Hi all!
After upgrading to OpenSSL 0.9.8 I received a lot of warnings about
'long long' datatype not supported by C89 (I compile with -ansi).
Now I have to compile with -std=c99 instead.
I guess this is done intentionally (I mean breaking C89? )
Best Regards
Steffen Fiksdal
___
I run into "invalid CA certificate" (X509_V_ERR_INVALID_CA) error when I
was trying to
verify a third level certificates with OpenSSL 0.9.8. It seems that the
code in check_chain_extensions()
function in crypto/x509/x509_vfy.c file assumes that either certificate
must be directly signed by CA
cert
Steffen Fiksdal writes:
After upgrading to OpenSSL 0.9.8 I received a lot of warnings about
'long long' datatype not supported by C89 (I compile with -ansi).
Which files did you get that warning on (I'd be happy to take a look at a
build log), and what compiler (including the version)? A sma
Aleksey Sanin writes:
I run into "invalid CA certificate" (X509_V_ERR_INVALID_CA) error when I
was trying to
verify a third level certificates with OpenSSL 0.9.8. It seems that the
code in check_chain_extensions()
function in crypto/x509/x509_vfy.c file assumes that either certificate
must be di
> Steffen Fiksdal writes:
>
> > After upgrading to OpenSSL 0.9.8 I received a lot of warnings about
> > 'long long' datatype not supported by C89 (I compile with -ansi).
>
> Which files did you get that warning on (I'd be happy to take a look at a
> build log), and what compiler (including the ver
Steffen Fiksdal writes:
I use gcc 3.2.3 on a Linux 2.4 box. In gcc 3.2.3 the "-ansi" flag means
compliance with C89. If this has changed in later gcc's I don't know.
There's a quick solution, BTW: -Wno-long-long
Since your platform obviously can handle long long, I think it's safe to
suppre
Thanks for quick response and explanations! You are right, the
second certificate in the chain did not have CA ext flag set and
0.9.8 did not like it while 0.9.6/0.9.7 ignore this problem.
Very strange that I missed this till now :(
Thanks again,
Aleksey
Yes this work's Good Bugfix. And how can we inform the maintainers, so that
he can correct the build files?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Yaroslavsky
Sent: Friday, July 08, 2005 5:19 AM
To: Alex Yaroslavsky
Subject: Re[2]: openssl-
Aleksey Sanin writes:
Thanks for quick response and explanations! You are right, the
second certificate in the chain did not have CA ext flag set and
0.9.8 did not like it while 0.9.6/0.9.7 ignore this problem.
Yup, it's true, OpenSSL has become tougher on non-compliant CA certificates.
---
Hi,
I am a novice user of OpenSSL using openssl 0.9.7.
The problem is when I give say 10 bytes of data to AES_cbc_encrypt(with AES_ENCRYPT), I get 16 bytes of encrypted data and when I pass the same 16 bytes of encrypted data to AES_cbc_encrypt(with AES_DECRYPT) I get 16 bytes of decrypted data
Bhupendra K Joshi writes:
The problem is when I give say 10 bytes of data to AES_cbc_encrypt(with AES_ENCRYPT), I get 16 bytes of encrypted data and when I pass the same 16 bytes of encrypted data to AES_cbc_encrypt(with AES_DECRYPT) I get 16 bytes of decrypted data.
How can I determine the ac
Hello, Frank!
FB> Yes this work's Good Bugfix. And how can we inform the maintainers, so that
FB> he can correct the build files?
I'm new here, so I don't know how it works. I think what needs to be
done is the "prerl -> asm" line added to the bat file (like all other
asm creation) and the created
Hi,
I have some questions on ephemeral keying.
1. In the man page for SSL_CTX_set_tmp_dh_callback the example shows
that the same params are used for all connections. Is it safe?
2. I have seen the man page for dhparam. The generators can be 2 or 5.
Why only two generators are used? Which one is
Thank You Richard
What I was thinking was to append the length at the start to the plain text and then send it for encryption and while after decryption read the length and only send that much data.
Richard Levitte <[EMAIL PROTECTED]> wrote:
Bhupendra K Joshi writes: > The problem is when I give sa
Jagannadha Bhattu wrote:
Hi,
I have some questions on ephemeral keying.
1. In the man page for SSL_CTX_set_tmp_dh_callback the example shows
that the same params are used for all connections. Is it safe?
Hardness of (computational) Diffie-Hellman problem does not suffer from
using the same gr
Title: Certificate for Smart Card Logon
Hello,
I am trying to generate a certificate to be used for Windows Smart Card Logon from my Internal Certificate Server. I know that I need the UPN in the otherName of the SubjectAltName extension. The OID for the UPN is 1.3.6.1.4.1.311.20.2.3.
My C
Hi there,
Is there a way to return form a blocking SSL_read call after a given
amount of time, like recv() can?
Thanks
Alexandre Brizard
--
RTFM Yeah, if there was a DECENT manual in the first place.
___
On Fri, Jul 08, 2005 at 10:52:47AM +0200, Richard Levitte wrote:
> Aleksey Sanin writes:
>
> >Thanks for quick response and explanations! You are right, the
> >second certificate in the chain did not have CA ext flag set and
> >0.9.8 did not like it while 0.9.6/0.9.7 ignore this problem.
>
> Yu
Thanks once again for the help, Steve. I've gotten beyond the
segmentation fault using your suggestions. Now I'm getting the
following error on the PKCS7_verify call:
error:2106906D:PKCS7 routines:PKCS7_dataInit:unknown digest type
Once again, I suspect it's something I'm doing. Given a file
"pt2
Victor Duchovni writes:
Should we call not allowing CA certs with CA:FALSE or a Key Usage that
does not include certificate signing "less buggy", rather than "tougher"?
Sure :-).
Cheers,
Richard
-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsori
at page 72 in rfc2246 :The following cipher specifications are carryovers from SSL Version 2.0. These are assumed to use RSA for key exchange and authentication.
my question was about this note. Mr Tveit, pleas explain more for me about "signature be omitted entirely" in anonymous key exchang
I will be out of the office starting 08.07.2005 and will not return until
25.07.2005.
I will respond to your message when I return.
__
OpenSSL Project http://www.openssl.org
User Support Mailing L
amineh salehi <[EMAIL PROTECTED]> writes:
> at page 72 in rfc2246 :The following cipher specifications are carryovers
> from SSL Version 2.0. These are assumed to use RSA for key exchange and
> authentication.
> my question was about this note.
The lines you quoted is at page 66 of RFC2246.
DH k
All -
I am working to integrate a smart card as part of a certificate request
on Linux with OpenSSL but I am having a hard time using a script file to
keep the engine loaded AND use it for a certificate request.
Interactively with openSSL everything works fine. I can load the engine
with one co
Bonjour,
Hodie post. Non. Iul. MMV est, Robinson, Richard L (Rick) scripsit:
> I get errors indicating the engine (pkcs11) is not known. This sort of
> makes sense if the engine was discarded ones the previous command was
> exited. I have tried various engine IDs but have had not luck.
Use the
Hi,
I’m a newbie in OpenSSL.
I wrote me a SSLClient and a SSLServer for testing
OpenSSL under Window2K. I’m using winsockets.
My problem is, when I send the SSL Hello message to
the server (with SSL_connect) I get an error (SSL_ERROR_SSL). The errorcode
says me, that’s an protocol error
Check out the "openssl s_client" and "openssl s_server" command line
tools. These will help you isolate which side might be causing the
problem.
On Jul 8, 2005, at 9:15 AM, Ertel, Holger wrote:
Hi,
I’m a newbie in OpenSSL.
I wrote me a SSLClient and a SSLServer for testing OpenSSL under
Which are the variable I have to set when I install openssl 0.9.8 on
my debian system? And how have I to set them?
I can't use the apt because it stops at 0.9.7 version and I need to
use the newer one.
bye
pana
__
OpenSSL Project
OK, I found out what the problem was: line endings.
I run my Cygwin mounts in binmode, and I used WinZip to extract the .tar.gz,
so Makefile.org had \r\n line endings.
Apparently, perl (as of v5.8.7, built for cygwin-thread-multi-64int) was
seeing the \r\n line endings. This is normal for peo
Nabil Ghadiali wrote:
Hello,
I am trying to generate a certificate to be used for Windows Smart Card
Logon from my Internal Certificate Server. I know that I need the UPN in
the otherName of the SubjectAltName extension. The OID for the UPN is
1.3.6.1.4.1.311.20.2.3.
My Certificate Server h
I will be out of the office starting 08.07.2005 and will not return until
25.07.2005.
I will respond to your message when I return.
__
OpenSSL Project http://www.openssl.org
User Support Mailing L
Hello,
Know anyone how to extract clearly information about certificate of
client into C module in apache. For example extract the name of CA that
signed the client certificate and use it.
Thanks, Fran.
__
OpenSSL Project
Hello everybody,
I'm new in this list and I have a question, maybe a newbie question for most of the users, but I'm in a big trouble and need help on this matter. This is the problem:
I have to add 3 new OIDs to my issued certificates, so I added them in the openssl.cnf config file this way:
I am still running into a few problems and am hoping for a little more
debugging assistance.
I created these entries in my configuration file (certsc.cnf):
engine = engine_section
[ engine_section ]
smartcard = smartcard_engine
[ smartcard_engine ]
engine_id = smartcard
SO_PATH = /usr/lib/
I am trying to install the latest OpenSSl on linux (fedora). what
directories should i use for my install? what should be the file paths
in openssl.cfg?
thanks
HS
__
OpenSSL Project http://www.ope
I made SSL keys by open ssl but i can not use them on my server for runnig HTTPS.
I using CPanel and my server is linux.
help me please.
thanks.
Sell on Yahoo! Auctions - No fees. Bid on great items.
36 matches
Mail list logo
