Remove

[Mark E. Schoneman]

Remove

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Saturday, February 19, 2000 12:54 PM
Subject: Subprime into A Paper in SIX Months ! !



Dear Professional,

More individuals today are being told they don't qualify
for the lowest interest rates available.  Some can't even 
get their career started.  All this because of bad credit!

Late Payments   Repossessions   Child Support
ForeclosuresJudgments   Student Loans
Tax Liens   BankruptciesEvictions

Now there is a solution!

We provide a service that may be the solution for a 
potential client, or anyone who wants the advantage of 
having a clean credit rating and improved FICO SCORE! 

Credit Bureaus are notified by us to comply 
with the law set by the FTC.  If Credit Bureaus don't, 
the negative entry is DELETED!  PERMANENTLY!  Guaranteed 
in Writing!

110% Money-back Guarantee

If we do not improve the credit report, 
the client receives 110% of his fee repaid.  Not a 
single client has ever asked for their money back!  

We have repaired 50,000+ credit reports with 
100% success over the past 10 years!

Help your business explode!  Give your client the 
advantages of the most advanced and effective consumer 
program in America today.  Hundreds or even thousands 
of dollars could be potentially saved.  

Although we have been in business for over 
twelve years, three years ago we began aggressively 
expanding nationwide and are currently in the process 
of going international seeking qualified associates 
such as yourself to provide this great service.  

I extend to you an offer to take part in helping 
families get a fresh start. The potential for growth 
is exponential!  Many professionals have already seen 
the value of this great service and currently are 
servicing the clients themselves for more return business.

I welcome your phone call.  Or you can email me your number
and I'll call you.  We need to talk.  

Regards,

Donna Rojas
mailto:[EMAIL PROTECTED] 
909-949-6012

===
To be removed from future mailings reply to this email.
Under Bill s.1618 TITLE III passed by the 105th U.S. Congress
this letter can not be considered spam as long as we include:
Contact information & a Remove Link (email address)
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: creating client cert for IE

[Niels Poppe]

Donny AH wrote:
> 
> I have read the instruction how to create client certification in
> "Introducing SSL and Certificates using SSLeay", but there is only sample
> page for Netscape, and there is no sample for Internet Explorer
> 
> Is there anybody can help me to show or give me a sample page to create
> client certification for Internet Explorer (AFAIK it must contain java
> script)
> 
There is a clear example at:
http://www.ultranet.com/~fhirsch/Papers/cook/ssl_msclient_certs.html

However, this uses the old certenroll.dll which is said to produce
some nonstandard data that needs to be handled with now-almost-obsolete
openssl ca switches ... (-msie_hack  and -preserveDN).

Someone willing to share an example with Xenroll.dll?
-- 
Niels Poppe - org.net bv <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

broken pipe

[Osvaldo Brito]

> Hello sr. Richard Levitte,
> 
> I'm testing a https connection and a warning message came in the browser
> telling that the server is demanding a personal certificate (and i don't 
> have), and the server may choose to close the connection. How can i define
> a personal certificate? Is that by the same method that i did to make a
> server certificate and then export to the browser (personal-cert.crt)?
> 
> 
> Thanks in advance.
> 
>Osvaldo Brito
> 
> ---\  [EMAIL PROTECTED] 
> ---/   [EMAIL PROTECTED]   
 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

SSL

[Webmaster]

I downloaded all the packages required for mod_ssl and openssl.  I also went through 
all the steps exactly shown in the install docs.  I run into compile errors and I am 
unable to install openssl into Apache.   I have the latest releases of everything 
needed.  I just can not figure this out.  I have been playing with it for over 2 weeks 
now.  Is there a simple way to add it to apache?  I am completely lost here...

Thanks in advance
Mike Kirkpatrick

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compile Problems With .94

[Spencer Preston - Contractor x6354]

Tom,

My experience has been that it is helpful to perform a "make clean" before
attempting to any builds. I have encountered "strange" errors when re-building
in the same space as a previous build. Performing the clean seems to alleviate
these errors.

Hope this helps.


> Date: Fri, 25 Feb 2000 15:28:03 -0500
> From: Tom Schaefer <[EMAIL PROTECTED]>
> X-Accept-Language: en
> Mime-Version: 1.0
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Compile Problems With .94
> X-Sender: Tom Schaefer <[EMAIL PROTECTED]>
> X-List-Manager: OpenSSL Majordomo [version 1.94.4]
> X-List-Name: openssl-users
> 
> OK, what am I doing wrong.
> 
> I've been successful on some systems, but it fails on others, and I
> really have no clue as to why.
> 
> I run everything the way you show in the docs, but it fails. Now it
> seems to be failing more than not, and I don't know what's missing from
> my system, i.e. some sort of lib file or what in order to make your
> software compile properly.
> 
> I invoked:
> 
> fw:/usr/src/openssl-0.9.4 # make
> -I/usr/src/openssl-0.9.4/include/openssl
> 
> It seems to make it all the way through, but towards the end, we this:
> 
> make[1]: Entering directory `/usr/src/openssl-0.9.4/apps'
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c verify.c -o verify.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c asn1pars.c -o asn1pars.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c req.c -o req.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c dgst.c -o dgst.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c dh.c -o dh.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c enc.c -o enc.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c gendh.c -o gendh.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c errstr.c -o errstr.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c ca.c -o ca.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c pkcs7.c -o pkcs7.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c crl2p7.c -o crl2p7.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c crl.c -o crl.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c rsa.c -o rsa.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c dsa.c -o dsa.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c dsaparam.c -o dsaparam.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c x509.c -o x509.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c genrsa.c -o genrsa.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c gendsa.c -o gendsa.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c s_server.c -o s_server.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c s_client.c -o s_client.o
> gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK
> -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM
> -DRMD160_ASM   -c speed.c -o speed.o
> gcc -DMONOLITH -I../include -DTHREA

OpenSSL - Frequently Asked Questions

[Ulf Moeller]

OpenSSL  -  Frequently Asked Questions
--

* Which is the current version of OpenSSL?
* Where is the documentation?
* How can I contact the OpenSSL developers?
* Do I need patent licenses to use OpenSSL?
* Is OpenSSL thread-safe?
* Why do I get a "PRNG not seeded" error message?
* Why does the linker complain about undefined symbols?
* Where can I get a compiled version of OpenSSL?


* Which is the current version of OpenSSL?

The current version is available from http://www.openssl.org>.
OpenSSL 0.9.5 was released on February 28th, 2000.

In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.


* Where is the documentation?

OpenSSL is a library that provides cryptographic functionality to
applications such as secure web servers.  Be sure to read the
documentation of the application you want to use.  The INSTALL file
explains how to install this library.

OpenSSL includes a command line utility that can be used to perform a
variety of cryptographic functions.  It is described in the openssl(1)
manpage.  Documentation for developers is currently being written.  A
few manual pages already are available; overviews over libcrypto and
libssl are given in the crypto(3) and ssl(3) manpages.

The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
different directory if you specified one as described in INSTALL).
In addition, you can read the most current versions at
http://www.openssl.org/docs/>.

For information on parts of libcrypto that are not yet documented, you
might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
predecessor, at http://www.columbia.edu/~ariel/ssleay/>.  Much
of this still applies to OpenSSL.

There is some documentation about certificate extensions and PKCS#12
in doc/openssl.txt

The original SSLeay documentation is included in OpenSSL as
doc/ssleay.txt.  It may be useful when none of the other resources
help, but please note that it reflects the obsolete version SSLeay
0.6.6.


* How can I contact the OpenSSL developers?

The README file describes how to submit bug reports and patches to
OpenSSL.  Information on the OpenSSL mailing lists is available from
http://www.openssl.org>.


* Do I need patent licenses to use OpenSSL?

The patents section of the README file lists patents that may apply to
you if you want to use OpenSSL.  For information on intellectual
property rights, please consult a lawyer.  The OpenSSL team does not
offer legal advice.

You can configure OpenSSL so as not to use RC5 and IDEA by using
 ./config no-rc5 no-idea

Until the RSA patent expires, U.S. users may want to use
 ./config no-rc5 no-idea no-rsa

Please note that you will *not* be able to communicate with most of
the popular web browsers without RSA support.


* Is OpenSSL thread-safe?

Yes.  On Windows and many Unix systems, OpenSSL automatically uses the
multi-threaded versions of the standard libraries.  If your platform
is not one of these, consult the INSTALL file.

Multi-threaded applications must provide two callback functions to
OpenSSL.  This is described in the threads(3) manpage.


* Why do I get a "PRNG not seeded" error message?

Cryptographic software needs a source of unpredictable data to work
correctly.  Many open source operating systems provide a "randomness
device" that serves this purpose.  On other systems, applications have
to call the RAND_add() or RAND_seed() function with appropriate data
before generating keys or performing public key encryption.

Some broken applications do not do this.  As of version 0.9.5, the
OpenSSL functions that need randomness report an error if the random
number generator has not been seeded with at least 128 bits of
randomness.  If this error occurs, please contact the author of the
application you are using.  It is likely that it never worked
correctly.  OpenSSL 0.9.5 makes the error visible by refusing to
perform potentially insecure encryption.


* Why does the linker complain about undefined symbols?

Maybe the compilation was interrupted, and make doesn't notice that
something is missing.  Run "make clean; make".

If you used ./Configure instead of ./config, make sure that you
selected the right target.  File formats may differ slightly between
OS versions (for example sparcv8/sparcv9, or a.out/elf).

If that doesn't help, you may want to try using the current snapshot.
If the problem persists, please submit a bug report.


* Where can I get a compiled version of OpenSSL?

Some applications that use OpenSSL are distributed in binary form.
When using such an application, you don't need to install OpenSSL
yourself; the application will include the required parts (e.g. DLLs).

If you want to install OpenSSL on a Windows system and you don't have
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
on how to obtain and install the free GNU C com

Re: get netscape internal pkcs#11 module

[Dr Stephen Henson]

Osvaldo Brito wrote:
> 
> Hi,
> 
> I want to export a certificate to a netscape browser.
> I converted the user certificate file (*.crt) in a pkcs#12 file (*.p12).
> But when i go to the security info dialog box in the browser, in
> crytographic modules i just see the netscape internal pkcs#11 module.
> 
> And the browser cannot connect to the server, because in the handshake
> process the server cannot get the client certificate. I think that the
> solution is to add the pkcs#12 to the browser. Where can i find that
> module, and am i in the right clue?
> 

Security->Yours->Import a Certificate.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Global Server ID for Apache!

[vijay karthik]

Hi !

i am trying to order a Global Server ID from
verisign for apache openssl. The site does not
list apache as supported list of servers. and
without selecting one of the suported servers
i cannot get the GSID.

Can someone tell me how i can get GSID for
apache openssl ?

thanks
Vijay
__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Help me!

[quanghai]

You can use Winzip to extract zipped file. There is a Readme file on the directory, follow instructions there, you can compile OpenSSL in WinNT. The output file will be OpenSSL in out32dll directory.
Consider ActivePerl as a compiler to run a Batch file (you know that OpenSSL is mainly inteded for Unix, so Perl is a kind of Batch file on this environment)






"tinhocvdc3" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
04/28/2000 03:29 AM
Please respond to openssl-users

        
        To:        <[EMAIL PROTECTED]>
        cc:        
        Subject:        Help me!
Where I can download and how install OpenSSL, Crypt-SSLeay for use ActivePerl on WinNT4.0.
Which unzip tool can use to unzip files .tar.gz. I've been downloaded openssl-0.9.4.tar.gz but I can't unzip this file on WinNT4.0.
Please show me! Thanks.

Anyone signed M$ Exchange *.req certs?

[Jason Haar]

Says it all really. Our Qmail SMTP servers support the ESMTP TLS extension
and I want our Exchange 5.5 server to be able to interact with them with
encryption. I have used the keygen.exe to generate a cert request, but
openssl doesn't seem to know what format it is.

Can someone tell me how to sign that with openssl, and how to convert that
into a signed-cert Exchange would import?

Thanks

-- 
Cheers

Jason Haar

Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
   
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

openssl.cnf

[David aka SpanskA]

Hi,
   I need help with the file openssl.cnf. In Internet Explorer, it seems my 
certificate don't have anything in the fields Friendly Name and Enhanced Key 
Usage. I'd like to know how I could fill those fields with what I want. I 
need help as soon as possible please.


Thank you!


David.
__
Get Your Private, Free Email at http://www.hotmail.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Global Server ID for Apache!

[Merton Campbell Crockett]

State that you are using Stronghold which is in the list of supported
servers.

Merton Campbell Crockett



On Mon, 28 Feb 2000, vijay karthik wrote:

> Hi !
> 
> i am trying to order a Global Server ID from
> verisign for apache openssl. The site does not
> list apache as supported list of servers. and
> without selecting one of the suported servers
> i cannot get the GSID.
> 
> Can someone tell me how i can get GSID for
> apache openssl ?
> 
> thanks
> Vijay
> __
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: broken pipe

[hazel Gao]

For netscape browsers:

1. The first step:
>define a personal certificate? Is that by the same
method
> that i did to make a
> > server certificate and 
2. combine the certificate , the corresponding key and
CA's certificate together to a *.p12 form,
>then export to the browser
> (personal-cert.crt)?
> > 
> > 
Hazel
__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: We plant the seed, nature grows the seed

[Jason Stanford]

Can I assume, from the subject line, that you're a fan of "The Young Ones"?


Adam Dennis wrote:
> 
> Hello,
> 
> I'm installing OpenSSL 0.9.5beta2 with Mod_ssl 2.6.0 and
> Apache_1.3.12 on an Apple G3 running Rhapsody 5.5 (Mac OS X) and I'm
> almost finished but...
> When I run 'make certificate' just before the Apache 'make install'
> (after Openssl and Mod_ssl have been configured successfully and
> after a successful make on Apache) I get the following error:
> 
> Verifying password - Enter PEM pass phrase:
> unable to write key
> 1366:error:24064064:random number generator:SSLEAY_RAND_BYTES:prng
> not seeded:md
> _rand.c:470:
> mkcert.sh:Error: Failed to encrypt RSA private key
> make[1]: *** [certificate] Error 1
> 
> How do I seed the pseudo rand num gen??
> 
> thanks in advance
> 
> adam dennis
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Win32 Mail Server + SSL

[Lenya Khachaturov]

Hello,

I'm currently looking for a Win32 POP3/SMTP server supporting SSL.
Anybody knows such?

-- 
Best regards,
 Lenya  mailto:[EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

crl check

[hazel Gao]

Does openssl-0.9.5 support crl check when verifying a
client certificate for SSL connections?

Hazel
__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compile Problems With .94 SUCCESS

[Tom Schaefer]

SUCCESS - Re: no-asm

Richard Levitte - VMS Whacker wrote:

> From the look of your log file, something seems to have gone very
> wrong when most of the crypto stuff was compiled.  This is just a
> guess, since you decided to show us only the end of the log, which
> made at least me dearly miss the rest, which may have been relevant as
> well.
>
> One thing you could try (and this is written in the docs) is
> configuring OpenSSL with "no-asm" and see if that makes a different.
>

THAT WORKED!!! Thanks I only hope that 'no-asm'  did not affect the
integrity of the build though. How do we know?

> Then there's one thing I fail to understand:
>
> netd> fw:/usr/src/openssl-0.9.4 # make
> netd> -I/usr/src/openssl-0.9.4/include/openssl
>
> What does that -I thingy do there?
>

They said I could do that in the docs, I = inlcude


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compile Problems With .94 SUCCESS

[Richard Levitte - VMS Whacker]

netd> > One thing you could try (and this is written in the docs) is
netd> > configuring OpenSSL with "no-asm" and see if that makes a different.
netd> >
netd> 
netd> THAT WORKED!!! Thanks I only hope that 'no-asm'  did not affect the
netd> integrity of the build though. How do we know?

All it does is to avoid using the special assembler implementations of
some core routines.  The basic C implementation is then used instead.
The assembler routines are supposed to be more optimal, but it's known
that it doesn't always work.  That's why the no-asm optoin is there.
However, we did expect to get errors directly from the assembler
rather than from the linker later on...

netd> > Then there's one thing I fail to understand:
netd> >
netd> > netd> fw:/usr/src/openssl-0.9.4 # make
netd> > netd> -I/usr/src/openssl-0.9.4/include/openssl
netd> >
netd> > What does that -I thingy do there?
netd> 
netd> They said I could do that in the docs, I = inlcude

In the "* COMPILING existing applications", I assume.  That doesn't
have anything to do with building OpenSSL itself, it's about how other
applications that use OpenSSL should be built.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
   Member of the OpenSSL development team

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compile Problems With .94

[Richard Levitte - VMS Whacker]

OK, I'll admit it, your screams caught my attention.  However, my
respect for someone with the name Tom Schaefer got lowered by it.

I'll still make an attempt at a response.

>From the look of your log file, something seems to have gone very
wrong when most of the crypto stuff was compiled.  This is just a
guess, since you decided to show us only the end of the log, which
made at least me dearly miss the rest, which may have been relevant as
well.

One thing you could try (and this is written in the docs) is
configuring OpenSSL with "no-asm" and see if that makes a different.

Then there's one thing I fail to understand:

netd> fw:/usr/src/openssl-0.9.4 # make
netd> -I/usr/src/openssl-0.9.4/include/openssl

What does that -I thingy do there?

Also, it might be a good idea if you mentioned what system that
heppened on, version, version of compiler, and all other kind of
information that might be useful to help use help you.

I hope that further communications with you will be less screamy in
the future, and that you might understand that we already deal with
the occasional deluge of messages from all over the world, that what
we do is driven by voluntary (and at least directly unpaid) forces,
with all that entails (sp?).  I hope for a future of mutual
understanding and respect.

Thanks very much for your attention.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
   Member of the OpenSSL development team

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

using user certificate problem

[Osvaldo Brito]

Hi,

I'm configuring a apache mod_ssl web server.
I've a user.p12 file imported into the netscape browser. (I've made
the user.p12 with openssl pkcs12 -export -in user.crt -name "My user
certificate" -out user.p12 -clcerts -info -des3 -inkey user.key).

When i try to connect to the server i get error message on the netscape:
A network error ocurred while ntscape was receiving data. (Network Error: 
broken pipe).

At the some time i got this on the error_log file:

[error] mod_ssl: Certificate Verification: Error (20):unable to get local
issuer certificate

[error] mod_ssl: SSL handshake failed (server www.laplace.inesc.pt:443,
client 146.193.24.118) (OpenSSL library error follows)

[error] OpenSSL: error: 14089B2:SSL routines:SSL_GET_CLIENT_CERTIFICATE:
no certificate returned


Any help?



Thanks in advance.

   Osvaldo Brito

---\  [EMAIL PROTECTED] 
---/   [EMAIL PROTECTED]   


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

get netscape internal pkcs#11 module

[Osvaldo Brito]

Hi,

I want to export a certificate to a netscape browser.
I converted the user certificate file (*.crt) in a pkcs#12 file (*.p12).
But when i go to the security info dialog box in the browser, in
crytographic modules i just see the netscape internal pkcs#11 module.

And the browser cannot connect to the server, because in the handshake
process the server cannot get the client certificate. I think that the
solution is to add the pkcs#12 to the browser. Where can i find that
module, and am i in the right clue?


Thanks in advance.
 


   Osvaldo Brito

---\  [EMAIL PROTECTED] 
---/   [EMAIL PROTECTED]   


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]