Re: PKCS12 question

2006-11-01 Thread Olaf Gellert
Krishna Prasad wrote: > Hi > > A PKCS#12 file will have to contain the private key,you cannot have only > the > certificate in PKCS#12 format. Yes. Maybe you want a PKCS7-File? This is supported by many applications, too. Using OpenSSL PKCS7 files are generated a bit counterintuitive: You use the

Re: SSL Client authendication

2006-11-01 Thread Victor B. Wagner
On 2006.10.31 at 22:13:06 +0400, Eshwaramoorthy Babu wrote: >Hi Bernhard, > >Thanks for your response. > >Thanks for your response. >We have already purchased the certificate. But we do not have have private >key with us. because we have submitted the csr request from CA's we

Re: PKCS12 question

2006-11-01 Thread Dr. Stephen Henson
On Tue, Oct 31, 2006, Eshwaramoorthy Babu wrote: > Hi, > > Is it possible to have only the certificate in PKCS12 file. > > I do not want to include my private key . I just want my certificate in > PKCS12 format. > If so Can anyone tell me the command to convert the certificate into PKCS12 > I

openSSL/ Zlib issue

2006-11-01 Thread Tom Cates
Morning, I'm building on HP-UX IA64 11.23. I link to openssl-0.9.8d (which was configured/built for 'hpux64-ia64-gcc'.) This version of openssl seems to have a problem with the zlib package I have installed (0.9.6g could build linking to this zlib) I'm checking into how I"ve built zlib to s

Re: openSSL/ Zlib issue

2006-11-01 Thread Marek Marcola
Hello, > ld: Mismatched Data ABI. Expected EF_IA_64_ABI64 but found None in file > /usr/local/DevTools/zlib/native64/zlib-1.2.3/libz.a[compress.o] > Fatal error. This error may occur when library is compiled on PA64 and is linked on IA64. When linking is performed on IA64 all libraries must be com

RE: openSSL/ Zlib issue

2006-11-01 Thread Tom Cates
$ file libz.a libz.a: archive file I've compiled both zlib and openssl on the same machine where I'm doing the building. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Marek Marcola Sent: Wednesday, November 01, 2006 10:10 AM To: openssl-users@open

Hi

2006-11-01 Thread Marlonbasta
Hi, This is my first message. I find information about ECC and OpenSSL, I don't find anything in the web site of openSSL. I registered to mailing list to find information and documentation about it. Thank's Sorry for bad english -- Stefano Landucci blog:http://marlonbando.blogspot.com/ i

RE: openSSL/ Zlib issue

2006-11-01 Thread Marek Marcola
Hello, > $ file libz.a > libz.a: archive file I forgot that with static libraries this gives not much information, try then: $ ar xf libz.a compress.o $ file compress.o Maybe this file is IA32 compiled and you are tried do IA64 executable file. This must much too. Best rega

RE: openSSL/ Zlib issue

2006-11-01 Thread Tom Cates
Thanks, I tried that and see this: $ ar xf libz.a compress.o $ file compress.o compress.o: ELF-64 relocatable object file - IA64 This is *after* I recompiled zlib with -mlp64 flag. Which apparently gets me past the mismatched error. But now I see these: ld: Unsatisfied symbol "__udivdi3

RE: openSSL/ Zlib issue

2006-11-01 Thread Marek Marcola
Hello, > ld: Unsatisfied symbol "__udivdi3" in file > /usr/local/DevTools/openssl/native64/ > openssl-0.9.8d/libcrypto.a[b_print.o] > ld: Unsatisfied symbol "__divsi3" in file > /usr/local/DevTools/openssl/native64/o > penssl-0.9.8d/libcrypto.a[bn_exp.o] > ld: Unsatisfied symbol "__modsi3" in fil

RE: openSSL/ Zlib issue

2006-11-01 Thread Tom Cates
Thanks, I'll try that! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Marek Marcola Sent: Wednesday, November 01, 2006 11:31 AM To: openssl-users@openssl.org Subject: RE: openSSL/ Zlib issue Hello, > ld: Unsatisfied symbol "__udivdi3" in file > /usr/local

Understanding the Engine-Hardware support

2006-11-01 Thread John A. Gallant
Hello Everyone, I have a question around the area of the Hardware device support that is used by the various Engines in OpenSSL. In the 0.9.8.a tree there are files for engines like Attala, uBSec, CryptoSwift etc. This is the area in OpenSSL is what I am currently interested in understanding

N00B needs csr/key help

2006-11-01 Thread Aaron Martinez
I am trying to get my copy of pure-ftpd running with a signed certificate and having a horrible time. I had to send them a csr so i did the following: openssl genrsa -des3 -out ftp.mydomain.com.key 1024 openssl req -new -key ftp.mydomain.com.key -out ftp.mydomain.com.csr I got the key signed

Re: Understanding the Engine-Hardware support

2006-11-01 Thread Wes Kussmaul
Hello indeed, You're not by any chance the John Gallant whose former home we might have visited on Bradford Road while making our trick or treating rounds last night are you? Wes Kussmaul John A. Gallant wrote: Hello Everyone, I have a question around the area of the Hardware device supp

verify issuer of a cert

2006-11-01 Thread Bin Lu
Hi there, I have 2 certificates in X509 and I want to verify if one cert is the issuer of the other, not using the (issuer)name comparison. What is the APIshould I use to verify the signature ? I tried the following but it doesn't work: X509 *cert, *issuer; int result = X509_verify(ce

exception from ssleay32.dll

2006-11-01 Thread Stewart Nelson
I am trying to fetch a page with perl by HTTPS (for a new project), but perl is crashing. When the following code is run, perl crashes: require LWP::UserAgent; $ua = LWP::UserAgent->new; $response = $ua->get('https://www.example.com/'); www.example.com does not listen on the HTTPS port, but that

RE: N00B needs csr/key help

2006-11-01 Thread Dmitrij Mironov
Hi Aaron, There is no need to generate now another one key set - you can remove des3 encryption from your existing RSA keys. Try this openssl rsa command: openssl rsa -in key.pem -out keyout.pem keyout.pem will be clean from any passphrases :) Regards, Dmitrij > -Original Message-

Re: Understanding the Engine-Hardware support

2006-11-01 Thread Wes Kussmaul
Sorry, that was supposed to be private. Wes Kussmaul wrote: Hello indeed, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Autom

How to do client verification?

2006-11-01 Thread Edward Chan
Title: How to do client verification? Hi there, I'm wondering what is the usual criteria for doing client verification?  I've got everything coded to ask the client for a cert, and I get the cert by calling SSL_get_peer_certificate().  But I don't know what to check for to verify the client

RE: How to do client verification?

2006-11-01 Thread David Schwartz
> I'm wondering what is the usual criteria for doing client > verification? I've got everything coded to ask the client > for a cert, and I get the cert by calling > SSL_get_peer_certificate(). But I don't know what to check > for to verify the client's identity. Is there some standard > field(

verify issuer of a cert

2006-11-01 Thread Bin Lu
Hi there, I have 2 certificates in X509 and I want to verify if one cert is the issuer of the other, not using the (issuer)name comparison. What is the APIshould I use to verify the signature ? I tried the following but it doesn't work: X509 *cert, *issuer; int result = X509_verify(cert,

RE: How to do client verification?

2006-11-01 Thread Edward Chan
I want to verify that whoever the client is claiming to be, is actually allowed to connect. However, I don't know where to find this information in the cert. Are there standard fields where this information can be found. For example, in the book, "Network Security with OpenSSL", there is sample

RE: How to do client verification?

2006-11-01 Thread Edward Chan
For example, would something like this be the right way to verify a client, int postAcceptCheck(SSL_CTX* ssl, set allowed_clients) { X509* cert = SSL_get_peer_certificate(ssl); if (cert) { X509_NAME* name = X509_get_subject_name(cert);

Re: verify issuer of a cert

2006-11-01 Thread Krishna Prasad
You can check for the Authority Key Identifier and in that the certificate serial number of the issuer.   regards   krishna   On 11/2/06, Bin Lu <[EMAIL PROTECTED]> wrote: Hi there,I have 2 certificates in X509 and I want to verify if one cert is theissuer of the other, not using the (issuer)name c