[openssl.org #36] [±¤°í]ÈÀåÇ° Àü¿ë º¸°üÇÔ ³ÃÀå°í~~
HTML HEAD META NAME=GENERATOR Content=Microsoft DHTML Editing Control TITLE/TITLE /HEAD BODY P align=centerA href=http://www.seven21.biz;IMG align=baseline alt= border=0 hspace=0 src=http://www.seven21.biz/images/noname3_0001.gif;/ABRÁ¤º¸Åë½Å¸Á ÀÌ¿ëÃËÁø ¹× Á¤º¸ º¸È£ µî¿¡ °üÇÑ ¹ý·ü Á¦ 50Á¶¿¡ ÀÇ°ÅÇÑ [±¤°í]¸ÞÀÏÀÔ´Ï´Ù.BRº»¸ÞÀÏÀº °ø°³µÈ ÀÚ·áÁß¿¡¼ ¸ÞÀÏ ÁÖ¼Ò¸¦ ¹ßÃéÇÑ °ÍÀÔ´Ï´Ù.BR°í°´ÀÇ ¸ÞÀÏ ÁÖ¼Ò ÀÌ¿ÜÀÇ ¾î¶°ÇÑ ÀÚ·áµµ °®°í ÀÖÁö ¾Ê½À´Ï´Ù.BR¼ö½Å °ÅºÎ ÇϽðíÀÚ ÇÏ´Â °æ¿ì¿¡´Â ¾Æ·¡ ¼ö½Å °ÅºÎ¸¦ Ŭ¸¯ ÇÏ¿© ÁֽøéBR´Ù½Ã º¸³»Áö ¾Ê°Ú½À´Ï´Ù. °¨»çÇÕ´Ï´Ù.BRA href=mailto:[EMAIL PROTECTED];¼ö½Å°ÅºÎ/A/P /BODY /HTML __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #36] ...
Obviously the proposed expression to catch junk like this for postfix
is not good enough:
/[^[:print:]]{8}/ REJECT Your mailer is not RFC 2047 compliant
I'll have to work on more restrictive options :-(
For now I have disabled
OnCreate NotifyRequestorsAndCcs with template Correspondence
so that new entries are no longer forwarded to the list.
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Subject Alternative Name : openssl and RFC 2459
Title: Subject Alternative Name : openssl and RFC 2459
Hi
I Have read RFC 2459 about Subject Alternative Name. This Subject Alternative Name is defined in this way :
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
SubjectAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER}
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString OPTIONAL,
partyName [1] DirectoryString }
But, openssl supports (only) the following GeneralName :
rfc822Name, dNSName, uniformResourceIdentifier, iPAddress, registeredID
Why theses restrictions?
Thank you very much
[openssl.org #37] Server-Client (SSL nonSSL)
[[EMAIL PROTECTED] - Wed May 15 13:25:14 2002]: Hi! i use Your project in my Client-Server project. For example, my Server calls BIO functions to use opened socket for handshaking , after that init_ssl_connection and everything works fine. But what will happen if i'll try to use client without SSL stuff ? My task is create SSL Server which can work with SSL Client and NonSSL Client. Is there any possibilities to do this using Your SSL API ? P.S. I suppose i can't because in source i found: #define readsocket(s,b,n) recv((s),(b),(n),0) it seems You don't work with MSG_PEEK or something like that. Best regards, Anatoly. I am not sure that I understand your request. If you mean, that you would like to use the same code on the server side: you can also use the BIO layer without any encryption, it is just the initialization that is different. Best regards, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
question
Hi Mrs I am a PHD and i need some informations to see the costs of the cryptographics loads in WTLS. Is there any benchmark to compte the delay of RSA certificate encryption SHA-1, and DES (in a palm pilot) have you a benchmark also for the fixed network with RSA 512? if not: It is possible to know the nombre of operations to generate a certificate a public/private key 1024 or 512? if it's possible to know the nombre of operations to encrypte/decrypte x octets with RSA algorithm? please help me thank you very much Badra
Re: Subject Alternative Name : openssl and RFC 2459
On Wed, May 15, 2002, CAMUS Sylvie FTRD/DTL/ISS wrote:
Hi
I Have read RFC 2459 about Subject Alternative Name. This Subject
Alternative Name is defined in this way :
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
SubjectAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName[5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID[8] OBJECT IDENTIFIER}
OtherName ::= SEQUENCE {
type-idOBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
EDIPartyName ::= SEQUENCE {
nameAssigner[0] DirectoryString OPTIONAL,
partyName [1] DirectoryString }
But, openssl supports (only) the following GeneralName :
rfc822Name, dNSName, uniformResourceIdentifier, iPAddress, registeredID
Why theses restrictions?
OpenSSL will parse and encode any of these.
It will however only display or generate the ones you mention.
This is for several reasons.
EDIPartyName, no real reason other than no one has wanted it.
OtherName is general purpose and is hard to handler generally,
though future versions of OpenSSL may handle simple string and
allow application to provide support for other forms based on
the type-id OID.
ORAddress: here be dragons!
Anyone unsure of the reason for that comment should have a look
at the definition of ORAddress...
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
