SMIME Api of OpenSSL
Hi Is it possible to process (parse and compile) simple mail text with one or more attachments using the current S/MIME API of OpenSSL? Thanks in advance Rene __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Stop the listserver!
David, Please send me this good procmail rule. Tx, Paul David Ford wrote: > > A good procmail rule strongly limits the damage done with broken servers or > clients. > > -d -- ** * Paul HaskellInternet E-Mail: [EMAIL PROTECTED] * * EDS - Federal Voice: 703-845-3080 * * Health Care & Logistics Solutions Pager: 800-533-6605 * * 5113 Leesburg Pike, Suite 300FAX: 703-845-3099 * * Falls Church, Virginia 22041 https://www.med.osd.mil * ** "Contrary to popular opinion, Unix is very user friendly, it just happens to be selective about who it makes friends with." __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openSSL+IE5.0 on macintosh
hello. I had/have the identical problem when running my server using OSSL on Linux RH and accessing it from a Mac, I didnt investigate it further due to lack of time, but Id be interested if you find out what the problem is. /Douglas Nick De Roeck wrote: > > Hi, > > Can somebody help me out with the following problem. > > I'm developing an openSSL enabled webserver running on MacOS. The > certificate (and key) I use for the server are self-generated. Now, > Netscape (either mac or pc) and Explorer (on PC) seem to reckognise > the fact, when connecting to my server, that they need to get the > certificate form the server. > The user is prompted with the question to allow/disallow. > > However, Explorer on Mac (tested 4 & 5) just stalls and doesn't make > a connection at all. Moreover my server reports a failure in > accepting the incoming connection. > > Anyone a bright idea ? What am I doing wrong ? > > many greetings, > > nick. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -- Douglas Wikström <[EMAIL PROTECTED]> -- Yes, God created Man before Woman, but one always makes a draft before the masterpiece. -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openSSL+IE5.0 on macintosh
Hi, Can somebody help me out with the following problem. I'm developing an openSSL enabled webserver running on MacOS. The certificate (and key) I use for the server are self-generated. Now, Netscape (either mac or pc) and Explorer (on PC) seem to reckognise the fact, when connecting to my server, that they need to get the certificate form the server. The user is prompted with the question to allow/disallow. However, Explorer on Mac (tested 4 & 5) just stalls and doesn't make a connection at all. Moreover my server reports a failure in accepting the incoming connection. Anyone a bright idea ? What am I doing wrong ? many greetings, nick. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
How to use the RSA in openssl-0.9.5a?
Hi all, I've installed the openssl-0.9.5a in Windows 2000. And I've generated the private key file and the certificate. But how can I use them with RSA to encrypt or decrypt something? Best regards, Chai Hongjun __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
What is libRSAglue.a for?
When compiling opensll on a linux-redhat-6.0 system I get a library "libRSAglue.a". I cant figure out what it does. BTW when compiling openssl under mandrake-7.0 (=redhat-6.1) I do not get this lib. Even more strange: under redhat-6.0 - when generating a rsa key for instance - openssl never stops reading from /dev/urandom, so the process hangs; under mandrake everything works fine. Any ideas? (glibc-version) Gerd __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: command line
Hi there,
Attached are:
1) getKeyReq.tk:
expectk source which I request openssl to generate a RSA:1024 bit key
pair
and a certificate request. Please read the header as the scripts two
environment
variables. One can change the key type to DSA:nnn and extend the gui to
handle more req options.
2) getKey.ps:
to see the lookandfeel of the GUI, you can view this ps file via
ghostview
I hope this helps,
[EMAIL PROTECTED] wrote:
> Fine !
> Can you send the part of the sourcecode which you make the client req.
>
> Lot of thanks,
>
> hirntod
>
> On Mon, 10 Jul 2000, Wendy Breu wrote:
>
> > Hi there,
> >
> > I did something similar via a tk/expect script to generate a certificate
> > request.
> > A user would enter all necessary info for a Distinguished Name in the
> > "tk "gui,
> > then the script extracts the pieces of info and feed it to the "expect"
> > portion of the
> > script in the backgroud.
> >
> > I reckon you can do something similar by using perl/tk CGI script.
> >
> > --
> > **
> > -- Wendy | mailto:[EMAIL PROTECTED] | http://www.vovida.com |
> > | phone : 1-408-383-1026 |
> >
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
**
-- Wendy | mailto:[EMAIL PROTECTED] | http://www.vovida.com |
| phone : 1-408-383-1026 |
#!/usr/bin/expectk -f
## *
##
## $Id$
##
## *
##
## This library is free software; you can redistribute it and/or modify
## it under the terms of the GNU Lesser General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## This library is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## Lesser General Public License for more details.
##
## You should have received a copy of the GNU Lesser General Public
## License along with this library; if not; write to the Free Software
## Foundation, Inc., 59 Temple Place, Suite 345, Boston, MA 02111-1457
## USA.
##
## Copyright 1999-2000 Vovida Networks, Inc. All Rights Reserved.
##
## *
##
## $Log$
## Revision 1.2 2000/07/05 22:59:32 hyu
## Merging BRANCH_CURD into HEAD.
##
## Revision 1.1.2.1 2000/06/27 23:13:02 wbreu
## Tk/expect scripts to do device enrollment
##
##
## *
## expecttk gui spawns the openssl application to obtain
## public/ private key pair, and also to generate a certicate request
## (in base 64 encoding). It also converts the key (B64) to a DER
## format ready to be used by the OSP client.
##
## Requirements: user needs to set up following Environment Variables:
## OPENSSL_PATH and MY_TCLTK_PATH
##
## Output files:
##pkey_1.dat - key file in DER format
##CertReqB64.dat - certificate request message in PEM format
##
# set window title "." is the main window
wm title . "Openssl key / certificate request"
global timeout
set timeout 30
frame .overframe -borderwidth 0
set f [frame .overframe.controlbutton -borderwidth 5]
pack $f -side left -ipadx 50
set but [button $f.run -text "Run" -command Run]
button $f.help -text "Help" -command Help
button $f.quit -text "Quit" -command Quit
pack $f.quit $f.help $f.run -ipadx 30 -side right
# proc CommandEntry { name label width command args } {
proc CommandEntry { name label width1 width2 args } {
frame $name -borderwidth 10
label $name.label -text $label -width $width1 -anchor w
eval { entry $name.entry -width $width2 -relief sunken } $args
pack $name.label -side left
pack $name.entry -side left -fill x -expand true
bind $name.entry Stop
# bind $name.entry
return $name.entry
}
# Let CommandEntry to create a frame for each label/entry
label .prompt1 -text "Enter key information:" -padx 20 -width 20 -anchor w
global keyfile certreqfile
set keyfile "pkey_1.dat"
set certreqfile "CertReqB64.dat"
# key information:
CommandEntry .keytype KeyType 20 45 -textvariable keytype
#CommandEntry .keyfile KeyFile 20 45 -textvariable keyfile
label .prompt2 -text "Enter information for a Distinguished Name:" \
-padx 20 -width 40 -anchor w
# Information needed to form a Distinguished Name (DN):
CommandEntry .passphrase PassPhrase 20 45 -textvariable passphrase
CommandEntry .country CountryName 20 45 -textvariable country
CommandEntry .state State 20 45 -textvariable state
CommandEntry .city City 20 45 -t
Re: verifying CAcert and cert?
I use:
int verify_CAkey()
{
FILE *fp1, fp2;
X509 *A, *B;
EVP_PKEY *A_pub;
int flag;
fp1 = fopen( "CAcertA", "rb" );
fp2 = fopen( "certB", "rb" );
A = (X509 *)PEM_ASN1_read ((char *(*)(...))d2i_X509, PEM_STRING_X509,
fp1, NULL, NULL, NULL);
A_pub = X509_extract_key( A );
B = (X509 *)PEM_ASN1_read ((char *(*)(...))d2i_X509, PEM_STRING_X509,
fp2, NULL, NULL, NULL);
flag=1;
if (X509_subject_name_hash( A )==X509_issuer_name_hash( B ) &&
X509_verify( B, A_pub )==1) flag=0;
EVP_PKEY_free( A_pub );
X509_free( A );
X509_free( B );
fclose( fp1 );
fclose( fp2 );
return( flag );
}
This is sort of pseudo-code and will return 0 when it verifies and 1
when not. This is copied from other code I wrote so, as is, it may not
work. But the basic principles are there.
Robert Sandilands
Douglas Wikström wrote:
>
> hello!
>
> Suppose that I have a CA-cert A and a cert B that is signed by the
> public key of A. I am trying to figure out how to verify that B is
> certified by A:
>
> This is what I got so far (which I clearly havent compiled yet :-)
>
> /* load the cert (this works just fine) */
> fp = fopen(argv[2], "r");
> if (fp == NULL) {
> fprintf(stderr, "Failed to open certfile!\n");
> exit(1);
> }
> cert = PEM_read_X509(fp, NULL, NULL, NULL);
> if (cert == NULL) {
> fprintf(stderr, "Failed to read cert from certfile!\n");
> exit(1);
> }
> fclose(fp);
>
> ERR_load_crypto_strings();
>
> /* this is where I am confused, From reading ariels "manuals" I get the
> impression that I should create a X509_STORE that contains the ca-cert.
> Then I should init the X509_STORE_CTX with this and also an
> STACK_OF(X509) containing the cert I would like to verify with the
> ca-cert */
>
> csc = X509_STORE_CTX_new();
> if (csc == NULL) {
> fprintf(stderrr, "Failed to create store!\n");
> ERR_print_errors(bio_err);
> exit(1);
> }
> X509_STORE_CTX_init(csc, ctx, cert, uchain);
> if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
>
> if (!X509_verify_cert(csc)) {
> fprintf(stderr, "Verification of cert failed!\n");
> exit(1);
> }
> X509_STORE_CTX_free(csc);
>
> Any hints, clarifying comments, or pointers to docs are very welcome.
>
> Best regards:
>
> Douglas
>
> --
>
> --
> Douglas Wikström <[EMAIL PROTECTED]>
> --
> Yes, God created Man before Woman,
> but one always makes a draft before the masterpiece.
> --
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
A CA's certificate?
Hi, Is a self-signed certificate always a CA certificate? If not, what criterias do Netscape use so it can determine which certificate is your own, which is other's and which is CA's? Is there any function in OpenSLL that enables me to tell whether a certificate is a server certificate? Angus Lee --- Get Your Free Email at http://www.hknetmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Stop the listserver!
A good procmail rule strongly limits the damage done with broken servers or clients. -d "Hart, John E." wrote: > Behave "properly"?!? Only 30 copies? I have been swamped with hundreds! > > -Original Message- > From: Michael Zedeler [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 10, 2000 9:47 AM > To: [EMAIL PROTECTED] > Subject: Re: Stop the listserver! > > Hi Veli-Matti, > > Veli-Matti Niemi wrote: > > > > hello Michael, > > > > after receiving 30 copies of your mail I did some check: > > > > > [...cut...] > > > Content-Type: text/plain; [...cut...] > > > [...cut...] > > > X-Mailer: Microsoft Outlook Express 4.72.3110.5 > > > [...cut...] > > > > > > Could somebody _please_ make the listserver start behaving properly? > > > > > > I received about 30 copies of the last three mails :-( > > > > you and your company should use properly working software and > > that is not Microsoft Outlook Express. Clean those Visual Basic- > > based macroviruses first and complain later. > > Don't tell me that you're actually starting a flame war because I am > using Outlook Express at home. Get a life! > > -- > Med venlig hilsen, > > Netropolis ApS, > Michael Zedeler. > > www.netropolis.dk > Telefon: 70 25 17 17 > Mobil: 70 25 19 99 > Fax: 70 25 39 39 > __ > OpenSSL Projecthttp://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ > OpenSSL Projecthttp://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- "The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' - the pig was 'committed'." begin:vcard n:Ford;David x-mozilla-html:TRUE org:http://www.kalifornia.com/images/paradise.jpg"> adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Blue Labs Developer x-mozilla-cpt:;-12480 fn:David Ford end:vcard
