It's actually not only that it is self-signed. The extension:
X509v3 Basic Constraints:
CA:TRUE
Should not be TRUE, it should be FALSE. Only CAs have this set as TRUE
(just as it says). Apache obviously does not like this either since this
occurs in the log:
-
[Mon D
On Mon, Dec 08, 2003 at 12:48:50PM -0600, Kenneth R. Robinette wrote:
> I am getting the following error message with release 0.9.7c but not
> with 0.9.7b. Any clues what would cause this?
>
> SSL_R_MISSING_EXPORT_TMP_RSA_KEY
> located in ssl/s3_clnt.c
>
> It happens with an SSL Globus based ap
How do we check if Window is running open-source openssl?
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing
Is Sun Solaris 5.8 affected by DoS vulnerablity (11/4/03)? My local machine is running open group 0.9.6c. Should I upgrade?
dan
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing
On Wed, Dec 10, 2003, von dan wrote:
> Is Sun Solaris 5.8 affected by DoS vulnerablity (11/4/03)? My local machine
> is running open group 0.9.6c. Should I upgrade?
>
0.9.6c is affected by several vulnerabilities, some of them much worse than
that DoS one. You should upgrade as soon as possible
Hello !
When I use this code :
"UK",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Wez Furlong",
"emailAddress" => "[EMAIL PROTEC
I'm writing a set of columns on building an open source XKMS server.
Some folks here might be interested in this month's column:
http://webservices.xml.com/pub/a/ws/2003/12/09/salz.html
I tried to provide a fair amount of detail about setting up an
enterprise PKI, the audited root signing cere
Hi all,
We're using openssl within a multi-threaded Java-based server which supports multiple
concurrent non-blocking socket connections. And on our production stack, the server
is crashing with this "Unexpected Signal : 11" error every 2-3 weeks or so (I think
its happen a total of 4 times in
I was surprised that if I had something like:
countryCode_min = 2
in my config, that the "req" command didn't require the RDN to be
specified. How do folks feel about a "_required" suffix to handle this?
countryCode_required = yes
I know that this really depends on the policy of the CA, b
Ok, so this wound up being a bug in my code where I
was malloc(sizeof(len)) instead of simply malloc(len).
Now I'm wondering if I'm going about things correctly,
should I be using DSA to sign things? DSA seems to only
support signing something of up to 20 bytes.
Should I be doing an MD5 of my da
Now I'm wondering if I'm going about things correctly,
should I be using DSA to sign things? DSA seems to only
support signing something of up to 20 bytes.
Right. You do DSA(SHA-1(data))
Don't use MD5; there are security concerns. DSA is much less common
than RSA.
Anything else I should be lo
* Rich Salz <[EMAIL PROTECTED]> [031210 12:16] wrote:
> >Now I'm wondering if I'm going about things correctly,
> >should I be using DSA to sign things? DSA seems to only
> >support signing something of up to 20 bytes.
>
> Right. You do DSA(SHA-1(data))
>
> Don't use MD5; there are security con
In message <[EMAIL PROTECTED]> on Wed, 10 Dec 2003 14:57:36 -0500, Rich Salz <[EMAIL
PROTECTED]> said:
rsalz> I was surprised that if I had something like:
rsalz> countryCode_min = 2
rsalz> in my config, that the "req" command didn't require the RDN to be
rsalz> specified. How do folks fee
Uhmm, so you want to create something that could be in contradiction
with what's written in the policy section (did you look there?)? And
in case of contradiction, what takes priority, the _required setting
or the policy setting?
Yes, it's possible to get things out of sync. But more usefully, it
can somebody please tell me what is wrong here. looks ok to me.
[XXX]# /usr/bin/openssl dgst -md5 -sign /root/cust_pvt.key /root/a
unable to load key file
[XXX]# /usr/bin/openssl dgst -d -md5 -sign /root/cust_pvt.key /root/a
unable to load key file
BIO[080A8E38]:Free - FILE pointer
[XXX]
In message <[EMAIL PROTECTED]> on Wed, 10 Dec 2003 16:12:11 -0500, Rich Salz <[EMAIL
PROTECTED]> said:
rsalz> > Uhmm, so you want to create something that could be in contradiction
rsalz> > with what's written in the policy section (did you look there?)? And
rsalz> > in case of contradiction, wh
So, then use SHA-1 instead? What do you mean by DSA being less common
than RSA?
Yes, use SHA-1. I exaggerate, but: nobody uses DSA in the real world.
Why would they? It's 1K (or greater) RSA; cutting-edge folks use ECC.
Given the cryptographic naivete of your questions, you are better of
usin
There, I feel better now :-).
Glad there was a misunderstanding. I couldn't figure out why you
disliked the idea so strongly.
As for the CA, I'm not sure it should redo the kind of enforcement
you're talking about, but it may be worth pondering over...
It would be nice if it did, but since "-ver
I feel good knowing you're on it.
This dood votes 'Aye'. I'd use it *CoughSomedayCough*.
[insert plug for eric's book]
On Dec 10, 2003, at 12:57 PM, Rich Salz wrote:
I was surprised that if I had something like:
countryCode_min = 2
in my config, that the "req" command didn't require the RDN
Hi,
I have downloaded OpenSSL-0.9.7c and use Red Hat 9.
I wish to run the demos: cli.cpp, serv.cpp and
inetdserv.cpp in the demos/ssl directory
I move the cli.cpp, serv.cpp, inetdserv.cpp to
client.c, server.c and inetdserv.c
pwd:
/usr/local/openssl-0.9.7c/demos/ssl
WHEN I DO
$gcc -I/usr/loca
20 matches
Mail list logo
