Error Compiling openssl
Hi all, I'm using Redhat Linux 7.1 with kernel 2.4.3-12. I'm using openssl-0.9.6b. After I ran ./configure everthing seems ok but when I run make I get this errors: t_req.o(.text+0x2f): undefined reference to `_stdsprintf' t_req.o(.text+0x63): undefined reference to `_stdsprintf' t_req.o(.text+0xdd): undefined reference to `_stdsprintf' t_req.o(.text+0x10c): undefined reference to `_stdsprintf' t_req.o(.text+0x150): undefined reference to `_stdsprintf' ../libcrypto.a(t_req.o)(.text+0x1b9): more undefined references to `_stdsprintf' follow ../libcrypto.a(pem_lib.o): In function `def_callback': pem_lib.o(.text+0xeb): undefined reference to `_Sfstderr' pem_lib.o(.text+0xf1): undefined reference to `sfprintf' ../libcrypto.a(x509_txt.o): In function `X509_verify_cert_error_string': x509_txt.o(.text+0x321): undefined reference to `_stdsprintf' ../libcrypto.a(by_dir.o): In function `get_cert_by_subject': by_dir.o(.text+0x471): undefined reference to `_stdsprintf' ../libcrypto.a(v3_alt.o): In function `i2v_GENERAL_NAME': v3_alt.o(.text+0x1d7): undefined reference to `_stdsprintf' ../libcrypto.a(v3_alt.o): In function `v2i_GENERAL_NAME': v3_alt.o(.text+0x91b): undefined reference to `sfsscanf' ../libcrypto.a(conf_def.o): In function `def_load': conf_def.o(.text+0x72c): undefined reference to `_stdsprintf' ../libcrypto.a(txt_db.o): In function `TXT_DB_read': txt_db.o(.text+0x242): undefined reference to `_Sfstderr' txt_db.o(.text+0x248): undefined reference to `sfprintf' txt_db.o(.text+0x31a): undefined reference to `_Sfstderr' txt_db.o(.text+0x320): undefined reference to `sfprintf' txt_db.o(.text+0x39c): undefined reference to `_Sfstderr' txt_db.o(.text+0x3a2): undefined reference to `sfprintf' ../libcrypto.a(read_pwd.o): In function `des_read_pw': read_pwd.o(.text+0xd3): undefined reference to `sfopen' read_pwd.o(.text+0xeb): undefined reference to `_Sfstdin' read_pwd.o(.text+0x1c6): undefined reference to `_Sfstderr' read_pwd.o(.text+0x1cc): undefined reference to `sfputr' read_pwd.o(.text+0x1d8): undefined reference to `sfseek' read_pwd.o(.text+0x1e1): undefined reference to `sfsync' read_pwd.o(.text+0x1f1): undefined reference to `sfpurge' read_pwd.o(.text+0x21d): undefined reference to `_stdgets' read_pwd.o(.text+0x277): undefined reference to `_stdgets' read_pwd.o(.text+0x2ad): undefined reference to `_Sfstderr' read_pwd.o(.text+0x2b3): undefined reference to `sfprintf' read_pwd.o(.text+0x2bf): undefined reference to `sfseek' read_pwd.o(.text+0x2c8): undefined reference to `sfsync' read_pwd.o(.text+0x2d8): undefined reference to `sfpurge' read_pwd.o(.text+0x2fc): undefined reference to `_stdgets' read_pwd.o(.text+0x357): undefined reference to `_stdgets' read_pwd.o(.text+0x397): undefined reference to `_Sfstderr' read_pwd.o(.text+0x39d): undefined reference to `sfprintf' read_pwd.o(.text+0x3a9): undefined reference to `sfseek' read_pwd.o(.text+0x3b2): undefined reference to `sfsync' read_pwd.o(.text+0x3c2): undefined reference to `sfpurge' read_pwd.o(.text+0x3e4): undefined reference to `_Sfstderr' read_pwd.o(.text+0x3ea): undefined reference to `sfprintf' read_pwd.o(.text+0x42f): undefined reference to `_Sfstdin' read_pwd.o(.text+0x43a): undefined reference to `sfclose' ../libcrypto.a(rand_win.o): In function `RAND_poll': rand_win.o(.text+0x2e): undefined reference to `sfopen' rand_win.o(.text+0x43): undefined reference to `_stdsetvbuf' rand_win.o(.text+0x53): undefined reference to `sfread' rand_win.o(.text+0x6a): undefined reference to `sfclose' ../libcrypto.a(a_gentm.o): In function `ASN1_GENERALIZEDTIME_set': a_gentm.o(.text+0x20c): undefined reference to `_stdsprintf' ../libcrypto.a(a_mbstr.o): In function `ASN1_mbstring_ncopy': a_mbstr.o(.text+0x19b): undefined reference to `_stdsprintf' a_mbstr.o(.text+0x1eb): undefined reference to `_stdsprintf' collect2: ld returned 1 exit status make[1]: *** [openssl] Error 1 make[1]: Leaving directory `/opt/openssl-0.9.6b/apps' make: *** [sub_all] Error 1 Anyone knows whats wrong?? Thanks __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PKCS7_decrypt() question
I have a PKCS#7 of the type NID_pkcs7_enveloped. As far as I can see, this type covers both a signed and encrypted PKCS#7 and a PKCS#7 that just contains encrypted text (not signed). In my app. I do a: int iStatus = PKCS7_decrypt(p7, pKeyCopy, pCertCopy, bioNewP7, iFlags); This works fine..the encryption is stripped and the bioNewP7 now contains either: 1) The plain text (if the PKCS#7 was just encrypted). 2) A MIME encoded text with a signed PKCS#7 (if the PKCS#7 was signed and encrypted). My question is: How do I know what the bioNewP7 now contains? If it is just a text I don't have to do anything further, but if it is a MIME encoded PKCS#7 I have to do a: PKCS7* p7Signed = sSMIME_read_PKCS7(bioNewP7, NULL); and then parse this new PKCS#7 to get the text. Thanks, Kim Hellan KMD / KMD-CA http://www.kmd-ca.dk Mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Tax Credit... What a joke!
Doctors, Lawyers, Business Owners, Home Makers, Students, and More! What Do ALL These People Have In Common? They all have been opened up to a NEW way of thinking! Our organization has helped people from all walks of life earn from 10k to 50k per week/month from the privacy of their own home and they are achieving financial independence in 2-3 years obviously wealthy and having total freedom, both personal and financial. How would you like to: Drastically reduce and legally minimize your taxes on earnings? Protect all assets from any form of seizure, liens, or judgments? Create a six-figure income every 4 months? How about: Restoring and preserving complete personal and financial privacy? Creating and amassing personal wealth, multiplying it and protecting it? Realizing a 3 to 6 times greater returns on your money? Legally making yourself and your assets completely judgment-proof, seizure-proof,lien-proof, divorce-proof, attorney-proof, IRS-proof, and becoming completely insulated? One question that is always asked is why do we share such powerful knowledge? I asked this question myself when I was introduced to this opportunity, and to my amazement I found that there was no competition! A powerful sense of teamwork... And an organized training system already in place. This was the greatest education of my life, but it was not all learned in a little email. I obviously cannot talk to thousands of people who are just nosy, so if you are TRULY interested in making a major change in your life, then please visit my Online Interview to see if we can work together. Upon submitting your Online Interview, you will be contacted if you meet certain criteria. No mistake about it... ANYONE can do this, but I am looking for a passionate desire for change and a strong commitment to financial freedom! This is about Money, Freedom, and Financial Independence. It is unlike any other business and it is NOT MLM Take 30 seconds and fill out our simple Online Interview by clicking: HERE ** If you would like to be removed from any further mailings just click: Remove Me and hit send and you will automatically be removed from any other mailings. ** __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problems exporting certificate to pkcs12
have you considered using the key??, with -inkey?? or is this precisely what you don't want to do??, hope it helps. Juan Carlos Albores Aguilar - Original Message - From: David Feilen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 28, 2001 11:51 PM Subject: problems exporting certificate to pkcs12 I have generated a certificate to use as a CA root certificate. All I want to do is export it as pkcs12 _without_ the private key so it can be installed as a trusted certificate by the end user. I thought this would do it. Using OpenSSL 0.9.5a openssl pkcs12 -export -nokeys -cacerts -in mycert.pem -inkey mycert.key -out mycert.p12 However it still prompts me to enter an export passphrase and includes the private key. Has anyone got any ideas? What am I doing wrong? David Feilen [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problems exporting certificate to pkcs12
David Feilen wrote: I have generated a certificate to use as a CA root certificate. All I want to do is export it as pkcs12 _without_ the private key so it can be installed as a trusted certificate by the end user. I have the same problem preparing freeswan with PGPvpn in my case : To make an importable privat/public keypair from my selfsigned pem file I did: openssl pkcs12 -export --inkey my.key -in my.pem -out my.p12 -name My This works: I could import my.p12 into PGPvpn keyring. . Now I want to give my partner the pubic key ( or Certificate ) of my.pem in p12 format. But I didn't find the right syntax of openssl an get errors like David . Thank you Bernd __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problems exporting certificate to pkcs12
David Feilen wrote: I have generated a certificate to use as a CA root certificate. All I want to do is export it as pkcs12 _without_ the private key so it can be installed as a trusted certificate by the end user. I thought this would do it. Using OpenSSL 0.9.5a openssl pkcs12 -export -nokeys -cacerts -in mycert.pem -inkey mycert.key -out mycert.p12 However it still prompts me to enter an export passphrase and includes the private key. Has anyone got any ideas? What am I doing wrong? You can't import CA certificates like that. Instead you need to send the certificate in DER format as MIME type application/x-x509-ca-cert for Netscape or with an extension like .cacert or .der for MSIE. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl-0.9.6b
Wong, RYM (Richard) wrote: Hi, I have a question about the format of 'Subject' in 'Certificate Request' file. If I put emailAddress = Email Address emailAddress_max = 60 at the end of the block '[ req_distinguished_name ]' in the file 'openssl.cnf' and use it to create a Certificate Request file, I will get a '/' character attached to the word 'Email'. e.g. Subject: C=UK, O=aaa, OU=abc, CN= name [EMAIL PROTECTED] If I put the two lines at the beginning of the block, I will not get a '/' character before the word 'Email'. How do I replace ',' by '/' in the Subject line? The '/' isn't in the emailAddress its just a quirk in old code that is used to display the DN. If you enable the newer DN display code with something like: openssl x509 -nameopt oneline -in cert.pem -subject -noout it wont have the '/'. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
porting openssl to linux kernel
Hi, Has anyone ported openssl (completely or partially) to the linux kernel 2.4 or earlier? Thanks, Imran. __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Question about SMIME
Hello Mark Can we do this with OpenSSL? - Is there an NT/2000 version of OpenSSL SMIME? - If not, how difficult to build ourselves? - Can this interact with Outlook SMIME, using Exchange Server? Did you got any answers? On the swiss gouvernment we will offer some smime custom services (based on Unix) but the partners will implement theire services on PCs. I would be interested in any informations you got so I can forward it. Thank you and best regards Beat Jucker -- __ _ / / / / / / / / GLUE Software Engineering AG [EMAIL PROTECTED] / / __/ / / / / / __/Zieglerstr. 34 Natel:079-2342888 / /_/ / /___/ /_/ / /___CH-3007 Bern Fax:(+41)31-3853018 \/_/\/_/http://www.glue.ch/Phone:(+41)31-3853011 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Question about SMIME
Hi Beat, No, I got no direct answer, like I have built the NT SMIME, here is a binary, here is how it works with Exchange/Outlook ...one other nice person from Germany told me this should work and did work for him. Should be enough information for me for now. Mark Hello Mark Can we do this with OpenSSL? - Is there an NT/2000 version of OpenSSL SMIME? - If not, how difficult to build ourselves? - Can this interact with Outlook SMIME, using Exchange Server? Did you got any answers? On the swiss gouvernment we will offer some smime custom services (based on Unix) but the partners will implement theire services on PCs. I would be interested in any informations you got so I can forward it. Thank you and best regards Beat Jucker -- __ _ / / / / / / / / GLUE Software Engineering AG [EMAIL PROTECTED] / / __/ / / / / / __/Zieglerstr. 34 Natel:079-2342888 / /_/ / /___/ /_/ / /___CH-3007 Bern Fax:(+41)31-3853018 \/_/\/_/http://www.glue.ch/Phone:(+41)31-3853011 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ___ Mark Krieger UniPress Softwarehttp://www.unipress.com [EMAIL PROTECTED] (732)-287-2100x937 Developer of Footprints TMC's CRM Excellence Award 2001 Customer Interaction Solutions' Product of the Year 2000 Call Center CRM Solutions' Editors Choice 2000 TMC's CRM Excellence Award 2000 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
interoperability
is the following possible?? if so, could you explain me how or point me documentation about it??. I create end-user certificates and sign them by my own CA, this kind of PKI is working on a apache+openssl+modssl system and i would like to make this certificates to be accepted to other CA's, in somehow, to interoperate with other certificates or higher, that my CA interoperates with other CA's. I understan that we're working with X.509 certificates so the "fields thing" cannot change but i'm talking about when other CA has the same structure for its certificates and i want to take its certificates as mine or viceversa, let's say, Verisign certificates, is it technically possible that its certificates and ours could interoperate?? or maybe with DoD certificates??. Of course it has to be an agreement and all those, i repeate, technically. Any comments or directions will help so please comment, thanks. Juan Carlos Albores Aguilar
Re: interoperability
Absolutely. You have to have your root cert signed by their root key, so the chain can be verified. This is pretty much what PKI is all about. Thawte (http://www.thawte.com) used to have information on their website about to do just that. However, I can't seem to find it (things changed when Verisign purchased them :-). Does anyone have specific URL's about this? Nick *** REPLY SEPARATOR *** On 10/29/2001 at 3:02 PM Juan Carlos Albores Aguilar wrote: is the following possible?? if so, could you explain me how or point me documentation about it??. I create end-user certificates and sign them by my own CA, this kind of PKI is working on a apache+openssl+modssl system and i would like to make this certificates to be accepted to other CA's, in somehow, to interoperate with other certificates or higher, that my CA interoperates with other CA's. I understan that we're working with X.509 certificates so the fields thing cannot change but i'm talking about when other CA has the same structure for its certificates and i want to take its certificates as mine or viceversa, let's say, Verisign certificates, is it technically possible that its certificates and ours could interoperate?? or maybe with DoD certificates??. Of course it has to be an agreement and all those, i repeate, technically. Any comments or directions will help so please comment, thanks. Juan Carlos Albores Aguilar _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: interoperability
Juan Carlos Albores Aguilar wrote: is the following possible?? if so, could you explain me how or point me documentation about it??. [...] certificates and ours could interoperate?? or maybe with DoD certificates??. Of course it has to be an agreement and all those, i repeate, technically. The easiest way, and most supported by current clients, is to establish a Root CA issuing certificates for sub CAs (hierarchy). It will be possible to recognize and validate sig/certs from the whole chain as the same root is trusted. -- C'you, Massimiliano Pala --o- Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.openca.orgTel.: +39 (0)59 270 094 http://openca.sourceforge.netMobile: +39 (0)347 7222 365 S/MIME Cryptographic Signature
RE: interoperability
I'm not 100% sure, but I think that you can just get your CA cert signed by verisign, or thawte, or whoever... But you have to have it signed as a CA... Which they're probably loath to do, as each one that you sign is $249 out of their pocket (as they see it) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nick Temple Sent: Monday, October 29, 2001 04:55 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; modssl-users Subject: Re: interoperability Absolutely. You have to have your root cert signed by their root key, so the chain can be verified. This is pretty much what PKI is all about. Thawte (http://www.thawte.com) used to have information on their website about to do just that. However, I can't seem to find it (things changed when Verisign purchased them :-). Does anyone have specific URL's about this? Nick *** REPLY SEPARATOR *** On 10/29/2001 at 3:02 PM Juan Carlos Albores Aguilar wrote: is the following possible?? if so, could you explain me how or point me documentation about it??. I create end-user certificates and sign them by my own CA, this kind of PKI is working on a apache+openssl+modssl system and i would like to make this certificates to be accepted to other CA's, in somehow, to interoperate with other certificates or higher, that my CA interoperates with other CA's. I understan that we're working with X.509 certificates so the fields thing cannot change but i'm talking about when other CA has the same structure for its certificates and i want to take its certificates as mine or viceversa, let's say, Verisign certificates, is it technically possible that its certificates and ours could interoperate?? or maybe with DoD certificates??. Of course it has to be an agreement and all those, i repeate, technically. Any comments or directions will help so please comment, thanks. Juan Carlos Albores Aguilar _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
No Subject
I am very new to apache. With that said. I have set up a test key with Verisign and it works fine with all browsers except Internet Explorer 5 for Macintosh, with i.e for mac I get a Security Failure. Data Decryption error: any ideas Deke __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Http requirements
G'day all, I'm just getting to the end of an http implementation, and am in testing for conformance to the spec. I've interpreted the spec to the best of my ability, and I'd like to cross reference this list against another. Does anyone know the url to a document summarising the spec? This seems like such an academic exercise, I figured that there would be an .edu site with this info... Matt Lynch Developer Stimulus Solutions http://www.stimulussolutions.com.au __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Http requirements
G'day all, I'm just getting to the end of an http implementation, and am in testing for conformance to the spec. I've interpreted the spec to the best of my ability, and I'd like to cross reference this list against another. Does anyone know the url to a document summarising the spec? This seems like such an academic exercise, I figured that there would be an .edu site with this info... I have this file I got: rfc2616.txt If you search for RFC 2616, this should do it. It's HTTP 1/1 though. It's surprisingly well written, although there's a lot there. Hope this helps. Cheers, Jeremy. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Can not make it with OpenSSL 0.9.6b
Hi, I am really new. Tried to install OpenSSL 0.9.6b on Solaris, the following has happened: 1. when config the system, sun4u-whatever-solaris2, solaris-sparcv9-gcc was detected. However, at the end, I have got a warning: Makefile = Makefile.ssl make[1]: Leaving directory `/home/.../jiedai/openssl-engine-0.9.6b/tools' make: warning: Clock skew detected. Your build may be incomplete. Configured for solaris-sparcv9-gcc. Does it affect anything? 2. Even worse, when I run make, the following has happened: ... gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultraspar c -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM -c -o ex_dat a.o ex_data.c gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultraspar c -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM -c -o tmdiff .o tmdiff.c ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdi c.o uid.o make[1]: ar: Command not found make[1]: *** [lib] Error 127 make[1]: Leaving directory `/home/.../jiedai/openssl-engine-0.9.6b/crypto' make: *** [sub_all] Error 1 Based on the information in the Archive (27. 2000-10-26 Link problems on Solaris, solution), I have tried to change the Configure file accordingly. But still get the same error. Can anybody help me out. Thanks very much. Jie Dai __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problems exporting certificate to pkcs12
I have generated a certificate to use as a CA root certificate. All I want to do is export it as pkcs12 _without_ the private key so it can be installed as a trusted certificate by the end user. I thought this would do it. Using OpenSSL 0.9.5a openssl pkcs12 -export -nokeys -cacerts -in mycert.pem -inkey mycert.key -out mycert.p12 However it still prompts me to enter an export passphrase and includes the private key. Has anyone got any ideas? What am I doing wrong? You can't import CA certificates like that. Instead you need to send the certificate in DER format as MIME type application/x-x509-ca-cert for Netscape or with an extension like .cacert or .der for MSIE. I also have a problem to understand all the bitspieces. Let me ask this question: I have a self signed CA root certificate. I also have generated a user key and the corresponding user certificate. Now I'd like to send the user key, user certifiacte and the CA root certificate (without CA root key) to the user as a PKCS12 file like openssl pkcs12 -export -in user.crt -inkey user.key \ -certfile ca.crt -name User cert for xyz -out user.p12 I don't know what mail user agent will be used (perhaps neither Netscape nor MSIE). What format/command should be used to exchange this certificates (e.g. by email) to enable the user sending S/MIME signed emails to me? Also the other way around: what format/command should be used to send him my certificate that he can verify my signature? Thank you and best regards -- Beat __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Question about SMIME
Mark Krieger wrote: Hello all, I have been looking for an SMIME toolkit to use to encrypt and decrypt email to and from Microsoft Outlook. This would be used as part of a much larger consulting project for a large customer. Here is what we want to accomplish: 1. perl scripts are already running on NT/2000 which can send and receive text and MIME emails from our product. 2. We want to modify these scripts so that they will call an NT exe we build which will either turn the text into SMIME for sending to Outlook; or turn the SMIME message from the Outlook back into text. Can we do this with OpenSSL? Yes. The 'openssl' utility has an 'smime' sub command that can do this. It has its own simple MIME code but it can be used with external MIME. - Is there an NT/2000 version of OpenSSL SMIME? - If not, how difficult to build ourselves? Just follow the instructions in INSTALL.W32 - Can this interact with Outlook SMIME, using Exchange Server? Some versions of exchange break S/MIME signatures, even Outlook ones, so it may need to be upgraded. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Can not make it with OpenSSL 0.9.6b
I don't know about #1, but #2 is because the ar command either isn't installed or isn't in your path. It is usually under /usr/ccs/bin/ on Solaris, which isn't normally in your path. You can use whereis or find to see if it's installed, and modify PATH accordingly. Keary Suska Esoteritech, Inc. Leveraging Open Source for a better Internet From: Jie Dai [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 29 Oct 2001 18:13:35 -0800 To: [EMAIL PROTECTED] Subject: Can not make it with OpenSSL 0.9.6b Hi, I am really new. Tried to install OpenSSL 0.9.6b on Solaris, the following has happened: 1. when config the system, sun4u-whatever-solaris2, solaris-sparcv9-gcc was detected. However, at the end, I have got a warning: Makefile = Makefile.ssl make[1]: Leaving directory `/home/.../jiedai/openssl-engine-0.9.6b/tools' make: warning: Clock skew detected. Your build may be incomplete. Configured for solaris-sparcv9-gcc. Does it affect anything? 2. Even worse, when I run make, the following has happened: ... gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultraspar c -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM -c -o ex_dat a.o ex_data.c gcc -I. -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultraspar c -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM -c -o tmdiff .o tmdiff.c ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdi c.o uid.o make[1]: ar: Command not found make[1]: *** [lib] Error 127 make[1]: Leaving directory `/home/.../jiedai/openssl-engine-0.9.6b/crypto' make: *** [sub_all] Error 1 Based on the information in the Archive (27. 2000-10-26 Link problems on Solaris, solution), I have tried to change the Configure file accordingly. But still get the same error. Can anybody help me out. Thanks very much. Jie Dai __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: porting openssl to linux kernel
On Mon, 29 Oct 2001, Imran Badr wrote: Has anyone ported openssl (completely or partially) to the linux kernel 2.4 or earlier? The question has already been asked, and the answer, in short, is: no, there's no need for this (you won't go faster, it won't be more secure, ...). In fact, OpenSSL clearly belongs to the user world, and I (personaly) don't see the point in putting it into the kernel. Or maybe we should put Kerberos, PAM, Nessus, and other security tools into the kernel? No, thanks. -- Erwann ABALEA [EMAIL PROTECTED] RSA PGP Key ID: 0x2D0EABD5 - Stupidity has no limits, genius does. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
