Re: P7B to PEM format Conversion.

2001-12-03 Thread Averroes 

Hi srinu

Cat the cert in PEM the last one need to be the Root CA

RootCA, SubCa1, Sub-SubCA1

Exemple:

]# cat Sub-SubCA1 > ./path/to/cachain.pem
]# cat SubCA1 >> ./path/to/cachain.pem
}# cat RooCA >> ./path/to/cachain.pem

Ciao!


> srinu wrote:
> 
> I have a Root Certificate and another Intermediate root Certificate issued by
> the root installed in my browser.
> I imported the intermediate Certificate to a p7b file and also checked the
> option include all Certificates in the path.
> Now i want to Convert this P7B file into PEM text format so that the PEM will
> contain all the certificates in the trusted path. I donno how to do so. what
> utility i need to use for this conversion.
> 
> Thanks in advance.
> srinu

-- 
# .- ...- . .-. .-. --- . ... .- .-.-.- .- -.-- ...  .-
# Averroes A. Aysha
# Think Linux, Think Slackware!
# e-fingerprint = 63:B0:7D:A1:23:BC:25:96:AE:B7:76:36:F3:07:1F:88
# .- ...- . .-. .-. --- . ... .- .-.-.- .- -.-- ...  .-


smime.p7s
Description: S/MIME Cryptographic Signature

RE: FW: updates (SSL-Certificates-HOWTO)

2001-12-03 Thread Franck Martin 

Michael,

As you may read below, I have written an SSL HOWTO. Averroes, suggested to
me to use the text of the configuration file on your site to describe the
openssl.cnf file. I know that you have released your software under GPL, but
I prefer to ask you if you authorise me to include some part of your text
inside my SSL HOWTO. Proper achnowledgement will be done.

Thanks in advance for your positive answer.

Franck Martin
Network and Database Development Officer
SOPAC South Pacific Applied Geoscience Commission
Fiji
E-mail: [EMAIL PROTECTED]  
Web site: http://www.sopac.org/
 Support FMaps: http://fmaps.sourceforge.net/
 

This e-mail is intended for its addresses only. Do not forward this e-mail
without approval. The views expressed in this e-mail may not be necessarily
the views of SOPAC.



-Original Message-
From: Averroes [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 4 December 2001 5:36 
To: [EMAIL PROTECTED]
Subject: Re: FW: updates (SSL-Certificates-HOWTO)


Hi Franck,

Cool How-to
But it be nice to describe all relevant options in config file
"openssl.cnf" before to build any certificate.
Since the default option are simple.

You should take in consideration the config file
of pyCA: http://www.pyca.de/config.html

Regards

Franck Martin wrote:
> 
> For your information
> 
> I will now add the comments I have received as well as the
> ssl-cert-HOWTO.txt inside it...
> 
> Franck Martin
> Network and Database Development Officer

> 
>   SSL Certificates HOWTO
>   Franck Martin  <[EMAIL PROTECTED]>
>   v0.1  2001-11-18
> 
>   A first hand approach on how to manage a certificate authority (CA),
>   and issue or sign certificates to be used for secure web, secure
>   e-mail, or signing code and other usages.
> 
> * NEW entry
> http://www.linuxdoc.org/HOWTO/SSL-Certificates-HOWTO/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: FW: updates (SSL-Certificates-HOWTO)

2001-12-03 Thread Averroes 

Hi Franck,

Cool How-to
But it be nice to describe all relevant options in config file
"openssl.cnf" before to build any certificate.
Since the default option are simple.

You should take in consideration the config file
of pyCA: http://www.pyca.de/config.html

Regards

Franck Martin wrote:
> 
> For your information
> 
> I will now add the comments I have received as well as the
> ssl-cert-HOWTO.txt inside it...
> 
> Franck Martin
> Network and Database Development Officer

> 
>   SSL Certificates HOWTO
>   Franck Martin  <[EMAIL PROTECTED]>
>   v0.1  2001-11-18
> 
>   A first hand approach on how to manage a certificate authority (CA),
>   and issue or sign certificates to be used for secure web, secure
>   e-mail, or signing code and other usages.
> 
> * NEW entry
> http://www.linuxdoc.org/HOWTO/SSL-Certificates-HOWTO/
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

-- 
# .- ...- . .-. .-. --- . ... .- .-.-.- .- -.-- ...  .-
# Averroes A. Aysha
# Think Linux, Think Slackware!
# e-fingerprint = 63:B0:7D:A1:23:BC:25:96:AE:B7:76:36:F3:07:1F:88
# .- ...- . .-. .-. --- . ... .- .-.-.- .- -.-- ...  .-


smime.p7s
Description: S/MIME Cryptographic Signature

ÉÏÍø£¬Äú¿¼ÂǹÜÀíÁËÂð£¿

2001-12-03 Thread ÄãµÄÅóÓÑ 





  
  

  

  


  
  
  
  

  


  
  
  

  
  

  


  

  
  

  ÉÏÍø£¬Äú¿¼ÂǹÜÀíÁËÂ𣿡ª¡ªÏêϸ×ÊÁÏÇëµã»÷ 
  ÕâÁ½Ä꣬µ½´¦¶¼ÔÚ¸ãÉÏÍø¹¤³Ì£¬Ì¸ÂÛÈý´óÒªËØ£ºInfrastructure»ù´¡ÉèÊ©¡¢ApplicationÓ¦Óá¢InformationÐÅÏ¢£¬ÕâÈý´óÒªËر»ÐÎÏóµØ±ÈÓ÷ΪÐÅÏ¢¸ßËÙ¹«Â·¡¢³µºÍ»õ¡£µ«ÊÇ£¬ÓÐÒ»¸ö·Ç³£ÖØÒªµÄÒªËر»ºöÂÔÁË£¬ÄǾÍÊǹÜÀí¡£¸ù¾ÝFBIµÄÑо¿±íÃ÷£ºÓÉÓÚÉÏÍøδʵʩ¹ÜÀí¶øÒý·¢µÄ²ÆÎñºÍ°²È«ÎÊÌâÖУ¬97%ÊÇÓÉÓÚÄÚ²¿ÈËÔ±ÀÄÓÃÍøÂç·ÃÎÊ£¬55%ÊÇÄÚ²¿ÈËÔ±·Ç·¨·ÃÎÊ¡£ÔÚʵʩÉÏÍø¹ÜÀíµÄ»ú¹¹£¬³É±¾·ÑÓÃÖ§³öºÍ°²È«ÎÊÌⶼµÃµ½ÓÐЧµÄ¿ØÖÆ£¬Ð§ÂÊ´ó·ù¶ÈÌá¸ß¡£¡­¡­  
  
  ÄúÒѾ­ÔÚ¿¼ÂÇÉÏÍø¹ÜÀí£¬µ«ÊÇÄúÓÐËù¹ËÂÇ£º 
  ÄúºÜÏ뽫ÉÏÍø¹ÜºÃ£¬µ«ÊÇÄúÓÐËùµ£ÓÇ£»ÄúÒѾ­¿¼ÂÇÉÏÍø¹ÜÀíÁË£¬µ«ÊÇÄúÓöµ½ÁËеÄÂé·³£º
  (1)    
  Ñ¡Ë­µÄºÃÄØ£¿
  (2)    
  ÔõÑù²ÅÄܱÜÃâÅäÖú͹ÜÀíÌ«¸´ÔÓµÄÎÊÌâÄØ£¿
  (3)    
  ÈçºÎ±ÜÃâÖظ´»¨Ç®ÎÊÌâÄØ£¿  
  Òײ©BroadenGate£¬È«·½Î»ÉÏÍø¹ÜÀí£¬¡°Ò»Õ¾Ê½¡±½â¾ö·½°¸ 
  
  Òײ©Êǹú¼ÊÖªÃûµÄÈí¼þ¿ª·¢É̺ͷþÎñÍâ°üÉÌ£¬ÔÚ»¥ÁªÍø¼¼ÊõÁìÓò¾ßÓÐ6ÄêÒÔÉϵÄרҵ¾­Ñ飬ÏÖÓÐÔ±¹¤½ü400ÈË¡£Òײ©ÒÔ¡°È«·½Î»ÉÏÍø¹ÜÀí¡±ÎªÌØÉ«µÄBroadenGateÉÏÍø¹ÜÀí²úÆ·£¬³«µ¼¡°Ò»Õ¾Ê½¡±½â¾ö·½°¸£¬ÒýÓò¿Êð»¥ÁªÍøÓ¦ÓÃÕâһз½·¨£¬ÈÃÄúµÄÉÏÍø¹ÜÀíʡʱ¡¢Ê¡Á¦¡¢Ê¡ÐÄ¡¢Ê¡Ç®¡£
  Òײ©BroadenGateÉÏÍø¹ÜÀí-È«·½Î»µÄ²úÆ·Ïß 
  
  Òײ©BroadenGateÉÏÍø¹ÜÀí-È«·½Î»µÄ·þÎñÌåϵ 
  
  Òײ©BroadenGateÉÏÍø¹ÜÀí-È«·½Î»¿Í»§µÄÊ¢Óþ 
  
  Òײ©BroadenGateÉÏÍø¹ÜÀí-È«·½Î»ºÏ×÷»ï°éµÄÖ§³Ö
  ¡¡
  ÈçÓûÁ˽â²úÆ·ºÍ·þÎñÏêϸÐÅÏ¢£¬ÇëÁªÏµ£º
  ×îвúÆ·ÏêϸÐÅÏ¢£º²úÆ·¾­Àí£º¶Å°®Æ¼ [EMAIL PROTECTED] 
  µç»°£º010-65224665/67ת300
  ÖйúÇøÓò²úÆ·×Éѯ£ºÏúÊÛЭÀí£ºÐ¤½Ý   [EMAIL PROTECTED] 
  µç»°£º010-65224665/67ת118
  Öйú±±·½ÇøÓòÏúÊÛ£ºÏúÊÛ¾­Àí£ºÌÆÀö   [EMAIL PROTECTED]  
  µç»°£º010-65224665/67ת127
  ÖйúÄÏ·½ÇøÓòÏúÊÛ£ºÏúÊÛ¾­Àí£º·ë½¨Ó [EMAIL PROTECTED]   
  µç»°£º0755-6716652/54ת
  Öйú¶«²¿ÇøÓòÏúÊÛ£ºÏúÊÛ¾­Àí£ºÐ¤Ô½Éî [EMAIL PROTECTED]   
  µç»°£º021-64383414/3854ת
  ±±¾©¹úÐÅÒײ©Èí¼þϵͳÓÐÏÞ¹«Ë¾
  µØÖ·£º£¨15£©±±¾©¶«ËÄÄÏ´ó½Ö249ºÅ±±¼Æ´óÂ¥7²ã
  µç»°£º010-65224665/67 65239715/17/35/36/37/39   
  ´«Õ棺010-65239897   
  


  
  
·µ»Ø>>

  
  

  
°æȨËùÓÐ ±±¾©¹úÐÅÒײ©Èí¼þϵͳÓÐÏÞ¹«Ë¾ 

  
  

  


  ¹ØÓÚBroadenGate
  |
  ºÏ×÷»ï°é
  |
  ÍøÕ¾µ¼º½ 
  |
  ÁªÏµ·½Ê½ 
  |
  °æȨÉùÃ÷ 

  ¡¶µçÐÅÓëÐÅÏ¢·þÎñÒµÎñ¾­ÓªÐí¿ÉÖ¤¡·±àºÅ£º¾©ICPÖ¤000109

ÉÏÍø£¬Äú¿¼ÂǹÜÀíÁËÂð£¿

2001-12-03 Thread ÄãµÄÅóÓÑ 





  
  

  

  


  
  
  
  

  


  
  
  

  
  

  


  

  
  

  ÉÏÍø£¬Äú¿¼ÂǹÜÀíÁËÂ𣿡ª¡ªÏêϸ×ÊÁÏÇëµã»÷ 
  ÕâÁ½Ä꣬µ½´¦¶¼ÔÚ¸ãÉÏÍø¹¤³Ì£¬Ì¸ÂÛÈý´óÒªËØ£ºInfrastructure»ù´¡ÉèÊ©¡¢ApplicationÓ¦Óá¢InformationÐÅÏ¢£¬ÕâÈý´óÒªËر»ÐÎÏóµØ±ÈÓ÷ΪÐÅÏ¢¸ßËÙ¹«Â·¡¢³µºÍ»õ¡£µ«ÊÇ£¬ÓÐÒ»¸ö·Ç³£ÖØÒªµÄÒªËر»ºöÂÔÁË£¬ÄǾÍÊǹÜÀí¡£¸ù¾ÝFBIµÄÑо¿±íÃ÷£ºÓÉÓÚÉÏÍøδʵʩ¹ÜÀí¶øÒý·¢µÄ²ÆÎñºÍ°²È«ÎÊÌâÖУ¬97%ÊÇÓÉÓÚÄÚ²¿ÈËÔ±ÀÄÓÃÍøÂç·ÃÎÊ£¬55%ÊÇÄÚ²¿ÈËÔ±·Ç·¨·ÃÎÊ¡£ÔÚʵʩÉÏÍø¹ÜÀíµÄ»ú¹¹£¬³É±¾·ÑÓÃÖ§³öºÍ°²È«ÎÊÌⶼµÃµ½ÓÐЧµÄ¿ØÖÆ£¬Ð§ÂÊ´ó·ù¶ÈÌá¸ß¡£¡­¡­  
  
  ÄúÒѾ­ÔÚ¿¼ÂÇÉÏÍø¹ÜÀí£¬µ«ÊÇÄúÓÐËù¹ËÂÇ£º 
  ÄúºÜÏ뽫ÉÏÍø¹ÜºÃ£¬µ«ÊÇÄúÓÐËùµ£ÓÇ£»ÄúÒѾ­¿¼ÂÇÉÏÍø¹ÜÀíÁË£¬µ«ÊÇÄúÓöµ½ÁËеÄÂé·³£º
  (1)    
  Ñ¡Ë­µÄºÃÄØ£¿
  (2)    
  ÔõÑù²ÅÄܱÜÃâÅäÖú͹ÜÀíÌ«¸´ÔÓµÄÎÊÌâÄØ£¿
  (3)    
  ÈçºÎ±ÜÃâÖظ´»¨Ç®ÎÊÌâÄØ£¿  
  Òײ©BroadenGate£¬È«·½Î»ÉÏÍø¹ÜÀí£¬¡°Ò»Õ¾Ê½¡±½â¾ö·½°¸ 
  
  Òײ©Êǹú¼ÊÖªÃûµÄÈí¼þ¿ª·¢É̺ͷþÎñÍâ°üÉÌ£¬ÔÚ»¥ÁªÍø¼¼ÊõÁìÓò¾ßÓÐ6ÄêÒÔÉϵÄרҵ¾­Ñ飬ÏÖÓÐÔ±¹¤½ü400ÈË¡£Òײ©ÒÔ¡°È«·½Î»ÉÏÍø¹ÜÀí¡±ÎªÌØÉ«µÄBroadenGateÉÏÍø¹ÜÀí²úÆ·£¬³«µ¼¡°Ò»Õ¾Ê½¡±½â¾ö·½°¸£¬ÒýÓò¿Êð»¥ÁªÍøÓ¦ÓÃÕâһз½·¨£¬ÈÃÄúµÄÉÏÍø¹ÜÀíʡʱ¡¢Ê¡Á¦¡¢Ê¡ÐÄ¡¢Ê¡Ç®¡£
  Òײ©BroadenGateÉÏÍø¹ÜÀí-È«·½Î»µÄ²úÆ·Ïß 
  
  Òײ©BroadenGateÉÏÍø¹ÜÀí-È«·½Î»µÄ·þÎñÌåϵ 
  
  Òײ©BroadenGateÉÏÍø¹ÜÀí-È«·½Î»¿Í»§µÄÊ¢Óþ 
  
  Òײ©BroadenGateÉÏÍø¹ÜÀí-È«·½Î»ºÏ×÷»ï°éµÄÖ§³Ö
  ¡¡
  ÈçÓûÁ˽â²úÆ·ºÍ·þÎñÏêϸÐÅÏ¢£¬ÇëÁªÏµ£º
  ×îвúÆ·ÏêϸÐÅÏ¢£º²úÆ·¾­Àí£º¶Å°®Æ¼ [EMAIL PROTECTED] 
  µç»°£º010-65224665/67ת300
  ÖйúÇøÓò²úÆ·×Éѯ£ºÏúÊÛЭÀí£ºÐ¤½Ý   [EMAIL PROTECTED] 
  µç»°£º010-65224665/67ת118
  Öйú±±·½ÇøÓòÏúÊÛ£ºÏúÊÛ¾­Àí£ºÌÆÀö   [EMAIL PROTECTED]  
  µç»°£º010-65224665/67ת127
  ÖйúÄÏ·½ÇøÓòÏúÊÛ£ºÏúÊÛ¾­Àí£º·ë½¨Ó [EMAIL PROTECTED]   
  µç»°£º0755-6716652/54ת
  Öйú¶«²¿ÇøÓòÏúÊÛ£ºÏúÊÛ¾­Àí£ºÐ¤Ô½Éî [EMAIL PROTECTED]   
  µç»°£º021-64383414/3854ת
  ±±¾©¹úÐÅÒײ©Èí¼þϵͳÓÐÏÞ¹«Ë¾
  µØÖ·£º£¨15£©±±¾©¶«ËÄÄÏ´ó½Ö249ºÅ±±¼Æ´óÂ¥7²ã
  µç»°£º010-65224665/67 65239715/17/35/36/37/39   
  ´«Õ棺010-65239897   
  


  
  
·µ»Ø>>

  
  

  
°æȨËùÓÐ ±±¾©¹úÐÅÒײ©Èí¼þϵͳÓÐÏÞ¹«Ë¾ 

  
  

  


  ¹ØÓÚBroadenGate
  |
  ºÏ×÷»ï°é
  |
  ÍøÕ¾µ¼º½ 
  |
  ÁªÏµ·½Ê½ 
  |
  °æȨÉùÃ÷ 

  ¡¶µçÐÅÓëÐÅÏ¢·þÎñÒµÎñ¾­ÓªÐí¿ÉÖ¤¡·±àºÅ£º¾©ICPÖ¤000109

Re: Running Apache/SSL and openSSL on Solaris 7

2001-12-03 Thread Edgar Hodge 

Waleed,
I would install Apache first, but it really doesn't matter.
Check-out
www.apache-ssl.org
E.
At 06:06 PM 12/3/01 -0600, you wrote:
 
I need a document that states what should be
installed first or if it does not matter to install APACHE then
OPENSSL
 
 Can you please answer these questions for
me:
 
 I already have Apache 1.3.20 installed
and running 
 I would like to get APache/SSL also
running, do I remove Apache 1.3.20 and redo the installation of Apache
and SSL ??
 Please help me out.
 
 Thanks
 Waleed
 

REMOVE

2001-12-03 Thread Indika De Silva 
REMOVE__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSH Keys and JSSE

2001-12-03 Thread Jeremy Levy 

Is it possible to use key/certificates that are generated with OPENSSH in
Java Secure Sockets and vice a versa keys created with keytool can be used
with openSSH?  If no, how do I get the 2 to work together?

Thanks

JL

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Running Apache/SSL and openSSL on Solaris 7

2001-12-03 Thread Waleed Hamad 



 
I need a document 
that states what should be installed first or if it does not matter to install 
APACHE then OPENSSL
 
 Can you please 
answer these questions for me:
 
 I already have 
Apache 1.3.20 installed and running 
 I would like 
to get APache/SSL also running, do I remove Apache 1.3.20 and redo the 
installation of Apache and SSL ??
 Please help me 
out.
 
 Thanks
 Waleed
 

FW: updates (SSL-Certificates-HOWTO)

2001-12-03 Thread Franck Martin 

For your information

I will now add the comments I have received as well as the
ssl-cert-HOWTO.txt inside it...

Franck Martin
Network and Database Development Officer
SOPAC South Pacific Applied Geoscience Commission
Fiji
E-mail: [EMAIL PROTECTED]  
Web site: http://www.sopac.org/
 Support FMaps: http://fmaps.sourceforge.net/
 

This e-mail is intended for its addresses only. Do not forward this e-mail
without approval. The views expressed in this e-mail may not be necessarily
the views of SOPAC.



-Original Message-
From: Greg Ferguson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 4 December 2001 3:18 
To: [EMAIL PROTECTED]
Subject: updates (SSL-Certificates-HOWTO)


  SSL Certificates HOWTO
  Franck Martin  <[EMAIL PROTECTED]>
  v0.1  2001-11-18

  A first hand approach on how to manage a certificate authority (CA),
  and issue or sign certificates to be used for secure web, secure
  e-mail, or signing code and other usages.

* NEW entry
http://www.linuxdoc.org/HOWTO/SSL-Certificates-HOWTO/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

random file???

2001-12-03 Thread Rosner, Seth 

I am trying to run the command line /usr/local/ssl/bin/openssl -req -new
-nodes -keyout private.key -out public.csr  to create a verisign
certificate.  I am getting the PRNG not seeded error message.  How do I
create a .rand file?  Any suggestions? Thanks

I read the faq, not a lot of help:

[USER]
1. Why do I get a "PRNG not seeded" error message?
Cryptographic software needs a source of unpredictable data to work
correctly. Many open source operating systems provide a "randomness device"
that serves this purpose. On other systems, applications have to call the
RAND_add() <../docs/crypto/RAND_add.html> or RAND_seed() function with
appropriate data before generating keys or performing public key encryption.
(These functions initialize the pseudo-random number generator, PRNG.) 
Some broken applications do not do this. As of version 0.9.5, the OpenSSL
functions that need randomness report an error if the random number
generator has not been seeded with at least 128 bits of randomness. If this
error occurs, please contact the author of the application you are using. It
is likely that it never worked correctly. OpenSSL 0.9.5 and later make the
error visible by refusing to perform potentially insecure encryption. 
On systems without /dev/urandom and /dev/random, it is a good idea to use
the Entropy Gathering Demon (EGD); see the RAND_egd()
<../docs/crypto/RAND_egd.html> manpage for details. Starting with version
0.9.7, OpenSSL will automatically look for an EGD socket at
/var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and /etc/entropy. 
Most components of the openssl command line utility automatically try to
seed the random number generator from a file. The name of the default
seeding file is determined as follows: If environment variable RANDFILE is
set, then it names the seeding file. Otherwise if environment variable HOME
is set, then the seeding file is $HOME/.rnd. If neither RANDFILE nor HOME is
set, versions up to OpenSSL 0.9.6 will use file .rnd in the current
directory while OpenSSL 0.9.6a uses no default seeding file at all. OpenSSL
0.9.6b and later will behave similarly to 0.9.6a, but will use a default of
"C:\" for HOME on Windows systems if the environment variable has not been
set. 
If the default seeding file does not exist or is too short, the "PRNG not
seeded" error message may occur. 
The openssl command line utility will write back a new state to the default
seeding file (and create this file if necessary) unless there was no
sufficient seeding. 
Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. Use
the "-rand" option of the OpenSSL command line tools instead. The $RANDFILE
environment variable and $HOME/.rnd are only used by the OpenSSL command
line tools. Applications using the OpenSSL library provide their own
configuration options to specify the entropy source, please check out the
documentation coming the with application. 
For Solaris 2.6, Tim Nibbe <[EMAIL PROTECTED]> and others have suggested
installing the SUNski package from Sun patch 105710-01 (Sparc) which adds a
/dev/random device and make sure it gets used, usually through $RANDFILE.
There are probably similar patches for the other Solaris versions. However,
be warned that /dev/random is usually a blocking device, which may have some
effects on OpenSSL. 



Seth Rosner
Webmaster - OpenTV.com

 <<...OLE_Obj...>> 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Q about padding

2001-12-03 Thread Dr S N Henson 

Keresztfalvi Laszlo wrote:
> 
> 
> 
> When decrypting the final block is checked to see if it has the correct
> form.
> 
> Although the decryption operation can produce an error if padding is
> enabled, it is not a strong test that the input data or key is correct. A
> random block has better than 1 in 256 chance of being of the correct format
> and problems with the input data earlier on will not produce a final decrypt
> error.
> 
> 
> Would you please tell me what exactly can be the problem with padding?
> 

Its not a problem more a limitation.

> I hope this does not mean that I cannot decrypt what I encrypt with the same
> parameter (padding enabled). Does this mean that padding can be tricked too
> easily or what?
> 

All it is really saying is that passing the padding test (that is
EVP_DecryptFinal completing without error) is not by itself a realiable
guarantee of the integrity of the decrypted data or indeed the
correctness of the decryption key. The structure of the padding is such
that if the last byte of the last block decrypted is 01 then it is
considered valid. The chance of this happening is 1 in 256 for random
data.

Additionally only the final block is tested so errors earlier in the
data will not produce any error at all.

Protocols which in which integrity of the data is important use
additional techniques such as message digests.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

REMOVE

2001-12-03 Thread Celina Rebello 

REMOVE

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.286 / Virus Database: 152 - Release Date: 9/10/2001

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

bad rsa decrypt

2001-12-03 Thread Dario Prester 



Hello,
I am getting this error with Apache Web Server and 
mod_ssl (2.8.3-1.3.19)
 
OpenSSL: error:1408B076:SSL 
routines:SSL3_GET_CLIENT_KEY_EXCHANGE:bad rsa decrypt
 
I get this error while testing my http server with 
"openssl s_client -connect localhost:443"
What is wrong ?
 
Anyone can help me to fix it ?
 
Thanks in advance
 
Dario PresterP&T-TPD PAITALTEL 
SPALocalità Bivio Foresta  SS. 113Carini (PA) - ITALYtel. +39 
091 8615 577fax. +39 091 8615 288e-mail: [EMAIL PROTECTED]

bad rsa decrypt

2001-12-03 Thread Dario Prester 




Hello,
I am getting this error with Apache Web Server and 
mod_ssl (2.8.3-1.3.19)
 
OpenSSL: error:1408B076:SSL 
routines:SSL3_GET_CLIENT_KEY_EXCHANGE:bad rsa decrypt
 
I get this error while testing my http server with 
"openssl s_client -connect localhost:443"
What is wrong ?
 
Anyone can help me to fix it ?
Thanks in advance 
 
 
Dario PresterP&T-TPD PAITALTEL SPALocalità Bivio 
Foresta  SS. 113Carini (PA) - ITALYtel. +39 091 8615 577fax. 
+39 091 8615 288e-mail: [EMAIL PROTECTED]

bad rsa decrypt

2001-12-03 Thread Dario Prester 




Hello,
I am getting this error with Apache Web Server and 
mod_ssl (2.8.3-1.3.19)
 
OpenSSL: error:1408B076:SSL 
routines:SSL3_GET_CLIENT_KEY_EXCHANGE:bad rsa decrypt
 
I get this error while testing my http server with 
"openssl s_client -connect localhost:443"
What is wrong ?
 
Anyone can help me to fix it ?
 
Dario PresterP&T-TPD PAITALTEL SPALocalità Bivio 
Foresta  SS. 113Carini (PA) - ITALYtel. +39 091 8615 577fax. 
+39 091 8615 288e-mail: [EMAIL PROTECTED]

Re: RSA Keys

2001-12-03 Thread Alexander Kuit 


On 03.12.2001 11:39:54 owner-openssl-users wrote:

>Hi
>
>Sorry for the resend.
>This is a resend with the complete encoding type.
>
>
>I am getting a file from a MS machine that contains an exported public
>key. This data appears to be binary data. It has been exported with the
>flag X509_ASN_ENCODING
>
>Trying to read the file with PEM_read_publickkey() does not appear to
>work. What is the correct function or other method to use to get this
>data into a RSA * struct or a EVP_PKEY structure. Preferably EVP_PKEY to
>add to a certificate.

PEM is the ascii version of the binary ASN/DER encoding, so PEM functions
won't work. To convert a binary (der) encoding into an internal OpenSSL
structure, use the d2i_* functions. In your case, probably the d2i_PublicKey()
or a similar function will do. See also the FAQ for more information
about the d2i_* functions.

Alex.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

IE5 on Mac - Security Problem

2001-12-03 Thread Donald MacLeod 

I've seen similar posts on the following topic here but as yet no solution.
I get "Security Failure: Data encryption error" using IE 5.0 on a Mac when I
attempt to connect to a secure server running openssl 0.9.6.a.

How do I configure the server to get round this?





__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: ssl-cert-HOWTO.txt for review

2001-12-03 Thread Vadim Fedukovich 

Andrew,

openssl is rather "mixer" than "generator" or random data.
No deterministic (ok, stable) program can make something random.
To make a random secret one need some input unavailable to attacker.
/dev/random is "internal" enough and could be quite a good one.

regards,
Vadim

On Mon, 3 Dec 2001, Andrew Finnell wrote:

>   If openssl can generate random data and spit it out in a file then
> why use a file to begin with? Can't openssl ( tool ) just generate its
> random data internally and use that? I think that's a lot safer than
> spitting it out to a file and prevents less problems with the random data
> getting deleted/viewed.
>
> - Andrew
>
> -
> Andrew T. Finnell
> Software Engineer
> eSecurity Inc
> (321) 394-2485
>
>
> > -Original Message-
> > From: Marcus Redivo [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, December 01, 2001 7:14 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: ssl-cert-HOWTO.txt for review
> >
> >
> > Hello Fiel,
> >
> > Thanks for the comments.
> >
> > At 10:45 AM 12/1/01 -0800, Fiel Cabral wrote:
> >
> > >My suggestion is to include info about the RANDFILE
> > >variable. I set RANDFILE=$HOME/.rnd in my environment
> > >and in the configuration file (the default value:
> > $ENV::HOME/.rnd). If
> > >.rnd doesn't exist, I just copy a file to it (usually a
> > binary file or
> > >a random-looking log file).
> >
> > I did not mention the RANDFILE, and in fact left it out of
> > the example configuration, because I was under the impression
> > that if I had /dev/*random I did not need it.
> >
> > If this is not true, could someone please correct me? Thanks.
> >
> > Now, the RANDFILE candidate. Using a binary or a log is
> > nowhere near random enough. Fortunately, openssl has a
> > command to create a better random file:
> >
> > # openssl rand -out $HOME/.rnd 1024
> >
> > (Don't send the output to your console unless you add the
> > -base64 switch, unless you like abstract art... ;) )
> >
> > BTW, I'm on the list now.
> >
> > Marcus Redivo
> >
> > The Binary Tool Foundry
> > PO Box 2087 Stn Main
> > Sidney BC Canada
> > mailto:[EMAIL PROTECTED]
> > http://www.binarytool.com
> >
> >
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
> >
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

REMOVE

2001-12-03 Thread Dutta, Sumanta 

REMOVE


--
This message is intended only for the personal and confidential use of the designated 
recipient(s) named above.  If you are not the intended recipient of this message you 
are hereby notified that any review, dissemination, distribution or copying of this 
message is strictly prohibited.  This communication is for information purposes only 
and should not be regarded as an offer to sell or as a solicitation of an offer to buy 
any financial product, an official confirmation of any transaction, or as an official 
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be secure or 
error-free.  Therefore, we do not represent that this information is complete or 
accurate and it should not be relied upon as such.  All information is subject to 
change without notice.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: ssl-cert-HOWTO.txt for review

2001-12-03 Thread Andrew Finnell 
Title: RE: ssl-cert-HOWTO.txt for review





    If openssl can generate random data and spit it out in a file then why use a file to begin with? Can't openssl ( tool ) just generate its random data internally and use that? I think that's a lot safer than spitting it out to a file and prevents less problems with the random data getting deleted/viewed. 

- Andrew


-
Andrew T. Finnell
Software Engineer
eSecurity Inc
(321) 394-2485 



> -Original Message-
> From: Marcus Redivo [mailto:[EMAIL PROTECTED]] 
> Sent: Saturday, December 01, 2001 7:14 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ssl-cert-HOWTO.txt for review
> 
> 
> Hello Fiel,
> 
> Thanks for the comments.
> 
> At 10:45 AM 12/1/01 -0800, Fiel Cabral wrote:
> 
> >My suggestion is to include info about the RANDFILE
> >variable. I set RANDFILE=$HOME/.rnd in my environment
> >and in the configuration file (the default value: 
> $ENV::HOME/.rnd). If 
> >.rnd doesn't exist, I just copy a file to it (usually a 
> binary file or 
> >a random-looking log file).
> 
> I did not mention the RANDFILE, and in fact left it out of 
> the example configuration, because I was under the impression 
> that if I had /dev/*random I did not need it.
> 
> If this is not true, could someone please correct me? Thanks.
> 
> Now, the RANDFILE candidate. Using a binary or a log is 
> nowhere near random enough. Fortunately, openssl has a 
> command to create a better random file:
> 
> # openssl rand -out $HOME/.rnd 1024
> 
> (Don't send the output to your console unless you add the 
> -base64 switch, unless you like abstract art... ;) )
> 
> BTW, I'm on the list now.
> 
> Marcus Redivo
> 
> The Binary Tool Foundry
> PO Box 2087 Stn Main
> Sidney BC Canada
> mailto:[EMAIL PROTECTED]
> http://www.binarytool.com
> 
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List    [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

Q about padding

2001-12-03 Thread Keresztfalvi Laszlo 


Gens,

I'm new to encryption and just thinking about an application using SSL to
communicate and also for data (file) encryption both by OpenSSL (of course :-)

I found the next paragraphs in the EVP doc
(http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#)


When decrypting the final block is checked to see if it has the correct
form. 

Although the decryption operation can produce an error if padding is
enabled, it is not a strong test that the input data or key is correct. A
random block has better than 1 in 256 chance of being of the correct format
and problems with the input data earlier on will not produce a final decrypt
error. 



Would you please tell me what exactly can be the problem with padding? 

I hope this does not mean that I cannot decrypt what I encrypt with the same
parameter (padding enabled). Does this mean that padding can be tricked too
easily or what?

Many thanks
Laszlo

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

REMOVE

2001-12-03 Thread Benoit Chausse 
Title: REMOVE





REMOVE

21ÊÀ¼ÍµÄÌØ´óÉÌ»ú

2001-12-03 Thread zhenye 

 
Èç¹ûÕâ·âÐÅÓ°Ïìµ½ÄúµÄ¹¤×÷£¬»òÕ¼ÓÃÁËÄúµÄʱ¼ä£¬¾ÍÇëÄúÁ¢¼´É¾³ý¡£Èç¹ûÄúÄܳé³öÒ»µãʱ¼äÀ´Á˽â21ÊÀ¼ÍµÄÌØ´óÉÌ»ú£¬¿ÉʹÄúºÍÄúµÄÆóÒµ´ïµ½³É¹¦µÄ¶¥·å£¬Ò»ÇÐÉúÃüµÄ½¡¿µ¿É³ÖÐø·¢Õ¹¶¼²»ÄÜÀ뿪µÄÊÂÒµ¡£Î人ÕñÒµ£¨EVERPURE£©ÒûË®É豸¿ª·¢ÓÐÏÞ¹«Ë¾ÏòÈ«¹ú¸÷µØ³ÏÕдúÀí¡¢¾­ÏúÉÌ¡£¸÷µØÇøÏÞ±¨Ò»Ãû£¬ÁãͶÈ룬Áã·çÏÕ£¬ÎÞÏ޻ر¨£¡

ÎÒÃÇÓÀÔ¶³Ðŵ£¬Èç¹ûÄãÄÜÔÚµØÇòÉÏÕÒµ½¾»Ë®ÄÜÁ¦³¬¹ýÕñÒµ¹«Ë¾EVERPUREÉúÒû»úµÄͬÀà²úÆ·£¬ÕñÒµ¹«Ë¾½«¸øÄã100ÍòÔªÈËÃñ±Ò£¡

Ò»¡¢ÉêÇë´úÀíÌõ¼þ£º
¡ñÉêÇëÈË»òÆóÒµ·¨ÈË´ú±í±ØÐë¾ß±¸Á¼ºÃµÄ×ÛºÏËØÖÊ¡£
¡ñ×Ô¾õ¡¢×ÔÔ¸½ÓÊÜË®ÎÄ»¯½ÌÓý£¬Ìá¸ßˮ֪ʶ¡£
¡ñÔÚËù´úÀíµØÇøÓй̶¨µÄ¾ÓסµØ¡¢¹Ì¶¨µç»°¡£

¶þ¡¢ÕñÒµEVERPUREÈ«ÇòÖªÃûÓû§£º
¡ñÈ«Çò²¨Òô747¡¢DC¿Í»úµÈ100¼ÒÒÔÉϺ½¿Õ¹«Ë¾¼°Êýǧ¼ÜÃñº½»úÉ϶¼ÓÐÕâÖÖÉ豸£» 
¡ñÈ«ÇòÂóµ±ÀÍ¡¢¿ÏµÂ»ù¡¢¿É¿Ú¿ÉÀÖ¡¢°ÙÊ¿ÉÀÖÕâЩÖøÃûµÄ²ÍÒûÒµºÍÒûÁÏÐÐÒµ£» 
¡ñ»¹ÓÐÈ«ÊÀ½çÖªÃû´óÆóÒµÈçÃÀ¹ú¶Å°î¹«Ë¾¡¢µÏ˹ÄáÀÖÔ°¡¢»¨»¨¹«×Ó¾ãÀÖ²¿µÈ£» 
¡ñÈ«Çò±ãÀûÉ̵ꡢʳƷ¹¤ÒµîÒÇæ¼°90%ÒÔÉÏ×Ô¶¯··Âô»úÒµÒ²¶¼ÊÇEVERPUREÖÒʵµÄÓû§£» 
¡ñÃÀ¹ú½¡¢º£¡¢¿ÕÈý¾üºÍÃÀ¹úº£ÉÏ·þÒÛµÄÿËÒ½¢Í§ÉÏ£¬ÉõÖÁÔÚÃÀ¹ú×ÜͳµÄ×ù»ú¿Õ¾üÒ»ºÅÉ϶¼Å䱸ÁËEVERPUREÉúÒû»ú¡£
 
¡ñÎÞÊýÁìµ¼ÐÔ¹¤ÉÌÆóÒµÒÔ¼°Å·ÃÀÈÕǧÍò¸ö¼ÒÍ¥Óû§Ò²¶¼¹ã·ºÊ¹ÓÃEVERPUREÉúÒû»ú¡£

Èý¡¢²úÆ·ÌØÉ«£º
Òý½øÃÀ¹úEVERPURE¹«Ë¾¸ß¼¼ÊõÖÕ¶ËË®´¦Àí¼¼Êõ£¬ÈÙ»ñÃÀ¹ú¹ú¼Ò×î¸ßÎÀÉú±ê×¼ºÍ×î¸ßÒûË®±ê×¼¡£ 
EVERPUREÉúÒû»úͬʱҲ±»ÃÀ¹ú¹ú¼ÒÎÀÉú»ù½ð»áÆÀ¶¨µÚÒ»¼¶³¬¾«ÃÜÉúÒûÓÃË®É豸¡£

ÕñÒµ¹«Ë¾ÒѾ­Ôì¾ÍÁËÊ®¼¸Î»°ÙÍò¸»ÎÌ£¬ÏÂÒ»¸ö¾ÍµÈÄãÁË¡£
  
   ´ËÖÂ
¾´Àñ

   ÕñÒµEVERPUREµç×ÓÉÌÎñ²¿
   ÍøÕ¾£º http://www.china-everpure.com
   µç×ÓÐÅÏ䣺 [EMAIL PROTECTED]
   µç»°£º027-86796627
   ´«Õ棺027-86775406

ͬʱ£¬ÕñÒµ.µç×ÓÉÌÎñ²¿Ê×ÅúÌرðÍƳö£º

1¡¢¸÷ÐÐÒµÓʼþµØÖ·ÁÐ±í£¨6000ÍòµÄÓʼþµØÖ·Êý¾Ý¿â£©£«¸ßËÙÓʼþȺ·¢Èí¼þÌײͣ¬²¢Äܸù¾ÝÄúµÄÐèÒªÌṩ¸÷ÖÖ²»Í¬µÄÓʼþµØÖ·ÁÐ±í¡£
2¡¢ÎªÄúÌṩ¿í´ø£¨10M£©ÉÌÎñÐÅÏ¢´úÀí·¢²¼·þÎñ£¬¿ÉÒÔ°´ÄúµÄÐèÒª½«Ö¸¶¨µÄÄÚÈÝ·¢²¼µ½¸÷ÆóÒµ¡¢¸öÈËÓÊÏä¡£
3¡¢Ìṩ"Ò»´Î¹ºÂò£¬ÖÕÉúÉý¼¶"£¬²»¶ÏΪÄú¹ºÂòµÄÓʼþµØÖ·ÌṩÉý¼¶¡¢¸üС£

   ÎÒÃÇÓµÓÐ6000ÍòµÄÓʼþµØÖ·Êý¾Ý¿â£¬ÎÒÃǽ«ÎªÄúÌṩ×îÓÅÖʵķþÎñ£¡
ÐÐÒµ·ÖÀ฽±í£º
Ò»¡¢¹ú¼Ò»ú¹Ø£¨332Íò£©
1¡¢ÈË´óίԱ»á  2¡¢ÈËÃñÕþ¸®  3¡¢·¨Ôº   4¡¢¼ì²ìÔº  5¡¢Ïû·À  6¡¢¹«°²  7¡¢¹¤ÉÌ
8¡¢Ë°Îñ  9¡¢¹úÍÁ¾Ö  10¡¢³Ç½¨  11¡¢¹æ»®¾Ö  12¡¢»·ÎÀ  13¡¢¼ìÒß  14¡¢ÓÊÕþ  15¡¢µçÐÅ  
16¡¢ÌúµÀ  17¡¢²ÆÕþ¾Ö  18¡¢ÈËÊÂ¾Ö  19¡¢ÀͶ¯¾Ö  20¡¢Ë®Àû  21¡¢Éó¼Æ  22¡¢²¿¶Ó  23¡¢º£¹Ø

¶þ¡¢Õþµ³»ú¹Ø£¨1Íò£©
1¡¢Öйú¹²²úµ³  2¡¢ÃñÖ÷µ³ÅÉ  3¡¢ÕþЭ

Èý¡¢Éç»áÍÅÌ壨311Íò£©
1¡¢¹¤»á  2¡¢¹²ÇàÍÅ¡¢ÇàÁª¡¢Ñ§Áª  3¡¢¸¾Áª  4¡¢ÎÄÁª  5¡¢²ÐÁª  6¡¢¹¤ÉÌÁª  7¡¢Ð­»á  8¡¢Ñ§»á 
 9¡¢ºìÊ®×Ö»á  10¡¢»ù½ð»á  11¡¢¹ØÐÄÏÂÒ»´úЭ»á  12¡¢ÀÏÁäίԱ»á  13¡¢×Ú½ÌÍÅÌå  
14¡¢Éç»áÍÅÌå

ËÄ¡¢ÊÂÒµÐÔµ¥Î»£¨874Íò£©
1¡¢Ñ§Ð£  2¡¢Ò½Ôº  3¡¢ÊÂÎñËù  4¡¢Íâó  5¡¢¼¼Êõ¼à¶½¾Ö  6¡¢×ʲúÆÀ¹À  7¡¢½Ìί
8¡¢±£°²  9¡¢¿ÆÑÐËù  10¡¢Ô°ÒÕ  11¡¢µç̨  12¡¢µçÊǪ́  13¡¢³ö°æ¾Ö  14¡¢±¨Éç
15¡¢ÖÆƬ³§  16¡¢ÖÐ½é  17¡¢¹«Ö¤

Îå¡¢ÆóÒµ£¨¹«Ë¾£©£¨3464Íò£©
1¡¢»úе É豸  2¡¢½¨Öþ ½¨²Ä ×°ÊÎ  3¡¢Îå½ð  4¡¢µç×Ó  5¡¢¼ÆËã»ú 6¡¢»¥ÁªÍø 7¡¢·ÄÖ¯  
8¡¢»¯¹¤  9¡¢¼Òµç  10¡¢·þ×°  11¡¢·¿µØ²ú  12¡¢ÎïÒµ  13¡¢Ó¡Ë¢  14¡¢½ø³ö¿Ú  15¡¢Ê³Æ·  
16¡¢ÒûÁÏ  17¡¢²ÄÁÏ 18¡¢Í¨ÐÅ 19¡¢É̳¡  ³¬ÊÐ 20¡¢°ì¹«É豸  ÎÄ¾ß  21¡¢°ü×°  22¡¢±ö¹Ý  
·¹µê  ¾Æµê  23¡¢³ö°æ  24¡¢¿±Ì½ ²â»æ  25¡¢²ÍÒû  26¡¢Ð¬ ñ  27¡¢º½Ìì º½¿Õ  28¡¢¹¤ÒµÓÃÆ·  
29¡¢»áÒé Õ¹ÀÀ  30¡¢¼Ò¾ß  31¡¢½»Í¨ ÔËÊä  32¡¢¿ó²ú Ò±½ð ½ðÊô¼Ó¹¤  33¡¢ÂÃÐÐÉç ÂÃÓÎ  
34¡¢Å© ÁÖ ÄÁ Óã  35¡¢Æû³µ ĦÍгµ  36¡¢ÇṤ ÊÖ¹¤  37¡¢Çå½à  38¡¢Éç»á·þÎñ  39¡¢Ë®µç ¹©ÈÈ 
 40¡¢Êéµê  41¡¢ÑÌ  42¡¢¾Æ  43¡¢Ò½Ò© ±£½¡  44¡¢ÒÇÆ÷ ÒÇ±í  45¡¢ÒôÏì  46¡¢ÒôÏñ  47¡¢ÔìÖ½ 
Ö½ÖÆÆ·  48¡¢ÉúÎï¼¼Êõ ÉúÎ﹤³Ì  49¡¢Ê¯ÓÍ ÌìÈ»Æø  50¡¢µç×ÓÉÌÎñ  51¡¢ÓéÀÖ  52¡¢ÈÕÓÃÆ· 
Éú»îÓÃÆ·  53¡¢ÖÆÔì  54¡¢ËÜÁÏ Ëܽº

Áù¡¢½ðÈÚ£¨1018Íò£©
1¡¢ÒøÐÐ  2¡¢Ö¤È¯  3¡¢Í¶×ʹ«Ë¾  3¡¢ÅÄÂô  4¡¢ÐÅÍÐ  5¡¢±£ÏÕ  7¡¢·¿µØ²ú  8¡¢ÆóÒµ¹ÜÀí  
9¡¢¹ã¸æ  10¡¢È˲ŠÕÐƸ ÁÔÍ·  11¡¢´úÀí
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[no subject]

2001-12-03 Thread charaf . echchatbi 

Hello everybody,

  I use now openssl library for implement a protocol over ssl. for test it I
want to create a certificate Authority CA(root), an other CA called(CA Member)
signed by Root certificate and a certificate for a user(Allan) as client.

  My protocol use a connection ssl between a client and a server. The server
require a client's certificate and vice-versa. the trusted party is the CA
Member.
  
 My problem is :

 Do necessary to be a root for creating a root CA? if yes how to do so?

 How do create a member CA signed by root certificate?

 Thank you for your help.

 CHaraf from Lausanna.
 Switzerland.
   

-
This mail sent through IMP: imapwww.epfl.ch
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: ssl connection from Eudora or Outlook

2001-12-03 Thread Lutz Jaenicke 

On Sat, Dec 01, 2001 at 12:05:43AM -0800, Edgar Hodge wrote:
> I have a ssl connection problem and would like to know if anyone out there 
> can assist with resolving the problem.
> 
> I am using stunnel/ssl to connect on port 995 (Unix Solaris 8.0) from a 
> Windows machine running Eudora 5.1.
> 
> Upon trying to connect from the Eudora client to check my mail, I get the 
> following error:
> 
> Logging into POP Server,
> SSL Negotiation Failed: You have configured this personality/protocol to 
> reject any exchange key lengths below 0. , But the negotiated exchange key 
> length is -1.  Hence this established secure channel is 
> unacceptable.  Connection will be dropped.  Cause: (-6992)
> 
> If I use the openssl client to connect with the following command from the 
> Unix Prompt:
> 
> #openssl s_client -connect localhost:995
> 
> I get the following error message: CONNECTED(0003)
> write:errno=131

My HP-UX box does not offer errno=131...

Anyway: your problem seems to be at the server side. Please check out
the logs of stunnel...

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]