is X".
>
> The certificate itself is generally considered public information and it is
> not a problem if the certificate is
d - you. Don't try to piss on people with some
sort of holier than thou crap.
SSL is broken on a daily basis with the Bluecoat and just as easy as I said.
Go away and quit bothering me with whatever.
-Original Message-
From: David Schwartz [mailto:[EMAIL PROTECTED]
Sent: Tuesday,
sage-
From: David Schwartz [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 17, 2005 4:22 PM
To: openssl-users@openssl.org
Subject: RE: Re: simple question again
> This is why in my other replies to whomever - I made the
> statement about how
> fast all this can be done. It takes at l
> This is why in my other replies to whomever - I made the
> statement about how
> fast all this can be done. It takes at least 3 good handshakes to get
> onboard a SSL site - but, what matters the most is that
> &*_*&)^&^)*_**;qwepqowifskljfas that surrounds the key - is intact and not
> minus o
PM
To: openssl-users@openssl.org
Subject: RE: Re: simple question again
> > > if somebody intercepts the certificate while it is in transit
> > > on the network, this person can use this certificate ?
> > If you have a certificate you can verify something that's been
> > > if somebody intercepts the certificate while it is in transit
> > > on the network, this person can use this certificate ?
> > If you have a certificate you can verify something that's been signed
> > with the private key, or you can encrypt something so that only the
> > holder of the priv
That's correct - that's why IBM is buying Bluecoat.
SSL is nothing to a Bluecoat. Child's play :)
-Original Message-
From: Rich Salz [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 17, 2005 1:23 PM
To: Miles Bradford
Cc: 'openssl-users@openssl.org'
Subject: Re: simp
much a
non-happening event.
-Original Message-
From: david [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 17, 2005 9:23 AM
To: Rich Salz
Cc: openssl-users@openssl.org
Subject: Re: Re: simple question again
> > if somebody intercepts the certificate while it is in transit on the
network
-Original
Message-From: david
[mailto:[EMAIL PROTECTED]Sent: Tuesday, May 17, 2005 4:48
AMTo: openssl-users@openssl.orgSubject: simple question
again
When a CA signs a certificate request , then the certificate is sent to the
user . for this, is the certif
> > if somebody intercepts the certificate while it is in transit on the
> > network, this person can use this certificate ?
>
> If you have a certificate you can verify something that's been signed
> with the private key, or you can encrypt something so that only the
> holder of the private k
D]>
> Objet: Re: simple question again
> Date: Tue, 17 May 2005 09:47:43 -0400
> > When a CA signs a certificate request , then the certificate is sent to
> > the user . for this, is the certifictate automatically encrypted with
> > the user public key ?
>
> Rarel
When a CA signs a certificate request , then the certificate is sent to the user . for this, is the certifictate automatically encrypted with the user public key ?
thx
david
Interview 50 Cent 100% I am what I am...
Hi everybody. I have a question to do. I'm
developing an aplicattion wich uses certificates in der format and private key
files in PKCS#1 format. I need to read a private key file in PKCS#1 format .
Does anyone know some function to read that file and obtain the private
key in a EVP_PKEY va
: [EMAIL PROTECTED]
Subject: simple question !
Hello all,
What is the difference between
openssl-engine-0.9.6g.tar.gz
Hello all,
What is the difference between
openssl-engine-0.9.6g.tar.gz
and
Hi
I am trying to do something extremely simple, and not succeeding!
I want to encrypt and sign some data, and send it to a person
whose public key I have. I want to be able to do this with a
password for a private key that is supplied via a webpage form
(to sign the data). I'm going in total cir
TED]]
Sent: Thursday, September 06, 2001 5:06 PM
To: [EMAIL PROTECTED]
Subject: Re: simple question about OpenSSL and HTTP
Mars,
have a look at http://www.modssl.org/
cheers,
Sean
MARS.LIN ªL¨|¼w wrote:
>
> I have a simple question about OpenSSL and HTTP
> I try to enhance httpd codes in
Mars,
have a look at http://www.modssl.org/
cheers,
Sean
MARS.LIN ªL¨|¼w wrote:
>
> I have a simple question about OpenSSL and HTTP
> I try to enhance httpd codes into secure one, such as httpsd.
> could i simply combine openssl library with httpd codes for that?
> are ther
Hi folks,
I have a simple question about OpenSSL and HTTP
I try to enhance httpd codes into secure one, such as httpsd.
could i simply combine openssl library with httpd codes for that?
are there any different between http and https except for the ssl
handshacking?
best regards,
Mars
Hi all,
How do I serialize an RSA private key into DER?
I tried by using the i2d_RSAPrivateKey(...) but it crashed.
My code snippet:
---
RSA *rsa = RSA_generate_key(1024, 0x10001, NULL, NULL);
unsigned char der[1]; // ought to be eno
Dear Knut,
I dont think it's possible to use client certificates whith Net::SSLeay.
On Mon, 12 Feb 2001, Knut Olav Bøhmer wrote:
>
> The script you se under Is a very simple script. It asks a server for a
> page, over ssl. Is it possible to make the script use X509 client
> certificate?
>
>
The script you se under Is a very simple script. It asks a server for a
page, over ssl. Is it possible to make the script use X509 client
certificate?
Or does annyone have a simple example on how to use client certificate in
a simple way?
--- simple script
use Net::SSLeay;
Net::SS
Hi,
Could anyone tell me how to compile openssl-0.9.1c on NT4.0 without the
ASM routines?
I keep on receiving the error about: " ml file not found". Yes, I don´t
have de assembler.
Thanks for your help.
Heber.
__
OpenSSL Proje
56 matches
Mail list logo
